Class X509CertificateManager
Provides methods for creating self-signed and CA-issued X.509 certificates.
Inherited Members
Namespace: Nevatech.Vsb.Repository.Security.Cryptography.X509Certificates
Assembly: Nevatech.Vsb.Repository.dll
Syntax
public sealed class X509CertificateManagerRemarks
Certificates are signed using RSA-SHA1 algorithm. Certificate key is generated using RSA algorithm. Default key size is 2048 bits. Certificate has "Subject Alternative Name" property with "DNS Name" attribute set to Subject's Common Name.
Constructors
X509CertificateManager()
Initializes new instance with default properties.
Declaration
public X509CertificateManager()Properties
Extensions
Gets collection of new certificate extensions.
Declaration
public Collection<X509Extension> Extensions { get; }Property Value
| Type | Description |
|---|---|
| Collection<X509Extension> |
KeySize
Gets or sets new certificate key size (in bits). Default is 2048 bits.
Declaration
public int KeySize { get; set; }Property Value
| Type | Description |
|---|---|
| Int32 |
SigningCertificate
Gets or sets issuer's certificate that will be used to sign new certificate.
Declaration
public X509Certificate2 SigningCertificate { get; set; }Property Value
| Type | Description |
|---|---|
| X509Certificate2 |
Store
Gets or sets store location (current user or machine) where new certificates and certificate requests will be created. Default is current user's store.
Declaration
public StoreLocation Store { get; set; }Property Value
| Type | Description |
|---|---|
| StoreLocation |
UseCngProvider
Gets or sets the flag indicating that Cryptography Next Generation (CNG) Provider should be used for storing certificate's private key. Setting this parameter to false will only work on Windows.
Declaration
public bool UseCngProvider { get; set; }Property Value
| Type | Description |
|---|---|
| Boolean |
ValidityPeriod
Gets or sets new certificate expiration time period. Default is 1 year.
Declaration
public TimePeriod ValidityPeriod { get; set; }Property Value
| Type | Description |
|---|---|
| TimePeriod |
Methods
CreateCertificate(X500DistinguishedName)
Creates certificate signed by local certificate authority (CA) with provided subject distinguished name.
Declaration
public X509Certificate2 CreateCertificate(X500DistinguishedName subjectName)Parameters
| Type | Name | Description |
|---|---|---|
| X500DistinguishedName | subjectName | New certificate's subject distinguished name. |
Returns
| Type | Description |
|---|---|
| X509Certificate2 | New CA-issued certificate with requested subject distinguished name. |
CreateCertificateSigningRequest(X500DistinguishedName)
Creates new certificate signing request (CSR) used to create certificate signed by an authority (CA).
Declaration
public string CreateCertificateSigningRequest(X500DistinguishedName subjectName)Parameters
| Type | Name | Description |
|---|---|---|
| X500DistinguishedName | subjectName | New certificate's subject distinguished name. |
Returns
| Type | Description |
|---|---|
| String | Base64-encoded certificate signing request (CSR). |
CreateSelfSignedCertificate(X500DistinguishedName)
Creates self-signed certificate with provided subject distinguished name.
Declaration
public X509Certificate2 CreateSelfSignedCertificate(X500DistinguishedName subjectName)Parameters
| Type | Name | Description |
|---|---|---|
| X500DistinguishedName | subjectName | New certificate's subject distinguished name. |
Returns
| Type | Description |
|---|---|
| X509Certificate2 | New self-signed certificate with requested subject distinguished name. |
GetCertificate(String, X509FindType, StoreName, StoreLocation, Boolean)
Returns certificate from the specified certificate store.
Declaration
public static X509Certificate2 GetCertificate(string findValue, X509FindType findType, StoreName storeName, StoreLocation storeLocation, bool throwIfNotSingle)Parameters
| Type | Name | Description |
|---|---|---|
| String | findValue | Search value of the certificate that needs to be retrieved. |
| X509FindType | findType | Value that defines provided |
| StoreName | storeName | Certificate store name (My, Root, etc) where requested certificate needs to be looked for. |
| StoreLocation | storeLocation | Certificate store location (current user or machine) where requested certificate needs to be looked for. |
| Boolean | throwIfNotSingle | Flag indicating that exception should be thrown, if certificate is not found, or more that one certificate is found. |
Returns
| Type | Description |
|---|---|
| X509Certificate2 | Returns the first matching certificate or Null, if certificate is not found. |
GetCertificates(Byte[], String)
Returns all certificates contained in the provided PFX (PKCS12) file.
Declaration
public static X509Certificate2Collection GetCertificates(byte[] rawData, string password)Parameters
| Type | Name | Description |
|---|---|---|
| Byte[] | rawData | Byte array containing PFX file. |
| String | password | Password used to decrypt and verify the PFX packet (optional). |
Returns
| Type | Description |
|---|---|
| X509Certificate2Collection | Collection of certificates contained in the provided PFX (PKCS12) file. |
GetCertificates(StoreName, StoreLocation)
Returns certificate from the specified certificate store.
Declaration
public static X509Certificate2Collection GetCertificates(StoreName storeName, StoreLocation storeLocation)Parameters
| Type | Name | Description |
|---|---|---|
| StoreName | storeName | Certificate store name (My, Root, etc) where requested certificate needs to be looked for. |
| StoreLocation | storeLocation | Certificate store location (current user or machine) where requested certificate needs to be looked for. |
Returns
| Type | Description |
|---|---|
| X509Certificate2Collection | X509Certificate2Collection certificates collection. |
ImportCertificate(Byte[], String, StoreName, StoreLocation, Boolean)
Installs provided X.509 certificate into the specified certificate store.
Declaration
public static bool ImportCertificate(byte[] rawData, string password, StoreName storeName, StoreLocation storeLocation, bool forceImport)Parameters
| Type | Name | Description |
|---|---|---|
| Byte[] | rawData | Byte array containing serialized X.509 certificate. |
| String | password | Password used to decrypt and verify the PFX packet (optional, applies to PFX (PKCS12) files only). |
| StoreName | storeName | Certificate store name (My, Root, etc) where provided certificate needs to be imported. |
| StoreLocation | storeLocation | Certificate store location (current user or machine) where provided certificate needs to be imported. |
| Boolean | forceImport | Flag indicating that if provided certificate already exists in the store, it should be overwritten. |
Returns
| Type | Description |
|---|---|
| Boolean | True, if certificate has been successfully imported into the store. False, if specified store already has the same certificate. |
ImportCertificate(X509Certificate2, StoreName, StoreLocation, Boolean)
Installs provided X.509 certificate into the specified certificate store.
Declaration
public static bool ImportCertificate(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation, bool forceImport)Parameters
| Type | Name | Description |
|---|---|---|
| X509Certificate2 | certificate | X.509 certificate that needs to be imported. |
| StoreName | storeName | Certificate store name (My, Root, etc) where provided certificate needs to be imported. |
| StoreLocation | storeLocation | Certificate store location (current user or machine) where provided certificate needs to be imported. |
| Boolean | forceImport | Flag indicating that if provided certificate already exists in the store, it should be overwritten. |
Returns
| Type | Description |
|---|---|
| Boolean | True, if certificate has been successfully imported into the store. False, if specified store already has the same certificate. |
IsSelfSigned(X509Certificate2)
Returns flag indicating that provided X.509 certificate is self-signed.
Declaration
public static bool IsSelfSigned(X509Certificate2 certificate)Parameters
| Type | Name | Description |
|---|---|---|
| X509Certificate2 | certificate | X.509 certificate that needs to be checked. |
Returns
| Type | Description |
|---|---|
| Boolean | True, if provided certificate is self-signed. False, if provided certificate is signed by another certificate. |
MergeCertificateResponse(String, Boolean)
Merges provided CA-signed certificate signing request (CSR) with locally stored original CSR and returns the resulting certificate.
Declaration
public X509Certificate2 MergeCertificateResponse(string encodedResponse, bool deleteFromStore)Parameters
| Type | Name | Description |
|---|---|---|
| String | encodedResponse | Base64-encoded signed certificate request issued by an authority. |
| Boolean | deleteFromStore | Flag indicating that certificate has to be deleted from the store after it has been fully created. |
Returns
| Type | Description |
|---|---|
| X509Certificate2 | Fully merged CA-issued certificate with requested subject distinguished name. |
SignCertificateRequest(String)
Sign certificate signing request (CSR) with issuer's certificate (CA) and returns response that have to be merged with the stored request.
Declaration
public string SignCertificateRequest(string encodedRequest)Parameters
| Type | Name | Description |
|---|---|---|
| String | encodedRequest | Base64-encoded certificate signing request (CSR). |
Returns
| Type | Description |
|---|---|
| String | Base64-encoded signed certificate that have to be merged with the stored request. |
ValidateCertificate(X509Certificate2, X509RevocationMode)
Validates certificate.
Declaration
public static bool ValidateCertificate(X509Certificate2 certificate, X509RevocationMode revocationMode)Parameters
| Type | Name | Description |
|---|---|---|
| X509Certificate2 | certificate | X.509 certificate to be validated. |
| X509RevocationMode | revocationMode | Certificate revocation mode. |
Returns
| Type | Description |
|---|---|
| Boolean | True, if certificate is valid. False,otherwise. |