/// <summary>
/// Add the Certificate endpoints feature to MVC.
/// </summary>
/// <param name="mvcBuilder">An interface for configuring MVC services.</param>
/// <param name="configureAction">Delegate for configuring options for certificate endpoints feature.</param>
/// <returns></returns>
public static IMvcBuilder AddCertificateEndpoints(this IMvcBuilder mvcBuilder, Action <CertificateEndpointsOptions> configureAction = null)
{
mvcBuilder.ConfigureApplicationPartManager(apm => apm.FeatureProviders.Add(new CertificatesFeatureProvider()));
mvcBuilder.AddFormatterMappings(mappings => {
mappings.SetMediaTypeMappingForFormat("crt", "application/x-x509-user-cert"); // The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM.
mappings.SetMediaTypeMappingForFormat("cer", "application/pkix-cert"); // Alternate form of .crt (Microsoft Convention). You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer)
mappings.SetMediaTypeMappingForFormat("key", "application/pkcs8"); // The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.
mappings.SetMediaTypeMappingForFormat("pfx", "application/x-pkcs12"); // PFX.
});
mvcBuilder.AddMvcOptions(mvc => {
mvc.OutputFormatters.Add(new CertificateOutputFormatter());
});
var options = new CertificateEndpointsOptions {
IssuerDomain = "www.example.com",
PfxPassphrase = "???"
};
options.Services = mvcBuilder.Services;
configureAction?.Invoke(options);
options.Services = null;
if (options.Path == null)
{
var serviceProvider = mvcBuilder.Services.BuildServiceProvider();
var hostingEnvironment = serviceProvider.GetRequiredService <IWebHostEnvironment>();
options.Path = Path.Combine(hostingEnvironment.ContentRootPath, "App_Data", "certs");
}
mvcBuilder.Services.AddSingleton(options);
if (!Directory.Exists(options.Path))
{
Directory.CreateDirectory(options.Path);
}
if (!File.Exists(Path.Combine(options.Path, "ca.pfx")))
{
var serviceProvider = mvcBuilder.Services.BuildServiceProvider();
var manager = new CertificateManager();
var issuingCert = manager.CreateRootCACertificate(options.IssuerDomain);
var certBase64 = issuingCert.ExportToPEM();
var pfxBytes = issuingCert.Export(X509ContentType.Pfx, options.PfxPassphrase);
File.WriteAllBytes(Path.Combine(options.Path, "ca.pfx"), pfxBytes);
File.WriteAllText(Path.Combine(options.Path, "ca.cer"), certBase64);
var store = serviceProvider.GetService <ICertificatesStore>();
var taskFactory = new TaskFactory();
var addTask = store.Add(issuingCert, null);
taskFactory.StartNew(() => addTask).Unwrap().GetAwaiter().GetResult();
}
return(mvcBuilder);
}
public void Generate_CRL()
{
//byte[] rawData = File.ReadAllBytes(Path.Combine(Directory.GetCurrentDirectory(), "GTSGIAG3.crl"));
//var decoder = CertificateRevocationListSequence.CreateDecoder();
//var type = decoder.Decode(rawData);
var crl = new CertificateRevocationList()
{
AuthorizationKeyId = "77c2b8509a677676b12dc286d083a07ea67eba4b",
Country = "GR",
Organization = "INDICE OE",
IssuerCommonName = "Some Cerification Authority CA",
CrlNumber = 234,
EffectiveDate = DateTime.UtcNow.AddDays(-2),
NextUpdate = DateTime.UtcNow.AddDays(1),
Items =
{
new RevokedCertificate {
ReasonCode = RevokedCertificate.CRLReasonCode.Superseded,
RevocationDate = DateTime.UtcNow.AddHours(-10),
SerialNumber = "05f4102a802b874c"
},
new RevokedCertificate {
ReasonCode = RevokedCertificate.CRLReasonCode.Superseded,
RevocationDate = DateTime.UtcNow.AddHours(-9),
SerialNumber = "174401aea7b9a5de"
}
}
};
var crlSeq = new CertificateRevocationListSequence(crl);
var manager = new CertificateManager();
var caCert = manager.CreateRootCACertificate("identityserver.gr");
var data = crlSeq.SignAndSerialize(caCert.PrivateKey as RSA);
File.WriteAllBytes(Path.Combine(Directory.GetCurrentDirectory(), "my.crl"), data);
Assert.True(true);
}
public void Generate_QWACs()
{
var data = Psd2CertificateRequest.Example();
var manager = new CertificateManager();
var caCert = manager.CreateRootCACertificate("identityserver.gr");
var cert = manager.CreateQWACs(data, "identityserver.gr", issuer: caCert, out var privateKey);
var certBase64 = cert.ExportToPEM();
var publicBase64 = privateKey.ToSubjectPublicKeyInfo();
var privateBase64 = privateKey.ToRSAPrivateKey();
var pfxBytes = cert.Export(X509ContentType.Pfx, "111");
var keyId = cert.GetSubjectKeyIdentifier();
File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.cer"), certBase64);
File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.public.key"), publicBase64);
File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.private.key"), privateBase64);
File.WriteAllBytes(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.pfx"), pfxBytes);
File.WriteAllText(Path.Combine(Directory.GetCurrentDirectory(), $"{data.AuthorizationNumber}.json"), JsonConvert.SerializeObject(new {
encodedCert = certBase64,
privateKey = privateBase64,
keyId = keyId.ToLower(),
algorithm = "SHA256WITHRSA"
}));
Assert.True(true);
}
