public bool GenerateCA(string commonName = "ah101CA")
{
if (!IsAdmin())
{
return(false);
}
X509Certificate2 caCert = CertificateGenerator.CreateCertificateAuthorityCertificate(commonName, null, null);
CertificateGenerator.WriteCertificate(caCert, "certs\\AHROOT.pfx");
return(true);
}
public void GenerateNewCACertificate(String name, String organization = "AutoCA",
String organizationalUnit = "IT Security", String city = "Tampa",
String stateCode = "FL", String countryCode = "US", String privateKeyPassword = null)
{
if (!Directory.Exists(CAStorePathInfo.CACertPath))
{
Directory.CreateDirectory(CAStorePathInfo.CACertPath);
}
CertificateGenerator generator = new CertificateGenerator();
//DC domainComponent
//CN commonName
//OU organizationalUnitName
//O organizationName
//STREET streetAddress
//L localityName
//ST stateOrProvinceName
//C countryName
//UID userid
String subjectDN = $"CN={name},O={organization},OU={organizationalUnit},L={city},C={countryCode}"; //,ST={stateCode}";
String[] subjectAlternativeNames =
new List <String>().ToArray();
// NO usages for a CA cert.
KeyPurposeID[] usages = new List <KeyPurposeID>().ToArray();
X509Certificate2 certForCA = generator.CreateCertificateAuthorityCertificate(subjectDN, subjectAlternativeNames, usages).Certificate;
//try
//{
// File.WriteAllBytes(CAStorePathInfo.CACertPathAndFileName, certForCA.Export(X509ContentType.SerializedCert, privateKeyPassword));
// Console.WriteLine("Serialized: SUCCESS");
//}
//catch (Exception exception)
//{
// Console.WriteLine("Serialized: " + exception.Message);
//}
//try
//{
// File.WriteAllBytes(CAStorePathInfo.CACertPathAndFileName + ".auth", certForCA.Export(X509ContentType.Authenticode, privateKeyPassword));
// Console.WriteLine("Authenticode: SUCCESS");
//}
//catch (Exception exception)
//{
// Console.WriteLine("Authenticode: " + exception.Message);
//}
//try
//{
// File.WriteAllBytes(CAStorePathInfo.CACertPathAndFileName + ".crt", certForCA.Export(X509ContentType.Cert, privateKeyPassword));
// Console.WriteLine("Cert: SUCCESS");
//}
//catch (Exception exception)
//{
// Console.WriteLine("Cert: " + exception.Message);
//}
try
{
File.WriteAllBytes(CAStorePathInfo.CACertPathAndFileName, certForCA.Export(X509ContentType.Pfx, privateKeyPassword));
Console.WriteLine("PFX/PKCS12: SUCCESS");
}
catch (Exception exception)
{
Console.WriteLine("PFX/PKCS12: " + exception.Message);
}
//try
//{
// File.WriteAllBytes(CAStorePathInfo.CACertPathAndFileName + ".p7b", certForCA.Export(X509ContentType.Pkcs7, privateKeyPassword));
// Console.WriteLine("P7B: SUCCESS");
//}
//catch (Exception exception)
//{
// Console.WriteLine("P7B: " + exception.Message);
//}
}
public void GenerateSelfSignedCertificateWithValidArgs_ReturnsExpected()
{
String name = "unit-tester";
String organization = "Division42 LLC";
String organizationalUnit = "IT Security";
String city = "Tampa";
String stateCode = "FL";
String countryCode = "US";
CertificateGenerator instance = new CertificateGenerator();
//DC domainComponent
//CN commonName
//OU organizationalUnitName
//O organizationName
//STREET streetAddress
//L localityName
//ST stateOrProvinceName
//C countryName
//UID userid
String subjectDN = $"CN={name},O={organization},OU={organizationalUnit},L={city},C={countryCode}"; //,ST={stateCode}";
String[] subjectAlternativeNames = new List <String>().ToArray();
KeyPurposeID[] usages = new List <KeyPurposeID>()
{
KeyPurposeID.AnyExtendedKeyUsage
}.ToArray();
TimeIt("Create CA", () =>
{
// CA
{
X509Certificate2 certForCA = instance.CreateCertificateAuthorityCertificate(subjectDN, subjectAlternativeNames, usages).Certificate;
File.WriteAllBytes(@"C:\Data\cert-CA.sst", certForCA.Export(X509ContentType.SerializedCert, "test"));
}
});
X509Certificate2 caCertFromFile = null;
RSA caPrivateKeyFromFile = null;
TimeIt("Get CA from file system", () =>
{
caCertFromFile = new X509Certificate2(@"C:\Data\cert-CA.pfx", "test");
caPrivateKeyFromFile = caCertFromFile.GetRSAPrivateKey();
});
TimeIt("Generate Leaf1", () =>
{
// LEAF1
String dnForLeaf1 = $"CN=leaf1,O={organization},OU={organizationalUnit},L={city},C={countryCode}";
X509Certificate2 certForLeaf1 = instance.IssueCertificate(dnForLeaf1, caCertFromFile, caPrivateKeyFromFile, subjectAlternativeNames, usages).Certificate;
File.WriteAllBytes(@"C:\Data\cert-leaf1.pfx", certForLeaf1.Export(X509ContentType.Pkcs12, "test"));
});
TimeIt("Generate Leaf1", () =>
{
// LEAF2
String dnForLeaf2 = $"CN=leaf2,O={organization},OU={organizationalUnit},L={city},C={countryCode}";
X509Certificate2 certForLeaf2 = instance.IssueCertificate(dnForLeaf2, caCertFromFile, caPrivateKeyFromFile, subjectAlternativeNames, usages).Certificate;
File.WriteAllBytes(@"C:\Data\cert-leaf2.pfx", certForLeaf2.Export(X509ContentType.Pkcs12, "test"));
});
TimeIt("Generate Leaf1", () =>
{
// LEAF2
String dnForLeaf3 = $"CN=leaf3,O={organization},OU={organizationalUnit},L={city},C={countryCode}";
X509Certificate2 certForLeaf3 = instance.IssueCertificate(dnForLeaf3, caCertFromFile, caPrivateKeyFromFile, subjectAlternativeNames, usages).Certificate;
File.WriteAllBytes(@"C:\Data\cert-leaf3.pfx", certForLeaf3.Export(X509ContentType.Pkcs12, "test"));
});
Debugger.Break();
}
