FluentCertificates.Polyfills
0.9.1
See the version list below for details.
dotnet add package FluentCertificates.Polyfills --version 0.9.1
NuGet\Install-Package FluentCertificates.Polyfills -Version 0.9.1
<PackageReference Include="FluentCertificates.Polyfills" Version="0.9.1" />
paket add FluentCertificates.Polyfills --version 0.9.1
#r "nuget: FluentCertificates.Polyfills, 0.9.1"
// Install FluentCertificates.Polyfills as a Cake Addin #addin nuget:?package=FluentCertificates.Polyfills&version=0.9.1 // Install FluentCertificates.Polyfills as a Cake Tool #tool nuget:?package=FluentCertificates.Polyfills&version=0.9.1
📖 FluentCertificates Overview
⚠️ Note: while version numbers are v0.x.y, this software is under initial development and there'll be breaking-changes in its API from version to version.
FluentCertificates is a library using the Immutable Fluent Builder pattern for easily creating, finding and exporting certificates. Makes it simple to generate your own certificate chains, or just stand-alone self-signed certificates.
This project is published in several NuGet packages:
- FluentCertificates: Top-level package that doesn't introduce any new functionality, it just imports the FluentCertificates.Builder, FluentCertificates.Extensions and FluentCertificates.Finder packages.
- FluentCertificates.Builder: Provides
CertificateBuilder
for building certificates and also includes a bunch of convenient extension-methods. Examples below - FluentCertificates.Extensions: Provides a bunch of convenient extension-methods. Examples below
- FluentCertificates.Finder: Provides
CertificateFinder
for finding certificates across a collection of X509Stores. Examples below
Unfortunately documentation is incomplete. You may find more examples within the project's unit tests.
CertificateBuilder
examples
CertificateBuilder
requires the FluentCertificates.Builder package and is found under the FluentCertificates
namespace.
The absolute minimum needed to create a certificate (although it may not be a very useful one):
using var cert = new CertificateBuilder().Create();
Create a CertificateSigningRequest
for signing, exporting and passing to a 3rd party CA:
//A public & private keypair must be created first, outside of the CertificateBuilder, otherwise you'd have no way to retrieve the private-key used for the new CertificateSigningRequest object
using var keys = RSA.Create();
//Creating a CertificateSigningRequest
var csr = new CertificateBuilder()
.SetUsage(CertificateUsage.Server)
.SetSubject(b => b.SetCommonName("*.fake.domain"))
.SetDnsNames("*.fake.domain", "fake.domain")
.SetKeyPair(keys)
.CreateCertificateSigningRequest();
//The CertificateRequest object is accessible here:
var certRequest = csr.CertificateRequest;
//CSR can be exported to a string
Console.WriteLine(csr.ToPemString());
//Or to a file or StringWriter instance
csr.ExportAsPem("csr.pem");
Build a self-signed web server certificate:
//Using a fluent style
using var cert = new CertificateBuilder()
.SetUsage(CertificateUsage.Server)
.SetFriendlyName("Example self-signed web-server certificate")
.SetSubject(b => b.SetCommonName("*.fake.domain"))
.SetDnsNames("*.fake.domain", "fake.domain")
.SetNotAfter(DateTimeOffset.UtcNow.AddMonths(1))
.Create();
//And just to demonstrate using object initializers (I'll use fluent style from now on though)
using var builder = new CertificateBuilder() {
Usage = CertificateUsage.Server,
FriendlyName = "Example self-signed web-server certificate",
Subject = new X500NameBuilder().SetCommonName("*.fake.domain"),
DnsNames = new[] { "*.fake.domain", "fake.domain" },
NotAfter = DateTimeOffset.UtcNow.AddMonths(1)
};
var cert = builder.Create();
Build a CA (certificate authority):
//A CA's expiry date must be later than that of any certificates it will issue
using var issuer = new CertificateBuilder()
.SetUsage(CertificateUsage.CA)
.SetFriendlyName("Example root CA")
.SetSubject(b => b.SetCommonName("Example root CA"))
.SetNotAfter(DateTimeOffset.UtcNow.AddYears(100))
.Create();
Build a client-auth certificate signed by a CA:
//Note: the 'issuer' certificate used must have a private-key attached in order to sign this new certificate
using var cert = new CertificateBuilder()
.SetUsage(CertificateUsage.Client)
.SetFriendlyName("Example client-auth certificate")
.SetSubject(b => b.SetCommonName("User: Michael"))
.SetNotAfter(DateTimeOffset.UtcNow.AddYears(1))
.SetIssuer(issuer)
.Create();
Advanced: Build a certificate with customized extensions:
using var cert = new CertificateBuilder()
.SetFriendlyName("Example certificate with customized extensions")
.SetSubject(b => b.SetCommonName("Example certificate with customized extensions"))
.AddExtension(new X509BasicConstraintsExtension(false, false, 0, true))
.AddExtension(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DataEncipherment, true))
.AddExtension(new X509EnhancedKeyUsageExtension(new OidCollection { new(KeyPurposeID.AnyExtendedKeyUsage.Id) }, false))
.SetIssuer(issuer)
.Create();
CertificateFinder
examples
CertificateFinder
requires the FluentCertificates.Finder package and is found under the FluentCertificates
namespace.
TODO: document this
X500NameBuilder
examples
X500NameBuilder
requires the FluentCertificates.Builder package and is found under the FluentCertificates
namespace.
TODO: document this; see unit tests for more examples
X509Certificate2
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
TODO: document these; see unit tests for more examples
Extension-Method | Description |
---|---|
BuildChain |
|
ExportAsCert |
|
ExportAsPkcs12 |
|
ExportAsPkcs7 |
|
ExportAsPem |
|
ToPemString |
|
ToBase64String |
|
GetPrivateKey |
|
GetSignatureData |
|
GetToBeSignedData |
|
IsValidNow |
|
IsValid |
|
IsSelfSigned |
|
IsIssuedBy |
X509Chain
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
TODO: document these
Extension-Method | Description |
---|---|
ToCollection |
|
ToEnumerable |
|
ExportAsPkcs7 |
|
ExportAsPkcs12 |
|
ExportAsPem |
|
ToPemString |
X509Certificate2Collection
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
TODO: document these
Extension-Method | Description |
---|---|
ToEnumerable |
|
ExportAsPkcs7 |
|
ExportAsPkcs12 |
|
ExportAsPem |
|
ToPemString |
IEnumerable<X509Certificate2>
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
TODO: document these
Extension-Method | Description |
---|---|
ToCollection |
|
FilterPrivateKeys |
|
ExportAsPkcs7 |
|
ExportAsPkcs12 |
|
ExportAsPem |
|
ToPemString |
AsymmetricAlgorithm
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
TODO: document these
Extension-Method | Description |
---|---|
ToPrivateKeyPemString |
|
ToPublicKeyPemString |
|
ExportAsPrivateKeyPem |
|
ExportAsPublicKeyPem |
CertificateRequest
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
Extension-Method | Description |
---|---|
ToPemString() |
Exports the CertificateRequest to a PEM string. |
ExportAsPem(string path) |
Exports the CertificateRequest to the specified PEM file. |
ExportAsPem(TextWriter writer) |
Exports the CertificateRequest in PEM format to the given TextWriter . |
ConvertToBouncyCastle() |
Converts the CertificateRequest to a BouncyCastle Pkcs10CertificationRequest |
X509Extension
extension-methods
These extension methods require the FluentCertificates.Builder package and are found under the FluentCertificates
namespace.
Extension-Method | Description |
---|---|
dnExtension.ConvertToBouncyCastle() |
Converts a DotNet X509Extension to a BouncyCastle X509Extension . |
bcExtension.ConvertToDotNet(string oid) |
Converts a BouncyCastle X509Extension to a DotNet X509Extension . A DotNet X509Extension includes an OID, but a BouncyCastle one doesn't, therefore one must be supplied in the parameters here. |
bcExtension.ConvertToDotNet(DerObjectIdentifier oid) |
Converts a BouncyCastle X509Extension to a DotNet X509Extension . A DotNet X509Extension includes an OID, but a BouncyCastle one doesn't, therefore one must be supplied in the parameters here. |
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.1 is compatible. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.1
- System.Formats.Asn1 (>= 7.0.0)
-
net6.0
- System.Formats.Asn1 (>= 7.0.0)
-
net7.0
- System.Formats.Asn1 (>= 7.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
0.9.2-ci0008 | 129 | 11/28/2024 |
0.9.2-ci0006 | 118 | 11/27/2024 |
0.9.2-ci0004 | 120 | 11/27/2024 |
0.9.2-ci0002 | 169 | 2/19/2024 |
0.9.1 | 3,749 | 8/11/2023 |
0.9.1-ci0017 | 267 | 8/11/2023 |
0.9.1-ci0007 | 288 | 8/11/2023 |
0.9.1-ci0006 | 421 | 8/11/2023 |