public void LoadCertificateAndPrivateKey()
        {
            try
            {
                Cert = new X509Certificate2(_appSettings.Certificate);
                Key  = new RSACryptoServiceProvider();

                var rsaPrivParams = UASecurity.ImportRSAPrivateKey(File.ReadAllText(_appSettings.PrivateKey));
                Key.ImportParameters(rsaPrivParams);
            }
            catch
            {
                var dn = new X500DistinguishedName($"CN={_appSettings.CommonName};OU={_appSettings.OrganizationalUnit}", X500DistinguishedNameFlags.UseSemicolons);
                SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
                sanBuilder.AddUri(new Uri($"urn:{_appSettings.ApplicationUri}"));

                using (RSA rsa = RSA.Create(2048))
                {
                    var request = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

                    request.CertificateExtensions.Add(sanBuilder.Build());

                    var selfSignedCert = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));

                    Cert = new X509Certificate2(selfSignedCert.Export(X509ContentType.Pfx, ""), "", X509KeyStorageFlags.DefaultKeySet);

                    var certPrivateParams = rsa.ExportParameters(true);
                    File.WriteAllText(_appSettings.Certificate, UASecurity.ExportPEM(Cert));
                    File.WriteAllText(_appSettings.PrivateKey, UASecurity.ExportRSAPrivateKey(certPrivateParams));

                    Key = new RSACryptoServiceProvider();
                    Key.ImportParameters(certPrivateParams);
                }
            }
        }
예제 #2
0
        /// <summary>
        /// This will load Certificate and private key for the server from a file. If File doesn't exist a dummy file will be created.
        /// </summary>
        private void LoadCertificateAndPrivatekeyFromFile(String certfile = "ServerCert.der", String privkeyfile = "ServerKey.pem")
        {
            try
            {
                // Try to load existing (public key) and associated private key
                this.appCertificate  = new X509Certificate2(certfile);
                this.cryptPrivateKey = new RSACryptoServiceProvider();

                var rsaPrivParams = UASecurity.ImportRSAPrivateKey(File.ReadAllText(privkeyfile));
                this.cryptPrivateKey.ImportParameters(rsaPrivParams);
            }
            catch
            {
                // If existing certificate could not be loaded:
                // Make a new certificate (public key) and associated private key
                var dn = new X500DistinguishedName("CN=Client certificate;OU=Demo organization", X500DistinguishedNameFlags.UseSemicolons);

                var keyCreationParameters = new CngKeyCreationParameters()
                {
                    KeyUsage           = CngKeyUsages.AllUsages,
                    KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
                    ExportPolicy       = CngExportPolicies.AllowPlaintextExport
                };

                keyCreationParameters.Parameters.Add(new CngProperty("Length", BitConverter.GetBytes(1024), CngPropertyOptions.None));
                var cngKey = CngKey.Create(CngAlgorithm2.Rsa, "KeyName", keyCreationParameters);

                var certParams = new X509CertificateCreationParameters(dn)
                {
                    StartTime          = DateTime.Now,
                    EndTime            = DateTime.Now.AddYears(10),
                    SignatureAlgorithm = X509CertificateSignatureAlgorithm.RsaSha1,
                    TakeOwnershipOfKey = true
                };

                appCertificate = cngKey.CreateSelfSignedCertificate(certParams);

                var certPrivateCNG    = new RSACng(appCertificate.GetCngPrivateKey());
                var certPrivateParams = certPrivateCNG.ExportParameters(true);

                File.WriteAllText(certfile, UASecurity.ExportPEM(appCertificate));
                File.WriteAllText(privkeyfile, UASecurity.ExportRSAPrivateKey(certPrivateParams));

                cryptPrivateKey = new RSACryptoServiceProvider();
                cryptPrivateKey.ImportParameters(certPrivateParams);
            }
        }
예제 #3
0
            private void LoadCertificateAndPrivateKey()
            {
                try
                {
                    // Try to load existing (public key) and associated private key
                    appCertificate  = new X509Certificate2("ServerCert.der");
                    cryptPrivateKey = new RSACryptoServiceProvider();

                    var rsaPrivParams = UASecurity.ImportRSAPrivateKey(File.ReadAllText("ServerKey.pem"));
                    cryptPrivateKey.ImportParameters(rsaPrivParams);
                }
                catch
                {
                    // Make a new certificate (public key) and associated private key
                    var dn = new X500DistinguishedName("CN=Client certificate;OU=Demo organization",
                                                       X500DistinguishedNameFlags.UseSemicolons);
                    SubjectAlternativeNameBuilder sanBuilder = new SubjectAlternativeNameBuilder();
                    sanBuilder.AddUri(new Uri("urn:DemoApplication"));

                    using (RSA rsa = RSA.Create(2048))
                    {
                        var request = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA256,
                                                             RSASignaturePadding.Pkcs1);

                        request.CertificateExtensions.Add(sanBuilder.Build());

                        var certificate = request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)),
                                                                   new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));

                        appCertificate = new X509Certificate2(certificate.Export(X509ContentType.Pfx, ""),
                                                              "", X509KeyStorageFlags.DefaultKeySet);

                        var certPrivateParams = rsa.ExportParameters(true);
                        File.WriteAllText("ServerCert.der", UASecurity.ExportPEM(appCertificate));
                        File.WriteAllText("ServerKey.pem", UASecurity.ExportRSAPrivateKey(certPrivateParams));

                        cryptPrivateKey = new RSACryptoServiceProvider();
                        cryptPrivateKey.ImportParameters(certPrivateParams);
                    }
                }
            }