jellyfin/MediaBrowser.Server.Startup.Common/Cryptography/PfxGenerator.cs

76 lines
2.3 KiB
C#
Raw Normal View History

2016-11-10 14:41:24 +00:00
using System;
using System.Collections;
using System.Security.Cryptography;
namespace Emby.Common.Implementations.Security
{
public class PFXGenerator
{
// http://www.freekpaans.nl/2015/04/creating-self-signed-x-509-certificates-using-mono-security/
public static byte[] GeneratePfx(string certificateName, string password)
{
byte[] sn = GenerateSerialNumber();
string subject = string.Format("CN={0}", certificateName);
DateTime notBefore = DateTime.Now;
DateTime notAfter = DateTime.Now.AddYears(20);
RSA subjectKey = new RSACryptoServiceProvider(2048);
string hashName = "SHA256";
X509CertificateBuilder cb = new X509CertificateBuilder(3);
cb.SerialNumber = sn;
cb.IssuerName = subject;
cb.NotBefore = notBefore;
cb.NotAfter = notAfter;
cb.SubjectName = subject;
cb.SubjectPublicKey = subjectKey;
cb.Hash = hashName;
byte[] rawcert = cb.Sign(subjectKey);
PKCS12 p12 = new PKCS12();
p12.Password = password;
Hashtable attributes = GetAttributes();
p12.AddCertificate(new X509Certificate(rawcert), attributes);
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
return p12.GetBytes();
}
private static Hashtable GetAttributes()
{
ArrayList list = new ArrayList();
// we use a fixed array to avoid endianess issues
// (in case some tools requires the ID to be 1).
list.Add(new byte[4] { 1, 0, 0, 0 });
Hashtable attributes = new Hashtable(1);
attributes.Add(PKCS9.localKeyId, list);
return attributes;
}
private static byte[] GenerateSerialNumber()
{
byte[] sn = Guid.NewGuid().ToByteArray();
//must be positive
if ((sn[0] & 0x80) == 0x80)
sn[0] -= 0x80;
return sn;
}
public static byte[] GetCertificateForBytes(byte[] pfx, string password)
{
var pkcs = new PKCS12(pfx, password);
var cert = pkcs.GetCertificate(GetAttributes());
return cert.RawData;
}
}
}