/// <summary>
/// Create an instance of a generic System Crypto CA
/// </summary>
/// <param name="ConfigFile">Full pathname to config file</param>
/// <exception cref="InvalidParameterException">Invalid FIPS140 flag for this CA instance</exception>
public sysCA(string ConfigFile) : base(ConfigFile)
{
// Make sure the CA_Type is correct
if (!fips140)
{
throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance");
}
// Get a reference to the key container for the signing key
cspParam = SysKeyManager.Read(name);
X509CertificateParser cp = new X509CertificateParser();
caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value));
// Setup CA policy
if (ca.Element("policyEnforcement") != null)
{
policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement"));
}
// Setup the logger
startLogging();
// Expire any old certificates
Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
}
/// <summary>
/// Construct a CA object
/// </summary>
/// <param name="ConfigFile">Full pathname to config file</param>
public fipsCA(string ConfigFile) : base()
{
configFile = ConfigFile;
// Read in the configuration
XDocument config;
if (XmlSigning.VerifyXmlFile(configFile))
{
config = XDocument.Load(configFile);
}
else
{
throw new GeneralSecurityException("Signature failed on CA config file");
}
XElement ca = config.Element("OSCA").Element("CA");
fips140 = Convert.ToBoolean(ca.Element("fips140").Value);
if (!fips140)
{
throw new InvalidOperationException("Invalid FIPS140 flag for this CA instance");
}
if (ca.Element("rqstPending") != null)
{
throw new InvalidOperationException("CA is not configured: Request pending");
}
name = ca.Element("name").Value;
type = ca.Element("type").Value;
dbFileLocation = ca.Element("dbFileLocation").Value;
publicKeyAlgorithm = ca.Element("publicKeyAlgorithm").Value;
publicKeySize = ca.Element("publicKeySize").Value;
signatureAlgorithm = ca.Element("signatureAlgorithm").Value;
lastSerial = ca.Element("lastSerial").Value;
crlFileLocation = ca.Element("crlFileLocation").Value;
lastCRL = ca.Element("lastCRL").Value;
crlInterval = Convert.ToDouble(ca.Element("crlInterval").Value);
profilesLocation = ca.Element("profilesLocation").Value;
cspParam = SysKeyManager.Read(name);
X509CertificateParser cp = new X509CertificateParser();
caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value));
// Setup the Event Logger
eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam);
// Log startup event
logEvent(LogEvent.EventType.StartCA, "CA Started");
// Expire any old certificates
Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
}