private string ComputeSubjectKeyIdentifier(CX509PublicKey publicKey) { if (publicKey == null) { throw new ArgumentNullException("Win32CertificateProvider.ComputeSubjectKeyIdentifier - null public key was provided"); } return(publicKey.ComputeKeyIdentifier(KeyIdentifierHashAlgorithm.SKIHashSha1, EncodingType.XCN_CRYPT_STRING_HEX). Trim().Replace(" ", "").Replace(Environment.NewLine, "").Trim()); }
private static void Enroll(string publicKeyAsPem, string username, string agentCertificate, string caConfig) { string argsKey = agentCertificate; string argsUser = username; X509Store store = new X509Store("My", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); publicKeyAsPem = string.Join("", publicKeyAsPem.Split(new[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries).Where(s => !s.StartsWith("--"))); // Create a PKCS 10 inner request. CX509PublicKey pubKey = new CX509PublicKey(); pubKey.InitializeFromEncodedPublicKeyInfo(publicKeyAsPem); CObjectId sha512 = new CObjectId(); sha512.InitializeFromValue("2.16.840.1.101.3.4.2.3"); CX509CertificateRequestPkcs10 pkcs10Req = new CX509CertificateRequestPkcs10(); pkcs10Req.InitializeFromPublicKey(X509CertificateEnrollmentContext.ContextUser, pubKey, ""); pkcs10Req.HashAlgorithm = sha512; string toSign = pkcs10Req.RawDataToBeSigned[EncodingType.XCN_CRYPT_STRING_HASHDATA]; //using (YubikeyPivTool piv = new YubikeyPivTool()) //{ // //piv. //} // Create a CMC outer request and initialize CX509CertificateRequestCmc cmcReq = new CX509CertificateRequestCmc(); cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, "SmartcardLogon"); cmcReq.RequesterName = argsUser; CSignerCertificate signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, (EncodingType)0xc, argsKey); cmcReq.SignerCertificate = signer; // encode the request cmcReq.Encode(); string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]; CCertRequest objCertRequest = new CCertRequest(); // Get CA config from UI string strCAConfig = caConfig; // Submit the request int iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig); // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { string strDisposition = objCertRequest.GetDispositionMessage(); if (CR_DISP_UNDER_SUBMISSION == iDisposition) { Console.WriteLine("The submission is pending: " + strDisposition); return; } Console.WriteLine("The submission failed: " + strDisposition); Console.WriteLine("Last status: " + objCertRequest.GetLastStatus()); return; } // Get the certificate string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64); string argsCrt = "tmp.crt"; File.WriteAllText(argsCrt, "-----BEGIN CERTIFICATE-----\n" + strCert + "-----END CERTIFICATE-----\n"); }
private CertificateRequest ImproveDeserializedCsrFidelity(CertificateRequest csr, CX509PublicKey publicKey) { csr.SubjectKeyIdentifier = ComputeSubjectKeyIdentifier(publicKey); csr.KeySize = publicKey.Length; csr.CipherAlgorithm = GetCipherFromOid(publicKey.Algorithm.Value); return(csr); }