public void CreateCACertForRSA( KeyHashPair keyHashPair ) { // create a CA cert var cert = CertificateBuilder.Create(Subject) .SetCAConstraint(-1) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .AddExtension(X509Extensions.BuildX509CRLDistributionPoints("http://myca/mycert.crl")) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); WriteCertificate(cert, "Default cert with RSA {keyHashPair.KeySize} {keyHashPair.HashAlgorithmName} and CRL distribution points"); Assert.AreEqual(keyHashPair.KeySize, cert.GetRSAPublicKey().KeySize); Assert.AreEqual(keyHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value)); var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions); Assert.NotNull(basicConstraintsExtension); Assert.True(basicConstraintsExtension.CertificateAuthority); Assert.False(basicConstraintsExtension.HasPathLengthConstraint); X509Utils.VerifyRSAKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert)); CheckPEMWriter(cert); }
public void VerifyOneSelfSignedAppCertForAll() { var builder = CertificateBuilder.Create(Subject) .SetNotBefore(DateTime.Today.AddYears(-1)) .SetNotAfter(DateTime.Today.AddYears(25)) .AddExtension(new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" })); byte[] previousSerialNumber = null; foreach (var eCCurveHash in ECCurveHashPairs) { if (!eCCurveHash.Curve.IsNamed) { continue; } using (var cert = builder .SetHashAlgorithm(eCCurveHash.HashAlgorithmName) .SetECCurve(eCCurveHash.Curve) .CreateForECDsa()) { Assert.NotNull(cert); WriteCertificate(cert, $"Default cert with ECDsa {eCCurveHash.Curve.Oid.FriendlyName} {eCCurveHash.HashAlgorithmName} signature."); Assert.AreEqual(eCCurveHash.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value)); // ensure serial numbers are different Assert.AreNotEqual(previousSerialNumber, cert.GetSerialNumber()); X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert)); } } }
public void CreateIssuerRSAWithSuppliedKeyPair() { X509Certificate2 issuer = null; using (RSA rsaKeyPair = RSA.Create()) { // create cert with supplied keys var generator = X509SignatureGenerator.CreateForRSA(rsaKeyPair, RSASignaturePadding.Pkcs1); using (var cert = CertificateBuilder.Create("CN=Root Cert") .SetCAConstraint(-1) .SetRSAPublicKey(rsaKeyPair) .CreateForRSA(generator)) { Assert.NotNull(cert); issuer = new X509Certificate2(cert.RawData); WriteCertificate(cert, "Default root cert with supplied RSA cert"); CheckPEMWriter(cert); } // now sign a cert with supplied private key using (var appCert = CertificateBuilder.Create("CN=App Cert") .SetIssuer(issuer) .CreateForRSA(generator)) { Assert.NotNull(appCert); WriteCertificate(appCert, "Signed RSA app cert"); CheckPEMWriter(appCert); } } }
private void MainForm_Load(object sender, EventArgs e) { Log.Form = this; var rootCertificate = new X509Certificate2(@"C:\projects\PassiveX\PassiveX\Resources\ca.pfx", "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); CertificateBuilder.Initialize(rootCertificate); CertificateBuilder.Install(); GlobalKeyboardHook.Install(); Task.Run(() => { var runners = new[] { new ServiceRunner <ASTxHandler>().Run(), new ServiceRunner <AnySignHandler>().Run(), new ServiceRunner <VeraportHandler>().Run(), new ServiceRunner <NProtectHandler>().Run(), new ServiceRunner <KDefenseHandler>().Run(), new ServiceRunner <CrossWebHandler>().Run(), new ServiceRunner <MagicLineHandler>().Run(), new ServiceRunner <TouchEnNxHandler>().Run(), }; Task.WaitAll(runners); }); }
public void CreateForRSAWithGeneratorTest( KeyHashPair keyHashPair ) { // default signing cert with custom key X509Certificate2 signingCert = CertificateBuilder.Create(Subject) .SetCAConstraint() .SetHashAlgorithm(HashAlgorithmName.SHA512) .SetRSAKeySize(2048) .CreateForRSA(); WriteCertificate(signingCert, $"Signing RSA {signingCert.GetRSAPublicKey().KeySize} cert"); using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey()) { var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1); var cert = CertificateBuilder.Create("CN=App Cert") .SetIssuer(new X509Certificate2(signingCert.RawData)) .CreateForRSA(generator); Assert.NotNull(cert); WriteCertificate(cert, $"Default signed RSA cert"); } using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey()) using (RSA rsaPublicKey = signingCert.GetRSAPublicKey()) { var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1); var cert = CertificateBuilder.Create("CN=App Cert") .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetIssuer(new X509Certificate2(signingCert.RawData)) .SetRSAPublicKey(rsaPublicKey) .CreateForRSA(generator); Assert.NotNull(cert); WriteCertificate(cert, $"Default signed RSA cert with Public Key"); } using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey()) { var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1); var cert = CertificateBuilder.Create("CN=App Cert") .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetIssuer(new X509Certificate2(signingCert.RawData)) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(generator); Assert.NotNull(cert); WriteCertificate(cert, $"Default signed RSA cert"); } // ensure invalid path throws argument exception Assert.Throws <NotSupportedException>(() => { using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey()) { var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1); var cert = CertificateBuilder.Create("CN=App Cert") .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(generator); } }); }
public void CreateECDsaDefaultWithSerialTest() { var eccurve = ECCurve.NamedCurves.nistP256; // default cert Assert.Throws <ArgumentOutOfRangeException>( () => { CertificateBuilder.Create(Subject) .SetSerialNumberLength(0) .SetECCurve(eccurve) .CreateForECDsa(); } ); Assert.Throws <ArgumentOutOfRangeException>( () => { CertificateBuilder.Create(Subject) .SetSerialNumberLength(X509Defaults.SerialNumberLengthMax + 1) .SetECCurve(eccurve) .CreateForECDsa(); } ); var builder = CertificateBuilder.Create(Subject) .SetSerialNumberLength(X509Defaults.SerialNumberLengthMax) .SetECCurve(eccurve); // ensure every cert has a different serial number var cert1 = builder.CreateForECDsa(); var cert2 = builder.CreateForECDsa(); WriteCertificate(cert1, "Cert1 with max length serial number"); WriteCertificate(cert2, "Cert2 with max length serial number"); Assert.GreaterOrEqual(X509Defaults.SerialNumberLengthMax, cert1.GetSerialNumber().Length); Assert.GreaterOrEqual(X509Defaults.SerialNumberLengthMax, cert2.GetSerialNumber().Length); Assert.AreNotEqual(cert1.SerialNumber, cert2.SerialNumber); }
public void CreateSelfSignedForRSADefaultTest() { // default cert X509Certificate2 cert = CertificateBuilder.Create(Subject).CreateForRSA(); Assert.NotNull(cert); WriteCertificate(cert, "Default RSA cert"); using (var privateKey = cert.GetRSAPrivateKey()) { Assert.NotNull(privateKey); privateKey.ExportParameters(false); privateKey.ExportParameters(true); } using (var publicKey = cert.GetRSAPublicKey()) { Assert.NotNull(publicKey); Assert.AreEqual(X509Defaults.RSAKeySize, publicKey.KeySize); publicKey.ExportParameters(false); } Assert.AreEqual(X509Defaults.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value)); Assert.GreaterOrEqual(DateTime.UtcNow, cert.NotBefore); Assert.GreaterOrEqual(DateTime.UtcNow.AddMonths(X509Defaults.LifeTime), cert.NotAfter.ToUniversalTime()); var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions); Assert.NotNull(basicConstraintsExtension); Assert.True(basicConstraintsExtension.CertificateAuthority); X509Utils.VerifyRSAKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert)); }
public JsonResult Deploy(string azure, string data) { string dt = null; try { dynamic json = (new JsonReader()).Read(data); dynamic az = (new JsonReader()).Read(azure); var app = OdpiAppRepo.Apps.Where(a => a.Name == json.name).FirstOrDefault(); var cfgName = CloudBackedStore.RootDir + "\\" + az.key + "\\Temp\\" + app.Name + "\\" + "ServiceConfiguration.cscfg"; dt = AzureManagement.Deploy(az.subscriptionId, az.service, CertificateBuilder.GetPrivateKey(az.key), az.file, cfgName); } catch (Exception ex) { return(Json(new DeployStatusModel() { Status = DeployStatusModelStatus.Error, Stage = ODPI.Resources.Controllers.DeployResource.Error, LogMessage = ex.Message, StackTrace = ex.StackTrace })); } var ret = new DeployStatusModel() { Status = DeployStatusModelStatus.Ok, Stage = ODPI.Resources.Controllers.DeployResource.DeployingApplication, LogMessage = ODPI.Resources.Controllers.DeployResource.BeginningToUploadTheApplication, Data = dt }; return(Json(ret)); }
public void CreateIssuerRSACngWithSuppliedKeyPair() { if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Assert.Ignore("Cng provider only available on windows"); } X509Certificate2 issuer = null; CngKey cngKey = CngKey.Create(CngAlgorithm.Rsa); using (RSA rsaKeyPair = new RSACng(cngKey)) { // create cert with supplied keys var generator = X509SignatureGenerator.CreateForRSA(rsaKeyPair, RSASignaturePadding.Pkcs1); using (var cert = CertificateBuilder.Create("CN=Root Cert") .SetCAConstraint(-1) .SetRSAPublicKey(rsaKeyPair) .CreateForRSA(generator)) { Assert.NotNull(cert); issuer = new X509Certificate2(cert.RawData); WriteCertificate(cert, "Default root cert with supplied RSA cert"); } // now sign a cert with supplied private key using (var appCert = CertificateBuilder.Create("CN=App Cert") .SetIssuer(issuer) .CreateForRSA(generator)) { Assert.NotNull(appCert); WriteCertificate(appCert, "Signed RSA app cert"); } } }
public void CreateSelfSignedForRSAAllFields( KeyHashPair keyHashPair ) { // set dates and extension var applicationUri = "urn:opcfoundation.org:mypc"; var domains = new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" }; var cert = CertificateBuilder.Create(Subject) .SetNotBefore(DateTime.Today.AddYears(-1)) .SetNotAfter(DateTime.Today.AddYears(25)) .AddExtension(new X509SubjectAltNameExtension(applicationUri, domains)) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); WriteCertificate(cert, $"Default cert RSA {keyHashPair.KeySize} with modified lifetime and alt name extension"); Assert.AreEqual(Subject, cert.Subject); Assert.AreEqual(keyHashPair.KeySize, cert.GetRSAPublicKey().KeySize); Assert.AreEqual(keyHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value)); var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions); Assert.NotNull(basicConstraintsExtension); Assert.True(basicConstraintsExtension.CertificateAuthority); X509Utils.VerifyRSAKeyPair(cert, cert); X509Utils.VerifySelfSigned(cert); }
public void CreateForECDsaWithGeneratorTest( ECCurveHashPair ecCurveHashPair ) { // default signing cert with custom key X509Certificate2 signingCert = CertificateBuilder.Create(Subject) .SetCAConstraint() .SetHashAlgorithm(HashAlgorithmName.SHA512) .SetECCurve(ecCurveHashPair.Curve) .CreateForECDsa(); WriteCertificate(signingCert, $"Signing ECDsa {signingCert.GetECDsaPublicKey().KeySize} cert"); using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey()) { var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey); var cert = CertificateBuilder.Create("CN=App Cert") .SetIssuer(new X509Certificate2(signingCert.RawData)) .CreateForRSA(generator); Assert.NotNull(cert); WriteCertificate(cert, "Default signed ECDsa cert"); } using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey()) using (ECDsa ecdsaPublicKey = signingCert.GetECDsaPublicKey()) { var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey); var cert = CertificateBuilder.Create("CN=App Cert") .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName) .SetIssuer(new X509Certificate2(signingCert.RawData)) .SetECDsaPublicKey(ecdsaPublicKey) .CreateForECDsa(generator); Assert.NotNull(cert); WriteCertificate(cert, "Default signed ECDsa cert with Public Key"); } using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey()) { var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey); var cert = CertificateBuilder.Create("CN=App Cert") .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName) .SetIssuer(new X509Certificate2(signingCert.RawData)) .SetECCurve(ecCurveHashPair.Curve) .CreateForECDsa(generator); Assert.NotNull(cert); WriteCertificate(cert, "Default signed RSA cert"); } // ensure invalid path throws argument exception Assert.Throws <NotSupportedException>(() => { using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey()) { var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey); var cert = CertificateBuilder.Create("CN=App Cert") .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName) .SetECCurve(ecCurveHashPair.Curve) .CreateForECDsa(generator); } }); }
/// <summary> /// Create a X509Certificate2 with a private key by combining /// the new certificate with a private key from an existing certificate /// </summary> public static X509Certificate2 CreateCertificateWithPrivateKey( X509Certificate2 certificate, X509Certificate2 certificateWithPrivateKey) { if (!certificateWithPrivateKey.HasPrivateKey) { throw new NotSupportedException("Need a certificate with a private key."); } if (!X509Utils.VerifyRSAKeyPair(certificate, certificateWithPrivateKey)) { throw new NotSupportedException("The public and the private key pair doesn't match."); } string passcode = Guid.NewGuid().ToString(); RSA rsaPrivateKey = null; try { rsaPrivateKey = certificateWithPrivateKey.GetRSAPrivateKey(); byte[] pfxData = CertificateBuilder.CreatePfxWithRSAPrivateKey( certificate, certificate.FriendlyName, rsaPrivateKey, passcode); return(X509Utils.CreateCertificateFromPKCS12(pfxData, passcode)); } finally { RsaUtils.RSADispose(rsaPrivateKey); } }
public async Task UnboundCertificateCommitAndRefreshWorks() { using (BatchClient batchClient = ClientUnitTestCommon.CreateDummyClient()) { string pfxFilePath = TestCommon.GetTemporaryCertificateFilePath("unboundcertificateunittest.pfx"); try { CertificateBuilder.CreateSelfSignedInFile("test", pfxFilePath, CommonResources.CertificatePassword); const string expectedThumbprint = "ABC"; var protoCertificate = new Protocol.Models.Certificate(thumbprint: expectedThumbprint); Certificate certificate = batchClient.CertificateOperations.CreateCertificate( pfxFilePath, CommonResources.CertificatePassword); Assert.NotNull(certificate.ThumbprintAlgorithm); await certificate.CommitAsync(additionalBehaviors : InterceptorFactory.CreateAddCertificateRequestInterceptor()); await certificate.RefreshAsync(additionalBehaviors : InterceptorFactory.CreateGetCertificateRequestInterceptor(protoCertificate)); Assert.Equal(expectedThumbprint, certificate.Thumbprint); Assert.Null(certificate.ThumbprintAlgorithm); } finally { File.Delete(pfxFilePath); } } }
public void CreateSelfSignedForECDsaTests(ECCurve eccurve) { // default cert X509Certificate2 cert = CertificateBuilder.Create(Subject).SetECCurve(eccurve).CreateForECDsa(); WriteCertificate(cert, "Default ECDsa cert"); // set dates cert = CertificateBuilder.Create(Subject) .SetNotBefore(DateTime.Today.AddYears(-1)) .SetNotAfter(DateTime.Today.AddYears(25)) .AddExtension(new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" })) .SetECCurve(eccurve) .CreateForECDsa(); WriteCertificate(cert, "Default cert with modified lifetime and alt name extension"); // set hash alg cert = CertificateBuilder.Create(Subject) .SetHashAlgorithm(HashAlgorithmName.SHA512) .SetECCurve(eccurve) .CreateForECDsa(); WriteCertificate(cert, "Default cert with SHA512 signature."); // set CA constraints cert = CertificateBuilder.Create(Subject) .SetCAConstraint(-1) .AddExtension(X509Extensions.BuildX509CRLDistributionPoints("http://myca/mycert.crl")) .SetECCurve(eccurve) .CreateForECDsa(); WriteCertificate(cert, "Default cert with CA constraints None and CRL distribution points"); }
public void CreateSelfSignedForECDsaDefaultTest(ECCurveHashPair eccurveHashPair) { // default cert X509Certificate2 cert = CertificateBuilder.Create(Subject) .SetECCurve(eccurveHashPair.Curve) .CreateForECDsa(); Assert.NotNull(cert); WriteCertificate(cert, "Default ECDsa cert"); using (var privateKey = cert.GetECDsaPrivateKey()) { Assert.NotNull(privateKey); privateKey.ExportParameters(false); privateKey.ExportParameters(true); } using (var publicKey = cert.GetECDsaPublicKey()) { Assert.NotNull(publicKey); publicKey.ExportParameters(false); } Assert.AreEqual(X509Defaults.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value)); Assert.GreaterOrEqual(DateTime.UtcNow, cert.NotBefore); Assert.GreaterOrEqual(DateTime.UtcNow.AddMonths(X509Defaults.LifeTime), cert.NotAfter.ToUniversalTime()); var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions); Assert.NotNull(basicConstraintsExtension); Assert.True(basicConstraintsExtension.CertificateAuthority); Assert.AreEqual(0, basicConstraintsExtension.PathLengthConstraint); var keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert.Extensions); Assert.NotNull(keyUsage); X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert), "Verify self signed."); }
public void VerifyOneSelfSignedAppCertForAll() { var builder = CertificateBuilder.Create(Subject) .SetNotBefore(DateTime.Today.AddYears(-1)) .SetNotAfter(DateTime.Today.AddYears(25)) .AddExtension(new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" })); byte[] previousSerialNumber = null; foreach (var keyHash in KeyHashPairs) { using (var cert = builder .SetHashAlgorithm(keyHash.HashAlgorithmName) .SetRSAKeySize(keyHash.KeySize) .CreateForRSA()) { Assert.NotNull(cert); WriteCertificate(cert, $"Default cert with RSA {keyHash.KeySize} {keyHash.HashAlgorithmName} signature."); Assert.AreEqual(keyHash.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value)); // ensure serial numbers are different Assert.AreNotEqual(previousSerialNumber, cert.GetSerialNumber()); X509PfxUtils.VerifyRSAKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert)); Assert.AreEqual(cert.SubjectName.Name, cert.IssuerName.Name); Assert.AreEqual(cert.SubjectName.RawData, cert.IssuerName.RawData); CheckPEMWriter(cert); } } }
public void TestCreatePfxFileFromRawData() { string filePath = TestCommon.GetTemporaryCertificateFilePath(string.Format("{0}.pfx", CertificateFilePrefix)); CertificateBuilder.CreateSelfSignedInFile("Foo", filePath, CommonResources.CertificatePassword); TestCertificateFromRawData(filePath, CommonResources.CertificatePassword); }
public void TestCreateCerFileFromRawData() { string filePath = IntegrationTestCommon.GetTemporaryCertificateFilePath(string.Format("{0}.cer", CertificateFilePrefix)); CertificateBuilder.CreateSelfSignedInFile("Foo", filePath, CertificateBuilder.Sha1Algorithm); TestCertificateFromRawData(filePath, CertificateBuilder.Sha1Algorithm); }
public void TestCreateSha256Pfx() { string filePath = IntegrationTestCommon.GetTemporaryCertificateFilePath(string.Format("{0}.pfx", CertificateFilePrefix)); CertificateBuilder.CreateSelfSignedInFile("Foo", filePath, CertificateBuilder.Sha256Algorithm, password: CommonResources.CertificatePassword); TestCertificateFromRawData(filePath, CertificateBuilder.Sha256Algorithm, CommonResources.CertificatePassword); }
/// <summary> /// Creates a certificate signing request from an existing certificate. /// </summary> public static byte[] CreateSigningRequest( X509Certificate2 certificate, IList <String> domainNames = null ) { return(CertificateBuilder.CreateSigningRequest( certificate, domainNames)); }
private int RunInternal(string subjectName, string issuerName) { // Builder path for normal certificate. var storeCertificate = LoadCACertificate(Options.IssuerName); var builder = new CertificateBuilder(Options.KeyStrength, Options.SignatureAlgorithm, Logger); if (!ValidateIssuer(storeCertificate)) { Logger.Error("Provided issuer is not a valid CA and therefore cannot issue other certificates."); throw new CertificateException( "Provided issuer is not a valid CA and therefore cannot issue other certificates."); } var issuingKeyPair = DotNetUtilities.GetKeyPair(storeCertificate.PrivateKey); string[] dpUrls = Options.DistributionPoints.Count() > 0 ? Options.DistributionPoints.ToArray() : MenuInterupts.GetCrlDistributionPoints(); var bcCertificate = builder .AddSKID() .AddSerialNumber() .AddValidityTime() .AddExtendedKeyUsages() .AddSubjectCommonName(Options.CommonName) .AddIssuerCommonName(Options.IssuerName) // Generate from CA. .AddBasicConstraints() .AddAKID(issuingKeyPair.Public) .AddCRLDistributionPoints(dpUrls) .Generate(issuingKeyPair.Private, out AsymmetricCipherKeyPair generatedKeyPair); var convertedCertificate = GetWindowsCertFromGenerated(bcCertificate, Options.CommonName, generatedKeyPair.Private, builder.SecureRandom); if (Options.Debug) { DisplayCertificateDebugInfo(convertedCertificate); } X509Chain chain = new X509Chain(); chain.Build(convertedCertificate); if (!string.IsNullOrEmpty(Options.ExportLocation)) { File.WriteAllBytes(Path.Combine(Options.ExportLocation, $"{Options.CommonName}.pfx"), convertedCertificate.Export(X509ContentType.Pkcs12)); } else { // Add CA certificate to Root store var machineStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); machineStore.Open(OpenFlags.ReadWrite); machineStore.Add(convertedCertificate); machineStore.Close(); } return(SUCCESS); }
private static async Task CheckDomainsForValidCertificateAsync(ILogger log, CancellationToken cancellationToken, ExecutionContext executionContext) { // internal storage (used for letsencrypt account metadata) IStorageProvider storageProvider = new AzureBlobStorageProvider(Environment.GetEnvironmentVariable("AzureWebJobsStorage"), "letsencrypt"); IConfigurationProcessor processor = new ConfigurationProcessor(); var configurations = await AutoRenewal.LoadConfigFilesAsync(storageProvider, processor, log, cancellationToken, executionContext); IAuthenticationService authenticationService = new AuthenticationService(storageProvider); var az = new AzureHelper(); var tokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback)); var storageFactory = new StorageFactory(az); var renewalOptionsParser = new RenewalOptionParser(az, keyVaultClient, storageFactory, log); var certificateBuilder = new CertificateBuilder(); IRenewalService renewalService = new RenewalService(authenticationService, renewalOptionsParser, certificateBuilder, log); var errors = new List <Exception>(); var httpClient = new HttpClient(); foreach ((var name, var config) in configurations) { using (log.BeginScope($"Checking certificates from {name}")) { foreach (var cert in config.Certificates) { var hostNames = string.Join(";", cert.HostNames); try { // check each domain to verify HTTPS certificate is valid var request = WebRequest.CreateHttp($"https://{cert.HostNames.First()}"); request.ServerCertificateValidationCallback += ValidateTestServerCertificate; using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) { } } catch (Exception e) { log.LogError(e, $"Certificate check failed for: {hostNames}!"); errors.Add(e); continue; } log.LogInformation($"Certificate for {hostNames} looks valid"); } } } if (!configurations.Any()) { log.LogWarning("No configurations where processed, refere to the sample on how to set up configs!"); } if (errors.Any()) { throw new AggregateException("Failed to process all certificates", errors); } }
protected void Application_Start() { AreaRegistration.RegisterAllAreas(); RegisterGlobalFilters(GlobalFilters.Filters); RegisterRoutes(RouteTable.Routes); CloudBackedStore.Initialize(); CertificateBuilder.Initialize(); PackageBuilder.Initialize(); }
/// <summary> /// Build the samples certificate /// </summary> public bool Build(Action <string> log) { string errorMessage; log("Creating sample certificate..."); if (!CertificateBuilder.CreateCertificate(this, Console.WriteLine, out thumbprint, out errorMessage)) { log(errorMessage); return(false); } return(true); }
public void CreateECDsaManualSerialTest() { var eccurve = ECCurve.NamedCurves.nistP256; // default cert Assert.Throws <ArgumentOutOfRangeException>( () => { CertificateBuilder.Create(Subject) .SetSerialNumber(Array.Empty <byte>()) .SetECCurve(eccurve) .CreateForECDsa(); } ); Assert.Throws <ArgumentOutOfRangeException>( () => { CertificateBuilder.Create(Subject) .SetSerialNumber(new byte[X509Defaults.SerialNumberLengthMax + 1]) .SetECCurve(eccurve) .CreateForECDsa(); } ); var serial = new byte[X509Defaults.SerialNumberLengthMax]; for (int i = 0; i < serial.Length; i++) { serial[i] = (byte)((i + 1) | 0x80); } // test if sign bit is cleared var builder = CertificateBuilder.Create(Subject) .SetSerialNumber(serial); serial[serial.Length - 1] &= 0x7f; Assert.AreEqual(serial, builder.GetSerialNumber()); var cert1 = builder.SetECCurve(eccurve).CreateForECDsa(); WriteCertificate(cert1, "Cert1 with max length serial number"); TestContext.Out.WriteLine($"Serial: {serial.ToHexString(true)}"); Assert.AreEqual(serial, cert1.GetSerialNumber()); Assert.AreEqual(X509Defaults.SerialNumberLengthMax, cert1.GetSerialNumber().Length); // clear sign bit builder.SetSerialNumberLength(X509Defaults.SerialNumberLengthMax); var cert2 = builder.SetECCurve(eccurve).CreateForECDsa(); WriteCertificate(cert2, "Cert2 with max length serial number"); TestContext.Out.WriteLine($"Serial: {cert2.SerialNumber}"); Assert.GreaterOrEqual(X509Defaults.SerialNumberLengthMax, cert2.GetSerialNumber().Length); Assert.AreNotEqual(cert1.SerialNumber, cert2.SerialNumber); }
private static List <Certificate> GenerateCertificates(BatchClient batchClient, string cerFilePath, string pfxFilePath) { CertificateBuilder.CreateSelfSignedInFile("Foo", cerFilePath, CertificateBuilder.Sha1Algorithm); CertificateBuilder.CreateSelfSignedInFile("Foo", pfxFilePath, CertificateBuilder.Sha1Algorithm, password: CommonResources.CertificatePassword); Certificate cerCertificate = batchClient.CertificateOperations.CreateCertificate(cerFilePath); Certificate pfxCertificate = batchClient.CertificateOperations.CreateCertificate(pfxFilePath, CommonResources.CertificatePassword); return(new List <Certificate> { cerCertificate, pfxCertificate }); }
private X509Certificate2 CreateAddressBoundCertificate(X509Certificate2 issuer, string emailAddress) { var domain = issuer.GetNameInfo(X509NameType.DnsName, false); var builder = new CertificateBuilder(issuer) { AuthorityInformationAccessUri = new Uri($"http://{domain}/pki/{domain}.cer"), CrlDistributionPointUri = new Uri($"http://{domain}/pki/{domain}.crl"), SubjectDN = new X509Name($"CN={emailAddress}") }; builder.SetSubjectAlternativeNameToEmail(emailAddress); builder.Policies.Add(DirectTrustCertificatePolicies.DTorgCPVersions); return(builder.Generate()); }
/// <summary> /// Create a certificate for an OPC UA application. /// </summary> /// <param name="applicationUri">The application Uri</param> /// <param name="applicationName">The friendly name of the application</param> /// <param name="subjectName">The subject of the certificate</param> /// <param name="domainNames">The domain names for the alt name extension</param> /// <returns> /// Return the Certificate builder with X509 Subject Alt Name extension /// to create the certificate. /// </returns> public static ICertificateBuilder CreateCertificate( string applicationUri, string applicationName, string subjectName, IList <string> domainNames) { SetSuitableDefaults( ref applicationUri, ref applicationName, ref subjectName, ref domainNames); return(CertificateBuilder.Create(subjectName) .AddExtension(new X509SubjectAltNameExtension(applicationUri, domainNames))); }
// Use for Coyote. /*********************************/ public async Task GetAndUpdateAtTheSameTime() { _context.Certificates.AddRange(CertificateBuilder.GetDefaultValues()); _context.SaveChanges(); _context.ChangeTracker.Clear(); var certificate = await _context.Certificates.AsNoTracking().FirstOrDefaultAsync(); // This code throws an DbUpdateConcurrencyException, // so we add a check (try-catch) to the "Edit" methods of the controllers. var deleteResult = _repository.DeleteAsync(certificate); var updateResult = _repository.UpdateAsync(certificate); await Task.WhenAll(deleteResult, updateResult); }
private X509Certificate2 CreateCertificateAuthority(string domain) { if (_rootCA == null) { var builder = new CertificateBuilder(1) { SubjectDN = new X509Name($"CN={domain}") }; builder.SetSubjectAlternativeNameToDomain(domain); builder.Policies.Add(DirectTrustCertificatePolicies.DTorgCPVersions); _rootCA = builder.Generate(); } return(_rootCA); }