public static extern IntPtr CertCreateSelfSignCertificate(
IntPtr hProv,
ref CERT_NAME_BLOB pSubjectIssuerBlob,
uint dwFlagsm,
ref CRYPT_KEY_PROV_INFO pKeyProvInfo,
IntPtr pSignatureAlgorithm,
IntPtr pStartTime,
IntPtr pEndTime,
IntPtr other);
////------ Since we are using an RSA with nonpersisted keycontainer, must pass it in to ensure it isn't colledted -----
//private static byte[] GetPkcs12(RSA rsa, String keycontainer, String cspprovider, uint KEYSPEC, uint cspflags, string pass)
// {
// byte[] pfxblob = null;
// IntPtr hCertCntxt = IntPtr.Zero;
// String DN = "CN=Opensslkey Unsigned Certificate";
// hCertCntxt = CreateUnsignedCertCntxt(keycontainer, cspprovider, KEYSPEC, cspflags, DN) ;
// if(hCertCntxt == IntPtr.Zero){
// Console.WriteLine("Couldn't create an unsigned-cert\n") ;
// return null;
// }
// try{
// X509Certificate cert = new X509Certificate(hCertCntxt) ; //create certificate object from cert context.
// X509Certificate2UI.DisplayCertificate(new X509Certificate2(cert)) ; // display it, showing linked private key
// SecureString pswd = GetSecPswd(pass) ;
// pfxblob = cert.Export(X509ContentType.Pkcs12, pswd);
// }
// catch(Exception exc)
// {
// Console.WriteLine( "BAD RESULT" + exc.Message);
// pfxblob = null;
// }
//rsa.Clear() ;
//if(hCertCntxt != IntPtr.Zero)
// Win32.CertFreeCertificateContext(hCertCntxt) ;
// return pfxblob;
//}
private static IntPtr CreateUnsignedCertCntxt(String keycontainer, String provider, uint KEYSPEC, uint cspflags,
String DN)
{
const uint AT_KEYEXCHANGE = 0x00000001;
const uint AT_SIGNATURE = 0x00000002;
const uint CRYPT_MACHINE_KEYSET = 0x00000020;
const uint PROV_RSA_FULL = 0x00000001;
const String MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0";
const String MS_STRONG_PROV = "Microsoft Strong Cryptographic Provider";
const String MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0";
const uint CERT_CREATE_SELFSIGN_NO_SIGN = 1;
const uint X509_ASN_ENCODING = 0x00000001;
const uint CERT_X500_NAME_STR = 3;
IntPtr hCertCntxt = IntPtr.Zero;
byte[] encodedName = null;
uint cbName = 0;
if (provider != MS_DEF_PROV && provider != MS_STRONG_PROV && provider != MS_ENHANCED_PROV)
{
return(IntPtr.Zero);
}
if (keycontainer == "")
{
return(IntPtr.Zero);
}
if (KEYSPEC != AT_SIGNATURE && KEYSPEC != AT_KEYEXCHANGE)
{
return(IntPtr.Zero);
}
if (cspflags != 0 && cspflags != CRYPT_MACHINE_KEYSET) //only 0 (Current User) keyset is currently used.
{
return(IntPtr.Zero);
}
if (DN == "")
{
return(IntPtr.Zero);
}
if (Win32.CertStrToName(X509_ASN_ENCODING, DN, CERT_X500_NAME_STR, IntPtr.Zero, null, ref cbName,
IntPtr.Zero))
{
encodedName = new byte[cbName];
Win32.CertStrToName(X509_ASN_ENCODING, DN, CERT_X500_NAME_STR, IntPtr.Zero, encodedName, ref cbName,
IntPtr.Zero);
}
CERT_NAME_BLOB subjectblob = new CERT_NAME_BLOB();
subjectblob.pbData = Marshal.AllocHGlobal(encodedName.Length);
Marshal.Copy(encodedName, 0, subjectblob.pbData, encodedName.Length);
subjectblob.cbData = encodedName.Length;
CRYPT_KEY_PROV_INFO pInfo = new CRYPT_KEY_PROV_INFO();
pInfo.pwszContainerName = keycontainer;
pInfo.pwszProvName = provider;
pInfo.dwProvType = PROV_RSA_FULL;
pInfo.dwFlags = cspflags;
pInfo.cProvParam = 0;
pInfo.rgProvParam = IntPtr.Zero;
pInfo.dwKeySpec = KEYSPEC;
hCertCntxt = Win32.CertCreateSelfSignCertificate(IntPtr.Zero, ref subjectblob, CERT_CREATE_SELFSIGN_NO_SIGN,
ref pInfo, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero,
IntPtr.Zero);
if (hCertCntxt == IntPtr.Zero)
{
showWin32Error(Marshal.GetLastWin32Error());
}
Marshal.FreeHGlobal(subjectblob.pbData);
return(hCertCntxt);
}