public static X509Certificate IssueCertificate(string pkcs10Request)
        {
            Pkcs10CertificationRequest request;

            using (var _sr = new StringReader(pkcs10Request))
            {
                var pRd = new PemReader(_sr);
                request = (Pkcs10CertificationRequest)pRd.ReadObject();
                pRd.Reader.Close();
            }

            var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();
            var caKey  = (AsymmetricKeyParameter)RootCertificates.GetPrivateKeyGOST();


            var startDate  = DateTime.Now;
            var expiryDate = DateTime.Now.AddYears(1);

            var serialNumber = BigIntegers.CreateRandomInRange(
                BigInteger.ValueOf(2).Pow(63),
                BigInteger.ValueOf(2).Pow(64),
                new SecureRandom()
                );

            var certGen = new X509V3CertificateGenerator();

            var requestInfo = request.GetCertificationRequestInfo();

            certGen.SetSerialNumber(serialNumber);
            certGen.SetIssuerDN(caCert.SubjectDN);
            certGen.SetNotBefore(startDate);
            certGen.SetNotAfter(expiryDate);

            certGen.SetSubjectDN(requestInfo.Subject);
            certGen.SetPublicKey(request.GetPublicKey());

            /// extensions
            certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
                                 new AuthorityKeyIdentifierStructure(caCert));
            certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
                                 new SubjectKeyIdentifierStructure(request.GetPublicKey()));

            certGen.AddExtension(
                X509Extensions.ExtendedKeyUsage,
                true,
                new ExtendedKeyUsage(new[]
            {
                new DerObjectIdentifier("1.1.1.1.1.1.2")
            })
                );

            var signer = new GostSignerFactory(caKey);

            var certificate = certGen.Generate(signer);

            return(certificate);
        }
示例#2
0
 protected override AsymmetricKeyParameter GetRootKey()
 {
     return((AsymmetricKeyParameter)RootCertificates.GetPrivateKeyGOST());
 }