/// <summary> /// Intitializes a new instance of <strong>X509AuthorityKeyIdentifierExtension</strong> class from /// an issuer certificate, extension generation flags an a value that identifies whether the extension /// is critical. /// </summary> /// <param name="issuer">Issuer certificate which is used to construct the AKI extension.</param> /// <param name="flags"> /// Indicates which issuer components are included in the AKI extension. If the value is zero (None), /// then default <strong>KeyIdentifier</strong> component will be included. /// </param> /// <param name="critical"><strong>True</strong> if the extension is critical; otherwise, <strong>False</strong>.</param> /// <exception cref="ArgumentNullException"> /// <strong>issuer</strong> parameter is null. /// </exception> /// <remarks> /// If <strong>flags</strong> parameter contains <strong>AlternativeNames</strong> and issuer certificate /// does not contain Subject Alternative Names (SAN) extension, <strong>AlternativeNames</strong> flags /// is ignored. If <strong>AlternativeNames</strong> is the only flag, and SAN extension is missing, only /// <strong>KeyIdentifier</strong> component will be included. /// </remarks> public X509AuthorityKeyIdentifierExtension(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical) { if (issuer == null || IntPtr.Zero.Equals(issuer.Handle)) { throw new ArgumentNullException(nameof(issuer)); } if (flags == AuthorityKeyIdentifierFlags.AlternativeNames && issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames] == null) { flags = AuthorityKeyIdentifierFlags.KeyIdentifier; } if (flags == AuthorityKeyIdentifierFlags.None) { flags |= AuthorityKeyIdentifierFlags.KeyIdentifier; } initializeFromCert(issuer, flags, critical); }
void initializeFromCert(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical) { Oid = _oid; Critical = critical; IncludedComponents = AuthorityKeyIdentifierFlags.None; // TODO rawData is not used List <Byte> rawData = new List <Byte>(); if ((flags & AuthorityKeyIdentifierFlags.KeyIdentifier) > 0) { using (var hasher = SHA1.Create()) { var hashbytes = hasher.ComputeHash(issuer.PublicKey.EncodedKeyValue.RawData); KeyIdentifier = AsnFormatter.BinaryToString(hashbytes, EncodingType.HexRaw, EncodingFormat.NOCRLF); rawData.AddRange(Asn1Utils.Encode(hashbytes, 0x80)); } IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier; } if ((flags & AuthorityKeyIdentifierFlags.AlternativeNames) > 0) { X509Extension san = issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames]; Debug.Assert(san != null, "san != null"); AsnEncodedData encoded = new AsnEncodedData(san.RawData); var sanExt = new X509SubjectAlternativeNamesExtension(encoded, false); IssuerNames = sanExt.AlternativeNames; IssuerNames.Close(); Asn1Reader asn = new Asn1Reader(san.RawData); rawData.AddRange(Asn1Utils.Encode(asn.GetPayload(), 0x81)); IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames; } if ((flags & AuthorityKeyIdentifierFlags.SerialNumber) > 0) { SerialNumber = issuer.SerialNumber; rawData.AddRange(Asn1Utils.Encode(issuer.GetSerialNumber().Reverse().ToArray(), 0x82)); IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber; } RawData = Asn1Utils.Encode(rawData.ToArray(), 48); }