-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAuth.cs
138 lines (117 loc) · 4.93 KB
/
Auth.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
using RGiesecke.DllExport;
namespace CertificateGen
{
public static class Auth
{
[ComVisible(true)]
[DllExport]
public static AsymmetricCipherKeyPair GetKeyPair(X509Certificate2 cert)
{
return DotNetUtilities.GetKeyPair(cert.PrivateKey);
}
[ComVisible(true)]
[DllExport]
public static string ConvertKeyToPem(AsymmetricCipherKeyPair key)
{
TextWriter textWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(key.Private);
pemWriter.Writer.Flush();
return textWriter.ToString();
}
[ComVisible(true)]
[DllExport]
public static string ConvertCertToPem(X509Certificate2 cert)
{
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
return builder.ToString();
}
/// <summary>
/// Creates a self-signed certificate and adds to third-party certificate authorities. Valid for one year. Renews if expired. Use overload to set expiration date manually."/>
/// </summary>
/// <param name="subjectName"></param>
/// <param name="store"></param>
/// <param name="subjectAlternativeNames"></param>
/// <param name="usages"></param>
/// <returns></returns>
[ComVisible(true)]
[DllExport]
public static X509Certificate2 GetOrCreateCertificate(string subjectName, X509Store store, string[] subjectAlternativeNames = null, KeyPurposeID[] usages = null)
{
return GetOrCreateCertificate(subjectName, DateTime.Now.AddYears(1), true, store, subjectAlternativeNames, usages);
}
/// <summary>
/// Creates a self-signed certificate and adds to third-party certificate authorities.
/// </summary>
/// <param name="subjectName"></param>
/// <param name="expirationDate"></param>
/// <param name="renew"></param>
/// <param name="store"></param>
/// <param name="subjectAlternativeNames"></param>
/// <param name="usages"></param>
/// <returns></returns>
[ComVisible(true)]
[DllExport]
public static X509Certificate2 GetOrCreateCertificate(string subjectName, DateTime expirationDate, bool renew, X509Store store, string[] subjectAlternativeNames = null, KeyPurposeID[] usages = null)
{
if (GetCertificate(store, subjectName) is X509Certificate2 foundCert)
{
if (IsExpired(foundCert) && renew)
{
CertStore.DeleteCertificateFromStore(store, foundCert);
}
else
{
return foundCert;
}
}
return CreateCertificate(subjectName, expirationDate, store, subjectAlternativeNames, usages);
}
[ComVisible(true)]
[DllExport]
public static X509Certificate2 CreateCertificate(string subjectName, DateTime expirationDate, X509Store store,
string[] subjectAlternativeNames, KeyPurposeID[] usages)
{
if (expirationDate < DateTime.Now)
{
throw new ArgumentOutOfRangeException(nameof(expirationDate), "Expiration date must be after current time.");
}
subjectAlternativeNames ??= Array.Empty<string>();
usages ??= new[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth, };
string serverCertName = $"CN={subjectName}";
X509Certificate2 caCert =
Certification.CreateCertificateAuthorityCertificate(serverCertName, expirationDate, subjectAlternativeNames,
usages);
caCert.FriendlyName = subjectName;
CertStore.AddCertificateToStore(store, caCert);
return caCert;
}
[ComVisible(true)]
[DllExport]
public static X509Certificate2 GetCertificate(X509Store store, string subjectName)
{
string serverCertName = $"CN={subjectName}";
if (CertStore.GetCertificateFromStore(store, serverCertName) is X509Certificate2 certificate)
{
return certificate;
}
return null;
}
private static bool IsExpired(X509Certificate2 cert)
{
return cert.NotAfter < DateTime.Now.ToUniversalTime();
}
}
}