/// <summary>
/// Creates a certificate using the established subject, key, and optional
/// extensions using the specified certificate as the issuer.
/// </summary>
/// <param name="issuerCertificate">Certificate instance representing the issuing
/// Certificate Authority (CA).</param>
/// <param name="issuerPrivatekey">Key representing the private key of the issuing
/// certificate authority.
/// <param name="notBefore">The oldest date and time when this certificate is considered
/// valid. Typically UtcNow, plus or minus a few seconds.</param>
/// <param name="notAfter">The date and time when this certificate is no longer considered
/// valid.</param>
/// <param name="serialNumber">The serial number to use for the new certificate.
/// This value should be unique per issuer. The value is interpreted as
/// an unsigned integer of arbitrary size in big-endian byte ordering.
/// RFC 3280 recommends confining it to 20 bytes or less.</param>
/// <returns>A Certificate with the specified values. The returned object
/// won't assert HasPrivateKey.</returns>
public PkiCertificate Create(PkiCertificate issuerCertificate, PkiKey issuerPrivateKey,
DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber)
{
var isur = new X509Name(issuerCertificate.SubjectName);
var name = new X509Name(SubjectName);
return(Create(isur, issuerPrivateKey, name, notBefore, notAfter, serialNumber));
}
public RecoverableSerialForm(PkiCertificate cert)
{
_certificate = cert.Export(PkiEncodingFormat.Der);
_sn = cert.SubjectName;
_san = cert.SubjectAlternativeNames?.ToArray();
}
internal string AliasOf(PkiCertificate cert)
{
var x509Name = new X509Name(cert.SubjectName);
return((x509Name.GetValueList(X509Name.CN)?[0] ?? cert.SubjectName) as string);
}