public virtual async Task <X509Certificate2> CreateCACertificateAsync(
            string subjectName
            )
        {
            DateTime         yesterday      = DateTime.Today.AddDays(-1);
            X509Certificate2 newCertificate = CertificateFactory.CreateCertificate(subjectName)
                                              .SetNotBefore(yesterday)
                                              .SetLifeTime(Configuration.CACertificateLifetime)
                                              .SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.CACertificateHashSize))
                                              .SetCAConstraint()
                                              .SetRSAKeySize(Configuration.CACertificateKeySize)
                                              .CreateForRSA()
                                              .AddToStore(
                m_authoritiesStoreType,
                m_authoritiesStorePath);

            // save only public key
            Certificate = new X509Certificate2(newCertificate.RawData);

            // initialize revocation list
            await RevokeCertificateAsync(m_authoritiesStorePath, newCertificate, null).ConfigureAwait(false);

            await UpdateAuthorityCertInTrustedList().ConfigureAwait(false);

            return(Certificate);
        }
        public virtual async Task <X509Certificate2> SigningRequestAsync(
            ApplicationRecordDataType application,
            string[] domainNames,
            byte[] certificateRequest)
        {
            try
            {
                var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest);

                if (!pkcs10CertificationRequest.Verify())
                {
                    throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid.");
                }

                var info             = pkcs10CertificationRequest.GetCertificationRequestInfo();
                var altNameExtension = GetAltNameExtensionFromCSRInfo(info);
                if (altNameExtension != null)
                {
                    if (altNameExtension.Uris.Count > 0)
                    {
                        if (!altNameExtension.Uris.Contains(application.ApplicationUri))
                        {
                            throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid,
                                                             "CSR AltNameExtension does not match " + application.ApplicationUri);
                        }
                    }

                    if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0)
                    {
                        var domainNameList = new List <string>();
                        domainNameList.AddRange(altNameExtension.DomainNames);
                        domainNameList.AddRange(altNameExtension.IPAddresses);
                        domainNames = domainNameList.ToArray();
                    }
                }

                DateTime yesterday = DateTime.Today.AddDays(-1);
                using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false))
                {
                    return(CertificateFactory.CreateCertificate(
                               application.ApplicationUri,
                               null,
                               info.Subject.ToString(),
                               domainNames)
                           .SetNotBefore(yesterday)
                           .SetLifeTime(Configuration.DefaultCertificateLifetime)
                           .SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.DefaultCertificateHashSize))
                           .SetIssuer(signingKey)
                           .SetRSAPublicKey(info.SubjectPublicKeyInfo.GetEncoded())
                           .CreateForRSA());
                }
            }
            catch (Exception ex)
            {
                if (ex is ServiceResultException)
                {
                    throw ex as ServiceResultException;
                }
                throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message);
            }
        }