/// <summary>
/// Intitializes a new instance of <strong>X509AuthorityKeyIdentifierExtension</strong> class from
/// an issuer certificate, extension generation flags an a value that identifies whether the extension
/// is critical.
/// </summary>
/// <param name="issuer">Issuer certificate which is used to construct the AKI extension.</param>
/// <param name="flags">
/// Indicates which issuer components are included in the AKI extension. If the value is zero (None),
/// then default <strong>KeyIdentifier</strong> component will be included.
/// </param>
/// <param name="critical"><strong>True</strong> if the extension is critical; otherwise, <strong>False</strong>.</param>
/// <exception cref="ArgumentNullException">
/// <strong>issuer</strong> parameter is null.
/// </exception>
/// <remarks>
/// If <strong>flags</strong> parameter contains <strong>AlternativeNames</strong> and issuer certificate
/// does not contain Subject Alternative Names (SAN) extension, <strong>AlternativeNames</strong> flags
/// is ignored. If <strong>AlternativeNames</strong> is the only flag, and SAN extension is missing, only
/// <strong>KeyIdentifier</strong> component will be included.
/// </remarks>
public X509AuthorityKeyIdentifierExtension(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical)
{
if (issuer == null || IntPtr.Zero.Equals(issuer.Handle))
{
throw new ArgumentNullException(nameof(issuer));
}
if (flags == AuthorityKeyIdentifierFlags.AlternativeNames && issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames] == null)
{
flags = AuthorityKeyIdentifierFlags.KeyIdentifier;
}
if (flags == AuthorityKeyIdentifierFlags.None)
{
flags |= AuthorityKeyIdentifierFlags.KeyIdentifier;
}
initializeFromCert(issuer, flags, critical);
}
void initializeFromCert(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical)
{
Oid = _oid;
Critical = critical;
IncludedComponents = AuthorityKeyIdentifierFlags.None;
// TODO rawData is not used
List <Byte> rawData = new List <Byte>();
if ((flags & AuthorityKeyIdentifierFlags.KeyIdentifier) > 0)
{
using (var hasher = SHA1.Create()) {
var hashbytes = hasher.ComputeHash(issuer.PublicKey.EncodedKeyValue.RawData);
KeyIdentifier = AsnFormatter.BinaryToString(hashbytes, EncodingType.HexRaw, EncodingFormat.NOCRLF);
rawData.AddRange(Asn1Utils.Encode(hashbytes, 0x80));
}
IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier;
}
if ((flags & AuthorityKeyIdentifierFlags.AlternativeNames) > 0)
{
X509Extension san = issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames];
Debug.Assert(san != null, "san != null");
AsnEncodedData encoded = new AsnEncodedData(san.RawData);
var sanExt = new X509SubjectAlternativeNamesExtension(encoded, false);
IssuerNames = sanExt.AlternativeNames;
IssuerNames.Close();
Asn1Reader asn = new Asn1Reader(san.RawData);
rawData.AddRange(Asn1Utils.Encode(asn.GetPayload(), 0x81));
IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames;
}
if ((flags & AuthorityKeyIdentifierFlags.SerialNumber) > 0)
{
SerialNumber = issuer.SerialNumber;
rawData.AddRange(Asn1Utils.Encode(issuer.GetSerialNumber().Reverse().ToArray(), 0x82));
IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber;
}
RawData = Asn1Utils.Encode(rawData.ToArray(), 48);
}
