public X509Certificate IssueCertificate(
string pkcs10Request,
ExtensionBuilder extensionBuilder,
string customDN = null
)
{
Pkcs10CertificationRequest request;
using (var _sr = new StringReader(pkcs10Request))
{
var pRd = new PemReader(_sr);
request = (Pkcs10CertificationRequest)pRd.ReadObject();
pRd.Reader.Close();
}
var isGost = request.SignatureAlgorithm.Algorithm.Id.Contains("1.2.643");
PkiService service;
if (isGost)
{
service = new GOSTPkiService();
}
else
{
service = new RSAPkiService();
}
return(service.IssueCertificate(request, extensionBuilder, customDN));
}
public X509Certificate IssueCertificate(
Pkcs10CertificationRequest request,
ExtensionBuilder extensionBuilder,
string customDN = null
)
{
var caCert = GetRootCert();
var caKey = GetRootKey();
var startDate = DateTime.Now;
var expiryDate = DateTime.Now.AddYears(1);
var serialNumber = BigIntegers.CreateRandomInRange(
BigInteger.ValueOf(2).Pow(63),
BigInteger.ValueOf(2).Pow(64),
new SecureRandom()
);
var certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(caCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(expiryDate);
certGen.SetPublicKey(request.GetPublicKey());
if (!string.IsNullOrEmpty(customDN))
{
certGen.SetSubjectDN(new X509Name(customDN));
}
else
{
certGen.SetSubjectDN(request.GetCertificationRequestInfo().Subject);
}
extensionBuilder.Build(certGen, request, caCert);
var x509Certificate = GenerateCertificate(caKey, certGen);
return(x509Certificate);
}