public static X509Certificate IssueCertificate(string pkcs10Request)
        {
            Pkcs10CertificationRequest request;

            using (var _sr = new StringReader(pkcs10Request))
            {
                var pRd = new PemReader(_sr);
                request = (Pkcs10CertificationRequest)pRd.ReadObject();
                pRd.Reader.Close();
            }

            var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();
            var caKey  = (AsymmetricKeyParameter)RootCertificates.GetPrivateKeyGOST();


            var startDate  = DateTime.Now;
            var expiryDate = DateTime.Now.AddYears(1);

            var serialNumber = BigIntegers.CreateRandomInRange(
                BigInteger.ValueOf(2).Pow(63),
                BigInteger.ValueOf(2).Pow(64),
                new SecureRandom()
                );

            var certGen = new X509V3CertificateGenerator();

            var requestInfo = request.GetCertificationRequestInfo();

            certGen.SetSerialNumber(serialNumber);
            certGen.SetIssuerDN(caCert.SubjectDN);
            certGen.SetNotBefore(startDate);
            certGen.SetNotAfter(expiryDate);

            certGen.SetSubjectDN(requestInfo.Subject);
            certGen.SetPublicKey(request.GetPublicKey());

            /// extensions
            certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
                                 new AuthorityKeyIdentifierStructure(caCert));
            certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
                                 new SubjectKeyIdentifierStructure(request.GetPublicKey()));

            certGen.AddExtension(
                X509Extensions.ExtendedKeyUsage,
                true,
                new ExtendedKeyUsage(new[]
            {
                new DerObjectIdentifier("1.1.1.1.1.1.2")
            })
                );

            var signer = new GostSignerFactory(caKey);

            var certificate = certGen.Generate(signer);

            return(certificate);
        }
        private static void CheckCertificateValidity(X509Certificate cert)
        {
            cert.CheckValidity();

            var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();

            var gst = new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411_2012_256Digest());

            gst.Init(false, caCert.GetPublicKey());

            var tbsCertificate = cert.GetTbsCertificate();

            gst.BlockUpdate(tbsCertificate, 0, tbsCertificate.Length);

            var t = gst.VerifySignature(cert.GetSignature());

            if (!t)
            {
                throw new CryptographicException("Cannot verify signature");
            }
        }
示例#3
0
 protected override X509Certificate GetRootCert()
 {
     return((X509Certificate)RootCertificates.GetRootCertRSA());
 }
示例#4
0
 protected override AsymmetricKeyParameter GetRootKey()
 {
     return((AsymmetricKeyParameter)RootCertificates.GetPrivateKeyRSA());
 }