/// <summary> /// Extracts the application URI specified in the certificate. /// </summary> /// <param name="certificate">The certificate.</param> /// <returns>The application URI.</returns> public static string GetApplicationUriFromCertificate(X509Certificate2 certificate) { // extract the alternate domains from the subject alternate name extension. X509SubjectAltNameExtension alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate); // get the application uri. if (alternateName != null && alternateName.Uris.Count > 0) { return(alternateName.Uris[0]); } return(string.Empty); }
/// <summary> /// Creates a certificate signing request from an existing certificate. /// </summary> public static byte[] CreateSigningRequest( X509Certificate2 certificate, IList <String> domainNames = null ) { if (!certificate.HasPrivateKey) { throw new NotSupportedException("Need a certificate with a private key."); } RSA rsaPublicKey = certificate.GetRSAPublicKey(); var request = new CertificateRequest(certificate.SubjectName, rsaPublicKey, Oids.GetHashAlgorithmName(certificate.SignatureAlgorithm.Value), RSASignaturePadding.Pkcs1); var alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate); domainNames = domainNames ?? new List <String>(); if (alternateName != null) { foreach (var name in alternateName.DomainNames) { if (!domainNames.Any(s => s.Equals(name, StringComparison.OrdinalIgnoreCase))) { domainNames.Add(name); } } foreach (var ipAddress in alternateName.IPAddresses) { if (!domainNames.Any(s => s.Equals(ipAddress, StringComparison.OrdinalIgnoreCase))) { domainNames.Add(ipAddress); } } } string applicationUri = X509Utils.GetApplicationUriFromCertificate(certificate); // Subject Alternative Name var subjectAltName = new X509SubjectAltNameExtension(applicationUri, domainNames); request.CertificateExtensions.Add(new X509Extension(subjectAltName, false)); using (RSA rsa = certificate.GetRSAPrivateKey()) { var x509SignatureGenerator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1); return(request.CreateSigningRequest(x509SignatureGenerator)); } }
/// <summary> /// Check if certificate has an application urn. /// </summary> /// <param name="certificate">The certificate.</param> /// <returns>true if the application URI starts with urn: </returns> public static bool HasApplicationURN(X509Certificate2 certificate) { // extract the alternate domains from the subject alternate name extension. X509SubjectAltNameExtension alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate); // find the application urn. if (alternateName != null && alternateName.Uris.Count > 0) { string urn = "urn:"; for (int i = 0; i < alternateName.Uris.Count; i++) { if (string.Compare(alternateName.Uris[i], 0, urn, 0, urn.Length, StringComparison.OrdinalIgnoreCase) == 0) { return(true); } } } return(false); }
/// <summary> /// Extracts the DNS names specified in the certificate. /// </summary> /// <param name="certificate">The certificate.</param> /// <returns>The DNS names.</returns> public static IList <string> GetDomainsFromCertficate(X509Certificate2 certificate) { List <string> dnsNames = new List <string>(); // extracts the domain from the subject name. List <string> fields = X509Utils.ParseDistinguishedName(certificate.Subject); StringBuilder builder = new StringBuilder(); for (int ii = 0; ii < fields.Count; ii++) { if (fields[ii].StartsWith("DC=")) { if (builder.Length > 0) { builder.Append('.'); } builder.Append(fields[ii].Substring(3)); } } if (builder.Length > 0) { dnsNames.Add(builder.ToString().ToUpperInvariant()); } // extract the alternate domains from the subject alternate name extension. X509SubjectAltNameExtension alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate); if (alternateName != null) { for (int ii = 0; ii < alternateName.DomainNames.Count; ii++) { string hostname = alternateName.DomainNames[ii]; // do not add duplicates to the list. bool found = false; for (int jj = 0; jj < dnsNames.Count; jj++) { if (String.Compare(dnsNames[jj], hostname, StringComparison.OrdinalIgnoreCase) == 0) { found = true; break; } } if (!found) { dnsNames.Add(hostname.ToUpperInvariant()); } } for (int ii = 0; ii < alternateName.IPAddresses.Count; ii++) { string ipAddress = alternateName.IPAddresses[ii]; if (!dnsNames.Contains(ipAddress)) { dnsNames.Add(ipAddress); } } } // return the list. return(dnsNames); }