public static TimestampService Create(
CertificateAuthority certificateAuthority,
TimestampServiceOptions serviceOptions = null)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
serviceOptions = serviceOptions ?? new TimestampServiceOptions();
var keyPair = CertificateUtilities.CreateKeyPair();
var id = Guid.NewGuid().ToString();
var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Timestamp Service ({id})");
Action <X509V3CertificateGenerator> customizeCertificate = generator =>
{
generator.AddExtension(
X509Extensions.AuthorityInfoAccess,
critical: false,
extensionValue: new DerSequence(
new AccessDescription(AccessDescription.IdADOcsp,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.OcspResponderUri.OriginalString)),
new AccessDescription(AccessDescription.IdADCAIssuers,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.CertificateUri.OriginalString))));
generator.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
critical: false,
extensionValue: new AuthorityKeyIdentifierStructure(certificateAuthority.Certificate));
generator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
critical: false,
extensionValue: new SubjectKeyIdentifierStructure(keyPair.Public));
generator.AddExtension(
X509Extensions.BasicConstraints,
critical: true,
extensionValue: new BasicConstraints(cA: false));
generator.AddExtension(
X509Extensions.KeyUsage,
critical: true,
extensionValue: new KeyUsage(KeyUsage.DigitalSignature));
generator.AddExtension(
X509Extensions.ExtendedKeyUsage,
critical: true,
extensionValue: ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
};
var issueOptions = new IssueCertificateOptions()
{
KeyPair = keyPair,
SubjectName = subjectName,
CustomizeCertificate = customizeCertificate
};
var certificate = certificateAuthority.IssueCertificate(issueOptions);
var uri = certificateAuthority.GenerateRandomUri();
return(new TimestampService(certificateAuthority, certificate, keyPair, uri, serviceOptions));
}
public static TimestampService Create(
CertificateAuthority certificateAuthority,
TimestampServiceOptions serviceOptions = null,
IssueCertificateOptions issueCertificateOptions = null)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
serviceOptions = serviceOptions ?? new TimestampServiceOptions();
if (issueCertificateOptions == null)
{
issueCertificateOptions = IssueCertificateOptions.CreateDefaultForTimestampService();
}
void customizeCertificate(X509V3CertificateGenerator generator)
{
generator.AddExtension(
X509Extensions.AuthorityInfoAccess,
critical: false,
extensionValue: new DerSequence(
new AccessDescription(AccessDescription.IdADOcsp,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.OcspResponderUri.OriginalString)),
new AccessDescription(AccessDescription.IdADCAIssuers,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.CertificateUri.OriginalString))));
generator.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
critical: false,
extensionValue: new AuthorityKeyIdentifierStructure(certificateAuthority.Certificate));
generator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
critical: false,
extensionValue: new SubjectKeyIdentifierStructure(issueCertificateOptions.KeyPair.Public));
generator.AddExtension(
X509Extensions.BasicConstraints,
critical: true,
extensionValue: new BasicConstraints(cA: false));
generator.AddExtension(
X509Extensions.KeyUsage,
critical: true,
extensionValue: new KeyUsage(KeyUsage.DigitalSignature));
generator.AddExtension(
X509Extensions.ExtendedKeyUsage,
critical: true,
extensionValue: ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
}
if (issueCertificateOptions.CustomizeCertificate == null)
{
issueCertificateOptions.CustomizeCertificate = customizeCertificate;
}
if (serviceOptions.IssuedCertificateNotBefore.HasValue)
{
issueCertificateOptions.NotBefore = serviceOptions.IssuedCertificateNotBefore.Value;
}
if (serviceOptions.IssuedCertificateNotAfter.HasValue)
{
issueCertificateOptions.NotAfter = serviceOptions.IssuedCertificateNotAfter.Value;
}
var certificate = certificateAuthority.IssueCertificate(issueCertificateOptions);
var uri = certificateAuthority.GenerateRandomUri();
return(new TimestampService(certificateAuthority, certificate, issueCertificateOptions.KeyPair, uri, serviceOptions));
}