protected BaseCertificateTask(TOptions opts, IConfiguration configuration, LogFactory logFactory)
 {
     Options       = opts;
     Configuration = configuration;
     Logger        = logFactory.GetLogger(GetType().Name);
     MenuInterupts = new MenuInterupts();
 }
Example #2
0
        private int InternalRun()
        {
            bool            isRoot  = string.IsNullOrEmpty(Options.IssuerName);
            var             builder = new CertificateBuilder(Options.KeyStrength, Options.SignatureAlgorithm, Logger);
            X509Certificate bcCertificate;
            // Key pair of the issuing certificate.
            AsymmetricCipherKeyPair issuingKeyPair = null;
            // Key pair for the generated certificate.
            AsymmetricCipherKeyPair generatedKeyPair = null;
            X509Certificate2        storeCertificate = null;

            // Root self signed certificate.
            if (isRoot)
            {
                // Builder path for Root CA
                bcCertificate = builder
                                .AddSKID()
                                .AddSerialNumber()
                                .AddValidityTime()
                                .AddExtendedKeyUsages()
                                .AddSubjectCommonName(Options.CommonName)
                                .AddIssuerCommonName(Options.CommonName) // Self Signed
                                .MakeCA()
                                .GenerateRootWithPrivateKey(out issuingKeyPair);
            }
            else
            {
                storeCertificate = LoadCACertificate(Options.IssuerName);
                builder          = new CertificateBuilder(Options.KeyStrength, Options.SignatureAlgorithm, Logger);

                if (!ValidateIssuer(storeCertificate))
                {
                    throw new CertificateException(
                              "Provided certificate is not a valid CA and therefore cannot issue other certificates.");
                }

                issuingKeyPair = DotNetUtilities.GetKeyPair(storeCertificate.PrivateKey);

                string[] dpUrls = Options.DistributionPoints.Count() > 0 ? Options.DistributionPoints.ToArray(): MenuInterupts.GetCrlDistributionPoints();

                bcCertificate = builder
                                .AddSKID()
                                .AddSerialNumber()
                                .AddValidityTime()
                                .AddExtendedKeyUsages()
                                .AddSubjectCommonName(Options.CommonName)
                                .AddIssuerCommonName(Options.IssuerName) // Generate from CA.
                                .AddAKID(issuingKeyPair.Public)
                                .AddCRLDistributionPoints(dpUrls)
                                .MakeCA()
                                .Generate(issuingKeyPair.Private, out generatedKeyPair);
            }

            var convertedCertificate = GetWindowsCertFromGenerated(bcCertificate,
                                                                   Options.CommonName, isRoot ? issuingKeyPair.Private : generatedKeyPair.Private, builder.SecureRandom);

            if (Options.Debug)
            {
                DisplayCertificateDebugInfo(convertedCertificate);
            }

            if (!string.IsNullOrEmpty(Options.ExportLocation))
            {
                // Export the certificate to the
                var exportPath =
                    Path.Combine($"{Options.ExportLocation}", $"{Helper.StringToCNString(Options.CommonName)}.pfx");
                File.WriteAllBytes(exportPath, convertedCertificate.Export(X509ContentType.Pkcs12));
            }
            else
            {
                // Add CA certificate to Root store
                var machineStore = new X509Store(isRoot ? StoreName.Root : StoreName.CertificateAuthority, StoreLocation.LocalMachine);
                machineStore.Open(OpenFlags.ReadWrite);

                machineStore.Add(convertedCertificate);

                machineStore.Close();
            }

            // Get our crl choice for this certificate authority.
            bool generateCrl = Options.GenerateCRL ? Options.GenerateCRL : MenuInterupts.GetCrlChoice();

            if (generateCrl)
            {
                var crlKeyPair = isRoot ? issuingKeyPair : generatedKeyPair;

                var crlBuilder = new CrlBuilder();
                var crl        = crlBuilder
                                 .AddIssuerName(Options.CommonName)
                                 .AddUpdatePeriod()
                                 .AddAKID(crlKeyPair.Public)
                                 .Generate(crlKeyPair.Private);

                var crlPostFix = Configuration["certificateSettings:crlPostFix"];
                var exportPath = Path.Join(Configuration["certificateSettings:crlExportPath"],
                                           $"{Options.CommonName}{crlPostFix}.crl");
                File.WriteAllBytes(exportPath, crl.GetEncoded());
                Logger.Info($"CRL Generated at {exportPath}");
            }

            return(SUCCESS);
        }
Example #3
0
        private int RunInternal(string subjectName, string issuerName)
        {
            // Builder path for normal certificate.
            var storeCertificate = LoadCACertificate(Options.IssuerName);
            var builder          = new CertificateBuilder(Options.KeyStrength, Options.SignatureAlgorithm, Logger);

            if (!ValidateIssuer(storeCertificate))
            {
                Logger.Error("Provided issuer is not a valid CA and therefore cannot issue other certificates.");
                throw new CertificateException(
                          "Provided issuer is not a valid CA and therefore cannot issue other certificates.");
            }

            var issuingKeyPair = DotNetUtilities.GetKeyPair(storeCertificate.PrivateKey);

            string[] dpUrls = Options.DistributionPoints.Count() > 0 ? Options.DistributionPoints.ToArray() : MenuInterupts.GetCrlDistributionPoints();

            var bcCertificate = builder
                                .AddSKID()
                                .AddSerialNumber()
                                .AddValidityTime()
                                .AddExtendedKeyUsages()
                                .AddSubjectCommonName(Options.CommonName)
                                .AddIssuerCommonName(Options.IssuerName) // Generate from CA.
                                .AddBasicConstraints()
                                .AddAKID(issuingKeyPair.Public)
                                .AddCRLDistributionPoints(dpUrls)
                                .Generate(issuingKeyPair.Private, out AsymmetricCipherKeyPair generatedKeyPair);

            var convertedCertificate = GetWindowsCertFromGenerated(bcCertificate, Options.CommonName, generatedKeyPair.Private, builder.SecureRandom);

            if (Options.Debug)
            {
                DisplayCertificateDebugInfo(convertedCertificate);
            }

            X509Chain chain = new X509Chain();

            chain.Build(convertedCertificate);

            if (!string.IsNullOrEmpty(Options.ExportLocation))
            {
                File.WriteAllBytes(Path.Combine(Options.ExportLocation, $"{Options.CommonName}.pfx"),
                                   convertedCertificate.Export(X509ContentType.Pkcs12));
            }
            else
            {
                // Add CA certificate to Root store
                var machineStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                machineStore.Open(OpenFlags.ReadWrite);
                machineStore.Add(convertedCertificate);
                machineStore.Close();
            }

            return(SUCCESS);
        }