private void tbPaste_TextChanged(object sender, EventArgs e)
{
try
{
parser = Pkcs10Parser.ReadRequestFromString(tbPaste.Text);
if ((parser != null) && (rqstInfo()))
{
gbFile.Enabled = false;
butSubmit.Enabled = true;
}
else
{
gbFile.Enabled = true;
butSubmit.Enabled = false;
}
}
catch (ApplicationException ex)
{
setStatus("Invalid request format", false);
MessageBox.Show("Not a valid request format: " + ex.Message, "OSCA - Issue Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
gbFile.Enabled = true;
butSubmit.Enabled = false;
return;
}
}
private void tbPaste_TextChanged(object sender, EventArgs e)
{
// Hide the status string in case this is a second attempt
lblStatusString.Visible = false;
try
{
parser = Pkcs10Parser.ReadRequestFromString(tbPaste.Text);
if ((parser != null) && (rqstInfo()))
{
gbFile.Enabled = false;
butSubmit.Enabled = true;
ckbProfile.Enabled = true;
ckbOverride.Enabled = true;
}
else
{
gbFile.Enabled = true;
butSubmit.Enabled = false;
ckbProfile.Enabled = false;
ckbOverride.Enabled = false;
}
}
catch (ApplicationException ex)
{
setStatus("Invalid request format", false);
MessageBox.Show("Not a valid request format: " + ex.Message, "OSCA - Rekey Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
gbFile.Enabled = true;
butSubmit.Enabled = false;
ckbProfile.Enabled = false;
ckbOverride.Enabled = false;
return;
}
}
private void butBrowse_Click(object sender, EventArgs e)
{
// Hide the status string in case this is a second attempt
lblStatusString.Visible = false;
openFileDialog.InitialDirectory = config.OscaFolder + "\\Requests";
DialogResult result = openFileDialog.ShowDialog();
if (result == DialogResult.OK)
{
string requestFile = openFileDialog.FileName;
tbFile.Text = requestFile;
try
{
parser = Pkcs10Parser.ReadRequestFromFile(requestFile);
if ((parser != null) && (rqstInfo()))
{
gbPaste.Enabled = false;
butSubmit.Enabled = true;
ckbProfile.Enabled = true;
ckbOverride.Enabled = true;
}
else
{
gbPaste.Enabled = true;
butSubmit.Enabled = false;
ckbProfile.Enabled = false;
ckbOverride.Enabled = false;
}
}
catch (ApplicationException ex)
{
setStatus("Invalid request format", false);
MessageBox.Show("Not a valid request format: " + ex.Message, "OSCA - Rekey Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
gbPaste.Enabled = true;
butSubmit.Enabled = false;
ckbProfile.Enabled = false;
ckbOverride.Enabled = false;
return;
}
}
}
/// <summary>
/// Issues the certificate.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="profile">The profile</param>
/// <param name="notBefore">The not before.</param>
/// <param name="notAfter">The not after.</param>
/// <returns>
/// Certificate
/// </returns>
/// <exception cref="System.ArgumentException">Invalid signature algorithm in request</exception>
/// <exception cref="System.ArgumentOutOfRangeException">Invalid lifetime units in ValidityPeriod</exception>
private X509Certificate issueCertificate(Pkcs10CertificationRequest request, Profile.Profile profile, DateTime notBefore, DateTime notAfter)
{
X509Certificate newCert;
string profileName = "";
// Parse the request
Pkcs10Parser p10 = new Pkcs10Parser(request);
// Check that correct sig algorithm has been used
DerObjectIdentifier sigAlgOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
if (!p10.SignatureAlgorithm.Equals(sigAlgOid))
{
logEvent(LogEvent.EventType.Error, "Invalid signature algorithm in request: " + p10.SignatureAlgorithm.ToString());
throw new ArgumentException("Invalid signature algorithm in request", p10.SignatureAlgorithm.ToString());
}
// Create a Cert Generator according to the FIPS 140 policy and CA Type
ICertGen certGen;
if ((fips140) && (type == CA_Type.dhTA.ToString()))
{
certGen = new SysV1CertGen();
}
else if ((fips140) && (type != CA_Type.dhTA.ToString()))
{
certGen = new SysV3CertGen(policyEnforcement);
}
else
{
certGen = new BcV3CertGen(policyEnforcement);
}
// Setup the certificate
certGen.SetSerialNumber(nextCertSerial());
certGen.SetIssuerDN(caCertificate.SubjectDN);
certGen.SetSubjectDN(p10.Subject);
certGen.SetPublicKey(p10.PublicKey);
certGen.SetSignatureAlgorithm(signatureAlgorithm);
if (certGen.GetVersion() == X509ver.V3)
{
((V3CertGen)certGen).AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate.GetPublicKey()));
((V3CertGen)certGen).AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(p10.PublicKey));
}
// Add further extensions either from profile or request attributes
// If a profile is specified ignore all attributes apart from SubjAltName
if (profile != null)
{
// Add in SubjAltName if there is one
if ((p10.SubjectAltNames != null) && (certGen.GetVersion() == X509ver.V3))
{
bool critical = p10.IsCritical(X509Extensions.SubjectAlternativeName);
((V3CertGen)certGen).AddExtension(X509Extensions.SubjectAlternativeName, critical, p10.SubjectAltNames);
}
// Capture the profile name for database
profileName = profile.Name;
// cut the cert
newCert = generate(certGen, profile, notBefore, notAfter);
}
else // No profile
{
// Set the validity period
certGen.SetNotBefore(notBefore.ToUniversalTime());
certGen.SetNotAfter(notAfter.ToUniversalTime());
// Do what it says in the request
newCert = generate(certGen, p10.Extensions);
}
// Add certificate to the CA DB
Database.AddCertificate(newCert, request.GetDerEncoded(), profileName, dbFileLocation, caCertificate, cspParam);
logEvent(LogEvent.EventType.DBAddCert, "DB: Certificate added: " + newCert.SerialNumber.ToString());
return(newCert);
}
/// <summary>
/// Create an OSCA Profile using a PKCS#10 Certificate Request
/// </summary>
/// <param name="Request">PKCS#10 Certificate Request</param>
/// <returns></returns>
public static Profile FromPkcs10Request(Pkcs10CertificationRequest Request)
{
Pkcs10Parser parser = new Pkcs10Parser(Request);
return(new Profile(parser.Extensions));
}
