private string ComputeSubjectKeyIdentifier(CX509PublicKey publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException("Win32CertificateProvider.ComputeSubjectKeyIdentifier - null public key was provided");
}
return(publicKey.ComputeKeyIdentifier(KeyIdentifierHashAlgorithm.SKIHashSha1, EncodingType.XCN_CRYPT_STRING_HEX).
Trim().Replace(" ", "").Replace(Environment.NewLine, "").Trim());
}
private static void Enroll(string publicKeyAsPem, string username, string agentCertificate, string caConfig)
{
string argsKey = agentCertificate;
string argsUser = username;
X509Store store = new X509Store("My", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
publicKeyAsPem = string.Join("", publicKeyAsPem.Split(new[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries).Where(s => !s.StartsWith("--")));
// Create a PKCS 10 inner request.
CX509PublicKey pubKey = new CX509PublicKey();
pubKey.InitializeFromEncodedPublicKeyInfo(publicKeyAsPem);
CObjectId sha512 = new CObjectId();
sha512.InitializeFromValue("2.16.840.1.101.3.4.2.3");
CX509CertificateRequestPkcs10 pkcs10Req = new CX509CertificateRequestPkcs10();
pkcs10Req.InitializeFromPublicKey(X509CertificateEnrollmentContext.ContextUser, pubKey, "");
pkcs10Req.HashAlgorithm = sha512;
string toSign = pkcs10Req.RawDataToBeSigned[EncodingType.XCN_CRYPT_STRING_HASHDATA];
//using (YubikeyPivTool piv = new YubikeyPivTool())
//{
// //piv.
//}
// Create a CMC outer request and initialize
CX509CertificateRequestCmc cmcReq = new CX509CertificateRequestCmc();
cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, "SmartcardLogon");
cmcReq.RequesterName = argsUser;
CSignerCertificate signer = new CSignerCertificate();
signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, (EncodingType)0xc, argsKey);
cmcReq.SignerCertificate = signer;
// encode the request
cmcReq.Encode();
string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64];
CCertRequest objCertRequest = new CCertRequest();
// Get CA config from UI
string strCAConfig = caConfig;
// Submit the request
int iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig);
// Check the submission status
if (CR_DISP_ISSUED != iDisposition) // Not enrolled
{
string strDisposition = objCertRequest.GetDispositionMessage();
if (CR_DISP_UNDER_SUBMISSION == iDisposition)
{
Console.WriteLine("The submission is pending: " + strDisposition);
return;
}
Console.WriteLine("The submission failed: " + strDisposition);
Console.WriteLine("Last status: " + objCertRequest.GetLastStatus());
return;
}
// Get the certificate
string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64);
string argsCrt = "tmp.crt";
File.WriteAllText(argsCrt, "-----BEGIN CERTIFICATE-----\n" + strCert + "-----END CERTIFICATE-----\n");
}
private CertificateRequest ImproveDeserializedCsrFidelity(CertificateRequest csr, CX509PublicKey publicKey)
{
csr.SubjectKeyIdentifier = ComputeSubjectKeyIdentifier(publicKey);
csr.KeySize = publicKey.Length;
csr.CipherAlgorithm = GetCipherFromOid(publicKey.Algorithm.Value);
return(csr);
}
