/// <summary>
/// Convert to pfx
/// </summary>
/// <param name="certificate"></param>
/// <param name="privateKey"></param>
/// <param name="password"></param>
public static byte[] ToPfx(this X509Certificate2 certificate,
Key privateKey, string password = null)
{
var cert = certificate.ToX509Certificate();
return(cert.ToPfx(privateKey.ToAsymmetricKeyParameter(), password));
}
public override X509CertificateBuilderResult Build()
{
var issuerX509Certificate2 = new SystemX509Certificates.X509Certificate2(
IssuerCertificate,
IssuerCertificatePassword,
SystemX509Certificates.X509KeyStorageFlags.Exportable
);
var issuerSubjectDN = issuerX509Certificate2.ToX509Certificate().SubjectDN;
X509V3CertificateGenerator.SetIssuerDN(issuerSubjectDN);
// Generate Keys.
var rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), this.KeySize));
var asymmetricCipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
// Set Public Key.
X509V3CertificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public);
// Key Usage - for maximum interoperability, specify all four flags.
var keyUsage = KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment | KeyUsage.KeyAgreement;
X509V3CertificateGenerator.AddExtension(
X509Extensions.KeyUsage,
true,
new KeyUsage(keyUsage)
);
X509V3CertificateGenerator.AddExtension(
X509Extensions.BasicConstraints,
true,
new BasicConstraints(false)
);
// Extended Key Usage.
var extendedKeyUsage = new List <KeyPurposeID>();
// Set TLS Web Server Authentication (1.3.6.1.5.5.7.3.1).
if (IsServerAuthKeyUsage)
{
extendedKeyUsage.Add(KeyPurposeID.IdKPServerAuth);
}
// Set TLS Web Client Authentication (1.3.6.1.5.5.7.3.2).
if (IsClientAuthKeyUsage)
{
extendedKeyUsage.Add(KeyPurposeID.IdKPClientAuth);
}
X509V3CertificateGenerator.AddExtension(
X509Extensions.ExtendedKeyUsage,
true,
new ExtendedKeyUsage(extendedKeyUsage)
);
// Set Subject Alternative Names.
if (SubjectAlternativeNames != null)
{
var subjectAlternativeNames = new Asn1Encodable[SubjectAlternativeNames.Count];
for (int i = 0; i < SubjectAlternativeNames.Count; i++)
{
subjectAlternativeNames[i] = new GeneralName(GeneralName.DnsName, SubjectAlternativeNames[i]);
}
X509V3CertificateGenerator.AddExtension(
X509Extensions.SubjectAlternativeName,
false,
new DerSequence(subjectAlternativeNames)
);
}
X509V3CertificateGenerator.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
false,
new AuthorityKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerX509Certificate2.GetPublicKeyAsAsymmetricKeyParameter()),
new GeneralNames(new GeneralName(issuerSubjectDN)),
new Org.BouncyCastle.Math.BigInteger(issuerX509Certificate2.GetSerialNumber())
)
);
X509V3CertificateGenerator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
false,
new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(asymmetricCipherKeyPair.Public)
)
);
var signatureFactory = new Asn1SignatureFactory(GetSignatureAlgorithm(this.KeySize), issuerX509Certificate2.GetPrivateKeyAsAsymmetricKeyParameter());
// Generate X.509 Certificate.
var x509Certificate = X509V3CertificateGenerator.Generate(signatureFactory);
return(new X509CertificateBuilderResult(x509Certificate, asymmetricCipherKeyPair.Private));
}
