public void GenerateCertificate()
{
var now = DateTime.UtcNow;
var certificateBuilderResult = new CACertificateBuilder()
.SetSerialNumber(1)
.SetKeySize(2048)
.SetSubjectDN("Test CA", "Organization Unit", "Organization", "Locality", "Country")
.SetNotBefore(now)
.SetNotAfter(now.AddMonths(24))
.Build();
Assert.That(() => certificateBuilderResult, Is.Not.Null);
Assert.That(() => certificateBuilderResult.Certificate, Is.Not.Null);
var pkcs12Data = certificateBuilderResult.ExportCertificate("12345678".ToSecureString());
var sslCertificateBuilderResult = new SSLCertificateBuilder()
.SetSerialNumber(2)
.SetKeySize(4096)
.SetSubjectDN("Test SSL", "Organization Unit", "Organization", "Locality", "Country")
.SetNotBefore(now)
.SetNotAfter(now.AddMonths(12))
.SetIssuerCertificate(pkcs12Data, "12345678".ToSecureString())
.SetClientAuthKeyUsage()
.SetServerAuthKeyUsage()
.SetSubjectAlternativeNames(new List <string>()
{
"example.com"
})
.Build();
Assert.That(() => sslCertificateBuilderResult, Is.Not.Null);
Assert.That(() => sslCertificateBuilderResult.Certificate, Is.Not.Null);
Assert.That(() => sslCertificateBuilderResult.Certificate.SigAlgName, Is.EqualTo("SHA-512withRSA"));
Assert.That(() => sslCertificateBuilderResult.Certificate.SerialNumber, Is.EqualTo(BigInteger.Two));
Assert.That(() => sslCertificateBuilderResult.Certificate.NotBefore, Is.EqualTo(now.TruncateMilliseconds()));
Assert.That(() => sslCertificateBuilderResult.Certificate.NotAfter, Is.EqualTo(now.AddMonths(12).TruncateMilliseconds()));
Assert.That(() => sslCertificateBuilderResult.Certificate.GetExtendedKeyUsage(), Is.EqualTo(new List <string>()
{
KeyPurposeID.IdKPServerAuth.Id, KeyPurposeID.IdKPClientAuth.Id
}));
Assert.That(() => sslCertificateBuilderResult.Certificate.GetSubjectAlternativeNames().Cast <ArrayList>().ToList()[0], Is.EqualTo(new ArrayList()
{
GeneralName.DnsName, "example.com"
}));
Assert.That(() => sslCertificateBuilderResult.Certificate.IsSelfSigned(), Is.False);
Assert.That(() => sslCertificateBuilderResult.Certificate.SubjectDN.ToString(), Is.EqualTo("C=Country,L=Locality,O=Organization,OU=Organization Unit,CN=Test SSL"));
Assert.That(() => sslCertificateBuilderResult.Certificate.IssuerDN.ToString(), Is.EqualTo("C=Country,L=Locality,O=Organization,OU=Organization Unit,CN=Test CA"));
Assert.That(() => sslCertificateBuilderResult.Certificate.Verify(certificateBuilderResult.Certificate.GetPublicKey()), Throws.Nothing);
}
private async void GenerateCertificatesAsync()
{
try
{
if (!this.ValidateControls())
{
UpdateStatusStrip("Please fill all required fields.");
return;
}
var savePath = this.textBoxSavePath.Text;
if (!Directory.Exists(savePath))
{
throw new Exception("Destination directory does not exist.");
}
if (Directory.GetFiles(savePath).Length > 0)
{
throw new Exception("Destination directory must be empty.");
}
UpdateStatusStrip("Generating Certificate files...");
ToogleControls(enabled: false);
var now = DateTime.UtcNow;
var keySize = Convert.ToUInt32(this.comboBoxKeySize.SelectedItem);
var validityInMonths = Convert.ToInt32(this.comboBoxValidity.SelectedItem);
var serialNumber = Convert.ToInt64(this.numericUpDownSerialNumber.Value);
await Task.Run(() =>
{
var certificateBuilderResult = new CACertificateBuilder()
.WithSerialNumberConfiguration(this.checkBoxRandomSerialNumber.Checked, serialNumber - 1)
.SetKeySize(keySize)
.SetSubjectDN(this.textBoxCN.Text + " CA", this.textBoxOU.Text, this.textBoxO.Text, null, this.textBoxC.Text)
.SetNotBefore(now)
.SetNotAfter(now.AddMonths(validityInMonths))
.Build();
var pkcs12Data = certificateBuilderResult.ExportCertificate(this.textBoxPassword.Text.ToSecureString());
var sslCertificateBuilder = new SSLCertificateBuilder()
.WithSerialNumberConfiguration(this.checkBoxRandomSerialNumber.Checked, serialNumber)
.SetKeySize(keySize)
.SetSubjectDN(this.textBoxCN.Text, this.textBoxOU.Text, this.textBoxO.Text, null, this.textBoxC.Text)
.SetNotBefore(now)
.SetNotAfter(now.AddMonths(validityInMonths))
.SetIssuerCertificate(pkcs12Data, this.textBoxPassword.Text.ToSecureString());
if (this.checkBoxClientAuthentication.Checked)
{
sslCertificateBuilder = sslCertificateBuilder.SetClientAuthKeyUsage();
}
;
if (this.checkBoxServerAuthentication.Checked)
{
sslCertificateBuilder = sslCertificateBuilder.SetServerAuthKeyUsage();
}
;
if (!this.textBoxSAN.Text.IsNullOrEmpty())
{
var sans = this.textBoxSAN.Text.Split(';').Select(x => x.Trim()).ToList();
sslCertificateBuilder = sslCertificateBuilder.SetSubjectAlternativeNames(sans);
}
;
var sslCertificateBuilderResult = sslCertificateBuilder.Build();
File.WriteAllBytes(Path.Combine(savePath, "caCertificate.p12"), pkcs12Data);
if (this.checkBoxCertificateExportCrt.Checked)
{
var certData = certificateBuilderResult.Certificate.ExportPublicKeyCertificate();
File.WriteAllBytes(Path.Combine(savePath, "caCertificate.crt"), certData);
}
var sslPkcs12Data = sslCertificateBuilderResult.ExportCertificate(this.textBoxPassword.Text.ToSecureString());
File.WriteAllBytes(Path.Combine(savePath, "sslCertificate.p12"), sslPkcs12Data);
if (this.checkBoxCertificateExportCrt.Checked)
{
var sslCertData = sslCertificateBuilderResult.Certificate.ExportPublicKeyCertificate();
File.WriteAllBytes(Path.Combine(savePath, "sslCertificate.crt"), sslCertData);
}
});
UpdateStatusStrip("Certificates generated successfully.");
}
catch (Exception ex)
{
MessageBox.Show(this, $"Error: {ex.Message}", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
UpdateStatusStrip(string.Empty);
}
ToogleControls(enabled: true);
}