示例#1
0
        public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;

            if (privateKey != null)
            {
                SecureRandom random = Porthelp.CreateSecureRandom();
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                {
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
                }

                string algorithm = GetAlgorithm(signatureAlgorithm);

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return(result);
        }
示例#2
0
        public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
        {
            CertificateInfo          result = null;
            X509CertificateStructure cert   = null;

            switch (certificateFormat)
            {
            case TCertificateFormat.NotSet:
                break;

            case TCertificateFormat.PEM:
                Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
                Org.BouncyCastle.Utilities.IO.Pem.PemObject pem    = reader.ReadPemObject();
                while (pem != null)
                {
                    if (pem.Type.EndsWith("CERTIFICATE"))
                    {
                        cert = X509CertificateStructure.GetInstance(pem.Content);
                    }
                    else if (pem.Type.EndsWith("PRIVATE KEY"))
                    {
                        if (result == null)
                        {
                            result = new CertificateInfo();
                        }

                        result.PrivateKey = GetPrivateKeyFromPEM(pem);
                    }
                    pem = reader.ReadPemObject();
                }
                break;

            case TCertificateFormat.PFX:
                break;

            case TCertificateFormat.CER:
                cert = X509CertificateStructure.GetInstance(certificate);
                break;

            default:
                break;
            }
            if (cert != null)
            {
                if (result == null)
                {
                    result = new CertificateInfo();
                }
                result.Subject = new CertificateSubject(cert);
                X509Certificate certX509     = new X509Certificate(cert);
                Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
                if (subjectKeyID != null)
                {
                    byte[] encodeKeyID = subjectKeyID.GetOctets();
                    byte[] keyID       = new byte[encodeKeyID[1]];
                    Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
                    result.SubjectKeyID = keyID;
                }
            }
            return(result);
        }
示例#3
0
        public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate,
                                                               DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (issuer == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(signatureAlgorithm));
            }

            if (!(issuer.PrivateKey is AsymmetricKeyParameter privateKey))
            {
                return(null);
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            if (issuer.SubjectKeyID != null)
            {
                certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
            }

            var algorithm = GetAlgorithm(signatureAlgorithm);

            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
示例#4
0
        public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }

            CertificateInfo          result = null;
            X509CertificateStructure cert   = null;

            switch (certificateFormat)
            {
            case TCertificateFormat.NotSet:
            {
                break;
            }

            case TCertificateFormat.PEM:
            {
                var reader = new PemReader(new StreamReader(new MemoryStream(certificate)));
                var pem    = reader.ReadPemObject();
                while (pem != null)
                {
                    if (pem.Type.EndsWith("CERTIFICATE"))
                    {
                        cert = X509CertificateStructure.GetInstance(pem.Content);
                    }
                    else if (pem.Type.EndsWith("PRIVATE KEY"))
                    {
                        if (result == null)
                        {
                            result = new CertificateInfo();
                        }

                        result.PrivateKey = GetPrivateKeyFromPEM(pem);
                    }
                    pem = reader.ReadPemObject();
                }
                break;
            }

            case TCertificateFormat.PFX:
            {
                break;
            }

            case TCertificateFormat.CER:
            {
                cert = X509CertificateStructure.GetInstance(certificate);
                break;
            }

            default:
            {
                break;
            }
            }

            if (cert != null)
            {
                if (result == null)
                {
                    result = new CertificateInfo();
                }

                result.Subject = new CertificateSubject(cert);
                var certX509     = new X509Certificate(cert);
                var subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
                if (subjectKeyID != null)
                {
                    var encodeKeyID = subjectKeyID.GetOctets();
                    var keyID       = new byte[encodeKeyID[1]];
                    Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
                    result.SubjectKeyID = keyID;
                }
            }
            return(result);
        }
示例#5
0
 public Identities()
 {
     if (File.Exists("CA.pem"))
         _IssuerCA = Certificates.GetCertificateInfo(File.ReadAllBytes("CA.pem"), DTLS.TCertificateFormat.PEM);
 }
示例#6
0
 internal void Reset()
 {
     Epoch = 0;
     _SequenceNumber = 0;
     Cipher = null;
     ClientEpoch = 0;
     ClientSequenceNumber = 0;
     EncyptedClientEpoch = null;
     PSKIdentity = null;
     CertificateInfo = null;
     Records.Clear();
     this.Handshake = new HandshakeInfo();
 }
示例#7
0
        public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
        {
            CertificateInfo result = null;
            X509CertificateStructure cert = null;
            switch (certificateFormat)
            {
                case TCertificateFormat.NotSet:
                    break;
                case TCertificateFormat.PEM:
                    Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
                    Org.BouncyCastle.Utilities.IO.Pem.PemObject pem = reader.ReadPemObject();
                    while (pem != null)
                    {
                        if (pem.Type.EndsWith("CERTIFICATE"))
                        {
                            cert = X509CertificateStructure.GetInstance(pem.Content);
                        }
                        else if (pem.Type.EndsWith("PRIVATE KEY"))
                        {
                            if (result == null)
                                result = new CertificateInfo();

                            result.PrivateKey = GetPrivateKeyFromPEM(pem);
                        }
                        pem = reader.ReadPemObject();
                    }
                    break;
                case TCertificateFormat.PFX:
                    break;
                case TCertificateFormat.CER:
                    cert = X509CertificateStructure.GetInstance(certificate);
                    break;
                default:
                    break;
            }
            if (cert != null)
            {
                if (result == null)
                    result = new CertificateInfo();
                result.Subject = new CertificateSubject(cert);
                X509Certificate certX509 = new X509Certificate(cert);
                Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
                if (subjectKeyID != null)
                {
                    byte[] encodeKeyID = subjectKeyID.GetOctets();
                    byte[] keyID = new byte[encodeKeyID[1]];
                    Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
                    result.SubjectKeyID = keyID;
                }
            }
            return result;
        }              
示例#8
0
        public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
            if (privateKey != null)
            {
                CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
                SecureRandom random = new SecureRandom(randomGenerator);
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));

                string algorithm = GetAlgorithm(signatureAlgorithm);

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return result;
        }
示例#9
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
            if (privateKey != null)
            {

                CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
                SecureRandom random = new SecureRandom(randomGenerator);
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                string algorithm = GetAlgorithm(signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
                certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));

                //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
                //{
                //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
                //    //SubjectAlternativeName
                //    //GeneralName.DirectoryName
                //    //GeneralName.IPAddress
                //}

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return result;
        }