public X509Certificate2 ImportResponse(string pResponse)
{
CX509Enrollment objEnroll = new CX509EnrollmentClass();
try
{
var strCert = pResponse;
// Install the certificate
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
objEnroll.InstallResponse(
InstallResponseRestrictionFlags.AllowUntrustedRoot,
strCert,
EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
null
);
var x509Cert = new X509Certificate2(Encoding.ASCII.GetBytes(pResponse));
return(x509Cert);
}
catch (Exception ex)
{
EventLogHelper.LogEvent(ex.Message + "\n\r" + ex.StackTrace);
return(null);
}
}
private void OnSetConfigurationCertificate(BaseMessage <SetConfigurationCertificateInfo> pRequest)
{
var con = _configurations.FirstOrDefault(pX => pX.ConfigurationName == pRequest.Data.Name);
if (con != null)
{
con.SetCertificate(pRequest);
SendConfigurations();
}
else
{
EventLogHelper.LogEvent("Error setting configuration cert as it does not exist: " + pRequest.Data.Name);
}
}
private void OnDeleteConfiguration(BaseMessage <DeleteConfigurationInfo> pRequest)
{
var con = _configurations.FirstOrDefault(pX => pX.ConfigurationName == pRequest.Data.Name);
if (con != null)
{
con.Delete();
SendConfigurations();
}
else
{
EventLogHelper.LogEvent("Error deleting configuration as it does not exist: " + pRequest.Data.Name);
}
}
public string GenerateRequest(EnrollRequestDetails pDetails)
{
var objPkcs10 =
Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestPkcs10")) as
CX509CertificateRequestPkcs10;
var objPrivateKey =
Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509PrivateKey")) as CX509PrivateKey;
var objCSP = new CCspInformationClass();
var objCSPs = new CCspInformationsClass();
var objDN = new CX500DistinguishedNameClass();
var objEnroll =
Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509Enrollment")) as CX509Enrollment;
var objObjectIds = new CObjectIdsClass();
var objObjectId = new CObjectIdClass();
var objExtensionKeyUsage =
Activator.CreateInstance(
Type.GetTypeFromProgID("X509Enrollment.CX509ExtensionKeyUsage")) as CX509ExtensionKeyUsage;
var objX509ExtensionEnhancedKeyUsage =
Activator.CreateInstance(
Type.GetTypeFromProgID("X509Enrollment.CX509ExtensionEnhancedKeyUsage")) as
CX509ExtensionEnhancedKeyUsage;
try
{
// Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
objCSP.InitializeFromName("Microsoft Enhanced Cryptographic Provider v1.0");
// Add this CSP object to the CSP collection object
objCSPs.Add(
objCSP
);
// Provide key container name, key length and key spec to the private key object
//objPrivateKey.ContainerName = "AlejaCMa";
objPrivateKey.Length = 4096;
objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
objPrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
objPrivateKey.MachineContext = false;
// Provide the CSP collection object (in this case containing only 1 CSP object)
// to the private key object
objPrivateKey.CspInformations = objCSPs;
// Create the actual key pair
objPrivateKey.Create();
// Initialize the PKCS#10 certificate request object based on the private key.
// Using the context, indicate that this is a user certificate request and don't
// provide a template name
objPkcs10.InitializeFromPrivateKey(
X509CertificateEnrollmentContext.ContextUser,
objPrivateKey,
""
);
// Key Usage Extension
objExtensionKeyUsage.InitializeEncode(
X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
);
objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);
// Enhanced Key Usage Extension
objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); // OID for Client Authentication usage
objObjectIds.Add(objObjectId);
objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);
// Encode the name in using the Distinguished Name object
objDN.Encode(
string.Format("C={0}, ST={1}, L={2}, O={3}, CN={4}, email={5},OU={6}",
pDetails.Country,
pDetails.County,
pDetails.City,
pDetails.CompanyName,
pDetails.CommonName,
pDetails.EmailAddress,
pDetails.Department),
X500NameFlags.XCN_CERT_X500_NAME_STR
);
// Assing the subject name by using the Distinguished Name object initialized above
objPkcs10.Subject = objDN;
// Create enrollment request
objEnroll.InitializeFromRequest(objPkcs10);
var strRequest = objEnroll.CreateRequest(
EncodingType.XCN_CRYPT_STRING_BASE64
);
var sb = new StringBuilder("-----BEGIN NEW CERTIFICATE REQUEST-----");
sb.AppendLine();
sb.Append(strRequest);
sb.AppendLine("-----END NEW CERTIFICATE REQUEST-----");
return(sb.ToString());
}
catch (Exception ex)
{
EventLogHelper.LogEvent(ex.Message + "\n\r" + ex.StackTrace);
return(null);
}
}