private CX500DistinguishedName GetEncodedSubject(CertificateSubject subject) { CX500DistinguishedName certDn = new CX500DistinguishedName(); certDn.Encode(subject.ToString(), X500NameFlags.XCN_CERT_NAME_STR_NONE); return(certDn); }
/// <summary> /// Creates a self signed certificate given the parameters. /// </summary> /// <param name="subject"></param> /// <param name="cipher"></param> /// <param name="keysize"></param> /// <param name="api"></param> /// <returns></returns> public X509Certificate2 CreateSelfSignedCertificate(CertificateSubject subject, CipherAlgorithm cipher, int keysize, WindowsApi api) { CX509PrivateKey privateKey = CreatePrivateKey(cipher, keysize); CX509CertificateRequestCertificate pkcs10 = NewCertificateRequestCrc(subject, privateKey); pkcs10.Issuer = pkcs10.Subject; pkcs10.NotBefore = DateTime.Now.AddDays(-1); pkcs10.NotAfter = DateTime.Now.AddYears(20); var sigoid = new CObjectId(); var alg = new Oid("SHA256"); sigoid.InitializeFromValue(alg.Value); pkcs10.SignatureInformation.HashAlgorithm = sigoid; pkcs10.Encode(); CX509Enrollment enrollment = new CX509Enrollment(); enrollment.InitializeFromRequest(pkcs10); string csr = enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); InstallResponseRestrictionFlags restrictionFlags = InstallResponseRestrictionFlags.AllowUntrustedCertificate; enrollment.InstallResponse(restrictionFlags, csr, EncodingType.XCN_CRYPT_STRING_BASE64, string.Empty); string pwd = secret.NewSecret(16); string pfx = enrollment.CreatePFX(pwd, PFXExportOptions.PFXExportChainWithRoot, EncodingType.XCN_CRYPT_STRING_BASE64); return(new X509Certificate2(Convert.FromBase64String(pfx), pwd)); }
private CertificateSubject BuildSubject(CX500DistinguishedName subject) { if (subject == null) { throw new CryptographicException("Win32CertificateProvider.BuildSubject - Subject from a decoded request cannot be null"); } return(CertificateSubject.CreateFromDistinguishedName(subject.Name)); }
private CertificateRequest DecodeCmc(string csr) { IX509CertificateRequestCertificate cmc = (IX509CertificateRequestCertificate)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestCertificate")); cmc.InitializeDecode(csr, EncodingType.XCN_CRYPT_STRING_BASE64_ANY); CertificateSubject subject = BuildSubject(cmc.Subject); return(ImproveDeserializedCsrFidelity(new CertificateRequest(subject, SigningRequestProtocol.Pkcs10, false), cmc.PublicKey)); }
public CertificateRequest ( CertificateSubject subject, SigningRequestProtocol csrProtocol, bool managedPrivateKey ) { this.Subject = subject; this.SigningRequestProtocol = csrProtocol; this.ManagedPrivateKey = managedPrivateKey; }
/// <summary> /// Creates a new public and private key pair and the encoded csr is returned back in the CertificateRequest object. /// For security reasons, the private key is kept on the machine that this method is invoked on. /// The next step is to have a certificate authority sign the csr and the result should be provided to the InstallIssuedCertificate method. /// </summary> /// <param name="subject"></param> /// <param name="cipher"></param> /// <param name="keysize"></param> /// <param name="api"></param> /// <param name="protocol"></param> /// <returns></returns> public CertificateRequest CreateCsrKeyPair(CertificateSubject subject, CipherAlgorithm cipher, int keysize, WindowsApi api, SigningRequestProtocol protocol) { if (!requestValidation.IsValidWindowsApiForCipherAlgorithm(cipher, api)) { throw new AlgorithmNotSupportedByProviderException("The cryptography provider specified does not support the specified cipher algorithm"); } CX509PrivateKey privateKey = CreatePrivateKey(cipher, keysize, api); return(CreateCsrFromPrivateKey(subject, cipher, keysize, privateKey)); }
private CertificateRequest CreateCsrFromPrivateKey(CertificateSubject subject, CipherAlgorithm cipher, int keysize, CX509PrivateKey privateKey) { CertificateRequest csr = new CertificateRequest(subject, cipher, keysize); CX509CertificateRequestPkcs10 pkcs10 = NewCertificateRequestPkcs10(csr.Subject, privateKey); csr.SubjectKeyIdentifier = GetSubjectKeyIdentifier(pkcs10); csr.EncodedCsr = BuildEncodedCsr(pkcs10); return(csr); }
public static CertificateSubject CreateFromDistinguishedName(string dn) { if (String.IsNullOrWhiteSpace(dn)) { throw new ArgumentNullException(nameof(dn)); } if (!IsValidDistinguishedNameLength(dn)) { throw new ArgumentOutOfRangeException(nameof(dn)); } CertificateSubject subject = new CertificateSubject(); foreach (string item in dn.Split(',')) { if (subject.IsCommonNameComponent(item)) { subject.CommonName = subject.GetCommonName(item); } if (subject.IsDepartmentComponent(item)) { subject.Department = subject.GetDepartment(item); } if (subject.IsOrganizationComponent(item)) { subject.Organization = subject.GetOrganization(item); } if (subject.IsCityComponent(item)) { subject.City = subject.GetCity(item); } if (subject.IsStateComponent(item)) { subject.State = subject.GetState(item); } if (subject.IsCountryComponent(item)) { subject.Country = subject.GetCountry(item); } } return(subject); }
private CX509CertificateRequestCertificate NewCertificateRequestCrc(CertificateSubject subject, CX509PrivateKey privateKey) { CX509CertificateRequestCertificate crc = new CX509CertificateRequestCertificate(); crc.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, ""); crc.X509Extensions.Add(GetQualifiedSan(subject.SubjectAlternativeName)); crc.X509Extensions.Add(GetKeyUsage()); crc.Subject = GetEncodedSubject(subject); return(crc); }
private CX509CertificateRequestPkcs10 NewCertificateRequestPkcs10(CertificateSubject subject, CX509PrivateKey privateKey) { CX509CertificateRequestPkcs10 pkcs10 = new CX509CertificateRequestPkcs10(); pkcs10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, ""); if (subject.ContainsSubjectAlternativeName) { pkcs10.X509Extensions.Add(GetQualifiedSan(subject.SubjectAlternativeName)); } pkcs10.X509Extensions.Add(GetKeyUsage()); pkcs10.Subject = GetEncodedSubject(subject); return(pkcs10); }
public CertificateRequest ( CertificateSubject subject, CipherAlgorithm cipher = CipherAlgorithm.ECDH, int keySize = 384 ) { CertificateRequestValidation requestValidation = new CertificateRequestValidation(); if (!requestValidation.IsValidKeySize(cipher, keySize)) { throw new KeySizeUnsupportedException(String.Format("The keysize specified '{0}' is not supported by the specified algorithm '{1}'", keySize, cipher)); } Subject = subject ?? throw new ArgumentNullException(nameof(subject)); CipherAlgorithm = cipher; KeySize = keySize; ManagedPrivateKey = true; SigningRequestProtocol = SigningRequestProtocol.Pkcs10; }