/// <summary>
/// Process and X509Request. This includes creating a new X509Certificate
/// and signing this certificate with this CA's private key.
/// </summary>
/// <param name="request"></param>
/// <param name="startTime"></param>
/// <param name="endTime"></param>
/// <param name="digest"></param>
/// <returns></returns>
public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime, MessageDigest digest)
{
//using (CryptoKey pkey = request.PublicKey)
//{
// if (!request.Verify(pkey))
// throw new Exception("Request signature validation failed");
//}
X509Certificate cert = new X509Certificate(
serial.Next(),
request.Subject,
this.caCert.Subject,
request.PublicKey,
startTime,
endTime);
if (this.cfg != null)
{
this.cfg.ApplyExtensions("v3_ca", this.caCert, cert, request);
}
cert.Sign(this.caKey, digest);
return(cert);
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
X509V3ExtensionList extensions)
{
X509Certificate cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (null != extensions)
{
foreach (X509V3ExtensionValue extValue in extensions)
{
X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value);
cert.AddExtension(ext);
}
}
cert.Sign(key, digest);
return(new X509CertificateAuthority(cert, key, seq, null));
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate
/// </summary>
/// <param name="cfg"></param>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
Configuration cfg,
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity)
{
X509Certificate cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (cfg != null)
{
cfg.ApplyExtensions("v3_ca", cert, cert, null);
}
cert.Sign(key, digest);
return(new X509CertificateAuthority(cert, key, seq, cfg));
}
/// <summary>
/// Factory method which creates a X509CertifiateAuthority where
/// the internal certificate is self-signed
/// </summary>
/// <param name="cfg"></param>
/// <param name="seq"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
Configuration cfg,
ISequenceNumber seq,
X509Name subject,
DateTime start,
TimeSpan validity)
{
CryptoKey key;
using (DSA dsa = new DSA(true))
{
key = new CryptoKey(dsa);
// Dispose the DSA key, the CryptoKey assignment increments the reference count
}
X509Certificate cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (cfg != null)
{
cfg.ApplyExtensions("v3_ca", cert, cert, null);
}
cert.Sign(key, MessageDigest.DSS1);
return(new X509CertificateAuthority(cert, key, seq, cfg));
}
/// <summary>
/// Process an X509Request. This includes creating a new X509Certificate
/// and signing this certificate with this CA's private key.
/// </summary>
/// <param name="request"></param>
/// <param name="startTime"></param>
/// <param name="endTime"></param>
/// <param name="cfg"></param>
/// <param name="section"></param>
/// <param name="digest"></param>
/// <returns></returns>
public X509Certificate ProcessRequest(
X509Request request,
DateTime startTime,
DateTime endTime,
Configuration cfg,
string section,
MessageDigest digest)
{
// using (var pkey = request.PublicKey)
// {
// if (!request.Verify(pkey))
// throw new Exception("Request signature validation failed");
// }
var cert = new X509Certificate(
serial.Next(),
request.Subject,
this.caCert.Subject,
request.PublicKey,
startTime,
endTime);
if (cfg != null)
{
cfg.ApplyExtensions(section, caCert, cert, request);
}
cert.Sign(caKey, digest);
return(cert);
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
IEnumerable <X509V3ExtensionValue> extensions)
{
var cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (extensions != null)
{
foreach (var extValue in extensions)
{
using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
{
cert.AddExtension(ext);
}
}
}
cert.Sign(key, digest);
return(new X509CertificateAuthority(cert, key, seq));
}
