示例#1
0
 private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
 {
     byte[] result = null;
     switch (certificateFormat)
     {
         case TCertificateFormat.NotSet:
             break;
         case TCertificateFormat.PEM:
             using (MemoryStream stream = new MemoryStream())
             {
                 using (StreamWriter writer = new StreamWriter(stream))
                 {
                     Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
                     if (subjectKeyPair.Private is ECKeyParameters)
                     {
                         ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
                         ECDomainParameters dp = priv.Parameters;
                         int orderBitLength = dp.N.BitLength;
                         Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec;
                         Org.BouncyCastle.Asn1.X9.X962Parameters x962;
                         if (priv.PublicKeyParamSet == null)
                         {
                             Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
                             x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP);
                         }
                         else
                         {
                             x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet);
                         }
                         ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
                         pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
                     }
                     else
                     {
                         pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private));
                     }
                     pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public));
                     pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate));
                     writer.Flush();
                     result = stream.ToArray();
                 }
             }
             break;
         case TCertificateFormat.PFX:
             //Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
             //asn1Sequence.GetObjects
             //Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
             //Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
             //result = pfx.GetEncoded(Asn1Encodable.Der);
             break;
         case TCertificateFormat.CER:
             result = certificate.GetEncoded();
             break;
         default:
             break;
     }
     return result;
 }
示例#2
0
        private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            switch (certificateFormat)
            {
            case TCertificateFormat.NotSet:
                break;

            case TCertificateFormat.PEM:
                using (MemoryStream stream = new MemoryStream())
                {
                    using (StreamWriter writer = new StreamWriter(stream))
                    {
                        Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
                        if (subjectKeyPair.Private is ECKeyParameters)
                        {
                            ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
                            ECDomainParameters     dp   = priv.Parameters;
                            int orderBitLength          = dp.N.BitLength;
                            Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec;
                            Org.BouncyCastle.Asn1.X9.X962Parameters         x962;
                            if (priv.PublicKeyParamSet == null)
                            {
                                Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
                                x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP);
                            }
                            else
                            {
                                x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet);
                            }
                            ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
                            pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
                        }
                        else
                        {
                            pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private));
                        }
                        pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public));
                        pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate));
                        writer.Flush();
                        result = stream.ToArray();
                    }
                }
                break;

            case TCertificateFormat.PFX:
                //Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
                //asn1Sequence.GetObjects
                //Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
                //Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
                //result = pfx.GetEncoded(Asn1Encodable.Der);
                break;

            case TCertificateFormat.CER:
                result = certificate.GetEncoded();
                break;

            default:
                break;
            }
            return(result);
        }
示例#3
0
        public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
        {
            CertificateInfo          result = null;
            X509CertificateStructure cert   = null;

            switch (certificateFormat)
            {
            case TCertificateFormat.NotSet:
                break;

            case TCertificateFormat.PEM:
                Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
                Org.BouncyCastle.Utilities.IO.Pem.PemObject pem    = reader.ReadPemObject();
                while (pem != null)
                {
                    if (pem.Type.EndsWith("CERTIFICATE"))
                    {
                        cert = X509CertificateStructure.GetInstance(pem.Content);
                    }
                    else if (pem.Type.EndsWith("PRIVATE KEY"))
                    {
                        if (result == null)
                        {
                            result = new CertificateInfo();
                        }

                        result.PrivateKey = GetPrivateKeyFromPEM(pem);
                    }
                    pem = reader.ReadPemObject();
                }
                break;

            case TCertificateFormat.PFX:
                break;

            case TCertificateFormat.CER:
                cert = X509CertificateStructure.GetInstance(certificate);
                break;

            default:
                break;
            }
            if (cert != null)
            {
                if (result == null)
                {
                    result = new CertificateInfo();
                }
                result.Subject = new CertificateSubject(cert);
                X509Certificate certX509     = new X509Certificate(cert);
                Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
                if (subjectKeyID != null)
                {
                    byte[] encodeKeyID = subjectKeyID.GetOctets();
                    byte[] keyID       = new byte[encodeKeyID[1]];
                    Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
                    result.SubjectKeyID = keyID;
                }
            }
            return(result);
        }
示例#4
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;

            SecureRandom random = Porthelp.CreateSecureRandom();
            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            byte[] subjectKeyID = new byte[20];
            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            string algorithm = GetAlgorithm(signatureAlgorithm);

            // selfsign certificate
            Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);

            return(result);
        }
示例#5
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;

            if (privateKey != null)
            {
                SecureRandom random = Porthelp.CreateSecureRandom();
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                string algorithm = GetAlgorithm(signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
                certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                {
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
                }

                //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
                //{
                //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
                //    //SubjectAlternativeName
                //    //GeneralName.DirectoryName
                //    //GeneralName.IPAddress
                //}

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return(result);
        }
示例#6
0
        private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }

            if (subjectKeyPair == null)
            {
                throw new ArgumentNullException(nameof(subjectKeyPair));
            }

            byte[] result = null;
            switch (certificateFormat)
            {
            case TCertificateFormat.NotSet:
            {
                break;
            }

            case TCertificateFormat.PEM:
            {
                using (var stream = new MemoryStream())
                {
                    using (var writer = new StreamWriter(stream))
                    {
                        var pemWriter = new PemWriter(writer);
                        if (subjectKeyPair.Private is ECKeyParameters)
                        {
                            var priv           = (ECPrivateKeyParameters)subjectKeyPair.Private;
                            var dp             = priv.Parameters;
                            var orderBitLength = dp.N.BitLength;
                            ECPrivateKeyStructure ec;
                            X962Parameters        x962;
                            if (priv.PublicKeyParamSet == null)
                            {
                                var ecP = new X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
                                x962 = new X962Parameters(ecP);
                            }
                            else
                            {
                                x962 = new X962Parameters(priv.PublicKeyParamSet);
                            }
                            ec = new ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
                            pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
                        }
                        else
                        {
                            pemWriter.WriteObject(new MiscPemGenerator(subjectKeyPair.Private));
                        }
                        pemWriter.WriteObject(new MiscPemGenerator(subjectKeyPair.Public));
                        pemWriter.WriteObject(new MiscPemGenerator(certificate));
                        writer.Flush();
                        result = stream.ToArray();
                    }
                }
            }
            break;

            case TCertificateFormat.PFX:
            {
                //Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
                //asn1Sequence.GetObjects
                //Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
                //Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
                //result = pfx.GetEncoded(Asn1Encodable.Der);
                break;
            }

            case TCertificateFormat.CER:
            {
                result = certificate.GetEncoded();
                break;
            }

            default:
            {
                break;
            }
            }
            return(result);
        }
示例#7
0
        public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }

            CertificateInfo          result = null;
            X509CertificateStructure cert   = null;

            switch (certificateFormat)
            {
            case TCertificateFormat.NotSet:
            {
                break;
            }

            case TCertificateFormat.PEM:
            {
                var reader = new PemReader(new StreamReader(new MemoryStream(certificate)));
                var pem    = reader.ReadPemObject();
                while (pem != null)
                {
                    if (pem.Type.EndsWith("CERTIFICATE"))
                    {
                        cert = X509CertificateStructure.GetInstance(pem.Content);
                    }
                    else if (pem.Type.EndsWith("PRIVATE KEY"))
                    {
                        if (result == null)
                        {
                            result = new CertificateInfo();
                        }

                        result.PrivateKey = GetPrivateKeyFromPEM(pem);
                    }
                    pem = reader.ReadPemObject();
                }
                break;
            }

            case TCertificateFormat.PFX:
            {
                break;
            }

            case TCertificateFormat.CER:
            {
                cert = X509CertificateStructure.GetInstance(certificate);
                break;
            }

            default:
            {
                break;
            }
            }

            if (cert != null)
            {
                if (result == null)
                {
                    result = new CertificateInfo();
                }

                result.Subject = new CertificateSubject(cert);
                var certX509     = new X509Certificate(cert);
                var subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
                if (subjectKeyID != null)
                {
                    var encodeKeyID = subjectKeyID.GetOctets();
                    var keyID       = new byte[encodeKeyID[1]];
                    Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
                    result.SubjectKeyID = keyID;
                }
            }
            return(result);
        }
示例#8
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate,
                                                       SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(signatureAlgorithm));
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            var algorithm = GetAlgorithm(signatureAlgorithm);
            // selfsign certificate
            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
示例#9
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate,
                                                 DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (issuer == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (!(issuer.PrivateKey is AsymmetricKeyParameter privateKey))
            {
                return(null);
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            var algorithm = GetAlgorithm(signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
            certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            if (issuer.SubjectKeyID != null)
            {
                certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
            }

            //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
            //{
            //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
            //    //SubjectAlternativeName
            //    //GeneralName.DirectoryName
            //    //GeneralName.IPAddress
            //}

            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
示例#10
0
        public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;

            if (privateKey != null)
            {
                CryptoApiRandomGenerator   randomGenerator      = new CryptoApiRandomGenerator();
                SecureRandom               random               = new SecureRandom(randomGenerator);
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                {
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
                }

                string algorithm = GetAlgorithm(signatureAlgorithm);

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return(result);
        }
示例#11
0
        public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
        {
            CertificateInfo result = null;
            X509CertificateStructure cert = null;
            switch (certificateFormat)
            {
                case TCertificateFormat.NotSet:
                    break;
                case TCertificateFormat.PEM:
                    Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
                    Org.BouncyCastle.Utilities.IO.Pem.PemObject pem = reader.ReadPemObject();
                    while (pem != null)
                    {
                        if (pem.Type.EndsWith("CERTIFICATE"))
                        {
                            cert = X509CertificateStructure.GetInstance(pem.Content);
                        }
                        else if (pem.Type.EndsWith("PRIVATE KEY"))
                        {
                            if (result == null)
                                result = new CertificateInfo();

                            result.PrivateKey = GetPrivateKeyFromPEM(pem);
                        }
                        pem = reader.ReadPemObject();
                    }
                    break;
                case TCertificateFormat.PFX:
                    break;
                case TCertificateFormat.CER:
                    cert = X509CertificateStructure.GetInstance(certificate);
                    break;
                default:
                    break;
            }
            if (cert != null)
            {
                if (result == null)
                    result = new CertificateInfo();
                result.Subject = new CertificateSubject(cert);
                X509Certificate certX509 = new X509Certificate(cert);
                Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
                if (subjectKeyID != null)
                {
                    byte[] encodeKeyID = subjectKeyID.GetOctets();
                    byte[] keyID = new byte[encodeKeyID[1]];
                    Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
                    result.SubjectKeyID = keyID;
                }
            }
            return result;
        }              
示例#12
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;

            CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
            SecureRandom random = new SecureRandom(randomGenerator);
            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            byte[] subjectKeyID = new byte[20];
            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            string algorithm = GetAlgorithm(signatureAlgorithm);
            // selfsign certificate
            Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);

            return result;
        }
示例#13
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
            if (privateKey != null)
            {

                CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
                SecureRandom random = new SecureRandom(randomGenerator);
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                string algorithm = GetAlgorithm(signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
                certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));

                //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
                //{
                //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
                //    //SubjectAlternativeName
                //    //GeneralName.DirectoryName
                //    //GeneralName.IPAddress
                //}

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return result;
        }