public void CreateSubCATest2()
{
// Setup
CaTestHarness.InitialiseCA(true);
ICA ca = CaTestHarness.LoadCA();
// Test
//string caLocation;
Directory.CreateDirectory(CaTestHarness.testHarnessLocation + @"\subCA");
Pkcs10CertificationRequest p10;
p10 = CaFactory.CreateSubCA(SysSubCaConfig);
Assert.AreEqual("CN=Test subCA Sys", p10.GetCertificationRequestInfo().Subject.ToString());
Assert.IsTrue(p10.Verify());
// Test 2
Profile profile = new Profile(CaTestHarness.testHarnessLocation + @"\subCA.xml");
X509Certificate cert = ca.IssueCertificate(p10, profile);
CaFactory.CreateSubCA(CaTestHarness.testHarnessLocation + @"\subCA\CAConfig.xml", cert);
ICA subCa = OSCA.OSCA.LoadCA(CaTestHarness.testHarnessLocation + @"\subCA\CAConfig.xml", "foobar");
Assert.AreEqual("CN=Test subCA Sys", subCa.CAName);
Assert.IsTrue(subCa.FIPS140Mode);
}
/// <summary>
/// Create a new Subordinate CA using the setup parameters from a CAConfig object
/// The Issuing CA must be available to create and sign a certificate
/// </summary>
/// <param name="Config">CAConfig object</param>
/// <param name="IssuingCA">Object reference for issuing CA</param>
/// <returns>Full pathname of CA config file</returns>
public static string CreateSubCA(CAConfig Config, ICA IssuingCA)
{
if (Config.profile != CA_Profile.SubCA)
{
throw new ArgumentException("Invalid profile specified", Config.profile.ToString());
}
// Serial number
BigInteger serialNumber = new BigInteger(1, BitConverter.GetBytes(DateTime.Now.Ticks));
// Key material
Pkcs10CertificationRequest p10;
if (Config.FIPS140)
{
privateKeyCapi = SysKeyManager.Create(Config.pkSize, Config.pkAlgo, Config.name);
// PKCS#10 Request
p10 = new Pkcs10CertificationRequestDelaySigned(
Config.sigAlgo,
Config.DN,
SysKeyManager.getPublicKey(privateKeyCapi, Config.pkAlgo),
null);
// Signature
byte[] buffer = ((Pkcs10CertificationRequestDelaySigned)p10).GetDataToSign();
byte[] signature = SysSigner.Sign(buffer, privateKeyCapi, Config.sigAlgo);
((Pkcs10CertificationRequestDelaySigned)p10).SignRequest(signature);
}
else
{
keyPair = BcKeyManager.Create(Config.pkSize, Config.pkAlgo);
// Create a system CspParameters entry for use by XmlSigner
privateKeyCapi = SysKeyManager.LoadCsp(keyPair.Private);
// PKCS#10 Request
p10 = new Pkcs10CertificationRequest(
Config.sigAlgo,
Config.DN,
keyPair.Public,
null,
keyPair.Private);
}
// Test the signature
if (!p10.Verify())
{
throw new SignatureException("Cannot validate POP signature");
}
// Request cert from issuing CA
X509Certificate cert = IssuingCA.IssueCertificate(p10, new Profile.Profile(Config.profileFile));
string configFile;
if (Config.FIPS140)
{
// Create the CA Config file
configFile = createFinalCAConfig(Config, serialNumber, cert, null);
LogEvent.WriteEvent(eventLog, LogEvent.EventType.CreateCA, "Subordinate CA (FIPS) Created: " + configFile);
}
else
{
// Store key material in a PKCS#12 file
MemoryStream stream = BcKeyManager.SaveP12(keyPair.Private, cert, Config.password, Config.name);
string caKey = Convert.ToBase64String(stream.ToArray());
// Create the CA Config file
configFile = createFinalCAConfig(Config, serialNumber, null, caKey);
LogEvent.WriteEvent(eventLog, LogEvent.EventType.CreateCA, "Root CA (BC) Created: " + configFile);
}
// Create CA database
Database.CreateDB(Config, cert, privateKeyCapi);
return(configFile);
}
