private static byte[][] EncodeValidityField(DateTimeOffset validityField, string propertyName)
{
/* https://tools.ietf.org/html/rfc3280#section-4.1.2.5
* 4.1.2.5 Validity
*
* The certificate validity period is the time interval during which the
* CA warrants that it will maintain information about the status of the
* certificate. The field is represented as a SEQUENCE of two dates:
* the date on which the certificate validity period begins (notBefore)
* and the date on which the certificate validity period ends
* (notAfter). Both notBefore and notAfter may be encoded as UTCTime or
* GeneralizedTime.
*
* CAs conforming to this profile MUST always encode certificate
* validity dates through the year 2049 as UTCTime; certificate validity
* dates in 2050 or later MUST be encoded as GeneralizedTime.
*
* The validity period for a certificate is the period of time from
* notBefore through notAfter, inclusive.
*/
DateTime utcValue = validityField.UtcDateTime;
// On the one hand, GeneralizedTime easily goes back to 1000, and possibly to 0000;
// but on the other, dates before computers are just a bit beyond the pale.
if (utcValue.Year < 1950)
{
throw new ArgumentOutOfRangeException(propertyName, utcValue, SR.GetString(SR.Cryptography_CertReq_DateTooOld));
}
// Since the date encoding is effectively a DER rule (ensuring that two encoders
// produce the same result), no option exists to encode the validity field as a
// GeneralizedTime when it fits in the UTCTime constraint.
if (utcValue.Year < 2050)
{
return(DerEncoder.SegmentedEncodeUtcTime(utcValue));
}
return(DerEncoder.SegmentedEncodeGeneralizedTime(utcValue));
}
