private byte[] GenerateRootCertificate()
{
string commonName = $"Test Authority {DateTime.UtcNow:MM/yyyy}";
DateTimeOffset notBefore = DateTimeOffset.UtcNow.AddHours(-2);
DateTimeOffset notAfter = DateTimeOffset.UtcNow.AddYears(5);
SecureRandom random = GenerateRandom();
ICertificateBuilder builder = builderFactory(random);
AsymmetricCipherKeyPair keyPair = CertificateBuilder2.GenerateKeyPair(2048, GenerateRandom());
CertificateWithKey certificate = builder
.WithSubjectCommonName(commonName)
.WithKeyPair(keyPair)
.SetNotAfter(notAfter)
.SetNotBefore(notBefore)
.WithBasicConstraints(BasicConstrainsConstants.CertificateAuthority)
//.WithKeyUsage()
.WithAuthorityKeyIdentifier(keyPair)
.WithSubjectKeyIdentifier()
.SetIssuer(builder.Subject)
.Generate();
return(ConvertToPfx(certificate.Certificate, (RsaPrivateCrtKeyParameters)keyPair.Private, Password));
}
public static ICertificateBuilder WithSerialNo(this ICertificateBuilder builder)
{
//builder.AddExtension(X509Extensions.KeyUsage.Id, true, new KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature | KeyUsage.NonRepudiation));
builder.SerialNo = BigInteger.ValueOf((Int64)Store.GetMaxId() + 1);
return(builder);
}
public static ICertificateBuilder WithSubjectKeyIdentifier(this ICertificateBuilder builder)
{
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(builder.PublicKeyInfo);
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(subjectPublicKeyInfo));
return(builder);
}
/// <summary>
/// Set Subject Alternative Name extension.
/// </summary>
/// <param name="builder"><seecref name="ICertificateBuilder" />.</param>
/// <param name="hostnames">Hostnames and domain names.</param>
/// <param name="ipAddresses">IP addresses.</param>
/// <returns><seecref name="ICertificateBuilder" />.</returns>
public static ICertificateBuilder WithSubjectAlternativeName(this ICertificateBuilder builder,
List <string> hostnames = null, List <string> ipAddresses = null)
{
var result = new List <Asn1Encodable>();
hostnames?.Select(x => new GeneralName(GeneralName.DnsName, x))
.Select(x => x as Asn1Encodable)
.ToList()
.ForEach(result.Add);
ipAddresses?.Select(x => new GeneralName(GeneralName.IPAddress, x))
.Select(x => x as Asn1Encodable)
.ToList()
.ForEach(result.Add);
if (result.IsEmpty())
{
return(builder);
}
var extension = new DerSequence(result.ToArray());
builder.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, extension);
return(builder);
}
/// <summary>
/// Set serial number.
/// </summary>
/// <param name="builder"><seecref name="ICertificateBuilder" />.</param>
/// <returns><seecref name="ICertificateBuilder" />.</returns>
public static ICertificateBuilder WithSerialNumber(this ICertificateBuilder builder)
{
builder.AddExtension(X509Extensions.KeyUsage.Id, true,
new KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature |
KeyUsage.NonRepudiation));
return(builder);
}
public static ICertificateBuilder WithExtendedKeyUsage(this ICertificateBuilder builder)
{
var extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth);
builder.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, extendedKeyUsage);
return(builder);
}
public static ICertificateBuilder WithAuthorityKeyIdentifier(this ICertificateBuilder builder, AsymmetricCipherKeyPair authorityKeyPair)
{
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(authorityKeyPair.Public);
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier(subjectPublicKeyInfo));
return(builder);
}
internal static X509Certificate2 CreateCertificate(
string applicationUri,
string applicationName,
string subjectName,
IList <String> domainNames,
ushort keySize,
DateTime startTime,
ushort lifetimeInMonths,
ushort hashSizeInBits,
bool isCA = false,
X509Certificate2 issuerCAKeyCert = null,
byte[] publicKey = null,
int pathLengthConstraint = 0)
{
ICertificateBuilder builder = null;
if (isCA)
{
builder = CreateCertificate(subjectName);
}
else
{
builder = CreateCertificate(
applicationUri,
applicationName,
subjectName,
domainNames);
}
builder.SetNotBefore(startTime);
builder.SetNotAfter(startTime.AddMonths(lifetimeInMonths));
builder.SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(hashSizeInBits));
if (isCA)
{
builder.SetCAConstraint(pathLengthConstraint);
}
ICertificateBuilderCreateForRSA createBuilder;
if (issuerCAKeyCert != null)
{
var issuerBuilder = builder.SetIssuer(issuerCAKeyCert);
if (publicKey != null)
{
createBuilder = issuerBuilder.SetRSAPublicKey(publicKey);
}
else
{
createBuilder = issuerBuilder.SetRSAKeySize(keySize);
}
}
else
{
createBuilder = builder.SetRSAKeySize(keySize);
}
return(createBuilder.CreateForRSA());
}
public static ICertificateBuilder WithExtendedKeyUsage(this ICertificateBuilder builder, bool isServer)
{
if (isServer)
{
return(WithServerKeyUsage(builder));
}
else
{
return(WithClientKeyUsage(builder));
}
}
public RenewalService(
IAuthenticationService authenticationService,
IRenewalOptionParser renewalOptionParser,
ICertificateBuilder certificateBuilder,
ILogger <RenewalService> logger)
{
_authenticationService = authenticationService ?? throw new ArgumentNullException(nameof(authenticationService));
_renewalOptionParser = renewalOptionParser ?? throw new ArgumentNullException(nameof(renewalOptionParser));
_certificateBuilder = certificateBuilder ?? throw new ArgumentNullException(nameof(certificateBuilder));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
static CertificateUtils()
{
if (!GeneralUtils.IsRunningOnMono())
{
// We use the native builder on windows just because
builder = new NativeCertificateBuilder();
}
else
{
builder = new BCCertificateBuilder();
}
}
static CertificateUtils()
{
if (!GeneralUtils.IsRunningOnMono())
{
// We use the native builder on windows just because
builder = new NativeCertificateBuilder();
}
else
{
builder = new BCCertificateBuilder();
}
}
public static ICertificateBuilder WithSubjectCommonName(this ICertificateBuilder builder, string commonName)
{
var subjectComponents = new Dictionary <DerObjectIdentifier, string>
{
{ X509Name.CN, commonName }
};
X509Name subject = GetX509Name(subjectComponents);
builder.SetSubject(subject);
return(builder);
}
public GenerateDocumentFactory()
{
_certificateBuilder = new CertificateBuilder();
_contractBuilder = new ContractBuilder();
}
