public CertificateResult Create( string algorithm, int keyLength, string subjectName, DateTime notBefore, DateTime notAfter, KeyUsage keyUsage, KeyPurposeID[] extendedUsages, X509Certificate caCertificate, AsymmetricCipherKeyPair caKeyPair, CertificateEndPoints certificateEndPoints ) { SecureRandom random = GenerateSecureRandom(); AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, keyLength); BigInteger serialNumber = GenerateSerialNumber(random); string caName = caCertificate.SubjectDN.ToString(); X509Certificate certificate = GenerateCertificate( random, algorithm, subjectName, subjectKeyPair, serialNumber, null, notBefore, notAfter, caName, caKeyPair, keyUsage, extendedUsages, certificateEndPoints); return(new CertificateResult(certificate, subjectKeyPair)); }
protected override void Setup(X509V3CertificateGenerator generator, CertificateEndPoints certificateEndPoints) { AddCertificateAuthorityBasicConstraints(generator); if (certificateEndPoints != null) { AddCrlDistributionPoint(generator, certificateEndPoints.CrlDistributionEndPoint); AddAuthorityDistributionEndPoint(generator, null, certificateEndPoints.OcspEndPoint); } }
public CertificateResult Create( string algorithm, int keyLength, string subjectName, DateTime notBefore, DateTime notAfter, KeyUsage keyUsage, KeyPurposeID[] extendedUsages, CertificateEndPoints certificateEndPoints ) { SecureRandom random = GenerateSecureRandom(); AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, keyLength); BigInteger serialNumber = GenerateSerialNumber(random); // É auto-assinado, então são iguais. // Uma CA é um Self-signed certificate com a 'BasicConstraint' CA=true string issuerName = subjectName; AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; X509Certificate certificate = GenerateCertificate( random, algorithm, subjectName, subjectKeyPair, serialNumber, null, notBefore, notAfter, issuerName, issuerKeyPair, keyUsage, extendedUsages, certificateEndPoints); return(new CertificateResult(certificate, subjectKeyPair)); }
protected X509Certificate GenerateCertificate( SecureRandom random, string algorithm, string subjectName, AsymmetricCipherKeyPair subjectKeyPair, BigInteger subjectSerialNumber, string[] subjectAlternativeNames, DateTime notBefore, DateTime notAfter, string issuerName, AsymmetricCipherKeyPair issuerKeyPair, KeyUsage keyUsage, KeyPurposeID[] usages, CertificateEndPoints certificateEndPoints) { var certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.SetSerialNumber(subjectSerialNumber); // Key emite o certificado X509Name issuerDN = BuildDistinguishedName(issuerName); certificateGenerator.SetIssuerDN(issuerDN); // Nota: Pode ser omitido se for indicado o 'subject alternative name' (SAN). certificateGenerator.SetSubjectDN(BuildDistinguishedName(subjectName)); // CIUDADO !!!! tempo em UTC!!!!!! certificateGenerator.SetNotBefore(notBefore); // CIUDADO !!!! tempo em UTC!!!!!! certificateGenerator.SetNotAfter(notAfter); // A chave pública do emissor é incluida no certificado.. certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Secção 4.2.1.1, Authority Key Identifier pode ser omitido em CA´s. // No nosso caso para as CA's emitidas, o KeyId será igual ao seu subjectid AddAuthorityKeyIdentifier(certificateGenerator, issuerKeyPair); AddSubjectKeyIdentifier(certificateGenerator, subjectKeyPair); if (certificateEndPoints != null) { CertificateUrlTemplateBindModel urlTemplateBindModel = BuildUrlTemplateBindModel( subjectName, subjectName, issuerName, new SubjectKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public)), new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKeyPair.Public)), subjectSerialNumber, notBefore, notAfter ); certificateEndPoints.CaDistributionEndPoint = EvaluateUrl(urlTemplateBindModel, certificateEndPoints.CaDistributionEndPoint); certificateEndPoints.CrlDistributionEndPoint = EvaluateUrl(urlTemplateBindModel, certificateEndPoints.CrlDistributionEndPoint); certificateEndPoints.OcspEndPoint = EvaluateUrl(urlTemplateBindModel, certificateEndPoints.OcspEndPoint); } // VER AddPolicies(certificateGenerator); Setup(certificateGenerator, certificateEndPoints); if (keyUsage != null) { AddKeyUsage(certificateGenerator, keyUsage); } if (!usages.IsNullOrEmpty()) { AddExtendedKeyUsage(certificateGenerator, usages); } if (!subjectAlternativeNames.IsStringListNullOrEmpty()) { AddSubjectAlternativeNames(certificateGenerator, subjectAlternativeNames); } // Assinar o certificado com a chave privada do emissor. return(certificateGenerator.Generate( new Asn1SignatureFactory( algorithm, issuerKeyPair.Private ))); }
protected abstract void Setup(X509V3CertificateGenerator generator, CertificateEndPoints endPoints);