grim/certmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

polishing

Browse Source
This commit is contained in:
grim
2025-10-25 09:59:25 +02:00
parent bc392f9d7c
commit b45a65dfa0
3 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
certmgr/CertGen/KeyUsage.cs Normal file
View File

@@ -0,0 +1,37 @@
using System.Security.Cryptography.X509Certificates;
namespace CertMgr.CertGen;
[Flags]
public enum KeyUsage
{
/// <summary>No key usage parameters.</summary>
None = X509KeyUsageFlags.None,
/// <summary>The key can be used for encryption only.</summary>
EncipherOnly = X509KeyUsageFlags.EncipherOnly,
/// <summary>The key can be used to sign a certificate revocation list (CRL).</summary>
CrlSign = X509KeyUsageFlags.CrlSign,
/// <summary>The key can be used to sign certificates.</summary>
KeyCertSign = X509KeyUsageFlags.KeyCertSign,
/// <summary>The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm.</summary>
KeyAgreement = X509KeyUsageFlags.KeyAgreement,
/// <summary>The key can be used for data encryption.</summary>
DataEncipherment = X509KeyUsageFlags.DataEncipherment,
/// <summary>The key can be used for key encryption.</summary>
KeyEncipherment = X509KeyUsageFlags.KeyEncipherment,
/// <summary>The key can be used for authentication.</summary>
NonRepudiation = X509KeyUsageFlags.NonRepudiation,
/// <summary>The key can be used as a digital signature.</summary>
DigitalSignature = X509KeyUsageFlags.DigitalSignature,
/// <summary>The key can be used for decryption only.</summary>
DecipherOnly = X509KeyUsageFlags.DecipherOnly
}

6
certmgr/Jobs/CertificateSettings.cs
View File

@@ -31,6 +31,12 @@ public sealed class CertificateSettings : JobSettings
[Setting("subject-alternate-name", AlternateNames = ["san"], Validator = typeof(SubjectAlternateNamesValidator))] [Setting("subject-alternate-name", AlternateNames = ["san"], Validator = typeof(SubjectAlternateNamesValidator))]
public IReadOnlyCollection<string>? SubjectAlternateNames { [DebuggerStepThrough] get; [DebuggerStepThrough] set; } public IReadOnlyCollection<string>? SubjectAlternateNames { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
[Setting("friendly-name")]
public string? FriendlyName { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
[Setting("key-usage", Default = CertGen.KeyUsage.None, Converter = typeof(EnumConverter))]
public KeyUsage? KeyUsage { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }
[Setting("algorithm", Default = CertificateAlgorithm.ECDsa, Converter = typeof(EnumConverter))] [Setting("algorithm", Default = CertificateAlgorithm.ECDsa, Converter = typeof(EnumConverter))]
public CertificateAlgorithm? Algorithm { [DebuggerStepThrough] get; [DebuggerStepThrough] set; } public CertificateAlgorithm? Algorithm { [DebuggerStepThrough] get; [DebuggerStepThrough] set; }

10
certmgr/Jobs/CreateCertificateJob.cs
View File

@@ -38,7 +38,6 @@ public sealed class CreateCertificateJob : Job<CertificateSettings>
throw new JobException(writeResult.Exception, "Failed to write create certificate to target storage (type = '{0}', storage = '{1}')", Settings.Storage.GetType().ToString(false), Settings.Storage.ToString()); throw new JobException(writeResult.Exception, "Failed to write create certificate to target storage (type = '{0}', storage = '{1}')", Settings.Storage.GetType().ToString(false), Settings.Storage.ToString());
} }
} }
} }
} }
@@ -70,15 +69,19 @@ public sealed class CreateCertificateJob : Job<CertificateSettings>
CertGen.CertificateSettings cgcs = new CertGen.CertificateSettings(); CertGen.CertificateSettings cgcs = new CertGen.CertificateSettings();
X509KeyStorageFlags flags = X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet; cgcs.SubjectName = Settings.Subject;
cgcs.ValidityPeriod = Settings.ValidityPeriod.HasValue ? Settings.ValidityPeriod.Value : TimeSpan.FromDays(365); cgcs.ValidityPeriod = Settings.ValidityPeriod.HasValue ? Settings.ValidityPeriod.Value : TimeSpan.FromDays(365);
cgcs.FriendlyName = "I'm your friend"; cgcs.FriendlyName = Settings.FriendlyName;
cgcs.IsCertificateAuthority = Settings.IsCertificateAuthority;
cgcs.KeyUsage = (X509KeyUsageFlags)(Settings.KeyUsage.HasValue ? Settings.KeyUsage.Value : KeyUsage.None);
if (Settings.Issuer != null) if (Settings.Issuer != null)
{ {
try try
{ {
using (MemoryStream ms = new MemoryStream()) using (MemoryStream ms = new MemoryStream())
{ {
// X509KeyStorageFlags flags = X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
X509KeyStorageFlags flags = X509KeyStorageFlags.DefaultKeySet;
await Settings.Issuer.ReadAsync(ms, cancellationToken).ConfigureAwait(false); await Settings.Issuer.ReadAsync(ms, cancellationToken).ConfigureAwait(false);
cgcs.Issuer = X509CertificateLoader.LoadPkcs12(ms.GetBuffer(), Settings.IssuerPassword, flags); cgcs.Issuer = X509CertificateLoader.LoadPkcs12(ms.GetBuffer(), Settings.IssuerPassword, flags);
} }
@@ -88,7 +91,6 @@ public sealed class CreateCertificateJob : Job<CertificateSettings>
throw new CertGenException(e, "Failed to load issuer's certificate"); throw new CertGenException(e, "Failed to load issuer's certificate");
} }
} }
cgcs.SubjectName = Settings.Subject;
if (Settings.SubjectAlternateNames != null) if (Settings.SubjectAlternateNames != null)
{ {
foreach (string altName in Settings.SubjectAlternateNames) foreach (string altName in Settings.SubjectAlternateNames)