private static RSA CreateCertificateKey(RSAPublicKeyParameters publicKey)
{
var parameters = new RSAParameters {
Modulus = publicKey.Modulus, Exponent = publicKey.Exponent
};
return(RSA.Create(parameters));
}
private static (string subjectName, RSAPublicKeyParameters publicKey) ExtractData(string requestBody)
{
dynamic data = JsonConvert.DeserializeObject(requestBody);
string subjectName = data.subjectName;
byte[] exponent = Convert.FromBase64String((string)data.publicKey.exponent);
byte[] modulus = Convert.FromBase64String((string)data.publicKey.modulus);
var publicKey = new RSAPublicKeyParameters(exponent, modulus);
return(subjectName, publicKey);
}
public async Task <X509Certificate2> IssueCertificateAsync(string subjectName, RSAPublicKeyParameters publicKey)
{
//var certificateBundle = await _keyVaultClient.GetCertificateAsync(_rootCertificateId);
var certificateBundle = await _keyVaultClient.GetCertificateAsync(_keyVaultBaseUrl, _rootCertificateId);
using var issuerCertificate = new X509Certificate2(certificateBundle.Cer);
using RSA certificateKey = CreateCertificateKey(publicKey);
CertificateRequest request = CreateCertificateRequest(subjectName, certificateKey, issuerCertificate.Extensions[SubjectIdExtensionOid]);
byte[] certificateSerialNumber = await _serialNumberGenerator.GenerateSerialAsync();
using var rsaKeyVault = _keyVaultClient.ToRSA(certificateBundle.KeyIdentifier, issuerCertificate);
var generator = X509SignatureGenerator.CreateForRSA(rsaKeyVault, RSASignaturePadding.Pkcs1);
return(request.Create(issuerCertificate.SubjectName, generator, DateTime.Today.AddDays(-1), DateTime.Today.AddYears(1), certificateSerialNumber));
}