/// <summary>
/// Extracts the application URI specified in the certificate.
/// </summary>
/// <param name="certificate">The certificate.</param>
/// <returns>The application URI.</returns>
public static string GetApplicationUriFromCertificate(X509Certificate2 certificate)
{
// extract the alternate domains from the subject alternate name extension.
X509SubjectAltNameExtension alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate);
// get the application uri.
if (alternateName != null && alternateName.Uris.Count > 0)
{
return(alternateName.Uris[0]);
}
return(string.Empty);
}
/// <summary>
/// Creates a certificate signing request from an existing certificate.
/// </summary>
public static byte[] CreateSigningRequest(
X509Certificate2 certificate,
IList <String> domainNames = null
)
{
if (!certificate.HasPrivateKey)
{
throw new NotSupportedException("Need a certificate with a private key.");
}
RSA rsaPublicKey = certificate.GetRSAPublicKey();
var request = new CertificateRequest(certificate.SubjectName, rsaPublicKey,
Oids.GetHashAlgorithmName(certificate.SignatureAlgorithm.Value), RSASignaturePadding.Pkcs1);
var alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate);
domainNames = domainNames ?? new List <String>();
if (alternateName != null)
{
foreach (var name in alternateName.DomainNames)
{
if (!domainNames.Any(s => s.Equals(name, StringComparison.OrdinalIgnoreCase)))
{
domainNames.Add(name);
}
}
foreach (var ipAddress in alternateName.IPAddresses)
{
if (!domainNames.Any(s => s.Equals(ipAddress, StringComparison.OrdinalIgnoreCase)))
{
domainNames.Add(ipAddress);
}
}
}
string applicationUri = X509Utils.GetApplicationUriFromCertificate(certificate);
// Subject Alternative Name
var subjectAltName = new X509SubjectAltNameExtension(applicationUri, domainNames);
request.CertificateExtensions.Add(new X509Extension(subjectAltName, false));
using (RSA rsa = certificate.GetRSAPrivateKey())
{
var x509SignatureGenerator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1);
return(request.CreateSigningRequest(x509SignatureGenerator));
}
}
/// <summary>
/// Check if certificate has an application urn.
/// </summary>
/// <param name="certificate">The certificate.</param>
/// <returns>true if the application URI starts with urn: </returns>
public static bool HasApplicationURN(X509Certificate2 certificate)
{
// extract the alternate domains from the subject alternate name extension.
X509SubjectAltNameExtension alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate);
// find the application urn.
if (alternateName != null && alternateName.Uris.Count > 0)
{
string urn = "urn:";
for (int i = 0; i < alternateName.Uris.Count; i++)
{
if (string.Compare(alternateName.Uris[i], 0, urn, 0, urn.Length, StringComparison.OrdinalIgnoreCase) == 0)
{
return(true);
}
}
}
return(false);
}
/// <summary>
/// Extracts the DNS names specified in the certificate.
/// </summary>
/// <param name="certificate">The certificate.</param>
/// <returns>The DNS names.</returns>
public static IList <string> GetDomainsFromCertficate(X509Certificate2 certificate)
{
List <string> dnsNames = new List <string>();
// extracts the domain from the subject name.
List <string> fields = X509Utils.ParseDistinguishedName(certificate.Subject);
StringBuilder builder = new StringBuilder();
for (int ii = 0; ii < fields.Count; ii++)
{
if (fields[ii].StartsWith("DC="))
{
if (builder.Length > 0)
{
builder.Append('.');
}
builder.Append(fields[ii].Substring(3));
}
}
if (builder.Length > 0)
{
dnsNames.Add(builder.ToString().ToUpperInvariant());
}
// extract the alternate domains from the subject alternate name extension.
X509SubjectAltNameExtension alternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(certificate);
if (alternateName != null)
{
for (int ii = 0; ii < alternateName.DomainNames.Count; ii++)
{
string hostname = alternateName.DomainNames[ii];
// do not add duplicates to the list.
bool found = false;
for (int jj = 0; jj < dnsNames.Count; jj++)
{
if (String.Compare(dnsNames[jj], hostname, StringComparison.OrdinalIgnoreCase) == 0)
{
found = true;
break;
}
}
if (!found)
{
dnsNames.Add(hostname.ToUpperInvariant());
}
}
for (int ii = 0; ii < alternateName.IPAddresses.Count; ii++)
{
string ipAddress = alternateName.IPAddresses[ii];
if (!dnsNames.Contains(ipAddress))
{
dnsNames.Add(ipAddress);
}
}
}
// return the list.
return(dnsNames);
}
