public CertificateAuthority CreateIntermediateCertificateAuthority() { var keyPair = CertificateUtilities.CreateKeyPair(); var certificate = IssueCaCertificate(keyPair.Public); return(new CertificateAuthority(certificate, keyPair, SharedUri, parentCa: this)); }
public static TimestampService Create( CertificateAuthority certificateAuthority, TimestampServiceOptions serviceOptions = null) { if (certificateAuthority == null) { throw new ArgumentNullException(nameof(certificateAuthority)); } serviceOptions = serviceOptions ?? new TimestampServiceOptions(); var keyPair = CertificateUtilities.CreateKeyPair(); var id = Guid.NewGuid().ToString(); var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Timestamp Service ({id})"); Action <X509V3CertificateGenerator> customizeCertificate = generator => { generator.AddExtension( X509Extensions.AuthorityInfoAccess, critical: false, extensionValue: new DerSequence( new AccessDescription(AccessDescription.IdADOcsp, new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.OcspResponderUri.OriginalString)), new AccessDescription(AccessDescription.IdADCAIssuers, new GeneralName(GeneralName.UniformResourceIdentifier, certificateAuthority.CertificateUri.OriginalString)))); generator.AddExtension( X509Extensions.AuthorityKeyIdentifier, critical: false, extensionValue: new AuthorityKeyIdentifierStructure(certificateAuthority.Certificate)); generator.AddExtension( X509Extensions.SubjectKeyIdentifier, critical: false, extensionValue: new SubjectKeyIdentifierStructure(keyPair.Public)); generator.AddExtension( X509Extensions.BasicConstraints, critical: true, extensionValue: new BasicConstraints(cA: false)); generator.AddExtension( X509Extensions.KeyUsage, critical: true, extensionValue: new KeyUsage(KeyUsage.DigitalSignature)); generator.AddExtension( X509Extensions.ExtendedKeyUsage, critical: true, extensionValue: ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping))); }; var issueOptions = new IssueCertificateOptions() { KeyPair = keyPair, SubjectName = subjectName, CustomizeCertificate = customizeCertificate }; var certificate = certificateAuthority.IssueCertificate(issueOptions); var uri = certificateAuthority.GenerateRandomUri(); return(new TimestampService(certificateAuthority, certificate, keyPair, uri, serviceOptions)); }
public static IssueCertificateOptions CreateDefaultForTimestampService() { var keyPair = CertificateUtilities.CreateKeyPair(); var id = Guid.NewGuid().ToString(); var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Timestamp Service ({id})"); return(new IssueCertificateOptions() { KeyPair = keyPair, SubjectName = subjectName }); }
public static IssueCertificateOptions CreateDefaultForEndCertificate() { var keyPair = CertificateUtilities.CreateKeyPair(); var id = CertificateUtilities.GenerateRandomId(); var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Certificate ({id})"); return(new IssueCertificateOptions() { KeyPair = keyPair, SubjectName = subjectName }); }
public static CertificateAuthority Create(Uri sharedUri) { if (sharedUri == null) { throw new ArgumentNullException(nameof(sharedUri)); } if (!sharedUri.AbsoluteUri.EndsWith("/")) { sharedUri = new Uri($"{sharedUri.AbsoluteUri}/"); } var keyPair = CertificateUtilities.CreateKeyPair(); var id = Guid.NewGuid().ToString(); var subjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Root Certificate Authority ({id})"); var now = DateTime.UtcNow; void customizeCertificate(X509V3CertificateGenerator generator) { generator.AddExtension( X509Extensions.SubjectKeyIdentifier, critical: false, extensionValue: new SubjectKeyIdentifierStructure(keyPair.Public)); generator.AddExtension( X509Extensions.BasicConstraints, critical: true, extensionValue: new BasicConstraints(cA: true)); generator.AddExtension( X509Extensions.KeyUsage, critical: true, extensionValue: new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign | KeyUsage.CrlSign)); } var certificate = CreateCertificate( keyPair.Public, keyPair.Private, BigInteger.One, subjectName, subjectName, now, now.AddHours(2), customizeCertificate); return(new CertificateAuthority(certificate, keyPair, sharedUri, parentCa: null)); }
private CertificateAuthority( X509Certificate certificate, AsymmetricCipherKeyPair keyPair, Uri sharedUri, CertificateAuthority parentCa) { Certificate = certificate; KeyPair = keyPair; SharedUri = sharedUri; Url = GenerateRandomUri(); var fingerprint = CertificateUtilities.GenerateFingerprint(certificate); CertificateUri = new Uri(Url, $"{fingerprint}.cer"); OcspResponderUri = GenerateRandomUri(); Parent = parentCa; _nextSerialNumber = certificate.SerialNumber.Add(BigInteger.One); _issuedCertificates = new Dictionary <BigInteger, X509Certificate>(); _revokedCertificates = new Dictionary <BigInteger, RevocationInfo>(); _ocspResponder = new Lazy <OcspResponder>(() => OcspResponder.Create(this)); }