public static X509Certificate2 CreateSelfSignedCertificate(this CngKey key,
X509Certificates.X509CertificateCreationParameters creationParameters)
{
if (creationParameters == null)
{
throw new ArgumentNullException("creationParameters");
}
// If we are not being asked to hand ownership of the key over to the certificate, then we need
// ensure that we are running in a trusted context as we have no way to ensure that the caller
// will not force the key to be cleaned up and then continue to use the dangling handle left in
// the certificate.
if (!creationParameters.TakeOwnershipOfKey)
{
new PermissionSet(PermissionState.Unrestricted).Demand();
}
using (SafeCertContextHandle selfSignedCertHandle =
X509Native.CreateSelfSignedCertificate(key,
creationParameters.TakeOwnershipOfKey,
creationParameters.SubjectName.RawData,
creationParameters.CertificateCreationOptions,
X509Native.MapCertificateSignatureAlgorithm(creationParameters.SignatureAlgorithm),
creationParameters.StartTime,
creationParameters.EndTime,
creationParameters.ExtensionsNoDemand))
{
// We need to get the raw handle out of the safe handle because X509Certificate2 only
// exposes an IntPtr constructor. To do that we'll temporarially bump the ref count on
// the handle.
//
// X509Certificate2 will duplicate the handle value in the .ctor, so once we've created
// the certificate object, we can safely drop the ref count and dispose of our handle.
X509Certificate2 certificate = null;
bool addedRef = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
selfSignedCertHandle.DangerousAddRef(ref addedRef);
certificate = new X509Certificate2(selfSignedCertHandle.DangerousGetHandle());
}
finally
{
if (addedRef)
{
selfSignedCertHandle.DangerousRelease();
}
}
// If we passed ownership of the key to the certificate, than destroy the key
// now so that we don't continue to use it beyond the liftime of the cert.
if (creationParameters.TakeOwnershipOfKey)
{
key.Dispose();
}
return(certificate);
}
}
public static X509Certificate2 CreateSelfSignedCertificate(this CngKey key,
X509CertificateCreationParameters creationParameters)
{
if (creationParameters == null)
{
throw new ArgumentNullException("creationParameters");
}
using (SafeNCryptKeyHandle keyHandle = key.Handle)
{
using (SafeCertificateContextHandle selfSignedCertHandle =
X509Native.CreateSelfSignedCertificate(keyHandle,
creationParameters.SubjectName.RawData,
creationParameters.CertificateCreationOptions,
X509Native.MapCertificateSignatureAlgorithm(creationParameters.SignatureAlgorithm),
creationParameters.StartTime,
creationParameters.EndTime,
creationParameters.ExtensionsNoDemand))
{
// We need to get the raw handle out of the safe handle because X509Certificate2 only
// exposes an IntPtr constructor. To do that we'll temporarially bump the ref count on
// the handle.
//
// X509Certificate2 will duplicate the handle value in the .ctor, so once we've created
// the certificate object, we can safely drop the ref count and dispose of our handle.
bool addedRef = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
selfSignedCertHandle.DangerousAddRef(ref addedRef);
return(new X509Certificate2(selfSignedCertHandle.DangerousGetHandle()));
}
finally
{
if (addedRef)
{
selfSignedCertHandle.DangerousRelease();
}
}
}
}
}
