c# BC证书生成

//产生证书文件
internal class CertificateGenerate
{
/// <summary>
/// 公钥类型
/// </summary>
private PublicKeyKind publicKeyKind = PublicKeyKind.UNKNOWN;
private AsymmetricCipherKeyPair createdkeyPair = null;

/// <summary>
/// 创建公密钥对
/// </summary>
/// <returns></returns>
protected virtual AsymmetricCipherKeyPair createRasKeyPair()
{
//RSA密钥对的构造器
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
//RSA密钥构造器的参数
RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(BigInteger.ValueOf(3), new SecureRandom(), 1024, 25);
//用参数初始化密钥构造器
keyGenerator.Init(param);
//产生密钥对
AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
return keyPair;
}

/// <summary>
/// 创建证书实体
/// </summary>
/// <returns></returns>
private Framework.Basic.Crypto.X509.X509Certificate createX509Certificate(AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey)
{
IDictionary attrs = new Hashtable();
attrs[X509Name.E] = "";
attrs[X509Name.CN] = "";
attrs[X509Name.O] = "";
attrs[X509Name.C] = "";
attrs[X509Name.L] = "";
attrs[X509Name.T] = "";

IList ord = new ArrayList();
ord.Add(X509Name.E);
ord.Add(X509Name.CN);
ord.Add(X509Name.O);
ord.Add(X509Name.C);
ord.Add(X509Name.L);
ord.Add(X509Name.T);

X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
certGen.SetNotAfter(DateTime.Today.AddYears(150));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(publicKey);
certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey)));
UMS.Framework.Basic.Crypto.X509.X509Certificate x509 = certGen.Generate(new Asn1SignatureFactory("SHA1withRSA", privateKey, new SecureRandom()));

x509.CheckValidity();
x509.Verify(publicKey);
return x509;
}

internal void CreateIfNotExist()
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
bool isExist = false;
//轮询存储区中的所有证书
foreach (X509Certificate2 myX509Certificate2 in store.Certificates)
{
if (myX509Certificate2.FriendlyName.Equals("" + publicKeyKind.ToString()))
{
isExist = true;
break;
}
}
if (!isExist)
{
//产生密钥对
if (createdkeyPair == null)
createdkeyPair = createRasKeyPair();
//获取公钥和密钥
AsymmetricKeyParameter publicKey = createdkeyPair.Public;
AsymmetricKeyParameter privateKey = createdkeyPair.Private;
if (((RsaKeyParameters)publicKey).Modulus.BitLength < 1024)
throw new Exception("failed key generation (1024) length test");
UMS.Framework.Basic.Crypto.X509.X509Certificate x509 = createX509Certificate(publicKey, privateKey);
X509Certificate2 myPrivateCertificate = new X509Certificate2(x509.GetEncoded(), UMS.ITTS.Pidgen.Core.PublicKeyFactory.cerificatePassword, X509KeyStorageFlags.Exportable);
myPrivateCertificate.FriendlyName = "" + publicKeyKind.ToString();
myPrivateCertificate.PrivateKey = DotNetUtilities.ToRSA(privateKey as RsaPrivateCrtKeyParameters);
store.Add(myPrivateCertificate);
}
store.Close();
}

//导出
internal void Export(string path)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
//轮询存储区中的所有证书
X509Certificate2 currrent = null;
foreach (X509Certificate2 myX509Certificate2 in store.Certificates)
{
if (myX509Certificate2.FriendlyName.Equals("" + publicKeyKind.ToString()))
{
currrent = myX509Certificate2;
break;
}
}
if (currrent == null)
throw new Exception("未找到相关证书文件.");
byte[] cerByte = currrent.Export(X509ContentType.Cert);
using (FileStream fileStream = new FileStream(path, FileMode.Create))
{
// Write the data to the file, byte by byte.
for (int i = 0; i < cerByte.Length; i++)
fileStream.WriteByte(cerByte[i]);
// Set the stream position to the beginning of the file.
fileStream.Seek(0, SeekOrigin.Begin);
// Read and verify the data.
for (int i = 0; i < fileStream.Length; i++)
{
if (cerByte[i] != fileStream.ReadByte())
{
fileStream.Close();
}
}
fileStream.Close();
}
currrent = null;
}

internal PublicKeyKind PublicKeyKind
{
get
{
return this.publicKeyKind;
}
set
{
if (value != publicKeyKind)
this.publicKeyKind = value;
}
}
}