public Asn1VerifierFactory(string algorithm, AsymmetricKeyParameter publicKey)
{
DerObjectIdentifier algorithmOid = X509Utilities.GetAlgorithmOid(algorithm);
this.publicKey = publicKey;
algID = X509Utilities.GetSigAlgID(algorithmOid, algorithm);
}
public Asn1SignatureFactory(string algorithm, AsymmetricKeyParameter privateKey, SecureRandom random)
{
DerObjectIdentifier algorithmOid = X509Utilities.GetAlgorithmOid(algorithm);
this.algorithm = algorithm;
this.privateKey = privateKey;
this.random = random;
algID = X509Utilities.GetSigAlgID(algorithmOid, algorithm);
}
/// <summary>
/// Set the signature algorithm that will be used to sign this certificate.
/// </summary>
/// <param name="signatureAlgorithm">Name of the signature algorithm</param>
public void SetSignatureAlgorithm(string signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
try
{
sigOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
}
catch (Exception)
{
throw new ArgumentException("Unknown signature type requested: " + signatureAlgorithm);
}
sigAlgId = X509Utilities.GetSigAlgID(sigOid, signatureAlgorithm);
tbsGen.SetSignature(sigAlgId);
}
/// <summary>
/// Issues the certificate.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="profile">The profile</param>
/// <param name="notBefore">The not before.</param>
/// <param name="notAfter">The not after.</param>
/// <returns>
/// Certificate
/// </returns>
/// <exception cref="System.ArgumentException">Invalid signature algorithm in request</exception>
/// <exception cref="System.ArgumentOutOfRangeException">Invalid lifetime units in ValidityPeriod</exception>
private X509Certificate issueCertificate(Pkcs10CertificationRequest request, Profile.Profile profile, DateTime notBefore, DateTime notAfter)
{
X509Certificate newCert;
string profileName = "";
// Parse the request
Pkcs10Parser p10 = new Pkcs10Parser(request);
// Check that correct sig algorithm has been used
DerObjectIdentifier sigAlgOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
if (!p10.SignatureAlgorithm.Equals(sigAlgOid))
{
logEvent(LogEvent.EventType.Error, "Invalid signature algorithm in request: " + p10.SignatureAlgorithm.ToString());
throw new ArgumentException("Invalid signature algorithm in request", p10.SignatureAlgorithm.ToString());
}
// Create a Cert Generator according to the FIPS 140 policy and CA Type
ICertGen certGen;
if ((fips140) && (type == CA_Type.dhTA.ToString()))
{
certGen = new SysV1CertGen();
}
else if ((fips140) && (type != CA_Type.dhTA.ToString()))
{
certGen = new SysV3CertGen(policyEnforcement);
}
else
{
certGen = new BcV3CertGen(policyEnforcement);
}
// Setup the certificate
certGen.SetSerialNumber(nextCertSerial());
certGen.SetIssuerDN(caCertificate.SubjectDN);
certGen.SetSubjectDN(p10.Subject);
certGen.SetPublicKey(p10.PublicKey);
certGen.SetSignatureAlgorithm(signatureAlgorithm);
if (certGen.GetVersion() == X509ver.V3)
{
((V3CertGen)certGen).AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate.GetPublicKey()));
((V3CertGen)certGen).AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(p10.PublicKey));
}
// Add further extensions either from profile or request attributes
// If a profile is specified ignore all attributes apart from SubjAltName
if (profile != null)
{
// Add in SubjAltName if there is one
if ((p10.SubjectAltNames != null) && (certGen.GetVersion() == X509ver.V3))
{
bool critical = p10.IsCritical(X509Extensions.SubjectAlternativeName);
((V3CertGen)certGen).AddExtension(X509Extensions.SubjectAlternativeName, critical, p10.SubjectAltNames);
}
// Capture the profile name for database
profileName = profile.Name;
// cut the cert
newCert = generate(certGen, profile, notBefore, notAfter);
}
else // No profile
{
// Set the validity period
certGen.SetNotBefore(notBefore.ToUniversalTime());
certGen.SetNotAfter(notAfter.ToUniversalTime());
// Do what it says in the request
newCert = generate(certGen, p10.Extensions);
}
// Add certificate to the CA DB
Database.AddCertificate(newCert, request.GetDerEncoded(), profileName, dbFileLocation, caCertificate, cspParam);
logEvent(LogEvent.EventType.DBAddCert, "DB: Certificate added: " + newCert.SerialNumber.ToString());
return(newCert);
}