public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md) { var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md); var rsaPk = pk as RsaPrivateKey; if (rsaPk != null) { return(GenerateCsr(csrParams.Details, (RsaPrivateKey)pk, mdVal)); } throw new NotSupportedException("unsupported private key type"); }
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md) { return(_cp.GenerateCsr(csrParams, pk, md)); }
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md) { var rsaPk = pk as CeRsaPrivateKey; if (rsaPk != null) { var cePk = new CERTENROLLLib.CX509PrivateKey(); // MS_DEF_PROV //cePk.ProviderName = "Microsoft Base Cryptographic Provider"; cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; // Don't store in the machine's local cert store and allow exporting of private key cePk.MachineContext = false; cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; cePk.Import(BCRYPT_PRIVATE_KEY_BLOB, rsaPk.Exported); var ceReq = new CERTENROLLLib.CX509CertificateRequestCertificate(); ceReq.InitializeFromPrivateKey( CERTENROLLLib.X509CertificateEnrollmentContext.ContextUser, cePk, ""); // CN=Test Cert, OU=Sandbox var subjParts = new[] { new { name = "C", value = csrParams?.Details?.Country }, new { name = "ST", value = csrParams?.Details?.StateOrProvince }, new { name = "L", value = csrParams?.Details?.Locality }, new { name = "O", value = csrParams?.Details?.Organization }, new { name = "OU", value = csrParams?.Details?.OrganizationUnit }, new { name = "CN", value = csrParams?.Details?.CommonName }, new { name = "E", value = csrParams?.Details?.Email }, }; // Escape any non-standard character var re = new Regex("[^A-Za-z0-9\\._-]"); var subj = ""; foreach (var sp in subjParts) { if (!string.IsNullOrEmpty(sp.value)) { var spVal = re.Replace(sp.value, "\\$0"); subj += $",{sp.name}={spVal}"; } } if (string.IsNullOrEmpty(subj)) { throw new InvalidOperationException("invalid CSR details"); } subj = subj.Substring(1); // Skip over the first comma // http://msdn.microsoft.com/en-us/library/aa377051(VS.85).aspx var subjDN = new CERTENROLLLib.CX500DistinguishedName(); subjDN.Encode(subj); ceReq.Subject = subjDN; if (csrParams.NotBefore != null) { ceReq.NotBefore = csrParams.NotBefore.Value; } if (csrParams.NotAfter != null) { ceReq.NotAfter = csrParams.NotAfter.Value; } var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md); var mdOid = new System.Security.Cryptography.Oid(mdVal); var mdAlg = new CERTENROLLLib.CObjectId(); mdAlg.InitializeFromValue(mdOid.Value); ceReq.SignatureInformation.HashAlgorithm = mdAlg; ceReq.Encode(); var csr = new Csr(ceReq.RawData); return(csr); } else { throw new NotSupportedException("unsuppored private key type"); } }
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md) { var rsaPk = pk as RsaPrivateKey; if (rsaPk != null) { var tempCfgFile = Path.GetTempFileName(); var tempKeyFile = Path.GetTempFileName(); var tempCsrFile = Path.GetTempFileName(); try { var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md); var args = $"req -batch -new -keyform PEM -key {tempKeyFile} -{mdVal}"; args += $" -config {tempCfgFile} -outform PEM -out {tempCsrFile} -subj \""; var subjParts = new[] { new { name = "C", value = csrParams?.Details?.Country }, new { name = "ST", value = csrParams?.Details?.StateOrProvince }, new { name = "L", value = csrParams?.Details?.Locality }, new { name = "O", value = csrParams?.Details?.Organization }, new { name = "OU", value = csrParams?.Details?.OrganizationUnit }, new { name = "CN", value = csrParams?.Details?.CommonName }, new { name = "emailAddress", value = csrParams?.Details?.Email }, }; // Escape any non-standard character var re = new Regex("[^A-Za-z0-9\\._-]"); foreach (var sp in subjParts) { if (!string.IsNullOrEmpty(sp.value)) { var spVal = re.Replace(sp.value, "\\$0"); args += $"/{sp.name}={spVal}"; } } args += "\""; File.WriteAllText(tempKeyFile, rsaPk.Pem); using (Stream source = Assembly.GetExecutingAssembly() .GetManifestResourceStream(typeof(OpenSslCliProvider), "OpenSslCliProvider_Config.txt"), target = new FileStream(tempCfgFile, FileMode.Create)) { source.CopyTo(target); } RunCli(args); var csr = new Csr(File.ReadAllText(tempCsrFile)); return(csr); } finally { File.Delete(tempCfgFile); File.Delete(tempKeyFile); File.Delete(tempCsrFile); } } throw new NotSupportedException("unsupported private key type"); }
public abstract Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md);
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md) { var csrDetails = csrParams.Details; var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md); var attrs = new Dictionary <DerObjectIdentifier, string>(); if (!string.IsNullOrEmpty(csrDetails.CommonName /**/)) { attrs.Add(X509Name.CN, csrDetails.CommonName); // CN; } if (!string.IsNullOrEmpty(csrDetails.Country /**/)) { attrs.Add(X509Name.C, csrDetails.Country); // C; } if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/)) { attrs.Add(X509Name.ST, csrDetails.StateOrProvince); // ST; } if (!string.IsNullOrEmpty(csrDetails.Locality /**/)) { attrs.Add(X509Name.L, csrDetails.Locality); // L; } if (!string.IsNullOrEmpty(csrDetails.Organization /**/)) { attrs.Add(X509Name.O, csrDetails.Organization); // O; } if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/)) { attrs.Add(X509Name.OU, csrDetails.OrganizationUnit); // OU; } if (!string.IsNullOrEmpty(csrDetails.Surname /**/)) { attrs.Add(X509Name.Surname, csrDetails.Surname); // S; } if (!string.IsNullOrEmpty(csrDetails.GivenName /**/)) { attrs.Add(X509Name.GivenName, csrDetails.GivenName); // G; } if (!string.IsNullOrEmpty(csrDetails.Initials /**/)) { attrs.Add(X509Name.Initials, csrDetails.Initials); // I; } if (!string.IsNullOrEmpty(csrDetails.Title /**/)) { attrs.Add(X509Name.T, csrDetails.Title); // T; } if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/)) { attrs.Add(X509Name.SerialNumber, csrDetails.SerialNumber); // SN; } if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/)) { attrs.Add(X509Name.UniqueIdentifier, csrDetails.UniqueIdentifier); // UID; } var subj = new X509Name(attrs.Keys.ToList(), attrs.Values.ToList()); var rsaPk = pk as RsaPrivateKey; if (rsaPk != null) { using (var tr = new StringReader(rsaPk.Pem)) { var pr = new PemReader(tr); var pem = pr.ReadObject(); var ackp = pem as AsymmetricCipherKeyPair; if (ackp != null) { var sigAlg = $"{mdVal}withRSA"; var csrAttrs = new List <Asn1Encodable>(); if (csrDetails.AlternativeNames != null) { var gnames = new List <GeneralName>(); // Start off with the common name as the first alternative name gnames.Add(new GeneralName(GeneralName.DnsName, csrDetails.CommonName)); // Combine with all subsequent alt names foreach (var n in csrDetails.AlternativeNames) { gnames.Add(new GeneralName(GeneralName.DnsName, n)); } var altNames = new GeneralNames(gnames.ToArray()); #pragma warning disable CS0612 // Type or member is obsolete var x509Ext = new X509Extensions(new Hashtable { [X509Extensions.SubjectAlternativeName] = new X509Extension(false, new DerOctetString(altNames)) }); #pragma warning restore CS0612 // Type or member is obsolete csrAttrs.Add(new Org.BouncyCastle.Asn1.Cms.Attribute( PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(x509Ext))); } #pragma warning disable CS0618 // Type or member is obsolete var csr = new Pkcs10CertificationRequest(sigAlg, subj, ackp.Public, new DerSet(csrAttrs.ToArray()), ackp.Private); #pragma warning restore CS0618 // Type or member is obsolete var csrPem = ToCsrPem(csr); return(new Csr(csrPem)); } } } throw new NotSupportedException("unsupported private key type"); }