/// <summary>
/// Create the extensions.
/// </summary>
/// <param name="cg">The cert generator.</param>
/// <param name="subjectPublicKey">The public key to use for the extensions.</param>
private void CreateExtensions(X509V3CertificateGenerator cg, AsymmetricKeyParameter subjectPublicKey)
{
// Subject key identifier
cg.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.SubjectKeyIdentifier.Id, false,
new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectPublicKey)));
// Basic constraints
BasicConstraints basicConstraints = new BasicConstraints(m_isCA);
if (m_isCA && m_pathLengthConstraint >= 0)
{
basicConstraints = new BasicConstraints(m_pathLengthConstraint);
}
else if (!m_isCA && IssuerCAKeyCert == null)
{ // self-signed
basicConstraints = new BasicConstraints(0);
}
cg.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.BasicConstraints.Id, true, basicConstraints);
// Authority Key identifier references the issuer cert or itself when self signed
AsymmetricKeyParameter issuerPublicKey;
BigInteger issuerSerialNumber;
if (IssuerCAKeyCert != null)
{
issuerPublicKey = X509Utils.GetPublicKeyParameter(IssuerCAKeyCert);
issuerSerialNumber = X509Utils.GetSerialNumber(IssuerCAKeyCert);
}
else
{
issuerPublicKey = subjectPublicKey;
issuerSerialNumber = new BigInteger(1, m_serialNumber.Reverse().ToArray());
}
cg.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier.Id, false,
new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerPublicKey),
new GeneralNames(new GeneralName(m_issuerDN)), issuerSerialNumber));
if (!m_isCA)
{
// Key usage
var keyUsage = KeyUsage.DataEncipherment | KeyUsage.DigitalSignature |
KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment;
if (IssuerCAKeyCert == null)
{ // only self signed certs need KeyCertSign flag.
keyUsage |= KeyUsage.KeyCertSign;
}
cg.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.KeyUsage, true,
new KeyUsage(keyUsage));
// Extended Key usage
cg.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(new List <DerObjectIdentifier>()
{
new DerObjectIdentifier(Oids.ServerAuthentication), // server auth
new DerObjectIdentifier(Oids.ClientAuthentication), // client auth
}));
}
else
{
// Key usage CA
cg.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.CrlSign | KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
}
foreach (var extension in m_extensions)
{
cg.AddExtension(extension.Oid.Value, extension.Critical, Asn1Object.FromByteArray(extension.RawData));
}
}