Added support for custom serial number for the forged certificate

f-bader · f-bader · commit a202e03d7cee · 2021-08-08T20:06:26.000+02:00
diff --git a/ForgeCert/CommandLineOptions.cs b/ForgeCert/CommandLineOptions.cs
@@ -1,4 +1,5 @@
 ﻿using CommandLine;
+using Org.BouncyCastle.Math;
 
 namespace ForgeCert
 {
@@ -24,5 +25,8 @@ class CommandLineOptions
 
         [Option("CRL", Required = false, HelpText = "ldap path to a CRL for the forged certificate")]
         public string CRLPath { get; set; }
+
+        [Option("Serial", Required = false, HelpText = "serial number for the forged certificate")]
+        public BigInteger SerialNumber { get; set; }
     }
 }
diff --git a/ForgeCert/Program.cs b/ForgeCert/Program.cs
@@ -43,7 +43,8 @@ private static void Start(CommandLineOptions options)
                 options.SubjectAltName,
                 caKeyPair,
                 subjectKeyPair.Public,
-                options.CRLPath
+                options.CRLPath,
+                options.SerialNumber
             );
 
             PrintCertInfo("\nForged Certificate Information:", cert);
@@ -102,7 +103,8 @@ private static X509Certificate GenerateCertificate(
             X509Name issuer, string subject, string subjectAltName,
             KeyPair issuerKeyPair,
             AsymmetricKeyParameter subjectPublic,
-            string CRL = "")
+            string CRL = "",
+            BigInteger SerialNumber = null)
         {
             ISignatureFactory signatureFactory;
             if (issuerKeyPair.Key is ECPrivateKeyParameters)
@@ -121,8 +123,15 @@ private static X509Certificate GenerateCertificate(
             var certGenerator = new X509V3CertificateGenerator();
             certGenerator.SetIssuerDN(issuer);
             certGenerator.SetSubjectDN(new X509Name(subject));
-            certGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.Two.Pow(128), Random));
-            
+
+            if (SerialNumber == null)
+            {
+                certGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.Two.Pow(128), Random));
+            } else
+            {
+                certGenerator.SetSerialNumber(SerialNumber);
+            }
+
             // Yes, the end lifetime can be changed easily, up to the lifetime of the CA certificate being used to forge
             certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(1));
             

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`using CommandLine;`
	`2`	`+using Org.BouncyCastle.Math;`
`2`	`3`
`3`	`4`	`namespace ForgeCert`
`4`	`5`	`{`
`@@ -24,5 +25,8 @@ class CommandLineOptions`
`24`	`25`
`25`	`26`	`[Option("CRL", Required = false, HelpText = "ldap path to a CRL for the forged certificate")]`
`26`	`27`	`public string CRLPath { get; set; }`
	`28`	`+`
	`29`	`+ [Option("Serial", Required = false, HelpText = "serial number for the forged certificate")]`
	`30`	`+ public BigInteger SerialNumber { get; set; }`
`27`	`31`	`}`
`28`	`32`	`}`