private CertificateRequest DecodePkcs10(string csr)
{
IX509CertificateRequestPkcs10 pkcs10 = (IX509CertificateRequestPkcs10)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestPkcs10"));
pkcs10.InitializeDecode(csr, EncodingType.XCN_CRYPT_STRING_BASE64_ANY);
CertificateSubject subject = BuildSubject(pkcs10.Subject);
return(ImproveDeserializedCsrFidelity(new CertificateRequest(subject, SigningRequestProtocol.Pkcs10, false), pkcs10.PublicKey));
}
// enroll a certificate based on given template name
public static void EnrollCert(
string templateName,
string subjectName,
string friendlyName)
{
// create a CX509Enrollment object
// either from CX509EnrollmentClass or CX509Enrollment should work
//CX509EnrollmentClass objEnroll = new CX509EnrollmentClass();
CX509Enrollment objEnroll = new CX509Enrollment();
// initialize the CX509Enrollment object
objEnroll.InitializeFromTemplateName(
X509CertificateEnrollmentContext.ContextUser,
templateName);
// set up the subject name
//
// first get the request
IX509CertificateRequest iRequest = objEnroll.Request;
// then get the inner PKCS10 request
IX509CertificateRequest iInnerRequest =
iRequest.GetInnerRequest(InnerRequestLevel.LevelInnermost);
IX509CertificateRequestPkcs10 iRequestPkcs10 =
iInnerRequest as IX509CertificateRequestPkcs10;
// create CX500DistinguishedName
CX500DistinguishedName objName = new CX500DistinguishedName();
objName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);
// set up the subject name
iRequestPkcs10.Subject = objName;
// set up friendly name
objEnroll.CertificateFriendlyName = friendlyName;
// enroll for the certificate, which should install the certficate
// in MY store if the certificate is successfully issued by CA
objEnroll.Enroll();
}
static void Main(string[] args)
{
string requesterName = @"DOMAIN\otherUser";
string caName = @"CA1.DOMAIN.LOCAL\DOMAIN-CA1-CA";
string template = "User";
// signerCertificate's private key must be accessible to this process
var signerCertificate = FindCertificateByThumbprint("3f817d138f32a9a8df2aa6e43b8aed76eb93a932");
// create a new private key for the certificate
CX509PrivateKey privateKey = new CX509PrivateKey();
// http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
privateKey.MachineContext = false;
privateKey.Length = 2048;
privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
privateKey.Create();
// PKCS 10 Request
// we use v1 to avoid compat issues on w2k8
IX509CertificateRequestPkcs10 req = (IX509CertificateRequestPkcs10) new CX509CertificateRequestPkcs10();
req.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, template);
// PKCS 7 Wrapper
var signer = new CSignerCertificate();
signer.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64_ANY,
Convert.ToBase64String(signerCertificate.GetRawCertData()));
var wrapper = new CX509CertificateRequestPkcs7();
wrapper.InitializeFromInnerRequest(req);
wrapper.RequesterName = requesterName;
wrapper.SignerCertificate = signer;
// get CSR
var enroll = new CX509Enrollment();
enroll.InitializeFromRequest(wrapper);
var csr = enroll.CreateRequest();
//File.WriteAllText("csr.p7b", csr);
// submit
const int CR_IN_BASE64 = 1, CR_OUT_BASE64 = 1;
const int CR_IN_PKCS7 = 0x300;
ICertRequest2 liveCsr = new CCertRequest();
var disposition = (RequestDisposition)liveCsr.Submit(CR_IN_BASE64 | CR_IN_PKCS7, csr, null, caName);
if (disposition == RequestDisposition.CR_DISP_ISSUED)
{
string resp = liveCsr.GetCertificate(CR_OUT_BASE64);
//File.WriteAllText("resp.cer", resp);
// install the response
var install = new CX509Enrollment();
install.Initialize(X509CertificateEnrollmentContext.ContextUser);
install.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot,
resp, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null);
}
else
{
Console.WriteLine("disp: " + disposition.ToString());
}
Console.WriteLine("done");
Console.ReadLine();
}
