//
using System;
+using System.Collections;
using System.Globalization;
using System.IO;
using System.Reflection;
CspParameters issuerParams = new CspParameters ();
BasicConstraintsExtension bce = null;
ExtendedKeyUsageExtension eku = null;
+ SubjectAltNameExtension alt = null;
string p12file = null;
string p12pwd = null;
X509Certificate issuerCertificate = null;
}
bce.PathLenConstraint = Convert.ToInt32 (args [i++]);
break;
+ case "-alt":
+ if (alt == null) {
+ string [] dnsNames = File.ReadAllLines (args [i++]);
+ alt = new SubjectAltNameExtension (null, dnsNames, null, null);
+ }
+ break;
case "-ic":
issuerCertificate = LoadCertificate (args [i++]);
issuer = issuerCertificate.SubjectName;
cb.Extensions.Add (bce);
if (eku != null)
cb.Extensions.Add (eku);
+ if (alt != null)
+ cb.Extensions.Add (alt);
// signature
cb.Hash = hashName;
byte[] rawcert = cb.Sign (issuerKey);
} else {
PKCS12 p12 = new PKCS12 ();
p12.Password = p12pwd;
- p12.AddCertificate (new X509Certificate (rawcert));
+
+ ArrayList list = new ArrayList ();
+ // we use a fixed array to avoid endianess issues
+ // (in case some tools requires the ID to be 1).
+ list.Add (new byte [4] { 1, 0, 0, 0 });
+ Hashtable attributes = new Hashtable (1);
+ attributes.Add (PKCS9.localKeyId, list);
+
+ p12.AddCertificate (new X509Certificate (rawcert), attributes);
if (issuerCertificate != null)
p12.AddCertificate (issuerCertificate);
- p12.AddPkcs8ShroudedKeyBag (subjectKey);
+ p12.AddPkcs8ShroudedKeyBag (subjectKey, attributes);
p12.SaveToFile (p12file);
}
Console.WriteLine ("Success");