概要
cscの作法、調べてみた。
証明書署名要求から、証明書作ってみた。
サンプルコード
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.X509.Extension;
public class test0 {
public static void Main(string[] args) {
var attributes = new Dictionary<DerObjectIdentifier, string>() {
{ X509Name.CN, "oreoreca" },
};
var attributeOrder = new [] {
X509Name.CN,
};
var random = new SecureRandom();
var csrStreamReader = new StreamReader("localCA.csr");
var csrReader = new PemReader(csrStreamReader);
var csrPemObj = csrReader.ReadPemObject();
var csr = new Pkcs10CertificationRequest(csrPemObj.Content);
if (!csr.Verify())
throw new Exception();
var keyStreamReader = new StreamReader("localCA.key");
var keyReader = new PemReader(keyStreamReader);
var keyObj = keyReader.ReadObject() as AsymmetricCipherKeyPair;
var privateKey = keyObj.Private;
if (privateKey == null)
throw new Exception("Failed to read private key.");
var issure = new X509Name(attributeOrder, attributes);
var certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(new Org.BouncyCastle.Math.BigInteger(256, random));
certGen.SetIssuerDN(issure);
certGen.SetSubjectDN(csr.GetCertificationRequestInfo().Subject);
var today = DateTime.UtcNow.Date;
certGen.SetNotBefore(today);
certGen.SetNotAfter(today.AddYears(1));
certGen.SetPublicKey(csr.GetPublicKey());
certGen.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(csr.GetPublicKey()));
var factory = new Asn1SignatureFactory("SHA256withRSA", privateKey, random);
var cert = certGen.Generate(factory);
using (var sw = new StreamWriter("localCA2.crt"))
{
var writer = new PemWriter(sw);
writer.WriteObject(cert);
}
Console.WriteLine("OK2");
}
}
以上。