public CertVaultCertificate(CertVault vault, CertificateStore store, CertVaultCertType certType) { if (certType != CertVaultCertType.DefaultCert) { throw new ArgumentException("certType != CertVaultCertType.Default"); } this.Vault = vault; this.Store = store; this.CertType = certType; }
public CertVault(DirectoryPath baseDir, CertVaultSettings?defaultSettings = null, CertificateStore?defaultCertificate = null, TcpIpSystem?tcpIp = null, bool isGlobalVault = false) { try { Util.PutGitIgnoreFileOnDirectory(baseDir, flags: FileFlags.AutoCreateDirectory); this.AutoGeneratingRootCA = DevTools.CoresDebugCACert.PkiCertificateStore; this.DefaultCertificate = defaultCertificate; this.TcpIp = tcpIp ?? LocalNet; this.IsGlobalCertVault = isGlobalVault; if (defaultSettings == null) { defaultSettings = new CertVaultSettings(EnsureSpecial.Yes); } this.DefaultSettings = (CertVaultSettings)defaultSettings.Clone(); this.BaseDir = baseDir; this.StaticDir = this.BaseDir.GetSubDirectory("StaticCerts"); this.AcmeDir = this.BaseDir.GetSubDirectory("AcmeCerts"); this.AutoGeneratedDir = this.BaseDir.GetSubDirectory("AutoGeneratedCerts"); this.SettingsFilePath = this.BaseDir.Combine(Consts.FileNames.CertVault_Settings); this.AcmeAccountKeyFilePath = this.AcmeDir.Combine(Consts.FileNames.CertVault_AcmeAccountKey); this.AcmeCertKeyFilePath = this.AcmeDir.Combine(Consts.FileNames.CertVault_AcmeCertKey); this.CertificateSelectorCache = new SyncCache <string, CertificateStore>(CoresConfig.CertVaultSettings.CertificateSelectorCacheLifetime, CacheFlags.IgnoreUpdateError, hostname => this.SelectBestFitCertificate(hostname, out _, false)); this.CertificateSelectorCache_NoAcme = new SyncCache <string, CertificateStore>(CoresConfig.CertVaultSettings.CertificateSelectorCacheLifetime, CacheFlags.IgnoreUpdateError, hostname => this.SelectBestFitCertificate(hostname, out _, true)); Reload(); this.StartMainLoop(MainLoopAsync); } catch (Exception ex) { this._DisposeSafe(); ex._Debug(); throw; } }
async Task AcmeIssueAsync(AcmeAccount account, string fqdn, FilePath crtFileName, CancellationToken cancel) { cancel.ThrowIfCancellationRequested(); AcmeOrder order = await account.NewOrderAsync(fqdn, cancel); if (this.IsGlobalCertVault) { GlobalCertVault.SetAcmeAccountForChallengeResponse(account); } CertificateStore store = await order.FinalizeAsync(this.AcmeCertKey !, cancel); IsAcmeCertUpdated = true; store.ExportChainedPem(out ReadOnlyMemory <byte> certData, out _); crtFileName.WriteDataToFile(certData, additionalFlags: FileFlags.AutoCreateDirectory); }
// 上位 CA によって署名されている証明書の作成 public Certificate(PrivKey thisCertPrivateKey, CertificateStore parentCertificate, CertificateOptions options, CertificateOptions?alternativeIssuerDN = null) { X509Name name = options.GenerateName(); X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.SetSerialNumber(new BigInteger(options.Serial.ToArray())); if (alternativeIssuerDN == null) { gen.SetIssuerDN(parentCertificate.PrimaryCertificate.CertData.IssuerDN); } else { gen.SetIssuerDN(alternativeIssuerDN.GenerateName()); } gen.SetSubjectDN(name); gen.SetNotBefore(DateTime.Now.AddDays(-1)); gen.SetNotAfter(options.Expires.UtcDateTime); gen.SetPublicKey(thisCertPrivateKey.PublicKey.PublicKeyData); X509Extension extConst = new X509Extension(true, new DerOctetString(new BasicConstraints(false))); gen.AddExtension(X509Extensions.BasicConstraints, true, extConst.GetParsedValue()); X509Extension extBasicUsage = new X509Extension(false, new DerOctetString(new KeyUsage(options.KeyUsages))); gen.AddExtension(X509Extensions.KeyUsage, false, extBasicUsage.GetParsedValue()); X509Extension extExtendedUsage = new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(options.ExtendedKeyUsages))); gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extExtendedUsage.GetParsedValue()); X509Extension altName = new X509Extension(false, new DerOctetString(options.GenerateAltNames())); gen.AddExtension(X509Extensions.SubjectAlternativeName, false, altName.GetParsedValue()); this.CertData = gen.Generate(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), parentCertificate.PrimaryPrivateKey.PrivateKeyData.Private, PkiUtil.NewSecureRandom())); InitFields(); }