LoginSignup
0
0

More than 1 year has passed since last update.

@ohisama@github

cscの作法 その216

Posted at

概要

cscの作法、調べてみた。
証明書署名要求から、証明書作ってみた。

サンプルコード

using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.X509.Extension;

public class test0 {
	public static void Main(string[] args) {
			var attributes = new Dictionary<DerObjectIdentifier, string>() {
				{ X509Name.CN, "oreoreca" },
			};
			var attributeOrder = new [] {
				X509Name.CN,
			};
			var random = new SecureRandom();
			var csrStreamReader = new StreamReader("localCA.csr");
			var csrReader = new PemReader(csrStreamReader);
			var csrPemObj = csrReader.ReadPemObject();
			var csr = new Pkcs10CertificationRequest(csrPemObj.Content);
			if (!csr.Verify()) 
				throw new Exception();
			var keyStreamReader = new StreamReader("localCA.key");
			var keyReader = new PemReader(keyStreamReader);
			var keyObj = keyReader.ReadObject() as AsymmetricCipherKeyPair;
			var privateKey = keyObj.Private;
			if (privateKey == null) 
				throw new Exception("Failed to read private key.");
			var issure = new X509Name(attributeOrder, attributes);
			var certGen = new X509V3CertificateGenerator();
			certGen.SetSerialNumber(new Org.BouncyCastle.Math.BigInteger(256, random));
			certGen.SetIssuerDN(issure);
			certGen.SetSubjectDN(csr.GetCertificationRequestInfo().Subject);
			var today = DateTime.UtcNow.Date;
			certGen.SetNotBefore(today);
			certGen.SetNotAfter(today.AddYears(1));
			certGen.SetPublicKey(csr.GetPublicKey());
			certGen.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
			certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(csr.GetPublicKey()));
			var factory = new Asn1SignatureFactory("SHA256withRSA", privateKey, random);
			var cert = certGen.Generate(factory);
			using (var sw = new StreamWriter("localCA2.crt"))
			{
				var writer = new PemWriter(sw);
				writer.WriteObject(cert);
			}
			Console.WriteLine("OK2");
	}
}

以上。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0