public ISigner GetVerifier(PkiShaSize?shaSize = null)
{
ISigner ret = SignerUtilities.GetSigner(PkiUtil.GetSignatureAlgorithmOid(this.Algorithm, shaSize, this.BitsSize));
ret.Init(false, this.PublicKeyData);
return(ret);
}
public ReadOnlyMemory <byte> ExportPkcs12(string?password = null)
{
password = password._NonNull();
using (MemoryStream ms = new MemoryStream())
{
Pkcs12Store p12 = ToPkcs12Store();
p12.Save(ms, password.ToCharArray(), PkiUtil.NewSecureRandom());
return(ms.ToArray());
}
}
public static ReadOnlyMemory <byte> NormalizePkcs12MemoryData(ReadOnlySpan <byte> src, string password = "")
{
password = password._NonNull();
using (MemoryStream ms = new MemoryStream())
{
ms.Write(src);
ms._SeekToBegin();
Pkcs12StoreFix p12 = new Pkcs12StoreFix(ms, password.ToCharArray());
using (MemoryStream ms2 = new MemoryStream())
{
p12.Save(ms2, password.ToCharArray(), PkiUtil.NewSecureRandom());
return(ms2.ToArray());
}
}
}
// 自己署名証明書の作成
public Certificate(PrivKey selfSignKey, CertificateOptions options)
{
X509Name name = options.GenerateName();
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
gen.SetSerialNumber(new BigInteger(options.Serial.ToArray()));
gen.SetIssuerDN(name);
gen.SetSubjectDN(name);
gen.SetNotBefore(DateTime.Now.AddDays(-1));
gen.SetNotAfter(options.Expires.UtcDateTime);
gen.SetPublicKey(selfSignKey.PublicKey.PublicKeyData);
X509Extension extConst = new X509Extension(true, new DerOctetString(new BasicConstraints(true)));
gen.AddExtension(X509Extensions.BasicConstraints, true, extConst.GetParsedValue());
X509Extension extBasicUsage = new X509Extension(false, new DerOctetString(new KeyUsage(options.KeyUsages)));
gen.AddExtension(X509Extensions.KeyUsage, false, extBasicUsage.GetParsedValue());
X509Extension extExtendedUsage = new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(options.ExtendedKeyUsages)));
gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extExtendedUsage.GetParsedValue());
X509Extension altName = new X509Extension(false, new DerOctetString(options.GenerateAltNames()));
gen.AddExtension(X509Extensions.SubjectAlternativeName, false, altName.GetParsedValue());
this.CertData = gen.Generate(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), selfSignKey.PrivateKeyData.Private, PkiUtil.NewSecureRandom()));
InitFields();
}
public string GetSignatureAlgorithmOid()
{
return(PkiUtil.GetSignatureAlgorithmOid(this.Algorithm, this.ShaSize));
}
public ReadOnlyMemory <byte> Export(string?password = null)
{
using (StringWriter w = new StringWriter())
{
PemWriter pem = new PemWriter(w);
if (password._IsNullOrZeroLen())
{
pem.WriteObject(this.PrivateKeyData);
}
else
{
pem.WriteObject(this.PrivateKeyData, "DESEDE", password.ToCharArray(), PkiUtil.NewSecureRandom());
}
w.Flush();
return(w.ToString()._GetBytes_UTF8());
}
}
public ISigner GetSigner(PkiShaSize?shaSize = null)
{
return(GetSigner(PkiUtil.GetSignatureAlgorithmOid(this.Algorithm, shaSize, this.BitsSize)));
}
public Csr(PrivKey priv, CertificateOptions options)
{
X509Name subject = options.GenerateName();
GeneralNames alt = options.GenerateAltNames();
X509Extension altName = new X509Extension(false, new DerOctetString(alt));
List <object> oids = new List <object>()
{
X509Extensions.SubjectAlternativeName,
};
List <object> values = new List <object>()
{
altName,
};
X509Extensions x509exts = new X509Extensions(oids, values);
X509Attribute attr = new X509Attribute(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest.Id, new DerSet(x509exts));
AttributePkcs attr2 = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(x509exts));
this.Request = new Pkcs10CertificationRequest(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), priv.PrivateKeyData.Private, PkiUtil.NewSecureRandom()),
subject, priv.PublicKey.PublicKeyData, new DerSet(attr2));
}