/// <summary> /// Builds the CSR depending on the parameters provided. /// </summary> /// <returns>CSR data.</returns> public CSR GenerateCSR() { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm if (_signatureAlgorithm < 0 || (int)_signatureAlgorithm >= PKCS15SignatureAlgorithmList.Length) { _signatureAlgorithm = PKCS15SignatureAlgorithm.SHA256WITHRSA; } // Issuer and Subject Name if (_DistinguishedName == null) { certificateGenerator.SetIssuerDN(new X509Name(_subjectName)); certificateGenerator.SetSubjectDN(new X509Name(_subjectName)); } else { certificateGenerator.SetIssuerDN(DistinguishedNamesToX509Name(_DistinguishedName)); certificateGenerator.SetSubjectDN(DistinguishedNamesToX509Name(_DistinguishedName)); } // Add SAN extension if (_SubjectAlternativeName != null) { certificateGenerator.AddExtension ( X509Extensions.SubjectAlternativeName, false, SubjectAlternativeNamesToGeneralNames(_SubjectAlternativeName) ); } // Basic Constraints - certificate is not allowed to be used as intermediate. certificateGenerator.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false)); // Key intended purpose constrain if (_keyPurpose.Length > 0) { ArrayList kpList = new ArrayList(); for (int i = 0; i < _keyPurpose.Length; i++) { kpList.Add(new DerObjectIdentifier(_keyPurpose[i])); } IEnumerable kp = kpList; certificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage.Id, _criticalKeyPurpose, new ExtendedKeyUsage(kp) ); } // Key usage if (_keyUsage > 0) { certificateGenerator.AddExtension( X509Extensions.KeyUsage.Id, _criticalKeyUsage, new KeyUsage(_keyUsage) ); } // Valid For certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2)); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); var issuerKeyPair = _issuerPrivateKey == null ? subjectKeyPair : DotNetUtilities.GetKeyPair(_issuerPrivateKey); certificateGenerator.SetPublicKey(subjectKeyPair.Public); //Generate CSR ISignatureFactory signatureFactory = new Asn1SignatureFactory(PKCS15SignatureAlgorithmList[(int)_signatureAlgorithm], issuerKeyPair.Private, random); Pkcs10CertificationRequest certificationRequest = null; if (_DistinguishedName == null) { certificationRequest = new Pkcs10CertificationRequest(signatureFactory, new X509Name(_subjectName), subjectKeyPair.Public, null); } else { certificationRequest = new Pkcs10CertificationRequest(signatureFactory, DistinguishedNamesToX509Name(_DistinguishedName), subjectKeyPair.Public, null); } var certificate = certificateGenerator.Generate(signatureFactory); //Build the CSR StringBuilder csrStrBuilder = new StringBuilder(); PemWriter csrPemWriter = new PemWriter(new StringWriter(csrStrBuilder)); csrPemWriter.WriteObject(certificationRequest); csrPemWriter.Writer.Flush(); CSR csrResult = new CSR(); csrResult.CSRPEM = csrStrBuilder.ToString(); //Merge the private key into X509Certificate2 X509Certificate2 privateKey; if (_friendlyName != null) { privateKey = new X509Certificate2(certificate.GetEncoded()) { PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair), FriendlyName = _friendlyName }; } else { privateKey = new X509Certificate2(certificate.GetEncoded()) { PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair) }; } csrResult.PrivateKey = privateKey; return(csrResult); }
/// <summary> /// Builds the certificate depending on the parameters /// </summary> /// <returns>X509Certificate2 from the chosen parameters</returns> public X509Certificate2 Build() { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm if (_signatureAlgorithm < 0 || (int)_signatureAlgorithm >= PKCS15SignatureAlgorithmList.Length) { _signatureAlgorithm = PKCS15SignatureAlgorithm.SHA256WITHRSA; } // Add SAN Extension if (_SubjectAlternativeName != null) { certificateGenerator.AddExtension ( X509Extensions.SubjectAlternativeName, false, SubjectAlternativeNamesToGeneralNames(_SubjectAlternativeName) ); } // Issuer and Subject Name if (_DistinguishedName == null) { certificateGenerator.SetIssuerDN(new X509Name(_issuerName ?? _subjectName)); certificateGenerator.SetSubjectDN(new X509Name(_subjectName)); } else { if (_issuerName != null && _issuerName.Length > 0) { certificateGenerator.SetIssuerDN(new X509Name(_issuerName)); } else { certificateGenerator.SetIssuerDN(DistinguishedNamesToX509Name(_DistinguishedName)); } certificateGenerator.SetSubjectDN(DistinguishedNamesToX509Name(_DistinguishedName)); } // Authority Key Identifier if (_issuer != null) { var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure( DotNetUtilities.FromX509Certificate(_issuer) ); certificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifier ); } // Basic Constraints - certificate is allowed to be used as intermediate. certificateGenerator.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(_intermediate)); // Key intended purpose constrain if (_keyPurpose.Length > 0) { ArrayList kpList = new ArrayList(); for (int i = 0; i < _keyPurpose.Length; i++) { kpList.Add(new DerObjectIdentifier(_keyPurpose[i])); } IEnumerable kp = kpList; certificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage.Id, _criticalKeyPurpose, new ExtendedKeyUsage(kp) ); } // Key usage if (_keyUsage > 0) { certificateGenerator.AddExtension( X509Extensions.KeyUsage.Id, _criticalKeyUsage, new KeyUsage(_keyUsage) ); } // Valid For certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2)); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); var issuerKeyPair = _issuerPrivateKey == null ? subjectKeyPair : DotNetUtilities.GetKeyPair(_issuerPrivateKey); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // self-sign certificate ISignatureFactory signatureFactory = new Asn1SignatureFactory(PKCS15SignatureAlgorithmList[(int)_signatureAlgorithm], issuerKeyPair.Private, random); var certificate = certificateGenerator.Generate(signatureFactory); // merge into X509Certificate2 if (_friendlyName != null) { return(new X509Certificate2(certificate.GetEncoded()) { PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair), FriendlyName = _friendlyName }); } return(new X509Certificate2(certificate.GetEncoded()) { PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair) }); }