c# - 如何将新的吊销证书插入 .crl 文件?
问题描述
我想撤销证书列表,我使用下面的 C# 代码创建了一个 CRL,一个 CRL 文件是 D:\Log\MyCRL.crl
Create_Revocation_List(@"D:\Log\developer1.pfx", "password");
Create_Revocation_List(@"D:\Log\developer2.pfx", "password");
Create_Revocation_List(@"D:\Log\developer3.pfx", "password");
Create_Revocation_List
var issuerCertificate = new X509Certificate2(cert, password, X509KeyStorageFlags.Exportable);
var certCA = DotNetUtilities.FromX509Certificate(issuerCertificate);
var issuerName = issuerCertificate.Subject;
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
crlGen.SetIssuerDN(certCA.IssuerDN);
crlGen.SetThisUpdate(DateTime.Now);
var random = GetSecureRandom();
var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber());
string signatureAlgorithm = Models.BouncyCastle.HashType.SHA512withRSA.ToString();
ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerKeyPair.Private, random);
crlGen.AddCrlEntry(new BigInteger(issuerCertificate.GetSerialNumber()), DateTime.Now, CrlReason.PrivilegeWithdrawn);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier,
false,
new AuthorityKeyIdentifierStructure(certCA));
crlGen.AddExtension(X509Extensions.CrlNumber,
false,
new CrlNumber(new BigInteger(issuerCertificate.GetSerialNumber())));
X509Crl crlTemp = crlGen.Generate(signatureFactory);
System.IO.File.WriteAllBytes(@"d:\log\MyCRL.crl", crlTemp.GetEncoded());
为什么它只显示 1 个已撤销的证书,但如果我用记事本打开 .crl 文件,我看到有 3 个 base64 格式的已撤销证书。
提前谢谢了
问候唐
解决方案
希望我能帮助那些也在为此苦苦挣扎的人..
X509CrlParser xx = new X509CrlParser();
X509Crl _ocrl = null;
try
{
_ocrl = xx.ReadCrl(System.IO.File.ReadAllBytes(@"D:\Log\mycrl.crl"));
}
catch { }
finally { }
try
{
var issuerCertificate = new X509Certificate2(@"D:\Log\myca.pfx", "password", X509KeyStorageFlags.Exportable);
var certCA = DotNetUtilities.FromX509Certificate(issuerCertificate);
var cakeypair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
var issuerName = issuerCertificate.Subject;
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
crlGen.SetIssuerDN(certCA.IssuerDN);
crlGen.SetThisUpdate(DateTime.Now);
string signatureAlgorithm = "SHA256withRSA";
ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, cakeypair.Private);
var revokedCertificate = new X509Certificate2(_cert, password, X509KeyStorageFlags.Exportable);
var revoked = DotNetUtilities.FromX509Certificate(revokedCertificate);
var revokedKeyPair = DotNetUtilities.GetKeyPair(revokedCertificate.PrivateKey);
var revokedSerialNumber = new BigInteger(revokedCertificate.GetSerialNumber());
crlGen.AddCrlEntry(revokedSerialNumber, DateTime.Now, CrlReason.PrivilegeWithdrawn);
if (_ocrl != null)
crlGen.AddCrl(_ocrl);
X509Crl _crl = crlGen.Generate(signatureFactory);
byte[] _bb = _crl.GetEncoded();
System.IO.File.WriteAllBytes(@"d:\log\mycrl.crl", _bb);
推荐阅读
- visual-studio-code - VS Code:编辑文件中两个点的快捷方式
- assembly - x86 汇编输出错误?
- c# - 需要 Xamarin App (Intune Azure) 的自定义配置参数值
- pandas - 使用 pandas 合并更新表中的值(如果存在于不同的表中)
- reactjs - 从 Redux Actions 中的 cuid 获取模型
- javascript - 如何根据下拉选择更改表单验证模式?
- php - 尝试使用 Laravel 检索其他页面的 ID 数据
- json - 在 Ruby 中解析非常大的 JSON 文件的正确方法是什么?
- flutter - 流生成器。错误状态:Stream 已被收听
- android - 创建项目后首次构建时出错:XML 文档结构必须在同一实体内开始和结束