internal/classes/crypto/Certificate.ps1
class Certificate { static [byte[]] ExportPfx([byte[]] $acmeCertificate, [System.Security.Cryptography.AsymmetricAlgorithm] $algorithm, [securestring] $password) { $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($acmeCertificate); if($algorithm -is [System.Security.Cryptography.RSA]) { $certifiate = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::CopyWithPrivateKey($certificate, $algorithm); } elseif($algorithm -is [System.Security.Cryptography.ECDsa]) { $certifiate = [System.Security.Cryptography.X509Certificates.ECDsaCertificateExtensions]::CopyWithPrivateKey($certificate, $algorithm); } else { throw [System.InvalidOperationException]::new("Cannot use $($algorithm.GetType().Name) to export pfx."); } if($password) { return $certifiate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx, $password); } else { return $certifiate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx); } } static [byte[]] GenerateCsr([string[]] $dnsNames, [System.Security.Cryptography.AsymmetricAlgorithm] $algorithm, [System.Security.Cryptography.HashAlgorithmName] $hashName) { if(-not $dnsNames) { throw [System.ArgumentException]::new("You need to provide at least one DNSName", "dnsNames"); } $sanBuilder = [System.Security.Cryptography.X509Certificates.SubjectAlternativeNameBuilder]::new(); foreach ($dnsName in $dnsNames) { $sanBuilder.AddDnsName($dnsNames); } $distinguishedName = [X500DistinguishedName]::new("CN=$($dnsNames[0])"); [System.Security.Cryptography.X509Certificates.CertificateRequest]$certRequest = $null; if($algorithm -is [System.Security.Cryptography.RSA]) { $certRequest = [System.Security.Cryptography.X509Certificates.CertificateRequest]::new( $distinguishedName, $algorithm, $hashName, [System.Security.Cryptography.RSASignaturePadding]::Pkcs1); } elseif($algorithm -is [System.Security.Cryptography.ECDsa]) { $certRequest = [System.Security.Cryptography.X509Certificates.CertificateRequest]::new( $distinguishedName, $algorithm, $hashName); } else { Write-Error [System.InvalidOperationException]::new("Cannot use $($algorithm.GetType().Name) to create CSR."); } $certRequest.CertificateExtensions.Add($sanBuilder.Build()); return $certRequest.CreateSigningRequest(); } } |