使用C#

时间:2016-07-19 20:52:56

标签: c# x509 certificate-revocation

我想编写一个监控CRL(证书撤销列表)到期日的程序。 因此,我想从CRL文件中读取以下属性: 1)生效日期 2)下一次更新 3)下一个CRL发布

我如何完成任务? 我只设法找到X509Certificate2,X509Chain,x509RevocationMode等的类型。

4 个答案:

答案 0 :(得分:2)

您可以使用X509Certificate2类来获取所需信息。

示例:处理一个认证文件

X509Certificate2 x509 = new X509Certificate2();
byte[] rawData = ReadFile(fname);
x509.Import(rawData);
var validDate= x509 . NotBefore;    
var expireDate = x509.NotAfter;


//Reads a file.
internal static byte[] ReadFile (string fileName)
{
    FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
    int size = (int)f.Length;
    byte[] data = new byte[size];
    size = f.Read(data, 0, size);
    f.Close();
    return data;
}

参考:

https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx

修改

您可以使用BouncyCastle.Crypto库来处理CRL。 下载库并引用BouncyCastle.Crypto.dll 或安装nuget包:

Install-Package BouncyCastle


  //reference library BouncyCastle.Crypto
  //http://www.bouncycastle.org/csharp/
  //Load CRL file and access its properties
    public void  GetCrlInfo(string fileName, Org.BouncyCastle.Math.BigInteger serialNumber, Org.BouncyCastle.X509.X509Certificate cert)
    {
        try
        {
            byte[] buf = ReadFile(fileName);
            X509CrlParser xx = new X509CrlParser();
            X509Crl ss = xx.ReadCrl(buf);
            var nextupdate = ss.NextUpdate;
            var isRevoked = ss.IsRevoked(cert);
            Console.WriteLine("{0} {1}",nextupdate,isRevoked);
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }

答案 1 :(得分:0)

虽然问题已得到解答,但我想补充说,还有另一个很好的开放项目,它扩展了原生.NET Framework,以便使用.NET中缺少的加密对象:https://github.com/Crypt32/pkix.net

关于CRL,我以与内置X509CRL2X509CRL2 Class类似的方式开发了X509Certificate2类。用法非常简单:

// reference System.Security.Cryptography.X509Certificates namespace
var crl = new X509CRL2(@"C:\temp\crlfile.crl");
// Effective date:
var effective = crl.ThisUpdate;
// next update:
var nextupdate = crl.NextUpdate;
// next publish:
var nextPublishExtension = crl.Extensions["1.3.6.1.4.1.311.21.4"];
if (nextPublishExtension != null) { nextPublishExtension.Format(1); }

我支持多种格式的CRL文件,包括纯二进制,Base64甚至十六进制。

通过使用此类,您不仅可以读取CRL属性,还可以生成版本2 CRL。

注意:pkix.net库依赖于另一个用于解析ASN结构的开放项目https://github.com/Crypt32/Asn1DerParser.NET

答案 2 :(得分:0)

除了哈桑(M.Hassan)帖子;

使用BouncyCastle.X509,必须将System.Security ... X509Certificate2转换为BouncyCastle证书,初始代码和编辑之间可能缺少以下功能:

using System.Security.Cryptography.X509Certificates;

public static Org.BouncyCastle.X509.X509Certificate Convert(X509Certificate2 certificate) 
{
    var certificateParser = new Org.BouncyCastle.X509.X509CertificateParser();
    var rawData = certificate.GetRawCertData();
    var bouncyCertificate = certificateParser.ReadCertificate(rawData);
    return bouncyCertificate;
}

答案 3 :(得分:0)

我们可以使用 CertEnroll win32 API。代码可以是

CX509CertificateRevocationList crl = new CX509CertificateRevocationList();
crl.InitializeDecode(File.ReadAllText(crlFile), EncodingType.XCN_CRYPT_STRING_BASE64_ANY);

将以下内容添加到 csproj 以包含 certEnrol

<ItemGroup>
<COMReference Include="CERTENROLLLib">
  <WrapperTool>tlbimp</WrapperTool>
  <VersionMinor>0</VersionMinor>
  <VersionMajor>1</VersionMajor>
  <Guid>728ab348-217d-11da-b2a4-000e7bbb2b09</Guid>
  <Lcid>0</Lcid>
  <Isolated>false</Isolated>
  <EmbedInteropTypes>true</EmbedInteropTypes>
</COMReference>
相关问题
最新问题