/// <summary> /// Creates a QWAC certificate on the fly /// </summary> /// <param name="request"></param> /// <param name="privateKey"></param> /// <returns></returns> public X509Certificate2 CreateQWACs(Psd2CertificateRequest request, out RSA privateKey) { var notBefore = DateTimeOffset.UtcNow.AddDays(-1); var notAfter = DateTimeOffset.UtcNow.AddDays(request.ValidityInDays); var authorizationNumber = new NCAId(request.CountryCode, request.AuthorityId, request.AuthorizationNumber); var subject = new SubjectBuilder().AddCommonName(request.CommonName) .AddOrganization(request.Organization, request.OrganizationUnit) .AddLocation(request.CountryCode, request.State, request.City) .AddOrganizationIdentifier(authorizationNumber.ToString()) .Build(); var extensions = new List <X509Extension>(); var psd2Type = new Psd2CertificateAttributes() { AuthorityName = request.AuthorityName, AuthorizationNumber = authorizationNumber, HasAccountInformation = request.Roles.Aisp, HasPaymentInitiation = request.Roles.Pisp, HasIssuingOfCardBasedPaymentInstruments = request.Roles.Piisp, HasAccountServicing = request.Roles.Aspsp, }; var psd2Extension = new QualifiedCertificateStatementsExtension(psd2Type, critical: false); extensions.Add(psd2Extension); var certificate = CreateCertificate(CreateRootCACertificate(), subject, extensions, notBefore, notAfter, out privateKey); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { certificate.FriendlyName = "Qualified website authentication certificate QWAC"; } return(certificate.CopyWithPrivateKey(privateKey)); }
/// <summary> /// Creates a Certification Authority certificate on the fly with some madeup data in the subject. Use this as issuing cert for other self signed certificates /// </summary> /// <param name="diagnostics"></param> /// <returns></returns> public X509Certificate2 CreateRootCACertificate(DiagnosticInformation diagnostics = null) { var notBefore = DateTimeOffset.UtcNow.AddDays(-2); var notAfter = DateTimeOffset.UtcNow.AddYears(5); var subject = new SubjectBuilder().AddLocation("GR", "Attiki", "Athens") .AddOrganization("Authority CA", "IT") .AddCommonName("Authority CA Domain Name") .AddEmail("*****@*****.**") .Build(); var extensions = new List <X509Extension>(); var basicConstraints = new X509BasicConstraintsExtension( certificateAuthority: true, hasPathLengthConstraint: false, pathLengthConstraint: 0, critical: true); extensions.Add(basicConstraints); var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { certificate.FriendlyName = "Root CA"; } return(certificate); }