public static void VerifySignature_RSA_PKCS1(string hashAlgorithm)
{
HashAlgorithmName hashAlgorithmName = new HashAlgorithmName(hashAlgorithm);
using (RSA key = RSA.Create())
{
CertificateRequest first = new CertificateRequest(
"CN=Test",
key,
hashAlgorithmName,
RSASignaturePadding.Pkcs1);
byte[] pkcs10;
if (hashAlgorithm == "SHA1")
{
pkcs10 = first.CreateSigningRequest(new RSASha1Pkcs1SignatureGenerator(key));
}
else
{
pkcs10 = first.CreateSigningRequest();
}
// Assert.NoThrow
CertificateRequest.LoadSigningRequest(pkcs10, hashAlgorithmName, out _);
pkcs10[^ 1] ^= 0xFF;
public static string ToPemString(this CertificateRequest request, X509SignatureGenerator?generator = null)
{
var pkcs10 = generator == null?request.CreateSigningRequest() : request.CreateSigningRequest(generator);
return("-----BEGIN CERTIFICATE REQUEST-----\r\n"
+ pkcs10.ToFormattedBase64String()
+ "-----END CERTIFICATE REQUEST-----");
}
public ResultCommandGenerateCSR GenerateCSR()
{
try
{
//Generate Certificate with RSA Private key
byte[] csr = null;
using (RSA key = SimulatedDevice.GetPrivateKey(true))
{
CertificateRequest certRequest = new CertificateRequest($"CN={SimulatedDevice.DeviceId}",
key,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
csr = certRequest.CreateSigningRequest();
}
return(new ResultCommandGenerateCSR()
{
Csr = csr != null?Convert.ToBase64String(csr) : null,
IsSuccess = true
});
}
catch (Exception e)
{
DebugHelper.LogError($"Error GenerateCSR: {e.Message}.");
return(ResultCommand.CreateFailedCommand <ResultCommandGenerateCSR>($"Error GenerateCSR: {e.Message}."));
}
}
public async Task <(byte[] Cert, RSA PrivateKey)> GetCertificate(CancellationToken token = default(CancellationToken))
{
var key = new RSACryptoServiceProvider(4096);
var csr = new CertificateRequest("CN=" + _hosts[0],
key, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var san = new SubjectAlternativeNameBuilder();
foreach (var host in _hosts)
{
san.AddDnsName(host);
}
csr.CertificateExtensions.Add(san.Build());
var certResponse = await _client.NewCertificateRequestAsync(csr.CreateSigningRequest(), token);
_cache.CachedCerts[_hosts[0]] = new CertificateCache
{
Cert = certResponse.Certificate,
Private = key.ExportCspBlob(true)
};
lock (Locker)
{
File.WriteAllText(_path,
JsonConvert.SerializeObject(_cache, Formatting.Indented));
}
return(certResponse.Certificate, key);
}
public static void PublicKeyConstructor_CannotSelfSign()
{
byte[] spki;
using (ECDsa key = ECDsa.Create(EccTestData.Secp384r1Data.KeyParameters))
{
spki = key.ExportSubjectPublicKeyInfo();
}
PublicKey publicKey = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out _);
CertificateRequest req = new CertificateRequest(
new X500DistinguishedName("CN=Test"),
publicKey,
HashAlgorithmName.SHA384);
InvalidOperationException ex;
ex = Assert.Throws <InvalidOperationException>(() => req.CreateSigningRequest());
Assert.Contains(nameof(X509SignatureGenerator), ex.Message);
DateTimeOffset notBefore = DateTimeOffset.UtcNow;
DateTimeOffset notAfter = notBefore.AddMinutes(1);
ex = Assert.Throws <InvalidOperationException>(() => req.CreateSelfSigned(notBefore, notAfter));
Assert.Contains(nameof(X509SignatureGenerator), ex.Message);
}
public static (string, string) CreateCSR(string DN)
{
RSA rSA = new RSACryptoServiceProvider(2048);
string keygen = CertificateUtils.PemEncodeKey(Convert.ToBase64String(rSA.ExportRSAPrivateKey()));
var res = FileHandler.CheckAndCreatePath("CSRs", "CSR");
string path = res.Item1;
string idx = res.Item2;
File.WriteAllText(path + $"\\SLjavad_{idx}.key", keygen);
CertificateRequest certificateRequest = new CertificateRequest(
$"{DN}", rSA, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
certificateRequest.CertificateExtensions.Add(
new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyCertSign, false));
certificateRequest.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
certificateRequest.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, true));
var csr = certificateRequest.CreateSigningRequest();
File.WriteAllText(path + $"\\SLjavad_{idx}.csr", CertificateUtils.PemEncodeSigningRequest(Convert.ToBase64String(csr)));
return(CertificateUtils.PemEncodeSigningRequest(Convert.ToBase64String(csr)), (path + $"\\SLjavad_{idx}.csr"));
}
/// <summary>
/// Request a certificate.
/// </summary>
/// <param name="order">A previously completed order.</param>
/// <param name="key">The private key to sign the certificate request with.</param>
/// <param name="cancellationToken">Cancellation token for the async request.</param>
/// <returns>An updated <see cref="Order"/> object.</returns>
/// <remarks>The subjectname for the request is the first identifier in <paramref name="order"/>. Subsequent identifiers are added as alternative names.</remarks>
public async Task <Order> RequestCertificateAsync(Order order, RSACryptoServiceProvider key, CancellationToken cancellationToken = default)
{
var csr = new CertificateRequest("CN=" + order.Identifiers[0].Value, key, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var san = new SubjectAlternativeNameBuilder();
foreach (var identifier in order.Identifiers.Skip(1))
{
san.AddDnsName(identifier.Value);
}
csr.CertificateExtensions.Add(san.Build());
var message = new FinalizeRequest
{
CSR = Jws.Base64UrlEncoded(csr.CreateSigningRequest())
};
var(result, responseText) = await client.PostAsync <Order>(order.Finalize, message, cancellationToken);
if (result is Order acmeOrder)
{
return(acmeOrder);
}
throw new InvalidServerResponse("Invalid response from server during RequestCertificate.", responseText, order.Finalize.ToString());
}
/// <summary>
/// Returns a DER-encoded PKCS#10 Certificate Signing Request for the given RSA parametes
/// and the given hash algorithm.
/// </summary>
public static byte[] GenerateCsr(this RsaTool tool, IEnumerable <string> dnsNames,
RSA rsa, HashAlgorithmName?hashAlgor = null)
{
if (hashAlgor == null)
{
hashAlgor = HashAlgorithmName.SHA256;
}
string firstName = null;
var sanBuilder = new SubjectAlternativeNameBuilder();
foreach (var n in dnsNames)
{
sanBuilder.AddDnsName(n);
if (firstName == null)
{
firstName = n;
}
}
if (firstName == null)
{
throw new ArgumentException("Must specify at least one name");
}
var dn = new X500DistinguishedName($"CN={firstName}");
var csr = new CertificateRequest(dn,
rsa, hashAlgor.Value, RSASignaturePadding.Pkcs1);
csr.CertificateExtensions.Add(sanBuilder.Build());
return(csr.CreateSigningRequest());
}
private void OnGenerateButtonClick(object?sender, EventArgs e)
{
if (_MerchantCertificateRadioButton.Checked)
{
_LastGeneratedRSAPrivateKey = new RSACng(2048);
_LastGeneratedECDsaPrivateKey?.Dispose();
_LastGeneratedECDsaPrivateKey = null;
CertificateRequest CertificateRequest = new CertificateRequest(
$"E={_EmailAddressTextBox.Text}, CN={_CommonNameTextBox.Text}, O=US",
_LastGeneratedRSAPrivateKey,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
_LastGeneratedCSRContent = CertificateRequest.CreateSigningRequest();
}
else
{
_LastGeneratedECDsaPrivateKey = new ECDsaCng(256);
_LastGeneratedRSAPrivateKey?.Dispose();
_LastGeneratedRSAPrivateKey = null;
CertificateRequest CertificateRequest = new CertificateRequest(
$"E={_EmailAddressTextBox.Text}, CN={_CommonNameTextBox.Text}, O=US",
_LastGeneratedECDsaPrivateKey,
HashAlgorithmName.SHA256);
_LastGeneratedCSRContent = CertificateRequest.CreateSigningRequest();
}
_CertificateSigningRequestContentTextBox.Text = CertificateExtensions.EncodeDERDataInPEMFormat(_LastGeneratedCSRContent, "CERTIFICATE REQUEST");
_ExportCertificateSigningRequestButton.Enabled = true;
}
private static string GenerateCSRForClientCert(string subjectName)
{
var keyPair = System.Security.Cryptography.ECDsa.Create(System.Security.Cryptography.ECCurve.NamedCurves.nistP256);
var certRequest = new CertificateRequest("CN=" + subjectName, keyPair, System.Security.Cryptography.HashAlgorithmName.SHA256);
var csr = certRequest.CreateSigningRequest();
return(Convert.ToBase64String(csr));
}
public static void ToPkcs10_ArgumentExceptions()
{
using (ECDsa ecdsa = ECDsa.Create(EccTestData.Secp256r1Data.KeyParameters))
{
CertificateRequest request = new CertificateRequest("", ecdsa, HashAlgorithmName.SHA256);
Assert.Throws <ArgumentNullException>("signatureGenerator", () => request.CreateSigningRequest(null));
}
}
public static void Run()
{
var request = new CertificateRequest(
new X500DistinguishedName("CN=example.org"),
ECDsa.Create(),
HashAlgorithmName.SHA256);
var csr = request.CreateSigningRequest();
PEM.Write("example.org.csr", csr, "CERTIFICATE REQUEST");
}
public static void NullOidValueInAttributeInCollection()
{
using (ECDsa key = ECDsa.Create(EccTestData.Secp384r1Data.KeyParameters))
{
CertificateRequest req = new CertificateRequest(
"CN=Test",
key,
HashAlgorithmName.SHA384);
req.OtherRequestAttributes.Add(new AsnEncodedData(new Oid(null, null), Array.Empty <byte>()));
X509SignatureGenerator gen = X509SignatureGenerator.CreateForECDsa(key);
InvalidOperationException ex;
ex = Assert.Throws <InvalidOperationException>(() => req.CreateSigningRequest());
Assert.Contains(nameof(CertificateRequest.OtherRequestAttributes), ex.Message);
ex = Assert.Throws <InvalidOperationException>(() => req.CreateSigningRequest(gen));
Assert.Contains(nameof(CertificateRequest.OtherRequestAttributes), ex.Message);
}
}
// Public Methods
public static byte[] CreateSigningRequest(RSA rsa, string cn, List <string> subjectAlternativeNames)
{
#if NETSTANDARD2_0
var keyPair = DotNetUtilities.GetKeyPair(rsa);
var csrAttrs = new List <Asn1Encodable>();
var gnames = new List <GeneralName>();
foreach (var n in subjectAlternativeNames)
{
gnames.Add(new GeneralName(GeneralName.DnsName, n));
}
var altNames = new GeneralNames(gnames.ToArray());
var x509Ext = new X509Extensions(new Dictionary <DerObjectIdentifier, object>()
{
{ X509Extensions.SubjectAlternativeName, new Org.BouncyCastle.Asn1.X509.X509Extension(false, new DerOctetString(altNames)) }
});
csrAttrs.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(
PkcsObjectIdentifiers.Pkcs9AtExtensionRequest,
new DerSet(x509Ext)));
var csr = new Pkcs10CertificationRequest(PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id,
new X509Name($"CN={cn}"), keyPair.Public, new DerSet(csrAttrs.ToArray()), keyPair.Private);
return(csr.GetEncoded());
#endif
#if NETSTANDARD2_1
CertificateRequest req = new CertificateRequest($"CN={cn}",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
req.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, true));
req.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
var sanb = new SubjectAlternativeNameBuilder();
foreach (var subjectAlternativeName in subjectAlternativeNames)
{
sanb.AddDnsName(subjectAlternativeName);
}
req.CertificateExtensions.Add(sanb.Build());
return(req.CreateSigningRequest());
#endif
}
public static void ReproduceBigExponentCsr()
{
X509Extension sanExtension = new X509Extension(
"2.5.29.17",
"302387047F00000187100000000000000000000000000000000182096C6F63616C686F7374".HexToByteArray(),
false);
byte[] autoCsr;
byte[] csr;
string csrPem;
string autoCsrPem;
using (RSA rsa = RSA.Create())
{
rsa.ImportParameters(TestData.RsaBigExponentParams);
CertificateRequest request = new CertificateRequest(
"CN=localhost, OU=.NET Framework (CoreFX), O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(sanExtension);
autoCsr = request.CreateSigningRequest();
autoCsrPem = request.CreateSigningRequestPem();
X509SignatureGenerator generator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1);
csr = request.CreateSigningRequest(generator);
csrPem = request.CreateSigningRequestPem(generator);
}
AssertExtensions.SequenceEqual(TestData.BigExponentPkcs10Bytes, autoCsr);
AssertExtensions.SequenceEqual(TestData.BigExponentPkcs10Bytes, csr);
Assert.Equal(TestData.BigExponentPkcs10Pem, autoCsrPem);
Assert.Equal(TestData.BigExponentPkcs10Pem, csrPem);
}
/// <summary>
/// Creates a certificate signing request from an existing certificate.
/// </summary>
public static byte[] CreateSigningRequest(
X509Certificate2 certificate,
IList <String> domainNames = null
)
{
if (!certificate.HasPrivateKey)
{
throw new NotSupportedException("Need a certificate with a private key.");
}
RSA rsaPublicKey = certificate.GetRSAPublicKey();
var request = new CertificateRequest(certificate.SubjectName, rsaPublicKey,
Oids.GetHashAlgorithmName(certificate.SignatureAlgorithm.Value), RSASignaturePadding.Pkcs1);
var alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate);
domainNames = domainNames ?? new List <String>();
if (alternateName != null)
{
foreach (var name in alternateName.DomainNames)
{
if (!domainNames.Any(s => s.Equals(name, StringComparison.OrdinalIgnoreCase)))
{
domainNames.Add(name);
}
}
foreach (var ipAddress in alternateName.IPAddresses)
{
if (!domainNames.Any(s => s.Equals(ipAddress, StringComparison.OrdinalIgnoreCase)))
{
domainNames.Add(ipAddress);
}
}
}
string applicationUri = X509Utils.GetApplicationUriFromCertificate(certificate);
// Subject Alternative Name
var subjectAltName = new X509SubjectAltNameExtension(applicationUri, domainNames);
request.CertificateExtensions.Add(new X509Extension(subjectAltName, false));
using (RSA rsa = certificate.GetRSAPrivateKey())
{
var x509SignatureGenerator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1);
return(request.CreateSigningRequest(x509SignatureGenerator));
}
}
public static CSR GenerateCsr(params string[] dnsNames)
{
HashAlgorithmName hashName = HashAlgorithmName.SHA256;
var builder = new SubjectAlternativeNameBuilder();
foreach (var name in dnsNames)
{
builder.AddDnsName(name);
}
RSA rsa = RSA.Create(4096);
var dn = new X500DistinguishedName($"CN={dnsNames.First()}");
var csr = new CertificateRequest(dn, rsa, hashName, RSASignaturePadding.Pkcs1);
csr.CertificateExtensions.Add(builder.Build());
return(new CSR(csr.CreateSigningRequest(), rsa.ExportParameters(true)));
}
private string GenerateCSR(AcmeAccount account, params string[] domainNames)
{
HashAlgorithmName hashName = HashAlgorithmName.SHA256;
var builder = new SubjectAlternativeNameBuilder();
foreach (var name in domainNames)
{
builder.AddDnsName(name);
}
RSA rsa = RSA.Create(4096);
//rsa.ImportParameters(account.SecurityInfo);
var dn = new X500DistinguishedName($"CN={domainNames.First()}");
var csr = new CertificateRequest(dn, rsa, hashName, RSASignaturePadding.Pkcs1);
csr.CertificateExtensions.Add(builder.Build());
return(Base64Tool.Encode(csr.CreateSigningRequest()));
}
// Public Methods
public static byte[] CreateSigningRequest(RSA rsa, string cn, List <string> subjectAlternativeNames)
{
CertificateRequest req = new CertificateRequest($"CN={cn}",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
req.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, true));
req.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
var sanb = new SubjectAlternativeNameBuilder();
foreach (var subjectAlternativeName in subjectAlternativeNames)
{
sanb.AddDnsName(subjectAlternativeName);
}
req.CertificateExtensions.Add(sanb.Build());
return(req.CreateSigningRequest());
}
/// <summary>
/// Gets the PEM-encoded content for the given <see cref="CertificateRequest"/>.
/// Adapted version of Microsoft code: <see href="https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.certificaterequest.createsigningrequest?view=netframework-4.8#System_Security_Cryptography_X509Certificates_CertificateRequest_CreateSigningRequest" />
/// </summary>
/// <param name="request">The certificate request to get the signing request from</param>
/// <returns>The PEM-encoded signing request</returns>
public static string GetPemEncodedSigningRequest(this CertificateRequest request)
{
var builder = new StringBuilder();
builder.AppendLine(BeginCertificateRequestLine);
var content = Convert.ToBase64String(request.CreateSigningRequest());
int offset = 0;
while (offset < content.Length)
{
int lineEnd = Math.Min(offset + ContentLineLength, content.Length);
builder.AppendLine(content.Substring(offset, lineEnd - offset));
offset = lineEnd;
}
builder.AppendLine(EndCertificateRequestLine);
return(builder.ToString());
}
private string Export(CertificateRequest request, CertificateInfo info, OutputType output)
{
var outputDir = Config.GetValue <string>("OutputDir");
var fullPath = string.Empty;
switch (output)
{
case OutputType.CsrDer:
{
var csrBytes = request.CreateSigningRequest();
var fileName = $"DER_{DateTime.Now.ToString("yyyyMMddHHmmss")}.csr";
fullPath = System.IO.Path.Combine(outputDir, fileName);
File.WriteAllBytes(fullPath, csrBytes); //DER
}
break;
case OutputType.CsrPem:
{
var csrBytes = request.CreateSigningRequest();
var csrBytesBase64 = Convert.ToBase64String(csrBytes);
var begin = "-----BEGIN CERTIFICATE REQUEST-----" + Environment.NewLine;
var end = "-----END CERTIFICATE REQUEST-----" + Environment.NewLine;
var content = $"{begin}{csrBytesBase64}{end}";
var fileName = $"PEM_{DateTime.Now.ToString("yyyyMMddHHmmss")}.csr";
fullPath = System.IO.Path.Combine(outputDir, fileName);
File.WriteAllText(fullPath, content); //PEM
}
break;
case OutputType.CerDer:
{
var passwordDialog = new PasswordWindow();
var exportPassword = string.Empty;
var result = passwordDialog.ShowDialog();
if (result ?? false)
{
exportPassword = string.Equals(passwordDialog.Password, passwordDialog.PasswordConfirmation) ? passwordDialog.Password : string.Empty;
}
if (!string.IsNullOrEmpty(exportPassword))
{
var cer = request.CreateSelfSigned(info.From.ToUniversalTime(), info.To.ToUniversalTime());
var cerBytes = cer.Export(X509ContentType.Pfx, exportPassword);
var fileName = $"DER_{DateTime.Now.ToString("yyyyMMddHHmmss")}.pfx";
fullPath = System.IO.Path.Combine(outputDir, fileName);
File.WriteAllBytes(fullPath, cerBytes); //DER
}
else
{
MessageBox.Show("The password are different");
}
}
break;
case OutputType.CerPem:
{
//Not Implemented Yet
}
break;
}
return(fullPath);
}
public void CertificateSigningRequest()
{
using (RSA parent = RSA.Create(4096))
using (RSA rsa = RSA.Create(2048))
{
System.Security.Cryptography.X509Certificates.CertificateRequest parentReq = new CertificateRequest(
"CN=Experimental Issuing Authority",
parent,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
parentReq.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, true));
parentReq.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false));
//var csr = parentReq.CreateSigningRequest();
using (X509Certificate2 parentCert = parentReq.CreateSelfSigned(
DateTimeOffset.UtcNow.AddDays(-45),
DateTimeOffset.UtcNow.AddDays(365)))
{
CertificateRequest req = new CertificateRequest(
"CN=Valid-Looking Timestamp Authority",
rsa,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
req.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, false));
req.CertificateExtensions.Add(
new X509KeyUsageExtension(
X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.NonRepudiation,
false));
//https://pkisolutions.com/object-identifiers-oid-in-pki/
//https://docs.microsoft.com/en-us/windows/desktop/seccertenroll/supported-extensions
req.CertificateExtensions.Add(
new X509EnhancedKeyUsageExtension(
new OidCollection
{
new Oid("1.3.6.1.5.5.7.3.8")
},
true));
req.CertificateExtensions.Add(
new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
req.CreateSigningRequest();
using (X509Certificate2 cert = req.Create(
parentCert,
DateTimeOffset.UtcNow.AddDays(-1),
DateTimeOffset.UtcNow.AddDays(90),
new byte[] { 1, 2, 3, 4 }))
{
// Do something with these certs, like export them to PFX,
// or add them to an X509Store, or whatever.
}
using (X509Certificate2 cert = req.Create(
parentCert,
DateTimeOffset.UtcNow.AddDays(-1),
DateTimeOffset.UtcNow.AddDays(90),
new byte[] { 1, 2, 3, 4 }))
{
// Do something with these certs, like export them to PFX,
// or add them to an X509Store, or whatever.
}
}
}
}
/// <summary>
/// Generates and sends a CSR to Xboot.Server REST endpoint.
/// </summary>
/// <param name="registrationId"></param>
/// <param name="name"></param>
/// <returns>Pfx in DER-encoded byte array</returns>
public byte[] GetDeviceCertificate(string registrationId, X500DistinguishedName name)
{
byte[] pfx = null;
var req = new CertificateRequest(name, _rsa, HashAlgorithmName.SHA512,
RSASignaturePadding.Pss);
// Returns a DER-encoded PKCS#10 CSR
var csr = req.CreateSigningRequest();
Certificate_Request request = new Certificate_Request
{
RegistrationId = registrationId,
Csr = Convert.ToBase64String(csr)
};
var json = JsonConvert.SerializeObject(request);
var client = new HttpClient();
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
var buffer = System.Text.Encoding.UTF8.GetBytes(json);
var byteContent = new ByteArrayContent(buffer);
try
{
var response = client.PostAsync(_xBootUri, byteContent).Result;
if (response.IsSuccessStatusCode)
{
// Get the response
var jsonString = response.Content.ReadAsStringAsync().Result;
var certString = JsonConvert.DeserializeObject <Certificate_Response>(jsonString);
byte[] certBytes = Convert.FromBase64String(certString.Certificate);
// Read in signed device certificate in DER format
X509Certificate2 cert = new X509Certificate2(certBytes);
// Add private key to cert
cert = cert.CopyWithPrivateKey(_rsa);
if (cert.HasPrivateKey)
{
// Combine certificate and private key into single pfx
// The IoT Device SDK needs both the certificate and the private key information.
// It expects to load a single PFX-formatted file containing all necessarily information.
pfx = cert.Export(X509ContentType.Pfx);
}
}
else
{
throw new Exception(response.StatusCode.ToString());
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
// Return certificate in DER-encoded byte array
return(pfx);
}