堆栈内存溢出
  简体   繁体   English

如何从.NET中的X509Certificate2中提取AuthorityKeyIdentifier

[英]How to extract the AuthorityKeyIdentifier from a X509Certificate2 in .NET

 原文  2012-08-27 19:04:25       c#/ x509/ x509certificate2

问题描述

I am looking for a way to extract the AuthorityKeyIdentifier extension from an X509Certificate2 instance. 我正在寻找一种从X509Certificate2实例中提取AuthorityKeyIdentifier扩展的方法。 I did not see any built-in support for this but since windows can properly construct a certificate chain I know the functionality has to exist at some level. 我没有看到任何内置支持,但由于Windows可以正确构建证书链,我知道功能必须存在于某种程度。 If the answer is to roll a DER parser, is there a good implementation that can be referenced? 如果答案是推送DER解析器,是否有可以引用的良好实现?

2 个解决方案

解决方案1
 9 已采纳  2012-08-31 12:25:23

Iterate through the extensions in the X509Certificate2.Extensions property and look for an extension with the OID 2.5.29.35 (as per http://www.alvestrand.no/objectid/2.5.29.35.html ). 迭代X509Certificate2.Extensions属性中的扩展,并查找带有OID 2.5.29.35的扩展(根据http://www.alvestrand.no/objectid/2.5.29.35.html )。 That is the AuthorityKeyIdentifier extension. 这是AuthorityKeyIdentifier扩展。

[Edit: Added the following.] [编辑:添加以下内容。]

Each member of the Extensions property is an ASN encoded. Extensions属性的每个成员都是ASN编码的。 So you can do the following to get it in a human readable or machine parsable format: 因此,您可以执行以下操作,以便以人类可读或机器可解析的格式获取它: 

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

...

X509Extension extension; // The OID 2.5.29.35 extension
AsnEncodedData asndata = new AsnEncodedData(extension.Oid, extension.RawData);
Console.WriteLine(asndata.Format(true));

For one of the Microsoft intermediate CA certificates, it the Format() method returns the following: 对于Microsoft中间CA证书之一,Format()方法返回以下内容: 

[1]Authority Info Access
     Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
     Alternative Name:
          URL=http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt

It is certainly not easy to parse but you can look for a line starting with the regular expression \\[\\d+\\]Authority Info Access then find a line beneath it with the regular expression URL=(.+) (the eight spaces are unclear in the formatting) and use the URL in the parenthesized group. 解析当然不容易,但你可以找到一个以正则表达式开头的行\\[\\d+\\]Authority Info Access然后在它下面找到一条带有正则表达式URL=(.+) (八个空格不清楚在格式化)并使用括号组中的URL。

解决方案2
 0  2012-08-27 19:50:27

There's an easier option available - take some existing component that provides more flexibility in handling certificates. 有一个更简单的选项 - 采用一些现有的组件,可以更灵活地处理证书。 You can use BouncyCastle or our SecureBlackbox . 您可以使用BouncyCastle或我们的SecureBlackbox

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 .NET Core 中的 PEM 文件创建 X509Certificate2 - Create X509Certificate2 from PEM file in .NET Core 如何以编程方式创建有效的自签名X509Certificate2,而不是从.NET Core中的文件加载 - How to create a valid, self-signed X509Certificate2 programmatically, not loading from file in .NET Core 如何检查 X509Certificate2 是否可导出 - How to check is X509Certificate2 exportable or not 如何从.NET中的X509证书中提取电子邮件? - How to extract the Email from a X509 Certificate in .NET? 将X509Certificate2证书与.NET中的私钥相关联 - Associating an X509Certificate2 certificate with a private key in .NET .NET Core ChannelFactory-将X509Certificate2设置为客户端证书 - .NET Core ChannelFactory - Set a X509Certificate2 as Client Certificate 如何使用.Net framework 4.7在GRPC服务器中使用windows存储证书(X509Certificate2)? - How to use windows store certificate (X509Certificate2) in GRPC server using .Net framework 4.7? X509Certificate2信息 - X509Certificate2 Info 如何在保留私钥的同时将 BouncyCastle X509Certificate 转换为 .NET Standard X509Certificate2? - How to convert BouncyCastle X509Certificate to .NET Standard X509Certificate2 while retaining the private key? X509Certificate2的RemoteCertificateValidationCallback - RemoteCertificateValidationCallback with X509Certificate2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM