private void tbPaste_TextChanged(object sender, EventArgs e) { try { parser = Pkcs10Parser.ReadRequestFromString(tbPaste.Text); if ((parser != null) && (rqstInfo())) { gbFile.Enabled = false; butSubmit.Enabled = true; } else { gbFile.Enabled = true; butSubmit.Enabled = false; } } catch (ApplicationException ex) { setStatus("Invalid request format", false); MessageBox.Show("Not a valid request format: " + ex.Message, "OSCA - Issue Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); gbFile.Enabled = true; butSubmit.Enabled = false; return; } }
private void tbPaste_TextChanged(object sender, EventArgs e) { // Hide the status string in case this is a second attempt lblStatusString.Visible = false; try { parser = Pkcs10Parser.ReadRequestFromString(tbPaste.Text); if ((parser != null) && (rqstInfo())) { gbFile.Enabled = false; butSubmit.Enabled = true; ckbProfile.Enabled = true; ckbOverride.Enabled = true; } else { gbFile.Enabled = true; butSubmit.Enabled = false; ckbProfile.Enabled = false; ckbOverride.Enabled = false; } } catch (ApplicationException ex) { setStatus("Invalid request format", false); MessageBox.Show("Not a valid request format: " + ex.Message, "OSCA - Rekey Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); gbFile.Enabled = true; butSubmit.Enabled = false; ckbProfile.Enabled = false; ckbOverride.Enabled = false; return; } }
private void butBrowse_Click(object sender, EventArgs e) { // Hide the status string in case this is a second attempt lblStatusString.Visible = false; openFileDialog.InitialDirectory = config.OscaFolder + "\\Requests"; DialogResult result = openFileDialog.ShowDialog(); if (result == DialogResult.OK) { string requestFile = openFileDialog.FileName; tbFile.Text = requestFile; try { parser = Pkcs10Parser.ReadRequestFromFile(requestFile); if ((parser != null) && (rqstInfo())) { gbPaste.Enabled = false; butSubmit.Enabled = true; ckbProfile.Enabled = true; ckbOverride.Enabled = true; } else { gbPaste.Enabled = true; butSubmit.Enabled = false; ckbProfile.Enabled = false; ckbOverride.Enabled = false; } } catch (ApplicationException ex) { setStatus("Invalid request format", false); MessageBox.Show("Not a valid request format: " + ex.Message, "OSCA - Rekey Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); gbPaste.Enabled = true; butSubmit.Enabled = false; ckbProfile.Enabled = false; ckbOverride.Enabled = false; return; } } }
/// <summary> /// Issues the certificate. /// </summary> /// <param name="request">The request.</param> /// <param name="profile">The profile</param> /// <param name="notBefore">The not before.</param> /// <param name="notAfter">The not after.</param> /// <returns> /// Certificate /// </returns> /// <exception cref="System.ArgumentException">Invalid signature algorithm in request</exception> /// <exception cref="System.ArgumentOutOfRangeException">Invalid lifetime units in ValidityPeriod</exception> private X509Certificate issueCertificate(Pkcs10CertificationRequest request, Profile.Profile profile, DateTime notBefore, DateTime notAfter) { X509Certificate newCert; string profileName = ""; // Parse the request Pkcs10Parser p10 = new Pkcs10Parser(request); // Check that correct sig algorithm has been used DerObjectIdentifier sigAlgOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm); if (!p10.SignatureAlgorithm.Equals(sigAlgOid)) { logEvent(LogEvent.EventType.Error, "Invalid signature algorithm in request: " + p10.SignatureAlgorithm.ToString()); throw new ArgumentException("Invalid signature algorithm in request", p10.SignatureAlgorithm.ToString()); } // Create a Cert Generator according to the FIPS 140 policy and CA Type ICertGen certGen; if ((fips140) && (type == CA_Type.dhTA.ToString())) { certGen = new SysV1CertGen(); } else if ((fips140) && (type != CA_Type.dhTA.ToString())) { certGen = new SysV3CertGen(policyEnforcement); } else { certGen = new BcV3CertGen(policyEnforcement); } // Setup the certificate certGen.SetSerialNumber(nextCertSerial()); certGen.SetIssuerDN(caCertificate.SubjectDN); certGen.SetSubjectDN(p10.Subject); certGen.SetPublicKey(p10.PublicKey); certGen.SetSignatureAlgorithm(signatureAlgorithm); if (certGen.GetVersion() == X509ver.V3) { ((V3CertGen)certGen).AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate.GetPublicKey())); ((V3CertGen)certGen).AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(p10.PublicKey)); } // Add further extensions either from profile or request attributes // If a profile is specified ignore all attributes apart from SubjAltName if (profile != null) { // Add in SubjAltName if there is one if ((p10.SubjectAltNames != null) && (certGen.GetVersion() == X509ver.V3)) { bool critical = p10.IsCritical(X509Extensions.SubjectAlternativeName); ((V3CertGen)certGen).AddExtension(X509Extensions.SubjectAlternativeName, critical, p10.SubjectAltNames); } // Capture the profile name for database profileName = profile.Name; // cut the cert newCert = generate(certGen, profile, notBefore, notAfter); } else // No profile { // Set the validity period certGen.SetNotBefore(notBefore.ToUniversalTime()); certGen.SetNotAfter(notAfter.ToUniversalTime()); // Do what it says in the request newCert = generate(certGen, p10.Extensions); } // Add certificate to the CA DB Database.AddCertificate(newCert, request.GetDerEncoded(), profileName, dbFileLocation, caCertificate, cspParam); logEvent(LogEvent.EventType.DBAddCert, "DB: Certificate added: " + newCert.SerialNumber.ToString()); return(newCert); }
/// <summary> /// Create an OSCA Profile using a PKCS#10 Certificate Request /// </summary> /// <param name="Request">PKCS#10 Certificate Request</param> /// <returns></returns> public static Profile FromPkcs10Request(Pkcs10CertificationRequest Request) { Pkcs10Parser parser = new Pkcs10Parser(Request); return(new Profile(parser.Extensions)); }