如何在.crl文件中插入新的废止证书?

问题描述 投票:0回答:1

我想拥有废止证书列表,我用下面的C#代码创建了一个CRL,CRL文件是D:\Log\MyCRL.crl。

Create_Revocation_List(@"D:\Log\developer1.pfx", "password");
Create_Revocation_List(@"D:\Log\developer2.pfx", "password");
Create_Revocation_List(@"D:\Log\developer3.pfx", "password");

创建撤销名单

            var issuerCertificate = new X509Certificate2(cert, password, X509KeyStorageFlags.Exportable);
            var certCA = DotNetUtilities.FromX509Certificate(issuerCertificate);
            var issuerName = issuerCertificate.Subject;

            X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
            crlGen.SetIssuerDN(certCA.IssuerDN);
            crlGen.SetThisUpdate(DateTime.Now);

            var random = GetSecureRandom();
            var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
            var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber());

            string signatureAlgorithm = Models.BouncyCastle.HashType.SHA512withRSA.ToString();
            ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerKeyPair.Private, random);

            crlGen.AddCrlEntry(new BigInteger(issuerCertificate.GetSerialNumber()), DateTime.Now, CrlReason.PrivilegeWithdrawn);

            crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier,
                               false,
                               new AuthorityKeyIdentifierStructure(certCA));

            crlGen.AddExtension(X509Extensions.CrlNumber,
                               false,
                               new CrlNumber(new BigInteger(issuerCertificate.GetSerialNumber())));

            X509Crl crlTemp = crlGen.Generate(signatureFactory);

            System.IO.File.WriteAllBytes(@"d:\log\MyCRL.crl", crlTemp.GetEncoded());

为什么它只显示1个已撤销的证书,但如果我用记事本打开.crl文件,我看到有3个base64格式的已撤销证书。

enter image description here

Only shows 1 revoked certificate

非常感谢

RegardsDon

c# bouncycastle itext7
1个回答
0
投票

希望能帮到同样有此困扰的人...

        X509CrlParser xx = new X509CrlParser();
        X509Crl _ocrl = null;

        try
        {
            _ocrl = xx.ReadCrl(System.IO.File.ReadAllBytes(@"D:\Log\mycrl.crl"));
        }
        catch { }
        finally { }

        try
        {
            var issuerCertificate = new X509Certificate2(@"D:\Log\myca.pfx", "password", X509KeyStorageFlags.Exportable);
            var certCA = DotNetUtilities.FromX509Certificate(issuerCertificate);
            var cakeypair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
            var issuerName = issuerCertificate.Subject;

            X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
            crlGen.SetIssuerDN(certCA.IssuerDN);
            crlGen.SetThisUpdate(DateTime.Now);

            string signatureAlgorithm = "SHA256withRSA";
            ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, cakeypair.Private);

            var revokedCertificate = new X509Certificate2(_cert, password, X509KeyStorageFlags.Exportable);
            var revoked = DotNetUtilities.FromX509Certificate(revokedCertificate);
            var revokedKeyPair = DotNetUtilities.GetKeyPair(revokedCertificate.PrivateKey);
            var revokedSerialNumber = new BigInteger(revokedCertificate.GetSerialNumber());

            crlGen.AddCrlEntry(revokedSerialNumber, DateTime.Now, CrlReason.PrivilegeWithdrawn);

            if (_ocrl != null)
                crlGen.AddCrl(_ocrl);


            X509Crl _crl = crlGen.Generate(signatureFactory);

            byte[] _bb = _crl.GetEncoded();
            System.IO.File.WriteAllBytes(@"d:\log\mycrl.crl", _bb);

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.