Создание несовместимого сертификата с CA

Question

Создание несовместимого сертификата с CA

Я использую этот фрагмент кода для создания запроса, который будет отправлен на проверку в мой ЦС, но когда он прибудет, будет отказано:

С помощью:

.NET Framework 3.5
Это проект Dll
IIS 6.0
CertEnroll.dll

Нет возможности обновить технологию

[ComVisible(true), Description("Create User Key Pair")]
public String CreateBase64KeyPair(string CN)
{
    string msg = string.Empty;

    try
    {
        CX509CertificateRequestCertificate objPkcs10 = (CX509CertificateRequestCertificate)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509CertificateRequestCertificate"));
        IX509PrivateKey objPrivateKey = (IX509PrivateKey)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509PrivateKey"));
        CCspInformation objCSP = (CCspInformation)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CCspInformation"));
        CCspInformations objCSPs = (CCspInformations)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CCspInformations"));
        CX500DistinguishedName objDN = (CX500DistinguishedName)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX500DistinguishedName"));
        CX509Enrollment objEnroll = (CX509Enrollment)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509Enrollment"));
        CObjectIds objObjectIds = (CObjectIds)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CObjectIds"));
        CObjectId objObjectId = (CObjectId)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CObjectId"));
        CX509ExtensionKeyUsage objExtensionKeyUsage = (CX509ExtensionKeyUsage)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509ExtensionKeyUsage"));
        CX509ExtensionEnhancedKeyUsage objX509ExtensionEnhancedKeyUsage = (CX509ExtensionEnhancedKeyUsage)Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509ExtensionEnhancedKeyUsage"));


        //  Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
        objCSP.InitializeFromName(YPSIDCSP_NAME);
        //  Add this CSP object to the CSP collection object
        objCSPs.Add(objCSP);                
        //Provide key container name, key length and key spec to the private key object
        objPrivateKey.Length = 1024; //KEY_LEN_MY_DEFAULT
        objPrivateKey.ProviderType = X509ProviderType.XCN_PROV_RSA_FULL; //XEnroll.ProviderType=1
        objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE; //XEnroll.KeySpec=AT_KEYEXCHANGE
        objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
        objPrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
        objPrivateKey.MachineContext = false;
        //  Provide the CSP collection object (in this case containing only 1 CSP object) to the private key object
        objPrivateKey.CspInformations = objCSPs;
        //  Create the actual key pair
        objPrivateKey.Create();

        //  Initialize the PKCS#10 certificate request object based on the private key.
        //  Using the context, indicate that this is a user certificate request and don’t provide a template name
        objPkcs10.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, objPrivateKey, string.Empty);

        // Key Usage Extension
        objExtensionKeyUsage.InitializeEncode(
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE|
            CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE
        );

        objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);

        // Enhanced Key Usage Extension
        objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); // OID for Client Authentication usage

        objObjectIds.Add(objObjectId);

        objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);


        objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);


        //  Encode the name in using the Distinguished Name object
        //TODO: TDSiS: Validar essa questão da CN
        objDN.Encode("CN="+ CN.Trim(), X500NameFlags.XCN_CERT_NAME_STR_NONE);

        //  Assing the subject name by using the Distinguished Name object initialized above
        objPkcs10.Subject = objDN;

        // Create enrollment request
        objEnroll.InitializeFromRequest(objPkcs10);

        return objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);
    }
    catch (Exception ex)
    {
        return ex.Message;
    }
}

любые сомнения по поводу технических характеристик, просто скажите мне.

Заранее спасибо за помощь!:)

0

c# x509 private-key public-key certenroll

Источник

user7001211 08 ноя '16 в 19:15

0 ответов

Другие вопросы по тегам c# x509 private-key public-key certenroll