public static void SelfSign(string privateKey, string csrFile)
{
var pk = ReadAsymmetricKeyParameter(privateKey);
var PKKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pk.Private);
var reader = new PemReader(File.OpenText(csrFile));
var csr = (Pkcs10CertificationRequest)(reader.ReadObject());
var csrinfo = csr.GetCertificationRequestInfo();
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BigInteger serial = new BigInteger(128, new SecureRandom());
DateTime from = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day);
DateTime to = from.AddYears(20);
X509V3CertificateGenerator tbsGen = new X509V3CertificateGenerator();
tbsGen.SetIssuerDN(csrinfo.Subject);
tbsGen.SetSerialNumber(serial);
tbsGen.SetNotBefore((from));
tbsGen.SetNotAfter((to));
tbsGen.SetPublicKey(csr.GetPublicKey());
tbsGen.SetSubjectDN(csrinfo.Subject);
tbsGen.SetSignatureAlgorithm("SHA256WITHRSA");
var cert = tbsGen.Generate(pk.Private);
// save the TBS
System.IO.File.WriteAllBytes("cert.cer", cert.GetEncoded());
}
public static void CreateCert(string parentcer, string csrFile)
{
var issuer = new X509CertificateParser().ReadCertificate(File.OpenRead(parentcer));
var reader = new PemReader(File.OpenText(csrFile));
var csr = (Pkcs10CertificationRequest)(reader.ReadObject());
var csrinfo = csr.GetCertificationRequestInfo();
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BigInteger serial = new BigInteger(128, new SecureRandom());
DateTime from = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day);
DateTime to = from.AddYears(5);
V3TbsCertificateGenerator tbsGen = new V3TbsCertificateGenerator();
tbsGen.SetIssuer(issuer.SubjectDN);
tbsGen.SetSerialNumber(new DerInteger(serial));
tbsGen.SetStartDate(new Time(from));
tbsGen.SetEndDate(new Time(to));
tbsGen.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(csr.GetPublicKey()));
tbsGen.SetSubject(csrinfo.Subject);
// add certificate purposes
Asn1EncodableVector vector = new Asn1EncodableVector();
vector.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.2"));
vector.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.2"));
vector.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.10.3.12"));
vector.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.4"));
DerSequence seq = new DerSequence(vector);
X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
extGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, seq);
tbsGen.SetExtensions(extGenerator.Generate());
tbsGen.SetSignature(sigAlgId);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
// save the TBS
System.IO.File.WriteAllBytes("tbs.cer", tbsCert.GetDerEncoded());
Console.WriteLine("generate the signature (SHA->DER->ENCRYPT) for tbs.cer and call it tbs.sig");
Console.WriteLine("And then press enter");
Console.ReadLine();
var t1 = GenerateJcaObject(tbsCert, sigAlgId, System.IO.File.ReadAllBytes("tbs.sig").Take(256).ToArray());
System.IO.File.WriteAllBytes("cert.cer", t1.GetEncoded());
Console.WriteLine("saved as cert.cer");
}
private static string GetFingerprint(X509Certificate certificate, out string hashFunctionName)
{
var algorithms = DigestUtilities.Algorithms;
var digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(certificate.CertificateStructure.SignatureAlgorithm);
IDigest digest = DigestUtilities.GetDigest(digAlgId.Algorithm);
byte[] input = certificate.GetEncoded();
digest.BlockUpdate(input, 0, input.Length);
byte[] output = new byte[digest.GetDigestSize()];
digest.DoFinal(output, 0);
hashFunctionName = digest.AlgorithmName;
return(BytesToFingerprintString(output));
}
public CertificateConfirmationContent(CertConfirmContent content,
DefaultDigestAlgorithmIdentifierFinder digestAlgFinder)
{
this.content = content;
this.digestAlgFinder = digestAlgFinder;
}
public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder)
{
this.digestAlgFinder = digestAlgFinder;
}
public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus)
{
this.digestAlgFinder = digestAlgFinder;
this.certStatus = certStatus;
}