static void Main(string[] args) { (string password, string dnsName, AsymmetricAlgorithms algorithm) = ReadArgs(args); var sp = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); _cc = sp.GetService <CreateCertificates>(); var iec = sp.GetService <ImportExportCertificate>(); if (algorithm == AsymmetricAlgorithms.RSA) { var rsaCert = CreateRsaCertificate(dnsName, 10); var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert); File.WriteAllBytes(dnsName + ".cert_rsa512.pfx", rsaCertPfxBytes); } else { var ecdsaCert = CreateECDsaCertificate(dnsName, 10); var ecdsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, ecdsaCert); File.WriteAllBytes(dnsName + ".cert_ecdsa384.pfx", ecdsaCertPfxBytes); } Console.WriteLine("Self-signed certificates have been created and exported."); }
public EnController(CreateCertificates createCertificates, ImportExportCertificate importExportCertificate, SymmetricEncryptDecrypt symmetricEncryptDecrypt, AsymmetricEncryptDecrypt asymmetricEncryptDecrypt) { _createCertificates = createCertificates; _importExportCertificate = importExportCertificate; _symmetricEncryptDecrypt = symmetricEncryptDecrypt; _asymmetricEncryptDecrypt = asymmetricEncryptDecrypt; }
public static X509Certificate2 CreateRsaCertificate(CreateCertificates createCertificates, int keySize) { var basicConstraints = new BasicConstraints { CertificateAuthority = true, HasPathLengthConstraint = true, PathLengthConstraint = 2, Critical = false }; var subjectAlternativeName = new SubjectAlternativeName { DnsName = new List <string> { "SigningCertificateTest", } }; var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.KeyAgreement; // only if mtls is used var enhancedKeyUsages = new OidCollection { //OidLookup.ClientAuthentication, //OidLookup.ServerAuthentication, OidLookup.CodeSigning, OidLookup.SecureEmail, OidLookup.TimeStamping }; var certificate = createCertificates.NewRsaSelfSignedCertificate( new DistinguishedName { CommonName = "SigningCertificateTest" }, basicConstraints, new ValidityPeriod { ValidFrom = DateTimeOffset.UtcNow, ValidTo = DateTimeOffset.UtcNow.AddYears(1) }, subjectAlternativeName, enhancedKeyUsages, x509KeyUsageFlags, new RsaConfiguration { KeySize = keySize, RSASignaturePadding = RSASignaturePadding.Pkcs1, HashAlgorithmName = HashAlgorithmName.SHA256 }); return(certificate); }
public static X509Certificate2 CreateRsaCertificate(CreateCertificates createCertificates, int keySize) { var basicConstraints = new BasicConstraints { CertificateAuthority = true, HasPathLengthConstraint = true, PathLengthConstraint = 2, Critical = false }; var subjectAlternativeName = new SubjectAlternativeName { DnsName = new List <string> { "localhost", } }; var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.KeyAgreement; // only if mtls is used var enhancedKeyUsages = new OidCollection { new Oid("1.3.6.1.5.5.7.3.1"), // TLS Server auth new Oid("1.3.6.1.5.5.7.3.2"), // TLS Client auth //new Oid("1.3.6.1.5.5.7.3.3"), // Code signing //new Oid("1.3.6.1.5.5.7.3.4"), // Email //new Oid("1.3.6.1.5.5.7.3.8") // Timestamping }; var certificate = createCertificates.NewRsaSelfSignedCertificate( new DistinguishedName { CommonName = "localhost" }, basicConstraints, new ValidityPeriod { ValidFrom = DateTimeOffset.UtcNow, ValidTo = DateTimeOffset.UtcNow.AddYears(1) }, subjectAlternativeName, enhancedKeyUsages, x509KeyUsageFlags, new RsaConfiguration { KeySize = keySize }); return(certificate); }
// ref: https://damienbod.com/2020/02/10/create-certificates-for-identityserver4-signing-using-net-core/ static void Main(string[] args) { var sp = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); _cc = sp.GetService <CreateCertificates>(); var rsaCert = CreateRsaCertificate("localhost", 10); var ecdsaCert = CreateECDsaCertificate("localhost", 10); string password = "******"; var iec = sp.GetService <ImportExportCertificate>(); var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert); File.WriteAllBytes("rsaCert.pfx", rsaCertPfxBytes); var ecdsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, ecdsaCert); File.WriteAllBytes("ecdsaCert.pfx", ecdsaCertPfxBytes); /* * usage:1 * * * var ecdsaCertificate = new X509Certificate2( * Path.Combine(_environment.ContentRootPath, "ecdsaCert.pfx"), "1234"); * * ECDsaSecurityKey ecdsaCertificatePublicKey = new ECDsaSecurityKey(ecdsaCertificate.GetECDsaPrivateKey()); * * services.AddIdentityServer() * .AddSigningCredential(ecdsaCertificatePublicKey, "ES256") * .AddInMemoryIdentityResources(Config.GetIdentityResources()) * .AddInMemoryApiResources(Config.GetApiResources()) * .AddInMemoryClients(Config.GetClients()) * .AddAspNetIdentity<ApplicationUser>() * .AddProfileService<IdentityWithAdditionalClaimsProfileService>(); * * usage: 2 * * var rsaCertificate = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "rsaCert.pfx"), "1234"); * * services.AddIdentityServer() * .AddSigningCredential(rsaCertificate) // rsaCertificate * .AddInMemoryIdentityResources(Config.GetIdentityResources()) * .AddInMemoryApiResources(Config.GetApiResources()) * .AddInMemoryClients(Config.GetClients()) * .AddAspNetIdentity<ApplicationUser>() * .AddProfileService<IdentityWithAdditionalClaimsProfileService>(); */ }
public static X509Certificate2 CreateRsaCertificateChained(CreateCertificates createCertificates, int keySize, X509Certificate2 parentCert) { var basicConstraints = new BasicConstraints { CertificateAuthority = false, HasPathLengthConstraint = false, PathLengthConstraint = 0, Critical = false }; var subjectAlternativeName = new SubjectAlternativeName { DnsName = new List <string> { "localhost", } }; var x509KeyUsageFlags = X509KeyUsageFlags.DigitalSignature; // only if mtls is used var enhancedKeyUsages = new OidCollection { OidLookup.ClientAuthentication, OidLookup.ServerAuthentication // OidLookup.CodeSigning, // OidLookup.SecureEmail, // OidLookup.TimeStamping }; var certificate = createCertificates.NewRsaChainedCertificate( new DistinguishedName { CommonName = "localhost" }, basicConstraints, new ValidityPeriod { ValidFrom = DateTimeOffset.UtcNow, ValidTo = DateTimeOffset.UtcNow.AddYears(1) }, subjectAlternativeName, parentCert, enhancedKeyUsages, x509KeyUsageFlags, new RsaConfiguration { KeySize = keySize }); return(certificate); }
public static X509Certificate2 CreateRsaCertificate(CreateCertificates _cc, string dnsName, int validityPeriodInYears) { var basicConstraints = new BasicConstraints { CertificateAuthority = false, HasPathLengthConstraint = false, PathLengthConstraint = 0, Critical = false }; var subjectAlternativeName = new SubjectAlternativeName { DnsName = new List <string> { dnsName, } }; var x509KeyUsageFlags = X509KeyUsageFlags.DigitalSignature; // only if certification authentication is used var enhancedKeyUsages = new OidCollection { OidLookup.ClientAuthentication, OidLookup.ServerAuthentication // OidLookup.CodeSigning, // OidLookup.SecureEmail, // OidLookup.TimeStamping }; var certificate = _cc.NewRsaSelfSignedCertificate( new DistinguishedName { CommonName = dnsName }, basicConstraints, new ValidityPeriod { ValidFrom = DateTimeOffset.UtcNow, ValidTo = DateTimeOffset.UtcNow.AddYears(validityPeriodInYears) }, subjectAlternativeName, enhancedKeyUsages, x509KeyUsageFlags, new RsaConfiguration { KeySize = 2048, HashAlgorithmName = HashAlgorithmName.SHA512 }); return(certificate); }
public RegisterModel( UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, ILogger <RegisterModel> logger, IEmailSender emailSender, CreateCertificates createCertificates, ImportExportCertificate importExportCertificate) { _userManager = userManager; _signInManager = signInManager; _logger = logger; _emailSender = emailSender; _createCertificates = createCertificates; _importExportCertificate = importExportCertificate; }
public async Task <HttpResponseMessage> GetCertificatesForCourse([FromUri] DowloadFileSetModel model) { var validation = await ValidateInput(model); if (validation != null) { return(validation); } var courses = GetPermittedEntity(CreateCertificates.GetCourseIncludes(Repo)); var course = await courses.FirstAsync(c => c.Id == model.EntitySetId); return(StreamToResponse( CreateCertificates.CreatePptxCertificates(course, course.CourseFormat.CourseType.GetServerPath()), CreateCertificates.CertificateName(course))); }
static void Main(string[] args) { var sp = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); _createCertificates = sp.GetService <CreateCertificates>(); var rsaCert = CreateRsaCertificate("localhost", 10); var password = "******"; var iec = sp.GetService <ImportExportCertificate>(); var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert); File.WriteAllBytes("rsaCert.pfx", rsaCertPfxBytes); Console.WriteLine("created"); }
public static X509Certificate2 CreateSubjectAlternativeNameDetails( SubjectAlternativeName subjectAlternativeName, CreateCertificates createCertificates) { var distinguishedName = new DistinguishedName { CommonName = "root dev", Country = "IT", Locality = "DD", Organisation = "SS", OrganisationUnit = "unit", StateProvince = "yes" }; var enhancedKeyUsages = new OidCollection { OidLookup.ClientAuthentication, OidLookup.ServerAuthentication }; var basicConstraints = new BasicConstraints { CertificateAuthority = true, HasPathLengthConstraint = true, PathLengthConstraint = 3, Critical = true }; var validityPeriod = new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(10) }; var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign; var rootCert = createCertificates.NewECDsaSelfSignedCertificate( distinguishedName, basicConstraints, validityPeriod, subjectAlternativeName, enhancedKeyUsages, x509KeyUsageFlags, new ECDsaConfiguration()); return(rootCert); }
static void Main(string[] args) { Console.WriteLine("About to create certificate!"); var sp = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); _cc = sp.GetService <CreateCertificates>(); var rsaCert = CertificateHelper.CreateRsaCertificate(_cc, "bankly.ng", 10); // var ecdsaCert = CreateECDsaCertificate("localhost", 10); // string password = "******"; var iec = sp.GetService <ImportExportCertificate>(); // var rsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert); File.WriteAllBytes("cert_rsa512.pfx", rsaCertPfxBytes); // // var ecdsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, ecdsaCert); // File.WriteAllBytes("cert_ecdsa384.pfx", ecdsaCertPfxBytes); }
public void CreateCert() { ServiceProvider sp = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); _cc = sp.GetService <CreateCertificates>(); X509Certificate2 oldRsaCert = CreateRsaCertificate("localhost_IS_test_old", 1); X509Certificate2 rsaCert = CreateRsaCertificate("localhost_IS_test", 10); string password = "******"; ImportExportCertificate iec = sp.GetService <ImportExportCertificate>(); RsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, rsaCert); byte[] OldRsaCertPfxBytes = iec.ExportSelfSignedCertificatePfx(password, oldRsaCert); Certificate = new X509Certificate2(RsaCertPfxBytes, password); OldCertificate = new X509Certificate2(OldRsaCertPfxBytes, password); }
public CreateCertificatesClientServerAuthRsa(CreateCertificates createCertificates) { this._createCertificates = createCertificates; }
public CertificateCryptoServices(CreateCertificates createCertificates, ImportExportCertificate importExportCertificate) { _createCertificates = createCertificates; _importExportCertificate = importExportCertificate; }