private static void GenerateCertificate(string certPath, string certHost, string certPassword)
{
CertificateGenerator.CreateSelfSignCertificatePfx(certPath, certHost, certPassword, _logger);
}
/// <summary>
/// Searches the stores for certificate with subject name matching the host and path extracted from the applicationUri.
/// </summary>
/// <param name="description">The <see cref="ApplicationDescription"/>.</param>
/// <param name="createIfNotFound">Creates a new self-signed certificate if one not found.</param>
/// <returns>The certificate. </returns>
public static X509Certificate2 GetCertificate(this ApplicationDescription description, bool createIfNotFound = true)
{
if (description == null)
{
throw new ArgumentNullException(nameof(description));
}
if (string.IsNullOrEmpty(description.ApplicationUri))
{
throw new ArgumentOutOfRangeException(nameof(description), "Expecting ApplicationUri in the form of 'http://{hostname}/{appname}'.");
}
string subjectName = null;
UriBuilder appUri = new UriBuilder(description.ApplicationUri);
if (appUri.Scheme == "http" && !string.IsNullOrEmpty(appUri.Host))
{
var path = appUri.Path.Trim('/');
if (!string.IsNullOrEmpty(path))
{
subjectName = $"CN={path}, DC={appUri.Host}";
}
}
if (appUri.Scheme == "urn")
{
var parts = appUri.Path.Split(new[] { ':' }, 2);
if (parts.Length == 2)
{
subjectName = $"CN={parts[1]}, DC={parts[0]}";
}
}
if (subjectName == null)
{
throw new ArgumentOutOfRangeException(nameof(description), "Expecting ApplicationUri in the form of 'http://{hostname}/{appname}' -or- 'urn:{hostname}:{appname}'.");
}
X509Certificate2 clientCertificate = null;
X509Store store = null;
List <X509Certificate2> foundCerts = new List <X509Certificate2>();
// First check the Local Machine store.
store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
if (certs.Count > 0)
{
foundCerts.AddRange(certs.OfType <X509Certificate2>());
}
}
catch (Exception ex)
{
Trace.TraceWarning($"GetCertificate error opening X509Store '{store}'. {ex.Message}");
}
finally
{
store.Dispose();
}
// Then check the Current User store.
store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
if (certs.Count > 0)
{
foundCerts.AddRange(certs.OfType <X509Certificate2>());
}
}
catch (Exception ex)
{
Trace.TraceWarning($"GetCertificate error opening X509Store '{store}'. {ex.Message}");
}
finally
{
store.Dispose();
}
// Select the certificate that was created last.
if (foundCerts.Count > 0)
{
clientCertificate = foundCerts.OrderBy(c => c.NotBefore).Last();
Trace.TraceInformation($"GetCertificate found certificate '{subjectName}'.");
return(clientCertificate);
}
Trace.TraceInformation($"GetCertificate creating new certificate '{subjectName}'.");
try
{
var pfx = CertificateGenerator.CreateSelfSignCertificatePfx(
subjectName,
DateTime.UtcNow,
DateTime.UtcNow.AddYears(25),
new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyCertSign, true),
new X509EnhancedKeyUsageExtension(new OidCollection {
new Oid(EnhancedKeyUsageOids.ServerAuthentication), new Oid(EnhancedKeyUsageOids.ClientAuthentication)
}, false),
new X509SubjectAlternateNameExtension(new[] { new X509AlternativeName {
Type = X509AlternateNameType.Url, Value = description.ApplicationUri
} }, true));
clientCertificate = new X509Certificate2(pfx, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.DefaultKeySet);
// add cert to Current User store.
store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadWrite | OpenFlags.OpenExistingOnly);
store.Add(clientCertificate);
}
catch (Exception ex)
{
Trace.TraceWarning($"GetCertificate error adding certificate to store '{store}'. {ex.Message}");
}
finally
{
store.Dispose();
}
}
catch (Exception ex)
{
Trace.TraceWarning($"GetCertificate error creating certificate '{subjectName}'. {ex.Message}");
}
return(clientCertificate);
}
/// <summary>
/// Generates a self signed certificate at the locatation specified by <paramref name="certificatePath"/>.
/// </summary>
/// <param name="certificatePath">The path to generate the certificate.</param>
/// <param name="hostname">The common name for the certificate.</param>
public void GenerateSelfSignedSslCertificate(string certificatePath, string hostname)
{
CertificateGenerator.CreateSelfSignCertificatePfx(certificatePath, hostname, Logger);
}