public byte[] GenerateComCert(int comServerId)
{
var comServer = GetServer(comServerId);
if (comServer == null)
{
return(null);
}
var iCert = new ServiceCertificate().GetIntermediate();
var site = new Uri(comServer.Url);
var intermediateEntity = new ServiceCertificate().GetIntermediateEntity();
var pass = new EncryptionServices().DecryptText(intermediateEntity.Password);
var intermediateCert = new X509Certificate2(intermediateEntity.PfxBlob, pass, X509KeyStorageFlags.Exportable);
var certRequest = new CertificateRequest();
var organization = ServiceSetting.GetSettingValue(SettingStrings.CertificateOrganization);
certRequest.SubjectName = string.Format($"CN={site.Host}");
certRequest.NotBefore = DateTime.UtcNow;
certRequest.NotAfter = certRequest.NotBefore.AddYears(10);
var certificate = new ServiceGenerateCertificate(certRequest).IssueCertificate(intermediateCert, false, true);
var bytes = certificate.Export(X509ContentType.Pfx);
return(bytes);
}
public bool GenerateCAandInt()
{
var isAllowed = ConfigurationManager.AppSettings["AllowCAGen"];
if (!isAllowed.ToLower().Equals("true"))
{
Logger.Debug("Certificates cannot be generated without updating the web.config key AllowCAGen");
return(false);
}
var certRequest = new CertificateRequest();
var organization = new ServiceSetting().GetSetting(SettingStrings.CertificateOrganization);
if (organization == null)
{
return(false);
}
if (string.IsNullOrEmpty(organization.Value))
{
return(false);
}
certRequest.SubjectName = string.Format("O={0},CN=Toems CA", organization.Value);
certRequest.NotBefore = DateTime.UtcNow;
certRequest.NotAfter = certRequest.NotBefore.AddYears(20);
var authCertificate = new ServiceGenerateCertificate(certRequest).CreateCertificateAuthorityCertificate();
var c = new EntityCertificate();
c.NotAfter = authCertificate.NotAfter;
c.NotBefore = authCertificate.NotBefore;
c.Serial = authCertificate.SerialNumber;
var pfxPass = Membership.GeneratePassword(10, 0);
c.Password = new EncryptionServices().EncryptText(pfxPass);
c.PfxBlob = authCertificate.Export(X509ContentType.Pfx, pfxPass);
c.SubjectName = authCertificate.Subject;
c.Type = EnumCertificate.CertificateType.Authority;
var existingCA =
_uow.CertificateRepository.GetFirstOrDefault(x => x.Type == EnumCertificate.CertificateType.Authority);
if (existingCA != null)
{
_uow.CertificateRepository.Delete(existingCA.Id);
}
_uow.CertificateRepository.Insert(c);
//intermediate
var intRequest = new CertificateRequest();
intRequest.SubjectName = string.Format("O={0},CN=Toems Intermediate", organization.Value);
intRequest.NotBefore = DateTime.UtcNow;
intRequest.NotAfter = intRequest.NotBefore.AddYears(20);
var intCertificate = new ServiceGenerateCertificate(intRequest).IssueCertificate(authCertificate, true, false);
var ce = new EntityCertificate();
ce.NotAfter = intCertificate.NotAfter;
ce.NotBefore = intCertificate.NotBefore;
ce.Serial = intCertificate.SerialNumber;
var pfxPassInt = Membership.GeneratePassword(10, 0);
ce.Password = new EncryptionServices().EncryptText(pfxPassInt);
ce.PfxBlob = intCertificate.Export(X509ContentType.Pfx, pfxPassInt);
ce.SubjectName = intCertificate.Subject;
ce.Type = EnumCertificate.CertificateType.Intermediate;
var existingInt =
_uow.CertificateRepository.GetFirstOrDefault(x => x.Type == EnumCertificate.CertificateType.Intermediate);
if (existingInt != null)
{
_uow.CertificateRepository.Delete(existingInt.Id);
}
_uow.CertificateRepository.Insert(ce);
_uow.Save();
return(true);
}
