X509Certificate2 build(X509Certificate2 signer)
{
MessageSigner signerInfo = signer == null
? new MessageSigner(PrivateKeyInfo, HashingAlgorithm)
: new MessageSigner(signer, HashingAlgorithm);
signerInfo.PaddingScheme = AlternateSignatureFormat
? SignaturePadding.PSS
: SignaturePadding.PKCS1;
// initialize from v3 version
var rawData = new List <Byte>(_versionBytes);
// serial number
rawData.AddRange(Asn1Utils.Encode(serialNumber, (Byte)Asn1Type.INTEGER));
// algorithm identifier
rawData.AddRange(signerInfo.GetAlgorithmIdentifier(AlternateSignatureFormat).RawData);
// issuer
rawData.AddRange(signer == null
? SubjectName.RawData
: signer.SubjectName.RawData);
// NotBefore and NotAfter
List <Byte> date = Asn1Utils.EncodeDateTime(NotBefore).ToList();
date.AddRange(Asn1Utils.EncodeDateTime(NotAfter));
rawData.AddRange(Asn1Utils.Encode(date.ToArray(), 48));
// subject
rawData.AddRange(SubjectName.RawData);
rawData.AddRange(PrivateKeyInfo.GetPublicKey().Encode());
rawData.AddRange(Asn1Utils.Encode(finalExtensions.Encode(), 0xa3));
var blob = new SignedContentBlob(Asn1Utils.Encode(rawData.ToArray(), 48), ContentBlobType.ToBeSignedBlob);
blob.Sign(signerInfo);
return(new X509Certificate2(blob.Encode()));
}
public static Byte[] EncodeX509Extensions(X509ExtensionCollection extensions)
{
return(extensions.Encode());
}