/// <summary> /// Generate a certificate /// </summary> /// <remarks>Only the extensions supplied will be included in the certificate</remarks> /// <param name="gen">Certificate generator instance</param> /// <param name="ext">Extensions to include in the certificate</param> /// <returns>New certificate</returns> protected override X509Certificate generate(ICertGen gen, X509Extensions ext) { if (gen is SysV1CertGen) { return(((SysV1CertGen)gen).Generate(cspParam, ext)); } else { return(((SysV3CertGen)gen).Generate(cspParam, ext)); } }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="profile">The profile.</param> /// <param name="notBefore"></param> /// <param name="notAfter"></param> /// <returns></returns> protected override X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter) { if (gen is SysV1CertGen) { return(((SysV1CertGen)gen).Generate(cspParam, profile, notBefore, notAfter)); } else { return(((SysV3CertGen)gen).Generate(cspParam, profile, notBefore, notAfter)); } }
/// <summary> /// Generate a certificate /// </summary> /// <remarks>All extensions in request will be included in the certificate</remarks> /// <param name="gen">Certificate generator instance</param> /// <returns>New certificate</returns> protected override X509Certificate generate(ICertGen gen) { return(((SysV3CertGen)gen).Generate(cspParam)); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="ext">The extensions.</param> /// <returns></returns> protected virtual X509Certificate generate(ICertGen gen, X509Extensions ext) { return(((IbcCertGen)gen).Generate(privateKey, ext)); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <returns></returns> protected virtual X509Certificate generate(ICertGen gen) { return(((IbcCertGen)gen).Generate(privateKey)); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="profile">The profile.</param> /// <param name="notBefore">The not before.</param> /// <param name="notAfter">The not after.</param> /// <returns></returns> protected virtual X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter) { return(((IbcCertGen)gen).Generate(privateKey, profile, notBefore, notAfter)); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="profile">The profile.</param> /// <param name="notBefore">The not before.</param> /// <param name="notAfter">The not after.</param> /// <returns></returns> protected override X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter) { return(((BcV3CertGen)gen).Generate(privateKey, profile, notBefore, notAfter)); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="ext">The extensions.</param> /// <returns></returns> protected override X509Certificate generate(ICertGen gen, X509Extensions ext) { return(((BcV3CertGen)gen).Generate(privateKey, ext)); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <returns></returns> protected override X509Certificate generate(ICertGen gen) { return(((BcV3CertGen)gen).Generate(privateKey)); }
/// <summary> /// Generate a certificate /// </summary> /// <param name="gen">Certificate generator instance</param> /// <param name="ext">Extensions to include in the certificate</param> /// <returns> /// New certificate /// </returns> /// <exception cref="System.NotSupportedException">This CA does not support X.509v3 extensions</exception> /// <remarks> /// Always throws an exception - this CA uses V1 certificates /// </remarks> protected override X509Certificate generate(ICertGen gen, X509Extensions ext) { throw new NotSupportedException("This CA does not support X.509v3 extensions"); }
/// <summary> /// Issues the certificate. /// </summary> /// <param name="request">The request.</param> /// <param name="profile">The profile</param> /// <param name="notBefore">The not before.</param> /// <param name="notAfter">The not after.</param> /// <returns> /// Certificate /// </returns> /// <exception cref="System.ArgumentException">Invalid signature algorithm in request</exception> /// <exception cref="System.ArgumentOutOfRangeException">Invalid lifetime units in ValidityPeriod</exception> private X509Certificate issueCertificate(Pkcs10CertificationRequest request, Profile.Profile profile, DateTime notBefore, DateTime notAfter) { X509Certificate newCert; string profileName = ""; // Parse the request Pkcs10Parser p10 = new Pkcs10Parser(request, false); // Check that correct sig algorithm has been used DerObjectIdentifier sigAlgOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm); if (!p10.SignatureAlgorithm.Equals(sigAlgOid)) { logEvent(LogEvent.EventType.Error, "Invalid signature algorithm in request: " + p10.SignatureAlgorithm.ToString()); throw new ArgumentException("Invalid signature algorithm in request", p10.SignatureAlgorithm.ToString()); } // Get the derived class to specify the cert generator ICertGen certGen = getCertificateGenerator(); // Setup the certificate certGen.SetSerialNumber(nextCertSerial()); certGen.SetIssuerDN(caCertificate.SubjectDN); certGen.SetSubjectDN(p10.Subject); certGen.SetPublicKey(p10.PublicKey); certGen.SetSignatureAlgorithm(signatureAlgorithm); if (certGen.GetVersion() == X509ver.V3) { ((V3CertGen)certGen).AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate.GetPublicKey())); ((V3CertGen)certGen).AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(p10.PublicKey)); } // Add further extensions either from profile or request attributes // If a profile is specified ignore all attributes apart from SubjAltName if (profile != null) { // Add in SubjAltName if there is one (there won't be for a V1 certifcate) if ((p10.SubjectAltNames != null) && (certGen.GetVersion() == X509ver.V3)) { bool critical = p10.IsCritical(X509Extensions.SubjectAlternativeName); ((V3CertGen)certGen).AddExtension(X509Extensions.SubjectAlternativeName, critical, p10.SubjectAltNames); } // Capture the profile name for database profileName = profile.Name; // cut the cert - derived class determines what happens using generate() newCert = generate(certGen, profile, notBefore, notAfter); } else // No profile { // Set the validity period certGen.SetNotBefore(notBefore.ToUniversalTime()); certGen.SetNotAfter(notAfter.ToUniversalTime()); // Do what it says in the request - derived class determines what happens using generate() newCert = generate(certGen, p10.Extensions); } // Add certificate to the CA DB Database.AddCertificate(newCert, request.GetDerEncoded(), profileName, dbFileLocation, caCertificate, cspParam); logEvent(LogEvent.EventType.DBAddCert, "DB: Certificate added: " + newCert.SerialNumber.ToString()); return(newCert); }
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="ext">The extensions.</param> /// <returns></returns> protected abstract X509Certificate generate(ICertGen gen, X509Extensions ext);
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <returns></returns> protected abstract X509Certificate generate(ICertGen gen);
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="profile">The profile.</param> /// <param name="notBefore">The not before.</param> /// <param name="notAfter">The not after.</param> /// <returns></returns> protected abstract X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter);