Beispiel #1
0
        /// <summary>
        /// Create an instance of a generic System Crypto CA
        /// </summary>
        /// <param name="ConfigFile">Full pathname to config file</param>
        /// <exception cref="InvalidParameterException">Invalid FIPS140 flag for this CA instance</exception>
        public sysCA(string ConfigFile) : base(ConfigFile)
        {
            // Make sure the CA_Type is correct
            if (!fips140)
            {
                throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance");
            }

            // Get a reference to the key container for the signing key
            cspParam = SysKeyManager.Read(name);

            X509CertificateParser cp = new X509CertificateParser();

            caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value));

            // Setup CA policy
            if (ca.Element("policyEnforcement") != null)
            {
                policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement"));
            }
            // Setup the logger
            startLogging();

            // Expire any old certificates
            Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
        }
Beispiel #2
0
        /// <summary>
        /// Construct a CA object
        /// </summary>
        /// <param name="ConfigFile">Full pathname to config file</param>
        public fipsCA(string ConfigFile) : base()
        {
            configFile = ConfigFile;

            // Read in the configuration
            XDocument config;

            if (XmlSigning.VerifyXmlFile(configFile))
            {
                config = XDocument.Load(configFile);
            }
            else
            {
                throw new GeneralSecurityException("Signature failed on CA config file");
            }

            XElement ca = config.Element("OSCA").Element("CA");

            fips140 = Convert.ToBoolean(ca.Element("fips140").Value);
            if (!fips140)
            {
                throw new InvalidOperationException("Invalid FIPS140 flag for this CA instance");
            }

            if (ca.Element("rqstPending") != null)
            {
                throw new InvalidOperationException("CA is not configured: Request pending");
            }

            name               = ca.Element("name").Value;
            type               = ca.Element("type").Value;
            dbFileLocation     = ca.Element("dbFileLocation").Value;
            publicKeyAlgorithm = ca.Element("publicKeyAlgorithm").Value;
            publicKeySize      = ca.Element("publicKeySize").Value;
            signatureAlgorithm = ca.Element("signatureAlgorithm").Value;
            lastSerial         = ca.Element("lastSerial").Value;
            crlFileLocation    = ca.Element("crlFileLocation").Value;
            lastCRL            = ca.Element("lastCRL").Value;
            crlInterval        = Convert.ToDouble(ca.Element("crlInterval").Value);
            profilesLocation   = ca.Element("profilesLocation").Value;

            cspParam = SysKeyManager.Read(name);

            X509CertificateParser cp = new X509CertificateParser();

            caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value));

            // Setup the Event Logger
            eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam);

            // Log startup event
            logEvent(LogEvent.EventType.StartCA, "CA Started");

            // Expire any old certificates
            Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
        }