X509Certificate2 build(X509Certificate2 signer)
{
MessageSigner signerInfo = signer == null
? new MessageSigner(PrivateKeyInfo, HashingAlgorithm)
: new MessageSigner(signer, HashingAlgorithm);
signerInfo.PaddingScheme = AlternateSignatureFormat
? SignaturePadding.PSS
: SignaturePadding.PKCS1;
// initialize from v3 version
var rawData = new List <Byte>(_versionBytes);
// serial number
rawData.AddRange(Asn1Utils.Encode(serialNumber, (Byte)Asn1Type.INTEGER));
// algorithm identifier
rawData.AddRange(signerInfo.GetAlgorithmIdentifier(AlternateSignatureFormat).RawData);
// issuer
rawData.AddRange(signer == null
? SubjectName.RawData
: signer.SubjectName.RawData);
// NotBefore and NotAfter
List <Byte> date = Asn1Utils.EncodeDateTime(NotBefore).ToList();
date.AddRange(Asn1Utils.EncodeDateTime(NotAfter));
rawData.AddRange(Asn1Utils.Encode(date.ToArray(), 48));
// subject
rawData.AddRange(SubjectName.RawData);
rawData.AddRange(PrivateKeyInfo.GetPublicKey().Encode());
rawData.AddRange(Asn1Utils.Encode(finalExtensions.Encode(), 0xa3));
var blob = new SignedContentBlob(Asn1Utils.Encode(rawData.ToArray(), 48), ContentBlobType.ToBeSignedBlob);
blob.Sign(signerInfo);
return(new X509Certificate2(blob.Encode()));
}
List <Byte> buildTbs(Byte[] signatureAlgorithm, X509Certificate2 issuer)
{
if (String.IsNullOrEmpty(issuer.Issuer))
{
throw new ArgumentException("Subject name is empty.");
}
// coerce hashing algorithm
if (HashingAlgorithm == null)
{
HashingAlgorithm = new Oid(AlgorithmOids.SHA256);
}
// coerce version
if (_extensions.Count > 0)
{
Version = 2;
}
// coerce validity
if (NextUpdate == null || NextUpdate.Value <= ThisUpdate)
{
NextUpdate = ThisUpdate.AddDays(7);
}
var rawBytes = new List <Byte>();
// algorithm
rawBytes.AddRange(signatureAlgorithm);
// issuer
rawBytes.AddRange(issuer.SubjectName.RawData);
// thisUpdate
rawBytes.AddRange(Asn1Utils.EncodeDateTime(ThisUpdate));
// nextUpdate. Not null at this point, because we do not support CRL generation with infinity validity.
rawBytes.AddRange(Asn1Utils.EncodeDateTime(NextUpdate.Value));
// revokedCerts
if (RevokedCertificates.Count > 0)
{
rawBytes.AddRange(RevokedCertificates.Encode());
RevokedCertificates.Close();
}
// extensions
if (Version == 2)
{
// insert version at the beginning.
rawBytes.InsertRange(0, new Asn1Integer(Version - 1).RawData);
generateExtensions(issuer);
rawBytes.AddRange(Asn1Utils.Encode(Extensions.Encode(), 160));
}
// generate tbs
return(new List <Byte>(Asn1Utils.Encode(rawBytes.ToArray(), 48)));
}
/// <summary>
/// Encodes revocation entry to a ASN.1-encoded byte array.
/// </summary>
/// <returns>ASN.1-encoded byte array</returns>
public Byte[] Encode()
{
if (String.IsNullOrEmpty(SerialNumber))
{
throw new UninitializedObjectException();
}
List <Byte> rawData = new List <Byte>(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexAny));
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), (Byte)Asn1Type.INTEGER));
rawData.AddRange(Asn1Utils.EncodeDateTime(RevocationDate));
if (ReasonCode != 0)
{
Byte[] reasonEnum = new Byte[] { 10, 1, (Byte)ReasonCode };
X509ExtensionCollection exts = new X509ExtensionCollection();
X509Extension CRlReasonCode = new X509Extension("2.5.29.21", reasonEnum, false);
exts.Add(CRlReasonCode);
rawData.AddRange(Crypt32Managed.EncodeX509Extensions(exts));
}
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
Byte[] encodeCTL()
{
var builder = new Asn1Builder()
.AddDerData(new X509EnhancedKeyUsageExtension(SubjectUsages, false).RawData);
var rawData = new List <Byte>(new X509EnhancedKeyUsageExtension(SubjectUsages, false).RawData);
if (!String.IsNullOrEmpty(ListIdentifier))
{
builder.AddOctetString(Encoding.Unicode.GetBytes(ListIdentifier + "\0"));
}
if (SequenceNumber != null)
{
builder.AddInteger(SequenceNumber.Value);
}
builder.AddDerData(Asn1Utils.EncodeDateTime(ThisUpdate.ToUniversalTime()));
if (NextUpdate != null)
{
builder.AddDerData(Asn1Utils.EncodeDateTime(NextUpdate.Value.ToUniversalTime()));
}
return(builder.AddDerData(new AlgorithmIdentifier(HashAlgorithm, new Byte[0]).RawData)
.AddDerData(Entries.Encode())
.GetRawData());
}
void initializeFromDateTime(DateTime publishTime)
{
NextCRLPublish = publishTime;
RawData = Asn1Utils.EncodeDateTime(publishTime.ToUniversalTime());
}
