public static void GetCertificateUseCSR(CertificateGeneratorParam param)
{
if (param == null)
{
log.Info($" {nameof(param)} is null");
return;
}
var dnsIdentifier = DateTime.Now.ToString("yyyyMMddHHmmss");
var cp = CertificateProvider.GetProvider();
MemoryStream ms = new MemoryStream(Encoding.UTF8.GetBytes(param.csr));
var csr = cp.ImportCsr(EncodingFormat.PEM, ms);
ms.Dispose();
byte[] derRaw;
using (var bs = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, bs);
derRaw = bs.ToArray();
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
log.Info($"\nRequesting Certificate");
var certRequ = param.client.RequestCertificate(derB64u);
log.Info($" Request Status: {certRequ.StatusCode}");
if (certRequ.StatusCode == System.Net.HttpStatusCode.Created)
{
var csrPemFile = Path.Combine(param.path, $"{dnsIdentifier}-csr.pem");
var crtDerFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.der");
var crtPemFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.pem");
using (var fs = new FileStream(csrPemFile, FileMode.Create))
cp.ExportCsr(csr, EncodingFormat.PEM, fs);
log.Info($" Saving Certificate to {crtDerFile}");
using (var file = File.Create(crtDerFile))
certRequ.SaveCertificate(file);
Crt crt;
using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
target = new FileStream(crtPemFile, FileMode.Create))
{
crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.PEM, target);
}
cp.Dispose();
return;
}
throw new Exception($"Request status = {certRequ.StatusCode}");
}
public static void GetCertificateAutoGen(CertificateGeneratorParam param)
{
if (param == null)
{
log.Info($" {nameof(param)} is null");
return;
}
param.domains = param.domains.Where(o => o.valid).ToList();
if (param.domains.Count == 0)
{
log.Info($" can't find a valid domain name.");
return;
}
var dnsIdentifier = string.IsNullOrWhiteSpace(param.common_name) ? param.domains.FirstOrDefault().domain : param.common_name.Trim();
var cp = CertificateProvider.GetProvider();
var rsaPkp = new RsaPrivateKeyParams();
var rsaKeys = cp.GeneratePrivateKey(rsaPkp);
var csrDetails = new CsrDetails
{
CommonName = dnsIdentifier,
AlternativeNames = param.domains.Select(o => o.domain).ToList(),
};
var csrParams = new CsrParams
{
Details = csrDetails,
};
var csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256);
byte[] derRaw;
using (var bs = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, bs);
derRaw = bs.ToArray();
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
log.Info($"\nRequesting Certificate");
var certRequ = param.client.RequestCertificate(derB64u);
log.Info($" Request Status: {certRequ.StatusCode}");
//log.Info($"Refreshing Cert Request");
//client.RefreshCertificateRequest(certRequ);
if (certRequ.StatusCode == System.Net.HttpStatusCode.Created)
{
var keyGenFile = Path.Combine(param.path, $"{dnsIdentifier}-gen-key.json");
var keyPemFile = Path.Combine(param.path, $"{dnsIdentifier}-key.pem");
var csrGenFile = Path.Combine(param.path, $"{dnsIdentifier}-gen-csr.json");
var csrPemFile = Path.Combine(param.path, $"{dnsIdentifier}-csr.pem");
var crtDerFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.der");
var crtPemFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.pem");
string crtPfxFile = null;
crtPfxFile = Path.Combine(param.path, $"{dnsIdentifier}-all.pfx");
using (var fs = new FileStream(keyGenFile, FileMode.Create))
cp.SavePrivateKey(rsaKeys, fs);
using (var fs = new FileStream(keyPemFile, FileMode.Create))
cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
using (var fs = new FileStream(csrGenFile, FileMode.Create))
cp.SaveCsr(csr, fs);
using (var fs = new FileStream(csrPemFile, FileMode.Create))
cp.ExportCsr(csr, EncodingFormat.PEM, fs);
log.Info($" Saving Certificate to {crtDerFile}");
using (var file = File.Create(crtDerFile))
certRequ.SaveCertificate(file);
Crt crt;
using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
target = new FileStream(crtPemFile, FileMode.Create))
{
crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.PEM, target);
}
// To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate
var isuPemFile = GetIssuerCertificate(certRequ, cp, param.account);
log.Info($" Saving Certificate to {crtPfxFile} (with no password set)");
using (FileStream source = new FileStream(isuPemFile, FileMode.Open),
target = new FileStream(crtPfxFile, FileMode.Create))
{
var isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source);
cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target);
}
cp.Dispose();
return;
}
throw new Exception($"Request status = {certRequ.StatusCode}");
}
