/// <summary>
/// Creates a QWAC certificate on the fly
/// </summary>
/// <param name="request"></param>
/// <param name="privateKey"></param>
/// <returns></returns>
public X509Certificate2 CreateQWACs(Psd2CertificateRequest request, out RSA privateKey)
{
var notBefore = DateTimeOffset.UtcNow.AddDays(-1);
var notAfter = DateTimeOffset.UtcNow.AddDays(request.ValidityInDays);
var authorizationNumber = new NCAId(request.CountryCode, request.AuthorityId, request.AuthorizationNumber);
var subject = new SubjectBuilder().AddCommonName(request.CommonName)
.AddOrganization(request.Organization, request.OrganizationUnit)
.AddLocation(request.CountryCode, request.State, request.City)
.AddOrganizationIdentifier(authorizationNumber.ToString())
.Build();
var extensions = new List <X509Extension>();
var psd2Type = new Psd2CertificateAttributes()
{
AuthorityName = request.AuthorityName,
AuthorizationNumber = authorizationNumber,
HasAccountInformation = request.Roles.Aisp,
HasPaymentInitiation = request.Roles.Pisp,
HasIssuingOfCardBasedPaymentInstruments = request.Roles.Piisp,
HasAccountServicing = request.Roles.Aspsp,
};
var psd2Extension = new QualifiedCertificateStatementsExtension(psd2Type, critical: false);
extensions.Add(psd2Extension);
var certificate = CreateCertificate(CreateRootCACertificate(), subject, extensions, notBefore, notAfter, out privateKey);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
certificate.FriendlyName = "Qualified website authentication certificate QWAC";
}
return(certificate.CopyWithPrivateKey(privateKey));
}
/// <summary>
/// Creates a Certification Authority certificate on the fly with some madeup data in the subject. Use this as issuing cert for other self signed certificates
/// </summary>
/// <param name="diagnostics"></param>
/// <returns></returns>
public X509Certificate2 CreateRootCACertificate(DiagnosticInformation diagnostics = null)
{
var notBefore = DateTimeOffset.UtcNow.AddDays(-2);
var notAfter = DateTimeOffset.UtcNow.AddYears(5);
var subject = new SubjectBuilder().AddLocation("GR", "Attiki", "Athens")
.AddOrganization("Authority CA", "IT")
.AddCommonName("Authority CA Domain Name")
.AddEmail("*****@*****.**")
.Build();
var extensions = new List <X509Extension>();
var basicConstraints = new X509BasicConstraintsExtension(
certificateAuthority: true,
hasPathLengthConstraint: false,
pathLengthConstraint: 0,
critical: true);
extensions.Add(basicConstraints);
var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
certificate.FriendlyName = "Root CA";
}
return(certificate);
}
