private CreatePrivateCertificateResult ProcessCertificateAuthoritySuccessResponse(ICertificateRequestPublicPrivateKeyPair model, CertificateAuthorityRequestResponse response, CertificateSubject subject, ClaimsPrincipal user)
{
string nonce = secrets.NewSecretBase64(16);
string password = secrets.NewSecret(64);
X509Certificate2 cert = certificateProvider.InstallIssuedCertificate(response.IssuedCertificate);
SetPrivateKeyFileSystemAccess(model, cert, user);
byte[] certContent = cert.Export(X509ContentType.Pfx, password);
CreatePrivateCertificateResult result = new CreatePrivateCertificateResult()
{
Password = password,
Pfx = Convert.ToBase64String(certContent),
Status = PrivateCertificateRequestStatus.Success,
Thumbprint = cert.Thumbprint,
Id = Guid.NewGuid(),
};
List <AccessControlEntry> defaultAcl = authorizationLogic.GetDefaultCertificateAcl(user);
Certificate storedCert = new Certificate()
{
Id = result.Id,
Thumbprint = cert.Thumbprint,
PfxPassword = cipher.Encrypt(password, nonce),
WindowsApi = model.Provider,
Content = certContent,
CertificateStorageFormat = CertificateStorageFormat.Pfx,
HashAlgorithm = model.HashAlgorithm,
CipherAlgorithm = model.CipherAlgorithm,
DisplayName = model.SubjectCommonName,
HasPrivateKey = true,
ValidTo = cert.NotAfter,
ValidFrom = cert.NotBefore,
KeySize = model.KeySize,
KeyUsage = dataTransformation.ParseKeyUsage(model.KeyUsage),
Subject = subject,
Acl = defaultAcl,
PasswordNonce = nonce,
ContentDigest = hashProvider.ComputeHash(certContent)
};
certificateRepository.Insert(storedCert);
return(result);
}