我正在尝试以下列方式提交CSR请求:
require 'openssl'
require 'json'
def public_key_info
key_info = private_key.public_key.to_pem
key_info = key_info.sub! '-----BEGIN PUBLIC KEY-----', '-----BEGIN CERTIFICATE REQUEST-----'
key_info = key_info.sub! '-----END PUBLIC KEY-----', '-----END CERTIFICATE REQUEST-----'
key_info
end
# "Creating a new 2048bit RSA Keypair..."
def private_key
@private_key = OpenSSL::PKey::RSA.new 2048
end
payload = {
"CsrData" => public_key_info,
"certTemplate" => "MyTemplate"
}
encoded = JSON.generate(payload)
p "Payload is #{encoded}"
response = RestClient::Resource.new(
'http://myURL/GenerateCertificateUsingCsr',
).post encoded, :content_type => 'application/json', :accept => 'text/plain'
response_json = JSON.parse(response.body)
p response_json
请求失败并显示错误提交失败:错误解析请求。遇到ASN1错误标记值。 0x8009310b(ASN:267 CRYPT_E_ASN1_BADTAG):
{
"certTemplate":"MyTemplate",
"CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWeK196VcjZZFbKyEjpj\n8I6DjHbwiMi9I10tV41OEt9Ozp+M0V6TYOKNlJTXGxNUHD0lXFJBlS2z/PLQbW/3\n6C9xRkIclve5Uq8J2NmubnR9+NOt/cjPb4EJtMlxySq5cWOqEyq4UirUEfch9HMC\nkLwJ0MPdrDatZqfIv1IvhBiKfyqWV2jds3X60NlmvyGxnrd54dO8/OqNJNmw2BP9\n3aa21asRqB7oPW2H49o2gwDxF6ZEwymAFvU4jvO+BQLRDYTm8GslHyX9kCXWnYHg\nX7gqvek/mu7KqyIB44YyOjGYkVX76El32B08ruKlc+xZ8kFWC1bMzwZNoFEBKO6D\n9QIDAQAB\n-----END CERTIFICATE REQUEST-----"
}
{"ErrorCode"=>1005, "ErrorMessage"=>"The submission failed: Error Parsing Request ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)", "Return"=>false, "p12Data"=>nil, "certexpdate"=>nil, "serialNo"=>nil}
=> true
但是如果我从命令行创建CSR请求:
openssl req -out mytest.csr -new -newkey rsa:2048 -nodes -keyout mytest.key
然后转换了CSR,所以用\n字符串替换新行。
然后准备一个Json有效载荷:
{
"certTemplate":"MyTemplate",
"CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC8zCCAdsCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEWMBQGA1UE\nBwwNU2lsdmVyIFNwcmluZzELMAkGA1UECgwCRVMxCzAJBgNVBAsMAk1MMSAwHgYD\nVQQDDBcgbXNjbGllbnQ1MS5zYW10ZXN0LmNvbTElMCMGCSqGSIb3DQEJARYWbXNj\nbGllbnQ1MUBzYW10ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL+X4YJ041JDVfYZr2IXHEAsBc9cbtYxuLa4FkXz+enZYj+9J4qK7zl9OJ7P\nfW29jf82oyQ83RH6XrYcFJKO9cuXgkkQaNV8X6J7sbn87hHUn8xZ1SORd+OPV/ws\nHdOuuv/kQi0S1Rz9Qn7RJiEnQqC14bp50fjJDxxYBVcU/bevlMuFzf8pKQbNfWD5\nbpHHPKpN6uKAXQa2vCqRPAHMvlxCqVHf1Lmy6xojsHGDdqYcYgwG2JB140nOpKtA\nwO9jR5wF7HmqUs/u/fV+p86IaHt6rAxo8WX0Ymu+48DanMdlBqjQ222OthnTbgmD\nbW9j16kNesriu8APSpxW6f7InhsCAwEAAaAYMBYGCSqGSIb3DQEJAjEJDAdNTF9U\nVjJHMA0GCSqGSIb3DQEBCwUAA4IBAQCOxISJbXXQqFmHTwcIP+jaYM1souuptE5l\nhrG/5T1Irz357DABfQpaZkon8dIF8QRpjCY2+b44srGtbKBbnUDAgM5e+qqZjx6X\ng7Yp7LLVW9EplvMYT83M62K9UyNFqjizgXbNIxJRsApLutLBpTpB3vIpQcZYhygf\nfJx/zmN3rD3K47SdaDd9JyD7W3tnAQ1rHEG1uS+Pm9Cq5+Wi8k+nEeGHtQnY5eps\nYqA/g86m4VR5RP0+oTvq3FC57PFqrbv+lwD9brCzjAK/c/QcyBnoxnMNbFVzwhcf\nKAF82Vl9kvwOwyD8sPN19V9ldmZpMhQ/2hsuHxRLAnlwHYhqfl/9\n-----END CERTIFICATE REQUEST-----"
}
上述CSR请求正常。
上面的ruby代码我做错了什么?
答案 0 :(得分:2)
这是因为CSR请求不是pem格式的公钥。与公钥相比,CSR具有不同的ASN1表示法。这就是为什么你得到ASN1相关的错误。
关于如何使用Ruby包装器为OpenSSL创建CSR,您可以看到this gist。如您所见,您还需要指定专有名称。
def csr(key)
options = {
:country => 'PL',
:state => 'M',
:city => 'Cracow',
:organization => 'OSPL',
:department => '',
:common_name => 'OSPL',
:email => ''
}
request = OpenSSL::X509::Request.new
request.version = 0
request.subject = OpenSSL::X509::Name.new([
['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING],
['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING],
['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING],
['O', options[:organization], OpenSSL::ASN1::UTF8STRING],
['OU', options[:department], OpenSSL::ASN1::UTF8STRING],
['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING],
['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING]
])
request.public_key = key.public_key
request.sign(key, OpenSSL::Digest::SHA1.new)
end