[英]Signing CSR using Bouncy Castle in C#
我在C#中使用Bouncy Castle創建了根證書和中間證書。 現在我想接受並使用證書簽署CSR 。 我到處都是 Java 解決方案。 我想將 java 代碼轉換為 C# 但沒有獲得 C# 的確切文檔。 有人可以幫忙嗎?
這是我的解決方案:
public string SignCSR(string str_csr, int validityInYears)
{
try
{
char[] characters = str_csr.Replace("-----BEGIN CERTIFICATE REQUEST-----", "").Replace("-----END CERTIFICATE REQUEST-----", "").ToCharArray();
byte[] csrEncode = Convert.FromBase64CharArray(characters, 0, characters.Length);
Pkcs10CertificationRequest pk10Holder = new Pkcs10CertificationRequest(csrEncode);
bool verify = pk10Holder.Verify();
if (verify == false)
{
return constants.INVALIDCERTIFICATEREQUEST;
}
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
//Import intermediate certificate and get issuer details
string pathToRootCert = Configuration["intermediatecertificatelocation"];
string intermediateIssuer = rootBusinessLogic.ImportIssuerFromPem(pathToRootCert);
// Issuer and Subject Name
//X509Name issuerDN = new X509Name(issuerName);
X509Name issuerDN = new X509Name(intermediateIssuer); //issuer is intermediate certificate here whi will sign
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(pk10Holder.GetCertificationRequestInfo().Subject);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(validityInYears);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
certificateGenerator.SetPublicKey(pk10Holder.GetPublicKey());
//Import root certificate and get issuer details
//get root private key from file
string rootKeyPathFromConfig = Configuration["intermediate_privatekeylocation"];
AsymmetricKeyParameter issuerPrivKey = rootBusinessLogic.ImportPrivateKeyFromPemFile(rootKeyPathFromConfig);
if (issuerPrivKey == null)
{
return constants.INTERMEDIATEKEYERROR;
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivKey, random);
// Selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded());
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(Convert.ToBase64String(x509.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
var str_certificate = builder.ToString();
return str_certificate ;
}
catch (Exception ex)
{
return ex.Message;
}
}
pathToRootCert
是存儲在設備中的中間證書的路徑, ImportIssuerFromPem
是獲取中間證書頒發者名稱的方法, ImportPrivateKeyFromPemFile
rootKeyPathFromConfig
獲取私鑰的方法采用AsymmetricKeyParameter
格式。 此方法返回 PEM 格式的證書。
我正在尋找(我認為)一個非常相似的解決方案 - 詳細信息在這里Using C# + BouncyCastle to sign a client certificate against my own CA 。
我希望您的解決方案可能解決了我的問題,但我仍然無法讓證書也包含 CA。
如果您能提供任何建議,我將不勝感激!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.