Class CpCertificateRequest

Represents an abstraction over the PKCS#10 CertificationRequestInfo and the X.509 TbsCertificate, allowing callers to create self-signed or chain-signed X.509 Public-Key Certificates, as well as create a certificate signing request blob to send to a Certificate Authority (CA).

Inheritance

object

CpCertificateRequest

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Namespace: CryptoPro.Security.Cryptography.X509Certificates

Assembly: CryptoPro.Security.Cryptography.dll

Syntax

public sealed class CpCertificateRequest

Constructors

CpCertificateRequest(CpX500DistinguishedName, CpRSA, CpHashAlgorithmName, RSASignaturePadding)

Create a CertificateRequest for the specified subject name, GOST3410 key, and hash algorithm.

Declaration

public CpCertificateRequest(CpX500DistinguishedName subjectName, CpRSA key, CpHashAlgorithmName hashAlgorithm, RSASignaturePadding padding)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
CpRSA	key	An RSA key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.
RSASignaturePadding	padding	The RSA signature padding to apply if self-signing or being signed with an X509Certificate2.

CpCertificateRequest(CpX500DistinguishedName, Gost3410)

Create a CertificateRequest for the specified subject name, GOST3410 key, and hash algorithm.

Declaration

public CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410 key)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
Gost3410	key	n GOST3410 key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.

CpCertificateRequest(CpX500DistinguishedName, Gost3410, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, GOST3410 key, and hash algorithm.

Declaration

[Obsolete("Use 'CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410 key)' overload.")]
public CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410 key, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
Gost3410	key	n GOST3410 key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

CpCertificateRequest(CpX500DistinguishedName, Gost3410_2012_256)

Create a CertificateRequest for the specified subject name, GOST3410_2012_256 key, and hash algorithm.

Declaration

public CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410_2012_256 key)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
Gost3410_2012_256	key	n GOST3410 key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.

CpCertificateRequest(CpX500DistinguishedName, Gost3410_2012_256, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, GOST3410_2012_256 key, and hash algorithm.

Declaration

[Obsolete("Use 'CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410_2012_256 key)' overload.")]
public CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410_2012_256 key, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
Gost3410_2012_256	key	n GOST3410 key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

CpCertificateRequest(CpX500DistinguishedName, Gost3410_2012_512)

Create a CertificateRequest for the specified subject name, GOST3410_2012_512 key, and hash algorithm.

Declaration

public CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410_2012_512 key)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
Gost3410_2012_512	key	n GOST3410 key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.

CpCertificateRequest(CpX500DistinguishedName, Gost3410_2012_512, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, GOST3410_2012_512 key, and hash algorithm.

Declaration

[Obsolete("Use 'CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410_2012_512 key)' overload.")]
public CpCertificateRequest(CpX500DistinguishedName subjectName, Gost3410_2012_512 key, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
Gost3410_2012_512	key	n GOST3410 key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

CpCertificateRequest(CpX500DistinguishedName, CpPublicKey, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, encoded public key, and hash algorithm.

Declaration

public CpCertificateRequest(CpX500DistinguishedName subjectName, CpPublicKey publicKey, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
CpPublicKey	publicKey	The encoded representation of the public key to include in the certificate or certificate request.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

CpCertificateRequest(CpX500DistinguishedName, CpPublicKey, CpHashAlgorithmName, RSASignaturePadding)

Create a CertificateRequest for the specified subject name, encoded public key, and hash algorithm.

Declaration

public CpCertificateRequest(CpX500DistinguishedName subjectName, CpPublicKey publicKey, CpHashAlgorithmName hashAlgorithm, RSASignaturePadding rsaSignaturePadding)

Parameters

Type	Name	Description
CpX500DistinguishedName	subjectName	The parsed representation of the subject name for the certificate or certificate request.
CpPublicKey	publicKey	The encoded representation of the public key to include in the certificate or certificate request.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.
RSASignaturePadding	rsaSignaturePadding	The RSA signature padding to use when signing this request with an RSA certificate.

CpCertificateRequest(string, CpRSA, CpHashAlgorithmName, RSASignaturePadding)

Create a CertificateRequest for the specified subject name, GOST3410 key, and hash algorithm.

Declaration

public CpCertificateRequest(string subjectName, CpRSA key, CpHashAlgorithmName hashAlgorithm, RSASignaturePadding padding)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
CpRSA	key	A RSA key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.
RSASignaturePadding	padding	The RSA signature padding to apply if self-signing or being signed with an X509Certificate2.

See Also

CpX500DistinguishedName(string)

CpCertificateRequest(string, Gost3410)

Create a CertificateRequest for the specified subject name, GOST3410 key, and hash algorithm.

Declaration

public CpCertificateRequest(string subjectName, Gost3410 key)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
Gost3410	key	A Gost key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.

See Also

CpX500DistinguishedName(string)

CpCertificateRequest(string, Gost3410, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, GOST3410 key, and hash algorithm.

Declaration

[Obsolete("Use 'CpCertificateRequest(string subjectName, Gost3410 key)' overload.")]
public CpCertificateRequest(string subjectName, Gost3410 key, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
Gost3410	key	A Gost key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

See Also

CpX500DistinguishedName(string)

CpCertificateRequest(string, Gost3410_2012_256)

Create a CertificateRequest for the specified subject name, GOST3410_2012_256 key, and hash algorithm.

Declaration

public CpCertificateRequest(string subjectName, Gost3410_2012_256 key)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
Gost3410_2012_256	key	A Gost key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.

See Also

CpX500DistinguishedName(string)

CpCertificateRequest(string, Gost3410_2012_256, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, GOST3410_2012_256 key, and hash algorithm.

Declaration

[Obsolete("Use 'CpCertificateRequest(string subjectName, Gost3410_2012_256 key)' overload.")]
public CpCertificateRequest(string subjectName, Gost3410_2012_256 key, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
Gost3410_2012_256	key	A Gost key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

See Also

X500DistinguishedName(string)

CpCertificateRequest(string, Gost3410_2012_512)

Create a CertificateRequest for the specified subject name, GOST3410_2012_512 key, and hash algorithm.

Declaration

public CpCertificateRequest(string subjectName, Gost3410_2012_512 key)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
Gost3410_2012_512	key	A Gost key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.

See Also

CpX500DistinguishedName(string)

CpCertificateRequest(string, Gost3410_2012_512, CpHashAlgorithmName)

Create a CertificateRequest for the specified subject name, GOST3410_2012_512 key, and hash algorithm.

Declaration

[Obsolete("Use 'CpCertificateRequest(string subjectName, Gost3410_2012_512 key)' overload.")]
public CpCertificateRequest(string subjectName, Gost3410_2012_512 key, CpHashAlgorithmName hashAlgorithm)

Parameters

Type	Name	Description
string	subjectName	The string representation of the subject name for the certificate or certificate request.
Gost3410_2012_512	key	A Gost key whose public key material will be included in the certificate or certificate request. This key will be used as a private key if CreateSelfSigned(DateTimeOffset, DateTimeOffset) is called.
CpHashAlgorithmName	hashAlgorithm	The hash algorithm to use when signing the certificate or certificate request.

See Also

CpX500DistinguishedName(string)

Properties

CertificateExtensions

The X.509 Certificate Extensions to include in the certificate or certificate request.

Declaration

public Collection<CpX509Extension> CertificateExtensions { get; }

Property Value

Type	Description
Collection<CpX509Extension>

HashAlgorithm

The hash algorithm to use when signing the certificate or certificate request.

Declaration

public CpHashAlgorithmName HashAlgorithm { get; }

Property Value

Type	Description
CpHashAlgorithmName

PublicKey

A PublicKey representation of the public key for the certificate or certificate request.

Declaration

public CpPublicKey PublicKey { get; }

Property Value

Type	Description
CpPublicKey

SubjectName

The X.500 Distinguished Name to use as the Subject in a created certificate or certificate request.

Declaration

public CpX500DistinguishedName SubjectName { get; }

Property Value

Type	Description
CpX500DistinguishedName

Methods

Create(CpX500DistinguishedName, CpX509SignatureGenerator, DateTimeOffset, DateTimeOffset, byte[])

Sign the current certificate request to create a chain-signed or self-signed certificate.

Declaration

public CpX509Certificate2 Create(CpX500DistinguishedName issuerName, CpX509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber)

Parameters

Type	Name	Description
CpX500DistinguishedName	issuerName	The X500DistinguishedName for the Issuer
CpX509SignatureGenerator	generator	An CpX509SignatureGenerator representing the issuing certificate authority.
DateTimeOffset	notBefore	The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
DateTimeOffset	notAfter	The date and time where this certificate is no longer considered valid.
byte[]	serialNumber	The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

Returns

Type	Description
CpX509Certificate2	The ASN.1 DER-encoded certificate, suitable to be passed to X509Certificate2(byte[]).

Exceptions

Type	Condition
ArgumentNullException	issuerName is null.
ArgumentNullException	generator is null.
ArgumentException	notAfter represents a date and time before notBefore.
ArgumentException	serialNumber is null or has length 0.
CryptographicException	Any error occurs during the signing operation.

Create(CpX509Certificate2, DateTimeOffset, DateTimeOffset, byte[])

Create a certificate using the established subject, key, and optional extensions using the provided certificate as the issuer.

Declaration

public CpX509Certificate2 Create(CpX509Certificate2 issuerCertificate, DateTimeOffset notBefore, DateTimeOffset notAfter, byte[] serialNumber)

Parameters

Type	Name	Description
CpX509Certificate2	issuerCertificate	An X509Certificate2 instance representing the issuing Certificate Authority (CA).
DateTimeOffset	notBefore	The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
DateTimeOffset	notAfter	The date and time where this certificate is no longer considered valid.
byte[]	serialNumber	The serial number to use for the new certificate. This value should be unique per issuer. The value is interpreted as an unsigned (big) integer in big endian byte ordering.

Returns

Type	Description
CpX509Certificate2	An X509Certificate2 with the specified values. The returned object will not assert HasPrivateKey.

Exceptions

Type	Condition
ArgumentNullException	issuerCertificate is null.
ArgumentException	The HasPrivateKey value for issuerCertificate is false.
ArgumentException	The type of signing key represented by issuerCertificate could not be determined.
ArgumentException	notAfter represents a date and time before notBefore.
ArgumentException	serialNumber is null or has length 0.
ArgumentException	issuerCertificate has a different key algorithm than the requested certificate.
InvalidOperationException	issuerCertificate is an RSA certificate and this object was created via a constructor which does not accept a RSASignaturePadding value.

CreateSelfSigned(DateTimeOffset, DateTimeOffset)

Create a self-signed certificate using the established subject, key, and optional extensions.

Declaration

public CpX509Certificate2 CreateSelfSigned(DateTimeOffset notBefore, DateTimeOffset notAfter)

Parameters

Type	Name	Description
DateTimeOffset	notBefore	The oldest date and time where this certificate is considered valid. Typically UtcNow, plus or minus a few seconds.
DateTimeOffset	notAfter	The date and time where this certificate is no longer considered valid.

Returns

Type	Description
CpX509Certificate2	An X509Certificate2 with the specified values. The returned object will assert HasPrivateKey.

Exceptions

Type	Condition
ArgumentException	notAfter represents a date and time before notAfter.
InvalidOperationException	A constructor was used which did not accept a signing key.
CryptographicException	Other errors during the certificate creation process.

CreateSigningRequest()

Create an ASN.1 DER-encoded PKCS#10 CertificationRequest object representing the current state of this object.

Declaration

public byte[] CreateSigningRequest()

Returns

Type	Description
byte[]	A DER-encoded certificate signing request.

Remarks

When submitting a certificate signing request via a web browser, or other graphical or textual interface, the input is frequently expected to be in the PEM (Privacy Enhanced Mail) format, instead of the DER binary format. To convert the return value to PEM format, make a string consisting of -----BEGIN CERTIFICATE REQUEST-----, a newline, the Base-64-encoded representation of the request (by convention, linewrapped at 64 characters), a newline, and -----END CERTIFICATE REQUEST-----.

public static string PemEncodeSigningRequest(CertificateRequest request, PkcsSignatureGenerator generator)
{
    byte[] pkcs10 = request.CreateSigningRequest(generator);
    StringBuilder builder = new StringBuilder();

    builder.AppendLine("-----BEGIN CERTIFICATE REQUEST-----");

    string base64 = Convert.ToBase64String(pkcs10);

    int offset = 0;
    const int LineLength = 64;

    while (offset < base64.Length)
    {
        int lineEnd = Math.Min(offset + LineLength, base64.Length);
        builder.AppendLine(base64.Substring(offset, lineEnd - offset));
        offset = lineEnd;
    }

    builder.AppendLine("-----END CERTIFICATE REQUEST-----");
    return builder.ToString();
}

CreateSigningRequest(CpX509SignatureGenerator)

Create an ASN.1 DER-encoded PKCS#10 CertificationRequest representing the current state of this object using the provided signature generator.

Declaration

public byte[] CreateSigningRequest(CpX509SignatureGenerator signatureGenerator)

Parameters

Type	Name	Description
CpX509SignatureGenerator	signatureGenerator	A CpX509SignatureGenerator with which to sign the request.

Returns

Type	Description
byte[]