public static X509Certificate IssueCertificate(string pkcs10Request)
{
Pkcs10CertificationRequest request;
using (var _sr = new StringReader(pkcs10Request))
{
var pRd = new PemReader(_sr);
request = (Pkcs10CertificationRequest)pRd.ReadObject();
pRd.Reader.Close();
}
var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();
var caKey = (AsymmetricKeyParameter)RootCertificates.GetPrivateKeyGOST();
var startDate = DateTime.Now;
var expiryDate = DateTime.Now.AddYears(1);
var serialNumber = BigIntegers.CreateRandomInRange(
BigInteger.ValueOf(2).Pow(63),
BigInteger.ValueOf(2).Pow(64),
new SecureRandom()
);
var certGen = new X509V3CertificateGenerator();
var requestInfo = request.GetCertificationRequestInfo();
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(caCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(expiryDate);
certGen.SetSubjectDN(requestInfo.Subject);
certGen.SetPublicKey(request.GetPublicKey());
/// extensions
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caCert));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(request.GetPublicKey()));
certGen.AddExtension(
X509Extensions.ExtendedKeyUsage,
true,
new ExtendedKeyUsage(new[]
{
new DerObjectIdentifier("1.1.1.1.1.1.2")
})
);
var signer = new GostSignerFactory(caKey);
var certificate = certGen.Generate(signer);
return(certificate);
}
protected override AsymmetricKeyParameter GetRootKey()
{
return((AsymmetricKeyParameter)RootCertificates.GetPrivateKeyGOST());
}