polishing

certmgr/CertGen/KeyUsage.cs

@@ -0,0 +1,37 @@
+using System.Security.Cryptography.X509Certificates;
+
+namespace CertMgr.CertGen;
+
+[Flags]
+public enum KeyUsage
+{
+    /// <summary>No key usage parameters.</summary>
+    None = X509KeyUsageFlags.None,
+
+    /// <summary>The key can be used for encryption only.</summary>
+    EncipherOnly = X509KeyUsageFlags.EncipherOnly,
+
+    /// <summary>The key can be used to sign a certificate revocation list (CRL).</summary>
+    CrlSign = X509KeyUsageFlags.CrlSign,
+
+    /// <summary>The key can be used to sign certificates.</summary>
+    KeyCertSign = X509KeyUsageFlags.KeyCertSign,
+
+    /// <summary>The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm.</summary>
+    KeyAgreement = X509KeyUsageFlags.KeyAgreement,
+
+    /// <summary>The key can be used for data encryption.</summary>
+    DataEncipherment = X509KeyUsageFlags.DataEncipherment,
+
+    /// <summary>The key can be used for key encryption.</summary>
+    KeyEncipherment = X509KeyUsageFlags.KeyEncipherment,
+
+    /// <summary>The key can be used for authentication.</summary>
+    NonRepudiation = X509KeyUsageFlags.NonRepudiation,
+
+    /// <summary>The key can be used as a digital signature.</summary>
+    DigitalSignature = X509KeyUsageFlags.DigitalSignature,
+
+    /// <summary>The key can be used for decryption only.</summary>
+    DecipherOnly = X509KeyUsageFlags.DecipherOnly
+}

certmgr/Jobs/CertificateSettings.cs

@@ -31,6 +31,12 @@ public sealed class CertificateSettings : JobSettings
     [Setting("subject-alternate-name", AlternateNames = ["san"], Validator = typeof(SubjectAlternateNamesValidator))]
     public IReadOnlyCollection<string>? SubjectAlternateNames { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
 
+    [Setting("friendly-name")]
+    public string? FriendlyName { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
+
+    [Setting("key-usage", Default = CertGen.KeyUsage.None, Converter = typeof(EnumConverter))]
+    public KeyUsage? KeyUsage { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
+
     [Setting("algorithm", Default = CertificateAlgorithm.ECDsa, Converter = typeof(EnumConverter))]
     public CertificateAlgorithm? Algorithm { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
 

certmgr/Jobs/CreateCertificateJob.cs

@@ -38,7 +38,6 @@ public sealed class CreateCertificateJob : Job<CertificateSettings>
                         throw new JobException(writeResult.Exception, "Failed to write create certificate to target storage (type = '{0}', storage = '{1}')", Settings.Storage.GetType().ToString(false), Settings.Storage.ToString());
                     }
                 }
-
             }
         }
 
@@ -70,15 +69,19 @@ public sealed class CreateCertificateJob : Job<CertificateSettings>
 
         CertGen.CertificateSettings cgcs = new CertGen.CertificateSettings();
 
-        X509KeyStorageFlags flags = X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
+        cgcs.SubjectName = Settings.Subject;
         cgcs.ValidityPeriod = Settings.ValidityPeriod.HasValue ? Settings.ValidityPeriod.Value : TimeSpan.FromDays(365);
-        cgcs.FriendlyName = "I'm your friend";
+        cgcs.FriendlyName = Settings.FriendlyName;
+        cgcs.IsCertificateAuthority = Settings.IsCertificateAuthority;
+        cgcs.KeyUsage = (X509KeyUsageFlags)(Settings.KeyUsage.HasValue ? Settings.KeyUsage.Value : KeyUsage.None);
         if (Settings.Issuer != null)
         {
             try
             {
                 using (MemoryStream ms = new MemoryStream())
                 {
+                    // X509KeyStorageFlags flags = X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
+                    X509KeyStorageFlags flags = X509KeyStorageFlags.DefaultKeySet;
                     await Settings.Issuer.ReadAsync(ms, cancellationToken).ConfigureAwait(false);
                     cgcs.Issuer = X509CertificateLoader.LoadPkcs12(ms.GetBuffer(), Settings.IssuerPassword, flags);
                 }
@@ -88,7 +91,6 @@ public sealed class CreateCertificateJob : Job<CertificateSettings>
                 throw new CertGenException(e, "Failed to load issuer's certificate");
             }
         }
-        cgcs.SubjectName = Settings.Subject;
         if (Settings.SubjectAlternateNames != null)
         {
             foreach (string altName in Settings.SubjectAlternateNames)