/// <summary>
/// Clone document
/// </summary>
/// <param name="document"></param>
/// <returns></returns>
public static Crl ToModel(this CrlDocument document)
{
if (document?.RawData == null)
{
return(null);
}
return(CrlEx.ToCrl(document.RawData));
}
/// <summary>
/// Convert to service model
/// </summary>
/// <returns></returns>
public static Crl ToStackModel(this X509CrlModel model)
{
return(CrlEx.ToCrl(model.ToRawData()));
}
/// <inheritdoc/>
public Task <Crl> CreateCrlAsync(Certificate issuer, SignatureType signature,
IEnumerable <Certificate> revokedCertificates, DateTime?nextUpdate,
CancellationToken ct)
{
try {
if (issuer == null)
{
throw new ArgumentNullException(nameof(issuer));
}
if (issuer.RawData == null)
{
throw new ArgumentNullException(nameof(issuer.RawData));
}
if (issuer.IssuerPolicies == null)
{
throw new ArgumentNullException(nameof(issuer.IssuerPolicies));
}
if (issuer.KeyHandle == null)
{
throw new ArgumentNullException(nameof(issuer.KeyHandle));
}
var bcCertCA = new X509CertificateParser().ReadCertificate(issuer.RawData);
var thisUpdate = DateTime.UtcNow;
var crlGen = new X509V2CrlGenerator();
crlGen.SetIssuerDN(bcCertCA.SubjectDN);
crlGen.SetThisUpdate(DateTime.UtcNow);
crlGen.SetNextUpdate(nextUpdate ?? issuer.NotAfterUtc);
if (revokedCertificates == null || !revokedCertificates.Any())
{
// add a dummy entry
crlGen.AddCrlEntry(BigInteger.One, thisUpdate, CrlReason.Unspecified);
}
else
{
// add the revoked certs
foreach (var revokedCertificate in revokedCertificates)
{
var revoked = revokedCertificate.Revoked?.Date ?? thisUpdate;
crlGen.AddCrlEntry(new BigInteger(1, revokedCertificate.SerialNumber),
revoked, CrlReason.PrivilegeWithdrawn);
}
}
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(bcCertCA));
// set new serial number
var crlSerialNumber = BigInteger.ValueOf(DateTime.UtcNow.ToFileTimeUtc());
crlGen.AddExtension(X509Extensions.CrlNumber, false,
new CrlNumber(crlSerialNumber));
// generate updated CRL
var signatureGenerator = _signer.CreateX509SignatureGenerator(
issuer.KeyHandle, signature);
var signatureFactory = new SignatureFactory(signature, signatureGenerator);
var updatedCrl = crlGen.Generate(signatureFactory);
return(Task.FromResult(CrlEx.ToCrl(updatedCrl.GetEncoded())));
}
catch (Exception ex) {
return(Task.FromException <Crl>(ex));
}
}