public CertificateAuthority CreateIntermediateCertificateAuthority()
{
var keyPair = CertificateUtilities.CreateKeyPair();
var certificate = IssueCaCertificate(keyPair.Public);
return(new CertificateAuthority(certificate, keyPair, SharedUri, parentCa: this));
}
public static TimestampService Create(
CertificateAuthority certificateAuthority,
TimestampServiceOptions serviceOptions = null)
{
if (certificateAuthority == null)
{
throw new ArgumentNullException(nameof(certificateAuthority));
}
serviceOptions = serviceOptions ?? new TimestampServiceOptions();
var keyPair = CertificateUtilities.CreateKeyPair();
var id = Guid.NewGuid().ToString();
var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Timestamp Service ({id})");
Action <X509V3CertificateGenerator> customizeCertificate = generator =>
{
generator.AddExtension(
X509Extensions.AuthorityInfoAccess,
critical: false,
extensionValue: new DerSequence(
new AccessDescription(AccessDescription.IdADOcsp,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.OcspResponderUri.OriginalString)),
new AccessDescription(AccessDescription.IdADCAIssuers,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.CertificateUri.OriginalString))));
generator.AddExtension(
X509Extensions.AuthorityKeyIdentifier,
critical: false,
extensionValue: new AuthorityKeyIdentifierStructure(certificateAuthority.Certificate));
generator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
critical: false,
extensionValue: new SubjectKeyIdentifierStructure(keyPair.Public));
generator.AddExtension(
X509Extensions.BasicConstraints,
critical: true,
extensionValue: new BasicConstraints(cA: false));
generator.AddExtension(
X509Extensions.KeyUsage,
critical: true,
extensionValue: new KeyUsage(KeyUsage.DigitalSignature));
generator.AddExtension(
X509Extensions.ExtendedKeyUsage,
critical: true,
extensionValue: ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
};
var issueOptions = new IssueCertificateOptions()
{
KeyPair = keyPair,
SubjectName = subjectName,
CustomizeCertificate = customizeCertificate
};
var certificate = certificateAuthority.IssueCertificate(issueOptions);
var uri = certificateAuthority.GenerateRandomUri();
return(new TimestampService(certificateAuthority, certificate, keyPair, uri, serviceOptions));
}
public static IssueCertificateOptions CreateDefaultForTimestampService()
{
var keyPair = CertificateUtilities.CreateKeyPair();
var id = Guid.NewGuid().ToString();
var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Timestamp Service ({id})");
return(new IssueCertificateOptions()
{
KeyPair = keyPair,
SubjectName = subjectName
});
}
public static IssueCertificateOptions CreateDefaultForEndCertificate()
{
var keyPair = CertificateUtilities.CreateKeyPair();
var id = CertificateUtilities.GenerateRandomId();
var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Certificate ({id})");
return(new IssueCertificateOptions()
{
KeyPair = keyPair,
SubjectName = subjectName
});
}
public static CertificateAuthority Create(Uri sharedUri)
{
if (sharedUri == null)
{
throw new ArgumentNullException(nameof(sharedUri));
}
if (!sharedUri.AbsoluteUri.EndsWith("/"))
{
sharedUri = new Uri($"{sharedUri.AbsoluteUri}/");
}
var keyPair = CertificateUtilities.CreateKeyPair();
var id = Guid.NewGuid().ToString();
var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Root Certificate Authority ({id})");
var now = DateTime.UtcNow;
void customizeCertificate(X509V3CertificateGenerator generator)
{
generator.AddExtension(
X509Extensions.SubjectKeyIdentifier,
critical: false,
extensionValue: new SubjectKeyIdentifierStructure(keyPair.Public));
generator.AddExtension(
X509Extensions.BasicConstraints,
critical: true,
extensionValue: new BasicConstraints(cA: true));
generator.AddExtension(
X509Extensions.KeyUsage,
critical: true,
extensionValue: new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign | KeyUsage.CrlSign));
}
var certificate = CreateCertificate(
keyPair.Public,
keyPair.Private,
BigInteger.One,
subjectName,
subjectName,
now,
now.AddHours(2),
customizeCertificate);
return(new CertificateAuthority(certificate, keyPair, sharedUri, parentCa: null));
}
private CertificateAuthority(
X509Certificate certificate,
AsymmetricCipherKeyPair keyPair,
Uri sharedUri,
CertificateAuthority parentCa)
{
Certificate = certificate;
KeyPair = keyPair;
SharedUri = sharedUri;
Url = GenerateRandomUri();
var fingerprint = CertificateUtilities.GenerateFingerprint(certificate);
CertificateUri = new Uri(Url, $"{fingerprint}.cer");
OcspResponderUri = GenerateRandomUri();
Parent = parentCa;
_nextSerialNumber = certificate.SerialNumber.Add(BigInteger.One);
_issuedCertificates = new Dictionary <BigInteger, X509Certificate>();
_revokedCertificates = new Dictionary <BigInteger, RevocationInfo>();
_ocspResponder = new Lazy <OcspResponder>(() => OcspResponder.Create(this));
}
