void m_initialize(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
SerialNumber = Asn1Utils.DecodeInteger(asn.GetTagRawData(), true);
asn.MoveNext();
if (asn.Tag != (Byte)Asn1Type.UTCTime && asn.Tag != (Byte)Asn1Type.GeneralizedTime)
{
throw new Asn1InvalidTagException(asn.Offset);
}
if (asn.Tag == (Byte)Asn1Type.UTCTime)
{
RevocationDate = new Asn1UtcTime(asn.GetTagRawData()).Value;
}
if (asn.Tag == (Byte)Asn1Type.GeneralizedTime)
{
RevocationDate = Asn1Utils.DecodeGeneralizedTime(asn.GetTagRawData());
}
if (asn.MoveNext())
{
var extensions = new X509ExtensionCollection();
extensions.Decode(asn.GetTagRawData());
X509Extension crlReason = extensions[X509CertExtensions.X509CRLReasonCode];
if (crlReason != null)
{
ReasonCode = crlReason.RawData[2];
}
}
RawData = rawData;
}
/// <summary>
/// Initializes a new version of the CertificateSettings class.
/// </summary>
public CertificateSettings()
{
_startDate = DateTime.Now;
_endDate = DateTime.Now.AddYears(1);
_signCertificate = true;
_referenceKey = true;
_extensions = new X509ExtensionCollection();
}
void SetExtensions(X509ExtensionCollection extensions)
{
if (_isGeneric)
{
throw new InvalidOperationException();
}
if (extensions == null)
{
throw new ArgumentNullException(nameof(extensions));
}
}
public override void Reset()
{
_cert = null;
_archived = false;
_extensions = null;
_serial = null;
_publicKey = null;
issuer_name = null;
subject_name = null;
signature_algorithm = null;
}
/// <summary>Resets the state of an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object.</summary>
public override void Reset()
{
this._cert = null;
this._archived = false;
this._extensions = null;
this._name = string.Empty;
this._serial = null;
this._publicKey = null;
this.issuer_name = null;
this.subject_name = null;
this.signature_algorithm = null;
base.Reset();
}
public override void Reset()
{
_lazyRawData = null;
_lazySignatureAlgorithm = null;
_lazyVersion = 0;
_lazySubjectName = null;
_lazyIssuerName = null;
_lazyPublicKey = null;
_lazyPrivateKey = null;
_lazyExtensions = null;
base.Reset();
}
/// <summary>
/// Resets the state of an X509CRL2.
/// </summary>
/// <remarks>This method can be used to reset the state of the CRL. It also frees any resources associated with the CRL.</remarks>
public void Reset()
{
Dispose();
Extensions = new X509ExtensionCollection();
RevokedCertificates.Clear();
Version = 0;
Type = X509CrlType.BaseCrl;
IssuerName = null;
ThisUpdate = new DateTime();
NextUpdate = null;
SignatureAlgorithm = null;
RawData = null;
}
public override void Reset()
{
_lazyRawData = null;
_lazySignatureAlgorithm = null;
_lazyVersion = 0;
_lazySubjectName = null;
_lazyIssuerName = null;
_lazyPublicKey = null;
_lazyPrivateKey = null;
_lazyExtensions = null;
base.Reset();
}
public override void Reset()
{
_cert = null;
_archived = false;
_extensions = null;
_publicKey = null;
issuer_name = null;
subject_name = null;
signature_algorithm = null;
if (intermediateCerts != null)
{
intermediateCerts.Dispose();
intermediateCerts = null;
}
}
public override void Reset()
{
this.m_version = 0;
this.m_notBefore = DateTime.MinValue;
this.m_notAfter = DateTime.MinValue;
this.m_privateKey = null;
this.m_publicKey = null;
this.m_extensions = null;
this.m_signatureAlgorithm = null;
this.m_subjectName = null;
this.m_issuerName = null;
if (!this.m_safeCertContext.IsInvalid)
{
this.m_safeCertContext.Dispose();
this.m_safeCertContext = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
}
base.Reset();
}
/// <summary>
/// Encodes revocation entry to a ASN.1-encoded byte array.
/// </summary>
/// <returns>ASN.1-encoded byte array</returns>
public Byte[] Encode()
{
if (String.IsNullOrEmpty(SerialNumber))
{
throw new UninitializedObjectException();
}
List <Byte> rawData = new List <Byte>(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexAny));
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), (Byte)Asn1Type.INTEGER));
rawData.AddRange(Asn1Utils.EncodeDateTime(RevocationDate));
if (ReasonCode != 0)
{
Byte[] reasonEnum = new Byte[] { 10, 1, (Byte)ReasonCode };
X509ExtensionCollection exts = new X509ExtensionCollection();
X509Extension CRlReasonCode = new X509Extension("2.5.29.21", reasonEnum, false);
exts.Add(CRlReasonCode);
rawData.AddRange(Crypt32Managed.EncodeX509Extensions(exts));
}
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
public override string ToString(bool verbose)
{
if (!verbose || this.m_safeCertContext.IsInvalid)
{
return(this.ToString());
}
StringBuilder sb = new StringBuilder();
sb.Append("[Version]" + Environment.NewLine + " ");
sb.Append("V" + this.Version);
sb.Append(Environment.NewLine + Environment.NewLine + "[Subject]" + Environment.NewLine + " ");
sb.Append(this.SubjectName.Name);
string nameInfo = this.GetNameInfo(X509NameType.SimpleName, false);
if (nameInfo.Length > 0)
{
sb.Append(Environment.NewLine + " Simple Name: ");
sb.Append(nameInfo);
}
string str2 = this.GetNameInfo(X509NameType.EmailName, false);
if (str2.Length > 0)
{
sb.Append(Environment.NewLine + " Email Name: ");
sb.Append(str2);
}
string str3 = this.GetNameInfo(X509NameType.UpnName, false);
if (str3.Length > 0)
{
sb.Append(Environment.NewLine + " UPN Name: ");
sb.Append(str3);
}
string str4 = this.GetNameInfo(X509NameType.DnsName, false);
if (str4.Length > 0)
{
sb.Append(Environment.NewLine + " DNS Name: ");
sb.Append(str4);
}
sb.Append(Environment.NewLine + Environment.NewLine + "[Issuer]" + Environment.NewLine + " ");
sb.Append(this.IssuerName.Name);
nameInfo = this.GetNameInfo(X509NameType.SimpleName, true);
if (nameInfo.Length > 0)
{
sb.Append(Environment.NewLine + " Simple Name: ");
sb.Append(nameInfo);
}
str2 = this.GetNameInfo(X509NameType.EmailName, true);
if (str2.Length > 0)
{
sb.Append(Environment.NewLine + " Email Name: ");
sb.Append(str2);
}
str3 = this.GetNameInfo(X509NameType.UpnName, true);
if (str3.Length > 0)
{
sb.Append(Environment.NewLine + " UPN Name: ");
sb.Append(str3);
}
str4 = this.GetNameInfo(X509NameType.DnsName, true);
if (str4.Length > 0)
{
sb.Append(Environment.NewLine + " DNS Name: ");
sb.Append(str4);
}
sb.Append(Environment.NewLine + Environment.NewLine + "[Serial Number]" + Environment.NewLine + " ");
sb.Append(this.SerialNumber);
sb.Append(Environment.NewLine + Environment.NewLine + "[Not Before]" + Environment.NewLine + " ");
sb.Append(X509Certificate.FormatDate(this.NotBefore));
sb.Append(Environment.NewLine + Environment.NewLine + "[Not After]" + Environment.NewLine + " ");
sb.Append(X509Certificate.FormatDate(this.NotAfter));
sb.Append(Environment.NewLine + Environment.NewLine + "[Thumbprint]" + Environment.NewLine + " ");
sb.Append(this.Thumbprint);
sb.Append(Environment.NewLine + Environment.NewLine + "[Signature Algorithm]" + Environment.NewLine + " ");
sb.Append(this.SignatureAlgorithm.FriendlyName + "(" + this.SignatureAlgorithm.Value + ")");
System.Security.Cryptography.X509Certificates.PublicKey publicKey = this.PublicKey;
sb.Append(Environment.NewLine + Environment.NewLine + "[Public Key]" + Environment.NewLine + " Algorithm: ");
sb.Append(publicKey.Oid.FriendlyName);
sb.Append(Environment.NewLine + " Length: ");
sb.Append(publicKey.Key.KeySize);
sb.Append(Environment.NewLine + " Key Blob: ");
sb.Append(publicKey.EncodedKeyValue.Format(true));
sb.Append(Environment.NewLine + " Parameters: ");
sb.Append(publicKey.EncodedParameters.Format(true));
this.AppendPrivateKeyInfo(sb);
X509ExtensionCollection extensions = this.Extensions;
if (extensions.Count > 0)
{
sb.Append(Environment.NewLine + Environment.NewLine + "[Extensions]");
X509ExtensionEnumerator enumerator = extensions.GetEnumerator();
while (enumerator.MoveNext())
{
X509Extension current = enumerator.Current;
sb.Append(Environment.NewLine + "* " + current.Oid.FriendlyName + "(" + current.Oid.Value + "):" + Environment.NewLine + " " + current.Format(true));
}
}
sb.Append(Environment.NewLine);
return(sb.ToString());
}
/// <summary>
/// Generate a self-signed CA certificate
/// </summary>
/// <param name="subject">The X500 subject string</param>
/// <param name="rsaKeySize">The size of the RSA key to generate</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>An X509Certificate2 object containing the full certificate</returns>
public static X509Certificate2 GenerateCACert(string subject, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
X509ExtensionCollection exts = new X509ExtensionCollection();
DateTime dt = DateTime.Now.AddYears(-1);
exts.Add(new X509BasicConstraintsExtension(true, false, 0, false));
return builder.CreateCert(null, new X500DistinguishedName(subject), null, false, rsaKeySize, hashAlgorithm, dt, dt.AddYears(10), exts);
}
/// <summary>
/// Create a new certificate
/// </summary>
/// <param name="issuer">Issuer certificate, if null then self-sign</param>
/// <param name="subjectName">Subject name</param>
/// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
/// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
/// <param name="keySize">Size of RSA key</param>
/// <param name="notBefore">Start date of certificate</param>
/// <param name="notAfter">End date of certificate</param>
/// <param name="extensions">Array of extensions, if null then no extensions</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>The created X509 certificate</returns>
public SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName,
byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore,
DateTime notAfter, SystemX509.X509ExtensionCollection extensions)
{
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
AsymmetricAlgorithm subjectKey = CreateRSAKey(keySize, signature);
AsymmetricAlgorithm signKey = issuer == null ? subjectKey : issuer.PrivateKey;
if (signKey == null)
{
throw new ArgumentException(Properties.Resources.CreateCert_NoPrivateKey);
}
AsymmetricCipherKeyPair bcSubjectKey = GetRsaKeyPair((RSACryptoServiceProvider)subjectKey);
AsymmetricCipherKeyPair bcSignKey = GetRsaKeyPair((RSACryptoServiceProvider)signKey);
X509Name issuerNameObj = issuer == null?X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData))
: X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData));
X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData));
BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray());
BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber());
builder.SetIssuerDN(issuerNameObj);
builder.SetSubjectDN(subjectNameObj);
builder.SetSerialNumber(subjectSerial);
builder.SetSignatureAlgorithm(HashAlgorithmToName(hashAlgorithm));
builder.SetNotBefore(notBefore.ToUniversalTime());
builder.SetNotAfter(notAfter.ToUniversalTime());
builder.SetPublicKey(bcSubjectKey.Public);
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public);
AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial);
SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public));
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId);
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid);
if (extensions != null)
{
foreach (SystemX509.X509Extension ext in extensions)
{
if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id) &&
!ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id) &&
!ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2))
{
Asn1InputStream istm = new Org.BouncyCastle.Asn1.Asn1InputStream(ext.RawData);
Asn1Object obj = istm.ReadObject();
builder.AddExtension(ext.Oid.Value, ext.Critical, obj);
}
}
}
X509Certificate cert = builder.Generate(bcSignKey.Private);
SystemX509.X509Certificate2 ret = new SystemX509.X509Certificate2(cert.GetEncoded(), (string)null, SystemX509.X509KeyStorageFlags.Exportable);
ret.PrivateKey = subjectKey;
return(ret);
}
internal X509ExtensionEnumerator(X509ExtensionCollection extensions)
{
m_extensions = extensions;
m_current = -1;
}
public override void Reset () {
m_version = 0;
m_notBefore = DateTime.MinValue;
m_notAfter = DateTime.MinValue;
m_privateKey = null;
m_publicKey = null;
m_extensions = null;
m_signatureAlgorithm = null;
m_subjectName = null;
m_issuerName = null;
if (!m_safeCertContext.IsInvalid) {
// Free the current certificate handle
m_safeCertContext.Dispose();
m_safeCertContext = SafeCertContextHandle.InvalidHandle;
}
base.Reset();
}
/// <summary>
/// Take an existing certificate, clone its details and resign with a new root CA
/// </summary>
/// <param name="toClone">The certificate to clone</param>
/// <param name="rootCert">The root CA certificate to sign with</param>
/// <param name="newSerial">True to generate a new serial for this certificate</param>
/// <param name="rsaKeySize">The size of the RSA key to generate</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns></returns>
public static X509Certificate2 CloneAndSignCertificate(X509Certificate toClone, X509Certificate2 rootCert, bool newSerial, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
X509Certificate2 cert2 = new X509Certificate2(toClone);
X509ExtensionCollection extensions = new X509ExtensionCollection();
foreach (var ext in cert2.Extensions)
{
// Remove CRL distribution locations and authority information, they tend to break SSL negotiation
if ((ext.Oid.Value != szOID_CRL_DISTRIBUTION) && (ext.Oid.Value != szOID_AUTHORITY_INFO))
{
extensions.Add(ext);
}
}
return builder.CreateCert(rootCert, cert2.SubjectName, newSerial ? null : cert2.GetSerialNumber(),
false, rsaKeySize, hashAlgorithm, cert2.NotBefore, cert2.NotAfter, extensions);
}
public override void Reset()
{
this.m_version = 0;
this.m_notBefore = DateTime.MinValue;
this.m_notAfter = DateTime.MinValue;
this.m_privateKey = null;
this.m_publicKey = null;
this.m_extensions = null;
this.m_signatureAlgorithm = null;
this.m_subjectName = null;
this.m_issuerName = null;
if (!this.m_safeCertContext.IsInvalid)
{
this.m_safeCertContext.Dispose();
this.m_safeCertContext = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
}
base.Reset();
}
public void Indexer_Int ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
c.Add (extn_empty);
Assert.AreEqual (extn_empty, c[0], "0");
}
public void ICollection_CopyTo ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
c.Add (extn_empty);
X509Extension[] array = new X509Extension[1];
(c as ICollection).CopyTo (array, 0);
Assert.AreEqual (extn_empty, array[0], "0");
}
public void Add ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
Assert.AreEqual (0, c.Count, "Count-0");
c.Add (extn_empty);
Assert.AreEqual (1, c.Count, "Count-1");
}
private void buttonCreate_Click(object sender, EventArgs e)
{
DialogResult = DialogResult.OK;
int rsaKeySize = 0;
if (radioButtonSimpleCN.Checked && String.IsNullOrWhiteSpace(textBoxCN.Text))
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyCN,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (radioButtonTemplate.Checked && _templateCert == null)
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyTemplate,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (radioButtonSpecifyCA.Checked && _specifyCert == null)
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyCA,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (!int.TryParse(comboBoxRsaKeySize.Text, out rsaKeySize))
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyAValidRSAKeySize,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
try
{
X509Certificate2 rootCert = null;
if (radioButtonSpecifyCA.Checked)
{
rootCert = _specifyCert;
}
else if (radioButtonDefaultCA.Checked)
{
rootCert = CertManager.GetRootCert();
}
else
{
// Self signed
}
if (radioButtonTemplate.Checked)
{
Certificate = CertificateUtils.CloneAndSignCertificate(_templateCert, rootCert, false, rsaKeySize, (CertificateHashAlgorithm)comboBoxHash.SelectedItem);
}
else
{
X509ExtensionCollection exts = new X509ExtensionCollection();
if (checkBoxCA.Checked)
{
exts.Add(new X509BasicConstraintsExtension(true, false, 0, true));
}
DateTime notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(1));
Certificate = CertificateUtils.CreateCert(rootCert,
new X500DistinguishedName(radioButtonSubject.Checked ? textBoxCN.Text : String.Format("CN={0}", textBoxCN.Text)), null, false, rsaKeySize,
(CertificateHashAlgorithm)comboBoxHash.SelectedItem, notBefore, notBefore.AddYears(10), exts);
}
}
catch (Win32Exception ex)
{
MessageBox.Show(ex.Message, CANAPE.Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch (CryptographicException ex)
{
MessageBox.Show(ex.Message, CANAPE.Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
/// <summary>
/// Create a new certificate
/// </summary>
/// <param name="issuer">Issuer certificate, if null then self-sign</param>
/// <param name="subjectName">Subject name</param>
/// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
/// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
/// <param name="keySize">Size of RSA key</param>
/// <param name="notBefore">Start date of certificate</param>
/// <param name="notAfter">End date of certificate</param>
/// <param name="extensions">Array of extensions, if null then no extensions</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>The created X509 certificate</returns>
public X509Certificate2 CreateCert(X509Certificate2 issuer, X500DistinguishedName subjectName, byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, X509ExtensionCollection extensions)
{
CryptoApiMethods.CERT_INFO certInfo = new CryptoApiMethods.CERT_INFO();
RSACryptoServiceProvider key = CreateRSAKey(keySize, signature);
IntPtr publicKeyInfoPtr = IntPtr.Zero;
X509Certificate2 cert = null;
List<X509Extension> newExts = null;
if (extensions != null)
{
foreach (X509Extension ext in extensions)
{
if (ext.RawData == null)
{
throw new ArgumentException(Properties.Resources.CreateCert_NeedEncodedData);
}
}
}
try
{
if (serialNumber == null)
{
serialNumber = Guid.NewGuid().ToByteArray();
}
certInfo.dwVersion = (uint)CryptoApiMethods.CertVersion.CERT_V3;
certInfo.SerialNumber = new CryptoApiMethods.CRYPTOAPI_BLOB(serialNumber);
certInfo.Subject = new CryptoApiMethods.CRYPTOAPI_BLOB(subjectName.RawData);
if (issuer == null)
{
// Self-signed
certInfo.Issuer = new CryptoApiMethods.CRYPTOAPI_BLOB(subjectName.RawData);
}
else
{
certInfo.Issuer = new CryptoApiMethods.CRYPTOAPI_BLOB(issuer.SubjectName.RawData);
}
// Never seems to need these set to anything valid?
certInfo.SubjectUniqueId = new CryptoApiMethods.CRYPT_BIT_BLOB();
certInfo.IssuerUniqueId = new CryptoApiMethods.CRYPT_BIT_BLOB();
certInfo.NotBefore = DateTimeToFileTime(notBefore);
certInfo.NotAfter = DateTimeToFileTime(notAfter);
certInfo.SignatureAlgorithm = new CryptoApiMethods.CRYPT_ALGORITHM_IDENTIFIER();
// Doesn't seem to work properly with standard szOID_RSA_SHA1RSA
//certInfo.SignatureAlgorithm.pszObjId = CryptoApiMethods.szOID_OIWSEC_sha1RSASign;
//certInfo.SignatureAlgorithm.pszObjId = CryptoApiMethods.szOID_RSA_SHA1RSA;
//certInfo.SignatureAlgorithm.pszObjId = CryptoApiMethods.szOID_RSA_SHA512RSA;
certInfo.SignatureAlgorithm.pszObjId = HashAlgorithmToOID(hashAlgorithm);
// Add extension fields
publicKeyInfoPtr = ExportPublicKeyInfo(key);
certInfo.SubjectPublicKeyInfo = (CryptoApiMethods.CERT_PUBLIC_KEY_INFO)Marshal.PtrToStructure(publicKeyInfoPtr, typeof(CryptoApiMethods.CERT_PUBLIC_KEY_INFO));
newExts = new List<X509Extension>();
if (extensions != null)
{
// Filter out some extensions we don't want
newExts.AddRange(
extensions.Cast<X509Extension>().Where(
x =>
!x.Oid.Value.Equals(CryptoApiMethods.szOID_AUTHORITY_KEY_IDENTIFIER)
&& !x.Oid.Value.Equals(CryptoApiMethods.szOID_SUBJECT_KEY_IDENTIFIER)
&& !x.Oid.Value.Equals(CryptoApiMethods.szOID_AUTHORITY_KEY_IDENTIFIER2)));
}
if (issuer != null)
{
newExts.Add(CreateAuthorityKeyInfo2(issuer.GetSerialNumber(), issuer.SubjectName, (RSACryptoServiceProvider)issuer.PrivateKey));
}
else
{
newExts.Add(CreateAuthorityKeyInfo2(serialNumber, subjectName, key));
}
newExts.Add(new X509SubjectKeyIdentifierExtension(HashPublicKeyInfo(key), false));
certInfo.rgExtension = MarshalExtensions(newExts.ToArray());
certInfo.cExtension = (uint)newExts.Count;
byte[] certData = EncodeAndSignCertInfo(issuer != null ? issuer.PrivateKey as RSACryptoServiceProvider : key, certInfo, hashAlgorithm);
cert = new X509Certificate2(certData, (string)null, X509KeyStorageFlags.Exportable);
cert.PrivateKey = key;
}
finally
{
if (certInfo.rgExtension != IntPtr.Zero)
{
Marshal.FreeHGlobal(certInfo.rgExtension);
}
if (certInfo.Subject != null)
{
certInfo.Subject.Release();
}
if (certInfo.Issuer != null)
{
certInfo.Issuer.Release();
}
if (publicKeyInfoPtr != IntPtr.Zero)
{
Marshal.FreeHGlobal(publicKeyInfoPtr);
}
}
return cert;
}
public void Indexer_String ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
c.Add (extn_empty);
Assert.IsNull (c[String.Empty]);
Assert.IsNull (c ["1.2.3"]);
Assert.AreEqual (extn_empty, c["1.2"], "0");
}
internal X509ExtensionEnumerator(X509ExtensionCollection extensions)
{
this.m_extensions = extensions;
this.m_current = -1;
}
// returns a list of IntPtr's; the first IntPtr is the pointer to the CERT_EXTENSIONS
// strucuture; the other pointers are pointers that have to be released in order
// to avoid leaking memory
private static unsafe List<IntPtr> ConvertExtensions(X509ExtensionCollection extensions)
{
List<IntPtr> ret = new List<IntPtr>();
if (extensions == null && extensions.Count == 0) {
ret.Add(IntPtr.Zero);
return ret;
}
int extensionStructSize = Marshal.SizeOf(typeof(CERT_EXTENSION));
// create the pointer to the CERT_EXTENSIONS object
CERT_EXTENSIONS extensionsStruct = new CERT_EXTENSIONS();
IntPtr extensionsPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(CERT_EXTENSIONS)));
ret.Add(extensionsPtr);
extensionsStruct.cExtension = extensions.Count;
extensionsStruct.rgExtension = Marshal.AllocHGlobal(extensionStructSize * extensions.Count); ;
ret.Add(extensionsStruct.rgExtension);
Marshal.StructureToPtr(extensionsStruct, extensionsPtr, false);
// create the array of CERT_EXTENSION objects
CERT_EXTENSION extensionStruct = new CERT_EXTENSION();
byte* workPointer = (byte*)extensionsStruct.rgExtension.ToPointer();
foreach(X509Extension ext in extensions) {
// initialize the extension structure
extensionStruct.pszObjId = Marshal.StringToHGlobalAnsi(ext.Oid.Value);
ret.Add(extensionStruct.pszObjId);
extensionStruct.fCritical = ext.Critical ? 1 : 0;
byte[] rawData = ext.RawData;
extensionStruct.cbData = rawData.Length;
extensionStruct.pbData = Marshal.AllocHGlobal(rawData.Length); ;
Marshal.Copy(rawData, 0, extensionStruct.pbData, rawData.Length);
ret.Add(extensionStruct.pbData);
// copy it to unmanaged memory
Marshal.StructureToPtr(extensionStruct, new IntPtr(workPointer), false);
workPointer += extensionStructSize;
}
// everything successfully created; return
return ret;
}
/// <summary>
/// Create a new certificate
/// </summary>
/// <param name="issuer">Issuer certificate, if null then self-sign</param>
/// <param name="subjectName">Subject name</param>
/// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
/// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
/// <param name="keySize">Size of RSA key</param>
/// <param name="hashAlgorithm">The hash algorithm for the certificate</param>
/// <param name="notBefore">Start date of certificate</param>
/// <param name="notAfter">End date of certificate</param>
/// <param name="extensions">Array of extensions, if null then no extensions</param>
/// <returns>The created X509 certificate</returns>
public static X509Certificate2 CreateCert(X509Certificate2 issuer, X500DistinguishedName subjectName,
byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, X509ExtensionCollection extensions)
{
return builder.CreateCert(issuer, subjectName, serialNumber, signature, keySize, hashAlgorithm, notBefore, notAfter, extensions);
}
public void FixtureSetUp ()
{
empty = new X509ExtensionCollection ();
extn_empty = new X509Extension ("1.2", new byte[] { 0x05, 0x00 }, false);
}
///// <summary>
///// Create a new certificate
///// </summary>
///// <param name="issuer">Issuer certificate, if null then self-sign</param>
///// <param name="subjectName">Subject name</param>
///// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
///// <param name="keySize">Size of RSA key</param>
///// <param name="notBefore">Start date of certificate</param>
///// <param name="notAfter">End date of certificate</param>
///// <param name="extensions">Array of extensions, if null then no extensions</param>
///// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
///// <returns>The created X509 certificate</returns>
public static SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName,
byte[] serialNumber, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore,
DateTime notAfter, SystemX509.X509ExtensionCollection extensions)
{
SecureRandom random = new SecureRandom();
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
AsymmetricCipherKeyPair bcSubjectKey = CreateRSAKey(keySize, random);
AsymmetricCipherKeyPair bcSignKey = issuer == null ? bcSubjectKey : issuer.GetBCPrivateKey();
if (bcSignKey == null)
{
throw new ArgumentException("issuer");
}
X509Name issuerNameObj = issuer == null?X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData))
: X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData));
X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData));
BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray());
BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber());
builder.SetIssuerDN(issuerNameObj);
builder.SetSubjectDN(subjectNameObj);
builder.SetSerialNumber(subjectSerial);
builder.SetNotBefore(notBefore.ToUniversalTime());
builder.SetNotAfter(notAfter.ToUniversalTime());
builder.SetPublicKey(bcSubjectKey.Public);
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public);
AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial);
SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public));
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId);
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid);
if (extensions != null)
{
foreach (SystemX509.X509Extension ext in extensions)
{
if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id) &&
!ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id) &&
!ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2))
{
Asn1InputStream istm = new Asn1InputStream(ext.RawData);
Asn1Object obj = istm.ReadObject();
builder.AddExtension(ext.Oid.Value, ext.Critical, obj);
}
}
}
X509Certificate cert = builder.Generate(CreateSignatureFactory(hashAlgorithm, bcSignKey, random));
Pkcs12StoreBuilder pkcs = new Pkcs12StoreBuilder();
Pkcs12Store store = pkcs.Build();
X509CertificateEntry entry = new X509CertificateEntry(cert);
store.SetCertificateEntry("main", entry);
AsymmetricKeyEntry key_entry = new AsymmetricKeyEntry(bcSubjectKey.Private);
store.SetKeyEntry("main", key_entry, new[] { entry });
MemoryStream stm = new MemoryStream();
store.Save(stm, new char[0], new SecureRandom());
return(new SystemX509.X509Certificate2(stm.ToArray(), String.Empty, SystemX509.X509KeyStorageFlags.Exportable));
}
public override void Reset ()
{
_cert = null;
_archived = false;
_extensions = null;
_name = String.Empty;
_serial = null;
_publicKey = null;
issuer_name = null;
subject_name = null;
signature_algorithm = null;
base.Reset ();
}
public override string ToString(bool verbose)
{
if (verbose == false || Pal == null)
{
return(ToString());
}
StringBuilder sb = new StringBuilder();
// Version
sb.AppendLine("[Version]");
sb.Append(" V");
sb.Append(Version);
// Subject
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Subject]");
sb.Append(" ");
sb.Append(SubjectName.Name);
string simpleName = GetNameInfo(X509NameType.SimpleName, false);
if (simpleName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Simple Name: ");
sb.Append(simpleName);
}
string emailName = GetNameInfo(X509NameType.EmailName, false);
if (emailName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Email Name: ");
sb.Append(emailName);
}
string upnName = GetNameInfo(X509NameType.UpnName, false);
if (upnName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("UPN Name: ");
sb.Append(upnName);
}
string dnsName = GetNameInfo(X509NameType.DnsName, false);
if (dnsName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("DNS Name: ");
sb.Append(dnsName);
}
// Issuer
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Issuer]");
sb.Append(" ");
sb.Append(IssuerName.Name);
simpleName = GetNameInfo(X509NameType.SimpleName, true);
if (simpleName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Simple Name: ");
sb.Append(simpleName);
}
emailName = GetNameInfo(X509NameType.EmailName, true);
if (emailName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Email Name: ");
sb.Append(emailName);
}
upnName = GetNameInfo(X509NameType.UpnName, true);
if (upnName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("UPN Name: ");
sb.Append(upnName);
}
dnsName = GetNameInfo(X509NameType.DnsName, true);
if (dnsName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("DNS Name: ");
sb.Append(dnsName);
}
// Serial Number
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Serial Number]");
sb.Append(" ");
sb.AppendLine(SerialNumber);
// NotBefore
sb.AppendLine();
sb.AppendLine("[Not Before]");
sb.Append(" ");
sb.AppendLine(FormatDate(NotBefore));
// NotAfter
sb.AppendLine();
sb.AppendLine("[Not After]");
sb.Append(" ");
sb.AppendLine(FormatDate(NotAfter));
// Thumbprint
sb.AppendLine();
sb.AppendLine("[Thumbprint]");
sb.Append(" ");
sb.AppendLine(Thumbprint);
// Signature Algorithm
sb.AppendLine();
sb.AppendLine("[Signature Algorithm]");
sb.Append(" ");
sb.Append(SignatureAlgorithm.FriendlyName);
sb.Append('(');
sb.Append(SignatureAlgorithm.Value);
sb.AppendLine(")");
// Public Key
sb.AppendLine();
sb.Append("[Public Key]");
// It could throw if it's some user-defined CryptoServiceProvider
try
{
PublicKey pubKey = PublicKey;
sb.AppendLine();
sb.Append(" ");
sb.Append("Algorithm: ");
sb.Append(pubKey.Oid.FriendlyName);
// So far, we only support RSACryptoServiceProvider & DSACryptoServiceProvider Keys
try
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Length: ");
using (RSA? pubRsa = this.GetRSAPublicKey())
{
if (pubRsa != null)
{
sb.Append(pubRsa.KeySize);
}
}
}
catch (NotSupportedException)
{
}
sb.AppendLine();
sb.Append(" ");
sb.Append("Key Blob: ");
sb.AppendLine(pubKey.EncodedKeyValue.Format(true));
sb.Append(" ");
sb.Append("Parameters: ");
sb.Append(pubKey.EncodedParameters.Format(true));
}
catch (CryptographicException)
{
}
// Private key
Pal.AppendPrivateKeyInfo(sb);
// Extensions
X509ExtensionCollection extensions = Extensions;
if (extensions.Count > 0)
{
sb.AppendLine();
sb.AppendLine();
sb.Append("[Extensions]");
foreach (X509Extension extension in extensions)
{
try
{
sb.AppendLine();
sb.Append("* ");
sb.Append(extension.Oid !.FriendlyName);
sb.Append('(');
sb.Append(extension.Oid.Value);
sb.Append("):");
sb.AppendLine();
sb.Append(" ");
sb.Append(extension.Format(true));
}
catch (CryptographicException)
{
}
}
}
sb.AppendLine();
return(sb.ToString());
}
internal X509ExtensionEnumerator (X509ExtensionCollection collection)
{
enumerator = ((IEnumerable) collection).GetEnumerator ();
}
