用C#中的弹跳城堡签署CSR [英] Signing CSR using Bouncy Castle in C#
本文介绍了用C#中的弹跳城堡签署CSR的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已使用C#中的弹跳城堡创建了根证书和中间证书。现在我想接受并使用证书签署CSR。我到处都能得到Java解决方案。我想把Java代码转换成C#,但不想得到C#的确切文档。有人能帮个忙吗?
推荐答案
我的解决方案如下:
public string SignCSR(string str_csr, int validityInYears)
{
try
{
char[] characters = str_csr.Replace("-----BEGIN CERTIFICATE REQUEST-----", "").Replace("-----END CERTIFICATE REQUEST-----", "").ToCharArray();
byte[] csrEncode = Convert.FromBase64CharArray(characters, 0, characters.Length);
Pkcs10CertificationRequest pk10Holder = new Pkcs10CertificationRequest(csrEncode);
bool verify = pk10Holder.Verify();
if (verify == false)
{
return constants.INVALIDCERTIFICATEREQUEST;
}
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
//Import intermediate certificate and get issuer details
string pathToRootCert = Configuration["intermediatecertificatelocation"];
string intermediateIssuer = rootBusinessLogic.ImportIssuerFromPem(pathToRootCert);
// Issuer and Subject Name
//X509Name issuerDN = new X509Name(issuerName);
X509Name issuerDN = new X509Name(intermediateIssuer); //issuer is intermediate certificate here whi will sign
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(pk10Holder.GetCertificationRequestInfo().Subject);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(validityInYears);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
certificateGenerator.SetPublicKey(pk10Holder.GetPublicKey());
//Import root certificate and get issuer details
//get root private key from file
string rootKeyPathFromConfig = Configuration["intermediate_privatekeylocation"];
AsymmetricKeyParameter issuerPrivKey = rootBusinessLogic.ImportPrivateKeyFromPemFile(rootKeyPathFromConfig);
if (issuerPrivKey == null)
{
return constants.INTERMEDIATEKEYERROR;
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivKey, random);
// Selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded());
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(Convert.ToBase64String(x509.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
var str_certificate = builder.ToString();
return str_certificate ;
}
catch (Exception ex)
{
return ex.Message;
}
}
pathToRootCert是设备中存储的中间证书的路径,ImportIssuerFromPem是获取中间证书的颁发者名称的方法,rootKeyPathFromConfig是用于签名的中间证书私钥的路径,ImportPrivateKeyFromPemFile是获取AsymmetricKeyParameter格式的私钥的方法。此方法返回PEM格式的证书。
这篇关于用C#中的弹跳城堡签署CSR的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
