public virtual async Task <X509Certificate2> CreateCACertificateAsync( string subjectName ) { DateTime yesterday = DateTime.Today.AddDays(-1); X509Certificate2 newCertificate = CertificateFactory.CreateCertificate(subjectName) .SetNotBefore(yesterday) .SetLifeTime(Configuration.CACertificateLifetime) .SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.CACertificateHashSize)) .SetCAConstraint() .SetRSAKeySize(Configuration.CACertificateKeySize) .CreateForRSA() .AddToStore( m_authoritiesStoreType, m_authoritiesStorePath); // save only public key Certificate = new X509Certificate2(newCertificate.RawData); // initialize revocation list await RevokeCertificateAsync(m_authoritiesStorePath, newCertificate, null).ConfigureAwait(false); await UpdateAuthorityCertInTrustedList().ConfigureAwait(false); return(Certificate); }
public virtual async Task <X509Certificate2> SigningRequestAsync( ApplicationRecordDataType application, string[] domainNames, byte[] certificateRequest) { try { var pkcs10CertificationRequest = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest(certificateRequest); if (!pkcs10CertificationRequest.Verify()) { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "CSR signature invalid."); } var info = pkcs10CertificationRequest.GetCertificationRequestInfo(); var altNameExtension = GetAltNameExtensionFromCSRInfo(info); if (altNameExtension != null) { if (altNameExtension.Uris.Count > 0) { if (!altNameExtension.Uris.Contains(application.ApplicationUri)) { throw new ServiceResultException(StatusCodes.BadCertificateUriInvalid, "CSR AltNameExtension does not match " + application.ApplicationUri); } } if (altNameExtension.IPAddresses.Count > 0 || altNameExtension.DomainNames.Count > 0) { var domainNameList = new List <string>(); domainNameList.AddRange(altNameExtension.DomainNames); domainNameList.AddRange(altNameExtension.IPAddresses); domainNames = domainNameList.ToArray(); } } DateTime yesterday = DateTime.Today.AddDays(-1); using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false)) { return(CertificateFactory.CreateCertificate( application.ApplicationUri, null, info.Subject.ToString(), domainNames) .SetNotBefore(yesterday) .SetLifeTime(Configuration.DefaultCertificateLifetime) .SetHashAlgorithm(X509Utils.GetRSAHashAlgorithmName(Configuration.DefaultCertificateHashSize)) .SetIssuer(signingKey) .SetRSAPublicKey(info.SubjectPublicKeyInfo.GetEncoded()) .CreateForRSA()); } } catch (Exception ex) { if (ex is ServiceResultException) { throw ex as ServiceResultException; } throw new ServiceResultException(StatusCodes.BadInvalidArgument, ex.Message); } }