/// <summary> /// Add the Certificate endpoints feature to MVC. /// </summary> /// <param name="mvcBuilder">An interface for configuring MVC services.</param> /// <param name="configureAction">Delegate for configuring options for certificate endpoints feature.</param> /// <returns></returns> public static IMvcBuilder AddCertificateEndpoints(this IMvcBuilder mvcBuilder, Action <CertificateEndpointsOptions> configureAction = null) { mvcBuilder.ConfigureApplicationPartManager(apm => apm.FeatureProviders.Add(new CertificatesFeatureProvider())); mvcBuilder.AddFormatterMappings(mappings => { mappings.SetMediaTypeMappingForFormat("crt", "application/x-x509-user-cert"); // The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. mappings.SetMediaTypeMappingForFormat("cer", "application/pkix-cert"); // Alternate form of .crt (Microsoft Convention). You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer) mappings.SetMediaTypeMappingForFormat("key", "application/pkcs8"); // The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM. mappings.SetMediaTypeMappingForFormat("pfx", "application/x-pkcs12"); // PFX. }); mvcBuilder.AddMvcOptions(mvc => { mvc.OutputFormatters.Add(new CertificateOutputFormatter()); }); var options = new CertificateEndpointsOptions { IssuerDomain = "www.example.com", PfxPassphrase = "???" }; options.Services = mvcBuilder.Services; configureAction?.Invoke(options); options.Services = null; if (options.Path == null) { var serviceProvider = mvcBuilder.Services.BuildServiceProvider(); var hostingEnvironment = serviceProvider.GetRequiredService <IWebHostEnvironment>(); options.Path = Path.Combine(hostingEnvironment.ContentRootPath, "App_Data", "certs"); } mvcBuilder.Services.AddSingleton(options); if (!Directory.Exists(options.Path)) { Directory.CreateDirectory(options.Path); } if (!File.Exists(Path.Combine(options.Path, "ca.pfx"))) { var serviceProvider = mvcBuilder.Services.BuildServiceProvider(); var manager = new CertificateManager(); var issuingCert = manager.CreateRootCACertificate(options.IssuerDomain); var certBase64 = issuingCert.ExportToPEM(); var pfxBytes = issuingCert.Export(X509ContentType.Pfx, options.PfxPassphrase); File.WriteAllBytes(Path.Combine(options.Path, "ca.pfx"), pfxBytes); File.WriteAllText(Path.Combine(options.Path, "ca.cer"), certBase64); var store = serviceProvider.GetService <ICertificatesStore>(); var taskFactory = new TaskFactory(); var addTask = store.Add(issuingCert, null); taskFactory.StartNew(() => addTask).Unwrap().GetAwaiter().GetResult(); } return(mvcBuilder); }
public void Generate_CRL() { //byte[] rawData = File.ReadAllBytes(Path.Combine(Directory.GetCurrentDirectory(), "GTSGIAG3.crl")); //var decoder = CertificateRevocationListSequence.CreateDecoder(); //var type = decoder.Decode(rawData); var crl = new CertificateRevocationList() { AuthorizationKeyId = "77c2b8509a677676b12dc286d083a07ea67eba4b", Country = "GR", Organization = "INDICE OE", IssuerCommonName = "Some Cerification Authority CA", CrlNumber = 234, EffectiveDate = DateTime.UtcNow.AddDays(-2), NextUpdate = DateTime.UtcNow.AddDays(1), Items = { new RevokedCertificate { ReasonCode = RevokedCertificate.CRLReasonCode.Superseded, RevocationDate = DateTime.UtcNow.AddHours(-10), SerialNumber = "05f4102a802b874c" }, new RevokedCertificate { ReasonCode = RevokedCertificate.CRLReasonCode.Superseded, RevocationDate = DateTime.UtcNow.AddHours(-9), SerialNumber = "174401aea7b9a5de" } } }; var crlSeq = new CertificateRevocationListSequence(crl); var manager = new CertificateManager(); var caCert = manager.CreateRootCACertificate("identityserver.gr"); var data = crlSeq.SignAndSerialize(caCert.PrivateKey as RSA); File.WriteAllBytes(Path.Combine(Directory.GetCurrentDirectory(), "my.crl"), data); Assert.True(true); }
public void Generate_QWACs() { var data = Psd2CertificateRequest.Example(); var manager = new CertificateManager(); var caCert = manager.CreateRootCACertificate("identityserver.gr"); var cert = manager.CreateQWACs(data, "identityserver.gr", issuer: caCert, out var privateKey); var certBase64 = cert.ExportToPEM(); var publicBase64 = privateKey.ToSubjectPublicKeyInfo(); var privateBase64 = privateKey.ToRSAPrivateKey(); var pfxBytes = cert.Export(X509ContentType.Pfx, "111"); var keyId = cert.GetSubjectKeyIdentifier(); File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.cer"), certBase64); File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.public.key"), publicBase64); File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.private.key"), privateBase64); File.WriteAllBytes(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.pfx"), pfxBytes); File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.json"), JsonConvert.SerializeObject(new { encodedCert = certBase64, privateKey = privateBase64, keyId = keyId.ToLower(), algorithm = "SHA256WITHRSA" })); Assert.True(true); }