public void IssueCertificate(
string id,
string issuerId,
DateTimeOffset startDate,
DateTimeOffset endDate,
string requestExtensions,
string extensions,
int keyLengthInBits = 2048,
string signatureAlgorithm = SignatureAlgorithm.Sha256)
{
Console.Write($"Issuing certificate {id}...");
var context = new IssueCertificateContext(
id,
issuerId,
requestExtensions,
extensions,
keyLengthInBits,
startDate,
endDate,
signatureAlgorithm,
this);
Directory.CreateDirectory(OnlineDirectoryPath);
Directory.CreateDirectory(context.NewCertsDirectoryPath);
GeneratePrivateKey(context);
CreateCertificateSigningRequest(context);
FulfillCertificateSigningRequest(context);
GeneratePfx(context);
GenerateX509(context);
Console.WriteLine(" done.");
}
private void CreateCertificateSigningRequest(IssueCertificateContext context)
{
if (!string.IsNullOrWhiteSpace(context.Extensions) && context.Extensions.EndsWith("ca_certificate"))
{
File.WriteAllText(Path.Combine(OutputDirectoryPath, $"{context.Id}.database"), string.Empty);
File.WriteAllText(Path.Combine(OutputDirectoryPath, $"{context.Id}.database.attr"), string.Empty);
File.WriteAllText(Path.Combine(OutputDirectoryPath, $"{context.Id}.crlnumber"), "1000");
File.WriteAllText(Path.Combine(OutputDirectoryPath, $"{context.Id}.serialnumber"), "01");
}
var arguments = new List <string>
{
"req",
"-new",
"-key", context.PrivateKeyFilePath,
"-out", context.CertificateRequestFilePath,
"-config", context.ConfigFilePath,
};
if (!string.IsNullOrWhiteSpace(context.RequestExtensions))
{
arguments.Add("-reqexts");
arguments.Add(context.RequestExtensions);
}
Execute(context, arguments.ToArray());
}
private void GeneratePrivateKey(IssueCertificateContext context)
{
File.Delete(context.PrivateKeyFilePath);
var arguments = new List <string>
{
"genrsa",
"-out", context.PrivateKeyFilePath,
context.KeyLengthInBits.ToString(),
};
Execute(context, arguments.ToArray());
}
private void GeneratePfx(IssueCertificateContext context)
{
var arguments = new List <string>
{
"pkcs12",
"-export",
"-in", context.CertificatePemFilePath,
"-inkey", context.PrivateKeyFilePath,
"-out", context.CertificatePfxFilePath,
"-passout", "pass:",
};
Execute(context, arguments.ToArray());
}
private void GenerateX509(IssueCertificateContext context)
{
var arguments = new List <string>
{
"x509",
"-in", context.CertificatePemFilePath,
"-out", context.CertificateCrtFilePath,
"-outform", "der",
};
Execute(context, arguments.ToArray());
File.Copy(
context.CertificateCrtFilePath,
Path.Combine(OnlineDirectoryPath, Path.GetFileName(context.CertificateCrtFilePath)));
}
private void FulfillCertificateSigningRequest(IssueCertificateContext context)
{
var arguments = new List <string>
{
"ca",
"-batch",
"-in", context.CertificateRequestFilePath,
"-out", context.CertificatePemFilePath,
"-startdate", FormatDate(context.StartDate),
"-enddate", FormatDate(context.EndDate),
"-md", context.SignatureAlgorithm,
"-extensions", context.Extensions,
"-extfile", context.ConfigFilePath,
"-config", context.ConfigFilePath,
"-notext",
};
if (context.Id == context.IssuerId)
{
arguments.Add("-selfsign");
}
Execute(context, arguments.ToArray());
}
