/// <summary>
/// Gets sanitized DS object name from certificate's subject.
/// </summary>
/// <param name="fromCert">Specifies the certificate to use for DS name generation.</param>
/// <returns>Sanitized name of DS object.</returns>
/// <remarks>
/// Default method implementation checks if specified certificate is CA certificate. If true, subject name
/// is used to generate DS object name, otherwise issuer name is used to generate DS object name.
/// </remarks>
protected virtual String GetContainerName(X509Certificate2 fromCert)
{
X500DistinguishedName fullSubject;
// get the name to be used as the name in DS. If certificate subject is end entity,
// use issuer name (first attribute), if subject is CA, use subject name (first attrbiute).
if (fromCert.Version == 3)
{
// attempt to retrieve Basic Constraints extension
X509Extension ext = fromCert.Extensions[X509ExtensionOid.BasicConstraints];
// if Basic Constraints is absent, pick issuer name
if (ext == null)
{
fullSubject = fromCert.IssuerName;
}
else
{
// if Basic Constraints is presented, check if isCA attribute.
// if isCA = TRUE, use subject name, otherwise use issuer name
var bc = (X509BasicConstraintsExtension)ext.ConvertExtension();
fullSubject = bc.CertificateAuthority
? fromCert.SubjectName
: fromCert.IssuerName;
}
}
else
{
// V1 certificates are threated as end entity, so pick up issuer name.
fullSubject = fromCert.IssuerName;
}
return(generateContainerName(fullSubject));
}
