private CreatePrivateCertificateResult ProcessCertificateAuthoritySuccessResponse(ICertificateRequestPublicPrivateKeyPair model, CertificateAuthorityRequestResponse response, CertificateSubject subject, ClaimsPrincipal user)
        {
            string           nonce    = secrets.NewSecretBase64(16);
            string           password = secrets.NewSecret(64);
            X509Certificate2 cert     = certificateProvider.InstallIssuedCertificate(response.IssuedCertificate);

            SetPrivateKeyFileSystemAccess(model, cert, user);

            byte[] certContent = cert.Export(X509ContentType.Pfx, password);

            CreatePrivateCertificateResult result = new CreatePrivateCertificateResult()
            {
                Password   = password,
                Pfx        = Convert.ToBase64String(certContent),
                Status     = PrivateCertificateRequestStatus.Success,
                Thumbprint = cert.Thumbprint,
                Id         = Guid.NewGuid(),
            };

            List <AccessControlEntry> defaultAcl = authorizationLogic.GetDefaultCertificateAcl(user);

            Certificate storedCert = new Certificate()
            {
                Id          = result.Id,
                Thumbprint  = cert.Thumbprint,
                PfxPassword = cipher.Encrypt(password, nonce),
                WindowsApi  = model.Provider,
                Content     = certContent,
                CertificateStorageFormat = CertificateStorageFormat.Pfx,
                HashAlgorithm            = model.HashAlgorithm,
                CipherAlgorithm          = model.CipherAlgorithm,
                DisplayName   = model.SubjectCommonName,
                HasPrivateKey = true,
                ValidTo       = cert.NotAfter,
                ValidFrom     = cert.NotBefore,
                KeySize       = model.KeySize,
                KeyUsage      = dataTransformation.ParseKeyUsage(model.KeyUsage),
                Subject       = subject,
                Acl           = defaultAcl,
                PasswordNonce = nonce,
                ContentDigest = hashProvider.ComputeHash(certContent)
            };

            certificateRepository.Insert(storedCert);

            return(result);
        }