通过CertEnroll在CA上(1创建证书请求2得到证书3安装证书)
通過CertEnroll在CA上(1創建證書請求2得到證書3安裝證書)
原文網址:http://www.cnblogs.com/rippleyong/archive/2008/12/15/1355417.html
絕頂好文章,非常棒的代碼!!!
0.代碼下載
?CAtest20081215164652.rar
1.簡要說明
證書注冊API(CertificateEnrollment API)的功能是用于在客戶端程序請求一個證書,請求批準后得到一個證書,然后安裝證書。從vista開始使用的市CertEnroll.dll,之前使用的都是Xenroll.dll
我門的CA是Widows Certificate Services
CA即證書管理機構,受委托發放數字證書的第三方組織或公司。數字證書是用來建立數字簽名和公-私(public-private)密鑰對的。CA在這個過程中所起的作用就是保證獲得這一獨特證書的人就是被授權者本人。在數據安全和電子商務中,CA是一個非常重要的組成部分,因為它們確保信息交換各方的身份。
2.添加引用
?
using?CERTENROLLLib;?
using?CERTCLIENTLib;
私有變量定義?
????????private?const?int?CC_DEFAULTCONFIG?=?0;
????????private?const?int?CC_UIPICKCONFIG?=?0x1;
????????private?const?int?CR_IN_BASE64?=?0x1;
????????private?const?int?CR_IN_FORMATANY?=?0;
????????private?const?int?CR_IN_PKCS10?=?0x100;
????????private?const?int?CR_DISP_ISSUED?=?0x3;
????????private?const?int?CR_DISP_UNDER_SUBMISSION?=?0x5;
????????private?const?int?CR_OUT_BASE64?=?0x1;
????????private?const?int?CR_OUT_CHAIN?=?0x100;
????????private?string?sOK?=?"";
?
?
3.創建證書請求
????????public?string?createRequest(string?name,?ref?string?strRequest)
????????{
????????????//??Create?all?the?objects?that?will?be?required
????????????CX509CertificateRequestPkcs10?objPkcs10?=?new?CX509CertificateRequestPkcs10Class();
????????????CX509PrivateKey?objPrivateKey?=?new?CX509PrivateKeyClass();
????????????CCspInformation?objCSP?=?new?CCspInformationClass();
????????????CCspInformations?objCSPs?=?new?CCspInformationsClass();
????????????CX500DistinguishedName?objDN?=?new?CX500DistinguishedNameClass();
????????????CX509Enrollment?objEnroll?=?new?CX509EnrollmentClass();
????????????CObjectIds?objObjectIds?=?new?CObjectIdsClass();
????????????CObjectId?objObjectId?=?new?CObjectIdClass();
????????????CX509ExtensionKeyUsage?objExtensionKeyUsage?=?new?CX509ExtensionKeyUsageClass();
????????????CX509ExtensionEnhancedKeyUsage?objX509ExtensionEnhancedKeyUsage?=?new?CX509ExtensionEnhancedKeyUsageClass();
????????????try
????????????{
????????????????//??Initialize?the?csp?object?using?the?desired?Cryptograhic?Service?Provider?(CSP)
????????????????objCSP.InitializeFromName(
????????????????????"Microsoft?Enhanced?Cryptographic?Provider?v1.0"
????????????????);
????????????????//??Add?this?CSP?object?to?the?CSP?collection?object
????????????????objCSPs.Add(
????????????????????objCSP
????????????????);
????????????????//??Provide?key?container?name,?key?length?and?key?spec?to?the?private?key?object
????????????????//objPrivateKey.ContainerName?=?"AlejaCMa";
????????????????objPrivateKey.Length?=?1024;
????????????????objPrivateKey.KeySpec?=?X509KeySpec.XCN_AT_SIGNATURE;
????????????????objPrivateKey.KeyUsage?=?X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
????????????????objPrivateKey.MachineContext?=?false;
????????????????//??Provide?the?CSP?collection?object?(in?this?case?containing?only?1?CSP?object)
????????????????//??to?the?private?key?object
????????????????objPrivateKey.CspInformations?=?objCSPs;
????????????????//??Create?the?actual?key?pair
????????????????objPrivateKey.Create();
????????????????//??Initialize?the?PKCS#10?certificate?request?object?based?on?the?private?key.
????????????????//??Using?the?context,?indicate?that?this?is?a?user?certificate?request?and?don't
????????????????//??provide?a?template?name
????????????????objPkcs10.InitializeFromPrivateKey(
????????????????????X509CertificateEnrollmentContext.ContextUser,
????????????????????objPrivateKey,
????????????????????""
????????????????);
????????????????//?Key?Usage?Extension?
????????????????objExtensionKeyUsage.InitializeEncode(
????????????????????X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE?|
????????????????????X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE?|
????????????????????X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE?|
????????????????????X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
????????????????);
????????????????objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);
????????????????//?Enhanced?Key?Usage?Extension
????????????????objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");?//?OID?for?Client?Authentication?usage
????????????????objObjectIds.Add(objObjectId);
????????????????objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
????????????????objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);
????????????????objDN.Encode(
????????????????????name,
????????????????????X500NameFlags.XCN_CERT_NAME_STR_NONE
????????????????);
????????????????//??Assing?the?subject?name?by?using?the?Distinguished?Name?object?initialized?above
????????????????objPkcs10.Subject?=?objDN;
????????????????//?Create?enrollment?request
????????????????objEnroll.InitializeFromRequest(objPkcs10);
????????????????strRequest?=?objEnroll.CreateRequest(
????????????????????EncodingType.XCN_CRYPT_STRING_BASE64
????????????????);
????????????????return?sOK;
????????????}
????????????catch?(Exception?ex)
????????????{
????????????????return?ex.Message;
????????????}
????????}
?
4.發送證書請求到CA,證書請求批準后的到一個證書
?public?string?sendRequest(string?strRequest,?ref??string?strCert)
????????{
????????????//??Create?all?the?objects?that?will?be?required
????????????CCertConfig?objCertConfig?=?new?CCertConfigClass();
????????????CCertRequest?objCertRequest?=?new?CCertRequestClass();
????????????string?strCAConfig;
????????????int?iDisposition;
????????????string?strDisposition;
????????????try
????????????{
????????????????//?Get?CA?config?from?UI
????????????????//strCAConfig?=?objCertConfig.GetConfig(CC_DEFAULTCONFIG);
????????????????strCAConfig?=?objCertConfig.GetConfig(CC_UIPICKCONFIG);
????????????????//?Submit?the?request
????????????????iDisposition?=?objCertRequest.Submit(
????????????????????CR_IN_BASE64?|?CR_IN_FORMATANY,
????????????????????strRequest,
????????????????????null,
????????????????????strCAConfig
????????????????);
????????????????//?Check?the?submission?status
????????????????if?(CR_DISP_ISSUED?!=?iDisposition)?//?Not?enrolled
????????????????{
????????????????????strDisposition?=?objCertRequest.GetDispositionMessage();
????????????????????if?(CR_DISP_UNDER_SUBMISSION?==?iDisposition)?//?Pending
????????????????????{
????????????????????????return?"The?submission?is?pending:?"?+?strDisposition;
????????????????????}
????????????????????else?//?Failed
????????????????????{
????????????????????????string?sError;
????????????????????????sError?=?"The?submission?failed:?"?+?strDisposition;
????????????????????????sError?+=?"Last?status:?"?+?objCertRequest.GetLastStatus().ToString();
????????????????????????return?sError;
????????????????????}
????????????????}
????????????????//?Get?the?certificate
????????????????strCert?=?objCertRequest.GetCertificate(
????????????????????CR_OUT_BASE64?|?CR_OUT_CHAIN
????????????????);
????????????????return?sOK;
????????????}
????????????catch?(Exception?ex)
????????????{
????????????????return?ex.Message;
????????????}
????????}
?
5.在客戶端機器上安裝證書
????????public?string?acceptPKCS7(string?strCert)
????????{
????????????//??Create?all?the?objects?that?will?be?required
????????????CX509Enrollment?objEnroll?=?new?CX509EnrollmentClass();
????????????try
????????????{
????????????????//?Install?the?certificate
????????????????objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
????????????????objEnroll.InstallResponse(
????????????????????InstallResponseRestrictionFlags.AllowUntrustedRoot,
????????????????????strCert,
????????????????????EncodingType.XCN_CRYPT_STRING_BASE64,//如果使用UKEY,用ANY類型 -2013.7.31
????????????????????null
????????????????);
????????????????return?sOK;
????????????}
????????????catch?(Exception?ex)
????????????{
????????????????return?ex.Message;
????????????}
????????}
6.參考
?
總結
以上是生活随笔為你收集整理的通过CertEnroll在CA上(1创建证书请求2得到证书3安装证书)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: asp.net中的窗体身份验证
- 下一篇: com接口传入、传出字符串的说明和例程