X509Certificate2 build(X509Certificate2 signer)
        {
            MessageSigner signerInfo = signer == null
                ? new MessageSigner(PrivateKeyInfo, HashingAlgorithm)
                : new MessageSigner(signer, HashingAlgorithm);

            signerInfo.PaddingScheme = AlternateSignatureFormat
                ? SignaturePadding.PSS
                : SignaturePadding.PKCS1;
            // initialize from v3 version
            var rawData = new List <Byte>(_versionBytes);

            // serial number
            rawData.AddRange(Asn1Utils.Encode(serialNumber, (Byte)Asn1Type.INTEGER));
            // algorithm identifier
            rawData.AddRange(signerInfo.GetAlgorithmIdentifier(AlternateSignatureFormat).RawData);
            // issuer
            rawData.AddRange(signer == null
                ? SubjectName.RawData
                : signer.SubjectName.RawData);
            // NotBefore and NotAfter
            List <Byte> date = Asn1Utils.EncodeDateTime(NotBefore).ToList();

            date.AddRange(Asn1Utils.EncodeDateTime(NotAfter));
            rawData.AddRange(Asn1Utils.Encode(date.ToArray(), 48));
            // subject
            rawData.AddRange(SubjectName.RawData);
            rawData.AddRange(PrivateKeyInfo.GetPublicKey().Encode());
            rawData.AddRange(Asn1Utils.Encode(finalExtensions.Encode(), 0xa3));
            var blob = new SignedContentBlob(Asn1Utils.Encode(rawData.ToArray(), 48), ContentBlobType.ToBeSignedBlob);

            blob.Sign(signerInfo);
            return(new X509Certificate2(blob.Encode()));
        }
示例#2
0
        /// <summary>
        /// Signs and encodes CRL object from builder information.
        /// </summary>
        /// <param name="signerInfo">Certificate which is used to sign CRL.</param>
        /// <returns>An instance of generated signed CRL object.</returns>
        public X509CRL2 BuildAndSign(MessageSigner signerInfo)
        {
            if (signerInfo == null)
            {
                throw new ArgumentNullException(nameof(signerInfo));
            }

            // create dummy blob, sign/hash it to get proper encoded signature algorithm identifier.
            var dummyBlob = new SignedContentBlob(new Byte[] { 0 }, ContentBlobType.ToBeSignedBlob);

            dummyBlob.Sign(signerInfo);
            // generate tbs
            List <Byte> tbs = buildTbs(dummyBlob.SignatureAlgorithm.RawData, signerInfo.SignerCertificate);

            // now create correct blob and sign/hash it
            var blob = new SignedContentBlob(tbs.ToArray(), ContentBlobType.ToBeSignedBlob);

            blob.Sign(signerInfo);
            return(new X509CRL2(blob.Encode()));
        }