public IActionResult IssueCertificate([FromQuery] string commonName, [FromQuery] string password, [FromQuery] string[] hostname, [FromQuery] string[] ipAddress, [FromQuery] string filename = "certificate.pfx", [FromQuery] int validityInDays = 364)
{
if (hostname.IsNullOrEmpty())
{
return(BadRequest("At least one hostname is required"));
}
if (commonName.IsNullOrEmpty())
{
commonName = $"SSL Certificate ({hostname.First()})";
}
if (password.IsNullOrEmpty())
{
password = "******";
}
if (ipAddress.IsNullOrEmpty())
{
ipAddress = new string[0];
}
var request = new PfxCertificateRequest
{
CommonName = commonName,
Hostnames = hostname.ToList(),
IpAddresses = ipAddress.ToList(),
Password = password,
ValidtyInDays = validityInDays
};
byte[] certificate = service.GenerateSslCertificate(request);
return(File(certificate, MediaTypeNames.Application.Octet, filename));
}
public IActionResult IssueClientCertificate([FromQuery] string commonName, [FromQuery] string password)
{
if (commonName.IsNullOrEmpty())
{
return(BadRequest("CommonName is required"));
}
string filename = commonName + ".pfx";
if (password.IsNullOrEmpty())
{
password = "******";
}
var request = new PfxCertificateRequest
{
CommonName = commonName,
Password = password
};
BigInteger serialNo = BigInteger.Zero;
byte[] certificate = service.GenerateSslCertificate(request, ref serialNo);
Store.Insert(string.Format("{0}", serialNo.IntValue), Convert.ToBase64String(certificate), commonName, password);
return(File(certificate, MediaTypeNames.Application.Octet, filename));
}
public byte[] GenerateSslCertificate(PfxCertificateRequest request)
{
DateTimeOffset notBefore = DateTimeOffset.UtcNow.AddHours(-2);
DateTimeOffset notAfter = DateTimeOffset.UtcNow.AddDays(request.ValidtyInDays);
SecureRandom random = randomService.GenerateRandom();
CertificateBuilder2 builder = builderFactory(random, SignerCertificate);
AsymmetricCipherKeyPair keyPair = CertificateBuilder2.GenerateKeyPair(2048, random);
X509Name signerSubject = new X509CertificateParser().ReadCertificate(SignerCertificate.Certificate.RawData)
.IssuerDN;
CertificateWithKey certificate = builder.WithSubjectCommonName(request.CommonName)
.WithKeyPair(keyPair)
.SetIssuer(signerSubject)
.SetNotAfter(notAfter)
.SetNotBefore(notBefore)
.WithSubjectAlternativeName(request.Hostnames, request.IpAddresses)
.WithBasicConstraints(BasicConstrainsConstants.EndEntity)
.WithExtendedKeyUsage()
.WithAuthorityKeyIdentifier(SignerCertificate.KeyPair)
.Generate(SignerCertificate.KeyPair);
return(ConvertToPfx(certificate.Certificate, (RsaPrivateCrtKeyParameters)keyPair.Private, request.Password));
}
public IActionResult IssueCertificate([FromQuery] string commonName, [FromQuery] string password, [FromQuery] string[] hostname, [FromQuery] string[] ipAddress)
{
if (hostname.IsNullOrEmpty())
{
return(BadRequest("At least one hostname is required"));
}
if (commonName.IsNullOrEmpty())
{
commonName = $"SSL Certificate ({hostname.First()})";
}
string filename = commonName + ".pfx";
if (password.IsNullOrEmpty())
{
password = "******";
}
if (ipAddress.IsNullOrEmpty())
{
ipAddress = new string[0];
}
var request = new PfxCertificateRequest
{
CommonName = commonName,
Hostnames = hostname.ToList(),
IpAddresses = ipAddress.ToList(),
Password = password
};
BigInteger serialNo = BigInteger.Zero;
byte[] certificate = service.GenerateSslCertificate(request, ref serialNo, true);
Store.Insert(string.Format("{0}", serialNo.IntValue), Convert.ToBase64String(certificate), commonName, password);
return(File(certificate, MediaTypeNames.Application.Octet, filename));
}
