在 C# 中使用 Bouncy Castle 签署 CSR
Signing CSR using Bouncy Castle in C#
我在 C# 中使用 Bouncy Castle 创建了根证书和中间证书。现在我想接受并使用证书签署 CSR。我到处都得到 Java 解决方案。我想将 java 代码转换为 C#,但没有获得 C# 的确切文档。有人可以帮忙吗。
这是我的解决方案:
public string SignCSR(string str_csr, int validityInYears)
{
try
{
char[] characters = str_csr.Replace("-----BEGIN CERTIFICATE REQUEST-----", "").Replace("-----END CERTIFICATE REQUEST-----", "").ToCharArray();
byte[] csrEncode = Convert.FromBase64CharArray(characters, 0, characters.Length);
Pkcs10CertificationRequest pk10Holder = new Pkcs10CertificationRequest(csrEncode);
bool verify = pk10Holder.Verify();
if (verify == false)
{
return constants.INVALIDCERTIFICATEREQUEST;
}
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
//Import intermediate certificate and get issuer details
string pathToRootCert = Configuration["intermediatecertificatelocation"];
string intermediateIssuer = rootBusinessLogic.ImportIssuerFromPem(pathToRootCert);
// Issuer and Subject Name
//X509Name issuerDN = new X509Name(issuerName);
X509Name issuerDN = new X509Name(intermediateIssuer); //issuer is intermediate certificate here whi will sign
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(pk10Holder.GetCertificationRequestInfo().Subject);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(validityInYears);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
certificateGenerator.SetPublicKey(pk10Holder.GetPublicKey());
//Import root certificate and get issuer details
//get root private key from file
string rootKeyPathFromConfig = Configuration["intermediate_privatekeylocation"];
AsymmetricKeyParameter issuerPrivKey = rootBusinessLogic.ImportPrivateKeyFromPemFile(rootKeyPathFromConfig);
if (issuerPrivKey == null)
{
return constants.INTERMEDIATEKEYERROR;
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivKey, random);
// Selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded());
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(Convert.ToBase64String(x509.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
var str_certificate = builder.ToString();
return str_certificate ;
}
catch (Exception ex)
{
return ex.Message;
}
}
pathToRootCert是设备中存储的中间证书的路径,ImportIssuerFromPem是获取中间证书颁发者名称的方法,rootKeyPathFromConfig是私有证书的路径用于签名目的的中间证书密钥,ImportPrivateKeyFromPemFile 是获取 AsymmetricKeyParameter 格式私钥的方法。此方法 returns PEM 格式的证书。
我正在寻找(我认为)非常相似的解决方案 - 此处有详细信息 Using C# + BouncyCastle to sign a client certificate against my own CA。
我希望您的解决方案可能已经解决了我的问题,但我仍然无法获得包含 CA 的证书。
如果您能提供任何建议,我将不胜感激!
我在 C# 中使用 Bouncy Castle 创建了根证书和中间证书。现在我想接受并使用证书签署 CSR。我到处都得到 Java 解决方案。我想将 java 代码转换为 C#,但没有获得 C# 的确切文档。有人可以帮忙吗。
这是我的解决方案:
public string SignCSR(string str_csr, int validityInYears)
{
try
{
char[] characters = str_csr.Replace("-----BEGIN CERTIFICATE REQUEST-----", "").Replace("-----END CERTIFICATE REQUEST-----", "").ToCharArray();
byte[] csrEncode = Convert.FromBase64CharArray(characters, 0, characters.Length);
Pkcs10CertificationRequest pk10Holder = new Pkcs10CertificationRequest(csrEncode);
bool verify = pk10Holder.Verify();
if (verify == false)
{
return constants.INVALIDCERTIFICATEREQUEST;
}
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
//Import intermediate certificate and get issuer details
string pathToRootCert = Configuration["intermediatecertificatelocation"];
string intermediateIssuer = rootBusinessLogic.ImportIssuerFromPem(pathToRootCert);
// Issuer and Subject Name
//X509Name issuerDN = new X509Name(issuerName);
X509Name issuerDN = new X509Name(intermediateIssuer); //issuer is intermediate certificate here whi will sign
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(pk10Holder.GetCertificationRequestInfo().Subject);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(validityInYears);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
certificateGenerator.SetPublicKey(pk10Holder.GetPublicKey());
//Import root certificate and get issuer details
//get root private key from file
string rootKeyPathFromConfig = Configuration["intermediate_privatekeylocation"];
AsymmetricKeyParameter issuerPrivKey = rootBusinessLogic.ImportPrivateKeyFromPemFile(rootKeyPathFromConfig);
if (issuerPrivKey == null)
{
return constants.INTERMEDIATEKEYERROR;
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivKey, random);
// Selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded());
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(Convert.ToBase64String(x509.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
var str_certificate = builder.ToString();
return str_certificate ;
}
catch (Exception ex)
{
return ex.Message;
}
}
pathToRootCert是设备中存储的中间证书的路径,ImportIssuerFromPem是获取中间证书颁发者名称的方法,rootKeyPathFromConfig是私有证书的路径用于签名目的的中间证书密钥,ImportPrivateKeyFromPemFile 是获取 AsymmetricKeyParameter 格式私钥的方法。此方法 returns PEM 格式的证书。
我正在寻找(我认为)非常相似的解决方案 - 此处有详细信息 Using C# + BouncyCastle to sign a client certificate against my own CA。
我希望您的解决方案可能已经解决了我的问题,但我仍然无法获得包含 CA 的证书。
如果您能提供任何建议,我将不胜感激!