Added support for custom serial number for the forged certificate

GhostPack · Aug 8, 2021 · a202e03 · a202e03
1 parent 737917b
commit a202e03
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/ForgeCert/CommandLineOptions.cs b/ForgeCert/CommandLineOptions.cs
@@ -1,4 +1,5 @@
 using CommandLine;
+using Org.BouncyCastle.Math;
 
 namespace ForgeCert
 {
@@ -24,5 +25,8 @@ class CommandLineOptions
 
         [Option("CRL", Required = false, HelpText = "ldap path to a CRL for the forged certificate")]
         public string CRLPath { get; set; }
+
+        [Option("Serial", Required = false, HelpText = "serial number for the forged certificate")]
+        public BigInteger SerialNumber { get; set; }
     }
 }
diff --git a/ForgeCert/Program.cs b/ForgeCert/Program.cs
@@ -43,7 +43,8 @@ private static void Start(CommandLineOptions options)
                 options.SubjectAltName,
                 caKeyPair,
                 subjectKeyPair.Public,
-                options.CRLPath
+                options.CRLPath,
+                options.SerialNumber
             );
 
             PrintCertInfo("\nForged Certificate Information:", cert);
@@ -102,7 +103,8 @@ private static X509Certificate GenerateCertificate(
             X509Name issuer, string subject, string subjectAltName,
             KeyPair issuerKeyPair,
             AsymmetricKeyParameter subjectPublic,
-            string CRL = "")
+            string CRL = "",
+            BigInteger SerialNumber = null)
         {
             ISignatureFactory signatureFactory;
             if (issuerKeyPair.Key is ECPrivateKeyParameters)
@@ -121,8 +123,15 @@ private static X509Certificate GenerateCertificate(
             var certGenerator = new X509V3CertificateGenerator();
             certGenerator.SetIssuerDN(issuer);
             certGenerator.SetSubjectDN(new X509Name(subject));
-            certGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.Two.Pow(128), Random));
-
+
+            if (SerialNumber == null)
+            {
+                certGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.Two.Pow(128), Random));
+            } else
+            {
+                certGenerator.SetSerialNumber(SerialNumber);
+            }
+
             // Yes, the end lifetime can be changed easily, up to the lifetime of the CA certificate being used to forge
             certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(1));