private static string CreateCertificateSigningRequest(Session session, string ckaLabel, byte[] ckaId, int defaultBits, string directDomain, string distinguishedName, int keyUsage) { // Generate key pair - Signing ObjectHandle publicKeyHandle; ObjectHandle privateKeyHandle; Pkcs11Util.GenerateKeyPair(session, ckaLabel, ckaId, out publicKeyHandle, out privateKeyHandle, defaultBits); // Generate x509 attributes for csr IList oids = new ArrayList(); IList values = new ArrayList(); oids.Add(X509Extensions.BasicConstraints); values.Add(new X509Extension( true, new DerOctetString(new BasicConstraints(true)))); oids.Add(X509Extensions.KeyUsage); values.Add(new X509Extension( true, new DerOctetString(new KeyUsage(keyUsage)))); if (directDomain.Contains("@")) { AddSubjectAltNameForRfc822Name(directDomain, oids, values); } else { AddSubjectAltNameForDnsName(directDomain, oids, values); } var attribute = new AttributePkcs( PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(oids, values))); var asn1Attributes = new DerSet(attribute); // Generate certificate request in PKCS#10 format byte[] pkcs10 = Pkcs11Util.GeneratePkcs10( session, publicKeyHandle, privateKeyHandle, distinguishedName, DigestAlgorithm.SHA256, asn1Attributes); //Export to Pem format. var sb = new StringBuilder(); var pemObject = new PemObject("CERTIFICATE REQUEST", pkcs10); using (var str = new StringWriter(sb)) { var pemWriter = new PemWriter(str); pemWriter.WriteObject(pemObject); } return(sb.ToString()); }
/// <summary> /// /// </summary> /// <param name="settings"></param> private void InitializePkcs11(TokenSettings settings) { m_pkcs11 = new Pkcs11(settings.Pkcs11LibraryPath, settings.UseOsLocking); m_slot = Pkcs11Util.FindSlot(m_pkcs11, settings); if (m_slot == null) { throw new ArgumentNullException(nameof(m_slot)); } }