using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security.Certificates; using System; using System.Collections.Generic; namespace Org.BouncyCastle.X509 { public class X509V3CertificateGenerator { private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator(); private V3TbsCertificateGenerator tbsGen; [Obsolete("Will be removed")] public IEnumerable<string> SignatureAlgNames { get { return X509Utilities.GetAlgNames(); } } public X509V3CertificateGenerator() { tbsGen = new V3TbsCertificateGenerator(); } public X509V3CertificateGenerator(X509Certificate template) : this(template.CertificateStructure) { } public X509V3CertificateGenerator(X509CertificateStructure template) { tbsGen = new V3TbsCertificateGenerator(); tbsGen.SetSerialNumber(template.SerialNumber); tbsGen.SetIssuer(template.Issuer); tbsGen.SetValidity(template.Validity); tbsGen.SetSubject(template.Subject); tbsGen.SetSubjectPublicKeyInfo(template.SubjectPublicKeyInfo); X509Extensions extensions = template.Extensions; foreach (DerObjectIdentifier extensionOid in extensions.ExtensionOids) { if (!X509Extensions.SubjectAltPublicKeyInfo.Equals(extensionOid) && !X509Extensions.AltSignatureAlgorithm.Equals(extensionOid) && !X509Extensions.AltSignatureValue.Equals(extensionOid)) { X509Extension extension = extensions.GetExtension(extensionOid); extGenerator.AddExtension(extensionOid, extension.critical, extension.Value.GetOctets()); } } } public void Reset() { tbsGen = new V3TbsCertificateGenerator(); extGenerator.Reset(); } public void SetSerialNumber(BigInteger serialNumber) { if (serialNumber.SignValue <= 0) throw new ArgumentException("serial number must be a positive integer", "serialNumber"); tbsGen.SetSerialNumber(new DerInteger(serialNumber)); } public void SetIssuerDN(X509Name issuer) { tbsGen.SetIssuer(issuer); } public void SetValidity(Validity validity) { tbsGen.SetValidity(validity); } public void SetNotBefore(DateTime date) { tbsGen.SetStartDate(new Time(date)); } public void SetNotAfter(DateTime date) { tbsGen.SetEndDate(new Time(date)); } public void SetSubjectDN(X509Name subject) { tbsGen.SetSubject(subject); } public void SetPublicKey(AsymmetricKeyParameter publicKey) { tbsGen.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey)); } public void SetSubjectPublicKeyInfo(SubjectPublicKeyInfo subjectPublicKeyInfo) { tbsGen.SetSubjectPublicKeyInfo(subjectPublicKeyInfo); } public void SetSubjectUniqueID(bool[] uniqueID) { tbsGen.SetSubjectUniqueID(BooleanToBitString(uniqueID)); } public void SetIssuerUniqueID(bool[] uniqueID) { tbsGen.SetIssuerUniqueID(BooleanToBitString(uniqueID)); } public void AddExtension(string oid, bool critical, Asn1Encodable extensionValue) { AddExtension(new DerObjectIdentifier(oid), critical, extensionValue); } public void AddExtension(DerObjectIdentifier oid, bool critical, Asn1Encodable extensionValue) { extGenerator.AddExtension(oid, critical, extensionValue); } public void AddExtension(string oid, bool critical, IAsn1Convertible extensionValue) { AddExtension(new DerObjectIdentifier(oid), critical, extensionValue); } public void AddExtension(DerObjectIdentifier oid, bool critical, IAsn1Convertible extensionValue) { extGenerator.AddExtension(oid, critical, extensionValue); } public void AddExtension(string oid, bool critical, byte[] extensionValue) { AddExtension(new DerObjectIdentifier(oid), critical, extensionValue); } public void AddExtension(DerObjectIdentifier oid, bool critical, byte[] extensionValue) { extGenerator.AddExtension(oid, critical, DerOctetString.FromContents(extensionValue)); } public void AddExtension(DerObjectIdentifier oid, X509Extension x509Extension) { extGenerator.AddExtension(oid, x509Extension); } public void AddExtension(Org.BouncyCastle.Asn1.X509.Extension extension) { extGenerator.AddExtension(extension); } public void AddExtensions(X509Extensions extensions) { extGenerator.AddExtensions(extensions); } [Obsolete("Use version taking a DerObjectIdentifier")] public void CopyAndAddExtension(string oid, bool critical, X509Certificate cert) { CopyAndAddExtension(new DerObjectIdentifier(oid), critical, cert); } public void CopyAndAddExtension(DerObjectIdentifier oid, bool critical, X509Certificate cert) { X509Extension extension = cert.GetExtension(oid); if (extension == null) throw new CertificateParsingException("extension " + oid?.ToString() + " not present"); X509Extension x509Extension = extension; try { extGenerator.AddExtension(oid, x509Extension); } catch (Exception ex) { throw new CertificateParsingException(ex.Message, ex); } } public X509Certificate Generate(ISignatureFactory signatureFactory) { AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails; tbsGen.SetSignature(algorithmIdentifier); if (!extGenerator.IsEmpty) { X509Extension extension = extGenerator.GetExtension(X509Extensions.DRAFT_DeltaCertificateDescriptor); if (extension != null) { DeltaCertificateDescriptor extValue = DeltaCertificateTool.TrimDeltaCertificateDescriptor(DeltaCertificateDescriptor.GetInstance(extension.GetParsedValue()), tbsGen.GenerateTbsCertificate(), extGenerator.Generate()); extGenerator.ReplaceExtension(X509Extensions.DRAFT_DeltaCertificateDescriptor, extension.IsCritical, extValue); } tbsGen.SetExtensions(extGenerator.Generate()); } TbsCertificateStructure tbsCertificateStructure = tbsGen.GenerateTbsCertificate(); DerBitString sig = X509Utilities.GenerateSignature(signatureFactory, tbsCertificateStructure); return new X509Certificate(new X509CertificateStructure(tbsCertificateStructure, algorithmIdentifier, sig)); } public X509Certificate Generate(ISignatureFactory signatureFactory, bool isCritical, ISignatureFactory altSignatureFactory) { AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails; AlgorithmIdentifier extValue = (AlgorithmIdentifier)altSignatureFactory.AlgorithmDetails; extGenerator.AddExtension(X509Extensions.AltSignatureAlgorithm, isCritical, extValue); X509Extension extension = extGenerator.GetExtension(X509Extensions.DRAFT_DeltaCertificateDescriptor); if (extension != null) { tbsGen.SetSignature(algorithmIdentifier); X509ExtensionsGenerator x509ExtensionsGenerator = new X509ExtensionsGenerator(); x509ExtensionsGenerator.AddExtensions(extGenerator.Generate()); x509ExtensionsGenerator.AddExtension(X509Extensions.AltSignatureValue, false, DerNull.Instance); DeltaCertificateDescriptor extValue2 = DeltaCertificateTool.TrimDeltaCertificateDescriptor(DeltaCertificateDescriptor.GetInstance(extension.GetParsedValue()), tbsGen.GenerateTbsCertificate(), x509ExtensionsGenerator.Generate()); extGenerator.ReplaceExtension(X509Extensions.DRAFT_DeltaCertificateDescriptor, extension.IsCritical, extValue2); } tbsGen.SetSignature(null); tbsGen.SetExtensions(extGenerator.Generate()); DerBitString extValue3 = X509Utilities.GenerateSignature(altSignatureFactory, tbsGen.GeneratePreTbsCertificate()); extGenerator.AddExtension(X509Extensions.AltSignatureValue, isCritical, extValue3); tbsGen.SetSignature(algorithmIdentifier); tbsGen.SetExtensions(extGenerator.Generate()); TbsCertificateStructure tbsCertificateStructure = tbsGen.GenerateTbsCertificate(); DerBitString sig = X509Utilities.GenerateSignature(signatureFactory, tbsCertificateStructure); return new X509Certificate(new X509CertificateStructure(tbsCertificateStructure, algorithmIdentifier, sig)); } internal unsafe static DerBitString BooleanToBitString(bool[] id) { int num = (id.Length + 7) / 8; Span<byte> span; if (num <= 512) { int num2 = num; span = new Span<byte>(stackalloc byte[(int)(uint)num2], num2); } else span = new byte[num]; Span<byte> span2 = span; for (int i = 0; i != id.Length; i++) { span2[i >> 3] |= (byte)(id[i] ? (128 >> (i & 7)) : 0); } return new DerBitString(span2, (8 - id.Length) & 7); } } }