我想拥有废止证书列表,我用下面的C#代码创建了一个CRL,CRL文件是D:\Log\MyCRL.crl。
Create_Revocation_List(@"D:\Log\developer1.pfx", "password");
Create_Revocation_List(@"D:\Log\developer2.pfx", "password");
Create_Revocation_List(@"D:\Log\developer3.pfx", "password");
创建撤销名单
var issuerCertificate = new X509Certificate2(cert, password, X509KeyStorageFlags.Exportable);
var certCA = DotNetUtilities.FromX509Certificate(issuerCertificate);
var issuerName = issuerCertificate.Subject;
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
crlGen.SetIssuerDN(certCA.IssuerDN);
crlGen.SetThisUpdate(DateTime.Now);
var random = GetSecureRandom();
var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber());
string signatureAlgorithm = Models.BouncyCastle.HashType.SHA512withRSA.ToString();
ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerKeyPair.Private, random);
crlGen.AddCrlEntry(new BigInteger(issuerCertificate.GetSerialNumber()), DateTime.Now, CrlReason.PrivilegeWithdrawn);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier,
false,
new AuthorityKeyIdentifierStructure(certCA));
crlGen.AddExtension(X509Extensions.CrlNumber,
false,
new CrlNumber(new BigInteger(issuerCertificate.GetSerialNumber())));
X509Crl crlTemp = crlGen.Generate(signatureFactory);
System.IO.File.WriteAllBytes(@"d:\log\MyCRL.crl", crlTemp.GetEncoded());
为什么它只显示1个已撤销的证书,但如果我用记事本打开.crl文件,我看到有3个base64格式的已撤销证书。
非常感谢
RegardsDon
希望能帮到同样有此困扰的人...
X509CrlParser xx = new X509CrlParser();
X509Crl _ocrl = null;
try
{
_ocrl = xx.ReadCrl(System.IO.File.ReadAllBytes(@"D:\Log\mycrl.crl"));
}
catch { }
finally { }
try
{
var issuerCertificate = new X509Certificate2(@"D:\Log\myca.pfx", "password", X509KeyStorageFlags.Exportable);
var certCA = DotNetUtilities.FromX509Certificate(issuerCertificate);
var cakeypair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
var issuerName = issuerCertificate.Subject;
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
crlGen.SetIssuerDN(certCA.IssuerDN);
crlGen.SetThisUpdate(DateTime.Now);
string signatureAlgorithm = "SHA256withRSA";
ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, cakeypair.Private);
var revokedCertificate = new X509Certificate2(_cert, password, X509KeyStorageFlags.Exportable);
var revoked = DotNetUtilities.FromX509Certificate(revokedCertificate);
var revokedKeyPair = DotNetUtilities.GetKeyPair(revokedCertificate.PrivateKey);
var revokedSerialNumber = new BigInteger(revokedCertificate.GetSerialNumber());
crlGen.AddCrlEntry(revokedSerialNumber, DateTime.Now, CrlReason.PrivilegeWithdrawn);
if (_ocrl != null)
crlGen.AddCrl(_ocrl);
X509Crl _crl = crlGen.Generate(signatureFactory);
byte[] _bb = _crl.GetEncoded();
System.IO.File.WriteAllBytes(@"d:\log\mycrl.crl", _bb);