/// <summary>
/// Generate an X509Certificate.
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <param name="Extensions">Extensions to include in the certificate</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(CspParameters cspParam, X509Extensions Extensions)
{
TbsCertificateStructure tbsCert = GenerateTbsCert(Extensions);
// Check this complies with policy
if (policy != null)
{
TestAgainstPolicy test = new TestAgainstPolicy(policy);
if (!test.report(tbsCert))
{
throw new PolicyEnforcementException(test.status.ToString());
}
}
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
signature = SysSigner.Sign(cert, cspParam, signatureAlgorithm);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
/// <summary>
/// Generate an X509 Certificate
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <returns>An X509 Certificate</returns>
public X509Certificate Generate(CspParameters cspParam)
{
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
signature = SysSigner.Sign(cert, cspParam, signatureAlgorithm);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
/// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
/// <param name="cspParam">CSP Parameters containing the key</param>
public X509Crl Generate(CspParameters cspParam)
{
TbsCertificateList tbsCrl = GenerateCertList();
byte[] signature;
try
{
signature = SysSigner.Sign(tbsCrl.GetDerEncoded(), cspParam, signatureAlgorithm);
}
catch (IOException e)
{
throw new CrlException("cannot generate CRL encoding", e);
}
return(new X509Crl(CertificateList.GetInstance(new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature)))));
}
internal static byte[] Sign(byte[] buffer, CspParameters cspParam, string sigAlg)
{
string algo = getAsymAlgorithm(sigAlg);
switch (algo)
{
case "RSA":
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParam))
{
return(rsa.SignData(buffer, SysSigner.getHashAlgorithm(sigAlg)));
}
case "DSA":
using (DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(cspParam))
{
return(dsa.SignData(buffer));
}
default:
throw new InvalidParameterException("Unknown asymmetric encryption algorithm " + algo);
}
}
