从.net Framework 4.7.2中的base64字符串创建certificateRequest

时间:2018-10-30 18:10:24

标签: c# asp.net x509certificate

过去,我使用certTool通讯社CERTENROLLLib创建csr。从4.7.2版开始,您可以使用.net Framework。

可以通过在csr方法中传递所有必需的属性来创建CreateSigningRequest,并将其转换为pem base64字符串。

不幸的是,我找不到其他方法,在字段中以pem格式复制了一个csr,并从中读取了所有csr属性(cn,san,organization等)

我不想使用com lib CERTENROLLLib,openssl或其他第三方。

这就是我所做的(获取csr pem字符串),在这里和MS Framework类描述中找到了很好的示例,谢谢您的帮助

protected void createButton_Click(object sender, EventArgs e)
    {
        string csr_cn = txtb_csr_cn.Text;
        string csr_c = txtb_csr_c.Text;
        string csr_l = txtb_csr_l.Text;
        string csr_o = txtb_csr_o.Text;
        string csr_ou = txtb_csr_ou.Text;
        string csr_s = txtb_csr_s.Text;
        csr_san = sanMemo.Text.Replace(" ", "");
        if (csr_san.IndexOf(csr_cn) == -1)
        {
            if (csr_san == "")
            {
                csr_san = csr_cn;
            }
            else
            {
                csr_san = csr_cn + "," + csr_san;
            }
        }
        csr_key_size = Convert.ToInt32(combobox_csr_key.Text);
        csr_info = "CN=" + csr_cn + "," + "OU=" + csr_ou + "," + "O=" + csr_o + "," + "L=" + csr_l + "," + "S=" + csr_s + "," + "C=" + csr_c;
        notesMemo.Text = CreateCSR(); //CreateRequest();

    }

public static string CreateCSR()
    {
        string[] arrSeperator = new string[] { "," };

        RSA keySize = RSA.Create(csr_key_size);

        CertificateRequest parentReq = new CertificateRequest(csr_info,
            //"CN=Experimental Issuing Authority",
            keySize,
            HashAlgorithmName.SHA256,
            RSASignaturePadding.Pkcs1);

        parentReq.CertificateExtensions.Add(
            new X509BasicConstraintsExtension(true, false, 0, true));

        parentReq.CertificateExtensions.Add(
            new X509SubjectKeyIdentifierExtension(parentReq.PublicKey, false));


        var sanBuilder = new SubjectAlternativeNameBuilder();
        Array arrsan = csr_san.Split(arrSeperator, StringSplitOptions.RemoveEmptyEntries);
        foreach (string sanvalue in arrsan)
        {
            sanBuilder.AddDnsName(sanvalue);
        }

        parentReq.CertificateExtensions.Add(sanBuilder.Build());

        string csrdecrypt = PemEncodeSigningRequest(parentReq);
        return csrdecrypt;

}

public static string PemEncodeSigningRequest(CertificateRequest request)
    {
        byte[] pkcs10 = request.CreateSigningRequest();
        StringBuilder builder = new StringBuilder();

        builder.AppendLine("-----BEGIN CERTIFICATE REQUEST-----");

        string base64 = Convert.ToBase64String(pkcs10);

        int offset = 0;
        const int LineLength = 64;

        while (offset < base64.Length)
        {
            int lineEnd = Math.Min(offset + LineLength, base64.Length);
            builder.AppendLine(base64.Substring(offset, lineEnd - offset));
            offset = lineEnd;
        }

        builder.AppendLine("-----END CERTIFICATE REQUEST-----");
        string tester2 = builder.ToString();
        return builder.ToString();
    }

1 个答案:

答案 0 :(得分:0)

没有第三方库,没有纯粹的托管方式可以读取证书签名请求。

您可以尝试对CryptDecodeObjectEx使用P / Invoke,可能使用X509_CERT的结构标识符(每https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/constants-for-cryptencodeobject-and-cryptdecodeobject)。

但是CertificateRequest类是不带读取器的PKCS#10写入器。