/// <inheritdoc/>
public override X509Certificate2 CreateForRSA()
{
CreateDefaults();
if (m_rsaPublicKey != null &&
(IssuerCAKeyCert == null || !IssuerCAKeyCert.HasPrivateKey))
{
throw new NotSupportedException("Cannot use a public key without a issuer certificate with a private key.");
}
RSA rsaKeyPair = null;
RSA rsaPublicKey = m_rsaPublicKey;
if (rsaPublicKey == null)
{
rsaKeyPair = RSA.Create(m_keySize == 0 ? X509Defaults.RSAKeySize : m_keySize);
rsaPublicKey = rsaKeyPair;
}
var padding = RSASignaturePadding.Pkcs1;
var request = new CertificateRequest(SubjectName, rsaPublicKey, HashAlgorithmName, padding);
CreateX509Extensions(request, false);
X509Certificate2 signedCert;
var serialNumber = m_serialNumber.Reverse().ToArray();
if (IssuerCAKeyCert != null)
{
var issuerSubjectName = IssuerCAKeyCert.SubjectName;
using (RSA rsaIssuerKey = IssuerCAKeyCert.GetRSAPrivateKey())
{
signedCert = request.Create(
IssuerCAKeyCert.SubjectName,
X509SignatureGenerator.CreateForRSA(rsaIssuerKey, padding),
NotBefore,
NotAfter,
serialNumber
);
}
}
else
{
signedCert = request.Create(
SubjectName,
X509SignatureGenerator.CreateForRSA(rsaKeyPair, padding),
NotBefore,
NotAfter,
serialNumber
);
}
return((rsaKeyPair == null) ? signedCert : signedCert.CopyWithPrivateKey(rsaKeyPair));
}
/// <inheritdoc/>
public override X509Certificate2 CreateForECDsa()
{
if (m_ecdsaPublicKey != null && IssuerCAKeyCert == null)
{
throw new NotSupportedException("Cannot use a public key without a issuer certificate with a private key.");
}
if (m_ecdsaPublicKey == null && m_curve == null)
{
throw new NotSupportedException("Need a public key or a ECCurve to create the certificate.");
}
CreateDefaults();
ECDsa key = null;
ECDsa publicKey = m_ecdsaPublicKey;
if (publicKey == null)
{
key = ECDsa.Create((ECCurve)m_curve);
publicKey = key;
}
var request = new CertificateRequest(SubjectName, publicKey, HashAlgorithmName);
CreateX509Extensions(request, true);
var serialNumber = m_serialNumber.Reverse().ToArray();
if (IssuerCAKeyCert != null)
{
using (ECDsa issuerKey = IssuerCAKeyCert.GetECDsaPrivateKey())
{
return(request.Create(
IssuerCAKeyCert.SubjectName,
X509SignatureGenerator.CreateForECDsa(issuerKey),
NotBefore,
NotAfter,
serialNumber
));
}
}
else
{
return(request.Create(
SubjectName,
X509SignatureGenerator.CreateForECDsa(key),
NotBefore,
NotAfter,
serialNumber
)
.CopyWithPrivateKey(key));
}
}