internal static X509Certificate2 IssueCertificate( string subjectName, X509Certificate2 issuerCertificate, bool isLeafCertificate, string[] subjectAlternativeNames = default(string[]), KeyPurposeID[] usages = default(KeyPurposeID[])) { // It's self-signed, so these are the same. var issuerName = issuerCertificate.Subject; var random = GetSecureRandom(); var subjectKeyPair = GenerateKeyPair(random, 2048); var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); var serialNumber = GenerateSerialNumber(random); var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber()); bool isCertificateAuthority = !isLeafCertificate; var certificate = GenerateCertificate( random, subjectName, subjectKeyPair, serialNumber, subjectAlternativeNames, issuerName, issuerKeyPair, issuerSerialNumber, isCertificateAuthority, usages); return(ConvertCertificate(certificate, subjectKeyPair, random)); }
public bool Matches(X509Certificate2 certificate) { if (certificate == null) return false; return Matches(certificate.Issuer, Asn1IntegerConverter.Asn1IntegerToDecimalString(certificate.GetSerialNumber())); }
public Client() { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var storeCertificates = store.Certificates.Cast<X509Certificate2>() .Where(x => CertSubject.Parse(x.Subject).Get(CertSubject.KnownField.CanonicalName) == "www.teamlab.com") .Where(x => x.HasPrivateKey) .Where(x => x.NotAfter > DateTime.UtcNow) .Where(x => x.NotBefore < DateTime.UtcNow) .OrderByDescending(x=>x.NotBefore) .ThenByDescending(x=>x.NotAfter); _clientCertificate = storeCertificates.FirstOrDefault(x=>x.Verify()); if (_clientCertificate == null) throw new LicenseCertificateException("Can't find valid TM cert"); if (!_clientCertificate.HasPrivateKey) throw new LicenseCertificateException("Client certificate should conaint PK"); _export = _clientCertificate.Export(X509ContentType.Cert); //Check var test = new X509Certificate2(_export); if (test.HasPrivateKey) throw new LicenseCertificateException("Exported certificate shouldn't conaint PK"); _clientId = _clientCertificate.GetSerialNumber(); }
public X509IssuerSerialKeyIdentifierClause(X509Certificate2 certificate) : base(null) { if (certificate == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate"); this.issuerName = certificate.Issuer; this.issuerSerialNumber = Asn1IntegerConverter.Asn1IntegerToDecimalString(certificate.GetSerialNumber()); }
public MFTestResults CertTest_Test() { bool bRes = true; try { //string filename = "microsoft.cer"; using (Session session = new Session("", MechanismType.RSA_PKCS)) { X509Certificate2 cert = new X509Certificate2(session, Properties.Resources.GetBytes(Properties.Resources.BinaryResources.microsoft)); Log.Comment(cert.Subject); Log.Comment(cert.Issuer); byte[] serialNumber = new byte[cert.GetSerialNumber().Length]; Array.Copy(cert.GetSerialNumber(), 0, serialNumber, 0, cert.GetSerialNumber().Length); PrintByteArray(serialNumber); Log.Comment(cert.GetKeyAlgorithm()); byte[] publicKey = new byte[cert.GetPublicKey().Length]; Array.Copy(cert.GetPublicKey(), 0, publicKey, 0, cert.GetPublicKey().Length); PrintByteArray(publicKey); Log.Comment(cert.GetEffectiveDateString()); Log.Comment(cert.GetExpirationDateString()); } } catch { bRes = false; } return bRes ? MFTestResults.Pass : MFTestResults.Fail; }
public static void Main(string[] args) { string sn = string.Empty; X509Certificate2 cert = new X509Certificate2(); cert.Import("CSD01_AAA010101AAA.cer"); foreach (var b in cert.GetSerialNumber()) { sn = (char)b + sn; } Console.WriteLine (cert.Subject); Console.WriteLine (cert.Version); Console.WriteLine (cert.SignatureAlgorithm.Value.Replace("1.2.840.113549.1.1.5", "RSA_SHA1RSA")); Console.WriteLine (cert.NotBefore); Console.WriteLine (cert.NotAfter); Console.WriteLine (cert.SerialNumber); Console.WriteLine (sn); }
public static X509Certificates.X509Certificate2 IssueCertificate( string subjectName, X509Certificates.X509Certificate2 issuerCertificate, string[] subjectAlternativeNames, KeyPurposeID[] usages) { var random = new SecureRandom(new CryptoApiRandomGenerator()); var issuerName = issuerCertificate.FriendlyName; var subjectKeyPair = GenerateKeyPair(random, 2048); var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); var subjectSerialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber()); var certificate = GenerateCertificate(random, subjectName, subjectKeyPair, subjectSerialNumber, subjectAlternativeNames, issuerName, issuerKeyPair, issuerSerialNumber, false, usages); return(certificate.ToX509Certificate2(subjectKeyPair, random)); }
public static CertificadoDigital GetCertificadoDigital_v2(byte[] archivoCer) { var srtBase64 = ""; var certificado = new CertificadoDigital(); System.Security.Cryptography.X509Certificates.X509Certificate2 certEmisor = new System.Security.Cryptography.X509Certificates.X509Certificate2(); byte[] data = archivoCer; certEmisor.Import(data); srtBase64 = Convert.ToBase64String(certEmisor.GetRawCertData()); certificado.Certificado = certEmisor.GetRawCertDataString(); certificado.CertificadoBase64 = srtBase64; byte[] byteArray = certEmisor.GetSerialNumber(); //string test = byteArray.ToString(); string strSerialHex = certEmisor.GetSerialNumberString(); string serialTest2 = certEmisor.SerialNumber; var strSerial = ConvertHexToString(strSerialHex); //var str = System.Text.Encoding.Default.GetString(byteArray); //string result = System.Text.Encoding.UTF8.GetString(byteArray); //System.Text.Encoding enc = System.Text.Encoding.ASCII; //string myString = enc.GetString(byteArray); //string s = System.Text.UTF8Encoding.UTF8.GetString(byteArray); //char[] array = str.ToCharArray(); //Array.Reverse(array); //var nuevoStr = new string(array); certificado.NoCertificado = strSerial;//str; return(certificado); }
public override void Validate(X509Certificate2 certificate) { Debugger.Launch(); if (!certificate.GetSerialNumber().SequenceEqual(new byte[] { 1, 2, 3 })) { throw new SecurityTokenValidationException("Serial number not in Allowed List"); } // Check that there is a certificate. if (certificate == null) { throw new ArgumentNullException("certificate"); } // Check that the certificate issuer matches the configured issuer. if (this.allowedIssuerName != certificate.IssuerName.Name) { throw new SecurityTokenValidationException ("Certificate was not issued by a trusted issuer"); } }
public CertificateAndPems IssueCertificate(string subjectName, X509Certificate2 issuerCertificate, AsymmetricAlgorithm issuerPrivateKey, string[] subjectAlternativeNames, KeyPurposeID[] usages) { // It's self-signed, so these are the same. var issuerName = issuerCertificate.SubjectName.Decode(X500DistinguishedNameFlags.UseCommas); var random = GetSecureRandom(); var subjectKeyPair = GenerateKeyPair(random, 2048); var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerPrivateKey); var serialNumber = GenerateSerialNumber(random); var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber()); const bool isCertificateAuthority = false; var certificate = GenerateCertificate(random, subjectName, subjectKeyPair, serialNumber, subjectAlternativeNames, issuerName, issuerKeyPair, issuerSerialNumber, isCertificateAuthority, usages); return(new CertificateAndPems(ConvertCertificate(certificate, subjectKeyPair, random))); }
void initializeFromCert(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical) { Oid = _oid; Critical = critical; IncludedComponents = AuthorityKeyIdentifierFlags.None; // TODO rawData is not used List <Byte> rawData = new List <Byte>(); if ((flags & AuthorityKeyIdentifierFlags.KeyIdentifier) > 0) { using (var hasher = SHA1.Create()) { var hashbytes = hasher.ComputeHash(issuer.PublicKey.EncodedKeyValue.RawData); KeyIdentifier = AsnFormatter.BinaryToString(hashbytes, EncodingType.HexRaw, EncodingFormat.NOCRLF); rawData.AddRange(Asn1Utils.Encode(hashbytes, 0x80)); } IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier; } if ((flags & AuthorityKeyIdentifierFlags.AlternativeNames) > 0) { X509Extension san = issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames]; Debug.Assert(san != null, "san != null"); AsnEncodedData encoded = new AsnEncodedData(san.RawData); var sanExt = new X509SubjectAlternativeNamesExtension(encoded, false); IssuerNames = sanExt.AlternativeNames; IssuerNames.Close(); Asn1Reader asn = new Asn1Reader(san.RawData); rawData.AddRange(Asn1Utils.Encode(asn.GetPayload(), 0x81)); IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames; } if ((flags & AuthorityKeyIdentifierFlags.SerialNumber) > 0) { SerialNumber = issuer.SerialNumber; rawData.AddRange(Asn1Utils.Encode(issuer.GetSerialNumber().Reverse().ToArray(), 0x82)); IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber; } RawData = Asn1Utils.Encode(rawData.ToArray(), 48); }
///// <summary> ///// Create a new certificate ///// </summary> ///// <param name="issuer">Issuer certificate, if null then self-sign</param> ///// <param name="subjectName">Subject name</param> ///// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param> ///// <param name="keySize">Size of RSA key</param> ///// <param name="notBefore">Start date of certificate</param> ///// <param name="notAfter">End date of certificate</param> ///// <param name="extensions">Array of extensions, if null then no extensions</param> ///// <param name="hashAlgorithm">Specify the signature hash algorithm</param> ///// <returns>The created X509 certificate</returns> public static SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName, byte[] serialNumber, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, SystemX509.X509ExtensionCollection extensions) { SecureRandom random = new SecureRandom(); X509V3CertificateGenerator builder = new X509V3CertificateGenerator(); AsymmetricCipherKeyPair bcSubjectKey = CreateRSAKey(keySize, random); AsymmetricCipherKeyPair bcSignKey = issuer == null ? bcSubjectKey : issuer.GetBCPrivateKey(); if (bcSignKey == null) { throw new ArgumentException("issuer"); } X509Name issuerNameObj = issuer == null?X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData)) : X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData)); X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData)); BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray()); BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber()); builder.SetIssuerDN(issuerNameObj); builder.SetSubjectDN(subjectNameObj); builder.SetSerialNumber(subjectSerial); builder.SetNotBefore(notBefore.ToUniversalTime()); builder.SetNotAfter(notAfter.ToUniversalTime()); builder.SetPublicKey(bcSubjectKey.Public); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public); AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial); SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public)); builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId); builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid); if (extensions != null) { foreach (SystemX509.X509Extension ext in extensions) { if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id) && !ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id) && !ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2)) { Asn1InputStream istm = new Asn1InputStream(ext.RawData); Asn1Object obj = istm.ReadObject(); builder.AddExtension(ext.Oid.Value, ext.Critical, obj); } } } X509Certificate cert = builder.Generate(CreateSignatureFactory(hashAlgorithm, bcSignKey, random)); Pkcs12StoreBuilder pkcs = new Pkcs12StoreBuilder(); Pkcs12Store store = pkcs.Build(); X509CertificateEntry entry = new X509CertificateEntry(cert); store.SetCertificateEntry("main", entry); AsymmetricKeyEntry key_entry = new AsymmetricKeyEntry(bcSubjectKey.Private); store.SetKeyEntry("main", key_entry, new[] { entry }); MemoryStream stm = new MemoryStream(); store.Save(stm, new char[0], new SecureRandom()); return(new SystemX509.X509Certificate2(stm.ToArray(), String.Empty, SystemX509.X509KeyStorageFlags.Exportable)); }
private void Analizar(Byte[] ContenidoCertificado) { try { System.Security.Cryptography.X509Certificates.X509Certificate2 cer = new System.Security.Cryptography.X509Certificates.X509Certificate2(ContenidoCertificado); NumeroSerie = InvertirStr(System.Text.Encoding.ASCII.GetString(cer.GetSerialNumber())); FechaFinCertificado = System.Convert.ToDateTime(cer.GetExpirationDateString()); FechaInicioCertificado = System.Convert.ToDateTime(cer.GetEffectiveDateString()); EmisorCertificado = cer.GetNameInfo(X509NameType.SimpleName, true); if (CA != null) { foreach (System.Data.DataRow FilaCA in CA.Rows) { System.Security.Cryptography.X509Certificates.X509Certificate2 cerSAT = new System.Security.Cryptography.X509Certificates.X509Certificate2(System.Convert.FromBase64String(FilaCA["base64"].ToString())); if (System.Convert.ToBase64String(cer.IssuerName.RawData) == System.Convert.ToBase64String(cerSAT.SubjectName.RawData)) { EmitidoAutoridadCertificadora = true; } } } if (!String.IsNullOrEmpty(sArchivoKey) && !String.IsNullOrEmpty(sContraseña)) { byte[] CertModulus = new byte[0]; byte[] CertExponent = new byte[0]; if (GetCertPublicKey(cer, out CertModulus, out CertExponent)) { System.Security.Cryptography.RSACryptoServiceProvider RSA = null; byte[] keyblob = SSLKey.opensslkey.GetFileBytes(sArchivoKey); if (keyblob != null) { byte[] keyModulus = new byte[0]; byte[] keyExponent = new byte[0]; if (SSLKey.opensslkey.getModulusExponentPrivateKeyInfo(keyblob, ConvertToSecureString(sContraseña), out keyModulus, out keyExponent)) { if (CertExponent.Length == 3) { CertExponent = IngresarByte(CertExponent, 4); } if (keyExponent.Length == 3) { keyExponent = IngresarByte(keyExponent, 4); } if (CertModulus.Length < 128) { CertModulus = IngresarByte(CertModulus, 128); } if (keyModulus.Length < 128) { keyModulus = IngresarByte(keyModulus, 128); } if (CompareBytearrays(CertExponent, keyExponent) && CompareBytearrays(CertModulus, keyModulus)) { esKeyCertificado = true; } } } } } try { String DatCert = cer.Subject; int posrfc = DatCert.IndexOf("OID.2.5.4.45=") + ("OID.2.5.4.45=").Length; RFCCertificado = DatCert.Substring(posrfc, DatCert.IndexOf(" ", posrfc) - posrfc).Trim().Replace(",", ""); } catch (Exception ei) { } if (cer.Extensions["Uso de la clave"] != null) { if (cer.Extensions["Uso de la clave"].RawData[3] == 192) { esCSD = true; esFIEL = false; } if (cer.Extensions["Uso de la clave"].RawData[3] == 232 || cer.Extensions["Uso de la clave"].RawData[3] == 216) { esFIEL = true; esCSD = false; } } else if (cer.Extensions["Key Usage"] != null) { if (cer.Extensions["Key Usage"].RawData[3] == 192) { esCSD = true; esFIEL = false; } if (cer.Extensions["Key Usage"].RawData[3] == 232 || cer.Extensions["Key Usage"].RawData[3] == 216) { esFIEL = true; esCSD = false; } } } catch (Exception ex) { String Inner = ""; String Source = ""; String Target = ""; /* if (ex.InnerException != null) * Inner = " InnerException: " + ex.InnerException.Message; * if (ex.Source != null) * Source = " Source: " + ex.Source; * if (ex.TargetSite != null) * Target = " TargetSite: " + ex.TargetSite; * throw new Exception("error analizando el certificado error: " + ex.Message + Inner + Source + Target );*/ throw new Exception(ex.Message); } }
private string GetCertificateSerialNumber() { string certificatePath = Bill.BillCertificatesFolder + this.IssuerData.CertificateFileName; X509Certificate2 certificate = new X509Certificate2(certificatePath, this.IssuerData.GetCertificatePassword()); byte[] array = certificate.GetSerialNumber(); Array.Reverse(array); return ASCIIEncoding.ASCII.GetString(array); }
private bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert) { cert = new X509Certificate2(certContext); if (dwFindType == 0) { switch (findType) { case X509FindType.FindBySubjectDistinguishedName: if (string.Compare((string) findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase) == 0) { break; } cert.Reset(); cert = null; return false; case X509FindType.FindByIssuerDistinguishedName: if (string.Compare((string) findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase) == 0) { break; } cert.Reset(); cert = null; return false; case X509FindType.FindBySerialNumber: if (this.BinaryMatches((byte[]) findValue, cert.GetSerialNumber())) { break; } cert.Reset(); cert = null; return false; case X509FindType.FindBySubjectKeyIdentifier: { X509SubjectKeyIdentifierExtension extension = cert.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension; if ((extension == null) || !this.BinaryMatches((byte[]) findValue, extension.RawData)) { cert.Reset(); cert = null; return false; } break; } } } if (validOnly && !new X509Chain(false) { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.ExcludeRoot } }.Build(cert)) { cert.Reset(); cert = null; return false; } return (cert != null); }
/// <summary> /// Create a new certificate /// </summary> /// <param name="issuer">Issuer certificate, if null then self-sign</param> /// <param name="subjectName">Subject name</param> /// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param> /// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param> /// <param name="keySize">Size of RSA key</param> /// <param name="notBefore">Start date of certificate</param> /// <param name="notAfter">End date of certificate</param> /// <param name="extensions">Array of extensions, if null then no extensions</param> /// <param name="hashAlgorithm">Specify the signature hash algorithm</param> /// <returns>The created X509 certificate</returns> public X509Certificate2 CreateCert(X509Certificate2 issuer, X500DistinguishedName subjectName, byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, X509ExtensionCollection extensions) { CryptoApiMethods.CERT_INFO certInfo = new CryptoApiMethods.CERT_INFO(); RSACryptoServiceProvider key = CreateRSAKey(keySize, signature); IntPtr publicKeyInfoPtr = IntPtr.Zero; X509Certificate2 cert = null; List<X509Extension> newExts = null; if (extensions != null) { foreach (X509Extension ext in extensions) { if (ext.RawData == null) { throw new ArgumentException(Properties.Resources.CreateCert_NeedEncodedData); } } } try { if (serialNumber == null) { serialNumber = Guid.NewGuid().ToByteArray(); } certInfo.dwVersion = (uint)CryptoApiMethods.CertVersion.CERT_V3; certInfo.SerialNumber = new CryptoApiMethods.CRYPTOAPI_BLOB(serialNumber); certInfo.Subject = new CryptoApiMethods.CRYPTOAPI_BLOB(subjectName.RawData); if (issuer == null) { // Self-signed certInfo.Issuer = new CryptoApiMethods.CRYPTOAPI_BLOB(subjectName.RawData); } else { certInfo.Issuer = new CryptoApiMethods.CRYPTOAPI_BLOB(issuer.SubjectName.RawData); } // Never seems to need these set to anything valid? certInfo.SubjectUniqueId = new CryptoApiMethods.CRYPT_BIT_BLOB(); certInfo.IssuerUniqueId = new CryptoApiMethods.CRYPT_BIT_BLOB(); certInfo.NotBefore = DateTimeToFileTime(notBefore); certInfo.NotAfter = DateTimeToFileTime(notAfter); certInfo.SignatureAlgorithm = new CryptoApiMethods.CRYPT_ALGORITHM_IDENTIFIER(); // Doesn't seem to work properly with standard szOID_RSA_SHA1RSA //certInfo.SignatureAlgorithm.pszObjId = CryptoApiMethods.szOID_OIWSEC_sha1RSASign; //certInfo.SignatureAlgorithm.pszObjId = CryptoApiMethods.szOID_RSA_SHA1RSA; //certInfo.SignatureAlgorithm.pszObjId = CryptoApiMethods.szOID_RSA_SHA512RSA; certInfo.SignatureAlgorithm.pszObjId = HashAlgorithmToOID(hashAlgorithm); // Add extension fields publicKeyInfoPtr = ExportPublicKeyInfo(key); certInfo.SubjectPublicKeyInfo = (CryptoApiMethods.CERT_PUBLIC_KEY_INFO)Marshal.PtrToStructure(publicKeyInfoPtr, typeof(CryptoApiMethods.CERT_PUBLIC_KEY_INFO)); newExts = new List<X509Extension>(); if (extensions != null) { // Filter out some extensions we don't want newExts.AddRange( extensions.Cast<X509Extension>().Where( x => !x.Oid.Value.Equals(CryptoApiMethods.szOID_AUTHORITY_KEY_IDENTIFIER) && !x.Oid.Value.Equals(CryptoApiMethods.szOID_SUBJECT_KEY_IDENTIFIER) && !x.Oid.Value.Equals(CryptoApiMethods.szOID_AUTHORITY_KEY_IDENTIFIER2))); } if (issuer != null) { newExts.Add(CreateAuthorityKeyInfo2(issuer.GetSerialNumber(), issuer.SubjectName, (RSACryptoServiceProvider)issuer.PrivateKey)); } else { newExts.Add(CreateAuthorityKeyInfo2(serialNumber, subjectName, key)); } newExts.Add(new X509SubjectKeyIdentifierExtension(HashPublicKeyInfo(key), false)); certInfo.rgExtension = MarshalExtensions(newExts.ToArray()); certInfo.cExtension = (uint)newExts.Count; byte[] certData = EncodeAndSignCertInfo(issuer != null ? issuer.PrivateKey as RSACryptoServiceProvider : key, certInfo, hashAlgorithm); cert = new X509Certificate2(certData, (string)null, X509KeyStorageFlags.Exportable); cert.PrivateKey = key; } finally { if (certInfo.rgExtension != IntPtr.Zero) { Marshal.FreeHGlobal(certInfo.rgExtension); } if (certInfo.Subject != null) { certInfo.Subject.Release(); } if (certInfo.Issuer != null) { certInfo.Issuer.Release(); } if (publicKeyInfoPtr != IntPtr.Zero) { Marshal.FreeHGlobal(publicKeyInfoPtr); } } return cert; }
/// <summary> /// Create a new certificate /// </summary> /// <param name="issuer">Issuer certificate, if null then self-sign</param> /// <param name="subjectName">Subject name</param> /// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param> /// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param> /// <param name="keySize">Size of RSA key</param> /// <param name="notBefore">Start date of certificate</param> /// <param name="notAfter">End date of certificate</param> /// <param name="extensions">Array of extensions, if null then no extensions</param> /// <param name="hashAlgorithm">Specify the signature hash algorithm</param> /// <returns>The created X509 certificate</returns> public SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName, byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore, DateTime notAfter, SystemX509.X509ExtensionCollection extensions) { X509V3CertificateGenerator builder = new X509V3CertificateGenerator(); AsymmetricAlgorithm subjectKey = CreateRSAKey(keySize, signature); AsymmetricAlgorithm signKey = issuer == null ? subjectKey : issuer.PrivateKey; if (signKey == null) { throw new ArgumentException(Properties.Resources.CreateCert_NoPrivateKey); } AsymmetricCipherKeyPair bcSubjectKey = GetRsaKeyPair((RSACryptoServiceProvider)subjectKey); AsymmetricCipherKeyPair bcSignKey = GetRsaKeyPair((RSACryptoServiceProvider)signKey); X509Name issuerNameObj = issuer == null?X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData)) : X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData)); X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData)); BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray()); BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber()); builder.SetIssuerDN(issuerNameObj); builder.SetSubjectDN(subjectNameObj); builder.SetSerialNumber(subjectSerial); builder.SetSignatureAlgorithm(HashAlgorithmToName(hashAlgorithm)); builder.SetNotBefore(notBefore.ToUniversalTime()); builder.SetNotAfter(notAfter.ToUniversalTime()); builder.SetPublicKey(bcSubjectKey.Public); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public); AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial); SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public)); builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId); builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid); if (extensions != null) { foreach (SystemX509.X509Extension ext in extensions) { if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id) && !ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id) && !ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2)) { Asn1InputStream istm = new Org.BouncyCastle.Asn1.Asn1InputStream(ext.RawData); Asn1Object obj = istm.ReadObject(); builder.AddExtension(ext.Oid.Value, ext.Critical, obj); } } } X509Certificate cert = builder.Generate(bcSignKey.Private); SystemX509.X509Certificate2 ret = new SystemX509.X509Certificate2(cert.GetEncoded(), (string)null, SystemX509.X509KeyStorageFlags.Exportable); ret.PrivateKey = subjectKey; return(ret); }
///<summary> ///Obtiene el numero de certificado y certificado codificado en base 64. ///</summary> ///<return> ///Devueve true, cuando es exitoso, false cuando ocurre algun error, la información la almacena en las variables ///privadas certificadeNumber y certificate, las cuales son accedidas por los metodos get ///</return> ///<param name="certificate"> ///Ruta del archivo .cer en disco a leer. ///</param> public Boolean getInfoCertificate(string certificate) { try { X509Certificate2 cert = new X509Certificate2(certificate); string ncert = ReverseString(Encoding.Default.GetString(cert.GetSerialNumber())); string str_cert = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks); str_cert = str_cert.Replace("\r\n", ""); this.code = "CERT-0001"; this.message = "Número de certificado obtenido con éxito"; this.certificateNumber = ncert; this.certificate = str_cert; } catch (Exception e) { this.code = "EX-001"; this.message = "Error: " + e.Message; return false; } return true; }
public ActionResult AddCertificate(TaxpayerCertificate item, IEnumerable<HttpPostedFileBase> files) { if (!ModelState.IsValid) return View (item); foreach (var file in files) { if (file != null && file.ContentLength > 0) { var name = file.FileName.ToLower (); if (name.EndsWith (".cer")) { item.CertificateData = FileToBytes (file); } else if (name.EndsWith (".key")) { item.KeyData = FileToBytes (file); item.KeyPassword = Encoding.UTF8.GetBytes (item.KeyPassword2); } } } if (!CFDHelpers.PrivateKeyTest (item.KeyData, item.KeyPassword)) { ModelState.AddModelError ("KeyPassword", Resources.Validation_InvalidPassword); return View (item); } string sn = string.Empty; var cert = new X509Certificate2 (); cert.Import (item.CertificateData); foreach (var b in cert.GetSerialNumber ()) { sn = (char) b + sn; } item.Id = sn.PadLeft (20, '0'); var entity = TaxpayerCertificate.Queryable.SingleOrDefault (x => x.Id == item.Id); if (entity == null) { entity = new TaxpayerCertificate (); } entity.Id = item.Id; entity.CertificateData = item.CertificateData; entity.KeyData = item.KeyData; entity.KeyPassword = item.KeyPassword; entity.NotBefore = cert.NotBefore; entity.NotAfter = cert.NotAfter; entity.Taxpayer = TaxpayerIssuer.Find (item.TaxpayerId); using (var scope = new TransactionScope ()) { foreach (var x in entity.Taxpayer.Certificates) { x.IsActive = false; x.Update (); } entity.IsActive = true; entity.SaveAndFlush (); } return RedirectToAction ("Details", new { id = item.TaxpayerId }); }
public ESSCertIDv2(X509Certificate2 cert) { // ASNTree root = new ASNTree(AsnTag.SEQUENCE); ASNNode root = new ASNNode(AsnTag.SEQUENCE); ASNNode node; ASNNode node2; ASNNode node3; root.AppendChild(node = new ASNNode(AsnTag.SEQUENCE)); node.AppendChild(node = new ASNNode(AsnTag.SEQUENCE)); node2 = new ASNNode(cert.GetCertHash()); node2.Type = AsnTag.OCTET_STRING; node.AppendChild(node2); node3 = new ASNNode(cert.GetSerialNumber()); node3.Type = AsnTag.INTEGER; node3.ReverseData(); node.AppendChild(node = new ASNNode(AsnTag.SEQUENCE)); node.AppendChild(node2 = new ASNNode(AsnTag.SEQUENCE)); node.AppendChild(node3); node2.AppendChild(node = new ASNNode(AsnTag.CONTEXT_SPECIFIC)); node.AppendChild(new ASNNode(cert.IssuerName.RawData, AsnTag.RAW_DATA)); ret = root.get(); return; }
/// <summary> /// Take an existing certificate, clone its details and resign with a new root CA /// </summary> /// <param name="toClone">The certificate to clone</param> /// <param name="rootCert">The root CA certificate to sign with</param> /// <param name="newSerial">True to generate a new serial for this certificate</param> /// <param name="rsaKeySize">The size of the RSA key to generate</param> /// <param name="hashAlgorithm">Specify the signature hash algorithm</param> /// <returns></returns> public static X509Certificate2 CloneAndSignCertificate(X509Certificate toClone, X509Certificate2 rootCert, bool newSerial, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm) { X509Certificate2 cert2 = new X509Certificate2(toClone); X509ExtensionCollection extensions = new X509ExtensionCollection(); foreach (var ext in cert2.Extensions) { // Remove CRL distribution locations and authority information, they tend to break SSL negotiation if ((ext.Oid.Value != szOID_CRL_DISTRIBUTION) && (ext.Oid.Value != szOID_AUTHORITY_INFO)) { extensions.Add(ext); } } return builder.CreateCert(rootCert, cert2.SubjectName, newSerial ? null : cert2.GetSerialNumber(), false, rsaKeySize, hashAlgorithm, cert2.NotBefore, cert2.NotAfter, extensions); }
public override X509CertificateBuilderResult Build() { var issuerX509Certificate2 = new SystemX509Certificates.X509Certificate2( IssuerCertificate, IssuerCertificatePassword, SystemX509Certificates.X509KeyStorageFlags.Exportable ); var issuerSubjectDN = issuerX509Certificate2.ToX509Certificate().SubjectDN; X509V3CertificateGenerator.SetIssuerDN(issuerSubjectDN); // Generate Keys. var rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), this.KeySize)); var asymmetricCipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); // Set Public Key. X509V3CertificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public); // Key Usage - for maximum interoperability, specify all four flags. var keyUsage = KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment | KeyUsage.KeyAgreement; X509V3CertificateGenerator.AddExtension( X509Extensions.KeyUsage, true, new KeyUsage(keyUsage) ); X509V3CertificateGenerator.AddExtension( X509Extensions.BasicConstraints, true, new BasicConstraints(false) ); // Extended Key Usage. var extendedKeyUsage = new List <KeyPurposeID>(); // Set TLS Web Server Authentication (1.3.6.1.5.5.7.3.1). if (IsServerAuthKeyUsage) { extendedKeyUsage.Add(KeyPurposeID.IdKPServerAuth); } // Set TLS Web Client Authentication (1.3.6.1.5.5.7.3.2). if (IsClientAuthKeyUsage) { extendedKeyUsage.Add(KeyPurposeID.IdKPClientAuth); } X509V3CertificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(extendedKeyUsage) ); // Set Subject Alternative Names. if (SubjectAlternativeNames != null) { var subjectAlternativeNames = new Asn1Encodable[SubjectAlternativeNames.Count]; for (int i = 0; i < SubjectAlternativeNames.Count; i++) { subjectAlternativeNames[i] = new GeneralName(GeneralName.DnsName, SubjectAlternativeNames[i]); } X509V3CertificateGenerator.AddExtension( X509Extensions.SubjectAlternativeName, false, new DerSequence(subjectAlternativeNames) ); } X509V3CertificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerX509Certificate2.GetPublicKeyAsAsymmetricKeyParameter()), new GeneralNames(new GeneralName(issuerSubjectDN)), new Org.BouncyCastle.Math.BigInteger(issuerX509Certificate2.GetSerialNumber()) ) ); X509V3CertificateGenerator.AddExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(asymmetricCipherKeyPair.Public) ) ); var signatureFactory = new Asn1SignatureFactory(GetSignatureAlgorithm(this.KeySize), issuerX509Certificate2.GetPrivateKeyAsAsymmetricKeyParameter()); // Generate X.509 Certificate. var x509Certificate = X509V3CertificateGenerator.Generate(signatureFactory); return(new X509CertificateBuilderResult(x509Certificate, asymmetricCipherKeyPair.Private)); }
bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert) { cert = new X509Certificate2(certContext); if (dwFindType == CAPI.CERT_FIND_ANY) { switch (findType) { case X509FindType.FindBySubjectDistinguishedName: if (0 != String.Compare((string)findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase)) { cert.Reset(); cert = null; return false; } break; case X509FindType.FindByIssuerDistinguishedName: if (0 != String.Compare((string)findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase)) { cert.Reset(); cert = null; return false; } break; case X509FindType.FindBySerialNumber: if (!BinaryMatches((byte[])findValue, cert.GetSerialNumber())) { cert.Reset(); cert = null; return false; } break; case X509FindType.FindBySubjectKeyIdentifier: X509SubjectKeyIdentifierExtension skiExtension = cert.Extensions[CAPI.SubjectKeyIdentifierOid] as X509SubjectKeyIdentifierExtension; if (skiExtension == null || !BinaryMatches((byte[])findValue, skiExtension.RawData)) { cert.Reset(); cert = null; return false; } break; default: DiagnosticUtility.DebugAssert(findType + " is not supported!"); break; } } if (validOnly) { X509Chain chain = new X509Chain(false); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot; if (!chain.Build(cert)) { cert.Reset(); cert = null; return false; } } return cert != null; }