protected override void CompleteWizard()
{
X509Name subjectName = new X509Name(_existing.Subject);
// Generate the private/public keypair
var keyPair = DotNetUtilities.GetKeyPair(_existing.PrivateKey);
// Generate the CSR
Asn1Set attributes = new DerSet(
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.13.2.3"),
new DerSet(new DerIA5String(Environment.OSVersion.Version.ToString()))),
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.21.20"),
new DerSet(
new DerSequence(
new DerInteger(5),
new DerUtf8String(Environment.MachineName),
new DerUtf8String(Environment.UserName),
new DerUtf8String("JexusManager.exe")))),
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.13.2.2"),
new DerSet(
new DerSequence(
new DerInteger(1),
new DerBmpString("Microsoft RSA SChannel Cryptographic Provider"),
new DerBitString(new byte[0])))),
new DerSequence(
new DerObjectIdentifier("1.2.840.113549.1.9.14"),
new DerSet(
new DerSequence(
new DerSequence(
new DerObjectIdentifier("2.5.29.15"),
new DerBoolean(new byte[] { 0x01 }),
new DerOctetString(new byte[] { 0x03, 0x02, 0x04, 0xF0 })),
new DerSequence(
new DerObjectIdentifier("2.5.29.37"),
new DerOctetString(new byte[]
{
0x30, 0x0a, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05,
0x05, 0x07, 0x03, 0x01
})),
new DerSequence(
new DerObjectIdentifier("1.2.840.113549.1.9.15"),
new DerOctetString(new byte[]
{
0x30, 0x69, 0x30, 0x0e,
0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d,
0x03, 0x02, 0x02, 0x02,
0x00, 0x80, 0x30, 0x0e,
0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d,
0x03, 0x04, 0x02, 0x02,
0x00, 0x80, 0x30, 0x0b,
0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03,
0x04, 0x01, 0x2a, 0x30,
0x0b, 0x06, 0x09, 0x60,
0x86, 0x48, 0x01, 0x65,
0x03, 0x04, 0x01, 0x2d,
0x30, 0x0b, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x01,
0x02, 0x30, 0x0b, 0x06,
0x09, 0x60, 0x86, 0x48,
0x01, 0x65, 0x03, 0x04,
0x01, 0x05, 0x30, 0x07,
0x06, 0x05, 0x2b, 0x0e,
0x03, 0x02, 0x07, 0x30,
0x0a, 0x06, 0x08, 0x2a,
0x86, 0x48, 0x86, 0xf7,
0x0d, 0x03, 0x07
})),
new DerSequence(
new DerObjectIdentifier("2.5.29.14"),
new DerOctetString(new byte[]
{
0x04, 0x14, 0xaa, 0x25,
0xd9, 0xa2, 0x39, 0x7e,
0x49, 0xd2, 0x94, 0x85,
0x7e, 0x82, 0xa8, 0x8f,
0x3b, 0x20, 0xf1, 0x4e, 0x65, 0xe5
}))))));
var signing = new Asn1SignatureFactory("SHA256withRSA", keyPair.Private);
Pkcs10CertificationRequest kpGen = new Pkcs10CertificationRequest(signing, subjectName, keyPair.Public, attributes, keyPair.Private);
using (var stream = new StreamWriter(_wizardData.FileName))
{
stream.WriteLine(_wizardData.UseIisStyle ? "-----BEGIN NEW CERTIFICATE REQUEST-----" : "-----BEGIN CERTIFICATE REQUEST-----");
stream.WriteLine(Convert.ToBase64String(kpGen.GetDerEncoded(), Base64FormattingOptions.InsertLineBreaks));
stream.WriteLine(_wizardData.UseIisStyle ? "-----END NEW CERTIFICATE REQUEST-----" : "-----END CERTIFICATE REQUEST-----");
}
var key = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private);
PrivateKey pvk = new PrivateKey();
pvk.RSA = new RSACryptoServiceProvider();
pvk.RSA.ImportParameters(key);
pvk.Save(DialogHelper.GetPrivateKeyFile(_existing.Subject));
}
public void Save_Null()
{
PrivateKey pvk = new PrivateKey();
pvk.Save(null, "mono");
}
protected override void CompleteWizard()
{
// Generate the CSR
X509Name subjectName =
new X509Name(string.Format("C={0},ST={1},L={2},O={3},OU={4},CN={5}",
_wizardData.Country,
_wizardData.State,
_wizardData.City,
_wizardData.Organization,
_wizardData.Unit,
_wizardData.CommonName));
// Generate the private/public keypair
RsaKeyPairGenerator kpgen = new RsaKeyPairGenerator();
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(randomGenerator), _wizardData.Length));
AsymmetricCipherKeyPair keyPair = kpgen.GenerateKeyPair();
// Generate the CSR
Asn1Set attributes = new DerSet(
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.13.2.3"),
new DerSet(new DerIA5String(Environment.OSVersion.Version.ToString()))),
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.21.20"),
new DerSet(
new DerSequence(
new DerInteger(5),
new DerUtf8String(Environment.MachineName),
new DerUtf8String(Environment.UserName),
new DerUtf8String("JexusManager.exe")))),
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.13.2.2"),
new DerSet(
new DerSequence(
new DerInteger(1),
new DerBmpString("Microsoft RSA SChannel Cryptographic Provider"),
new DerBitString(new byte[0])))),
new DerSequence(
new DerObjectIdentifier("1.2.840.113549.1.9.14"),
new DerSet(
new DerSequence(
new DerSequence(
new DerObjectIdentifier("2.5.29.15"),
new DerBoolean(new byte[] { 0x01 }),
new DerOctetString(new byte[] { 0x03, 0x02, 0x04, 0xF0 })),
new DerSequence(
new DerObjectIdentifier("2.5.29.37"),
new DerOctetString(new byte[]
{
0x30, 0x0a, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05,
0x05, 0x07, 0x03, 0x01
})),
new DerSequence(
new DerObjectIdentifier("1.2.840.113549.1.9.15"),
new DerOctetString(new byte[]
{
0x30, 0x69, 0x30, 0x0e,
0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d,
0x03, 0x02, 0x02, 0x02,
0x00, 0x80, 0x30, 0x0e,
0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d,
0x03, 0x04, 0x02, 0x02,
0x00, 0x80, 0x30, 0x0b,
0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03,
0x04, 0x01, 0x2a, 0x30,
0x0b, 0x06, 0x09, 0x60,
0x86, 0x48, 0x01, 0x65,
0x03, 0x04, 0x01, 0x2d,
0x30, 0x0b, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x01,
0x02, 0x30, 0x0b, 0x06,
0x09, 0x60, 0x86, 0x48,
0x01, 0x65, 0x03, 0x04,
0x01, 0x05, 0x30, 0x07,
0x06, 0x05, 0x2b, 0x0e,
0x03, 0x02, 0x07, 0x30,
0x0a, 0x06, 0x08, 0x2a,
0x86, 0x48, 0x86, 0xf7,
0x0d, 0x03, 0x07
})),
new DerSequence(
new DerObjectIdentifier("2.5.29.14"),
new DerOctetString(new byte[]
{
0x04, 0x14, 0xaa, 0x25,
0xd9, 0xa2, 0x39, 0x7e,
0x49, 0xd2, 0x94, 0x85,
0x7e, 0x82, 0xa8, 0x8f,
0x3b, 0x20, 0xf1, 0x4e, 0x65, 0xe5
}))))));
var signing = new Asn1SignatureFactory("SHA256withRSA", keyPair.Private);
Pkcs10CertificationRequest kpGen = new Pkcs10CertificationRequest(signing, subjectName, keyPair.Public, attributes, keyPair.Private);
using (var stream = new StreamWriter(_wizardData.FileName))
{
stream.WriteLine(_wizardData.UseIisStyle ? "-----BEGIN NEW CERTIFICATE REQUEST-----" : "-----BEGIN CERTIFICATE REQUEST-----");
stream.WriteLine(Convert.ToBase64String(kpGen.GetDerEncoded(), Base64FormattingOptions.InsertLineBreaks));
stream.WriteLine(_wizardData.UseIisStyle ? "-----END NEW CERTIFICATE REQUEST-----" : "-----END CERTIFICATE REQUEST-----");
}
var key = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private);
PrivateKey pvk = new PrivateKey();
pvk.RSA = new RSACryptoServiceProvider();
pvk.RSA.ImportParameters(key);
var file = DialogHelper.GetPrivateKeyFile(subjectName.ToString());
var folder = Path.GetDirectoryName(file);
if (!Directory.Exists(folder))
{
Directory.CreateDirectory(folder);
}
pvk.Save(file);
}
static int Main(string[] args)
{
if (args.Length < 1)
{
Header();
Console.WriteLine("ERROR: Missing output filename {0}", Environment.NewLine);
Help();
return(-1);
}
string fileName = args [args.Length - 1];
// default values
byte[] sn = Guid.NewGuid().ToByteArray();
string subject = defaultSubject;
string issuer = defaultIssuer;
DateTime notBefore = DateTime.Now;
DateTime notAfter = new DateTime(643445675990000000); // 12/31/2039 23:59:59Z
RSA issuerKey = (RSA)RSA.Create();
issuerKey.FromXmlString(MonoTestRootAgency);
RSA subjectKey = (RSA)RSA.Create();
bool selfSigned = false;
string hashName = "SHA1";
CspParameters subjectParams = new CspParameters();
CspParameters issuerParams = new CspParameters();
BasicConstraintsExtension bce = null;
ExtendedKeyUsageExtension eku = null;
string p12file = null;
string p12pwd = null;
X509Certificate issuerCertificate = null;
Header();
try {
int i = 0;
while (i < args.Length)
{
switch (args [i++])
{
// Basic options
case "-#":
// Serial Number
sn = BitConverter.GetBytes(Convert.ToInt32(args [i++]));
break;
case "-n":
// Subject Distinguish Name
subject = args [i++];
break;
case "-$":
// (authenticode) commercial or individual
// CRITICAL KeyUsageRestriction extension
// hash algorithm
string usageRestriction = args [i++].ToLower();
switch (usageRestriction)
{
case "commercial":
case "individual":
Console.WriteLine("WARNING: Unsupported deprecated certification extension KeyUsageRestriction not included");
// Console.WriteLine ("WARNING: ExtendedKeyUsage for codesigning has been included.");
break;
default:
Console.WriteLine("Unsupported restriction " + usageRestriction);
return(-1);
}
break;
// Extended Options
case "-a":
// hash algorithm
switch (args [i++].ToLower())
{
case "sha1":
hashName = "SHA1";
break;
case "md5":
Console.WriteLine("WARNING: MD5 is no more safe for this usage.");
hashName = "MD5";
break;
default:
Console.WriteLine("Unsupported hash algorithm");
break;
}
break;
case "-b":
// Validity / notBefore
notBefore = DateTime.Parse(args [i++] + " 23:59:59", CultureInfo.InvariantCulture);
break;
case "-cy":
// basic constraints - autority or end-entity
switch (args [i++].ToLower())
{
case "authority":
if (bce == null)
{
bce = new BasicConstraintsExtension();
}
bce.CertificateAuthority = true;
break;
case "end":
// do not include extension
bce = null;
break;
case "both":
Console.WriteLine("ERROR: No more supported in X.509");
return(-1);
default:
Console.WriteLine("Unsupported certificate type");
return(-1);
}
break;
case "-d":
// CN private extension ?
Console.WriteLine("Unsupported option");
break;
case "-e":
// Validity / notAfter
notAfter = DateTime.Parse(args [i++] + " 23:59:59", CultureInfo.InvariantCulture);
break;
case "-eku":
// extendedKeyUsage extension
char[] sep = { ',' };
string[] purposes = args [i++].Split(sep);
if (eku == null)
{
eku = new ExtendedKeyUsageExtension();
}
foreach (string purpose in purposes)
{
eku.KeyPurpose.Add(purpose);
}
break;
case "-h":
// pathLength (basicConstraints)
// MS use an old basicConstrains (2.5.29.10) which
// allows both CA and End-Entity. This is no
// more supported with 2.5.29.19.
if (bce == null)
{
bce = new BasicConstraintsExtension();
bce.CertificateAuthority = true;
}
bce.PathLenConstraint = Convert.ToInt32(args [i++]);
break;
case "-ic":
issuerCertificate = LoadCertificate(args [i++]);
issuer = issuerCertificate.SubjectName;
break;
case "-in":
issuer = args [i++];
break;
case "-iv":
// TODO password
PrivateKey pvk = PrivateKey.CreateFromFile(args [i++]);
issuerKey = pvk.RSA;
break;
case "-l":
// link (URL)
// spcSpAgencyInfo private extension
Console.WriteLine("Unsupported option");
break;
case "-m":
// validity period (in months)
notAfter = notBefore.AddMonths(Convert.ToInt32(args [i++]));
break;
case "-nscp":
// Netscape's private extensions - NetscapeCertType
// BasicContraints - End Entity
Console.WriteLine("Unsupported option");
break;
case "-r":
selfSigned = true;
break;
case "-sc":
// subject certificate ? renew ?
Console.WriteLine("Unsupported option");
break;
// Issuer CspParameters options
case "-ik":
issuerParams.KeyContainerName = args [i++];
break;
case "-iky":
// select a key in the provider
string ikn = args [i++].ToLower();
switch (ikn)
{
case "signature":
issuerParams.KeyNumber = 0;
break;
case "exchange":
issuerParams.KeyNumber = 1;
break;
default:
issuerParams.KeyNumber = Convert.ToInt32(ikn);
break;
}
break;
case "-ip":
issuerParams.ProviderName = args [i++];
break;
case "-ir":
switch (args [i++].ToLower())
{
case "localmachine":
issuerParams.Flags = CspProviderFlags.UseMachineKeyStore;
break;
case "currentuser":
issuerParams.Flags = CspProviderFlags.UseDefaultKeyContainer;
break;
default:
Console.WriteLine("Unknown key store for issuer");
return(-1);
}
break;
case "-is":
Console.WriteLine("Unsupported option");
return(-1);
case "-iy":
issuerParams.ProviderType = Convert.ToInt32(args [i++]);
break;
// Subject CspParameters Options
case "-sk":
subjectParams.KeyContainerName = args [i++];
break;
case "-sky":
// select a key in the provider
string skn = args [i++].ToLower();
switch (skn)
{
case "signature":
subjectParams.KeyNumber = 0;
break;
case "exchange":
subjectParams.KeyNumber = 1;
break;
default:
subjectParams.KeyNumber = Convert.ToInt32(skn);
break;
}
break;
case "-sp":
subjectParams.ProviderName = args [i++];
break;
case "-sr":
switch (args [i++].ToLower())
{
case "localmachine":
subjectParams.Flags = CspProviderFlags.UseMachineKeyStore;
break;
case "currentuser":
subjectParams.Flags = CspProviderFlags.UseDefaultKeyContainer;
break;
default:
Console.WriteLine("Unknown key store for subject");
return(-1);
}
break;
case "-ss":
Console.WriteLine("Unsupported option");
return(-1);
case "-sv":
string pvkFile = args [i++];
if (File.Exists(pvkFile))
{
PrivateKey key = PrivateKey.CreateFromFile(pvkFile);
subjectKey = key.RSA;
}
else
{
PrivateKey key = new PrivateKey();
key.RSA = subjectKey;
key.Save(pvkFile);
}
break;
case "-sy":
subjectParams.ProviderType = Convert.ToInt32(args [i++]);
break;
// Mono Specific Options
case "-p12":
p12file = args [i++];
p12pwd = args [i++];
break;
// Other options
case "-?":
Help();
return(0);
case "-!":
ExtendedHelp();
return(0);
default:
if (i != args.Length)
{
Console.WriteLine("ERROR: Unknown parameter");
Help();
return(-1);
}
break;
}
}
// serial number MUST be positive
if ((sn [0] & 0x80) == 0x80)
{
sn [0] -= 0x80;
}
if (selfSigned)
{
if (subject != defaultSubject)
{
issuer = subject;
issuerKey = subjectKey;
}
else
{
subject = issuer;
subjectKey = issuerKey;
}
}
if (subject == null)
{
throw new Exception("Missing Subject Name");
}
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = sn;
cb.IssuerName = issuer;
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = subject;
cb.SubjectPublicKey = subjectKey;
// extensions
if (bce != null)
{
cb.Extensions.Add(bce);
}
if (eku != null)
{
cb.Extensions.Add(eku);
}
// signature
cb.Hash = hashName;
byte[] rawcert = cb.Sign(issuerKey);
if (p12file == null)
{
WriteCertificate(fileName, rawcert);
}
else
{
PKCS12 p12 = new PKCS12();
p12.Password = p12pwd;
ArrayList list = new ArrayList();
// we use a fixed array to avoid endianess issues
// (in case some tools requires the ID to be 1).
list.Add(new byte [4] {
1, 0, 0, 0
});
Hashtable attributes = new Hashtable(1);
attributes.Add(PKCS9.localKeyId, list);
p12.AddCertificate(new X509Certificate(rawcert), attributes);
if (issuerCertificate != null)
{
p12.AddCertificate(issuerCertificate);
}
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
p12.SaveToFile(p12file);
}
Console.WriteLine("Success");
return(0);
}
catch (Exception e) {
Console.WriteLine("ERROR: " + e.ToString());
Help();
}
return(1);
}
static void Main(string[] args)
{
var assembly = Assembly.GetExecutingAssembly();
var title = (AssemblyTitleAttribute)Attribute.GetCustomAttribute(assembly, typeof(AssemblyTitleAttribute));
Console.WriteLine("{0} version {1}", title.Title, assembly.GetName().Version);
var copyright = (AssemblyCopyrightAttribute)Attribute.GetCustomAttribute(assembly, typeof(AssemblyCopyrightAttribute));
Console.WriteLine(copyright.Copyright);
Console.WriteLine("More information can be found at https://Jexus.codeplex.com");
Console.WriteLine();
var baseAddress = args.Length > 0 ? args[0] : "https://*****:*****@"Remote services must be run as root on Linux.");
return;
}
if (!File.Exists("jws"))
{
Console.WriteLine(@"Remote services must be running in Jexus installation folder.");
return;
}
var loc = baseAddress.LastIndexOf(':');
var port = "443";
if (loc != -1)
{
port = baseAddress.Substring(loc + 1);
}
string dirname = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
string path = Path.Combine(dirname, ".mono", "httplistener");
if (false == Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
string target_cert = Path.Combine(path, string.Format("{0}.cer", port));
if (File.Exists(target_cert))
{
Console.WriteLine("Use {0}", target_cert);
}
else
{
Console.WriteLine("Generating a self-signed certificate for Jexus Manager");
// Generate certificate
string defaultIssuer = "CN=jexus.lextudio.com";
string defaultSubject = "CN=jexus.lextudio.com";
byte[] sn = Guid.NewGuid().ToByteArray();
string subject = defaultSubject;
string issuer = defaultIssuer;
DateTime notBefore = DateTime.Now;
DateTime notAfter = new DateTime(643445675990000000); // 12/31/2039 23:59:59Z
RSA issuerKey = new RSACryptoServiceProvider(2048);
RSA subjectKey = null;
bool selfSigned = true;
string hashName = "SHA1";
CspParameters subjectParams = new CspParameters();
CspParameters issuerParams = new CspParameters();
BasicConstraintsExtension bce = new BasicConstraintsExtension
{
PathLenConstraint = BasicConstraintsExtension.NoPathLengthConstraint,
CertificateAuthority = true
};
ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension();
eku.KeyPurpose.Add("1.3.6.1.5.5.7.3.1");
SubjectAltNameExtension alt = null;
string p12file = Path.Combine(path, "temp.pfx");
string p12pwd = "test";
// serial number MUST be positive
if ((sn[0] & 0x80) == 0x80)
{
sn[0] -= 0x80;
}
if (selfSigned)
{
if (subject != defaultSubject)
{
issuer = subject;
issuerKey = subjectKey;
}
else
{
subject = issuer;
subjectKey = issuerKey;
}
}
if (subject == null)
{
throw new Exception("Missing Subject Name");
}
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = sn;
cb.IssuerName = issuer;
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = subject;
cb.SubjectPublicKey = subjectKey;
// extensions
if (bce != null)
{
cb.Extensions.Add(bce);
}
if (eku != null)
{
cb.Extensions.Add(eku);
}
if (alt != null)
{
cb.Extensions.Add(alt);
}
IDigest digest = new Sha1Digest();
byte[] resBuf = new byte[digest.GetDigestSize()];
var spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(DotNetUtilities.GetRsaPublicKey(issuerKey));
byte[] bytes = spki.PublicKeyData.GetBytes();
digest.BlockUpdate(bytes, 0, bytes.Length);
digest.DoFinal(resBuf, 0);
cb.Extensions.Add(new SubjectKeyIdentifierExtension {
Identifier = resBuf
});
cb.Extensions.Add(new AuthorityKeyIdentifierExtension {
Identifier = resBuf
});
// signature
cb.Hash = hashName;
byte[] rawcert = cb.Sign(issuerKey);
PKCS12 p12 = new PKCS12();
p12.Password = p12pwd;
ArrayList list = new ArrayList();
// we use a fixed array to avoid endianess issues
// (in case some tools requires the ID to be 1).
list.Add(new byte[4] {
1, 0, 0, 0
});
Hashtable attributes = new Hashtable(1);
attributes.Add(PKCS9.localKeyId, list);
p12.AddCertificate(new Mono.Security.X509.X509Certificate(rawcert), attributes);
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
p12.SaveToFile(p12file);
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(p12file, p12pwd, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable);
// Install certificate
string target_pvk = Path.Combine(path, string.Format("{0}.pvk", port));
using (Stream cer = File.OpenWrite(target_cert))
{
byte[] raw = x509.RawData;
cer.Write(raw, 0, raw.Length);
}
PrivateKey pvk = new PrivateKey();
pvk.RSA = subjectKey;
pvk.Save(target_pvk);
}
}
JexusServer.Credentials = args.Length > 2 ? args[1] + "|" + args[2] : "jexus|lextudio.com";
JexusServer.Timeout = args.Length > 3 ? double.Parse(args[3]) : 30D;
using (WebApp.Start <Startup>(url: baseAddress))
{
Console.WriteLine("Remote services have started at {0}.", baseAddress);
Console.WriteLine("Credentials is {0}", JexusServer.Credentials);
Console.WriteLine("Press Enter to quit.");
Console.ReadLine();
}
}
// TODO : cleanup and reorganization, as the code below is a almost a direct copypaste from Mono project's Makecert tool.
internal /* byte[]*/ PKCS12 GenerateCertificate(/*string[] args,*/ bool isHubRootCA, bool isHubCert, string subjectName, string[] alternateDnsNames)
{
if (isHubRootCA && isHubCert)
{
throw new Exception("incompatible options isHubRootCA & isHubCert");
}
Logger.Append("HUBRN", Severity.INFO, "Asked to create " + ((isHubCert)?"hub certificate, ":"") + ((isHubRootCA)?"root CA, ":"") + ((!isHubCert && !isHubRootCA)?" node certificate for '" + subjectName + "'":""));
string rootKey = ConfigurationManager.AppSettings["Security.CAKey"];
string rootCert = ConfigurationManager.AppSettings["Security.CACertificate"];
byte[] sn = Guid.NewGuid().ToByteArray();
string issuer = defaultIssuer;
DateTime notBefore = DateTime.Now;
DateTime notAfter = DateTime.Now.AddYears(5);
RSA issuerKey = (RSA)RSA.Create();
//issuerKey.FromXmlString(MonoTestRootAgency);
RSA subjectKey = (RSA)RSA.Create();
bool selfSigned = isHubRootCA;
string hashName = "SHA1";
BasicConstraintsExtension bce = null;
ExtendedKeyUsageExtension eku = null;
SubjectAltNameExtension alt = null;
string p12pwd = null;
X509Certificate issuerCertificate = null;
try{
if (subjectName == null)
{
throw new Exception("Missing Subject Name");
}
if (!subjectName.ToLower().StartsWith("cn="))
{
subjectName = "CN=" + subjectName;
}
/*if (alternateDnsNames != null){
* alt = new SubjectAltNameExtension(null, alternateDnsNames, null, null);
* }*/
if (!isHubRootCA)
{
issuerCertificate = LoadCertificate(rootCert);
issuer = issuerCertificate.SubjectName;
//case "-iv":
// TODO password
PrivateKey pvk = PrivateKey.CreateFromFile(rootKey);
issuerKey = pvk.RSA;
}
// Issuer CspParameters options
if (isHubRootCA)
{
//subjectName = defaultSubject;
string pvkFile = rootKey;
if (File.Exists(pvkFile)) // CA key already exists, reuse
{
PrivateKey key = PrivateKey.CreateFromFile(pvkFile);
subjectKey = key.RSA;
}
else
{
PrivateKey key = new PrivateKey();
key.RSA = subjectKey;
key.Save(pvkFile);
// save 'the Mother Of All Keys'
//WriteHubMotherCert(issuerKey.ToXmlString(true));
}
}
else
{
p12pwd = "";
}
// serial number MUST be positive
if ((sn [0] & 0x80) == 0x80)
{
sn [0] -= 0x80;
}
if (selfSigned)
{
if (subjectName != defaultSubject)
{
issuer = subjectName;
issuerKey = subjectKey;
//issuerKey = Hub.MotherKey;
}
else
{
subjectName = issuer;
subjectKey = issuerKey;
}
}
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = sn;
cb.IssuerName = issuer;
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = subjectName;
cb.SubjectPublicKey = subjectKey;
// extensions
if (bce != null)
{
cb.Extensions.Add(bce);
}
if (eku != null)
{
cb.Extensions.Add(eku);
}
if (alt != null)
{
cb.Extensions.Add(alt);
}
// signature
cb.Hash = hashName;
byte[] rawcert = cb.Sign(issuerKey);
if (isHubRootCA) // Hub CA
{
WriteCACertificate(rawcert);
}
else
{
PKCS12 p12 = new PKCS12();
p12.Password = p12pwd;
ArrayList list = new ArrayList();
// we use a fixed array to avoid endianess issues
// (in case some tools requires the ID to be 1).
list.Add(new byte [4] {
1, 0, 0, 0
});
Hashtable attributes = new Hashtable(1);
attributes.Add(PKCS9.localKeyId, list);
p12.AddCertificate(new X509Certificate(rawcert), attributes);
if (issuerCertificate != null)
{
p12.AddCertificate(issuerCertificate);
}
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
/*var x509cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2();
* x509cert2.Import(p12.GetBytes(), "",
* System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet| System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable );
* return x509cert2;*/
//return p12.GetBytes();
return(p12);
}
Logger.Append("HUBRN", Severity.INFO, "Created requested key/cert for '" + subjectName + "'.");
}
catch (Exception e) {
Logger.Append("HUBRN", Severity.ERROR, "Error generating certificate for '" + subjectName + "' : " + e.ToString());
}
return(null);
}
