/// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
/// <param name="cspParam">CSP Parameters containing the key</param>
public X509Crl Generate(CngKey key)
{
TbsCertificateList tbsCrl = GenerateCertList();
byte[] signature;
try
{
signature = CngSigner.Sign(tbsCrl.GetDerEncoded(), key, CngAlgorithm.Sha256);
}
catch (IOException e)
{
throw new CrlException("cannot generate CRL encoding", e);
}
return(new X509Crl(CertificateList.GetInstance(new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature)))));
}
/// <summary>
/// Generate an X509Certificate.
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <param name="Extensions">Extensions to include in the certificate</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(CngKey key, X509Extensions Extensions)
{
TbsCertificateStructure tbsCert = GenerateTbsCert(Extensions);
// Check this complies with policy
if (policy != null)
{
TestAgainstPolicy test = new TestAgainstPolicy(policy);
if (!test.report(tbsCert))
{
throw new PolicyEnforcementException(test.status.ToString());
}
}
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
//AlgorithmIdentifier sigAlg = tbsCert.Signature;
//sigAlg.ObjectID
signature = CngSigner.Sign(cert, key, CngAlgorithm.Sha256);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}