Pkcs8Generator.cs 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
  2. #pragma warning disable
  3. using System;
  4. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
  5. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto;
  6. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Pkcs;
  7. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Security;
  8. using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.IO.Pem;
  9. namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.OpenSsl
  10. {
  11. public class Pkcs8Generator
  12. : PemObjectGenerator
  13. {
  14. // FIXME See PbeUtilities static constructor
  15. // public static readonly string Aes128Cbc = NistObjectIdentifiers.IdAes128Cbc.Id;
  16. // public static readonly string Aes192Cbc = NistObjectIdentifiers.IdAes192Cbc.Id;
  17. // public static readonly string Aes256Cbc = NistObjectIdentifiers.IdAes256Cbc.Id;
  18. //
  19. // public static readonly string Des3Cbc = PkcsObjectIdentifiers.DesEde3Cbc.Id;
  20. public static readonly string PbeSha1_RC4_128 = PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4.Id;
  21. public static readonly string PbeSha1_RC4_40 = PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4.Id;
  22. public static readonly string PbeSha1_3DES = PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc.Id;
  23. public static readonly string PbeSha1_2DES = PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc.Id;
  24. public static readonly string PbeSha1_RC2_128 = PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc.Id;
  25. public static readonly string PbeSha1_RC2_40 = PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc.Id;
  26. private char[] password;
  27. private string algorithm;
  28. private int iterationCount;
  29. private AsymmetricKeyParameter privKey;
  30. private SecureRandom random;
  31. /**
  32. * Constructor for an unencrypted private key PEM object.
  33. *
  34. * @param key private key to be encoded.
  35. */
  36. public Pkcs8Generator(AsymmetricKeyParameter privKey)
  37. {
  38. this.privKey = privKey;
  39. }
  40. /**
  41. * Constructor for an encrypted private key PEM object.
  42. *
  43. * @param key private key to be encoded
  44. * @param algorithm encryption algorithm to use
  45. * @param provider provider to use
  46. * @throws NoSuchAlgorithmException if algorithm/mode cannot be found
  47. */
  48. public Pkcs8Generator(AsymmetricKeyParameter privKey, string algorithm)
  49. {
  50. // TODO Check privKey.IsPrivate
  51. this.privKey = privKey;
  52. this.algorithm = algorithm;
  53. this.iterationCount = 2048;
  54. }
  55. public SecureRandom SecureRandom
  56. {
  57. set { this.random = value; }
  58. }
  59. public char[] Password
  60. {
  61. set { this.password = value; }
  62. }
  63. public int IterationCount
  64. {
  65. set { this.iterationCount = value; }
  66. }
  67. public PemObject Generate()
  68. {
  69. if (algorithm == null)
  70. {
  71. PrivateKeyInfo pki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);
  72. return new PemObject("PRIVATE KEY", pki.GetEncoded());
  73. }
  74. // TODO Theoretically, the amount of salt needed depends on the algorithm
  75. byte[] salt = new byte[20];
  76. random = CryptoServicesRegistrar.GetSecureRandom(random);
  77. random.NextBytes(salt);
  78. try
  79. {
  80. EncryptedPrivateKeyInfo epki = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
  81. algorithm, password, salt, iterationCount, privKey);
  82. return new PemObject("ENCRYPTED PRIVATE KEY", epki.GetEncoded());
  83. }
  84. catch (Exception e)
  85. {
  86. throw new PemGenerationException("Couldn't encrypt private key", e);
  87. }
  88. }
  89. }
  90. }
  91. #pragma warning restore
  92. #endif