304 lines
		
	
	
		
			8.9 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
			
		
		
	
	
			304 lines
		
	
	
		
			8.9 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
| using System;
 | |
| using System.Collections;
 | |
| 
 | |
| using Org.BouncyCastle.Asn1;
 | |
| using Org.BouncyCastle.Asn1.X509;
 | |
| using Org.BouncyCastle.Crypto;
 | |
| using Org.BouncyCastle.Crypto.Parameters;
 | |
| using Org.BouncyCastle.Math;
 | |
| using Org.BouncyCastle.Security;
 | |
| using Org.BouncyCastle.Security.Certificates;
 | |
| using Org.BouncyCastle.X509.Extension;
 | |
| 
 | |
| namespace Org.BouncyCastle.X509
 | |
| {
 | |
|     /// <summary>
 | |
|     /// A class to Generate Version 3 X509Certificates.
 | |
|     /// </summary>
 | |
|     public class X509V3CertificateGenerator
 | |
|     {
 | |
| 		private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
 | |
| 
 | |
| 		private V3TbsCertificateGenerator	tbsGen;
 | |
|         private DerObjectIdentifier			sigOid;
 | |
|         private AlgorithmIdentifier			sigAlgId;
 | |
|         private string						signatureAlgorithm;
 | |
| 
 | |
| 		public X509V3CertificateGenerator()
 | |
|         {
 | |
|             tbsGen = new V3TbsCertificateGenerator();
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Reset the Generator.
 | |
| 		/// </summary>
 | |
| 		public void Reset()
 | |
| 		{
 | |
| 			tbsGen = new V3TbsCertificateGenerator();
 | |
| 			extGenerator.Reset();
 | |
| 		}
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Set the certificate's serial number.
 | |
|         /// </summary>
 | |
|         /// <remarks>Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
 | |
|         /// You will be surprised how ugly a serial number collision can Get.</remarks>
 | |
|         /// <param name="serialNumber">The serial number.</param>
 | |
|         public void SetSerialNumber(
 | |
| 			BigInteger serialNumber)
 | |
|         {
 | |
| 			if (serialNumber.SignValue <= 0)
 | |
| 			{
 | |
| 				throw new ArgumentException("serial number must be a positive integer", "serialNumber");
 | |
| 			}
 | |
| 
 | |
| 			tbsGen.SetSerialNumber(new DerInteger(serialNumber));
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Set the distinguished name of the issuer.
 | |
|         /// The issuer is the entity which is signing the certificate.
 | |
|         /// </summary>
 | |
|         /// <param name="issuer">The issuer's DN.</param>
 | |
|         public void SetIssuerDN(
 | |
|             X509Name issuer)
 | |
|         {
 | |
|             tbsGen.SetIssuer(issuer);
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Set the date that this certificate is to be valid from.
 | |
|         /// </summary>
 | |
|         /// <param name="date"/>
 | |
|         public void SetNotBefore(
 | |
|             DateTime date)
 | |
|         {
 | |
|             tbsGen.SetStartDate(new Time(date));
 | |
|         }
 | |
| 
 | |
|         /// <summary>
 | |
|         /// Set the date after which this certificate will no longer be valid.
 | |
|         /// </summary>
 | |
|         /// <param name="date"/>
 | |
|         public void SetNotAfter(
 | |
| 			DateTime date)
 | |
|         {
 | |
|             tbsGen.SetEndDate(new Time(date));
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Set the DN of the entity that this certificate is about.
 | |
| 		/// </summary>
 | |
| 		/// <param name="subject"/>
 | |
|         public void SetSubjectDN(
 | |
| 			X509Name subject)
 | |
|         {
 | |
|             tbsGen.SetSubject(subject);
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Set the public key that this certificate identifies.
 | |
|         /// </summary>
 | |
|         /// <param name="publicKey"/>
 | |
|         public void SetPublicKey(
 | |
| 			AsymmetricKeyParameter publicKey)
 | |
|         {
 | |
|             tbsGen.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey));
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Set the signature algorithm that will be used to sign this certificate.
 | |
|         /// </summary>
 | |
|         /// <param name="signatureAlgorithm"/>
 | |
|         public void SetSignatureAlgorithm(
 | |
| 			string signatureAlgorithm)
 | |
|         {
 | |
| 			this.signatureAlgorithm = signatureAlgorithm;
 | |
| 
 | |
| 			try
 | |
| 			{
 | |
| 				sigOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
 | |
| 			}
 | |
| 			catch (Exception)
 | |
| 			{
 | |
| 				throw new ArgumentException("Unknown signature type requested: " + signatureAlgorithm);
 | |
| 			}
 | |
| 
 | |
| 			sigAlgId = X509Utilities.GetSigAlgID(sigOid, signatureAlgorithm);
 | |
| 
 | |
| 			tbsGen.SetSignature(sigAlgId);
 | |
| 		}
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Add a given extension field for the standard extensions tag (tag 3).
 | |
| 		/// </summary>
 | |
| 		/// <param name="oid">string containing a dotted decimal Object Identifier.</param>
 | |
| 		/// <param name="critical">Is it critical.</param>
 | |
| 		/// <param name="extensionValue">The value.</param>
 | |
| 		public void AddExtension(
 | |
| 			string			oid,
 | |
| 			bool			critical,
 | |
| 			Asn1Encodable	extensionValue)
 | |
| 		{
 | |
| 			extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue);
 | |
| 		}
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Add an extension to this certificate.
 | |
|         /// </summary>
 | |
|         /// <param name="oid">Its Object Identifier.</param>
 | |
|         /// <param name="critical">Is it critical.</param>
 | |
|         /// <param name="extensionValue">The value.</param>
 | |
|         public void AddExtension(
 | |
| 			DerObjectIdentifier	oid,
 | |
| 			bool				critical,
 | |
| 			Asn1Encodable		extensionValue)
 | |
|         {
 | |
| 			extGenerator.AddExtension(oid, critical, extensionValue);
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Add an extension using a string with a dotted decimal OID.
 | |
| 		/// </summary>
 | |
| 		/// <param name="oid">string containing a dotted decimal Object Identifier.</param>
 | |
| 		/// <param name="critical">Is it critical.</param>
 | |
| 		/// <param name="extensionValue">byte[] containing the value of this extension.</param>
 | |
| 		public void AddExtension(
 | |
| 			string	oid,
 | |
| 			bool	critical,
 | |
| 			byte[]	extensionValue)
 | |
| 		{
 | |
| 			extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, new DerOctetString(extensionValue));
 | |
| 		}
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Add an extension to this certificate.
 | |
|         /// </summary>
 | |
|         /// <param name="oid">Its Object Identifier.</param>
 | |
|         /// <param name="critical">Is it critical.</param>
 | |
|         /// <param name="extensionValue">byte[] containing the value of this extension.</param>
 | |
|         public void AddExtension(
 | |
| 			DerObjectIdentifier	oid,
 | |
| 			bool				critical,
 | |
| 			byte[]				extensionValue)
 | |
|         {
 | |
| 			extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue));
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Add a given extension field for the standard extensions tag (tag 3),
 | |
| 		/// copying the extension value from another certificate.
 | |
| 		/// </summary>
 | |
| 		public void CopyAndAddExtension(
 | |
| 			string			oid,
 | |
| 			bool			critical,
 | |
| 			X509Certificate	cert)
 | |
| 		{
 | |
| 			CopyAndAddExtension(new DerObjectIdentifier(oid), critical, cert);
 | |
| 		}
 | |
| 
 | |
| 		/**
 | |
| 		 * add a given extension field for the standard extensions tag (tag 3)
 | |
| 		 * copying the extension value from another certificate.
 | |
| 		 * @throws CertificateParsingException if the extension cannot be extracted.
 | |
| 		 */
 | |
| 		public void CopyAndAddExtension(
 | |
| 			DerObjectIdentifier	oid,
 | |
| 			bool				critical,
 | |
| 			X509Certificate		cert)
 | |
| 		{
 | |
| 			Asn1OctetString extValue = cert.GetExtensionValue(oid);
 | |
| 
 | |
| 			if (extValue == null)
 | |
| 			{
 | |
| 				throw new CertificateParsingException("extension " + oid + " not present");
 | |
| 			}
 | |
| 
 | |
| 			try
 | |
| 			{
 | |
| 				Asn1Encodable value = X509ExtensionUtilities.FromExtensionValue(extValue);
 | |
| 
 | |
| 				this.AddExtension(oid, critical, value);
 | |
| 			}
 | |
| 			catch (Exception e)
 | |
| 			{
 | |
| 				throw new CertificateParsingException(e.Message, e);
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		/// <summary>
 | |
|         /// Generate an X509Certificate.
 | |
|         /// </summary>
 | |
|         /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
 | |
|         /// <returns>An X509Certificate.</returns>
 | |
|         public X509Certificate Generate(
 | |
| 			AsymmetricKeyParameter privateKey)
 | |
|         {
 | |
|             return Generate(privateKey, null);
 | |
|         }
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Generate an X509Certificate using your own SecureRandom.
 | |
| 		/// </summary>
 | |
| 		/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
 | |
| 		/// <param name="random">You Secure Random instance.</param>
 | |
| 		/// <returns>An X509Certificate.</returns>
 | |
| 		public X509Certificate Generate(
 | |
| 			AsymmetricKeyParameter	privateKey,
 | |
| 			SecureRandom			random)
 | |
| 		{
 | |
| 			TbsCertificateStructure tbsCert = GenerateTbsCert();
 | |
| 			byte[] signature;
 | |
| 
 | |
| 			try
 | |
| 			{
 | |
| 				signature = X509Utilities.GetSignatureForObject(
 | |
| 					sigOid, signatureAlgorithm, privateKey, random, tbsCert);
 | |
| 			}
 | |
| 			catch (Exception e)
 | |
| 			{
 | |
| 				// TODO
 | |
| //				throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
 | |
| 				throw new CertificateEncodingException("exception encoding TBS cert", e);
 | |
| 			}
 | |
| 
 | |
| 			try
 | |
| 			{
 | |
| 				return GenerateJcaObject(tbsCert, signature);
 | |
| 			}
 | |
| 			catch (CertificateParsingException e)
 | |
| 			{
 | |
| 				// TODO
 | |
| 				// throw new ExtCertificateEncodingException("exception producing certificate object", e);
 | |
| 				throw new CertificateEncodingException("exception producing certificate object", e);
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		private TbsCertificateStructure GenerateTbsCert()
 | |
| 		{
 | |
| 			if (!extGenerator.IsEmpty)
 | |
| 			{
 | |
| 				tbsGen.SetExtensions(extGenerator.Generate());
 | |
| 			}
 | |
| 
 | |
| 			return tbsGen.GenerateTbsCertificate();
 | |
| 		}
 | |
| 
 | |
| 		private X509Certificate GenerateJcaObject(
 | |
| 			TbsCertificateStructure	tbsCert,
 | |
| 			byte[]					signature)
 | |
| 		{
 | |
| 			return new X509Certificate(
 | |
| 				new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature)));
 | |
| 		}
 | |
| 
 | |
| 		/// <summary>
 | |
| 		/// Allows enumeration of the signature names supported by the generator.
 | |
| 		/// </summary>
 | |
| 		public IEnumerable SignatureAlgNames
 | |
| 		{
 | |
| 			get { return X509Utilities.GetAlgNames(); }
 | |
| 		}
 | |
| 	}
 | |
| }
 |