/// <summary>
/// Builds the CSR depending on the parameters provided.
/// </summary>
/// <returns>CSR data.</returns>
public CSR GenerateCSR()
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
if (_signatureAlgorithm < 0 || (int)_signatureAlgorithm >= PKCS15SignatureAlgorithmList.Length)
{
_signatureAlgorithm = PKCS15SignatureAlgorithm.SHA256WITHRSA;
}
// Issuer and Subject Name
if (_DistinguishedName == null)
{
certificateGenerator.SetIssuerDN(new X509Name(_subjectName));
certificateGenerator.SetSubjectDN(new X509Name(_subjectName));
}
else
{
certificateGenerator.SetIssuerDN(DistinguishedNamesToX509Name(_DistinguishedName));
certificateGenerator.SetSubjectDN(DistinguishedNamesToX509Name(_DistinguishedName));
}
// Add SAN extension
if (_SubjectAlternativeName != null)
{
certificateGenerator.AddExtension
(
X509Extensions.SubjectAlternativeName,
false,
SubjectAlternativeNamesToGeneralNames(_SubjectAlternativeName)
);
}
// Basic Constraints - certificate is not allowed to be used as intermediate.
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false));
// Key intended purpose constrain
if (_keyPurpose.Length > 0)
{
ArrayList kpList = new ArrayList();
for (int i = 0; i < _keyPurpose.Length; i++)
{
kpList.Add(new DerObjectIdentifier(_keyPurpose[i]));
}
IEnumerable kp = kpList;
certificateGenerator.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
_criticalKeyPurpose,
new ExtendedKeyUsage(kp)
);
}
// Key usage
if (_keyUsage > 0)
{
certificateGenerator.AddExtension(
X509Extensions.KeyUsage.Id,
_criticalKeyUsage,
new KeyUsage(_keyUsage)
);
}
// Valid For
certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2));
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
var issuerKeyPair = _issuerPrivateKey == null
? subjectKeyPair
: DotNetUtilities.GetKeyPair(_issuerPrivateKey);
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
//Generate CSR
ISignatureFactory signatureFactory = new Asn1SignatureFactory(PKCS15SignatureAlgorithmList[(int)_signatureAlgorithm], issuerKeyPair.Private, random);
Pkcs10CertificationRequest certificationRequest = null;
if (_DistinguishedName == null)
{
certificationRequest = new Pkcs10CertificationRequest(signatureFactory, new X509Name(_subjectName), subjectKeyPair.Public, null);
}
else
{
certificationRequest = new Pkcs10CertificationRequest(signatureFactory, DistinguishedNamesToX509Name(_DistinguishedName), subjectKeyPair.Public, null);
}
var certificate = certificateGenerator.Generate(signatureFactory);
//Build the CSR
StringBuilder csrStrBuilder = new StringBuilder();
PemWriter csrPemWriter = new PemWriter(new StringWriter(csrStrBuilder));
csrPemWriter.WriteObject(certificationRequest);
csrPemWriter.Writer.Flush();
CSR csrResult = new CSR();
csrResult.CSRPEM = csrStrBuilder.ToString();
//Merge the private key into X509Certificate2
X509Certificate2 privateKey;
if (_friendlyName != null)
{
privateKey = new X509Certificate2(certificate.GetEncoded())
{
PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair),
FriendlyName = _friendlyName
};
}
else
{
privateKey = new X509Certificate2(certificate.GetEncoded())
{
PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair)
};
}
csrResult.PrivateKey = privateKey;
return(csrResult);
}
/// <summary>
/// Builds the certificate depending on the parameters
/// </summary>
/// <returns>X509Certificate2 from the chosen parameters</returns>
public X509Certificate2 Build()
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
if (_signatureAlgorithm < 0 || (int)_signatureAlgorithm >= PKCS15SignatureAlgorithmList.Length)
{
_signatureAlgorithm = PKCS15SignatureAlgorithm.SHA256WITHRSA;
}
// Add SAN Extension
if (_SubjectAlternativeName != null)
{
certificateGenerator.AddExtension
(
X509Extensions.SubjectAlternativeName,
false,
SubjectAlternativeNamesToGeneralNames(_SubjectAlternativeName)
);
}
// Issuer and Subject Name
if (_DistinguishedName == null)
{
certificateGenerator.SetIssuerDN(new X509Name(_issuerName ?? _subjectName));
certificateGenerator.SetSubjectDN(new X509Name(_subjectName));
}
else
{
if (_issuerName != null && _issuerName.Length > 0)
{
certificateGenerator.SetIssuerDN(new X509Name(_issuerName));
}
else
{
certificateGenerator.SetIssuerDN(DistinguishedNamesToX509Name(_DistinguishedName));
}
certificateGenerator.SetSubjectDN(DistinguishedNamesToX509Name(_DistinguishedName));
}
// Authority Key Identifier
if (_issuer != null)
{
var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(
DotNetUtilities.FromX509Certificate(_issuer)
);
certificateGenerator.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,
false,
authorityKeyIdentifier
);
}
// Basic Constraints - certificate is allowed to be used as intermediate.
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, true, new BasicConstraints(_intermediate));
// Key intended purpose constrain
if (_keyPurpose.Length > 0)
{
ArrayList kpList = new ArrayList();
for (int i = 0; i < _keyPurpose.Length; i++)
{
kpList.Add(new DerObjectIdentifier(_keyPurpose[i]));
}
IEnumerable kp = kpList;
certificateGenerator.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
_criticalKeyPurpose,
new ExtendedKeyUsage(kp)
);
}
// Key usage
if (_keyUsage > 0)
{
certificateGenerator.AddExtension(
X509Extensions.KeyUsage.Id,
_criticalKeyUsage,
new KeyUsage(_keyUsage)
);
}
// Valid For
certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2));
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
var issuerKeyPair = _issuerPrivateKey == null
? subjectKeyPair
: DotNetUtilities.GetKeyPair(_issuerPrivateKey);
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// self-sign certificate
ISignatureFactory signatureFactory = new Asn1SignatureFactory(PKCS15SignatureAlgorithmList[(int)_signatureAlgorithm], issuerKeyPair.Private, random);
var certificate = certificateGenerator.Generate(signatureFactory);
// merge into X509Certificate2
if (_friendlyName != null)
{
return(new X509Certificate2(certificate.GetEncoded())
{
PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair),
FriendlyName = _friendlyName
});
}
return(new X509Certificate2(certificate.GetEncoded())
{
PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair)
});
}
