Я пытаюсь добавить EnhancedKeyUsageExtension, например, OID = 1.3.6.1.5.5.7.3.2, в CSR (запрос на подпись сертификата). Я создаю файл CSR в C# из объектов BouncyCastle, и у меня Многие проблемы пытаются добавить такого рода расширение к нему. В данный момент я использую решение, добавляющее элемент в тему X509Name. Программа работает нормально, но создает в файле CSR этот элемент, который я вижу при проверке файла с помощью certutil.
OID.1.3.6.1.5.5.7.3.2=value1
Любое предложение?
public static Pki GenPki(
string commonName,
string organization,
string organizationalUnit,
string locality,
string state,
string countryIso2Characters = "US",
string emailAddress = "",
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.SHA256,
RsaKeyLength rsaKeyLength = RsaKeyLength.Length2048Bits)
{
Pki pki = new Pki();
#region Determine Signature Algorithm
string signatureAlgorithmStr;
switch (signatureAlgorithm)
{
case SignatureAlgorithm.SHA1:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id;
break;
case SignatureAlgorithm.SHA256:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id;
break;
case SignatureAlgorithm.SHA512:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id;
break;
default:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id;
break;
}
#endregion
#region Cert Info
IDictionary attrs = new Hashtable();
attrs.Add(X509Name.CN, commonName);
attrs.Add(X509Name.O, organization);
attrs.Add(X509Name.OU, organizationalUnit);
attrs.Add(X509Name.L, locality);
attrs.Add(X509Name.ST, state);
attrs.Add(X509Name.C, countryIso2Characters);
attrs.Add(X509Name.EmailAddress, emailAddress);
X509Name subject = new X509Name(new ArrayList(attrs.Keys), attrs);
var oidList = subject.GetOidList();
var valueList = subject.GetValueList();
// this is my try, but is giving me an extension like
// OID.1.3.6.1.5.5.7.3.2 = value1
DerObjectIdentifier Oid = new DerObjectIdentifier("1.3.6.1.5.5.7.3.2");
oidList.Add(Oid);
valueList.Add("Value1"); //Client
X509Name subjectFinal = new X509Name(oidList,valueList);
#endregion
#region Key Generator
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), (int)rsaKeyLength));
AsymmetricCipherKeyPair pair = rsaKeyPairGenerator.GenerateKeyPair();
#endregion
#region CSR Generator
Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithmStr, pair.Private);
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest(signatureFactory, subjectFinal, pair.Public, null);
//Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes;
//var enumerator = attributes.GetEnumerator();
#endregion
#region Convert to PEM and Output
#region Private Key
StringBuilder privateKeyStrBuilder = new StringBuilder();
PemWriter privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyStrBuilder));
privateKeyPemWriter.WriteObject(pair.Private);
privateKeyPemWriter.Writer.Flush();
pki.PrivateKey = privateKeyStrBuilder.ToString();
#endregion Private Key
#region Public Key
StringBuilder publicKeyStrBuilder = new StringBuilder();
PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
publicKeyPemWriter.WriteObject(pair.Public);
publicKeyPemWriter.Writer.Flush();
pki.PublicKey = publicKeyStrBuilder.ToString();
#endregion Public Key
#region CSR
StringBuilder csrStrBuilder = new StringBuilder();
PemWriter csrPemWriter = new PemWriter(new StringWriter(csrStrBuilder));
csrPemWriter.WriteObject(csr);
csrPemWriter.Writer.Flush();
pki.Csr = csrStrBuilder.ToString();
#endregion CSR
#endregion Convert to PEM and Output
return pki;
}
public class Pki
{
public string PrivateKey { get; set; }
public string PublicKey { get; set; }
public string Csr { get; set; }
}
public enum RsaKeyLength
{
Length2048Bits = 2048, Length3072Bits = 3072, Length4096Bits = 4096
}
public enum SignatureAlgorithm
{
SHA1, SHA256, SHA512
}
Вот результат certutil ответ:
C:\Users\mmaulini\source\repos\SecCert\SecCert\wwwroot\certfiles>certutil test.csr
Solicitud de certificado PKCS10:
Versión: 1
Sujeto:
OID.1.3.6.1.5.5.7.3.2=Value1
OU=Seg. Informática
S=CABA
O=Coelsa
CN=Servidor Principal
E=Mauro.m@outlook.com
C=AR
L=Buenos Aires
Hash de nombre(sha1): 44c4011d5312526aeef7ca31347e26611d49d75f
Hash de nombre(md5): b52d189666227abb6e0f9acb9300846e