public void CanAddExtensions()
{
X509V3ExtensionList extList = new X509V3ExtensionList();
extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));
DateTime start = DateTime.Now;
DateTime end = start + TimeSpan.FromMinutes(10);
CryptoKey key = new CryptoKey(new DSA(true));
using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) {
foreach (X509V3ExtensionValue extValue in extList) {
using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) {
cert.AddExtension(ext);
}
}
foreach (X509Extension ext in cert.Extensions) {
Console.WriteLine(ext);
}
Assert.AreEqual(extList.Count, cert.Extensions.Count);
}
}
public void CanAddRequestExtensions()
{
var extList = new List<X509V3ExtensionValue> {
new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"),
new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
};
var start = DateTime.Now;
var end = start + TimeSpan.FromMinutes(10);
using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY))))
using (var request = new X509Request(1,new X509Name("foo"),key))
{
OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>();
foreach (var extValue in extList)
{
using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value))
{
Console.WriteLine(ext);
extensions.Add(ext);
}
}
request.AddExtensions(extensions);
Assert.AreEqual(EXPECTED_CERT, request.PEM);
}
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
IEnumerable<X509V3ExtensionValue> extensions)
{
var cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (extensions != null)
{
foreach (var extValue in extensions)
{
using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
{
cert.AddExtension(ext);
}
}
}
cert.Sign(key, digest);
return new X509CertificateAuthority(cert, key, seq);
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
X509V3ExtensionList extensions)
{
X509Certificate cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (null != extensions)
{
foreach (X509V3ExtensionValue extValue in extensions)
{
X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value);
cert.AddExtension(ext);
}
}
cert.Sign(key, digest);
return new X509CertificateAuthority(cert, key, seq, null);
}
/// <summary>
/// Calls X509_add_ext()
/// </summary>
/// <param name="ext"></param>
public void AddExtension(X509Extension ext)
{
Native.ExpectSuccess(Native.X509_add_ext(ptr, ext.Handle, -1));
}
