Merge pull request #43 from damienbod/feature/subjectAlternativeName-…

…new-properties

Add SubjectAlternativeName properties

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Certificate Manager change log
 
+<a name="2020-11-21"></a>
+## 2020-11-21 version 1.0.6
+* Add support for all SubjectAlternativeName properties
+
 ## 2020-11-21 
 * Updated packages, move to .NET 6
 

Documentation.md

@@ -19,7 +19,7 @@ Certificate Manager is a package which makes it easy to create certificates (cha
 Add the NuGet package to the your project file
 
 ```
-<PackageReference Include="CertificateManager" Version="1.0.5" />
+<PackageReference Include="CertificateManager" Version="1.0.6" />
 ```
 
 The NuGet packages uses dependency injection to setup. In a console application initialize the package as follows:

README.md

@@ -13,7 +13,7 @@
 Add the NuGet package to the your project file
 
 ```
-<PackageReference Include="CertificateManager" Version="1.0.5" />
+<PackageReference Include="CertificateManager" Version="1.0.6" />
 ```
 
 The NuGet packages uses dependency injection to setup. In a console application initialize the package as follows:

src/CertificateManager/CertificateManager.csproj

@@ -12,10 +12,10 @@
 </Description>
     <PackageTags>certificate authentication mtls pfx cer pem cert crt</PackageTags>
     <PackageReleaseNotes>bug fix Subject Key Identifier</PackageReleaseNotes>
-    <Copyright>2020 damienbod</Copyright>
+    <Copyright>2021 damienbod</Copyright>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
     <Authors>damienbod</Authors>
-    <Version>1.0.5</Version>
+    <Version>1.0.6</Version>
     <PublishRepositoryUrl>true</PublishRepositoryUrl>
     <IncludeSymbols>true</IncludeSymbols>
     <SymbolPackageFormat>snupkg</SymbolPackageFormat>

src/CertificateManager/CertificateUtility.cs

@@ -41,16 +41,31 @@ public void AddSubjectAlternativeName(CertificateRequest request, SubjectAlterna
             }
 
             var sanBuilder = new SubjectAlternativeNameBuilder();
-            foreach(var dnsName in subjectAlternativeName.DnsName)
+            foreach (var dnsName in subjectAlternativeName.DnsName)
             {
                 sanBuilder.AddDnsName(dnsName);
             }
 
-            if(!string.IsNullOrEmpty(subjectAlternativeName.Email))
+            if (!string.IsNullOrEmpty(subjectAlternativeName.Email))
             {
                 sanBuilder.AddEmailAddress(subjectAlternativeName.Email);
             }
 
+            if (subjectAlternativeName.IpAddress != null)
+            {
+                sanBuilder.AddIpAddress(subjectAlternativeName.IpAddress);
+            }
+
+            if (!string.IsNullOrEmpty(subjectAlternativeName.UserPrincipalName))
+            {
+                sanBuilder.AddUserPrincipalName(subjectAlternativeName.UserPrincipalName);
+            }
+
+            if (subjectAlternativeName.Uri != null)
+            {
+                sanBuilder.AddUri(subjectAlternativeName.Uri);
+            }
+
             var sanExtension = sanBuilder.Build();
             request.CertificateExtensions.Add(sanExtension);
         }

src/CertificateManager/CreateCertificates.cs

@@ -69,15 +69,15 @@ public X509Certificate2 NewECDsaSelfSignedCertificate(
             SubjectAlternativeName subjectAlternativeName,
             OidCollection enhancedKeyUsages,
             X509KeyUsageFlags x509KeyUsageFlags,
-            CertificateRequest request) 
+            CertificateRequest request)
         {
 
             X509Certificate2 generatedCertificate = SelfSignedConfiguration(
-                basicConstraints, 
-                validityPeriod, 
-                subjectAlternativeName, 
-                enhancedKeyUsages, 
-                x509KeyUsageFlags, 
+                basicConstraints,
+                validityPeriod,
+                subjectAlternativeName,
+                enhancedKeyUsages,
+                x509KeyUsageFlags,
                 request);
 
             return generatedCertificate;
@@ -96,7 +96,7 @@ public X509Certificate2 NewRsaSelfSignedCertificate(
             var request = new CertificateRequest(
                 _certificateUtility.CreateIssuerOrSubject(distinguishedName),
                 rsa,
-                rsaConfiguration.HashAlgorithmName, 
+                rsaConfiguration.HashAlgorithmName,
                 rsaConfiguration.RSASignaturePadding);
 
             return NewRsaSelfSignedCertificate(basicConstraints,
@@ -117,11 +117,11 @@ public X509Certificate2 NewRsaSelfSignedCertificate(
         {
 
             X509Certificate2 generatedCertificate = SelfSignedConfiguration(
-                basicConstraints, 
-                validityPeriod, 
-                subjectAlternativeName, 
-                enhancedKeyUsages, 
-                x509KeyUsageFlags, 
+                basicConstraints,
+                validityPeriod,
+                subjectAlternativeName,
+                enhancedKeyUsages,
+                x509KeyUsageFlags,
                 request);
 
             return generatedCertificate;
@@ -174,12 +174,12 @@ public X509Certificate2 NewRsaChainedCertificate(
             }
 
             X509Certificate2 cert = ChainedConfiguration(
-                basicConstraints, 
-                validityPeriod, 
-                subjectAlternativeName, 
-                signingCertificate, 
-                enhancedKeyUsages, 
-                x509KeyUsageFlags, 
+                basicConstraints,
+                validityPeriod,
+                subjectAlternativeName,
+                signingCertificate,
+                enhancedKeyUsages,
+                x509KeyUsageFlags,
                 request);
 
             if (rsa == null)
@@ -239,17 +239,17 @@ public X509Certificate2 NewECDsaChainedCertificate(
             }
 
             X509Certificate2 cert = ChainedConfiguration(
-                basicConstraints, 
-                validityPeriod, 
-                subjectAlternativeName, 
-                signingCertificate, 
-                enhancedKeyUsages, 
-                x509KeyUsageFlags, 
+                basicConstraints,
+                validityPeriod,
+                subjectAlternativeName,
+                signingCertificate,
+                enhancedKeyUsages,
+                x509KeyUsageFlags,
                 request);
             if (ecdsa == null)
             {
                 return cert;
-            } 
+            }
             else
             {
                 return cert.CopyWithPrivateKey(ecdsa);
@@ -283,7 +283,7 @@ private X509Certificate2 ChainedConfiguration(BasicConstraints basicConstraints,
                     break;
                 }
             }
-            
+
             _certificateUtility.AddSubjectAlternativeName(request, subjectAlternativeName);
 
             // Enhanced key usages

src/CertificateManager/CreateCertificatesClientServerAuth.cs

@@ -145,7 +145,8 @@ public X509Certificate2 NewDeviceVerificationCertificate(
            string deviceVerification,
            X509Certificate2 parentCertificateAuthority)
         {
-            var enhancedKeyUsages = new OidCollection {
+            var enhancedKeyUsages = new OidCollection
+            {
             };
 
             var distinguishedName = new DistinguishedName
@@ -250,7 +251,7 @@ public X509Certificate2 NewClientSelfSignedCertificate(
             ValidityPeriod validityPeriod,
             string dnsName)
         {
-            var enhancedKeyUsages = new OidCollection {       
+            var enhancedKeyUsages = new OidCollection {
                 OidLookup.ClientAuthentication
             };
 
@@ -289,7 +290,7 @@ private X509Certificate2 NewDeviceChainedCertificate(
            DistinguishedName distinguishedName,
            ValidityPeriod validityPeriod,
            string dnsName,
-           OidCollection enhancedKeyUsages, 
+           OidCollection enhancedKeyUsages,
            X509Certificate2 parentCertificateAuthority)
         {
             var basicConstraints = new BasicConstraints

src/CertificateManager/CreateCertificatesRsa.cs

@@ -59,8 +59,11 @@ public X509Certificate2 CreateDevelopmentCertificate(string dnsName, int validit
             var certificate = _createCertificates.NewRsaSelfSignedCertificate(
                 new DistinguishedName { CommonName = dnsName },
                 basicConstraints,
-                new ValidityPeriod { ValidFrom = DateTimeOffset.UtcNow, 
-                    ValidTo = DateTimeOffset.UtcNow.AddYears(validityPeriodInYears) },
+                new ValidityPeriod
+                {
+                    ValidFrom = DateTimeOffset.UtcNow,
+                    ValidTo = DateTimeOffset.UtcNow.AddYears(validityPeriodInYears)
+                },
                 subjectAlternativeName,
                 enhancedKeyUsages,
                 x509KeyUsageFlags,

src/CertificateManager/ImportExportCertificate.cs

@@ -68,14 +68,14 @@ public string PemExportPfxFullCertificate(X509Certificate2 cert, string password
             StringBuilder builder = new StringBuilder();
 
             builder.AppendLine(PemDecoder.GetBegin(PemTypes.CERTIFICATE));
-            if(string.IsNullOrEmpty(password))
+            if (string.IsNullOrEmpty(password))
             {
-                builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx), 
+                builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx),
                     Base64FormattingOptions.InsertLineBreaks));
             }
             else
             {
-                builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx, password), 
+                builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx, password),
                     Base64FormattingOptions.InsertLineBreaks));
             }
             builder.AppendLine(PemDecoder.GetEnd(PemTypes.CERTIFICATE));
@@ -148,7 +148,7 @@ public string PemExportPublicKeyCertificate(X509Certificate2 certificate)
             StringBuilder builder = new StringBuilder();
             builder.AppendLine(PemDecoder.GetBegin(PemTypes.CERTIFICATE));
             builder.AppendLine(Convert.ToBase64String(deviceVerifyPublicKeyBytes,
-                    Base64FormattingOptions.InsertLineBreaks));           
+                    Base64FormattingOptions.InsertLineBreaks));
             builder.AppendLine(PemDecoder.GetEnd(PemTypes.CERTIFICATE));
             return builder.ToString();
         }
@@ -186,15 +186,15 @@ public AsymmetricAlgorithm PemImportPrivateKey(string pemCertificate)
         }
 
         public X509Certificate2 CreateCertificateWithPrivateKey(
-            X509Certificate2 certificate, 
-            AsymmetricAlgorithm privateKey, 
+            X509Certificate2 certificate,
+            AsymmetricAlgorithm privateKey,
             string password = null)
         {
             return PemDecoder.CreateCertificateWithPrivateKey(certificate, privateKey, password);
         }
 
         private byte[] CertificateToPfx(string password,
-            X509Certificate2 certificate, 
+            X509Certificate2 certificate,
             X509Certificate2 signingCertificate,
             X509Certificate2Collection chain)
         {

src/CertificateManager/Models/ECDsaConfiguration.cs

@@ -10,6 +10,6 @@ public class ECDsaConfiguration
         public int KeySize { get; set; } = 256;
 
         public HashAlgorithmName HashAlgorithmName { get; set; } = HashAlgorithmName.SHA256;
-        
+
     }
 }

src/CertificateManager/Models/RsaConfiguration.cs

@@ -15,6 +15,6 @@ public class RsaConfiguration
         public RSASignaturePadding RSASignaturePadding { get; set; } = RSASignaturePadding.Pkcs1;
 
         public HashAlgorithmName HashAlgorithmName { get; set; } = HashAlgorithmName.SHA256;
-        
+
     }
 }

src/CertificateManager/Models/SubjectAlternativeName.cs

@@ -1,4 +1,6 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
+using System.Net;
 
 namespace CertificateManager.Models
 {
@@ -14,5 +16,16 @@ public class SubjectAlternativeName
         /// optional
         /// </summary>
         public string Email { get; set; }
+
+        /// <summary>
+        /// optional
+        /// </summary>
+        public IPAddress IpAddress { get; set; } = null;
+
+        /// <summary>
+        /// optional
+        /// </summary>
+        public string UserPrincipalName { get; set; }
+        public Uri Uri { get; set; } = null;
     }
 }

src/CertificateManager/PemDecoder.cs

@@ -127,8 +127,8 @@ AsymmetricAlgorithm RSAKey(ReadOnlySpan<byte> bytes)
         }
 
         public static X509Certificate2 CreateCertificateWithPrivateKey(
-            X509Certificate2 certificate, 
-            AsymmetricAlgorithm privateKey, 
+            X509Certificate2 certificate,
+            AsymmetricAlgorithm privateKey,
             string password = null)
         {
             var builder = new Pkcs12Builder();

src/CertificateManager/PemTypes.cs

@@ -77,6 +77,6 @@ public static class PemTypes
         public const string ENCRYPTED_PRIVATE_KEY = "ENCRYPTED PRIVATE KEY";
 
         public static readonly string[] KnownTypes = new[] { RSA_PRIVATE_KEY, PRIVATE_KEY, ENCRYPTED_PRIVATE_KEY, EC_PRIVATE_KEY };
-    
+
     }
 }

src/CertificateManagerTests/CertificateManagerTests.csproj

@@ -2,8 +2,15 @@
 
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
+	<IsPackable>false</IsPackable>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <NoWarn>1701;1702;CA1416</NoWarn>
+  </PropertyGroup>
 
-    <IsPackable>false</IsPackable>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+    <NoWarn>1701;1702;CA1416</NoWarn>
   </PropertyGroup>
 
   <ItemGroup>

src/CertificateManagerTests/ClientServerAuthTests.cs

@@ -11,7 +11,7 @@ namespace CertificateManagerTests
 {
     public class ClientServerAuthTests
     {
-        private (X509Certificate2 root, X509Certificate2 intermediate, X509Certificate2 server, X509Certificate2 client) SetupCerts()
+        private static (X509Certificate2 root, X509Certificate2 intermediate, X509Certificate2 server, X509Certificate2 client) SetupCerts()
         {
             var serviceProvider = new ServiceCollection()
                 .AddCertificateManager()
@@ -61,7 +61,7 @@ public void ValidateSelfSigned()
         [Fact]
         public void ValidateSelfSignedValid()
         {
-            var (root, intermediate, server, client) = SetupCerts();
+            var (root, _, _, _) = SetupCerts();
 
             var x509ChainPolicy = BuildChainUtil.BuildChainPolicySelfSigned(root, true, true);
             var chain = new X509Chain

src/CertificateManagerTests/DistinguishedNameTests.cs

@@ -20,13 +20,14 @@ public void DnCompleteValid()
 
 
             var rootCaL1 = createClientServerAuthCerts.NewRootCertificate(
-                new DistinguishedName { 
-                    CommonName = "root dev", 
-                    Country = "IT", 
-                    Locality = "DD", 
-                    Organisation="SS", 
-                    OrganisationUnit="unit",
-                    StateProvince= "yes"
+                new DistinguishedName
+                {
+                    CommonName = "root dev",
+                    Country = "IT",
+                    Locality = "DD",
+                    Organisation = "SS",
+                    OrganisationUnit = "unit",
+                    StateProvince = "yes"
                 },
                 new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(10) },
                 3, "localhost");

src/CertificateManagerTests/DnsNameTests.cs

@@ -51,7 +51,7 @@ public void DnsNameInvalid()
                 3, "local  _ host");
             });
 
-            
+
         }
 
     }