private byte[] GenerateRootCertificate() { string commonName = $"Test Authority {DateTime.UtcNow:MM/yyyy}"; DateTimeOffset notBefore = DateTimeOffset.UtcNow.AddHours(-2); DateTimeOffset notAfter = DateTimeOffset.UtcNow.AddYears(5); SecureRandom random = GenerateRandom(); ICertificateBuilder builder = builderFactory(random); AsymmetricCipherKeyPair keyPair = CertificateBuilder2.GenerateKeyPair(2048, GenerateRandom()); CertificateWithKey certificate = builder .WithSubjectCommonName(commonName) .WithKeyPair(keyPair) .SetNotAfter(notAfter) .SetNotBefore(notBefore) .WithBasicConstraints(BasicConstrainsConstants.CertificateAuthority) //.WithKeyUsage() .WithAuthorityKeyIdentifier(keyPair) .WithSubjectKeyIdentifier() .SetIssuer(builder.Subject) .Generate(); return(ConvertToPfx(certificate.Certificate, (RsaPrivateCrtKeyParameters)keyPair.Private, Password)); }
public static ICertificateBuilder WithSerialNo(this ICertificateBuilder builder) { //builder.AddExtension(X509Extensions.KeyUsage.Id, true, new KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature | KeyUsage.NonRepudiation)); builder.SerialNo = BigInteger.ValueOf((Int64)Store.GetMaxId() + 1); return(builder); }
public static ICertificateBuilder WithSubjectKeyIdentifier(this ICertificateBuilder builder) { SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(builder.PublicKeyInfo); builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(subjectPublicKeyInfo)); return(builder); }
/// <summary> /// Set Subject Alternative Name extension. /// </summary> /// <param name="builder"><seecref name="ICertificateBuilder" />.</param> /// <param name="hostnames">Hostnames and domain names.</param> /// <param name="ipAddresses">IP addresses.</param> /// <returns><seecref name="ICertificateBuilder" />.</returns> public static ICertificateBuilder WithSubjectAlternativeName(this ICertificateBuilder builder, List <string> hostnames = null, List <string> ipAddresses = null) { var result = new List <Asn1Encodable>(); hostnames?.Select(x => new GeneralName(GeneralName.DnsName, x)) .Select(x => x as Asn1Encodable) .ToList() .ForEach(result.Add); ipAddresses?.Select(x => new GeneralName(GeneralName.IPAddress, x)) .Select(x => x as Asn1Encodable) .ToList() .ForEach(result.Add); if (result.IsEmpty()) { return(builder); } var extension = new DerSequence(result.ToArray()); builder.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, extension); return(builder); }
/// <summary> /// Set serial number. /// </summary> /// <param name="builder"><seecref name="ICertificateBuilder" />.</param> /// <returns><seecref name="ICertificateBuilder" />.</returns> public static ICertificateBuilder WithSerialNumber(this ICertificateBuilder builder) { builder.AddExtension(X509Extensions.KeyUsage.Id, true, new KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature | KeyUsage.NonRepudiation)); return(builder); }
public static ICertificateBuilder WithExtendedKeyUsage(this ICertificateBuilder builder) { var extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth); builder.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, extendedKeyUsage); return(builder); }
public static ICertificateBuilder WithAuthorityKeyIdentifier(this ICertificateBuilder builder, AsymmetricCipherKeyPair authorityKeyPair) { SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(authorityKeyPair.Public); builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier(subjectPublicKeyInfo)); return(builder); }
internal static X509Certificate2 CreateCertificate( string applicationUri, string applicationName, string subjectName, IList <String> domainNames, ushort keySize, DateTime startTime, ushort lifetimeInMonths, ushort hashSizeInBits, bool isCA = false, X509Certificate2 issuerCAKeyCert = null, byte[] publicKey = null, int pathLengthConstraint = 0) { ICertificateBuilder builder = null; if (isCA) { builder = CreateCertificate(subjectName); } else { builder = CreateCertificate( applicationUri, applicationName, subjectName, domainNames); } builder.SetNotBefore(startTime); builder.SetNotAfter(startTime.AddMonths(lifetimeInMonths)); builder.SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(hashSizeInBits)); if (isCA) { builder.SetCAConstraint(pathLengthConstraint); } ICertificateBuilderCreateForRSA createBuilder; if (issuerCAKeyCert != null) { var issuerBuilder = builder.SetIssuer(issuerCAKeyCert); if (publicKey != null) { createBuilder = issuerBuilder.SetRSAPublicKey(publicKey); } else { createBuilder = issuerBuilder.SetRSAKeySize(keySize); } } else { createBuilder = builder.SetRSAKeySize(keySize); } return(createBuilder.CreateForRSA()); }
public static ICertificateBuilder WithExtendedKeyUsage(this ICertificateBuilder builder, bool isServer) { if (isServer) { return(WithServerKeyUsage(builder)); } else { return(WithClientKeyUsage(builder)); } }
public RenewalService( IAuthenticationService authenticationService, IRenewalOptionParser renewalOptionParser, ICertificateBuilder certificateBuilder, ILogger <RenewalService> logger) { _authenticationService = authenticationService ?? throw new ArgumentNullException(nameof(authenticationService)); _renewalOptionParser = renewalOptionParser ?? throw new ArgumentNullException(nameof(renewalOptionParser)); _certificateBuilder = certificateBuilder ?? throw new ArgumentNullException(nameof(certificateBuilder)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); }
static CertificateUtils() { if (!GeneralUtils.IsRunningOnMono()) { // We use the native builder on windows just because builder = new NativeCertificateBuilder(); } else { builder = new BCCertificateBuilder(); } }
public static ICertificateBuilder WithSubjectCommonName(this ICertificateBuilder builder, string commonName) { var subjectComponents = new Dictionary <DerObjectIdentifier, string> { { X509Name.CN, commonName } }; X509Name subject = GetX509Name(subjectComponents); builder.SetSubject(subject); return(builder); }
public GenerateDocumentFactory() { _certificateBuilder = new CertificateBuilder(); _contractBuilder = new ContractBuilder(); }