C#通过CertEnroll.dll创建证书请求并生成证书

本例子的原理是,创建一个pkcs10的证书申请,再调用本地的证书颁发机构,生成证书。安装到本地计算机中。 

using CERTENROLLLib;
 using CERTCLIENTLib;
 
 
创建私有变量
private const int CC_DEFAULTCONFIG = 0;
 
        private const int CC_UIPICKCONFIG = 0x1;
 
        private const int CR_IN_BASE64 = 0x1;
 
        private const int CR_IN_FORMATANY = 0;
 
        private const int CR_IN_PKCS10 = 0x100;
 
        private const int CR_DISP_ISSUED = 0x3;
 
        private const int CR_DISP_UNDER_SUBMISSION = 0x5;
 
        private const int CR_OUT_BASE64 = 0x1;
 
        private const int CR_OUT_CHAIN = 0x100;
 
        private string sOK = "";
 
创建证书请求
public string createRequest(string name, ref string strRequest)
 
        {
 
            //  Create all the objects that will be required
 
            CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10Class();
 
            CX509PrivateKey objPrivateKey = new CX509PrivateKeyClass();
 
            CCspInformation objCSP = new CCspInformationClass();
 
            CCspInformations objCSPs = new CCspInformationsClass();
 
            CX500DistinguishedName objDN = new CX500DistinguishedNameClass();
 
            CX509Enrollment objEnroll = new CX509EnrollmentClass();
 
            CObjectIds objObjectIds = new CObjectIdsClass();
 
            CObjectId objObjectId = new CObjectIdClass();
 
            CX509ExtensionKeyUsage objExtensionKeyUsage = new CX509ExtensionKeyUsageClass();
 
            CX509ExtensionEnhancedKeyUsage objX509ExtensionEnhancedKeyUsage
		 = new CX509ExtensionEnhancedKeyUsageClass();
 
 
 
            try
 
            {
 
 
 
 
 
                //  Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
 
                objCSP.InitializeFromName(
 
                    "Microsoft Enhanced Cryptographic Provider v1.0"
 
                );
 
 
 
                //  Add this CSP object to the CSP collection object
 
                objCSPs.Add(
 
                    objCSP
 
                );
 
 
 
                //  Provide key container name, key length and key spec to the private key object
 
                //objPrivateKey.ContainerName = "AlejaCMa";
 
                objPrivateKey.Length = 1024;
 
                objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
 
                objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
 
                objPrivateKey.MachineContext = false;
 
 
 
                //  Provide the CSP collection object (in this case containing only 1 CSP object)
 
                //  to the private key object
 
                objPrivateKey.CspInformations = objCSPs;
 
 
 
                //  Create the actual key pair
 
                objPrivateKey.Create();
 
 
 
                //  Initialize the PKCS#10 certificate request object based on the private key.
 
                //  Using the context, indicate that this is a user certificate request and don't
 
                //  provide a template name
 
                objPkcs10.InitializeFromPrivateKey(
 
                    X509CertificateEnrollmentContext.ContextUser,
 
                    objPrivateKey,
 
                    ""
 
                );
 
 
 
                // Key Usage Extension 
 
                objExtensionKeyUsage.InitializeEncode(
 
                    X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
 
                    X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE |
 
                    X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
 
                    X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
 
                );
 
                objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);
 
 
 
                // Enhanced Key Usage Extension
 
                objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); // OID for Client Authentication usage
 
                objObjectIds.Add(objObjectId);
 
                objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
 
                objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);
 
 
 
                objDN.Encode(
 
                    name,
 
                    X500NameFlags.XCN_CERT_NAME_STR_NONE
 
                );
 
 
 
                //  Assing the subject name by using the Distinguished Name object initialized above
 
                objPkcs10.Subject = objDN;
 
 
 
                // Create enrollment request
 
                objEnroll.InitializeFromRequest(objPkcs10);
 
                strRequest = objEnroll.CreateRequest(
 
                    EncodingType.XCN_CRYPT_STRING_BASE64
 
                );
 
                return sOK;
 
 
 
            }
 
            catch (Exception ex)
 
            {
 
                return ex.Message;
 
            }
 
        }
 
 
4.发送证书请求到CA,证书请求批准后的到一个证书
public string sendRequest(string strRequest, ref  string strCert)
 
        {
 
            //  Create all the objects that will be required
 
            CCertConfig objCertConfig = new CCertConfigClass();
 
            CCertRequest objCertRequest = new CCertRequestClass();
 
            string strCAConfig;
 
 
 
            int iDisposition;
 
            string strDisposition;
 
 
 
            try
 
            {
 
                // Get CA config from UI
 
                //strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);
 
                strCAConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG);
 
 
 
                // Submit the request
 
                iDisposition = objCertRequest.Submit(
 
                    CR_IN_BASE64 | CR_IN_FORMATANY,
 
                    strRequest,
 
                    null,
 
                    strCAConfig
 
                );
 
 
 
                // Check the submission status
 
                if (CR_DISP_ISSUED != iDisposition) // Not enrolled
 
                {
 
                    strDisposition = objCertRequest.GetDispositionMessage();
 
 
 
                    if (CR_DISP_UNDER_SUBMISSION == iDisposition) // Pending
 
                    {
 
 
 
                        return "The submission is pending: " + strDisposition;
 
                    }
 
                    else // Failed
 
                    {
 
                        string sError;
 
                        sError = "The submission failed: " + strDisposition;
 
                        sError += "Last status: " + objCertRequest.GetLastStatus().ToString();
 
                        return sError;
 
                    }
 
                }
 
 
 
                // Get the certificate
 
                strCert = objCertRequest.GetCertificate(
 
                    CR_OUT_BASE64 | CR_OUT_CHAIN
 
                );
 
                return sOK;
 
 
 
            }
 
            catch (Exception ex)
 
            {
 
                return ex.Message;
 
            }
 
        }
 
在客户端机器上安装证书
 
public string acceptPKCS7(string strCert)
 
        {
 
            //  Create all the objects that will be required
 
            CX509Enrollment objEnroll = new CX509EnrollmentClass();
 
 
 
 
 
            try
 
            {
 
 
 
                // Install the certificate
 
                objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
 
                objEnroll.InstallResponse(
 
                    InstallResponseRestrictionFlags.AllowUntrustedRoot,
 
                    strCert,
 
                    EncodingType.XCN_CRYPT_STRING_BASE64,
 
                    null
 
                );
 
 
 
                return sOK;
 
            }
 
            catch (Exception ex)
 
            {
 
                return ex.Message;
 
            }
 
        }
 
 

你可能感兴趣的:(CA证书处理)