private static X509Crl CreateCrl(
X509CertificateWithKeyInfo issuerCert,
BigInteger version,
X509Certificate2 revokedCertificate = null)
{
var bcIssuerCert = DotNetUtilities.FromX509Certificate(issuerCert.Certificate);
var crlGen = new X509V2CrlGenerator();
crlGen.SetIssuerDN(bcIssuerCert.SubjectDN);
crlGen.SetThisUpdate(DateTime.Now);
crlGen.SetNextUpdate(DateTime.Now.AddYears(1));
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(bcIssuerCert));
crlGen.AddExtension(X509Extensions.CrlNumber, false, new CrlNumber(version));
if (revokedCertificate != null)
{
var bcRevokedCert = DotNetUtilities.FromX509Certificate(revokedCertificate);
crlGen.AddCrlEntry(bcRevokedCert.SerialNumber, DateTime.Now, CrlReason.PrivilegeWithdrawn);
}
var random = new SecureRandom();
var issuerPrivateKey = DotNetUtilities.GetKeyPair(issuerCert.KeyPair).Private;
var signatureFactory = new Asn1SignatureFactory(bcIssuerCert.SigAlgOid, issuerPrivateKey, random);
var crl = crlGen.Generate(signatureFactory);
return(crl);
}
public static CertificateRevocationList CreateCrl(
X509CertificateWithKeyInfo issuerCert,
string crlLocalUri)
{
var version = BigInteger.One;
var crl = CreateCrl(issuerCert, version);
return(new CertificateRevocationList()
{
Crl = crl,
IssuerCert = issuerCert,
CrlLocalPath = Path.Combine(crlLocalUri, $"{issuerCert.Certificate.Subject}.crl"),
Version = version
});
}
public static CertificateRevocationList CreateCrl(X509CertificateWithKeyInfo certCA, string crlLocalUri)
{
throw new NotImplementedException();
}