/* */ const string cCACert = @"-----BEGIN CERTIFICATE----- *** *** -----END CERTIFICATE-----"; /* */ const string cCAKey = @"-----BEGIN PRIVATE KEY----- *** *** -----END PRIVATE KEY-----"; // public string generateTestCert(string pkcs10text) { // PemReader pRd = new PemReader(new StringReader(cCAKey)); AsymmetricKeyParameter _cCAKey = (AsymmetricKeyParameter)pRd.ReadObject(); pRd.Reader.Close(); // pRd = new PemReader(new StringReader(cCACert)); var _cCACert = (X509Certificate)pRd.ReadObject(); pRd.Reader.Close(); // : //X509CertificateParser certParser = new X509CertificateParser(); //var _caCert = certParser.ReadCertificate(Base64.Decode(cCACert.Replace("-----BEGIN CERTIFICATE-----", string.Empty).Replace("-----END CERTIFICATE-----",string.Empty))); Pkcs10CertificationRequest _pkcs10; // pkcs10 using (StringReader _sr = new StringReader(pkcs10text)) { pRd = new PemReader(_sr); _pkcs10 = (Pkcs10CertificationRequest)pRd.ReadObject(); pRd.Reader.Close(); } // X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); var requestInfo = _pkcs10.GetCertificationRequestInfo(); var subPub = _pkcs10.GetPublicKey(); var issPub = _cCACert.GetPublicKey(); // var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); v3CertGen.Reset(); v3CertGen.SetSerialNumber(serialNumber); v3CertGen.SetIssuerDN(_cCACert.IssuerDN); v3CertGen.SetNotBefore(DateTime.UtcNow); // v3CertGen.SetNotAfter(DateTime.UtcNow.AddYears(1)); v3CertGen.SetSubjectDN(requestInfo.Subject); v3CertGen.SetPublicKey(subPub); if (issPub is ECPublicKeyParameters) { // , GOST3411withECGOST3410 ECPublicKeyParameters ecPub = (ECPublicKeyParameters)issPub; if (ecPub.AlgorithmName == "ECGOST3410") { v3CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410"); } else { throw new Exception(" GOST3411withECGOST3410"); } } else { throw new Exception(" GOST3411withECGOST3410"); } // extensions v3CertGen.AddExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subPub))); v3CertGen.AddExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issPub))); v3CertGen.AddExtension( X509Extensions.BasicConstraints, false, new BasicConstraints(false)); X509Certificate _cert = v3CertGen.Generate(_cCAKey); _cert.CheckValidity(); _cert.Verify(issPub); var s = new StringWriter(); PemWriter pw = new PemWriter(s); pw.WriteObject(_cert); pw.Writer.Close(); return s.ToString(); }
// public void verifyCert(X509Certificate cert) { try { // var pRd = new PemReader(new StringReader(cCACert)); var _cCACert = (X509Certificate)pRd.ReadObject(); pRd.Reader.Close(); // IList certList = new ArrayList(); certList.Add(_cCACert); certList.Add(cert); IX509Store x509CertStore = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); // , ISet trust = new HashSet(); trust.Add(new TrustAnchor(_cCACert, null)); PkixCertPathBuilder cpb = new PkixCertPathBuilder(); X509CertStoreSelector targetConstraints = new X509CertStoreSelector(); targetConstraints.Subject = cert.SubjectDN; PkixBuilderParameters parameters = new PkixBuilderParameters(trust, targetConstraints); parameters.AddStore(x509CertStore); // crl parameters.IsRevocationEnabled = false; // , - PkixCertPathBuilderResult result = cpb.Build(parameters); } catch (PkixCertPathBuilderException certPathEx) { throw new PkixCertPathBuilderException(string.Format(" , {0}", certPathEx.Message)); } catch (Exception ex) { throw new Exception(string.Format(" : {0}", cert.SubjectDN), ex); } } // signed CMS public string verifyCms(string cmsText) { CmsSignedData cms = new CmsSignedData(Base64.Decode(cmsText)); SignerInformationStore sif = cms.GetSignerInfos(); var signers = sif.GetSigners(); var ucrts = cms.GetCertificates("collection"); //var crl = cms.GetCrls("collection"); // , signer foreach (SignerInformation signer in signers) { ICollection certCollection = ucrts.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate)certEnum.Current; if (!signer.Verify(cert)) { throw new CertificateException(" "); } verifyCert(cert); } return "ok"; }
Source: https://habr.com/ru/post/257407/
All Articles