public virtual async Task <X509Certificate2> CreateCACertificateAsync(
string subjectName
)
{
DateTime yesterday = DateTime.Today.AddDays(-1);
X509Certificate2 newCertificate = CertificateFactory.CreateCertificate(subjectName)
.SetNotBefore(yesterday)
.SetLifeTime(Configuration.CACertificateLifetime)
.SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.CACertificateHashSize))
.SetCAConstraint()
.SetRSAKeySize(Configuration.CACertificateKeySize)
.CreateForRSA()
.AddToStore(
m_authoritiesStoreType,
m_authoritiesStorePath);
// save only public key
Certificate = new X509Certificate2(newCertificate.RawData);
// initialize revocation list
await RevokeCertificateAsync(m_authoritiesStorePath, newCertificate, null).ConfigureAwait(false);
await UpdateAuthorityCertInTrustedList().ConfigureAwait(false);
return(Certificate);
}
public virtual async Task <X509Certificate2> SigningRequestAsync(
ApplicationRecordDataType application,
string[] domainNames,
byte[] certificateRequest)
{
try
{
var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest);
if (!pkcs10CertificationRequest.Verify())
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid.");
}
var info = pkcs10CertificationRequest.GetCertificationRequestInfo();
var altNameExtension = GetAltNameExtensionFromCSRInfo(info);
if (altNameExtension != null)
{
if (altNameExtension.Uris.Count > 0)
{
if (!altNameExtension.Uris.Contains(application.ApplicationUri))
{
throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid,
"CSR AltNameExtension does not match " + application.ApplicationUri);
}
}
if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0)
{
var domainNameList = new List <string>();
domainNameList.AddRange(altNameExtension.DomainNames);
domainNameList.AddRange(altNameExtension.IPAddresses);
domainNames = domainNameList.ToArray();
}
}
DateTime yesterday = DateTime.Today.AddDays(-1);
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false))
{
return(CertificateFactory.CreateCertificate(
application.ApplicationUri,
null,
info.Subject.ToString(),
domainNames)
.SetNotBefore(yesterday)
.SetLifeTime(Configuration.DefaultCertificateLifetime)
.SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.DefaultCertificateHashSize))
.SetIssuer(signingKey)
.SetRSAPublicKey(info.SubjectPublicKeyInfo.GetEncoded())
.CreateForRSA());
}
}
catch (Exception ex)
{
if (ex is ServiceResultException)
{
throw ex as ServiceResultException;
}
throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message);
}
}
