private static string CreateCertificateSigningRequest(Session session, string ckaLabel, byte[] ckaId, int defaultBits,
string directDomain, string distinguishedName, int keyUsage)
{
// Generate key pair - Signing
ObjectHandle publicKeyHandle;
ObjectHandle privateKeyHandle;
Pkcs11Util.GenerateKeyPair(session, ckaLabel, ckaId, out publicKeyHandle, out privateKeyHandle, defaultBits);
// Generate x509 attributes for csr
IList oids = new ArrayList();
IList values = new ArrayList();
oids.Add(X509Extensions.BasicConstraints);
values.Add(new X509Extension(
true,
new DerOctetString(new BasicConstraints(true))));
oids.Add(X509Extensions.KeyUsage);
values.Add(new X509Extension(
true,
new DerOctetString(new KeyUsage(keyUsage))));
if (directDomain.Contains("@"))
{
AddSubjectAltNameForRfc822Name(directDomain, oids, values);
}
else
{
AddSubjectAltNameForDnsName(directDomain, oids, values);
}
var attribute = new AttributePkcs(
PkcsObjectIdentifiers.Pkcs9AtExtensionRequest,
new DerSet(new X509Extensions(oids, values)));
var asn1Attributes = new DerSet(attribute);
// Generate certificate request in PKCS#10 format
byte[] pkcs10 = Pkcs11Util.GeneratePkcs10(
session,
publicKeyHandle,
privateKeyHandle,
distinguishedName,
DigestAlgorithm.SHA256,
asn1Attributes);
//Export to Pem format.
var sb = new StringBuilder();
var pemObject = new PemObject("CERTIFICATE REQUEST", pkcs10);
using (var str = new StringWriter(sb))
{
var pemWriter = new PemWriter(str);
pemWriter.WriteObject(pemObject);
}
return(sb.ToString());
}
/// <summary>
///
/// </summary>
/// <param name="settings"></param>
private void InitializePkcs11(TokenSettings settings)
{
m_pkcs11 = new Pkcs11(settings.Pkcs11LibraryPath, settings.UseOsLocking);
m_slot = Pkcs11Util.FindSlot(m_pkcs11, settings);
if (m_slot == null)
{
throw new ArgumentNullException(nameof(m_slot));
}
}
