private void Init()
{
if (File.Exists(_opts.CaKeyPairSavePath))
{
using (var fs = new FileStream(_opts.CaKeyPairSavePath, FileMode.Open))
{
_keyPair = PkiKeyPair.Load(fs);
}
}
if (_keyPair == null)
{
switch (_opts.KeyPairAlgorithm)
{
case PkiAsymmetricAlgorithm.Rsa:
_keyPair = PkiKeyPair.GenerateRsaKeyPair(_opts.BitLength ?? 2048);
break;
case PkiAsymmetricAlgorithm.Ecdsa:
_keyPair = PkiKeyPair.GenerateEcdsaKeyPair(_opts.BitLength ?? 256);
break;
default:
throw new Exception("unsupported Key Pair Algorithm");
}
using (var fs = new FileStream(_opts.CaKeyPairSavePath, FileMode.CreateNew))
{
_keyPair.Save(fs);
}
}
if (File.Exists(_opts.CaCertificateSavePath))
{
using (var fs = new FileStream(_opts.CaCertificateSavePath, FileMode.Open))
{
CaCertificate = PkiCertificate.Load(fs);
}
}
if (CaCertificate == null)
{
var caCsr = new PkiCertificateSigningRequest(
_opts.CaSubjectName, _keyPair, _opts.SignatureHashAlgorithm);
CaCertificate = caCsr.CreateCa(
DateTimeOffset.Now.ToUniversalTime(),
DateTimeOffset.Now.AddYears(10).ToUniversalTime());
using (var fs = new FileStream(_opts.CaCertificateSavePath, FileMode.CreateNew))
{
CaCertificate.Save(fs);
}
}
}
public void SaveLoadCertificate(PkiAsymmetricAlgorithm algor, int bits)
{
var hashAlgor = PkiHashAlgorithm.Sha256;
var isurName = "CN=SelfSigned";
var isurKeys = PkiKeyTests.GenerateKeyPair(algor, bits);
var subjName = "CN=foo.example.com";
var subjKeys = PkiKeyTests.GenerateKeyPair(algor, bits);
var isurCsr = new PkiCertificateSigningRequest(isurName, isurKeys, hashAlgor);
var subjCsr = new PkiCertificateSigningRequest(subjName, subjKeys, hashAlgor);
subjCsr.CertificateExtensions.Add(PkiCertificateExtension.CreateDnsSubjectAlternativeNames(
new[] {
"foo-alt1.example.com",
"foo-alt2.example.com",
}
));
var selfOut = Path.Combine(_testTemp,
$"certsave-{algor}-{bits}-{hashAlgor}-self.ser");
var signedOut = Path.Combine(_testTemp,
$"certsave-{algor}-{bits}-{hashAlgor}-signed.ser");
var isurCert = isurCsr.CreateCa(
DateTime.Now.AddMonths(-5),
DateTime.Now.AddMonths(5));
var subjCert = subjCsr.Create(isurCert, isurKeys.PrivateKey,
DateTime.Now.AddMonths(-1),
DateTime.Now.AddMonths(1), new[] { (byte)0x2b });
using (var ms = new MemoryStream())
{
isurCert.Save(ms);
File.WriteAllBytes(selfOut, ms.ToArray());
}
using (var ms = new MemoryStream())
{
subjCert.Save(ms);
File.WriteAllBytes(signedOut, ms.ToArray());
}
PkiCertificate isurCert2;
PkiCertificate subjCert2;
using (var fs = new FileStream(selfOut, FileMode.Open))
isurCert2 = PkiCertificate.Load(fs);
using (var fs = new FileStream(signedOut, FileMode.Open))
subjCert2 = PkiCertificate.Load(fs);
var bclIsur = isurCert.ToBclCertificate();
var bclSubj = subjCert.ToBclCertificate();
var bclIsur2 = isurCert2.ToBclCertificate();
var bclSubj2 = subjCert2.ToBclCertificate();
Assert.AreEqual(bclIsur.GetSerialNumberString(),
bclIsur2.GetSerialNumberString(), "Issuer Serial Number");
Assert.AreEqual(bclIsur.GetCertHashString(),
bclIsur2.GetCertHashString(), "Issuer Hash");
Assert.AreEqual(bclIsur.GetRawCertDataString(),
bclIsur2.GetRawCertDataString(), "Issuer Raw Data");
Assert.AreEqual(bclSubj.GetSerialNumberString(),
bclSubj2.GetSerialNumberString(), "Subject Serial Number");
Assert.AreEqual(bclSubj.GetCertHashString(),
bclSubj2.GetCertHashString(), "Subject Hash");
Assert.AreEqual(bclSubj.GetRawCertDataString(),
bclSubj2.GetRawCertDataString(), "Subject Raw Data");
}