[C#/COMMON] 인증서 요청 코드 생성하기

■ 인증서 요청 코드를 생성하는 방법을 보여준다.

▶ Program.cs


using System;
using System.Security.Cryptography.X509Certificates;

using CERTENROLLLib;

namespace TestProject
{
    /// <summary>
    /// 프로그램
    /// </summary>
    class Program
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Private

        #region 프로그램 시작하기 - Main()

        /// <summary>
        /// 프로그램 시작하기
        /// </summary>
        private static void Main()
        {
            Console.Title = "인증서 요청 코드 생성하기";

            string result = Generate("CN=the10", StoreLocation.CurrentUser, "Microsoft RSA SChannel Cryptographic Provider", 1024);

            Console.WriteLine(result);
        }

        #endregion

        #region 생성하기 - Generate(subject, storeLocation, providerName, keyLength)

        /// <summary>
        /// 생성하기
        /// </summary>
        /// <param name="subject">제목</param>
        /// <param name="storeLocation">저장 위치</param>
        /// <param name="providerName">제공자명</param>
        /// <param name="keyLength">키 길이</param>
        /// <returns>인증서 요청 코드</returns>
        private static string Generate(string subject, StoreLocation storeLocation, string providerName, int keyLength)
        {
            CX509CertificateRequestPkcs10 cX509CertificateRequestPkcs10 = new CX509CertificateRequestPkcs10();

            CX509PrivateKey cX509PrivateKey = new CX509PrivateKey();

            CCspInformation cCspInformation = new CCspInformation();

            CCspInformations cCspInformations = new CCspInformations();

            CX500DistinguishedName cX500DistinguishedName = new CX500DistinguishedName();

            CX509Enrollment cX509Enrollment = new CX509Enrollment();

            CObjectIds cObjectIds = new CObjectIds();

            CObjectId cObjectId1 = new CObjectId();
            CObjectId cObjectId2 = new CObjectId();

            CX509ExtensionKeyUsage cX509ExtensionKeyUsage = new CX509ExtensionKeyUsage();

            CX509ExtensionEnhancedKeyUsage cX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsage();

            string result = null;

            cCspInformations.AddAvailableCsps();

            cX509PrivateKey.ProviderName = providerName;
            cX509PrivateKey.Length       = keyLength;
            cX509PrivateKey.KeySpec      = X509KeySpec.XCN_AT_KEYEXCHANGE;
            cX509PrivateKey.KeyUsage     = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;

            if(storeLocation == StoreLocation.LocalMachine)
            {
                cX509PrivateKey.MachineContext = true;
            }
            else
            {
                cX509PrivateKey.MachineContext = false;
            }

            cX509PrivateKey.ExportPolicy    = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
            cX509PrivateKey.CspInformations = cCspInformations;

            cX509PrivateKey.Create();

            if(storeLocation == StoreLocation.LocalMachine)
            {
                cX509CertificateRequestPkcs10.InitializeFromPrivateKey
                (
                    X509CertificateEnrollmentContext.ContextMachine,
                    cX509PrivateKey,
                    string.Empty
                );
            }
            else
            {
                cX509CertificateRequestPkcs10.InitializeFromPrivateKey
                (
                    X509CertificateEnrollmentContext.ContextUser,
                    cX509PrivateKey,
                    string.Empty
                );
            }

            CObjectId hashCObjectId = new CObjectId();

            hashCObjectId.InitializeFromAlgorithmName
            (
                ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,
                ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,
                AlgorithmFlags.AlgorithmFlagsNone,
                "SHA256"
            );

            cX509CertificateRequestPkcs10.HashAlgorithm = hashCObjectId;

            cX509ExtensionKeyUsage.InitializeEncode
            (
                CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
                CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE
            );

            cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionKeyUsage);

            cObjectId1.InitializeFromValue("1.3.6.1.5.5.7.3.1");
            cObjectId2.InitializeFromValue("1.3.6.1.5.5.7.3.2");

            cObjectIds.Add(cObjectId1);
            cObjectIds.Add(cObjectId2);

            cX509ExtensionEnhancedKeyUsage.InitializeEncode(cObjectIds);

            cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionEnhancedKeyUsage);

            cX500DistinguishedName.Encode(subject, X500NameFlags.XCN_CERT_NAME_STR_SEMICOLON_FLAG);

            cX509CertificateRequestPkcs10.Subject = cX500DistinguishedName;

            cX509CertificateRequestPkcs10.SuppressDefaults = true;

            cX509Enrollment.InitializeFromRequest(cX509CertificateRequestPkcs10);

            result = cX509Enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);

            result = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + result + "-----END CERTIFICATE REQUEST-----";

            return result;
        }

        #endregion
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

using System;

using System.Security.Cryptography.X509Certificates;

using CERTENROLLLib;

namespace TestProject

{

/// <summary>

/// 프로그램

/// </summary>

class Program

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Static

//////////////////////////////////////////////////////////////////////////////// Private

#region 프로그램 시작하기 - Main()

/// <summary>

/// 프로그램 시작하기

/// </summary>

private static void Main()

{

Console.Title = "인증서 요청 코드 생성하기";

string result = Generate("CN=the10", StoreLocation.CurrentUser, "Microsoft RSA SChannel Cryptographic Provider", 1024);

Console.WriteLine(result);

}

#endregion

#region 생성하기 - Generate(subject, storeLocation, providerName, keyLength)

/// <summary>

/// 생성하기

/// </summary>

/// <param name="subject">제목</param>

/// <param name="storeLocation">저장 위치</param>

/// <param name="providerName">제공자명</param>

/// <param name="keyLength">키 길이</param>

/// <returns>인증서 요청 코드</returns>

private static string Generate(string subject, StoreLocation storeLocation, string providerName, int keyLength)

{

CX509CertificateRequestPkcs10 cX509CertificateRequestPkcs10 = new CX509CertificateRequestPkcs10();

CX509PrivateKey cX509PrivateKey = new CX509PrivateKey();

CCspInformation cCspInformation = new CCspInformation();

CCspInformations cCspInformations = new CCspInformations();

CX500DistinguishedName cX500DistinguishedName = new CX500DistinguishedName();

CX509Enrollment cX509Enrollment = new CX509Enrollment();

CObjectIds cObjectIds = new CObjectIds();

CObjectId cObjectId1 = new CObjectId();

CObjectId cObjectId2 = new CObjectId();

CX509ExtensionKeyUsage cX509ExtensionKeyUsage = new CX509ExtensionKeyUsage();

CX509ExtensionEnhancedKeyUsage cX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsage();

string result = null;

cCspInformations.AddAvailableCsps();

cX509PrivateKey.ProviderName = providerName;

cX509PrivateKey.Length = keyLength;

cX509PrivateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;

cX509PrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;

if(storeLocation == StoreLocation.LocalMachine)

{

cX509PrivateKey.MachineContext = true;

}

else

{

cX509PrivateKey.MachineContext = false;

}

cX509PrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;

cX509PrivateKey.CspInformations = cCspInformations;

cX509PrivateKey.Create();

if(storeLocation == StoreLocation.LocalMachine)

{

cX509CertificateRequestPkcs10.InitializeFromPrivateKey

(

X509CertificateEnrollmentContext.ContextMachine,

cX509PrivateKey,

string.Empty

);

}

else

{

cX509CertificateRequestPkcs10.InitializeFromPrivateKey

(

X509CertificateEnrollmentContext.ContextUser,

cX509PrivateKey,

string.Empty

);

}

CObjectId hashCObjectId = new CObjectId();

hashCObjectId.InitializeFromAlgorithmName

(

ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,

ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,

AlgorithmFlags.AlgorithmFlagsNone,

"SHA256"

);

cX509CertificateRequestPkcs10.HashAlgorithm = hashCObjectId;

cX509ExtensionKeyUsage.InitializeEncode

(

CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |

CERTENROLLLib.X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE

);

cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionKeyUsage);

cObjectId1.InitializeFromValue("1.3.6.1.5.5.7.3.1");

cObjectId2.InitializeFromValue("1.3.6.1.5.5.7.3.2");

cObjectIds.Add(cObjectId1);

cObjectIds.Add(cObjectId2);

cX509ExtensionEnhancedKeyUsage.InitializeEncode(cObjectIds);

cX509CertificateRequestPkcs10.X509Extensions.Add((CX509Extension)cX509ExtensionEnhancedKeyUsage);

cX500DistinguishedName.Encode(subject, X500NameFlags.XCN_CERT_NAME_STR_SEMICOLON_FLAG);

cX509CertificateRequestPkcs10.Subject = cX500DistinguishedName;

cX509CertificateRequestPkcs10.SuppressDefaults = true;

cX509Enrollment.InitializeFromRequest(cX509CertificateRequestPkcs10);

result = cX509Enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);

result = "-----BEGIN CERTIFICATE REQUEST-----\r\n" + result + "-----END CERTIFICATE REQUEST-----";

return result;

}

#endregion

}

※ "CertEnroll 1.0 Type Library" COM 참조를 추가한다.

TestProject.zip