/// <summary> /// Create an instance of a generic System Crypto CA /// </summary> /// <param name="ConfigFile">Full pathname to config file</param> /// <exception cref="InvalidParameterException">Invalid FIPS140 flag for this CA instance</exception> public sysCA(string ConfigFile) : base(ConfigFile) { // Make sure the CA_Type is correct if (!fips140) { throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance"); } // Get a reference to the key container for the signing key cspParam = SysKeyManager.Read(name); X509CertificateParser cp = new X509CertificateParser(); caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value)); // Setup CA policy if (ca.Element("policyEnforcement") != null) { policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement")); } // Setup the logger startLogging(); // Expire any old certificates Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam); }
/// <summary> /// Construct a CA object /// </summary> /// <param name="ConfigFile">Full pathname to config file</param> public fipsCA(string ConfigFile) : base() { configFile = ConfigFile; // Read in the configuration XDocument config; if (XmlSigning.VerifyXmlFile(configFile)) { config = XDocument.Load(configFile); } else { throw new GeneralSecurityException("Signature failed on CA config file"); } XElement ca = config.Element("OSCA").Element("CA"); fips140 = Convert.ToBoolean(ca.Element("fips140").Value); if (!fips140) { throw new InvalidOperationException("Invalid FIPS140 flag for this CA instance"); } if (ca.Element("rqstPending") != null) { throw new InvalidOperationException("CA is not configured: Request pending"); } name = ca.Element("name").Value; type = ca.Element("type").Value; dbFileLocation = ca.Element("dbFileLocation").Value; publicKeyAlgorithm = ca.Element("publicKeyAlgorithm").Value; publicKeySize = ca.Element("publicKeySize").Value; signatureAlgorithm = ca.Element("signatureAlgorithm").Value; lastSerial = ca.Element("lastSerial").Value; crlFileLocation = ca.Element("crlFileLocation").Value; lastCRL = ca.Element("lastCRL").Value; crlInterval = Convert.ToDouble(ca.Element("crlInterval").Value); profilesLocation = ca.Element("profilesLocation").Value; cspParam = SysKeyManager.Read(name); X509CertificateParser cp = new X509CertificateParser(); caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value)); // Setup the Event Logger eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam); // Log startup event logEvent(LogEvent.EventType.StartCA, "CA Started"); // Expire any old certificates Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam); }