public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md);
var rsaPk = pk as RsaPrivateKey;
if (rsaPk != null)
{
return(GenerateCsr(csrParams.Details, (RsaPrivateKey)pk, mdVal));
}
throw new NotSupportedException("unsupported private key type");
}
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
return(_cp.GenerateCsr(csrParams, pk, md));
}
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
var rsaPk = pk as CeRsaPrivateKey;
if (rsaPk != null)
{
var cePk = new CERTENROLLLib.CX509PrivateKey();
// MS_DEF_PROV
//cePk.ProviderName = "Microsoft Base Cryptographic Provider";
cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
// Don't store in the machine's local cert store and allow exporting of private key
cePk.MachineContext = false;
cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
cePk.Import(BCRYPT_PRIVATE_KEY_BLOB, rsaPk.Exported);
var ceReq = new CERTENROLLLib.CX509CertificateRequestCertificate();
ceReq.InitializeFromPrivateKey(
CERTENROLLLib.X509CertificateEnrollmentContext.ContextUser,
cePk, "");
// CN=Test Cert, OU=Sandbox
var subjParts = new[]
{
new { name = "C", value = csrParams?.Details?.Country },
new { name = "ST", value = csrParams?.Details?.StateOrProvince },
new { name = "L", value = csrParams?.Details?.Locality },
new { name = "O", value = csrParams?.Details?.Organization },
new { name = "OU", value = csrParams?.Details?.OrganizationUnit },
new { name = "CN", value = csrParams?.Details?.CommonName },
new { name = "E", value = csrParams?.Details?.Email },
};
// Escape any non-standard character
var re = new Regex("[^A-Za-z0-9\\._-]");
var subj = "";
foreach (var sp in subjParts)
{
if (!string.IsNullOrEmpty(sp.value))
{
var spVal = re.Replace(sp.value, "\\$0");
subj += $",{sp.name}={spVal}";
}
}
if (string.IsNullOrEmpty(subj))
{
throw new InvalidOperationException("invalid CSR details");
}
subj = subj.Substring(1); // Skip over the first comma
// http://msdn.microsoft.com/en-us/library/aa377051(VS.85).aspx
var subjDN = new CERTENROLLLib.CX500DistinguishedName();
subjDN.Encode(subj);
ceReq.Subject = subjDN;
if (csrParams.NotBefore != null)
{
ceReq.NotBefore = csrParams.NotBefore.Value;
}
if (csrParams.NotAfter != null)
{
ceReq.NotAfter = csrParams.NotAfter.Value;
}
var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md);
var mdOid = new System.Security.Cryptography.Oid(mdVal);
var mdAlg = new CERTENROLLLib.CObjectId();
mdAlg.InitializeFromValue(mdOid.Value);
ceReq.SignatureInformation.HashAlgorithm = mdAlg;
ceReq.Encode();
var csr = new Csr(ceReq.RawData);
return(csr);
}
else
{
throw new NotSupportedException("unsuppored private key type");
}
}
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
var rsaPk = pk as RsaPrivateKey;
if (rsaPk != null)
{
var tempCfgFile = Path.GetTempFileName();
var tempKeyFile = Path.GetTempFileName();
var tempCsrFile = Path.GetTempFileName();
try
{
var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md);
var args = $"req -batch -new -keyform PEM -key {tempKeyFile} -{mdVal}";
args += $" -config {tempCfgFile} -outform PEM -out {tempCsrFile} -subj \"";
var subjParts = new[]
{
new { name = "C", value = csrParams?.Details?.Country },
new { name = "ST", value = csrParams?.Details?.StateOrProvince },
new { name = "L", value = csrParams?.Details?.Locality },
new { name = "O", value = csrParams?.Details?.Organization },
new { name = "OU", value = csrParams?.Details?.OrganizationUnit },
new { name = "CN", value = csrParams?.Details?.CommonName },
new { name = "emailAddress", value = csrParams?.Details?.Email },
};
// Escape any non-standard character
var re = new Regex("[^A-Za-z0-9\\._-]");
foreach (var sp in subjParts)
{
if (!string.IsNullOrEmpty(sp.value))
{
var spVal = re.Replace(sp.value, "\\$0");
args += $"/{sp.name}={spVal}";
}
}
args += "\"";
File.WriteAllText(tempKeyFile, rsaPk.Pem);
using (Stream source = Assembly.GetExecutingAssembly()
.GetManifestResourceStream(typeof(OpenSslCliProvider),
"OpenSslCliProvider_Config.txt"),
target = new FileStream(tempCfgFile, FileMode.Create))
{
source.CopyTo(target);
}
RunCli(args);
var csr = new Csr(File.ReadAllText(tempCsrFile));
return(csr);
}
finally
{
File.Delete(tempCfgFile);
File.Delete(tempKeyFile);
File.Delete(tempCsrFile);
}
}
throw new NotSupportedException("unsupported private key type");
}
public abstract Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md);
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
var csrDetails = csrParams.Details;
var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md);
var attrs = new Dictionary <DerObjectIdentifier, string>();
if (!string.IsNullOrEmpty(csrDetails.CommonName /**/))
{
attrs.Add(X509Name.CN, csrDetails.CommonName); // CN;
}
if (!string.IsNullOrEmpty(csrDetails.Country /**/))
{
attrs.Add(X509Name.C, csrDetails.Country); // C;
}
if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/))
{
attrs.Add(X509Name.ST, csrDetails.StateOrProvince); // ST;
}
if (!string.IsNullOrEmpty(csrDetails.Locality /**/))
{
attrs.Add(X509Name.L, csrDetails.Locality); // L;
}
if (!string.IsNullOrEmpty(csrDetails.Organization /**/))
{
attrs.Add(X509Name.O, csrDetails.Organization); // O;
}
if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/))
{
attrs.Add(X509Name.OU, csrDetails.OrganizationUnit); // OU;
}
if (!string.IsNullOrEmpty(csrDetails.Surname /**/))
{
attrs.Add(X509Name.Surname, csrDetails.Surname); // S;
}
if (!string.IsNullOrEmpty(csrDetails.GivenName /**/))
{
attrs.Add(X509Name.GivenName, csrDetails.GivenName); // G;
}
if (!string.IsNullOrEmpty(csrDetails.Initials /**/))
{
attrs.Add(X509Name.Initials, csrDetails.Initials); // I;
}
if (!string.IsNullOrEmpty(csrDetails.Title /**/))
{
attrs.Add(X509Name.T, csrDetails.Title); // T;
}
if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/))
{
attrs.Add(X509Name.SerialNumber, csrDetails.SerialNumber); // SN;
}
if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/))
{
attrs.Add(X509Name.UniqueIdentifier, csrDetails.UniqueIdentifier); // UID;
}
var subj = new X509Name(attrs.Keys.ToList(), attrs.Values.ToList());
var rsaPk = pk as RsaPrivateKey;
if (rsaPk != null)
{
using (var tr = new StringReader(rsaPk.Pem))
{
var pr = new PemReader(tr);
var pem = pr.ReadObject();
var ackp = pem as AsymmetricCipherKeyPair;
if (ackp != null)
{
var sigAlg = $"{mdVal}withRSA";
var csrAttrs = new List <Asn1Encodable>();
if (csrDetails.AlternativeNames != null)
{
var gnames = new List <GeneralName>();
// Start off with the common name as the first alternative name
gnames.Add(new GeneralName(GeneralName.DnsName, csrDetails.CommonName));
// Combine with all subsequent alt names
foreach (var n in csrDetails.AlternativeNames)
{
gnames.Add(new GeneralName(GeneralName.DnsName, n));
}
var altNames = new GeneralNames(gnames.ToArray());
#pragma warning disable CS0612 // Type or member is obsolete
var x509Ext = new X509Extensions(new Hashtable
{
[X509Extensions.SubjectAlternativeName] = new X509Extension(false, new DerOctetString(altNames))
});
#pragma warning restore CS0612 // Type or member is obsolete
csrAttrs.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(
PkcsObjectIdentifiers.Pkcs9AtExtensionRequest,
new DerSet(x509Ext)));
}
#pragma warning disable CS0618 // Type or member is obsolete
var csr = new Pkcs10CertificationRequest(sigAlg,
subj, ackp.Public, new DerSet(csrAttrs.ToArray()), ackp.Private);
#pragma warning restore CS0618 // Type or member is obsolete
var csrPem = ToCsrPem(csr);
return(new Csr(csrPem));
}
}
}
throw new NotSupportedException("unsupported private key type");
}
