public void LoadCertificateAndPrivateKey()
{
try
{
Cert = new X509Certificate2(_appSettings.Certificate);
Key = new RSACryptoServiceProvider();
var rsaPrivParams = UASecurity.ImportRSAPrivateKey(File.ReadAllText(_appSettings.PrivateKey));
Key.ImportParameters(rsaPrivParams);
}
catch
{
var dn = new X500DistinguishedName($"CN={_appSettings.CommonName};OU={_appSettings.OrganizationalUnit}", X500DistinguishedNameFlags.UseSemicolons);
SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddUri(new Uri($"urn:{_appSettings.ApplicationUri}"));
using (RSA rsa = RSA.Create(2048))
{
var request = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(sanBuilder.Build());
var selfSignedCert = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
Cert = new X509Certificate2(selfSignedCert.Export(X509ContentType.Pfx, ""), "", X509KeyStorageFlags.DefaultKeySet);
var certPrivateParams = rsa.ExportParameters(true);
File.WriteAllText(_appSettings.Certificate, UASecurity.ExportPEM(Cert));
File.WriteAllText(_appSettings.PrivateKey, UASecurity.ExportRSAPrivateKey(certPrivateParams));
Key = new RSACryptoServiceProvider();
Key.ImportParameters(certPrivateParams);
}
}
}
/// <summary>
/// This will load Certificate and private key for the server from a file. If File doesn't exist a dummy file will be created.
/// </summary>
private void LoadCertificateAndPrivatekeyFromFile(String certfile = "ServerCert.der", String privkeyfile = "ServerKey.pem")
{
try
{
// Try to load existing (public key) and associated private key
this.appCertificate = new X509Certificate2(certfile);
this.cryptPrivateKey = new RSACryptoServiceProvider();
var rsaPrivParams = UASecurity.ImportRSAPrivateKey(File.ReadAllText(privkeyfile));
this.cryptPrivateKey.ImportParameters(rsaPrivParams);
}
catch
{
// If existing certificate could not be loaded:
// Make a new certificate (public key) and associated private key
var dn = new X500DistinguishedName("CN=Client certificate;OU=Demo organization", X500DistinguishedNameFlags.UseSemicolons);
var keyCreationParameters = new CngKeyCreationParameters()
{
KeyUsage = CngKeyUsages.AllUsages,
KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
ExportPolicy = CngExportPolicies.AllowPlaintextExport
};
keyCreationParameters.Parameters.Add(new CngProperty("Length", BitConverter.GetBytes(1024), CngPropertyOptions.None));
var cngKey = CngKey.Create(CngAlgorithm2.Rsa, "KeyName", keyCreationParameters);
var certParams = new X509CertificateCreationParameters(dn)
{
StartTime = DateTime.Now,
EndTime = DateTime.Now.AddYears(10),
SignatureAlgorithm = X509CertificateSignatureAlgorithm.RsaSha1,
TakeOwnershipOfKey = true
};
appCertificate = cngKey.CreateSelfSignedCertificate(certParams);
var certPrivateCNG = new RSACng(appCertificate.GetCngPrivateKey());
var certPrivateParams = certPrivateCNG.ExportParameters(true);
File.WriteAllText(certfile, UASecurity.ExportPEM(appCertificate));
File.WriteAllText(privkeyfile, UASecurity.ExportRSAPrivateKey(certPrivateParams));
cryptPrivateKey = new RSACryptoServiceProvider();
cryptPrivateKey.ImportParameters(certPrivateParams);
}
}
private void LoadCertificateAndPrivateKey()
{
try
{
// Try to load existing (public key) and associated private key
appCertificate = new X509Certificate2("ServerCert.der");
cryptPrivateKey = new RSACryptoServiceProvider();
var rsaPrivParams = UASecurity.ImportRSAPrivateKey(File.ReadAllText("ServerKey.pem"));
cryptPrivateKey.ImportParameters(rsaPrivParams);
}
catch
{
// Make a new certificate (public key) and associated private key
var dn = new X500DistinguishedName("CN=Client certificate;OU=Demo organization",
X500DistinguishedNameFlags.UseSemicolons);
SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddUri(new Uri("urn:DemoApplication"));
using (RSA rsa = RSA.Create(2048))
{
var request = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(sanBuilder.Build());
var certificate = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)),
new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
appCertificate = new X509Certificate2(certificate.Export(X509ContentType.Pfx, ""),
"", X509KeyStorageFlags.DefaultKeySet);
var certPrivateParams = rsa.ExportParameters(true);
File.WriteAllText("ServerCert.der", UASecurity.ExportPEM(appCertificate));
File.WriteAllText("ServerKey.pem", UASecurity.ExportRSAPrivateKey(certPrivateParams));
cryptPrivateKey = new RSACryptoServiceProvider();
cryptPrivateKey.ImportParameters(certPrivateParams);
}
}
}