public static void GetCertificateUseCSR(CertificateGeneratorParam param) { if (param == null) { log.Info($" {nameof(param)} is null"); return; } var dnsIdentifier = DateTime.Now.ToString("yyyyMMddHHmmss"); var cp = CertificateProvider.GetProvider(); MemoryStream ms = new MemoryStream(Encoding.UTF8.GetBytes(param.csr)); var csr = cp.ImportCsr(EncodingFormat.PEM, ms); ms.Dispose(); byte[] derRaw; using (var bs = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); log.Info($"\nRequesting Certificate"); var certRequ = param.client.RequestCertificate(derB64u); log.Info($" Request Status: {certRequ.StatusCode}"); if (certRequ.StatusCode == System.Net.HttpStatusCode.Created) { var csrPemFile = Path.Combine(param.path, $"{dnsIdentifier}-csr.pem"); var crtDerFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.der"); var crtPemFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.pem"); using (var fs = new FileStream(csrPemFile, FileMode.Create)) cp.ExportCsr(csr, EncodingFormat.PEM, fs); log.Info($" Saving Certificate to {crtDerFile}"); using (var file = File.Create(crtDerFile)) certRequ.SaveCertificate(file); Crt crt; using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.Create)) { crt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(crt, EncodingFormat.PEM, target); } cp.Dispose(); return; } throw new Exception($"Request status = {certRequ.StatusCode}"); }
public static void GetCertificateAutoGen(CertificateGeneratorParam param) { if (param == null) { log.Info($" {nameof(param)} is null"); return; } param.domains = param.domains.Where(o => o.valid).ToList(); if (param.domains.Count == 0) { log.Info($" can't find a valid domain name."); return; } var dnsIdentifier = string.IsNullOrWhiteSpace(param.common_name) ? param.domains.FirstOrDefault().domain : param.common_name.Trim(); var cp = CertificateProvider.GetProvider(); var rsaPkp = new RsaPrivateKeyParams(); var rsaKeys = cp.GeneratePrivateKey(rsaPkp); var csrDetails = new CsrDetails { CommonName = dnsIdentifier, AlternativeNames = param.domains.Select(o => o.domain).ToList(), }; var csrParams = new CsrParams { Details = csrDetails, }; var csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256); byte[] derRaw; using (var bs = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); log.Info($"\nRequesting Certificate"); var certRequ = param.client.RequestCertificate(derB64u); log.Info($" Request Status: {certRequ.StatusCode}"); //log.Info($"Refreshing Cert Request"); //client.RefreshCertificateRequest(certRequ); if (certRequ.StatusCode == System.Net.HttpStatusCode.Created) { var keyGenFile = Path.Combine(param.path, $"{dnsIdentifier}-gen-key.json"); var keyPemFile = Path.Combine(param.path, $"{dnsIdentifier}-key.pem"); var csrGenFile = Path.Combine(param.path, $"{dnsIdentifier}-gen-csr.json"); var csrPemFile = Path.Combine(param.path, $"{dnsIdentifier}-csr.pem"); var crtDerFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.der"); var crtPemFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.pem"); string crtPfxFile = null; crtPfxFile = Path.Combine(param.path, $"{dnsIdentifier}-all.pfx"); using (var fs = new FileStream(keyGenFile, FileMode.Create)) cp.SavePrivateKey(rsaKeys, fs); using (var fs = new FileStream(keyPemFile, FileMode.Create)) cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs); using (var fs = new FileStream(csrGenFile, FileMode.Create)) cp.SaveCsr(csr, fs); using (var fs = new FileStream(csrPemFile, FileMode.Create)) cp.ExportCsr(csr, EncodingFormat.PEM, fs); log.Info($" Saving Certificate to {crtDerFile}"); using (var file = File.Create(crtDerFile)) certRequ.SaveCertificate(file); Crt crt; using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.Create)) { crt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(crt, EncodingFormat.PEM, target); } // To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate var isuPemFile = GetIssuerCertificate(certRequ, cp, param.account); log.Info($" Saving Certificate to {crtPfxFile} (with no password set)"); using (FileStream source = new FileStream(isuPemFile, FileMode.Open), target = new FileStream(crtPfxFile, FileMode.Create)) { var isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source); cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target); } cp.Dispose(); return; } throw new Exception($"Request status = {certRequ.StatusCode}"); }