public CertVaultCertificate(CertVault vault, CertificateStore store, CertVaultCertType certType)
{
if (certType != CertVaultCertType.DefaultCert)
{
throw new ArgumentException("certType != CertVaultCertType.Default");
}
this.Vault = vault;
this.Store = store;
this.CertType = certType;
}
public CertVault(DirectoryPath baseDir, CertVaultSettings?defaultSettings = null, CertificateStore?defaultCertificate = null, TcpIpSystem?tcpIp = null, bool isGlobalVault = false)
{
try
{
Util.PutGitIgnoreFileOnDirectory(baseDir, flags: FileFlags.AutoCreateDirectory);
this.AutoGeneratingRootCA = DevTools.CoresDebugCACert.PkiCertificateStore;
this.DefaultCertificate = defaultCertificate;
this.TcpIp = tcpIp ?? LocalNet;
this.IsGlobalCertVault = isGlobalVault;
if (defaultSettings == null)
{
defaultSettings = new CertVaultSettings(EnsureSpecial.Yes);
}
this.DefaultSettings = (CertVaultSettings)defaultSettings.Clone();
this.BaseDir = baseDir;
this.StaticDir = this.BaseDir.GetSubDirectory("StaticCerts");
this.AcmeDir = this.BaseDir.GetSubDirectory("AcmeCerts");
this.AutoGeneratedDir = this.BaseDir.GetSubDirectory("AutoGeneratedCerts");
this.SettingsFilePath = this.BaseDir.Combine(Consts.FileNames.CertVault_Settings);
this.AcmeAccountKeyFilePath = this.AcmeDir.Combine(Consts.FileNames.CertVault_AcmeAccountKey);
this.AcmeCertKeyFilePath = this.AcmeDir.Combine(Consts.FileNames.CertVault_AcmeCertKey);
this.CertificateSelectorCache = new SyncCache <string, CertificateStore>(CoresConfig.CertVaultSettings.CertificateSelectorCacheLifetime, CacheFlags.IgnoreUpdateError, hostname => this.SelectBestFitCertificate(hostname, out _, false));
this.CertificateSelectorCache_NoAcme = new SyncCache <string, CertificateStore>(CoresConfig.CertVaultSettings.CertificateSelectorCacheLifetime, CacheFlags.IgnoreUpdateError, hostname => this.SelectBestFitCertificate(hostname, out _, true));
Reload();
this.StartMainLoop(MainLoopAsync);
}
catch (Exception ex)
{
this._DisposeSafe();
ex._Debug();
throw;
}
}
async Task AcmeIssueAsync(AcmeAccount account, string fqdn, FilePath crtFileName, CancellationToken cancel)
{
cancel.ThrowIfCancellationRequested();
AcmeOrder order = await account.NewOrderAsync(fqdn, cancel);
if (this.IsGlobalCertVault)
{
GlobalCertVault.SetAcmeAccountForChallengeResponse(account);
}
CertificateStore store = await order.FinalizeAsync(this.AcmeCertKey !, cancel);
IsAcmeCertUpdated = true;
store.ExportChainedPem(out ReadOnlyMemory <byte> certData, out _);
crtFileName.WriteDataToFile(certData, additionalFlags: FileFlags.AutoCreateDirectory);
}
// 上位 CA によって署名されている証明書の作成
public Certificate(PrivKey thisCertPrivateKey, CertificateStore parentCertificate, CertificateOptions options, CertificateOptions?alternativeIssuerDN = null)
{
X509Name name = options.GenerateName();
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
gen.SetSerialNumber(new BigInteger(options.Serial.ToArray()));
if (alternativeIssuerDN == null)
{
gen.SetIssuerDN(parentCertificate.PrimaryCertificate.CertData.IssuerDN);
}
else
{
gen.SetIssuerDN(alternativeIssuerDN.GenerateName());
}
gen.SetSubjectDN(name);
gen.SetNotBefore(DateTime.Now.AddDays(-1));
gen.SetNotAfter(options.Expires.UtcDateTime);
gen.SetPublicKey(thisCertPrivateKey.PublicKey.PublicKeyData);
X509Extension extConst = new X509Extension(true, new DerOctetString(new BasicConstraints(false)));
gen.AddExtension(X509Extensions.BasicConstraints, true, extConst.GetParsedValue());
X509Extension extBasicUsage = new X509Extension(false, new DerOctetString(new KeyUsage(options.KeyUsages)));
gen.AddExtension(X509Extensions.KeyUsage, false, extBasicUsage.GetParsedValue());
X509Extension extExtendedUsage = new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(options.ExtendedKeyUsages)));
gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extExtendedUsage.GetParsedValue());
X509Extension altName = new X509Extension(false, new DerOctetString(options.GenerateAltNames()));
gen.AddExtension(X509Extensions.SubjectAlternativeName, false, altName.GetParsedValue());
this.CertData = gen.Generate(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), parentCertificate.PrimaryPrivateKey.PrivateKeyData.Private, PkiUtil.NewSecureRandom()));
InitFields();
}
