#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Operators;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Math;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security.Certificates;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
using BestHTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.X509
{
///
/// A class to Generate Version 3 X509Certificates.
///
public class X509V3CertificateGenerator
{
private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
private V3TbsCertificateGenerator tbsGen;
private DerObjectIdentifier sigOid;
private AlgorithmIdentifier sigAlgId;
private string signatureAlgorithm;
public X509V3CertificateGenerator()
{
tbsGen = new V3TbsCertificateGenerator();
}
///
/// Reset the Generator.
///
public void Reset()
{
tbsGen = new V3TbsCertificateGenerator();
extGenerator.Reset();
}
///
/// Set the certificate's serial number.
///
/// Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
/// You will be surprised how ugly a serial number collision can Get.
/// The serial number.
public void SetSerialNumber(
BigInteger serialNumber)
{
if (serialNumber.SignValue <= 0)
{
throw new ArgumentException("serial number must be a positive integer", "serialNumber");
}
tbsGen.SetSerialNumber(new DerInteger(serialNumber));
}
///
/// Set the distinguished name of the issuer.
/// The issuer is the entity which is signing the certificate.
///
/// The issuer's DN.
public void SetIssuerDN(
X509Name issuer)
{
tbsGen.SetIssuer(issuer);
}
///
/// Set the date that this certificate is to be valid from.
///
///
public void SetNotBefore(
DateTime date)
{
tbsGen.SetStartDate(new Time(date));
}
///
/// Set the date after which this certificate will no longer be valid.
///
///
public void SetNotAfter(
DateTime date)
{
tbsGen.SetEndDate(new Time(date));
}
///
/// Set the DN of the entity that this certificate is about.
///
///
public void SetSubjectDN(
X509Name subject)
{
tbsGen.SetSubject(subject);
}
///
/// Set the public key that this certificate identifies.
///
///
public void SetPublicKey(
AsymmetricKeyParameter publicKey)
{
tbsGen.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey));
}
///
/// Set the signature algorithm that will be used to sign this certificate.
///
///
public void SetSignatureAlgorithm(
string signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
try
{
sigOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
}
catch (Exception)
{
throw new ArgumentException("Unknown signature type requested: " + signatureAlgorithm);
}
sigAlgId = X509Utilities.GetSigAlgID(sigOid, signatureAlgorithm);
tbsGen.SetSignature(sigAlgId);
}
///
/// Set the subject unique ID - note: it is very rare that it is correct to do this.
///
///
public void SetSubjectUniqueID(
bool[] uniqueID)
{
tbsGen.SetSubjectUniqueID(booleanToBitString(uniqueID));
}
///
/// Set the issuer unique ID - note: it is very rare that it is correct to do this.
///
///
public void SetIssuerUniqueID(
bool[] uniqueID)
{
tbsGen.SetIssuerUniqueID(booleanToBitString(uniqueID));
}
private DerBitString booleanToBitString(
bool[] id)
{
byte[] bytes = new byte[(id.Length + 7) / 8];
for (int i = 0; i != id.Length; i++)
{
if (id[i])
{
bytes[i / 8] |= (byte)(1 << ((7 - (i % 8))));
}
}
int pad = id.Length % 8;
if (pad == 0)
{
return new DerBitString(bytes);
}
return new DerBitString(bytes, 8 - pad);
}
///
/// Add a given extension field for the standard extensions tag (tag 3).
///
/// string containing a dotted decimal Object Identifier.
/// Is it critical.
/// The value.
public void AddExtension(
string oid,
bool critical,
Asn1Encodable extensionValue)
{
extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue);
}
///
/// Add an extension to this certificate.
///
/// Its Object Identifier.
/// Is it critical.
/// The value.
public void AddExtension(
DerObjectIdentifier oid,
bool critical,
Asn1Encodable extensionValue)
{
extGenerator.AddExtension(oid, critical, extensionValue);
}
///
/// Add an extension using a string with a dotted decimal OID.
///
/// string containing a dotted decimal Object Identifier.
/// Is it critical.
/// byte[] containing the value of this extension.
public void AddExtension(
string oid,
bool critical,
byte[] extensionValue)
{
extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, new DerOctetString(extensionValue));
}
///
/// Add an extension to this certificate.
///
/// Its Object Identifier.
/// Is it critical.
/// byte[] containing the value of this extension.
public void AddExtension(
DerObjectIdentifier oid,
bool critical,
byte[] extensionValue)
{
extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue));
}
///
/// Add a given extension field for the standard extensions tag (tag 3),
/// copying the extension value from another certificate.
///
public void CopyAndAddExtension(
string oid,
bool critical,
X509Certificate cert)
{
CopyAndAddExtension(new DerObjectIdentifier(oid), critical, cert);
}
/**
* add a given extension field for the standard extensions tag (tag 3)
* copying the extension value from another certificate.
* @throws CertificateParsingException if the extension cannot be extracted.
*/
public void CopyAndAddExtension(
DerObjectIdentifier oid,
bool critical,
X509Certificate cert)
{
Asn1OctetString extValue = cert.GetExtensionValue(oid);
if (extValue == null)
{
throw new CertificateParsingException("extension " + oid + " not present");
}
try
{
Asn1Encodable value = X509ExtensionUtilities.FromExtensionValue(extValue);
this.AddExtension(oid, critical, value);
}
catch (Exception e)
{
throw new CertificateParsingException(e.Message, e);
}
}
///
/// Generate an X509Certificate.
///
/// The private key of the issuer that is signing this certificate.
/// An X509Certificate.
public X509Certificate Generate(
AsymmetricKeyParameter privateKey)
{
return Generate(privateKey, null);
}
///
/// Generate an X509Certificate using your own SecureRandom.
///
/// The private key of the issuer that is signing this certificate.
/// You Secure Random instance.
/// An X509Certificate.
public X509Certificate Generate(
AsymmetricKeyParameter privateKey,
SecureRandom random)
{
return Generate(new Asn1SignatureFactory(signatureAlgorithm, privateKey, random));
}
///
/// Generate a new X509Certificate using the passed in SignatureCalculator.
///
/// A signature calculator factory with the necessary algorithm details.
/// An X509Certificate.
public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature ((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
if (!extGenerator.IsEmpty)
{
tbsGen.SetExtensions(extGenerator.Generate());
}
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);
return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect());
}
private X509Certificate GenerateJcaObject(
TbsCertificateStructure tbsCert,
AlgorithmIdentifier sigAlg,
byte[] signature)
{
return new X509Certificate(
new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature)));
}
///
/// Allows enumeration of the signature names supported by the generator.
///
public IEnumerable SignatureAlgNames
{
get { return X509Utilities.GetAlgNames(); }
}
}
}
#pragma warning restore
#endif