jellyfin/MediaBrowser.Server.Mono/Networking/CertificateGenerator.cs

using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using MediaBrowser.Model.Logging;
using Mono.Security.X509;

namespace MediaBrowser.Server.Mono.Networking
{
    internal class CertificateGenerator
    {
        private const string MonoTestRootAgency = "<RSAKeyValue><Modulus>v/4nALBxCE+9JgEC0LnDUvKh6e96PwTpN4Rj+vWnqKT7IAp1iK/JjuqvAg6DQ2vTfv0dTlqffmHH51OyioprcT5nzxcSTsZb/9jcHScG0s3/FRIWnXeLk/fgm7mSYhjUaHNI0m1/NTTktipicjKxo71hGIg9qucCWnDum+Krh/k=</Modulus><Exponent>AQAB</Exponent><P>9jbKxMXEruW2CfZrzhxtull4O8P47+mNsEL+9gf9QsRO1jJ77C+jmzfU6zbzjf8+ViK+q62tCMdC1ZzulwdpXQ==</P><Q>x5+p198l1PkK0Ga2mRh0SIYSykENpY2aLXoyZD/iUpKYAvATm0/wvKNrE4dKJyPCA+y3hfTdgVag+SP9avvDTQ==</Q><DP>ISSjCvXsUfbOGG05eddN1gXxL2pj+jegQRfjpk7RAsnWKvNExzhqd5x+ZuNQyc6QH5wxun54inP4RTUI0P/IaQ==</DP><DQ>R815VQmR3RIbPqzDXzv5j6CSH6fYlcTiQRtkBsUnzhWmkd/y3XmamO+a8zJFjOCCx9CcjpVuGziivBqi65lVPQ==</DQ><InverseQ>iYiu0KwMWI/dyqN3RJYUzuuLj02/oTD1pYpwo2rvNCXU1Q5VscOeu2DpNg1gWqI+1RrRCsEoaTNzXB1xtKNlSw==</InverseQ><D>nIfh1LYF8fjRBgMdAH/zt9UKHWiaCnc+jXzq5tkR8HVSKTVdzitD8bl1JgAfFQD8VjSXiCJqluexy/B5SGrCXQ49c78NIQj0hD+J13Y8/E0fUbW1QYbhj6Ff7oHyhaYe1WOQfkp2t/h+llHOdt1HRf7bt7dUknYp7m8bQKGxoYE=</D></RSAKeyValue>";

        internal static void CreateSelfSignCertificatePfx(
            string fileName,
            string hostname,
            ILogger logger)
        {
            try
            {
                if (string.IsNullOrWhiteSpace(fileName))
                {
                    logger.Info("No certificate filename specified.");
                    return;
                }

                if (File.Exists(fileName))
                {
                    logger.Info("Certificate file already exists. To regenerate, delete {0}", fileName);
                    return;
                }

                byte[] sn = Guid.NewGuid().ToByteArray();
                string subject = string.Format("CN={0}", hostname);
                string issuer = subject;
                DateTime notBefore = DateTime.Now.AddDays(-2);
                DateTime notAfter = DateTime.Now.AddYears(10);

                RSA issuerKey = RSA.Create();
                issuerKey.FromXmlString(MonoTestRootAgency);
                RSA subjectKey = RSA.Create();

                // serial number MUST be positive
                if ((sn[0] & 0x80) == 0x80)
                    sn[0] -= 0x80;

                issuer = subject;
                issuerKey = subjectKey;

                X509CertificateBuilder cb = new X509CertificateBuilder(3);
                cb.SerialNumber = sn;
                cb.IssuerName = issuer;
                cb.NotBefore = notBefore;
                cb.NotAfter = notAfter;
                cb.SubjectName = subject;
                cb.SubjectPublicKey = subjectKey;

                // signature
                cb.Hash = "SHA256";
                byte[] rawcert = cb.Sign(issuerKey);

                PKCS12 p12 = new PKCS12();


                ArrayList list = new ArrayList();
                // we use a fixed array to avoid endianess issues 
                // (in case some tools requires the ID to be 1).
                list.Add(new byte[4] {1, 0, 0, 0});
                Hashtable attributes = new Hashtable(1);
                attributes.Add(PKCS9.localKeyId, list);

                p12.AddCertificate(new X509Certificate(rawcert), attributes);

                p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
                p12.SaveToFile(fileName);
            }
            catch (Exception e)
            {
                logger.ErrorException("Error generating self signed ssl certificate: {0}", e, fileName);
            }

        }
    }
}