public void CanAddRequestExtensions()
{
var extList = new List <X509V3ExtensionValue> {
new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"),
new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
};
var start = DateTime.Now;
var end = start + TimeSpan.FromMinutes(10);
using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY))))
using (var request = new X509Request(1, new X509Name("foo"), key))
{
OpenSSL.Core.Stack <X509Extension> extensions = new OpenSSL.Core.Stack <X509Extension>();
foreach (var extValue in extList)
{
using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value))
{
Console.WriteLine(ext);
extensions.Add(ext);
}
}
request.AddExtensions(extensions);
Assert.AreEqual(EXPECTED_CERT, request.PEM);
}
}
public void CanAddRequestExtensions()
{
var extList = new List<X509V3ExtensionValue> {
new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"),
new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
};
var start = DateTime.Now;
var end = start + TimeSpan.FromMinutes(10);
using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY))))
using (var request = new X509Request(1,new X509Name("foo"),key))
{
OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>();
foreach (var extValue in extList)
{
using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value))
{
Console.WriteLine(ext);
extensions.Add(ext);
}
}
request.AddExtensions(extensions);
Assert.AreEqual(EXPECTED_CERT, request.PEM);
}
}
public override void ExportArchive(PrivateKey pk, IEnumerable <Crt> certs, ArchiveFormat fmt, Stream target, string password = "")
{
var rsaPk = pk as RsaPrivateKey;
if (rsaPk == null)
{
throw new NotSupportedException("unsupported private key type");
}
if (fmt == ArchiveFormat.PKCS12)
{
var x509Arr = certs.Select(x =>
{
using (var bio = BIO.MemoryBuffer())
{
bio.Write(x.Pem);
return(new X509Certificate(bio));
}
}).ToArray();
using (var key = CryptoKey.FromPrivateKey(rsaPk.Pem, null))
{
var caStack = new OpenSSL.Core.Stack <X509Certificate>();
for (int i = 1; i < x509Arr.Length; ++i)
{
caStack.Add(x509Arr[i]);
}
using (var pfx = new PKCS12(password == string.Empty ? null : password, key, x509Arr[0], caStack))
{
using (var bio = BIO.MemoryBuffer())
{
pfx.Write(bio);
var count = (int)bio.BytesPending;
var array = bio.ReadBytes(count);
target.Write(array.Array, 0, count);
}
}
}
foreach (var x in x509Arr)
{
x.Dispose();
}
}
else
{
throw new NotSupportedException("unsupported archive format");
}
}
/// <summary>
/// Converts a certificate and private key to a PKCS#12 (.PFX) file.
/// </summary>
public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget)
{
using (BIO keyBio = BIO.MemoryBuffer(),
crtBio = BIO.MemoryBuffer(),
isrBio = BIO.MemoryBuffer())
{
using (var ms = new MemoryStream())
{
keyPemSource.CopyTo(ms);
keyBio.Write(ms.ToArray());
}
using (var ms = new MemoryStream())
{
crtPemSource.CopyTo(ms);
crtBio.Write(ms.ToArray());
}
using (var ms = new MemoryStream())
{
isrPemSource.CopyTo(ms);
isrBio.Write(ms.ToArray());
}
using (var key = CryptoKey.FromPrivateKey(keyBio, null))
{
using (var crt = new X509Certificate(crtBio))
{
using (var isr = new X509Certificate(isrBio))
{
var isrStack = new OpenSSL.Core.Stack <X509Certificate>();
isrStack.Add(isr);
using (var pfx = new PKCS12(null, key, crt, isrStack))
{
using (var pfxBio = BIO.MemoryBuffer())
{
pfx.Write(pfxBio);
var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending);
pfxTarget.Write(arr.Array, arr.Offset, arr.Count);
}
}
}
}
}
}
}
protected Csr GenerateCsr(CsrDetails csrDetails, RsaPrivateKey rsaKeyPair, string messageDigest = "SHA256")
{
var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null);
// Translate from our external form to our OpenSSL internal form
// Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html
var xn = new X509Name();
if (!string.IsNullOrEmpty(csrDetails.CommonName /**/))
{
xn.Common = csrDetails.CommonName; // CN;
}
if (!string.IsNullOrEmpty(csrDetails.Country /**/))
{
xn.Country = csrDetails.Country; // C;
}
if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/))
{
xn.StateOrProvince = csrDetails.StateOrProvince; // ST;
}
if (!string.IsNullOrEmpty(csrDetails.Locality /**/))
{
xn.Locality = csrDetails.Locality; // L;
}
if (!string.IsNullOrEmpty(csrDetails.Organization /**/))
{
xn.Organization = csrDetails.Organization; // O;
}
if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/))
{
xn.OrganizationUnit = csrDetails.OrganizationUnit; // OU;
}
if (!string.IsNullOrEmpty(csrDetails.Description /**/))
{
xn.Description = csrDetails.Description; // D;
}
if (!string.IsNullOrEmpty(csrDetails.Surname /**/))
{
xn.Surname = csrDetails.Surname; // S;
}
if (!string.IsNullOrEmpty(csrDetails.GivenName /**/))
{
xn.Given = csrDetails.GivenName; // G;
}
if (!string.IsNullOrEmpty(csrDetails.Initials /**/))
{
xn.Initials = csrDetails.Initials; // I;
}
if (!string.IsNullOrEmpty(csrDetails.Title /**/))
{
xn.Title = csrDetails.Title; // T;
}
if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/))
{
xn.SerialNumber = csrDetails.SerialNumber; // SN;
}
if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/))
{
xn.UniqueIdentifier = csrDetails.UniqueIdentifier; // UID;
}
var xr = new X509Request(0, xn, rsaKeys);
if (csrDetails.AlternativeNames != null)
{
// Format the common name as the first alternative name
var commonName = $"{EXT_SAN_PREFIX_DNS}:{xn.Common}";
// Concat with all subsequent alternative names
var altNames = commonName + string.Join("", csrDetails.AlternativeNames.Select(
x => $",{EXT_SAN_PREFIX_DNS}:{x}"));
// Assemble and add the SAN extension value
var extensions = new OpenSSL.Core.Stack <X509Extension>();
extensions.Add(new X509Extension(xr, EXT_NAME_SAN, false, altNames));
xr.AddExtensions(extensions);
}
var md = MessageDigest.CreateByName(messageDigest);
xr.Sign(rsaKeys, md);
using (var bio = BIO.MemoryBuffer())
{
xr.Write(bio);
return(new Csr(bio.ReadString()));
}
}
private Csr GenerateCsr(CsrDetails csrDetails, RsaPrivateKey rsaKeyPair, string messageDigest = "SHA256")
{
var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null);
// Translate from our external form to our OpenSSL internal form
// Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html
var xn = new X509Name();
if (!string.IsNullOrEmpty(csrDetails.CommonName /**/))
{
xn.Common = csrDetails.CommonName; // CN;
}
if (!string.IsNullOrEmpty(csrDetails.Country /**/))
{
xn.Country = csrDetails.Country; // C;
}
if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/))
{
xn.StateOrProvince = csrDetails.StateOrProvince; // ST;
}
if (!string.IsNullOrEmpty(csrDetails.Locality /**/))
{
xn.Locality = csrDetails.Locality; // L;
}
if (!string.IsNullOrEmpty(csrDetails.Organization /**/))
{
xn.Organization = csrDetails.Organization; // O;
}
if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/))
{
xn.OrganizationUnit = csrDetails.OrganizationUnit; // OU;
}
if (!string.IsNullOrEmpty(csrDetails.Description /**/))
{
xn.Description = csrDetails.Description; // D;
}
if (!string.IsNullOrEmpty(csrDetails.Surname /**/))
{
xn.Surname = csrDetails.Surname; // S;
}
if (!string.IsNullOrEmpty(csrDetails.GivenName /**/))
{
xn.Given = csrDetails.GivenName; // G;
}
if (!string.IsNullOrEmpty(csrDetails.Initials /**/))
{
xn.Initials = csrDetails.Initials; // I;
}
if (!string.IsNullOrEmpty(csrDetails.Title /**/))
{
xn.Title = csrDetails.Title; // T;
}
if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/))
{
xn.SerialNumber = csrDetails.SerialNumber; // SN;
}
if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/))
{
xn.UniqueIdentifier = csrDetails.UniqueIdentifier; // UID;
}
var xr = new X509Request(0, xn, rsaKeys);
if (csrDetails.AlternativeNames.Count > 0)
{
OpenSSL.Core.Stack <X509Extension> extensions = new OpenSSL.Core.Stack <X509Extension>();
// Add the common name as the first alternate
string altNames = "DNS:" + xn.Common;
foreach (var name in csrDetails.AlternativeNames)
{
altNames += ", DNS:" + name;
}
extensions.Add(new X509Extension(xr, "subjectAltName", false, altNames));
xr.AddExtensions(extensions);
}
var md = MessageDigest.CreateByName(messageDigest);
xr.Sign(rsaKeys, md);
using (var bio = BIO.MemoryBuffer())
{
xr.Write(bio);
return(new Csr(bio.ReadString()));
}
}
/// <summary>
/// Converts a certificate and private key to a PKCS#12 (.PFX) file.
/// </summary>
public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget)
{
using (BIO keyBio = BIO.MemoryBuffer(),
crtBio = BIO.MemoryBuffer(),
isrBio = BIO.MemoryBuffer())
{
using (var ms = new MemoryStream())
{
keyPemSource.CopyTo(ms);
keyBio.Write(ms.ToArray());
}
using (var ms = new MemoryStream())
{
crtPemSource.CopyTo(ms);
crtBio.Write(ms.ToArray());
}
using (var ms = new MemoryStream())
{
isrPemSource.CopyTo(ms);
isrBio.Write(ms.ToArray());
}
using (var key = CryptoKey.FromPrivateKey(keyBio, null))
{
using (var crt = new X509Certificate(crtBio))
{
using (var isr = new X509Certificate(isrBio))
{
var isrStack = new OpenSSL.Core.Stack<X509Certificate>();
isrStack.Add(isr);
using (var pfx = new PKCS12(null, key, crt, isrStack))
{
using (var pfxBio = BIO.MemoryBuffer())
{
pfx.Write(pfxBio);
var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending);
pfxTarget.Write(arr.Array, arr.Offset, arr.Count);
}
}
}
}
}
}
}
