private static TbsCertificateStructure CreateTbsForVerification(X509Certificate2 preCertificate, IssuerInformation issuerInformation)
{
if (preCertificate.Version < 3)
{
throw new InvalidOperationException("PreCertificate version must be 3 or higher!");
}
var asn1Obj = Asn1Object.FromByteArray(preCertificate.GetTbsCertificateRaw());
var tbsCert = TbsCertificateStructure.GetInstance(asn1Obj);
var hasX509AuthorityKeyIdentifier = tbsCert.Extensions.GetExtension(new DerObjectIdentifier(Constants.X509AuthorityKeyIdentifier)) != null;
if (hasX509AuthorityKeyIdentifier &&
issuerInformation.IssuedByPreCertificateSigningCert &&
issuerInformation.X509AuthorityKeyIdentifier == null)
{
throw new InvalidOperationException("PreCertificate was not signed by a PreCertificate signing cert");
}
var orderedExtensions = GetExtensionsWithoutPoisonAndSct(tbsCert.Extensions, issuerInformation.X509AuthorityKeyIdentifier);
var generator = new V3TbsCertificateGenerator();
generator.SetSerialNumber(tbsCert.SerialNumber);
generator.SetSignature(tbsCert.Signature);
generator.SetIssuer(issuerInformation.Name ?? tbsCert.Issuer);
generator.SetStartDate(tbsCert.StartDate);
generator.SetEndDate(tbsCert.EndDate);
generator.SetSubject(tbsCert.Subject);
generator.SetSubjectPublicKeyInfo(tbsCert.SubjectPublicKeyInfo);
generator.SetIssuerUniqueID(tbsCert.IssuerUniqueID);
generator.SetSubjectUniqueID(tbsCert.SubjectUniqueID);
var extensionsGenerator = new X509ExtensionsGenerator();
foreach (var e in orderedExtensions)
{
extensionsGenerator.AddExtension(e.Key, e.Value.IsCritical, e.Value.GetParsedValue());
}
generator.SetExtensions(extensionsGenerator.Generate());
return(generator.GenerateTbsCertificate());
}
/// <summary>
/// Set the issuer unique ID - note: it is very rare that it is correct to do this.
/// </summary>
/// <param name="uniqueID"/>
public void SetIssuerUniqueID(
bool[] uniqueID)
{
tbsGen.SetIssuerUniqueID(booleanToBitString(uniqueID));
}