public void CanAddRequestExtensions() { var extList = new List <X509V3ExtensionValue> { new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; var start = DateTime.Now; var end = start + TimeSpan.FromMinutes(10); using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY)))) using (var request = new X509Request(1, new X509Name("foo"), key)) { OpenSSL.Core.Stack <X509Extension> extensions = new OpenSSL.Core.Stack <X509Extension>(); foreach (var extValue in extList) { using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value)) { Console.WriteLine(ext); extensions.Add(ext); } } request.AddExtensions(extensions); Assert.AreEqual(EXPECTED_CERT, request.PEM); } }
public void CanAddRequestExtensions() { var extList = new List<X509V3ExtensionValue> { new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; var start = DateTime.Now; var end = start + TimeSpan.FromMinutes(10); using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY)))) using (var request = new X509Request(1,new X509Name("foo"),key)) { OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>(); foreach (var extValue in extList) { using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value)) { Console.WriteLine(ext); extensions.Add(ext); } } request.AddExtensions(extensions); Assert.AreEqual(EXPECTED_CERT, request.PEM); } }
public override void ExportArchive(PrivateKey pk, IEnumerable <Crt> certs, ArchiveFormat fmt, Stream target, string password = "") { var rsaPk = pk as RsaPrivateKey; if (rsaPk == null) { throw new NotSupportedException("unsupported private key type"); } if (fmt == ArchiveFormat.PKCS12) { var x509Arr = certs.Select(x => { using (var bio = BIO.MemoryBuffer()) { bio.Write(x.Pem); return(new X509Certificate(bio)); } }).ToArray(); using (var key = CryptoKey.FromPrivateKey(rsaPk.Pem, null)) { var caStack = new OpenSSL.Core.Stack <X509Certificate>(); for (int i = 1; i < x509Arr.Length; ++i) { caStack.Add(x509Arr[i]); } using (var pfx = new PKCS12(password == string.Empty ? null : password, key, x509Arr[0], caStack)) { using (var bio = BIO.MemoryBuffer()) { pfx.Write(bio); var count = (int)bio.BytesPending; var array = bio.ReadBytes(count); target.Write(array.Array, 0, count); } } } foreach (var x in x509Arr) { x.Dispose(); } } else { throw new NotSupportedException("unsupported archive format"); } }
/// <summary> /// Converts a certificate and private key to a PKCS#12 (.PFX) file. /// </summary> public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget) { using (BIO keyBio = BIO.MemoryBuffer(), crtBio = BIO.MemoryBuffer(), isrBio = BIO.MemoryBuffer()) { using (var ms = new MemoryStream()) { keyPemSource.CopyTo(ms); keyBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { crtPemSource.CopyTo(ms); crtBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { isrPemSource.CopyTo(ms); isrBio.Write(ms.ToArray()); } using (var key = CryptoKey.FromPrivateKey(keyBio, null)) { using (var crt = new X509Certificate(crtBio)) { using (var isr = new X509Certificate(isrBio)) { var isrStack = new OpenSSL.Core.Stack <X509Certificate>(); isrStack.Add(isr); using (var pfx = new PKCS12(null, key, crt, isrStack)) { using (var pfxBio = BIO.MemoryBuffer()) { pfx.Write(pfxBio); var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending); pfxTarget.Write(arr.Array, arr.Offset, arr.Count); } } } } } } }
protected Csr GenerateCsr(CsrDetails csrDetails, RsaPrivateKey rsaKeyPair, string messageDigest = "SHA256") { var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null); // Translate from our external form to our OpenSSL internal form // Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html var xn = new X509Name(); if (!string.IsNullOrEmpty(csrDetails.CommonName /**/)) { xn.Common = csrDetails.CommonName; // CN; } if (!string.IsNullOrEmpty(csrDetails.Country /**/)) { xn.Country = csrDetails.Country; // C; } if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/)) { xn.StateOrProvince = csrDetails.StateOrProvince; // ST; } if (!string.IsNullOrEmpty(csrDetails.Locality /**/)) { xn.Locality = csrDetails.Locality; // L; } if (!string.IsNullOrEmpty(csrDetails.Organization /**/)) { xn.Organization = csrDetails.Organization; // O; } if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/)) { xn.OrganizationUnit = csrDetails.OrganizationUnit; // OU; } if (!string.IsNullOrEmpty(csrDetails.Description /**/)) { xn.Description = csrDetails.Description; // D; } if (!string.IsNullOrEmpty(csrDetails.Surname /**/)) { xn.Surname = csrDetails.Surname; // S; } if (!string.IsNullOrEmpty(csrDetails.GivenName /**/)) { xn.Given = csrDetails.GivenName; // G; } if (!string.IsNullOrEmpty(csrDetails.Initials /**/)) { xn.Initials = csrDetails.Initials; // I; } if (!string.IsNullOrEmpty(csrDetails.Title /**/)) { xn.Title = csrDetails.Title; // T; } if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/)) { xn.SerialNumber = csrDetails.SerialNumber; // SN; } if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/)) { xn.UniqueIdentifier = csrDetails.UniqueIdentifier; // UID; } var xr = new X509Request(0, xn, rsaKeys); if (csrDetails.AlternativeNames != null) { // Format the common name as the first alternative name var commonName = $"{EXT_SAN_PREFIX_DNS}:{xn.Common}"; // Concat with all subsequent alternative names var altNames = commonName + string.Join("", csrDetails.AlternativeNames.Select( x => $",{EXT_SAN_PREFIX_DNS}:{x}")); // Assemble and add the SAN extension value var extensions = new OpenSSL.Core.Stack <X509Extension>(); extensions.Add(new X509Extension(xr, EXT_NAME_SAN, false, altNames)); xr.AddExtensions(extensions); } var md = MessageDigest.CreateByName(messageDigest); xr.Sign(rsaKeys, md); using (var bio = BIO.MemoryBuffer()) { xr.Write(bio); return(new Csr(bio.ReadString())); } }
private Csr GenerateCsr(CsrDetails csrDetails, RsaPrivateKey rsaKeyPair, string messageDigest = "SHA256") { var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null); // Translate from our external form to our OpenSSL internal form // Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html var xn = new X509Name(); if (!string.IsNullOrEmpty(csrDetails.CommonName /**/)) { xn.Common = csrDetails.CommonName; // CN; } if (!string.IsNullOrEmpty(csrDetails.Country /**/)) { xn.Country = csrDetails.Country; // C; } if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/)) { xn.StateOrProvince = csrDetails.StateOrProvince; // ST; } if (!string.IsNullOrEmpty(csrDetails.Locality /**/)) { xn.Locality = csrDetails.Locality; // L; } if (!string.IsNullOrEmpty(csrDetails.Organization /**/)) { xn.Organization = csrDetails.Organization; // O; } if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/)) { xn.OrganizationUnit = csrDetails.OrganizationUnit; // OU; } if (!string.IsNullOrEmpty(csrDetails.Description /**/)) { xn.Description = csrDetails.Description; // D; } if (!string.IsNullOrEmpty(csrDetails.Surname /**/)) { xn.Surname = csrDetails.Surname; // S; } if (!string.IsNullOrEmpty(csrDetails.GivenName /**/)) { xn.Given = csrDetails.GivenName; // G; } if (!string.IsNullOrEmpty(csrDetails.Initials /**/)) { xn.Initials = csrDetails.Initials; // I; } if (!string.IsNullOrEmpty(csrDetails.Title /**/)) { xn.Title = csrDetails.Title; // T; } if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/)) { xn.SerialNumber = csrDetails.SerialNumber; // SN; } if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/)) { xn.UniqueIdentifier = csrDetails.UniqueIdentifier; // UID; } var xr = new X509Request(0, xn, rsaKeys); if (csrDetails.AlternativeNames.Count > 0) { OpenSSL.Core.Stack <X509Extension> extensions = new OpenSSL.Core.Stack <X509Extension>(); // Add the common name as the first alternate string altNames = "DNS:" + xn.Common; foreach (var name in csrDetails.AlternativeNames) { altNames += ", DNS:" + name; } extensions.Add(new X509Extension(xr, "subjectAltName", false, altNames)); xr.AddExtensions(extensions); } var md = MessageDigest.CreateByName(messageDigest); xr.Sign(rsaKeys, md); using (var bio = BIO.MemoryBuffer()) { xr.Write(bio); return(new Csr(bio.ReadString())); } }
/// <summary> /// Converts a certificate and private key to a PKCS#12 (.PFX) file. /// </summary> public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget) { using (BIO keyBio = BIO.MemoryBuffer(), crtBio = BIO.MemoryBuffer(), isrBio = BIO.MemoryBuffer()) { using (var ms = new MemoryStream()) { keyPemSource.CopyTo(ms); keyBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { crtPemSource.CopyTo(ms); crtBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { isrPemSource.CopyTo(ms); isrBio.Write(ms.ToArray()); } using (var key = CryptoKey.FromPrivateKey(keyBio, null)) { using (var crt = new X509Certificate(crtBio)) { using (var isr = new X509Certificate(isrBio)) { var isrStack = new OpenSSL.Core.Stack<X509Certificate>(); isrStack.Add(isr); using (var pfx = new PKCS12(null, key, crt, isrStack)) { using (var pfxBio = BIO.MemoryBuffer()) { pfx.Write(pfxBio); var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending); pfxTarget.Write(arr.Array, arr.Offset, arr.Count); } } } } } } }