从证书收集创建/转换为CMS / pkcs7证书并将其另存为p7b

时间:2019-01-25 09:43:44

标签: certificate bouncycastle x509certificate2 pkcs#7 p7b

我正在尝试使用BouncyCastle或.net密码学类从签名的证书pem +链转换/创建PKCS7“ p7b”证书

我尝试仅使用BC而不成功,因此我仅使用BC读取pem证书,然后将其转换为X509Certificate2对象。我在寻找的结尾是一个以“ ----- BEGIN PKCS7 -----”开头的pem字符串,将其另存为p7b文件 我做了什么..

public void DownloadP7bFile(string certId)
    {
        var records = (DataView)myCertDataSource.Select(DataSourceSelectArguments.Empty);
        var selected = Guid.Parse(certId);

        foreach (DataRow row in records.Table.Rows)
        {
            if (!Guid.Parse(row.Field<Guid>("cert_id").ToString()).Equals(selected)) continue;

            var filename = row.Field<string>("cert_fqdn_main");
            var certContent2 = row.Field<string>("certHash_certificate");
            var certissuer = row.Field<string>("certHash_issuer");

            DataTable chaincerts = GetChainCertsFromDB(certissuer);

            //### get pem string from DB to BC cert objects
            Org.BouncyCastle.X509.X509Certificate serverCert = CreateCertObjFromPem(certContent2);
            Org.BouncyCastle.X509.X509Certificate interCert = CreateCertObjFromPem(chaincerts.Rows[0].Field<string>("cacert_pemhash"));
            Org.BouncyCastle.X509.X509Certificate rootCert = CreateCertObjFromPem(chaincerts.Rows[1].Field<string>("cacert_pemhash"));

            //### transform to X509Certificate2 object
            System.Security.Cryptography.X509Certificates.X509Certificate2 serverCert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2();
            System.Security.Cryptography.X509Certificates.X509Certificate2 interCert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2();
            System.Security.Cryptography.X509Certificates.X509Certificate2 rootCert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2();
            serverCert2.Import(serverCert.GetEncoded());
            interCert2.Import(interCert.GetEncoded());
            rootCert2.Import(rootCert.GetEncoded());

            //### collect all needed certificates
            var collection = new System.Security.Cryptography.X509Certificates.X509Certificate2Collection();
            collection.Add(rootCert2);
            collection.Add(interCert2);
            collection.Add(serverCert2);

            var pkcs7ContentBytes = collection.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs7);

            //### Test if pkcs7 can be read ###
            System.Security.Cryptography.Pkcs.SignedCms sigcms = new System.Security.Cryptography.Pkcs.SignedCms();
            sigcms.Decode(pkcs7ContentBytes);
            if (sigcms.Certificates.Count > 0)
            {
                Console.WriteLine("Aussteller: {0}", sigcms.Certificates[0].IssuerName.Name);
                Console.WriteLine("Gültig bis {0}", sigcms.Certificates[0].NotAfter);
            }
            var sigvar2 = sigcms.Encode();

            var pkcs7Content = Convert.ToBase64String(pkcs7ContentBytes); //das gute
            var certEncodedBytes = Convert.FromBase64String(pkcs7Content);
            var certContent = Encoding.UTF8.GetString(certEncodedBytes);

            var certContent7 = UTF8Encoding.UTF8.GetString(certEncodedBytes);
            var CertContent8 = Convert.ToBase64String(sigvar2);
            var CertContent8Bytes = Convert.FromBase64String(CertContent8);
            var certfromsig = sigcms.Certificates.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs7);

            //var pkcs7cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certEncodedBytes);
            //var pkcs7cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(sigvar2);
            //System.Security.Cryptography.Pkcs.EnvelopedCms pkcs7Envelop = new System.Security.Cryptography.Pkcs.EnvelopedCms();

            //File.WriteAllBytes(@"")

            //string utfString = Encoding.UTF8.GetString(pkcs7ContentBytes, 0, pkcs7ContentBytes.Length);
            var memoryStream = new MemoryStream(certEncodedBytes);
            //var cryptostream = new System.Security.Cryptography.CryptoStream(memoryStream);
            //memoryStream.Write(pkcs7ContentBytes, 0, pkcs7ContentBytes.Length);
            var test31 = memoryStream.ToArray();
            var test32 = memoryStream.Read(certEncodedBytes, 0, certEncodedBytes.Length);

            memoryStream.Flush();
            memoryStream.Close();


            //var test30 = DecoderConverter.ConvertX509ToPkcs7(rootCert, interCert, serverCert);

            PerformFileDownload(filename, "p7b", pkcs7Content);

            break;
        }
    }

0 个答案:

没有答案