public static void Create(string crlDistPt, string userPrincipalName, string countryName, string stateProvinceName, string localityName, string organizationName, string organizationalUnitName, string passphrase)
{
try {
const string replaceCrlDistPtd = "$crlDitributionPoint$";
const string replaceUserPrincipalName = "$userPrincipalName$";
var cnfText = File.ReadAllText(CertCnfTemplate)
.Replace(replaceCrlDistPtd, crlDistPt)
.Replace(replaceUserPrincipalName, userPrincipalName);
_certCurrentConfigurationFile = $"{CaIntermediateDirectory}/openssl-dc-{userPrincipalName}.cnf";
if (File.Exists(_certCurrentConfigurationFile))
{
File.Delete(_certCurrentConfigurationFile);
}
File.WriteAllText(_certCurrentConfigurationFile, cnfText);
ConsoleLogger.Log($"certificate configuration file set for {userPrincipalName}");
const int days = 740;
var certificateKeyPath = $"{CaIntermediateDirectory}/private/dc-{userPrincipalName}.key.pem";
var certificateRequestPath = $"{CaIntermediateDirectory}/csr/dc-{userPrincipalName}.csr.pem";
var certificatePath = $"{CaIntermediateDirectory}/certs/dc-{userPrincipalName}.cert.pem";
Terminal.Terminal.Execute($"openssl req -new -newkey rsa:2048 -keyout {certificateKeyPath} -out {certificateRequestPath} -config {_certCurrentConfigurationFile} -passout pass:{passphrase} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={userPrincipalName}/emailAddress={userPrincipalName}\"");
Terminal.Terminal.Execute($"openssl ca -batch -config {_certCurrentConfigurationFile} -days {days} -in {certificateRequestPath} -out {certificatePath} -passin pass:{ApplicationSetting.X509()}");
var certificateDerPath = $"{CaIntermediateDirectory}/certs/{userPrincipalName}.cert.cer";
Terminal.Terminal.Execute($"openssl x509 -in {certificatePath} -inform PEM -out {certificateDerPath} -outform DER");
Terminal.Terminal.Execute($"chmod 444 {certificateDerPath}");
var certificatePfxPath = $"{CaIntermediateDirectory}/certs/{userPrincipalName}.cert.pfx";
Terminal.Terminal.Execute($"openssl pkcs12 -export -in {certificatePath} -inkey {certificateKeyPath} -out {certificatePfxPath} -passin pass:{passphrase} -passout pass:{passphrase} -nodes");
Terminal.Terminal.Execute($"chmod 444 {certificatePfxPath}");
var dt = DateTime.Now;
var model = new CertificateModel {
IsPresent = true,
IsRevoked = false,
_Id = Guid.NewGuid().ToString(),
CertificateGuid = Guid.NewGuid().ToString(),
CertificatePath = certificatePath,
CertificateDerPath = certificateDerPath,
CertificatePfxPath = certificatePfxPath,
CertificateCountryName = countryName,
CertificateStateProvinceNameh = stateProvinceName,
CertificateLocalityName = localityName,
CertificateOrganizationName = organizationName,
CertificateOrganizationalUnitName = organizationalUnitName,
CertificateCommonName = userPrincipalName,
CertificateEmailAddress = userPrincipalName,
CertificatePassphrase = passphrase,
CertificateAuthorityLevel = CertificateAuthorityLevel.Common,
CertificateAssignment = CertificateAssignment.SmartCard,
AssignmentGuid = userPrincipalName,
ReleaseDateTime = dt,
ExpirationDateTime = dt.AddDays(days)
};
DeNSo.Session.New.Set(model);
}
catch (Exception ex) {
ConsoleLogger.Warn(ex.Message);
}
}
public static void Create(string countryName, string stateProvinceName, string localityName, string organizationName, string organizationalUnitName, string commonName, string emailAddress, string passphrase, CertificateAssignment assignment, string bytesLength, string userGuid, string serviceGuid, string serviceAlias)
{
try {
var certName = commonName;
var usePassphraseForPrivateKey = passphrase.Length > 0;
var certificateKeyPath = $"{CaIntermediateDirectory}/private/{certName}.key.pem";
var certificateRequestPath = $"{CaIntermediateDirectory}/csr/{certName}.csr.pem";
var certificatePath = $"{CaIntermediateDirectory}/certs/{certName}.cert.pem";
if (usePassphraseForPrivateKey == false)
{
Terminal.Terminal.Execute($"openssl genrsa -out {certificateKeyPath} {bytesLength}");
Terminal.Terminal.Execute($"chmod 400 {certificateKeyPath}");
Terminal.Terminal.Execute($"openssl req -config {CaIntermediateConfFile} -key {certificateKeyPath} -new -sha256 -out {certificateRequestPath} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={certName}/emailAddress={emailAddress}\"");
}
else
{
Terminal.Terminal.Execute(
$"openssl genrsa -aes256 -passout pass:{passphrase} -out {certificateKeyPath} {bytesLength}");
Terminal.Terminal.Execute($"chmod 400 {certificateKeyPath}");
Terminal.Terminal.Execute($"openssl req -config {CaIntermediateConfFile} -key {certificateKeyPath} -new -sha256 -out {certificateRequestPath} -passin pass:{passphrase} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={certName}/emailAddress={emailAddress}\"");
}
var certExtension = "usr_cert";
if (assignment == CertificateAssignment.Service)
{
certExtension = "server_cert";
}
const int days = 375;
Terminal.Terminal.Execute($"openssl ca -batch -config {CaIntermediateConfFile} -extensions {certExtension} -days {days} -notext -md sha256 -passin pass:{ApplicationSetting.X509()} -in {certificateRequestPath} -out {certificatePath}");
Terminal.Terminal.Execute($"chmod 444 {certificatePath}");
var certificateDerPath = $"{CaIntermediateDirectory}/certs/{certName}.cert.cer";
Terminal.Terminal.Execute($"openssl x509 -in {certificatePath} -inform PEM -out {certificateDerPath} -outform DER");
Terminal.Terminal.Execute($"chmod 444 {certificateDerPath}");
var certificatePfxPath = $"{CaIntermediateDirectory}/certs/{certName}.cert.pfx";
Terminal.Terminal.Execute($"openssl pkcs12 -export -in {certificatePath} -inkey {certificateKeyPath} -out {certificatePfxPath} -passin pass:{passphrase} -passout pass:{passphrase} -nodes");
Terminal.Terminal.Execute($"chmod 444 {certificatePfxPath}");
var dt = DateTime.Now;
var model = new CertificateModel {
IsPresent = true,
IsRevoked = false,
_Id = Guid.NewGuid().ToString(),
CertificateGuid = Guid.NewGuid().ToString(),
CertificatePath = certificatePath,
CertificateDerPath = certificateDerPath,
CertificatePfxPath = certificatePfxPath,
CertificateCountryName = countryName,
CertificateStateProvinceNameh = stateProvinceName,
CertificateLocalityName = localityName,
CertificateOrganizationName = organizationName,
CertificateOrganizationalUnitName = organizationalUnitName,
CertificateCommonName = certName,
CertificateEmailAddress = emailAddress,
CertificatePassphrase = passphrase,
IsProtectedByPassphrase = usePassphraseForPrivateKey,
CertificateAuthorityLevel = CertificateAuthorityLevel.Common,
CertificateAssignment = assignment,
AssignmentGuid = "",
AssignmentUserGuids = userGuid.Split(','),
AssignmentServiceGuid = serviceGuid,
AssignmentServiceAlias = serviceAlias,
CertificateBytes = bytesLength,
ReleaseDateTime = dt,
ExpirationDateTime = dt.AddDays(days)
};
DeNSo.Session.New.Set(model);
}
catch (Exception ex) {
ConsoleLogger.Warn(ex.Message);
}
}
public static void Create(string crlDistPt, string domainGuid, string domainDnsName, string countryName, string stateProvinceName, string localityName, string organizationName, string organizationalUnitName, string commonName, string emailAddress, string passphrase)
{
try {
const string replaceCrlDistPtd = "$crlDitributionPoint$";
const string replaceDomainControllerGuid = "$domainControllerGuid$";
const string replaceDomainDnsname = "$domainDnsName$";
var cnfText = File.ReadAllText(CertCnfTemplate)
.Replace(replaceCrlDistPtd, crlDistPt)
.Replace(replaceDomainControllerGuid, domainGuid)
.Replace(replaceDomainDnsname, domainDnsName);
_certCurrentConfigurationFile = $"{CaIntermediateDirectory}/openssl-dc-{domainGuid}.cnf";
if (File.Exists(_certCurrentConfigurationFile))
{
File.Delete(_certCurrentConfigurationFile);
}
File.WriteAllText(_certCurrentConfigurationFile, cnfText);
ConsoleLogger.Log($"certificate configuration file set for {domainGuid}");
const int days = 740;
var certificateKeyPath = $"{CaIntermediateDirectory}/private/dc-{domainGuid}.key.pem";
var certificateRequestPath = $"{CaIntermediateDirectory}/csr/dc-{domainGuid}.csr.pem";
var certificatePath = $"{CaIntermediateDirectory}/certs/dc-{domainGuid}.cert.pem";
Terminal.Terminal.Execute($"openssl req -new -newkey rsa:2048 -keyout {certificateKeyPath} -out {certificateRequestPath} -config {_certCurrentConfigurationFile} -passout pass:{passphrase} -subj \"/C={countryName}/ST={stateProvinceName}/L={localityName}/O={organizationName}/OU={organizationalUnitName}/CN={commonName}/emailAddress={emailAddress}\"");
Terminal.Terminal.Execute($"openssl ca -batch -config {_certCurrentConfigurationFile} -days {days} -in {certificateRequestPath} -out {certificatePath} -passin pass:{ApplicationSetting.X509()}");
var privDcKey = $"{CaIntermediateDirectory}/private/dc-privkey.pem";
Terminal.Terminal.Execute($"openssl rsa -in {certificateKeyPath} -inform PEM -out {privDcKey} -outform PEM -passin pass:{ApplicationSetting.X509()}");
var paramFile = $"{CaIntermediateDirectory}/params/dc-dhparams.pem";
Terminal.Terminal.Execute($"openssl dhparam 2048 -outform PEM -out {paramFile}");
if (File.Exists(SambaDcCert))
{
File.Delete(SambaDcCert);
}
Terminal.Terminal.Execute($"cp {certificatePath} {SambaDcCert}");
if (File.Exists(SambaDcParams))
{
File.Delete(SambaDcParams);
}
Terminal.Terminal.Execute($"cp {paramFile} {SambaDcParams}");
if (File.Exists(SambaDcKey))
{
File.Delete(SambaDcKey);
}
Terminal.Terminal.Execute($"cp {privDcKey} {SambaDcKey}");
Terminal.Terminal.Execute("systemctl restart samba");
var dt = DateTime.Now;
var model = new CertificateModel {
IsPresent = true,
IsRevoked = false,
_Id = Guid.NewGuid().ToString(),
CertificateGuid = Guid.NewGuid().ToString(),
CertificatePath = certificatePath,
CertificateCountryName = countryName,
CertificateStateProvinceNameh = stateProvinceName,
CertificateLocalityName = localityName,
CertificateOrganizationName = organizationName,
CertificateOrganizationalUnitName = organizationalUnitName,
CertificateCommonName = commonName,
CertificateEmailAddress = emailAddress,
CertificatePassphrase = passphrase,
CertificateAuthorityLevel = CertificateAuthorityLevel.Common,
CertificateAssignment = CertificateAssignment.DomainController,
AssignmentGuid = domainGuid,
ReleaseDateTime = dt,
ExpirationDateTime = dt.AddDays(days)
};
DeNSo.Session.New.Set(model);
}
catch (Exception ex) {
ConsoleLogger.Warn(ex.Message);
}
}
