public static X509Certificate2 CreateSelfSignedCertificateBasedOnPrivateKey(string commonNameValue,
X509Name issuer,
AsymmetricKeyParameter issuerPrivKey,
bool isClientCertificate,
bool isCaCertificate,
int yearsUntilExpiration)
{
const int keyStrength = 2048;
// Generating Random Numbers
var random = GetSeededSecureRandom();
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
if (isClientCertificate)
{
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, true, new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth));
}
else
{
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, true,
new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth));
}
if (isCaCertificate)
{
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(0));
certificateGenerator.AddExtension(X509Extensions.KeyUsage.Id, false,
new X509KeyUsage(X509KeyUsage.KeyCertSign | X509KeyUsage.CrlSign));
}
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
X509Name subjectDN = new X509Name("CN=" + commonNameValue);
certificateGenerator.SetIssuerDN(issuer);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date.AddDays(-7);
DateTime notAfter = notBefore.AddYears(yearsUntilExpiration);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
var store = new Pkcs12Store();
string friendlyName = certificate.SubjectDN.ToString();
var certificateEntry = new X509CertificateEntry(certificate);
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry });
var stream = new MemoryStream();
store.Save(stream, new char[0], random);
var convertedCertificate =
new X509Certificate2(
stream.ToArray(), (string)null,
X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
stream.Position = 0;
return(convertedCertificate);
}
public static void CreateCertificateAuthorityCertificate(string commonNameValue,
[CanBeNull] out AsymmetricKeyParameter caPrivateKey,
out X509Name name)
{
const int keyStrength = 2048;
var random = GetSeededSecureRandom();
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
X509Name subjectDN = new X509Name("CN=" + commonNameValue);
X509Name issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date.AddDays(-7);
DateTime notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKeyPair.Private, random);
// selfsign certificate
var certificate = certificateGenerator.Generate(signatureFactory);
caPrivateKey = issuerKeyPair.Private;
name = certificate.SubjectDN;
}