Beispiel #1
0
        // http://www.freekpaans.nl/2015/04/creating-self-signed-x-509-certificates-using-mono-security/
        public static byte[] GeneratePfx(string certificateName, string password)
        {
            byte[] sn      = GenerateSerialNumber();
            string subject = string.Format("CN={0}", certificateName);

            DateTime notBefore = DateTime.Now;
            DateTime notAfter  = DateTime.Now.AddYears(20);

            RSA subjectKey = new RSACryptoServiceProvider(2048);


            string hashName = "SHA256";

            X509CertificateBuilder cb = new X509CertificateBuilder(3);

            cb.SerialNumber     = sn;
            cb.IssuerName       = subject;
            cb.NotBefore        = notBefore;
            cb.NotAfter         = notAfter;
            cb.SubjectName      = subject;
            cb.SubjectPublicKey = subjectKey;
            cb.Hash             = hashName;

            byte[] rawcert = cb.Sign(subjectKey);


            PKCS12 p12 = new PKCS12();

            p12.Password = password;

            Hashtable attributes = GetAttributes();

            p12.AddCertificate(new X509Certificate(rawcert), attributes);
            p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);

            return(p12.GetBytes());
        }
Beispiel #2
0
        public static void CreateSelfSignCertificatePfx(
            string fileName,
            string hostname,
            string password,
            ILogger logger)
        {
            if (string.IsNullOrWhiteSpace(fileName))
            {
                throw new ArgumentNullException("fileName");
            }

            byte[]   sn        = Guid.NewGuid().ToByteArray();
            string   subject   = string.Format("CN={0}", hostname);
            string   issuer    = subject;
            DateTime notBefore = DateTime.Now.AddDays(-2);
            DateTime notAfter  = DateTime.Now.AddYears(10);

            RSA issuerKey = RSA.Create();

            issuerKey.FromXmlString(MonoTestRootAgency);
            RSA subjectKey = RSA.Create();

            // serial number MUST be positive
            if ((sn[0] & 0x80) == 0x80)
            {
                sn[0] -= 0x80;
            }

            issuer    = subject;
            issuerKey = subjectKey;

            X509CertificateBuilder cb = new X509CertificateBuilder(3);

            cb.SerialNumber     = sn;
            cb.IssuerName       = issuer;
            cb.NotBefore        = notBefore;
            cb.NotAfter         = notAfter;
            cb.SubjectName      = subject;
            cb.SubjectPublicKey = subjectKey;

            // signature
            cb.Hash = "SHA256";
            byte[] rawcert = cb.Sign(issuerKey);

            PKCS12 p12 = new PKCS12();


            ArrayList list = new ArrayList();

            // we use a fixed array to avoid endianess issues
            // (in case some tools requires the ID to be 1).
            list.Add(new byte[4] {
                1, 0, 0, 0
            });
            Hashtable attributes = new Hashtable(1);

            attributes.Add(PKCS9.localKeyId, list);

            p12.AddCertificate(new X509Certificate(rawcert), attributes);
            p12.Password = password;

            p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
            p12.SaveToFile(fileName);
        }