/// <summary>
/// Create a certificate signing request.
/// </summary>
/// <param name="subjectName">The subject name of the certificate.</param>
/// <param name="keyLength">Size of the key in bits.</param>
/// <param name="durationYears">Duration of the certificate, specified in years.</param>
/// <param name="oids">Collection of OIDs identifying certificate usage.</param>
public static CX509CertificateRequestCertificate CreateCertificateSigningRequest(string subjectName, int keyLength, int durationYears, List <string> oids)
{
// Prepend the subject name with CN= if it doesn't begin with CN=, E=, etc..
if (subjectName.IndexOf("=") < 0)
{
subjectName = "CN=" + subjectName;
}
// Generate a distinguished name.
CX500DistinguishedName distinguishedName = new CX500DistinguishedName();
distinguishedName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);
// Generate a private key.
CX509PrivateKey privateKey = new CX509PrivateKey();
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;
privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
privateKey.Length = keyLength;
privateKey.MachineContext = true;
privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
privateKey.Create();
// Use the SHA-512 hashing algorithm.
CObjectId hashAlgorithm = new CObjectId();
hashAlgorithm.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlags.AlgorithmFlagsNone, "SHA512");
// Load the OIDs passed in and specify enhanced key usages.
CObjectIds oidCollection = new CObjectIds();
foreach (string oidID in oids)
{
CObjectId oid = new CObjectId();
oid.InitializeFromValue(oidID);
oidCollection.Add(oid);
}
CX509ExtensionKeyUsage keyUsage = new CX509ExtensionKeyUsage();
keyUsage.InitializeEncode(CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE);
CX509ExtensionEnhancedKeyUsage enhancedKeyUsages = new CX509ExtensionEnhancedKeyUsage();
enhancedKeyUsages.InitializeEncode(oidCollection);
string sanSubjectName = subjectName.Substring(subjectName.IndexOf("=") + 1);
CAlternativeName sanAlternateName = new CAlternativeName();
sanAlternateName.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_RFC822_NAME, sanSubjectName);
CAlternativeNames sanAlternativeNames = new CAlternativeNames();
sanAlternativeNames.Add(sanAlternateName);
CX509ExtensionAlternativeNames alternativeNamesExtension = new CX509ExtensionAlternativeNames();
alternativeNamesExtension.InitializeEncode(sanAlternativeNames);
CX509ExtensionSmimeCapabilities smimeCapabilities = new CX509ExtensionSmimeCapabilities();
smimeCapabilities.SmimeCapabilities.AddAvailableSmimeCapabilities(false);
// Create the self-signing request.
CX509CertificateRequestCertificate cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
cert.Subject = distinguishedName;
cert.Issuer = distinguishedName;
cert.NotBefore = DateTime.Now;
cert.NotAfter = DateTime.Now.AddYears(1);
cert.X509Extensions.Add((CX509Extension)keyUsage);
cert.X509Extensions.Add((CX509Extension)enhancedKeyUsages);
cert.X509Extensions.Add((CX509Extension)alternativeNamesExtension);
cert.X509Extensions.Add((CX509Extension)smimeCapabilities);
cert.HashAlgorithm = hashAlgorithm;
cert.Encode();
return(cert);
}
/// <summary>
/// Create a certificate signing request.
/// </summary>
/// <param name="subjectName">The subject name of the certificate.</param>
/// <param name="keyLength">Size of the key in bits.</param>
/// <param name="durationYears">Duration of the certificate, specified in years.</param>
/// <param name="oids">Collection of OIDs identifying certificate usage.</param>
public static CX509CertificateRequestCertificate CreateCertificateSigningRequest(string subjectName, int keyLength, int durationYears, List<string> oids)
{
// Prepend the subject name with CN= if it doesn't begin with CN=, E=, etc..
if (subjectName.IndexOf("=") < 0)
subjectName = "CN=" + subjectName;
// Generate a distinguished name.
CX500DistinguishedName distinguishedName = new CX500DistinguishedName();
distinguishedName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);
// Generate a private key.
CX509PrivateKey privateKey = new CX509PrivateKey();
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;
privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
privateKey.Length = keyLength;
privateKey.MachineContext = true;
privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
privateKey.Create();
// Use the SHA-512 hashing algorithm.
CObjectId hashAlgorithm = new CObjectId();
hashAlgorithm.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID, ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlags.AlgorithmFlagsNone, "SHA512");
// Load the OIDs passed in and specify enhanced key usages.
CObjectIds oidCollection = new CObjectIds();
foreach (string oidID in oids)
{
CObjectId oid = new CObjectId();
oid.InitializeFromValue(oidID);
oidCollection.Add(oid);
}
CX509ExtensionKeyUsage keyUsage = new CX509ExtensionKeyUsage();
keyUsage.InitializeEncode(CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE);
CX509ExtensionEnhancedKeyUsage enhancedKeyUsages = new CX509ExtensionEnhancedKeyUsage();
enhancedKeyUsages.InitializeEncode(oidCollection);
string sanSubjectName = subjectName.Substring(subjectName.IndexOf("=") + 1);
CAlternativeName sanAlternateName = new CAlternativeName();
sanAlternateName.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_RFC822_NAME, sanSubjectName);
CAlternativeNames sanAlternativeNames = new CAlternativeNames();
sanAlternativeNames.Add(sanAlternateName);
CX509ExtensionAlternativeNames alternativeNamesExtension = new CX509ExtensionAlternativeNames();
alternativeNamesExtension.InitializeEncode(sanAlternativeNames);
CX509ExtensionSmimeCapabilities smimeCapabilities = new CX509ExtensionSmimeCapabilities();
smimeCapabilities.SmimeCapabilities.AddAvailableSmimeCapabilities(false);
// Create the self-signing request.
CX509CertificateRequestCertificate cert = new CX509CertificateRequestCertificate();
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
cert.Subject = distinguishedName;
cert.Issuer = distinguishedName;
cert.NotBefore = DateTime.Now;
cert.NotAfter = DateTime.Now.AddYears(1);
cert.X509Extensions.Add((CX509Extension)keyUsage);
cert.X509Extensions.Add((CX509Extension)enhancedKeyUsages);
cert.X509Extensions.Add((CX509Extension)alternativeNamesExtension);
cert.X509Extensions.Add((CX509Extension)smimeCapabilities);
cert.HashAlgorithm = hashAlgorithm;
cert.Encode();
return cert;
}
