private void createPssTest(
string algorithm)
{
// RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
RsaKeyParameters pubKey = new RsaKeyParameters(false,
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16));
// RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
new BigInteger("010001",16),
new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
// KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
//
// PrivateKey privKey = fact.generatePrivate(privKeySpec);
// PublicKey pubKey = fact.generatePublic(pubKeySpec);
Pkcs10CertificationRequest req = new Pkcs10CertificationRequest(
algorithm, new X509Name("CN=XXX"), pubKey, null, privKey);
if (!req.Verify())
{
Fail("Failed verify check PSS.");
}
req = new Pkcs10CertificationRequest(req.GetEncoded());
if (!req.Verify())
{
Fail("Failed verify check PSS encoded.");
}
if (!req.SignatureAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
{
Fail("PSS oid incorrect.");
}
if (req.SignatureAlgorithm.Parameters == null)
{
Fail("PSS parameters incorrect.");
}
ISigner sig = SignerUtilities.GetSigner(algorithm);
sig.Init(false, pubKey);
byte[] encoded = req.GetCertificationRequestInfo().GetEncoded();
sig.BlockUpdate(encoded, 0, encoded.Length);
if (!sig.VerifySignature(req.Signature.GetBytes()))
{
Fail("signature not mapped correctly.");
}
}
public void Certificate_LoadCSR()
{
Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest csr = null;
try
{
csr = Certificate.LoadCSR("invalid.csr");
}
catch (Exception ex)
{
Assert.IsTrue(ex is FileNotFoundException);
}
csr = Certificate.LoadCSR("development.com.csr");
Assert.IsNotNull(csr);
Org.BouncyCastle.Asn1.Pkcs.CertificationRequestInfo csrInfo = csr.GetCertificationRequestInfo();
Assert.AreEqual("C=US,ST=Ut,L=SLC,O=Medicity,OU=Healthagen,CN=development.com", csrInfo.Subject.ToString());
Certificate.SaveCSR(csr, "development.com.copy.csr");
Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest csr_copy = Certificate.LoadCSR("development.com.copy.csr");
Assert.AreEqual(csr, csr_copy);
}
internal string GenerateCsr(DistinguishedName distinguishedName, string key)
{
var keyPair = GetKeyPair(key);
var csr =
new Pkcs10CertificationRequest("SHA1WITHRSA", new X509Name(distinguishedName.ToDnString()), keyPair.Public, null, keyPair.Private);
return GeneratePem(csr);
}
public void generateCSR(string electoralEampaign, string user, string password)
{
X509Name name = new X509Name("C=PL, ST=Mazowieckie, L=Warszawa, O=KBW, E=-, OU=" + electoralEampaign + ", CN=" + user);
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(BigInteger.ValueOf(3L), new SecureRandom(), 2048, 25);
keyGenerator.Init(param);
AsymmetricCipherKeyPair ackp = keyGenerator.GenerateKeyPair();
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA1WITHRSA", name, ackp.Public, null, ackp.Private);
System.Text.StringBuilder CSRPem = new System.Text.StringBuilder();
PemWriter CSRPemWriter = new PemWriter(new System.IO.StringWriter(CSRPem));
CSRPemWriter.WriteObject(csr);
CSRPemWriter.Writer.Flush();
this.generatedCSR = CSRPem.ToString();
System.Text.StringBuilder PrivateKeyPem = new System.Text.StringBuilder();
PemWriter PrivateKeyPemWriter = new PemWriter(new System.IO.StringWriter(PrivateKeyPem));
PrivateKeyPemWriter.WriteObject(ackp.Private);
CSRPemWriter.Writer.Flush();
this.keys = PrivateKeyPem.ToString();
AsymmetricKeyParameter publicKey = ackp.Public;
AsymmetricKeyParameter privateKey = ackp.Private;
System.IO.StringWriter sw = new System.IO.StringWriter();
PemWriter pw = new PemWriter(sw);
pw.WriteObject(privateKey, "AES-256-CBC", password.ToCharArray(), new SecureRandom());
pw.Writer.Close();
this.keys = sw.ToString();
if (!System.IO.Directory.Exists(this.path + "\\Licenses"))
{
try
{
System.IO.Directory.CreateDirectory(this.path + "\\Licenses");
}
catch (System.ArgumentNullException)
{
MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error");
}
catch (System.ArgumentException)
{
MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error");
}
catch (System.UnauthorizedAccessException)
{
MessageBox.Show("Nie masz uprawnień do tworzenia katalogów. Otwórz aplikacje jako adnimistrator.", "Uwaga");
}
catch (System.IO.PathTooLongException)
{
MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error");
}
catch (System.IO.DirectoryNotFoundException)
{
MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error");
}
catch (System.NotSupportedException)
{
MessageBox.Show("Nieprawidłowy format ścieżki. Nie można utworzyć katalogu \"Licenses\"", "Error");
}
catch (System.IO.IOException)
{
MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu \"Licenses\"", "Error");
}
}
string namefile = "";
try
{
int tmp = System.IO.Directory.GetFiles(this.path + "\\Licenses", electoralEampaign.Replace("/", "_") + "_" + user + "*.csr").Length + 1;
if (tmp > 1)
{
string num = tmp.ToString();
namefile = string.Concat(new string[]
{
electoralEampaign.Replace("/", "_"),
"_",
user,
" ",
num
});
}
else
{
namefile = electoralEampaign.Replace("/", "_") + "_" + user;
}
}
catch (System.Exception)
{
namefile = electoralEampaign.Replace("/", "_") + "_" + user;
}
try
{
System.IO.StreamWriter sw2 = new System.IO.StreamWriter(this.path + "\\Licenses\\" + namefile + ".csr", false);
sw2.Write(this.generatedCSR);
sw2.Close();
sw2 = new System.IO.StreamWriter(this.path + "\\Licenses\\" + namefile + ".key", false);
sw2.Write(this.keys);
sw2.Close();
}
catch (System.ArgumentNullException)
{
MessageBox.Show("Błędna ścieżka", "Error");
}
catch (System.ArgumentException)
{
MessageBox.Show("Błędna ścieżka", "Error");
}
catch (System.IO.DirectoryNotFoundException)
{
MessageBox.Show("Nie znaleziono katalogu", "Error");
}
catch (System.IO.PathTooLongException)
{
MessageBox.Show("Zbyt długa ścieżka do katalogu", "Error");
}
catch (System.IO.IOException)
{
MessageBox.Show("Podano ścieżke do pliku zamiast katalogu", "Error");
}
catch (System.UnauthorizedAccessException)
{
MessageBox.Show("Program nie posiada uprawnień do zapisywania plików. Otwórz aplikacje jako Administrator", "Error");
}
catch (System.Exception e)
{
MessageBox.Show("Nie można zapisać pliku. Orginal error: " + e.Message, "Error");
}
}
//@TODO: Generates a seemingly valid CSR but the Apple website doesn't accept this one (there is a context dependant 0 missing and a null missing compared to Keychain or OpenSSL generated ones, so the files aren't structurally identical)
private void GenerateSigningRequestViaBouncyCastle(string TargetCertRequestFileName, AsymmetricCipherKeyPair KeyPair)
{
// Construct the request subject
Hashtable Attributes = new Hashtable();
Attributes.Add(X509Name.EmailAddress, EMailEditBox.Text);
Attributes.Add(X509Name.CN, CommonNameEditBox.Text);
Attributes.Add(X509Name.C, System.Globalization.RegionInfo.CurrentRegion.TwoLetterISORegionName);
X509Name Subject = new X509Name(new ArrayList(Attributes.Keys), Attributes);
// Generate a certificate signing request
Pkcs10CertificationRequest CSR = new Pkcs10CertificationRequest(
"SHA1withRSA",
Subject,
KeyPair.Public,
null,
KeyPair.Private);
// Save the CSR to disk
File.WriteAllBytes(TargetCertRequestFileName, CSR.GetEncoded());
}
public override void PerformTest()
{
generationTest(512, "RSA", "SHA1withRSA");
generationTest(512, "GOST3410", "GOST3411withGOST3410");
// if (Security.getProvider("SunRsaSign") != null)
// {
// generationTest(512, "RSA", "SHA1withRSA", "SunRsaSign");
// }
// elliptic curve GOST A parameter set
Pkcs10CertificationRequest req = new Pkcs10CertificationRequest(gost3410EC_A);
if (!req.Verify())
{
Fail("Failed Verify check gost3410EC_A.");
}
// elliptic curve GOST B parameter set
req = new Pkcs10CertificationRequest(gost3410EC_B);
if (!req.Verify())
{
Fail("Failed Verify check gost3410EC_B.");
}
// elliptic curve GOST C parameter set
req = new Pkcs10CertificationRequest(gost3410EC_C);
if (!req.Verify())
{
Fail("Failed Verify check gost3410EC_C.");
}
// elliptic curve GOST ExA parameter set
req = new Pkcs10CertificationRequest(gost3410EC_ExA);
if (!req.Verify())
{
Fail("Failed Verify check gost3410EC_ExA.");
}
// elliptic curve GOST ExB parameter set
req = new Pkcs10CertificationRequest(gost3410EC_ExB);
if (!req.Verify())
{
Fail("Failed Verify check gost3410EC_ExA.");
}
// elliptic curve openSSL
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
ECCurve curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecSpec = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
// g.initialize(ecSpec, new SecureRandom());
g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom()));
IAsymmetricCipherKeyPair kp = g.GenerateKeyPair();
req = new Pkcs10CertificationRequest(
"ECDSAWITHSHA1", new X509Name("CN=XXX"), kp.Public, null, kp.Private);
if (!req.Verify())
{
Fail("Failed Verify check EC.");
}
createECRequest("SHA1withECDSA", X9ObjectIdentifiers.ECDsaWithSha1);
createECRequest("SHA224withECDSA", X9ObjectIdentifiers.ECDsaWithSha224);
createECRequest("SHA256withECDSA", X9ObjectIdentifiers.ECDsaWithSha256);
createECRequest("SHA384withECDSA", X9ObjectIdentifiers.ECDsaWithSha384);
createECRequest("SHA512withECDSA", X9ObjectIdentifiers.ECDsaWithSha512);
createECGostRequest();
// TODO The setting of parameters for MGF algorithms is not implemented
// createPssTest("SHA1withRSAandMGF1");
// createPssTest("SHA224withRSAandMGF1");
// createPssTest("SHA256withRSAandMGF1");
// createPssTest("SHA384withRSAandMGF1");
nullPointerTest();
}
// previous code found to cause a NullPointerException
private void nullPointerTest()
{
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
IAsymmetricCipherKeyPair pair = keyGen.GenerateKeyPair();
IList oids = new ArrayList();
IList values = new ArrayList();
oids.Add(X509Extensions.BasicConstraints);
values.Add(new X509Extension(true, new DerOctetString(new BasicConstraints(true))));
oids.Add(X509Extensions.KeyUsage);
values.Add(new X509Extension(true, new DerOctetString(
new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign))));
SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.Public);
X509Extension ski = new X509Extension(false, new DerOctetString(subjectKeyIdentifier));
oids.Add(X509Extensions.SubjectKeyIdentifier);
values.Add(ski);
AttributePkcs attribute = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest,
new DerSet(new X509Extensions(oids, values)));
Pkcs10CertificationRequest p1 = new Pkcs10CertificationRequest(
"SHA1WithRSA", new X509Name("cn=csr"), pair.Public, new DerSet(attribute), pair.Private);
Pkcs10CertificationRequest p2 = new Pkcs10CertificationRequest(
"SHA1WithRSA", new X509Name("cn=csr"), pair.Public, new DerSet(attribute), pair.Private);
if (!p1.Equals(p2))
{
Fail("cert request comparison failed");
}
}
private void generationTest(
int keySize,
string keyName,
string sigName)
{
IAsymmetricCipherKeyPairGenerator kpg = GeneratorUtilities.GetKeyPairGenerator(keyName);
// kpg.initialize(keySize);
kpg.Init(new KeyGenerationParameters(new SecureRandom(), keySize));
IAsymmetricCipherKeyPair kp = kpg.GenerateKeyPair();
IDictionary attrs = new Hashtable();
attrs.Add(X509Name.C, "AU");
attrs.Add(X509Name.O, "The Legion of the Bouncy Castle");
attrs.Add(X509Name.L, "Melbourne");
attrs.Add(X509Name.ST, "Victoria");
attrs.Add(X509Name.EmailAddress, "*****@*****.**");
IList order = new ArrayList();
order.Add(X509Name.C);
order.Add(X509Name.O);
order.Add(X509Name.L);
order.Add(X509Name.ST);
order.Add(X509Name.EmailAddress);
X509Name subject = new X509Name(order, attrs);
Pkcs10CertificationRequest req1 = new Pkcs10CertificationRequest(
sigName,
subject,
kp.Public,
null,
kp.Private);
byte[] bytes = req1.GetEncoded();
Pkcs10CertificationRequest req2 = new Pkcs10CertificationRequest(bytes);
if (!req2.Verify())
{
Fail(sigName + ": Failed Verify check.");
}
if (!req2.GetPublicKey().Equals(req1.GetPublicKey()))
{
Fail(keyName + ": Failed public key check.");
}
}
/*
* we generate a self signed certificate for the sake of testing - SHA224withECDSA
*/
private void createECRequest(
string algorithm,
DerObjectIdentifier algOid)
{
FPCurve curve = new FPCurve(
new BigInteger("6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p)
new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 16), // a
new BigInteger("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 16)); // b
ECDomainParameters spec = new ECDomainParameters(
curve,
// curve.DecodePoint(Hex.Decode("02C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
curve.DecodePoint(Hex.Decode("0200C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 16)); // n
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(
new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
spec);
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
// curve.DecodePoint(Hex.Decode("026BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
curve.DecodePoint(Hex.Decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
spec);
// //
// // set up the keys
// //
// IAsymmetricKeyParameter privKey;
// IAsymmetricKeyParameter pubKey;
//
// KeyFactory fact = KeyFactory.getInstance("ECDSA");
//
// privKey = fact.generatePrivate(privKeySpec);
// pubKey = fact.generatePublic(pubKeySpec);
Pkcs10CertificationRequest req = new Pkcs10CertificationRequest(
algorithm, new X509Name("CN=XXX"), pubKey, null, privKey);
if (!req.Verify())
{
Fail("Failed Verify check EC.");
}
req = new Pkcs10CertificationRequest(req.GetEncoded());
if (!req.Verify())
{
Fail("Failed Verify check EC encoded.");
}
//
// try with point compression turned off
//
// ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
FPPoint q = (FPPoint) pubKey.Q;
pubKey = new ECPublicKeyParameters(
pubKey.AlgorithmName,
new FPPoint(q.Curve, q.X, q.Y, false),
pubKey.Parameters);
req = new Pkcs10CertificationRequest(
algorithm, new X509Name("CN=XXX"), pubKey, null, privKey);
if (!req.Verify())
{
Fail("Failed Verify check EC uncompressed.");
}
req = new Pkcs10CertificationRequest(req.GetEncoded());
if (!req.Verify())
{
Fail("Failed Verify check EC uncompressed encoded.");
}
if (!req.SignatureAlgorithm.ObjectID.Equals(algOid))
{
Fail("ECDSA oid incorrect.");
}
if (req.SignatureAlgorithm.Parameters != null)
{
Fail("ECDSA parameters incorrect.");
}
ISigner sig = SignerUtilities.GetSigner(algorithm);
sig.Init(false, pubKey);
byte[] b = req.GetCertificationRequestInfo().GetEncoded();
sig.BlockUpdate(b, 0, b.Length);
if (!sig.VerifySignature(req.Signature.GetBytes()))
{
Fail("signature not mapped correctly.");
}
}
private void createECGostRequest()
{
string algorithm = "GOST3411withECGOST3410";
IAsymmetricCipherKeyPairGenerator ecGostKpg = GeneratorUtilities.GetKeyPairGenerator("ECGOST3410");
ecGostKpg.Init(
new ECKeyGenerationParameters(
CryptoProObjectIdentifiers.GostR3410x2001CryptoProA,
new SecureRandom()));
//
// set up the keys
//
IAsymmetricCipherKeyPair pair = ecGostKpg.GenerateKeyPair();
IAsymmetricKeyParameter privKey = pair.Private;
IAsymmetricKeyParameter pubKey = pair.Public;
Pkcs10CertificationRequest req = new Pkcs10CertificationRequest(
algorithm, new X509Name("CN=XXX"), pubKey, null, privKey);
if (!req.Verify())
{
Fail("Failed Verify check EC.");
}
req = new Pkcs10CertificationRequest(req.GetEncoded());
if (!req.Verify())
{
Fail("Failed Verify check EC encoded.");
}
if (!req.SignatureAlgorithm.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001))
{
Fail("ECGOST oid incorrect.");
}
if (req.SignatureAlgorithm.Parameters != null)
{
Fail("ECGOST parameters incorrect.");
}
ISigner sig = SignerUtilities.GetSigner(algorithm);
sig.Init(false, pubKey);
byte[] b = req.GetCertificationRequestInfo().GetEncoded();
sig.BlockUpdate(b, 0, b.Length);
if (!sig.VerifySignature(req.Signature.GetBytes()))
{
Fail("signature not mapped correctly.");
}
}
public void TestMethod1()
{
// this snippet can be easily used in any normal c# project as well by simply removing the .Dump() methods
// and saving the output into a variable / file of your choice.
// you'll need to add BouncyCastle.Crypto nuget to use this.
// tested on 1.8.0-beta4
AsymmetricCipherKeyPair pair;
Pkcs10CertificationRequest csr;
var ecMode = false;
var values = new Dictionary<DerObjectIdentifier, string> {
{X509Name.CN, ""}, //domain name
{X509Name.OU, "Domain Control Validated"},
{X509Name.O, ""}, //Organisation's Legal name
{X509Name.L, "London"},
{X509Name.ST, "England"},
{X509Name.C, "GB"},
};
var subjectAlternateNames = new GeneralName[] { };
var extensions = new Dictionary<DerObjectIdentifier, X509Extension>()
{
{X509Extensions.BasicConstraints, new X509Extension(true, new DerOctetString(new BasicConstraints(false)))},
{X509Extensions.KeyUsage, new X509Extension(true, new DerOctetString(new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.NonRepudiation)))},
{X509Extensions.ExtendedKeyUsage, new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)))},
};
if (values[X509Name.CN].StartsWith("www.")) values[X509Name.CN] = values[X509Name.CN].Substring(4);
if (!values[X509Name.CN].StartsWith("*.") && subjectAlternateNames.Length == 0)
subjectAlternateNames = new GeneralName[] { new GeneralName(GeneralName.DnsName, $"www.{values[X509Name.CN]}") };
if (subjectAlternateNames.Length > 0) extensions.Add(X509Extensions.SubjectAlternativeName, new X509Extension(false, new DerOctetString(new GeneralNames(subjectAlternateNames))));
var subject = new X509Name(values.Keys.Reverse().ToList(), values);
if (ecMode)
{
var gen = new ECKeyPairGenerator();
var ecp = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1");
gen.Init(new ECKeyGenerationParameters(new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed()), new SecureRandom()));
pair = gen.GenerateKeyPair();
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(pair.Public))));
csr = new Pkcs10CertificationRequest("SHA256withECDSA", subject, pair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), pair.Private);
}
else
{
var gen = new RsaKeyPairGenerator();
gen.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
pair = gen.GenerateKeyPair();
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(pair.Public))));
csr = new Pkcs10CertificationRequest("SHA256withRSA", subject, pair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), pair.Private);
}
//Convert BouncyCastle csr to .PEM file.
var csrPem = new StringBuilder();
var csrPemWriter = new PemWriter(new StringWriter(csrPem));
csrPemWriter.WriteObject(csr);
csrPemWriter.Writer.Flush();
Console.WriteLine(csrPem.ToString());
var privateKeyPem = new StringBuilder();
var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem));
privateKeyPemWriter.WriteObject(pair.Private);
csrPemWriter.Writer.Flush();
//privateKeyPem.ToString().Dump("Private Key");
}
internal string GeneratePem(Pkcs10CertificationRequest certificationRequest)
{
return GeneratePemFromObject(certificationRequest);
}
//public string GenerateSwCertificate(string edId)
//{
// byte[] csrBinary = GenerateCSR(edId);
// return System.Convert.ToBase64String(csrBinary);
//}
private string GenerateCSR(string edId)
{
Dictionary<Org.BouncyCastle.Asn1.DerObjectIdentifier, string> Dn = new Dictionary<Org.BouncyCastle.Asn1.DerObjectIdentifier, string>();
Dn.Add(X509Name.UID, edId);
//X509Name name = new X509Name(new ArrayList(Dn.Keys), new ArrayList(Dn.Values)); //( "CN="+EdId+", C=AT"); //, E=" + EdId);
X509Name name = new X509Name(new List<DerObjectIdentifier>(Dn.Keys), new List<string>(Dn.Values));
//Key generation 2048bits
rkpg = new RsaKeyPairGenerator();
rkpg.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
ackp = rkpg.GenerateKeyPair();
//PKCS #10 Certificate.Certificate Signing Request
KeyUsage usage = new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment);
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA256WITHRSA", name, ackp.Public, null, ackp.Private);
byte[] csrBinary = csr.GetDerEncoded();
return System.Convert.ToBase64String(csrBinary);
}
/// <summary>
/// Erstellt die für die PKCS#10-Datei notwendigen Daten
/// </summary>
/// <returns>Die für die PKCS#10-Datei notwendigen Daten</returns>
public Pkcs10Data CreateRequest()
{
var sigAlgoName = "SHA256WITHRSA";
var subject = new X509Name(
true,
$"CN={Requester.Surname}, OU={Requester.Number}, OU={Requester.CompanyName}, O={"ITSG TrustCenter fuer Arbeitgeber"}, C={"DE"}",
new Pkcs.X509ItsgEntryConverter()
);
var rng = new SecureRandom();
var rsaKeyPair = RSA;
if (rsaKeyPair == null)
{
var keyPairGen = new RsaKeyPairGenerator();
keyPairGen.Init(new KeyGenerationParameters(rng, 2048));
rsaKeyPair = keyPairGen.GenerateKeyPair();
}
var csr = new Pkcs10CertificationRequest(sigAlgoName, subject, rsaKeyPair.Public, null, rsaKeyPair.Private);
var outputCsrPem = new StringWriter();
{
var pemWriter = new PemWriter(outputCsrPem);
pemWriter.WriteObject(csr);
}
var outputPrivateKeyPem = new StringWriter();
{
var pemWriter = new PemWriter(outputPrivateKeyPem);
if (string.IsNullOrEmpty(Password))
{
pemWriter.WriteObject(rsaKeyPair.Private);
}
else
{
pemWriter.WriteObject(
rsaKeyPair.Private,
"des-ede3-cbc",
Password.ToCharArray(),
rng
);
}
}
var rsaPubKey = (RsaKeyParameters)rsaKeyPair.Public;
var rawPubKeyData = OstcUtils.CalculatePublicKeyHash(rsaPubKey);
return new Pkcs10Data(csr.GetEncoded(), outputCsrPem.ToString(), outputPrivateKeyPem.ToString(), rawPubKeyData);
}
