/// <summary>
/// Create an instance of a generic System Crypto CA
/// </summary>
/// <param name="ConfigFile">Full pathname to config file</param>
/// <exception cref="InvalidParameterException">Invalid FIPS140 flag for this CA instance</exception>
public sysCA(string ConfigFile) : base(ConfigFile)
{
// Make sure the CA_Type is correct
if (!fips140)
{
throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance");
}
// Get a reference to the key container for the signing key
cspParam = SysKeyManager.Read(name);
X509CertificateParser cp = new X509CertificateParser();
caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value));
// Setup CA policy
if (ca.Element("policyEnforcement") != null)
{
policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement"));
}
// Setup the logger
startLogging();
// Expire any old certificates
Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
}
/// <summary>
/// Construct a CA object
/// </summary>
/// <param name="ConfigFile">Full pathname to config file</param>
/// <param name="Password">Password for key file</param>
public simpleCA(string ConfigFile, string Password)
{
this.configFile = ConfigFile;
this.password = Password.ToCharArray();
// Read in the configuration
XDocument config;
if (XmlSigning.VerifyXmlFile(configFile))
{
config = XDocument.Load(configFile);
}
else
{
throw new GeneralSecurityException("Signature failed on CA config file");
}
XElement ca = config.Element("OSCA").Element("CA");
this.name = ca.Element("name").Value;
this.type = ca.Element("type").Value;
this.dbFileLocation = ca.Element("dbFileLocation").Value;
this.publicKeyAlgorithm = ca.Element("publicKeyAlgorithm").Value;
this.publicKeySize = ca.Element("publicKeySize").Value;
this.signatureAlgorithm = ca.Element("signatureAlgorithm").Value;
this.fips140 = Convert.ToBoolean(ca.Element("fips140").Value);
this.lastSerial = ca.Element("lastSerial").Value;
this.crlFileLocation = ca.Element("crlFileLocation").Value;
this.lastCRL = ca.Element("lastCRL").Value;
this.crlInterval = Convert.ToDouble(ca.Element("crlInterval").Value);
this.profilesLocation = ca.Element("profilesLocation").Value;
//Read in the private key and certificate
MemoryStream p12stream = new MemoryStream(Convert.FromBase64String(ca.Element("caKey").Value));
Pkcs12Store p12 = new Pkcs12Store(p12stream, password);
this.privateKey = p12.GetKey(this.name).Key;
this.caCertificate = p12.GetCertificate(this.name).Certificate;
if (ca.Element("policyEnforcement") != null)
{
policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement"));
}
// Create CspParameters to support XML signing
cspParam = SysKeyManager.LoadCsp(privateKey);
// Setup the Event Logger
eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam);
// Check our certificate is valid
// --- TODO
// Log startup event
logEvent(LogEvent.EventType.StartCA, "CA Started");
// Expire any old certificates
Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
}
/// <summary>
/// Create an instance of a generic Bouncy Castle Crypto CA
/// </summary>
/// <param name="ConfigFile">Full pathname to config file</param>
/// <param name="Password">Password for CA key file</param>
public bcCA(string ConfigFile, string Password) : base(ConfigFile)
{
// Make sure the CA_Type is correct
if (fips140)
{
throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance");
}
this.password = Password.ToCharArray();
//Read in the private key and certificate
MemoryStream p12stream = new MemoryStream(Convert.FromBase64String(ca.Element("caKey").Value));
Pkcs12Store p12 = new Pkcs12Store(p12stream, password);
this.privateKey = p12.GetKey(this.name).Key;
this.caCertificate = p12.GetCertificate(this.name).Certificate;
// Setup CA policy
if (ca.Element("policyEnforcement") != null)
{
policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement"));
}
// Create CspParameters to support XML signing
cspParam = SysKeyManager.LoadCsp(privateKey);
// Setup the Event Logger
eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam);
// Check our certificate is valid
// --- TODO
// Log startup event
logEvent(LogEvent.EventType.StartCA, "CA Started");
// Expire any old certificates
Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam);
}
