/// <summary>
/// Process and X509Request. This includes creating a new X509Certificate
/// and signing this certificate with this CA's private key.
/// </summary>
/// <param name="request"></param>
/// <param name="startTime"></param>
/// <param name="endTime"></param>
/// <param name="digest"></param>
/// <returns></returns>
public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime, MessageDigest digest)
{
//using (CryptoKey pkey = request.PublicKey)
//{
// if (!request.Verify(pkey))
// throw new Exception("Request signature validation failed");
//}
X509Certificate cert = new X509Certificate(
serial.Next(),
request.Subject,
this.caCert.Subject,
request.PublicKey,
startTime,
endTime);
if (this.cfg != null)
{
this.cfg.ApplyExtensions("v3_ca", this.caCert, cert, request);
}
cert.Sign(this.caKey, digest);
return(cert);
}
/// <summary>
/// Create a X509Request for this identity, using the specified name and digest.
/// </summary>
/// <param name="name"></param>
/// <param name="digest"></param>
/// <returns></returns>
public X509Request CreateRequest(string name, MessageDigest digest)
{
X509Name subject = new X509Name(name);
X509Request request = new X509Request(2, subject, this.key);
request.Sign(key, digest);
return(request);
}
/// <summary>
/// Calls X509V3_set_ctx()
/// </summary>
/// <param name="issuer"></param>
/// <param name="subject"></param>
/// <param name="request"></param>
public X509V3Context(X509Certificate issuer, X509Certificate subject, X509Request request)
: this()
{
Native.X509V3_set_ctx(
this.ptr,
issuer != null ? issuer.Handle : IntPtr.Zero,
subject != null ? subject.Handle : IntPtr.Zero,
request != null ? request.Handle : IntPtr.Zero,
IntPtr.Zero,
0);
}
/// <summary>
/// Creates a X509v3Context(), calls X509V3_set_ctx() on it, then calls
/// X509V3_EXT_add_nconf()
/// </summary>
/// <param name="section"></param>
/// <param name="issuer"></param>
/// <param name="subject"></param>
/// <param name="request"></param>
public void ApplyExtensions(
string section,
X509Certificate issuer,
X509Certificate subject,
X509Request request)
{
using (X509V3Context ctx = new X509V3Context(issuer, subject, request))
{
ctx.SetConfiguration(this);
Native.ExpectSuccess(Native.X509V3_EXT_add_nconf(
this.ptr,
ctx.Handle,
Encoding.ASCII.GetBytes(section),
subject.Handle));
}
}
/// <summary>
/// Process and X509Request. This includes creating a new X509Certificate
/// and signing this certificate with this CA's private key.
/// </summary>
/// <param name="request"></param>
/// <param name="startTime"></param>
/// <param name="endTime"></param>
/// <returns></returns>
public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime)
{
return(ProcessRequest(request, startTime, endTime, MessageDigest.DSS1));
}
