} // End Sub AddExtensions public static Org.BouncyCastle.X509.X509Certificate GenerateSslCertificate( CertificateInfo certificateInfo , Org.BouncyCastle.Security.SecureRandom secureRandom , Org.BouncyCastle.X509.X509Certificate rootCertificate ) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey = KeyImportExport.ReadPublicKey(certificateInfo.SubjectKeyPair.PublicKey); Org.BouncyCastle.Crypto.AsymmetricKeyParameter issuerPrivateKey = KeyImportExport.ReadPrivateKey(certificateInfo.IssuerKeyPair.PrivateKey); return GenerateSslCertificate(certificateInfo, subjectPublicKey, issuerPrivateKey, rootCertificate, secureRandom); }
} // End Function GenerateSslCertificate public static Org.BouncyCastle.X509.X509Certificate GenerateRootCertificate( CertificateInfo certificateInfo , Org.BouncyCastle.Security.SecureRandom secureRandom ) { // The Certificate Generator Org.BouncyCastle.X509.X509V3CertificateGenerator certificateGenerator = new Org.BouncyCastle.X509.X509V3CertificateGenerator(); Org.BouncyCastle.Asn1.X509.X509Name subjectDn = certificateInfo.Subject; Org.BouncyCastle.Asn1.X509.X509Name issuerDn = certificateInfo.Subject; certificateGenerator.SetSubjectDN(issuerDn); certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetNotBefore(certificateInfo.ValidFrom); certificateGenerator.SetNotAfter(certificateInfo.ValidTo); Org.BouncyCastle.Crypto.AsymmetricKeyParameter publicKey = KeyImportExport.ReadPublicKey(certificateInfo.SubjectKeyPair.PublicKey); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = KeyImportExport.ReadPrivateKey(certificateInfo.SubjectKeyPair.PrivateKey); AddExtensions(certificateGenerator, certificateInfo); Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = CreateSignatureFactory(privateKey); certificateGenerator.SetPublicKey(publicKey); // Serial Number Org.BouncyCastle.Math.BigInteger serialNumber = Org.BouncyCastle.Utilities.BigIntegers.CreateRandomInRange( Org.BouncyCastle.Math.BigInteger.One , Org.BouncyCastle.Math.BigInteger.ValueOf(long.MaxValue) , secureRandom ); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.KeyUsage, true , new Org.BouncyCastle.Asn1.X509.KeyUsage( Org.BouncyCastle.Asn1.X509.KeyUsage.DigitalSignature | Org.BouncyCastle.Asn1.X509.KeyUsage.KeyCertSign | Org.BouncyCastle.Asn1.X509.KeyUsage.CrlSign | Org.BouncyCastle.Asn1.X509.KeyUsage.KeyEncipherment | Org.BouncyCastle.Asn1.X509.KeyUsage.DataEncipherment | Org.BouncyCastle.Asn1.X509.KeyUsage.KeyAgreement | Org.BouncyCastle.Asn1.X509.KeyUsage.NonRepudiation ) ); Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier authorityKeyIdentifierExtension = new Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier( Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey) ); Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier subjectKeyIdentifierExtension = new Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier( Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey) ); certificateGenerator.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.SubjectKeyIdentifier.Id , false , subjectKeyIdentifierExtension ); certificateGenerator.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier.Id , false , authorityKeyIdentifierExtension ); // Set certificate intended purposes to only Server Authentication //certificateGenerator.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id // , true // , new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage(Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPServerAuth) //); certificateGenerator.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id, true , new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage(new[] { Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPClientAuth, Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPServerAuth }) ); // Only if we generate a root-Certificate certificateGenerator.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.BasicConstraints.Id , true , new Org.BouncyCastle.Asn1.X509.BasicConstraints(true) ); return(certificateGenerator.Generate(signatureFactory)); } // End Function GenerateRootCertificate
} // End Sub AddExtensions public static Org.BouncyCastle.X509.X509Certificate GenerateSslCertificate( CertificateInfo certificateInfo , Org.BouncyCastle.Security.SecureRandom secureRandom , Org.BouncyCastle.X509.X509Certificate rootCertificate ) { // The Certificate Generator Org.BouncyCastle.X509.X509V3CertificateGenerator certificateGenerator = new Org.BouncyCastle.X509.X509V3CertificateGenerator(); certificateGenerator.SetSubjectDN(certificateInfo.Subject); certificateGenerator.SetIssuerDN(rootCertificate.IssuerDN); Org.BouncyCastle.Math.BigInteger serialNumber = Org.BouncyCastle.Utilities.BigIntegers.CreateRandomInRange( Org.BouncyCastle.Math.BigInteger.One, Org.BouncyCastle.Math.BigInteger.ValueOf(System.Int64.MaxValue), secureRandom ); certificateGenerator.SetSerialNumber(Org.BouncyCastle.Math.BigInteger.ValueOf(1)); certificateGenerator.SetNotBefore(certificateInfo.ValidFrom); certificateGenerator.SetNotAfter(certificateInfo.ValidTo); Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey = KeyImportExport.ReadPublicKey(certificateInfo.SubjectKeyPair.PublicKey); Org.BouncyCastle.Crypto.AsymmetricKeyParameter issuerPrivateKey = KeyImportExport.ReadPrivateKey(certificateInfo.IssuerKeyPair.PrivateKey); certificateGenerator.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.SubjectAlternativeName.Id , false , certificateInfo.SubjectAlternativeNames ); certificateGenerator.SetPublicKey(subjectPublicKey); Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier subjectKeyIdentifierExtension = new Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier( Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectPublicKey) ); certificateGenerator.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.SubjectKeyIdentifier.Id , false , subjectKeyIdentifierExtension ); certificateGenerator.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id, false, new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage(Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPServerAuth) ); // rootCertificate.GetPublicKey(): // rootCertificate.GetEncoded() // System.Security.Cryptography.X509Certificates.X509Certificate2 srp = // new System.Security.Cryptography.X509Certificates.X509Certificate2(rootCertificate.GetEncoded()); // srp.PrivateKey // srp.HasPrivateKey // Org.BouncyCastle.Crypto.AsymmetricKeyParameter Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(srp.PrivateKey).Private; // Org.BouncyCastle.Crypto.IDigest algorithm = Org.BouncyCastle.Security.DigestUtilities.GetDigest(rootCertificate.SigAlgOid); // var signature = new X509Certificate2Signature(cert, algorithm); // rootCertificate.SigAlgOid // rootCertificate.GetSignature(); // srp.GetRawCertData() // X509CertificateParser certParser = new X509CertificateParser(); // X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData()); // AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey(); AddExtensions(certificateGenerator, certificateInfo); Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = CreateSignatureFactory(issuerPrivateKey); return(certificateGenerator.Generate(signatureFactory)); } // End Function GenerateSslCertificate