Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using Org.BouncyCastle.Asn1;
- using Org.BouncyCastle.Asn1.Pkcs;
- using Org.BouncyCastle.Asn1.X509;
- using Org.BouncyCastle.Crypto;
- using Org.BouncyCastle.Crypto.Generators;
- using Org.BouncyCastle.Crypto.Parameters;
- using Org.BouncyCastle.Crypto.Prng;
- using Org.BouncyCastle.Math;
- using Org.BouncyCastle.Pkcs;
- using Org.BouncyCastle.Security;
- using Org.BouncyCastle.Utilities;
- using Org.BouncyCastle.X509;
- using System;
- using System.Collections.Generic;
- using System.IO;
- using System.Linq;
- using System.Security.Cryptography;
- using System.Security.Cryptography.X509Certificates;
- using System.Text;
- using System.Threading.Tasks;
- namespace CSRGenerator
- {
- class Program
- {
- private const string CertSubject = "C=US;O=Ingenico e - Commerce Solutions;OU=299AXST635;CN=Apple Pay Payment Processing:merchant.ingenico.test.aclerbois 0.9.2342.19200300.100.1.1=merchant.ingenico.test.aclerbois";
- private const string CertIssuer = "C=US;O=Apple Inc.;OU=Apple Certification Authority;CN=Apple Worldwide Developer Relations CA - G2";
- static void Main(string[] args)
- {
- AsymmetricKeyParameter caPrivateKey = null;
- var caCert = GenerateCACertificate(CertIssuer, ref caPrivateKey);
- addCertToStore(caCert, StoreName.Root, StoreLocation.LocalMachine);
- var clientCert = GenerateSelfSignedCertificate(CertSubject, CertIssuer, caPrivateKey);
- using(MemoryStream ms = new MemoryStream(clientCert.RawData))
- {
- using(FileStream fs = new FileStream("millenium.cer", System.IO.FileMode.OpenOrCreate))
- {
- ms.WriteTo(fs);
- }
- }
- var p12 = clientCert.Export(X509ContentType.Pfx);
- addCertToStore(new X509Certificate2(p12, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet), StoreName.My, StoreLocation.LocalMachine);
- }
- public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey)
- {
- const int keyStrength = 2048;
- // Generating Random Numbers
- CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
- SecureRandom random = new SecureRandom(randomGenerator);
- // The Certificate Generator
- X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
- // Serial Number
- BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
- certificateGenerator.SetSerialNumber(serialNumber);
- // Signature Algorithm
- const string signatureAlgorithm = "SHA256withRSA";
- certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
- X509Name subjectDN = new X509Name(subjectName);
- X509Name issuerDN = new X509Name(issuerName);
- certificateGenerator.SetIssuerDN(issuerDN);
- certificateGenerator.SetSubjectDN(subjectDN);
- // Valid For
- DateTime notBefore = DateTime.UtcNow.Date;
- DateTime notAfter = notBefore.AddYears(2);
- certificateGenerator.SetNotBefore(notBefore);
- certificateGenerator.SetNotAfter(notAfter);
- // Subject Public Key
- AsymmetricCipherKeyPair subjectKeyPair;
- var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
- var keyPairGenerator = new RsaKeyPairGenerator();
- keyPairGenerator.Init(keyGenerationParameters);
- subjectKeyPair = keyPairGenerator.GenerateKeyPair();
- certificateGenerator.SetPublicKey(subjectKeyPair.Public);
- // Generating the Certificate
- AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
- // selfsign certificate
- Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerPrivKey, random);
- // correcponding private key
- PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
- // merge into X509Certificate2
- X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
- Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
- if (seq.Count != 9)
- {
- //throw new PemException("malformed sequence in RSA private key");
- }
- RsaPrivateKeyStructure rsa = new RsaPrivateKeyStructure(seq);
- RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
- rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
- x509.PrivateKey = ToDotNetKey(rsaparams); //x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
- return x509;
- }
- public static AsymmetricAlgorithm ToDotNetKey(RsaPrivateCrtKeyParameters privateKey)
- {
- var cspParams = new CspParameters
- {
- KeyContainerName = Guid.NewGuid().ToString(),
- KeyNumber = (int)KeyNumber.Exchange,
- Flags = CspProviderFlags.UseMachineKeyStore
- };
- var rsaProvider = new RSACryptoServiceProvider(cspParams);
- var parameters = new RSAParameters
- {
- Modulus = privateKey.Modulus.ToByteArrayUnsigned(),
- P = privateKey.P.ToByteArrayUnsigned(),
- Q = privateKey.Q.ToByteArrayUnsigned(),
- DP = privateKey.DP.ToByteArrayUnsigned(),
- DQ = privateKey.DQ.ToByteArrayUnsigned(),
- InverseQ = privateKey.QInv.ToByteArrayUnsigned(),
- D = privateKey.Exponent.ToByteArrayUnsigned(),
- Exponent = privateKey.PublicExponent.ToByteArrayUnsigned()
- };
- rsaProvider.ImportParameters(parameters);
- return rsaProvider;
- }
- public static X509Certificate2 GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter CaPrivateKey)
- {
- const int keyStrength = 2048;
- // Generating Random Numbers
- CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
- SecureRandom random = new SecureRandom(randomGenerator);
- // The Certificate Generator
- X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
- // Serial Number
- BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
- certificateGenerator.SetSerialNumber(serialNumber);
- // Signature Algorithm
- const string signatureAlgorithm = "SHA256withRSA";
- certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
- // Issuer and Subject Name
- X509Name subjectDN = new X509Name(CertSubject);
- X509Name issuerDN = new X509Name(CertIssuer);
- certificateGenerator.SetIssuerDN(issuerDN);
- certificateGenerator.SetSubjectDN(subjectDN);
- // Valid For
- DateTime notBefore = DateTime.UtcNow.Date;
- DateTime notAfter = notBefore.AddYears(2);
- certificateGenerator.SetNotBefore(notBefore);
- certificateGenerator.SetNotAfter(notAfter);
- // Subject Public Key
- AsymmetricCipherKeyPair subjectKeyPair;
- KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
- RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
- keyPairGenerator.Init(keyGenerationParameters);
- subjectKeyPair = keyPairGenerator.GenerateKeyPair();
- certificateGenerator.SetPublicKey(subjectKeyPair.Public);
- // Generating the Certificate
- AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
- // selfsign certificate
- Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
- X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
- CaPrivateKey = issuerKeyPair.Private;
- return x509;
- //return issuerKeyPair.Private;
- }
- public static bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
- {
- bool bRet = false;
- try
- {
- X509Store store = new X509Store(st, sl);
- store.Open(OpenFlags.ReadWrite);
- store.Add(cert);
- store.Close();
- }
- catch
- {
- }
- return bRet;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement