/// <summary>
/// Create a Self signed certificate with all options which can also be used as a root certificate
/// </summary>
/// <param name="distinguishedName">Distinguished Name used for the subject and the issuer properties</param>
/// <param name="validityPeriod">Valid from, Valid to certificate properties</param>
/// <param name="subjectAlternativeName">SAN but only DnsNames can be added as a list + Email property</param>
/// <param name="enhancedKeyUsages">Defines how the certificate key can be used.
/// new Oid("1.3.6.1.5.5.7.3.1") // TLS Server auth
/// new Oid("1.3.6.1.5.5.7.3.2") // TLS Client auth
/// new Oid("1.3.6.1.5.5.7.3.3") // Code signing
/// new Oid("1.3.6.1.5.5.7.3.4") // Email
/// new Oid("1.3.6.1.5.5.7.3.8") // Timestamping
/// </param>
/// <param name="x509KeyUsageFlags">Defines how the certificate key can be used.
/// None No key usage parameters.
/// EncipherOnly The key can be used for encryption only.
/// CrlSign The key can be used to sign a certificate revocation list (CRL).
/// KeyCertSign The key can be used to sign certificates.
/// KeyAgreement The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm.
/// DataEncipherment The key can be used for data encryption.
/// KeyEncipherment The key can be used for key encryption.
/// NonRepudiation The key can be used for authentication.
/// DecipherOnly The key can be used for decryption only.
/// </param>
/// <returns>Self signed certificate</returns>
public X509Certificate2 NewECDsaSelfSignedCertificate(
DistinguishedName distinguishedName,
BasicConstraints basicConstraints,
ValidityPeriod validityPeriod,
SubjectAlternativeName subjectAlternativeName,
OidCollection enhancedKeyUsages,
X509KeyUsageFlags x509KeyUsageFlags,
ECDsaConfiguration eCDsaConfiguration)
{
using var ecdsa = ECDsa.Create("ECDsa");
ecdsa.KeySize = eCDsaConfiguration.KeySize;
var request = new CertificateRequest(
_certificateUtility.CreateIssuerOrSubject(distinguishedName),
ecdsa,
eCDsaConfiguration.HashAlgorithmName);
X509Certificate2 generatedCertificate = SelfSignedConfiguration(
basicConstraints,
validityPeriod,
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
request);
return(generatedCertificate);
}
public X509Certificate2 NewECDsaChainedCertificate(
DistinguishedName distinguishedName,
BasicConstraints basicConstraints,
ValidityPeriod validityPeriod,
SubjectAlternativeName subjectAlternativeName,
X509Certificate2 signingCertificate,
OidCollection enhancedKeyUsages,
X509KeyUsageFlags x509KeyUsageFlags,
ECDsaConfiguration eCDsaConfiguration)
{
if (signingCertificate == null)
{
throw new ArgumentNullException(nameof(signingCertificate));
}
if (!signingCertificate.HasPrivateKey)
{
throw new Exception("Signing cert must have private key");
}
using var ecdsa = ECDsa.Create("ECDsa");
ecdsa.KeySize = eCDsaConfiguration.KeySize;
var request = new CertificateRequest(
_certificateUtility.CreateIssuerOrSubject(distinguishedName),
ecdsa,
eCDsaConfiguration.HashAlgorithmName);
X509Certificate2 cert = ChainedConfiguration(
basicConstraints,
validityPeriod,
subjectAlternativeName,
signingCertificate,
enhancedKeyUsages,
x509KeyUsageFlags,
request);
return(cert.CopyWithPrivateKey(ecdsa));
}
