void processCrlNumberExtension() { /* the following rules apply: * 3. if CrlNumberIncrement is greater than zero and there is no CRL Number extension in existing CRL, * CrlNumberIncrement is set as CRL Number extension value. * 4. if CrlNumberIncrement is greater than zero and there is existing CRL Number extension in existing CRL, * CRL Number in existing extension is incremented by CrlNumberIncrement. * 5. if CrlNumberIncrement is zero or negative, no CRL Number extension is added. */ BigInteger newCrlVersion = 0; X509Extension crlNumberExt = _extensions.FirstOrDefault(x => x.Oid.Value == X509CertExtensions.X509CRLNumber); if (crlNumberExt != null) { newCrlVersion = ((X509CRLNumberExtension)crlNumberExt).CRLNumber + CrlNumberIncrement; } if (CrlNumberIncrement > 0) { GenericArray.RemoveExtension(_extensions, X509CertExtensions.X509CRLNumber); crlNumberExt = new X509CRLNumberExtension(newCrlVersion, false); _extensions.Add(crlNumberExt); } }
void generateExtensions(X509Certificate2 issuer) { /* the following rules apply: * 1. remove CA Version and AKI extensions from existing extension list * 2. generate them from issuer certificate. If absent, generate them dynamically. * 3. if CrlNumberIncrement is greater than zero and there is no CRL Number extension in existing CRL, * CrlNumberIncrement is set as CRL Number extension value. * 4. if CrlNumberIncrement is greater than zero and there is existing CRL Number extension in existing CRL, * CRL Number in existing extesnsion is incremented by CrlNumberIncrement. * 5. if CrlNumberIncrement is zero or negative, no CRL Number extension is added. */ GenericArray.RemoveExtension(_extensions, X509CertExtensions.X509AuthorityKeyIdentifier); // AKI generation _extensions.Add(new X509AuthorityKeyIdentifierExtension(issuer, AuthorityKeyIdentifierFlags.KeyIdentifier, false)); GenericArray.RemoveExtension(_extensions, X509CertExtensions.X509CAVersion); // CA Version copy X509Extension e = issuer.Extensions[X509CertExtensions.X509CAVersion]; if (e != null) { _extensions.Add(e); } BigInteger newCrlVersion = 0; X509Extension crlNumberExt = _extensions.FirstOrDefault(x => x.Oid.Value == X509CertExtensions.X509CRLNumber); if (crlNumberExt != null) { newCrlVersion = ((X509CRLNumberExtension)crlNumberExt).CRLNumber + CrlNumberIncrement; } if (CrlNumberIncrement > 0) { GenericArray.RemoveExtension(_extensions, X509CertExtensions.X509CRLNumber); crlNumberExt = new X509CRLNumberExtension(newCrlVersion, false); _extensions.Add(crlNumberExt); } }