/// <summary> /// Create an instance of a generic System Crypto CA /// </summary> /// <param name="ConfigFile">Full pathname to config file</param> /// <exception cref="InvalidParameterException">Invalid FIPS140 flag for this CA instance</exception> public sysCA(string ConfigFile) : base(ConfigFile) { // Make sure the CA_Type is correct if (!fips140) { throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance"); } // Get a reference to the key container for the signing key cspParam = SysKeyManager.Read(name); X509CertificateParser cp = new X509CertificateParser(); caCertificate = cp.ReadCertificate(Convert.FromBase64String(ca.Element("caCert").Value)); // Setup CA policy if (ca.Element("policyEnforcement") != null) { policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement")); } // Setup the logger startLogging(); // Expire any old certificates Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam); }
/// <summary> /// Construct a CA object /// </summary> /// <param name="ConfigFile">Full pathname to config file</param> /// <param name="Password">Password for key file</param> public simpleCA(string ConfigFile, string Password) { this.configFile = ConfigFile; this.password = Password.ToCharArray(); // Read in the configuration XDocument config; if (XmlSigning.VerifyXmlFile(configFile)) { config = XDocument.Load(configFile); } else { throw new GeneralSecurityException("Signature failed on CA config file"); } XElement ca = config.Element("OSCA").Element("CA"); this.name = ca.Element("name").Value; this.type = ca.Element("type").Value; this.dbFileLocation = ca.Element("dbFileLocation").Value; this.publicKeyAlgorithm = ca.Element("publicKeyAlgorithm").Value; this.publicKeySize = ca.Element("publicKeySize").Value; this.signatureAlgorithm = ca.Element("signatureAlgorithm").Value; this.fips140 = Convert.ToBoolean(ca.Element("fips140").Value); this.lastSerial = ca.Element("lastSerial").Value; this.crlFileLocation = ca.Element("crlFileLocation").Value; this.lastCRL = ca.Element("lastCRL").Value; this.crlInterval = Convert.ToDouble(ca.Element("crlInterval").Value); this.profilesLocation = ca.Element("profilesLocation").Value; //Read in the private key and certificate MemoryStream p12stream = new MemoryStream(Convert.FromBase64String(ca.Element("caKey").Value)); Pkcs12Store p12 = new Pkcs12Store(p12stream, password); this.privateKey = p12.GetKey(this.name).Key; this.caCertificate = p12.GetCertificate(this.name).Certificate; if (ca.Element("policyEnforcement") != null) { policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement")); } // Create CspParameters to support XML signing cspParam = SysKeyManager.LoadCsp(privateKey); // Setup the Event Logger eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam); // Check our certificate is valid // --- TODO // Log startup event logEvent(LogEvent.EventType.StartCA, "CA Started"); // Expire any old certificates Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam); }
/// <summary> /// Create an instance of a generic Bouncy Castle Crypto CA /// </summary> /// <param name="ConfigFile">Full pathname to config file</param> /// <param name="Password">Password for CA key file</param> public bcCA(string ConfigFile, string Password) : base(ConfigFile) { // Make sure the CA_Type is correct if (fips140) { throw new InvalidParameterException("Invalid FIPS140 flag for this CA instance"); } this.password = Password.ToCharArray(); //Read in the private key and certificate MemoryStream p12stream = new MemoryStream(Convert.FromBase64String(ca.Element("caKey").Value)); Pkcs12Store p12 = new Pkcs12Store(p12stream, password); this.privateKey = p12.GetKey(this.name).Key; this.caCertificate = p12.GetCertificate(this.name).Certificate; // Setup CA policy if (ca.Element("policyEnforcement") != null) { policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement")); } // Create CspParameters to support XML signing cspParam = SysKeyManager.LoadCsp(privateKey); // Setup the Event Logger eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam); // Check our certificate is valid // --- TODO // Log startup event logEvent(LogEvent.EventType.StartCA, "CA Started"); // Expire any old certificates Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam); }