C# 生成自签名CA证书

C# 生成自签名CA证书

 
复制代码
                     string password = "213978863940714";
                    string signatureAlgorithm = "SHA1WithRSA";

                    // Generate RSA key pair
                    var rsaGenerator = new RsaKeyPairGenerator();
                    var randomGenerator = new CryptoApiRandomGenerator();
                    var secureRandom = new SecureRandom(randomGenerator);
                    var keyParameters = new KeyGenerationParameters(secureRandom, 1024);
                    rsaGenerator.Init(keyParameters);
                    var keyPair = rsaGenerator.GenerateKeyPair();

                    // Generate certificate
                    var attributes = new Hashtable();
                    attributes[X509Name.E] = UserInfo.idCard;//设置dn信息的邮箱地址
                    attributes[X509Name.CN] = UserInfo.idCard;//设置证书的用户,也就是颁发给谁
                    attributes[X509Name.O] = "www.shwdztc.com";//设置证书的办法者
                    attributes[X509Name.C] = "Zh";//证书的语言

                    //这里是证书颁发者的信息
                    var ordering = new ArrayList();
                    ordering.Add(X509Name.E);
                    ordering.Add(X509Name.CN);
                    ordering.Add(X509Name.O);
                    ordering.Add(X509Name.C);

                    var certificateGenerator = new X509V3CertificateGenerator();
                    //设置证书序列化号
                    certificateGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));


                    //设置颁发者dn信息
                    certificateGenerator.SetIssuerDN(new X509Name(ordering, attributes));


                    //设置证书生效时间
                    certificateGenerator.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
                    //设置证书失效时间
                    certificateGenerator.SetNotAfter(DateTime.Today.AddDays(365));
                    //设置接受者dn信息
                    certificateGenerator.SetSubjectDN(new X509Name(ordering, attributes));
                    //设置证书的公钥
                    certificateGenerator.SetPublicKey(keyPair.Public);



                    //设置证书的加密算法
                    certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
                    certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public)));


                    certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new ArrayList() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.2") }));



                    //创建证书,如果需要cer格式的证书,到这里就可以了。如果是pfx格式的就需要加上访问密码
                    var x509Certificate = certificateGenerator.Generate(keyPair.Private);






                    byte[] pkcs12Bytes = DotNetUtilities.ToX509Certificate(x509Certificate).Export(X509ContentType.Pfx, password);

                    var certificate = new X509Certificate2(pkcs12Bytes, password);

                    certificate.PrivateKey = EncryHelper.ToDotNetKey((RsaPrivateCrtKeyParameters)keyPair.Private);


                    var array = certificate.Export(X509ContentType.Pfx, password);

                    var cerArray = certificate.Export(X509ContentType.Cert);



                    string path = HttpContext.Current.Server.MapPath("~/files/userword/Word/" + UserInfo.idCard + ".pfx");
                    string pathcer = HttpContext.Current.Server.MapPath("~/files/userword/Word/" + UserInfo.idCard + ".cer");

                    FileStream fsCA = new FileStream(path, FileMode.Create);
                    //将byte数组写入文件中
                    fsCA.Write(array, 0, array.Length);
                    fsCA.Close();

                    FileStream fscer = new FileStream(pathcer, FileMode.Create);
                    //将byte数组写入文件中
                    fscer.Write(cerArray, 0, cerArray.Length);
                    fscer.Close();
复制代码

 

 
 
 

posted on 2022-06-05 16:19  漫思  阅读(502)  评论(1编辑  收藏  举报

导航