Пример #1
0
        public void TestGenCSR()
        {
            var pem = File.ReadAllText("openssl-rsagen-privatekey.txt");
            var rsa = CryptoKey.FromPrivateKey(pem, null);
            //pem = File.ReadAllText("openssl-rsagen-publickey.txt");
            //rsa = CryptoKey.FromPublicKey(pem, null);

            var nam = new X509Name();
            nam.Common = "FOOBAR";
            nam.Country = "US";

            var csr = new X509Request();
            csr.PublicKey = rsa;
            csr.Subject = nam;
            csr.Sign(rsa, MessageDigest.SHA256);

            File.WriteAllText("openssl-requ-csr.txt", csr.PEM);
            using (var bioOut = BIO.MemoryBuffer())
            {
                csr.Write_DER(bioOut);
                var arr = bioOut.ReadBytes((int)bioOut.BytesPending);

                File.WriteAllBytes("openssl-requ-csr.der", arr.Array);
            }

            //using (var bioIn = BIO.MemoryBuffer())
            //{
            //    var pem2 = File.ReadAllText("openssl-requ-csr.txt");
            //    bioIn.Write(pem2);

            //    var csr = new X509Request()
            //    var x509 = new X509Certificate(bioIn);

            //}
        }
Пример #2
0
        /// <summary>
        /// Process and X509Request. This includes creating a new X509Certificate
        /// and signing this certificate with this CA's private key.
        /// </summary>
        /// <param name="request"></param>
        /// <param name="startTime"></param>
        /// <param name="endTime"></param>
        /// <param name="digest"></param>
        /// <returns></returns>
        public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime, MessageDigest digest)
        {
            //using (CryptoKey pkey = request.PublicKey)
            //{
            //    if (!request.Verify(pkey))
            //        throw new Exception("Request signature validation failed");
            //}

            X509Certificate cert = new X509Certificate(
                serial.Next(),
                request.Subject,
                this.caCert.Subject,
                request.PublicKey,
                startTime,
                endTime);

            if (this.cfg != null)
            {
                this.cfg.ApplyExtensions("v3_ca", this.caCert, cert, request);
            }

            cert.Sign(this.caKey, digest);

            return(cert);
        }
Пример #3
0
        public static Csr GenerateCsr(CsrDetails csrDetails, RsaKeyPair rsaKeyPair, string messageDigest = "SHA256")
        {
            var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null);

            // Translate from our external form to our OpenSSL internal form
            // Ref:  https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html
            var xn = new X509Name();
            if (!string.IsNullOrEmpty(csrDetails.CommonName         /**/)) xn.Common = csrDetails.CommonName;       // CN;
            if (!string.IsNullOrEmpty(csrDetails.Country            /**/)) xn.Common = csrDetails.Country;          // C;
            if (!string.IsNullOrEmpty(csrDetails.StateOrProvince    /**/)) xn.Common = csrDetails.StateOrProvince;  // ST;
            if (!string.IsNullOrEmpty(csrDetails.Locality           /**/)) xn.Common = csrDetails.Locality;         // L;
            if (!string.IsNullOrEmpty(csrDetails.Organization       /**/)) xn.Common = csrDetails.Organization;     // O;
            if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit   /**/)) xn.Common = csrDetails.OrganizationUnit; // OU;
            if (!string.IsNullOrEmpty(csrDetails.Description        /**/)) xn.Common = csrDetails.Description;      // D;
            if (!string.IsNullOrEmpty(csrDetails.Surname            /**/)) xn.Common = csrDetails.Surname;          // S;
            if (!string.IsNullOrEmpty(csrDetails.GivenName          /**/)) xn.Common = csrDetails.GivenName;        // G;
            if (!string.IsNullOrEmpty(csrDetails.Initials           /**/)) xn.Common = csrDetails.Initials;         // I;
            if (!string.IsNullOrEmpty(csrDetails.Title              /**/)) xn.Common = csrDetails.Title;            // T;
            if (!string.IsNullOrEmpty(csrDetails.SerialNumber       /**/)) xn.Common = csrDetails.SerialNumber;     // SN;
            if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier   /**/)) xn.Common = csrDetails.UniqueIdentifier; // UID;

            var xr = new X509Request(0, xn, rsaKeys);
            var md = MessageDigest.CreateByName(messageDigest); ;
            xr.Sign(rsaKeys, md);
            using (var bio = BIO.MemoryBuffer())
            {
                xr.Write(bio);
                return new Csr(bio.ReadString());
            }
        }
Пример #4
0
        public void CanAddRequestExtensions()
        {
            var extList = new List<X509V3ExtensionValue> {
                new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"),
                new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
            };

            var start = DateTime.Now;
            var end = start + TimeSpan.FromMinutes(10);
            using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY))))
            using (var request = new X509Request(1,new X509Name("foo"),key))
            {
                OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>();
                foreach (var extValue in extList)
                {
                    using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value))
                    {
                        Console.WriteLine(ext);
                        extensions.Add(ext);
                    }
                }

                request.AddExtensions(extensions);

                Assert.AreEqual(EXPECTED_CERT, request.PEM);
            }
        }
Пример #5
0
        /// <summary>
        /// Process an X509Request. This includes creating a new X509Certificate
        /// and signing this certificate with this CA's private key.
        /// </summary>
        /// <param name="request"></param>
        /// <param name="startTime"></param>
        /// <param name="endTime"></param>
        /// <param name="cfg"></param>
        /// <param name="section"></param>
        /// <param name="digest"></param>
        /// <returns></returns>
        public X509Certificate ProcessRequest(
            X509Request request,
            DateTime startTime,
            DateTime endTime,
            Configuration cfg,
            string section,
            MessageDigest digest)
        {
//			using (var pkey = request.PublicKey)
//			{
//				if (!request.Verify(pkey))
//					throw new Exception("Request signature validation failed");
//			}

            var cert = new X509Certificate(
                serial.Next(),
                request.Subject,
                this.caCert.Subject,
                request.PublicKey,
                startTime,
                endTime);

            if (cfg != null)
            {
                cfg.ApplyExtensions(section, caCert, cert, request);
            }

            cert.Sign(caKey, digest);

            return(cert);
        }
Пример #6
0
 /// <summary>
 /// Calls X509V3_EXT_conf_nid()
 /// </summary>
 /// <param name="request"></param>
 /// <param name="name"></param>
 /// <param name="critical"></param>
 /// <param name="value"></param>
 public X509Extension(X509Request request, string name, bool critical, string value)
     : base(IntPtr.Zero, true)
 {
     using (var ctx = new X509V3Context(null, null, request))
     {
         ptr = Native.ExpectNonNull(Native.X509V3_EXT_conf_nid(IntPtr.Zero, ctx.Handle, Native.TextToNID(name), value));
     }
 }
Пример #7
0
 /// <summary>
 /// Calls X509V3_EXT_conf_nid()
 /// </summary>
 /// <param name="request"></param>
 /// <param name="name"></param>
 /// <param name="critical"></param>
 /// <param name="value"></param>
 public X509Extension(X509Request request, string name, bool critical, string value)
     : base(IntPtr.Zero, true)
 {
     using (var ctx = new X509V3Context(null, null, request))
     {
         ptr = Native.ExpectNonNull(Native.X509V3_EXT_conf_nid(IntPtr.Zero, ctx.Handle, Native.TextToNID(name), value));
     }
 }
Пример #8
0
        /// <summary>
        /// Create a X509Request for this identity, using the specified name and digest.
        /// </summary>
        /// <param name="name"></param>
        /// <param name="digest"></param>
        /// <returns></returns>
        public X509Request CreateRequest(string name, MessageDigest digest)
        {
            X509Name    subject = new X509Name(name);
            X509Request request = new X509Request(2, subject, this.key);

            request.Sign(key, digest);

            return(request);
        }
Пример #9
0
 /// <summary>
 /// Process an X509Request. This includes creating a new X509Certificate
 /// and signing this certificate with this CA's private key.
 /// </summary>
 /// <param name="request"></param>
 /// <param name="startTime"></param>
 /// <param name="endTime"></param>
 /// <param name="cfg"></param>
 /// <param name="section"></param>
 /// <returns></returns>
 public X509Certificate ProcessRequest(
     X509Request request,
     DateTime startTime,
     DateTime endTime,
     Configuration cfg,
     string section)
 {
     return(ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1));
 }
Пример #10
0
		/// <summary>
		/// Calls X509V3_set_ctx()
		/// </summary>
		/// <param name="issuer"></param>
		/// <param name="subject"></param>
		/// <param name="request"></param>
		public X509V3Context(X509Certificate issuer, X509Certificate subject, X509Request request)
			: this()
		{
			Native.X509V3_set_ctx(
				this.ptr,
				issuer != null ? issuer.Handle : IntPtr.Zero,
				subject != null ? subject.Handle : IntPtr.Zero,
				request != null ? request.Handle : IntPtr.Zero,
				IntPtr.Zero,
				0);
		}
Пример #11
0
 /// <summary>
 /// Calls X509V3_set_ctx()
 /// </summary>
 /// <param name="issuer"></param>
 /// <param name="subject"></param>
 /// <param name="request"></param>
 public X509V3Context(X509Certificate issuer, X509Certificate subject, X509Request request)
     : this()
 {
     Native.X509V3_set_ctx(
         this.ptr,
         issuer != null ? issuer.Handle : IntPtr.Zero,
         subject != null ? subject.Handle : IntPtr.Zero,
         request != null ? request.Handle : IntPtr.Zero,
         IntPtr.Zero,
         0);
 }
Пример #12
0
 /// <summary>
 /// Creates a X509v3Context(), calls X509V3_set_ctx() on it, then calls
 /// X509V3_EXT_add_nconf()
 /// </summary>
 /// <param name="section"></param>
 /// <param name="issuer"></param>
 /// <param name="subject"></param>
 /// <param name="request"></param>
 public void ApplyExtensions(
     string section,
     X509Certificate issuer,
     X509Certificate subject,
     X509Request request)
 {
     using (X509V3Context ctx = new X509V3Context(issuer, subject, request))
     {
         ctx.SetConfiguration(this);
         Native.ExpectSuccess(Native.X509V3_EXT_add_nconf(
                                  this.ptr,
                                  ctx.Handle,
                                  Encoding.ASCII.GetBytes(section),
                                  subject.Handle));
     }
 }
Пример #13
0
		X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section)
		{
			var now = DateTime.Now;
			var future = now + TimeSpan.FromDays(365);

			using (var subject = new X509Name(name))
			using (var rsa = new RSA())
			{
				rsa.GenerateKeys(1024, BigNumber.One, null, null);
				using (var key = new CryptoKey(rsa))
				{
					var request = new X509Request(1, subject, key);
					var cert = ca.ProcessRequest(request, now, future, cfg, section);
					cert.PrivateKey = key;
					return cert;
				}
			}
		}
Пример #14
0
 public static void ConvertPemToDer(Stream source, Stream target)
 {
     using (var ts = new StreamReader(source))
     {
         using (var xr = new X509Request(ts.ReadToEnd()))
         {
             using (var bio = BIO.MemoryBuffer())
             {
                 xr.Write_DER(bio);
                 var arr = bio.ReadBytes((int)bio.BytesPending);
                 target.Write(arr.Array, arr.Offset, arr.Count);
             }
         }
     }
 }
Пример #15
0
 /// <summary>
 /// Process and X509Request. This includes creating a new X509Certificate
 /// and signing this certificate with this CA's private key.
 /// </summary>
 /// <param name="request"></param>
 /// <param name="startTime"></param>
 /// <param name="endTime"></param>
 /// <returns></returns>
 public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime)
 {
     return(ProcessRequest(request, startTime, endTime, MessageDigest.DSS1));
 }
Пример #16
0
		/// <summary>
		/// Creates a X509v3Context(), calls X509V3_set_ctx() on it, then calls
		/// X509V3_EXT_add_nconf()
		/// </summary>
		/// <param name="section"></param>
		/// <param name="issuer"></param>
		/// <param name="subject"></param>
		/// <param name="request"></param>
		public void ApplyExtensions(
			string section,
			X509Certificate issuer,
			X509Certificate subject,
			X509Request request)
		{
			using (var ctx = new X509V3Context(issuer, subject, request))
			{
				ctx.SetConfiguration(this);
				Native.ExpectSuccess(Native.X509V3_EXT_add_nconf(
					this.ptr,
					ctx.Handle,
					Encoding.ASCII.GetBytes(section),
					subject.Handle));
			}
		}
Пример #17
0
		/// <summary>
		/// Process an X509Request. This includes creating a new X509Certificate
		/// and signing this certificate with this CA's private key.
		/// </summary>
		/// <param name="request"></param>
		/// <param name="startTime"></param>
		/// <param name="endTime"></param>
		/// <param name="cfg"></param>
		/// <param name="section"></param>
		/// <param name="digest"></param>
		/// <returns></returns>
		public X509Certificate ProcessRequest(
			X509Request request,
			DateTime startTime,
			DateTime endTime,
			Configuration cfg,
			string section,
			MessageDigest digest)
		{
//			using (var pkey = request.PublicKey)
//			{
//				if (!request.Verify(pkey))
//					throw new Exception("Request signature validation failed");
//			}

			var cert = new X509Certificate(
				           serial.Next(),
				           request.Subject,
				           this.caCert.Subject,
				           request.PublicKey,
				           startTime,
				           endTime);

			if (cfg != null)
				cfg.ApplyExtensions(section, caCert, cert, request);

			cert.Sign(caKey, digest);

			return cert;
		}
Пример #18
0
		/// <summary>
		/// Process an X509Request. This includes creating a new X509Certificate
		/// and signing this certificate with this CA's private key.
		/// </summary>
		/// <param name="request"></param>
		/// <param name="startTime"></param>
		/// <param name="endTime"></param>
		/// <param name="cfg"></param>
		/// <param name="section"></param>
		/// <returns></returns>
		public X509Certificate ProcessRequest(
			X509Request request, 
			DateTime startTime, 
			DateTime endTime,
			Configuration cfg,
			string section)
		{
			return ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1);
		}
Пример #19
0
		/// <summary>
		/// Create a X509Request for this identity, using the specified name and digest.
		/// </summary>
		/// <param name="name"></param>
		/// <param name="digest"></param>
		/// <returns></returns>
		public X509Request CreateRequest(string name, MessageDigest digest)
		{
			var subject = new X509Name(name);
			var request = new X509Request(2, subject, key);

			request.Sign(key, digest);

			return request;
		}
Пример #20
0
 public void ExportAsDer(Stream s)
 {
     var xr = new X509Request(Pem);
     using (var bio = BIO.MemoryBuffer())
     {
         xr.Write_DER(bio);
         var arr = bio.ReadBytes((int)bio.BytesPending);
         s.Write(arr.Array, arr.Offset, arr.Count);
     }
 }
Пример #21
0
        /// <summary>
        /// Process and X509Request. This includes creating a new X509Certificate
        /// and signing this certificate with this CA's private key.
        /// </summary>
        /// <param name="request"></param>
        /// <param name="startTime"></param>
        /// <param name="endTime"></param>
        /// <param name="digest"></param>
        /// <returns></returns>
        public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime, MessageDigest digest)
        {
            //using (CryptoKey pkey = request.PublicKey)
            //{
            //    if (!request.Verify(pkey))
            //        throw new Exception("Request signature validation failed");
            //}

            X509Certificate cert = new X509Certificate(
                serial.Next(),
                request.Subject,
                this.caCert.Subject,
                request.PublicKey,
                startTime,
                endTime);

            if (this.cfg != null)
                this.cfg.ApplyExtensions("v3_ca", this.caCert, cert, request);

            cert.Sign(this.caKey, digest);

            return cert;
		}
Пример #22
0
		/// <summary>
		/// Process and X509Request. This includes creating a new X509Certificate
		/// and signing this certificate with this CA's private key.
		/// </summary>
		/// <param name="request"></param>
		/// <param name="startTime"></param>
		/// <param name="endTime"></param>
		/// <returns></returns>
		public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime)
		{
            return ProcessRequest(request, startTime, endTime, MessageDigest.DSS1);
		}