使用C#从CRL文件中提取属性
本文关键字:提取 属性 文件 CRL 使用 | 更新日期: 2023-09-27 17:57:48
我想写一个程序来监控CRL(证书吊销列表)的到期日期。因此,我想从CRL文件中读取以下属性:1) 生效日期2) 下一次更新3) 下一个CRL发布
我怎样才能完成我的任务?我只找到了X509Certificate2、X509Chain、x509RevocationMode等的类型。
您可以使用类X509Certificate2来获取所需的信息。
示例:处理一个认证文件
X509Certificate2 x509 = new X509Certificate2();
byte[] rawData = ReadFile(fname);
x509.Import(rawData);
var validDate= x509 . NotBefore;
var expireDate = x509.NotAfter;
//Reads a file.
internal static byte[] ReadFile (string fileName)
{
FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
int size = (int)f.Length;
byte[] data = new byte[size];
size = f.Read(data, 0, size);
f.Close();
return data;
}
参考:
https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx
编辑:
您可以使用BouncyCastle.Crypto库来处理CRL。下载库并引用BouncyCastle.Crypto.dll或者安装nuget包:
Install-Package BouncyCastle
//reference library BouncyCastle.Crypto
//http://www.bouncycastle.org/csharp/
//Load CRL file and access its properties
public void GetCrlInfo(string fileName, Org.BouncyCastle.Math.BigInteger serialNumber, Org.BouncyCastle.X509.X509Certificate cert)
{
try
{
byte[] buf = ReadFile(fileName);
X509CrlParser xx = new X509CrlParser();
X509Crl ss = xx.ReadCrl(buf);
var nextupdate = ss.NextUpdate;
var isRevoked = ss.IsRevoked(cert);
Console.WriteLine("{0} {1}",nextupdate,isRevoked);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
尽管这个问题已经得到了回答,但我想补充一点,还有另一个很好的开放项目可以扩展本机.NET Framework来处理.NET中缺少的加密对象:https://github.com/Crypt32/pkix.net
关于CRL,我以类似于内置X509Certificate2:X509CRL2类的方式开发了一个X509CRL2类。用法非常简单:
// reference System.Security.Cryptography.X509Certificates namespace
var crl = new X509CRL2(@"C:'temp'crlfile.crl");
// Effective date:
var effective = crl.ThisUpdate;
// next update:
var nextupdate = crl.NextUpdate;
// next publish:
var nextPublishExtension = crl.Extensions["1.3.6.1.4.1.311.21.4"];
if (nextPublishExtension != null) { nextPublishExtension.Format(1); }
我支持多种格式的CRL文件,包括纯二进制、Base64甚至十六进制。
通过使用这个类,您不仅可以读取CRL属性,还可以生成版本2的CRL。
注意:pkix.net库依赖于我的另一个开放项目https://github.com/Crypt32/Asn1DerParser.NET其用于解析ASN结构。
除了M.Hassan的帖子;
使用BouncyCastle.X509,您必须将System.Security…X509Certificate2转换为BouncyCCastle证书,初始代码和编辑之间缺少的功能可能是:
using System.Security.Cryptography.X509Certificates;
public static Org.BouncyCastle.X509.X509Certificate Convert(X509Certificate2 certificate)
{
var certificateParser = new Org.BouncyCastle.X509.X509CertificateParser();
var rawData = certificate.GetRawCertData();
var bouncyCertificate = certificateParser.ReadCertificate(rawData);
return bouncyCertificate;
}
我们可以使用CertEnroll win32 API。代码可以是
var bytes = File.ReadAllBytes(crlFile);
var base64 = System.Convert.ToBase64String(bytes);
CX509CertificateRevocationList crl = new CX509CertificateRevocationList();
crl.InitializeDecode(base64, EncodingType.XCN_CRYPT_STRING_BASE64_ANY);
将以下内容添加到csproj中以包含certEnroll
<ItemGroup>
<COMReference Include="CERTENROLLLib">
<WrapperTool>tlbimp</WrapperTool>
<VersionMinor>0</VersionMinor>
<VersionMajor>1</VersionMajor>
<Guid>728ab348-217d-11da-b2a4-000e7bbb2b09</Guid>
<Lcid>0</Lcid>
<Isolated>false</Isolated>
<EmbedInteropTypes>true</EmbedInteropTypes>
</COMReference>