/// <summary> /// Import the specified certificate. /// </summary> /// <remarks> /// Import the specified certificate. /// </remarks> /// <param name="certificate">The certificate.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="certificate"/> is <c>null</c>. /// </exception> public override void Import (Org.BouncyCastle.X509.X509Certificate certificate) { if (certificate == null) throw new ArgumentNullException ("certificate"); var store = new X509Store (StoreName.AddressBook, StoreLocation); store.Open (OpenFlags.ReadWrite); store.Add (new X509Certificate2 (certificate.GetEncoded ())); store.Close (); }
private static byte[] GeneratePkcs12(AsymmetricCipherKeyPair keys, Org.BouncyCastle.X509.X509Certificate cert, string friendlyName, string password, Dictionary<string, Org.BouncyCastle.X509.X509Certificate> chain) { var chainCerts = new List<X509CertificateEntry>(); // Create the PKCS12 store Pkcs12Store store = new Pkcs12StoreBuilder().Build(); // Add a Certificate entry X509CertificateEntry certEntry = new X509CertificateEntry(cert); store.SetCertificateEntry(friendlyName, certEntry); // use DN as the Alias. //chainCerts.Add(certEntry); // Add chain entries var additionalCertsAsBytes = new List<byte[]>(); if (chain != null && chain.Count > 0) { foreach (var additionalCert in chain) { additionalCertsAsBytes.Add(additionalCert.Value.GetEncoded()); } } if (chain != null && chain.Count > 0) { var addicionalCertsAsX09Chain = BuildCertificateChainBC(cert.GetEncoded(), additionalCertsAsBytes); foreach (var addCertAsX09 in addicionalCertsAsX09Chain) { chainCerts.Add(new X509CertificateEntry(addCertAsX09)); } } // Add a key entry AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private); // no chain store.SetKeyEntry(friendlyName, keyEntry, new X509CertificateEntry[] { certEntry }); using (var memoryStream = new MemoryStream()) { store.Save(memoryStream, password.ToCharArray(), new SecureRandom()); return memoryStream.ToArray(); } }
/// <summary> /// Import the specified certificate. /// </summary> /// <param name="certificate">The certificate.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="certificate"/> is <c>null</c>. /// </exception> public override void Import(Org.BouncyCastle.X509.X509Certificate certificate) { var store = new X509Store (StoreName.AddressBook, StoreLocation); store.Open (OpenFlags.ReadWrite); store.Add (new X509Certificate2 (certificate.GetEncoded ())); store.Close (); }
public static CertificateSecurityInformation VerifyEnc(Org.BouncyCastle.X509.X509Certificate encCert, Org.BouncyCastle.X509.X509Certificate authCert, DateTime date, IX509Store certs, bool checkRevocation) { CertificateSecurityInformation result = new CertificateSecurityInformation(); result.Certificate = new X509Certificate2(encCert.GetEncoded()); //check validity try { encCert.CheckValidity(date); } catch (CertificateExpiredException) { result.securityViolations.Add(CertSecurityViolation.NotTimeValid); } catch (CertificateNotYetValidException) { result.securityViolations.Add(CertSecurityViolation.NotTimeValid); } //check key usage int[] keyUsageIndexes = new int[] { 2, 3 }; foreach (int i in keyUsageIndexes) { if (!encCert.GetKeyUsage()[i]) { result.securityViolations.Add(CertSecurityViolation.NotValidForUsage); trace.TraceEvent(TraceEventType.Warning, 0, "The key usage did not have the correct usage flag set"); } } //check issuer/subject if (!encCert.IssuerDN.Equivalent(encCert.SubjectDN, false)) result.securityViolations.Add(CertSecurityViolation.HasNotPermittedNameConstraint); //check key size if (!VerifyKeySize(encCert.GetPublicKey(), EteeActiveConfig.Unseal.MinimumEncryptionKeySize.AsymmerticRecipientKey)) result.securityViolations.Add(CertSecurityViolation.NotValidKeySize); //check key type if (!(encCert.GetPublicKey() is RsaKeyParameters)) result.securityViolations.Add(CertSecurityViolation.NotValidKeyType); if (authCert != null) { //check signature try { encCert.Verify(authCert.GetPublicKey()); } catch (InvalidKeyException) { result.securityViolations.Add(CertSecurityViolation.NotSignatureValid); } //Validate result.IssuerInfo = VerifyBoth(authCert, date, certs, new List<CertificateList>(0), new List<BasicOcspResponse>(0), checkRevocation, false); } else { //We assume that we have the authCert in case it's of a 3rd person, we don't care if its or own encryption cert (we only care for the validity) } return result; }
private static CertificateSecurityInformation Verify(Org.BouncyCastle.X509.X509Certificate cert, DateTime date, IX509Store certs, IList<CertificateList> crls, IList<BasicOcspResponse> ocsps, bool checkRevocation, bool checkTime) { CertificateSecurityInformation result = new CertificateSecurityInformation(); AsymmetricKeyParameter key = cert.GetPublicKey(); //check key type if (!(key is RsaKeyParameters)) { result.securityViolations.Add(CertSecurityViolation.NotValidKeyType); trace.TraceEvent(TraceEventType.Warning, 0, "The key should be RSA but was {0}", key.GetType()); } //check key size if (!VerifyKeySize(key, EteeActiveConfig.Unseal.MinimumSignatureKeySize)) { result.securityViolations.Add(CertSecurityViolation.NotValidKeySize); trace.TraceEvent(TraceEventType.Warning, 0, "The key was smaller then {0}", EteeActiveConfig.Unseal.MinimumSignatureKeySize); } X509Certificate2Collection extraStore = new X509Certificate2Collection(); foreach (Org.BouncyCastle.X509.X509Certificate obj in certs.GetMatches(null)) { extraStore.Add(new X509Certificate2(obj.GetEncoded())); } Chain chain; if (checkRevocation) chain = new X509Certificate2(cert.GetEncoded()).BuildChain(date, extraStore, ref crls, ref ocsps, checkTime ? DateTime.UtcNow : date); else chain = new X509Certificate2(cert.GetEncoded()).BuildBasicChain(date, extraStore); CertificateSecurityInformation dest = null; foreach (ChainElement ce in chain.ChainElements) { if (dest == null) { dest = result; } else { dest.IssuerInfo = new CertificateSecurityInformation(); dest = dest.IssuerInfo; } dest.Certificate = ce.Certificate; foreach (X509ChainStatus status in ce.ChainElementStatus.Where(x => x.Status != X509ChainStatusFlags.NoError)) { dest.securityViolations.Add((CertSecurityViolation)Enum.Parse(typeof(CertSecurityViolation), Enum.GetName(typeof(X509ChainStatusFlags), status.Status))); } } if (chain.ChainStatus.Count(x => x.Status == X509ChainStatusFlags.PartialChain) > 0) { result.securityViolations.Add(CertSecurityViolation.IssuerTrustUnknown); } trace.TraceEvent(TraceEventType.Verbose, 0, "Verified certificate {0} for date {1}", cert.SubjectDN.ToString(), date); return result; }
public Signature(FileFormat fileFormat, Org.BouncyCastle.X509.X509Certificate certificateBC) { FileFormat = fileFormat; Certificate = new X509Certificate2(certificateBC.GetEncoded()); CertificateBouncyCastle = certificateBC; }