Мобильная версияЯ создаю оболочку для надувного замка, которая генерирует сертификат и может быть подписана другим сертификатом.
Я настроил AuthorityKeyIndentifier и имена его каталогов, чтобы они соответствовали подписи. сертификат. Я также добавил сертификаты от корня вниз по листу, но продолжаю получать ошибку 20 в openssl.
openssl verify -CAfile ROOT.cer -untrusted INTERMEDIATE.cer LEAF.cer
error 20 at 0 depth lookup: unable to get local issuer certificate
error LEAF.cer: verification failed
Вот код, который я использовал для своей оболочки генератора:
partial class X509CertificateGenerator : X509CertificateBuilder {
public Org.BouncyCastle.X509.X509Certificate Build() {
if (_X509Certificate is not null)
throw new InvalidOperationException($"{nameof(_X509Certificate)} already built.");
if (Subject is null)
throw new MissingFieldException($"{nameof(Subject)} is missing. " +
$"Call {nameof(SetSubject)} first.");
if (Issuer is null)
throw new MissingFieldException($"{nameof(Issuer)} is missing. " +
$"Call {nameof(SetIssuer)} first.");
if (SerialNumber is null)
throw new MissingFieldException($"{nameof(SerialNumber)} is missing. " +
$"Call {nameof(SetSerialNumber)} first.");
if (_CipherKeyPair is null)
throw new MissingFieldException($"{nameof(_CipherKeyPair)} is missing. " +
$"Call {nameof(WithKeyPair)} first.");
if (_SignatureFactory is null)
throw new MissingFieldException($"{nameof(_SignatureFactory)} is missing. " +
$"Call {nameof(WithKeyPair)} first.");
if (_Password is null)
throw new MissingFieldException($"{nameof(_Password)} is missing. " +
$"Call {nameof(UsePassword)} first.");
if (_SecureRandom is null)
throw new MissingFieldException($"{nameof(_SecureRandom)} is missing. " +
$"Call {nameof(WithSecureRandom)} first.");
if (_SignatureFactory is null) // NOTE: this code is unreachable
throw new MissingFieldException($"{nameof(_SignatureFactory)} is missing. " +
$"Call {nameof(WithKeyPair)} first.");
if (_KeyUsages == 0)
throw new MissingFieldException($"{nameof(_KeyUsages)} is missing. " +
$"Assign some key usage.");
_SubjectKeyIdentifier = new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(PublicKey)
);
_CertificateGenerator.SetSubjectDN(new X509Name(Subject.ToString()));
_CertificateGenerator.SetIssuerDN(new X509Name(Issuer.ToString()));
_CertificateGenerator.SetNotBefore(InvalidBefore);
_CertificateGenerator.SetNotAfter(InvalidAfter);
_CertificateGenerator.SetSerialNumber(SerialNumber);
if (_KeyUsages > 0) { _CertificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(_KeyUsages)); }
if (_ExtendedKeyUsages.Count > 0) {
_CertificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(_ExtendedKeyUsages));
}
_CertificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, _SubjectKeyIdentifier);
_CertificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, _AuthorityKeyIdentifier);
_X509Certificate = _CertificateGenerator.Generate(_SignatureFactory);
_X509CertificatesChain.Add(_X509Certificate);
return _X509Certificate;
}
public X509Certificate2 Generate() {
if (_X509Certificate2 is not null)
throw new InvalidOperationException($"{nameof(_X509Certificate2)} already built.");
if (_X509Certificate is null) // TODO: convert to warning
throw new MissingFieldException($"{nameof(_X509Certificate)} not built. " +
$"Call {nameof(Build)} first.");
// _X509Certificate.CheckValidity(DateTime.Now);
// _X509Certificate.Verify(PublicKey);
_Pkcs12Store = new Pkcs12StoreBuilder().Build();
X509CertificateEntry[] x509CertificateEntries = new X509CertificateEntry[_X509CertificatesChain.Count];
AsymmetricKeyEntry asymmetricKeyEntry = new AsymmetricKeyEntry(_CipherKeyPair.Private);
for (int i = _X509CertificatesChain.Count - 1; i >= 0; i--) {
x509CertificateEntries = new X509CertificateEntry(_X509CertificatesChain);
}
// for (int i = 0; i < _X509CertificatesChain.Count; i++) {
// x509CertificateEntries = new X509CertificateEntry(_X509CertificatesChain);
// }
_Pkcs12Store.SetKeyEntry(Subject.Name, asymmetricKeyEntry, x509CertificateEntries);
using (MemoryStream memoryStream = new MemoryStream()) {
_Pkcs12Store.Save(memoryStream, _Password.ToCharArray(), _SecureRandom);
_X509Certificate2 = new X509Certificate2(memoryStream.ToArray(), _Password, X509KeyStorageFlags.Exportable);
}
return _X509Certificate2;
}
Подробнее здесь: https://stackoverflow.com/questions/792 ... ncy-castle
Создать цепочку сертификатов в надувном замке ⇐ C#
Место общения программистов C#
-
Anonymous
1734426805
Anonymous
Я создаю оболочку для надувного замка, которая генерирует сертификат и может быть подписана другим сертификатом.
Я настроил AuthorityKeyIndentifier и имена его каталогов, чтобы они соответствовали подписи. сертификат. Я также добавил сертификаты от корня вниз по листу, но продолжаю получать ошибку 20 в openssl.
openssl verify -CAfile ROOT.cer -untrusted INTERMEDIATE.cer LEAF.cer
error 20 at 0 depth lookup: unable to get local issuer certificate
error LEAF.cer: verification failed
Вот код, который я использовал для своей оболочки генератора:
partial class X509CertificateGenerator : X509CertificateBuilder {
public Org.BouncyCastle.X509.X509Certificate Build() {
if (_X509Certificate is not null)
throw new InvalidOperationException($"{nameof(_X509Certificate)} already built.");
if (Subject is null)
throw new MissingFieldException($"{nameof(Subject)} is missing. " +
$"Call {nameof(SetSubject)} first.");
if (Issuer is null)
throw new MissingFieldException($"{nameof(Issuer)} is missing. " +
$"Call {nameof(SetIssuer)} first.");
if (SerialNumber is null)
throw new MissingFieldException($"{nameof(SerialNumber)} is missing. " +
$"Call {nameof(SetSerialNumber)} first.");
if (_CipherKeyPair is null)
throw new MissingFieldException($"{nameof(_CipherKeyPair)} is missing. " +
$"Call {nameof(WithKeyPair)} first.");
if (_SignatureFactory is null)
throw new MissingFieldException($"{nameof(_SignatureFactory)} is missing. " +
$"Call {nameof(WithKeyPair)} first.");
if (_Password is null)
throw new MissingFieldException($"{nameof(_Password)} is missing. " +
$"Call {nameof(UsePassword)} first.");
if (_SecureRandom is null)
throw new MissingFieldException($"{nameof(_SecureRandom)} is missing. " +
$"Call {nameof(WithSecureRandom)} first.");
if (_SignatureFactory is null) // NOTE: this code is unreachable
throw new MissingFieldException($"{nameof(_SignatureFactory)} is missing. " +
$"Call {nameof(WithKeyPair)} first.");
if (_KeyUsages == 0)
throw new MissingFieldException($"{nameof(_KeyUsages)} is missing. " +
$"Assign some key usage.");
_SubjectKeyIdentifier = new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(PublicKey)
);
_CertificateGenerator.SetSubjectDN(new X509Name(Subject.ToString()));
_CertificateGenerator.SetIssuerDN(new X509Name(Issuer.ToString()));
_CertificateGenerator.SetNotBefore(InvalidBefore);
_CertificateGenerator.SetNotAfter(InvalidAfter);
_CertificateGenerator.SetSerialNumber(SerialNumber);
if (_KeyUsages > 0) { _CertificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(_KeyUsages)); }
if (_ExtendedKeyUsages.Count > 0) {
_CertificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(_ExtendedKeyUsages));
}
_CertificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, _SubjectKeyIdentifier);
_CertificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, _AuthorityKeyIdentifier);
_X509Certificate = _CertificateGenerator.Generate(_SignatureFactory);
_X509CertificatesChain.Add(_X509Certificate);
return _X509Certificate;
}
public X509Certificate2 Generate() {
if (_X509Certificate2 is not null)
throw new InvalidOperationException($"{nameof(_X509Certificate2)} already built.");
if (_X509Certificate is null) // TODO: convert to warning
throw new MissingFieldException($"{nameof(_X509Certificate)} not built. " +
$"Call {nameof(Build)} first.");
// _X509Certificate.CheckValidity(DateTime.Now);
// _X509Certificate.Verify(PublicKey);
_Pkcs12Store = new Pkcs12StoreBuilder().Build();
X509CertificateEntry[] x509CertificateEntries = new X509CertificateEntry[_X509CertificatesChain.Count];
AsymmetricKeyEntry asymmetricKeyEntry = new AsymmetricKeyEntry(_CipherKeyPair.Private);
for (int i = _X509CertificatesChain.Count - 1; i >= 0; i--) {
x509CertificateEntries[i] = new X509CertificateEntry(_X509CertificatesChain[i]);
}
// for (int i = 0; i < _X509CertificatesChain.Count; i++) {
// x509CertificateEntries[i] = new X509CertificateEntry(_X509CertificatesChain[i]);
// }
_Pkcs12Store.SetKeyEntry(Subject.Name, asymmetricKeyEntry, x509CertificateEntries);
using (MemoryStream memoryStream = new MemoryStream()) {
_Pkcs12Store.Save(memoryStream, _Password.ToCharArray(), _SecureRandom);
_X509Certificate2 = new X509Certificate2(memoryStream.ToArray(), _Password, X509KeyStorageFlags.Exportable);
}
return _X509Certificate2;
}
Подробнее здесь: [url]https://stackoverflow.com/questions/79286556/establish-certificate-chain-in-bouncy-castle[/url]
Ответить
1 сообщение
• Страница 1 из 1
Перейти
- Кемерово-IT
- ↳ Javascript
- ↳ C#
- ↳ JAVA
- ↳ Elasticsearch aggregation
- ↳ Python
- ↳ Php
- ↳ Android
- ↳ Html
- ↳ Jquery
- ↳ C++
- ↳ IOS
- ↳ CSS
- ↳ Excel
- ↳ Linux
- ↳ Apache
- ↳ MySql
- Детский мир
- Для души
- ↳ Музыкальные инструменты даром
- ↳ Печатная продукция даром
- Внешняя красота и здоровье
- ↳ Одежда и обувь для взрослых даром
- ↳ Товары для здоровья
- ↳ Физкультура и спорт
- Техника - даром!
- ↳ Автомобилистам
- ↳ Компьютерная техника
- ↳ Плиты: газовые и электрические
- ↳ Холодильники
- ↳ Стиральные машины
- ↳ Телевизоры
- ↳ Телефоны, смартфоны, плашеты
- ↳ Швейные машинки
- ↳ Прочая электроника и техника
- ↳ Фототехника
- Ремонт и интерьер
- ↳ Стройматериалы, инструмент
- ↳ Мебель и предметы интерьера даром
- ↳ Cантехника
- Другие темы
- ↳ Разное даром
- ↳ Давай меняться!
- ↳ Отдам\возьму за копеечку
- ↳ Работа и подработка в Кемерове
- ↳ Давай с тобой поговорим...
