X509Certificate2 build(X509Certificate2 signer) { MessageSigner signerInfo = signer == null ? new MessageSigner(PrivateKeyInfo, HashingAlgorithm) : new MessageSigner(signer, HashingAlgorithm); signerInfo.PaddingScheme = AlternateSignatureFormat ? SignaturePadding.PSS : SignaturePadding.PKCS1; // initialize from v3 version var rawData = new List <Byte>(_versionBytes); // serial number rawData.AddRange(Asn1Utils.Encode(serialNumber, (Byte)Asn1Type.INTEGER)); // algorithm identifier rawData.AddRange(signerInfo.GetAlgorithmIdentifier(AlternateSignatureFormat).RawData); // issuer rawData.AddRange(signer == null ? SubjectName.RawData : signer.SubjectName.RawData); // NotBefore and NotAfter List <Byte> date = Asn1Utils.EncodeDateTime(NotBefore).ToList(); date.AddRange(Asn1Utils.EncodeDateTime(NotAfter)); rawData.AddRange(Asn1Utils.Encode(date.ToArray(), 48)); // subject rawData.AddRange(SubjectName.RawData); rawData.AddRange(PrivateKeyInfo.GetPublicKey().Encode()); rawData.AddRange(Asn1Utils.Encode(finalExtensions.Encode(), 0xa3)); var blob = new SignedContentBlob(Asn1Utils.Encode(rawData.ToArray(), 48), ContentBlobType.ToBeSignedBlob); blob.Sign(signerInfo); return(new X509Certificate2(blob.Encode())); }
/// <summary> /// Hashes and encodes CRL object from builder information. Instead of signing, CRL is hashed. /// </summary> /// <param name="hasherInfo"> /// Issuer certificate to use as a CRL issuer. Issuer certificate is not required to have private key. /// </param> /// <returns>An instance of generated CRL object.</returns> public X509CRL2 BuildAndHash(X509Certificate2 hasherInfo) { var dummyBlob = new SignedContentBlob(new Byte[] { 0 }, ContentBlobType.ToBeSignedBlob); dummyBlob.Hash(new Oid2(HashingAlgorithm, false)); List <Byte> tbs = buildTbs(dummyBlob.SignatureAlgorithm.RawData, hasherInfo); var blob = new SignedContentBlob(tbs.ToArray(), ContentBlobType.ToBeSignedBlob); blob.Hash(new Oid2(HashingAlgorithm, false)); return(new X509CRL2(blob.Encode())); }
/// <summary> /// Signs and encodes CRL object from builder information. /// </summary> /// <param name="signerInfo">Certificate which is used to sign CRL.</param> /// <returns>An instance of generated signed CRL object.</returns> public X509CRL2 BuildAndSign(MessageSigner signerInfo) { if (signerInfo == null) { throw new ArgumentNullException(nameof(signerInfo)); } // create dummy blob, sign/hash it to get proper encoded signature algorithm identifier. var dummyBlob = new SignedContentBlob(new Byte[] { 0 }, ContentBlobType.ToBeSignedBlob); dummyBlob.Sign(signerInfo); // generate tbs List <Byte> tbs = buildTbs(dummyBlob.SignatureAlgorithm.RawData, signerInfo.SignerCertificate); // now create correct blob and sign/hash it var blob = new SignedContentBlob(tbs.ToArray(), ContentBlobType.ToBeSignedBlob); blob.Sign(signerInfo); return(new X509CRL2(blob.Encode())); }