/// <summary> /// Gets sanitized DS object name from certificate's subject. /// </summary> /// <param name="fromCert">Specifies the certificate to use for DS name generation.</param> /// <returns>Sanitized name of DS object.</returns> /// <remarks> /// Default method implementation checks if specified certificate is CA certificate. If true, subject name /// is used to generate DS object name, otherwise issuer name is used to generate DS object name. /// </remarks> protected virtual String GetContainerName(X509Certificate2 fromCert) { X500DistinguishedName fullSubject; // get the name to be used as the name in DS. If certificate subject is end entity, // use issuer name (first attribute), if subject is CA, use subject name (first attrbiute). if (fromCert.Version == 3) { // attempt to retrieve Basic Constraints extension X509Extension ext = fromCert.Extensions[X509ExtensionOid.BasicConstraints]; // if Basic Constraints is absent, pick issuer name if (ext == null) { fullSubject = fromCert.IssuerName; } else { // if Basic Constraints is presented, check if isCA attribute. // if isCA = TRUE, use subject name, otherwise use issuer name var bc = (X509BasicConstraintsExtension)ext.ConvertExtension(); fullSubject = bc.CertificateAuthority ? fromCert.SubjectName : fromCert.IssuerName; } } else { // V1 certificates are threated as end entity, so pick up issuer name. fullSubject = fromCert.IssuerName; } return(generateContainerName(fullSubject)); }