static void Main(string[] args)
{
(string password, string dnsName, AsymmetricAlgorithms algorithm) = ReadArgs(args);
var sp = new ServiceCollection()
.AddCertificateManager()
.BuildServiceProvider();
_cc = sp.GetService <CreateCertificates>();
var iec = sp.GetService <ImportExportCertificate>();
if (algorithm == AsymmetricAlgorithms.RSA)
{
var rsaCert = CreateRsaCertificate(dnsName, 10);
var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert);
File.WriteAllBytes(dnsName + ".cert_rsa512.pfx", rsaCertPfxBytes);
}
else
{
var ecdsaCert = CreateECDsaCertificate(dnsName, 10);
var ecdsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, ecdsaCert);
File.WriteAllBytes(dnsName + ".cert_ecdsa384.pfx", ecdsaCertPfxBytes);
}
Console.WriteLine("Self-signed certificates have been created and exported.");
}
public EnController(CreateCertificates createCertificates, ImportExportCertificate importExportCertificate, SymmetricEncryptDecrypt symmetricEncryptDecrypt,
AsymmetricEncryptDecrypt asymmetricEncryptDecrypt)
{
_createCertificates = createCertificates;
_importExportCertificate = importExportCertificate;
_symmetricEncryptDecrypt = symmetricEncryptDecrypt;
_asymmetricEncryptDecrypt = asymmetricEncryptDecrypt;
}
public static X509Certificate2 CreateRsaCertificate(CreateCertificates createCertificates, int keySize)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = true,
HasPathLengthConstraint = true,
PathLengthConstraint = 2,
Critical = false
};
var subjectAlternativeName = new SubjectAlternativeName
{
DnsName = new List <string>
{
"SigningCertificateTest",
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign
| X509KeyUsageFlags.DigitalSignature
| X509KeyUsageFlags.KeyEncipherment
| X509KeyUsageFlags.CrlSign
| X509KeyUsageFlags.DataEncipherment
| X509KeyUsageFlags.NonRepudiation
| X509KeyUsageFlags.KeyAgreement;
// only if mtls is used
var enhancedKeyUsages = new OidCollection
{
//OidLookup.ClientAuthentication,
//OidLookup.ServerAuthentication,
OidLookup.CodeSigning,
OidLookup.SecureEmail,
OidLookup.TimeStamping
};
var certificate = createCertificates.NewRsaSelfSignedCertificate(
new DistinguishedName {
CommonName = "SigningCertificateTest"
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = DateTimeOffset.UtcNow,
ValidTo = DateTimeOffset.UtcNow.AddYears(1)
},
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
new RsaConfiguration
{
KeySize = keySize,
RSASignaturePadding = RSASignaturePadding.Pkcs1,
HashAlgorithmName = HashAlgorithmName.SHA256
});
return(certificate);
}
public static X509Certificate2 CreateRsaCertificate(CreateCertificates createCertificates, int keySize)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = true,
HasPathLengthConstraint = true,
PathLengthConstraint = 2,
Critical = false
};
var subjectAlternativeName = new SubjectAlternativeName
{
DnsName = new List <string>
{
"localhost",
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign
| X509KeyUsageFlags.DigitalSignature
| X509KeyUsageFlags.KeyEncipherment
| X509KeyUsageFlags.CrlSign
| X509KeyUsageFlags.DataEncipherment
| X509KeyUsageFlags.NonRepudiation
| X509KeyUsageFlags.KeyAgreement;
// only if mtls is used
var enhancedKeyUsages = new OidCollection
{
new Oid("1.3.6.1.5.5.7.3.1"), // TLS Server auth
new Oid("1.3.6.1.5.5.7.3.2"), // TLS Client auth
//new Oid("1.3.6.1.5.5.7.3.3"), // Code signing
//new Oid("1.3.6.1.5.5.7.3.4"), // Email
//new Oid("1.3.6.1.5.5.7.3.8") // Timestamping
};
var certificate = createCertificates.NewRsaSelfSignedCertificate(
new DistinguishedName {
CommonName = "localhost"
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = DateTimeOffset.UtcNow,
ValidTo = DateTimeOffset.UtcNow.AddYears(1)
},
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
new RsaConfiguration
{
KeySize = keySize
});
return(certificate);
}
// ref: https://damienbod.com/2020/02/10/create-certificates-for-identityserver4-signing-using-net-core/
static void Main(string[] args)
{
var sp = new ServiceCollection()
.AddCertificateManager()
.BuildServiceProvider();
_cc = sp.GetService <CreateCertificates>();
var rsaCert = CreateRsaCertificate("localhost", 10);
var ecdsaCert = CreateECDsaCertificate("localhost", 10);
string password = "******";
var iec = sp.GetService <ImportExportCertificate>();
var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert);
File.WriteAllBytes("rsaCert.pfx", rsaCertPfxBytes);
var ecdsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, ecdsaCert);
File.WriteAllBytes("ecdsaCert.pfx", ecdsaCertPfxBytes);
/*
* usage:1
*
*
* var ecdsaCertificate = new X509Certificate2(
* Path.Combine(_environment.ContentRootPath, "ecdsaCert.pfx"), "1234");
*
* ECDsaSecurityKey ecdsaCertificatePublicKey = new ECDsaSecurityKey(ecdsaCertificate.GetECDsaPrivateKey());
*
* services.AddIdentityServer()
* .AddSigningCredential(ecdsaCertificatePublicKey, "ES256")
* .AddInMemoryIdentityResources(Config.GetIdentityResources())
* .AddInMemoryApiResources(Config.GetApiResources())
* .AddInMemoryClients(Config.GetClients())
* .AddAspNetIdentity<ApplicationUser>()
* .AddProfileService<IdentityWithAdditionalClaimsProfileService>();
*
* usage: 2
*
* var rsaCertificate = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "rsaCert.pfx"), "1234");
*
* services.AddIdentityServer()
* .AddSigningCredential(rsaCertificate) // rsaCertificate
* .AddInMemoryIdentityResources(Config.GetIdentityResources())
* .AddInMemoryApiResources(Config.GetApiResources())
* .AddInMemoryClients(Config.GetClients())
* .AddAspNetIdentity<ApplicationUser>()
* .AddProfileService<IdentityWithAdditionalClaimsProfileService>();
*/
}
public static X509Certificate2 CreateRsaCertificateChained(CreateCertificates createCertificates, int keySize, X509Certificate2 parentCert)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = false,
HasPathLengthConstraint = false,
PathLengthConstraint = 0,
Critical = false
};
var subjectAlternativeName = new SubjectAlternativeName
{
DnsName = new List <string>
{
"localhost",
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.DigitalSignature;
// only if mtls is used
var enhancedKeyUsages = new OidCollection
{
OidLookup.ClientAuthentication,
OidLookup.ServerAuthentication
// OidLookup.CodeSigning,
// OidLookup.SecureEmail,
// OidLookup.TimeStamping
};
var certificate = createCertificates.NewRsaChainedCertificate(
new DistinguishedName {
CommonName = "localhost"
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = DateTimeOffset.UtcNow,
ValidTo = DateTimeOffset.UtcNow.AddYears(1)
},
subjectAlternativeName,
parentCert,
enhancedKeyUsages,
x509KeyUsageFlags,
new RsaConfiguration
{
KeySize = keySize
});
return(certificate);
}
public static X509Certificate2 CreateRsaCertificate(CreateCertificates _cc, string dnsName, int validityPeriodInYears)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = false,
HasPathLengthConstraint = false,
PathLengthConstraint = 0,
Critical = false
};
var subjectAlternativeName = new SubjectAlternativeName
{
DnsName = new List <string>
{
dnsName,
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.DigitalSignature;
// only if certification authentication is used
var enhancedKeyUsages = new OidCollection
{
OidLookup.ClientAuthentication,
OidLookup.ServerAuthentication
// OidLookup.CodeSigning,
// OidLookup.SecureEmail,
// OidLookup.TimeStamping
};
var certificate = _cc.NewRsaSelfSignedCertificate(
new DistinguishedName {
CommonName = dnsName
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = DateTimeOffset.UtcNow,
ValidTo = DateTimeOffset.UtcNow.AddYears(validityPeriodInYears)
},
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
new RsaConfiguration
{
KeySize = 2048,
HashAlgorithmName = HashAlgorithmName.SHA512
});
return(certificate);
}
public RegisterModel(
UserManager <ApplicationUser> userManager,
SignInManager <ApplicationUser> signInManager,
ILogger <RegisterModel> logger,
IEmailSender emailSender,
CreateCertificates createCertificates,
ImportExportCertificate importExportCertificate)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
_emailSender = emailSender;
_createCertificates = createCertificates;
_importExportCertificate = importExportCertificate;
}
public async Task <HttpResponseMessage> GetCertificatesForCourse([FromUri] DowloadFileSetModel model)
{
var validation = await ValidateInput(model);
if (validation != null)
{
return(validation);
}
var courses = GetPermittedEntity(CreateCertificates.GetCourseIncludes(Repo));
var course = await courses.FirstAsync(c => c.Id == model.EntitySetId);
return(StreamToResponse(
CreateCertificates.CreatePptxCertificates(course, course.CourseFormat.CourseType.GetServerPath()),
CreateCertificates.CertificateName(course)));
}
static void Main(string[] args)
{
var sp = new ServiceCollection()
.AddCertificateManager()
.BuildServiceProvider();
_createCertificates = sp.GetService <CreateCertificates>();
var rsaCert = CreateRsaCertificate("localhost", 10);
var password = "******";
var iec = sp.GetService <ImportExportCertificate>();
var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert);
File.WriteAllBytes("rsaCert.pfx", rsaCertPfxBytes);
Console.WriteLine("created");
}
public static X509Certificate2 CreateSubjectAlternativeNameDetails(
SubjectAlternativeName subjectAlternativeName,
CreateCertificates createCertificates)
{
var distinguishedName = new DistinguishedName
{
CommonName = "root dev",
Country = "IT",
Locality = "DD",
Organisation = "SS",
OrganisationUnit = "unit",
StateProvince = "yes"
};
var enhancedKeyUsages = new OidCollection {
OidLookup.ClientAuthentication,
OidLookup.ServerAuthentication
};
var basicConstraints = new BasicConstraints
{
CertificateAuthority = true,
HasPathLengthConstraint = true,
PathLengthConstraint = 3,
Critical = true
};
var validityPeriod = new ValidityPeriod {
ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(10)
};
var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign;
var rootCert = createCertificates.NewECDsaSelfSignedCertificate(
distinguishedName,
basicConstraints,
validityPeriod,
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
new ECDsaConfiguration());
return(rootCert);
}
static void Main(string[] args)
{
Console.WriteLine("About to create certificate!");
var sp = new ServiceCollection()
.AddCertificateManager()
.BuildServiceProvider();
_cc = sp.GetService <CreateCertificates>();
var rsaCert = CertificateHelper.CreateRsaCertificate(_cc, "bankly.ng", 10);
// var ecdsaCert = CreateECDsaCertificate("localhost", 10);
//
string password = "******";
var iec = sp.GetService <ImportExportCertificate>();
//
var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert);
File.WriteAllBytes("cert_rsa512.pfx", rsaCertPfxBytes);
//
// var ecdsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, ecdsaCert);
// File.WriteAllBytes("cert_ecdsa384.pfx", ecdsaCertPfxBytes);
}
public void CreateCert()
{
ServiceProvider sp = new ServiceCollection()
.AddCertificateManager()
.BuildServiceProvider();
_cc = sp.GetService <CreateCertificates>();
X509Certificate2 oldRsaCert = CreateRsaCertificate("localhost_IS_test_old", 1);
X509Certificate2 rsaCert = CreateRsaCertificate("localhost_IS_test", 10);
string password = "******";
ImportExportCertificate iec = sp.GetService <ImportExportCertificate>();
RsaCertPfxBytes =
iec.ExportSelfSignedCertificatePfx(password, rsaCert);
byte[] OldRsaCertPfxBytes =
iec.ExportSelfSignedCertificatePfx(password, oldRsaCert);
Certificate = new X509Certificate2(RsaCertPfxBytes, password);
OldCertificate = new X509Certificate2(OldRsaCertPfxBytes, password);
}
public CreateCertificatesClientServerAuthRsa(CreateCertificates createCertificates)
{
this._createCertificates = createCertificates;
}
public CertificateCryptoServices(CreateCertificates createCertificates, ImportExportCertificate importExportCertificate)
{
_createCertificates = createCertificates;
_importExportCertificate = importExportCertificate;
}
