public void Dispose()
{
if (RootCA != null)
{
RootCA.Dispose();
}
}
public void LoadCA(String PKCS12Filename)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch (Exception ex)
{
RootCA = null;
}
}
}
public void CreateCA(X509Name Name)
{
FileInfo caPkcs12 = new FileInfo(Path.Combine(certDir.FullName, Name.Common + ".pfx"));
if (caPkcs12.Exists)
{
caPkcs12.Delete();
}
if (RootCA != null)
{
RootCA.Dispose();
}
// Create a root certificate authority which will have a self signed certificate.
RootCA = X509CertificateAuthority.SelfSigned(cfg, new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA256, Name, DateTime.Now, (DateTime.Now.AddYears(10) - DateTime.Now));
BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate);
}
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch
{
RootCA = null;
}
}
if (RootCA == null)
{
X509V3ExtensionList ext = new X509V3ExtensionList();
ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate"));
ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true"));
//ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash"));
ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always"));
if (altNames != null)
{
foreach (Uri u in altNames.Uri)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
}
foreach (String m in altNames.Mail)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m));
}
foreach (String s in altNames.Dns)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s));
}
foreach (String s in altNames.Text)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
}
}
RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext);
BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate);
}
}
