blob: 2fc53ec7c70b41b739d74954e22c766bd11da796 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
using System;
using System.Collections.Generic;
using System.IO;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.X509
{
/// <summary>
/// Class to Generate X509V1 Certificates.
/// </summary>
public class X509V1CertificateGenerator
{
private V1TbsCertificateGenerator tbsGen;
/// <summary>
/// Default Constructor.
/// </summary>
public X509V1CertificateGenerator()
{
tbsGen = new V1TbsCertificateGenerator();
}
/// <summary>
/// Reset the generator.
/// </summary>
public void Reset()
{
tbsGen = new V1TbsCertificateGenerator();
}
/// <summary>
/// Set the certificate's serial number.
/// </summary>
/// <remarks>Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
/// You will be surprised how ugly a serial number collision can get.</remarks>
/// <param name="serialNumber">The serial number.</param>
public void SetSerialNumber(
BigInteger serialNumber)
{
if (serialNumber.SignValue <= 0)
{
throw new ArgumentException("serial number must be a positive integer", "serialNumber");
}
tbsGen.SetSerialNumber(new DerInteger(serialNumber));
}
/// <summary>
/// Set the issuer distinguished name.
/// The issuer is the entity whose private key is used to sign the certificate.
/// </summary>
/// <param name="issuer">The issuers DN.</param>
public void SetIssuerDN(
X509Name issuer)
{
tbsGen.SetIssuer(issuer);
}
/// <summary>
/// Set the date that this certificate is to be valid from.
/// </summary>
/// <param name="date"/>
public void SetNotBefore(
DateTime date)
{
tbsGen.SetStartDate(new Time(date));
}
/// <summary>
/// Set the date after which this certificate will no longer be valid.
/// </summary>
/// <param name="date"/>
public void SetNotAfter(
DateTime date)
{
tbsGen.SetEndDate(new Time(date));
}
/// <summary>
/// Set the subject distinguished name.
/// The subject describes the entity associated with the public key.
/// </summary>
/// <param name="subject"/>
public void SetSubjectDN(
X509Name subject)
{
tbsGen.SetSubject(subject);
}
/// <summary>
/// Set the public key that this certificate identifies.
/// </summary>
/// <param name="publicKey"/>
public void SetPublicKey(
AsymmetricKeyParameter publicKey)
{
try
{
tbsGen.SetSubjectPublicKeyInfo(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey));
}
catch (Exception e)
{
throw new ArgumentException("unable to process key - " + e.ToString());
}
}
/// <summary>
/// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>.
/// </summary>
/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
/// algorithm details.</param>
/// <returns>An <see cref="X509Certificate"/>.</returns>
public X509Certificate Generate(ISignatureFactory signatureFactory)
{
var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
tbsGen.SetSignature(sigAlgID);
var tbsCertificate = tbsGen.GenerateTbsCertificate();
var signature = X509Utilities.GenerateSignature(signatureFactory, tbsCertificate);
return new X509Certificate(new X509CertificateStructure(tbsCertificate, sigAlgID, signature));
}
/// <summary>
/// Allows enumeration of the signature names supported by the generator.
/// </summary>
public IEnumerable<string> SignatureAlgNames => X509Utilities.GetAlgNames();
}
}
|
