时间戳

首页 > 解决方案 > 在 C# 中使用 Bouncy Castle 签署 CSR

c# - 在 C# 中使用 Bouncy Castle 签署 CSR

问题描述

我在C#中使用Bouncy Castle创建了根证书和中间证书。现在我想接受并使用证书签署CSR 。我到处都在获得 Java 解决方案。我想将 java 代码转换为 C#,但没有获得 C# 的确切文档。有人可以帮忙吗?

标签: c#bouncycastlesigncacsr

解决方案

这是我的解决方案:

public string SignCSR(string str_csr, int validityInYears)
        {
            try
            {
                char[] characters = str_csr.Replace("-----BEGIN CERTIFICATE REQUEST-----", "").Replace("-----END CERTIFICATE REQUEST-----", "").ToCharArray();

                byte[] csrEncode = Convert.FromBase64CharArray(characters, 0, characters.Length);
                Pkcs10CertificationRequest pk10Holder = new Pkcs10CertificationRequest(csrEncode);

                bool verify = pk10Holder.Verify();
                if (verify == false)
                {
                    return constants.INVALIDCERTIFICATEREQUEST;
                }
                // Generating Random Numbers
                CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
                SecureRandom random = new SecureRandom(randomGenerator);

                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

                // Serial Number
                BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
                certificateGenerator.SetSerialNumber(serialNumber);

                //Import intermediate certificate and get issuer details
                string pathToRootCert = Configuration["intermediatecertificatelocation"];
                string intermediateIssuer = rootBusinessLogic.ImportIssuerFromPem(pathToRootCert);

                // Issuer and Subject Name
                //X509Name issuerDN = new X509Name(issuerName);
                X509Name issuerDN = new X509Name(intermediateIssuer);  //issuer is intermediate certificate here whi will sign
                certificateGenerator.SetIssuerDN(issuerDN);
                certificateGenerator.SetSubjectDN(pk10Holder.GetCertificationRequestInfo().Subject);

                // Valid For
                DateTime notBefore = DateTime.UtcNow.Date;
                DateTime notAfter = notBefore.AddYears(validityInYears);

                certificateGenerator.SetNotBefore(notBefore);
                certificateGenerator.SetNotAfter(notAfter);

                certificateGenerator.SetPublicKey(pk10Holder.GetPublicKey());


                //Import root certificate and get issuer details
                //get root private key from file
                string rootKeyPathFromConfig = Configuration["intermediate_privatekeylocation"];
                AsymmetricKeyParameter issuerPrivKey = rootBusinessLogic.ImportPrivateKeyFromPemFile(rootKeyPathFromConfig);
                if (issuerPrivKey == null)
                {
                    return constants.INTERMEDIATEKEYERROR;
                }

                ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivKey, random);

                // Selfsign certificate
                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);

                X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded());
                StringBuilder builder = new StringBuilder();
                builder.AppendLine("-----BEGIN CERTIFICATE-----");
                builder.AppendLine(Convert.ToBase64String(x509.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
                builder.AppendLine("-----END CERTIFICATE-----");
                var str_certificate = builder.ToString();
                return str_certificate ;
            }
            catch (Exception ex)
            {
                return ex.Message;
            }
    }

pathToRootCert是存储在设备中的中间证书的路径,ImportIssuerFromPem是检索中间证书颁发者名称的方法,rootKeyPathFromConfig是用于签名目的的中间证书私钥的路径,是获取格式ImportPrivateKeyFromPemFile私钥的方法。AsymmetricKeyParameter此方法返回 PEM 格式的证书。

推荐阅读