public static TimestampService Create(
CertificateAuthority certificateAuthority,
TimestampServiceOptions serviceOptions = null)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
serviceOptions = serviceOptions ?? new TimestampServiceOptions();
var keyPair = CertificateUtilities.CreateKeyPair();
var id = Guid.NewGuid().ToString();
var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Timestamp Service ({id})");
Action <X509V3CertificateGenerator> customizeCertificate = generator =>
{
generator.AddExtension(
X509Extensions.AuthorityInfoAccess,
critical: false,
extensionValue: new DerSequence(
new AccessDescription(AccessDescription.IdADOcsp,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.OcspResponderUri.OriginalString)),
new AccessDescription(AccessDescription.IdADCAIssuers,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.CertificateUri.OriginalString))));
generator.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
critical: false,
extensionValue: new AuthorityKeyIdentifierStructure(certificateAuthority.Certificate));
generator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
critical: false,
extensionValue: new SubjectKeyIdentifierStructure(keyPair.Public));
generator.AddExtension(
X509Extensions.BasicConstraints,
critical: true,
extensionValue: new BasicConstraints(cA: false));
generator.AddExtension(
X509Extensions.KeyUsage,
critical: true,
extensionValue: new KeyUsage(KeyUsage.DigitalSignature));
generator.AddExtension(
X509Extensions.ExtendedKeyUsage,
critical: true,
extensionValue: ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
};
var issueOptions = new IssueCertificateOptions()
{
KeyPair = keyPair,
SubjectName = subjectName,
CustomizeCertificate = customizeCertificate
};
var certificate = certificateAuthority.IssueCertificate(issueOptions);
var uri = certificateAuthority.GenerateRandomUri();
return(new TimestampService(certificateAuthority, certificate, keyPair, uri, serviceOptions));
}
public static OcspResponder Create(
CertificateAuthority certificateAuthority,
OcspResponderOptions options = null)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
options = options ?? new OcspResponderOptions();
return(new OcspResponder(certificateAuthority, options));
}
private TimestampService(
CertificateAuthority certificateAuthority,
X509Certificate certificate,
AsymmetricCipherKeyPair keyPair,
Uri uri)
{
CertificateAuthority = certificateAuthority;
Certificate = certificate;
_keyPair = keyPair;
Url = uri;
_serialNumbers = new HashSet <BigInteger>();
_nextSerialNumber = BigInteger.One;
}
internal OcspResponder(CertificateAuthority certificateAuthority, Uri uri)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
CertificateAuthority = certificateAuthority;
Url = uri;
}
private CertificateAuthority(
X509Certificate certificate,
AsymmetricCipherKeyPair keyPair,
Uri sharedUri,
CertificateAuthority parentCa)
{
Certificate = certificate;
KeyPair = keyPair;
SharedUri = sharedUri;
Url = GenerateRandomUri();
var fingerprint = CertificateUtilities.GenerateFingerprint(certificate);
CertificateUri = new Uri(Url, $"{fingerprint}.cer");
OcspResponderUri = GenerateRandomUri();
Parent = parentCa;
_nextSerialNumber = certificate.SerialNumber.Add(BigInteger.One);
_issuedCertificates = new Dictionary <BigInteger, X509Certificate>();
_revokedCertificates = new Dictionary <BigInteger, RevocationInfo>();
_ocspResponder = new Lazy <OcspResponder>(() => OcspResponder.Create(this));
}
private OcspResponder(CertificateAuthority certificateAuthority, OcspResponderOptions options)
{
CertificateAuthority = certificateAuthority;
Url = certificateAuthority.OcspResponderUri;
_options = options;
}
public static TimestampService Create(
CertificateAuthority certificateAuthority,
TimestampServiceOptions serviceOptions = null,
IssueCertificateOptions issueCertificateOptions = null)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
serviceOptions = serviceOptions ?? new TimestampServiceOptions();
if (issueCertificateOptions == null)
{
issueCertificateOptions = IssueCertificateOptions.CreateDefaultForTimestampService();
}
void customizeCertificate(X509V3CertificateGenerator generator)
{
generator.AddExtension(
X509Extensions.AuthorityInfoAccess,
critical: false,
extensionValue: new DerSequence(
new AccessDescription(AccessDescription.IdADOcsp,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.OcspResponderUri.OriginalString)),
new AccessDescription(AccessDescription.IdADCAIssuers,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.CertificateUri.OriginalString))));
generator.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
critical: false,
extensionValue: new AuthorityKeyIdentifierStructure(certificateAuthority.Certificate));
generator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
critical: false,
extensionValue: new SubjectKeyIdentifierStructure(issueCertificateOptions.KeyPair.Public));
generator.AddExtension(
X509Extensions.BasicConstraints,
critical: true,
extensionValue: new BasicConstraints(cA: false));
generator.AddExtension(
X509Extensions.KeyUsage,
critical: true,
extensionValue: new KeyUsage(KeyUsage.DigitalSignature));
generator.AddExtension(
X509Extensions.ExtendedKeyUsage,
critical: true,
extensionValue: ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
}
if (issueCertificateOptions.CustomizeCertificate == null)
{
issueCertificateOptions.CustomizeCertificate = customizeCertificate;
}
if (serviceOptions.IssuedCertificateNotBefore.HasValue)
{
issueCertificateOptions.NotBefore = serviceOptions.IssuedCertificateNotBefore.Value;
}
if (serviceOptions.IssuedCertificateNotAfter.HasValue)
{
issueCertificateOptions.NotAfter = serviceOptions.IssuedCertificateNotAfter.Value;
}
var certificate = certificateAuthority.IssueCertificate(issueCertificateOptions);
var uri = certificateAuthority.GenerateRandomUri();
return(new TimestampService(certificateAuthority, certificate, issueCertificateOptions.KeyPair, uri, serviceOptions));
}
