public string CreateCSR(IObjectHandle publicKey,
string[] dn, IObjectHandle privateKey, string[] attributes, string[] extensions)
{
if (this._disposed)
{
throw new ObjectDisposedException(this.GetType().FullName);
}
IntPtr[] dnPtr = StringArrayHelpers.ConvertStringArrayToIntPtrArray(dn);
IntPtr[] extsPtr = StringArrayHelpers.ConvertStringArrayToIntPtrArray(extensions);
IntPtr csr;
NativeULong csrLength;
CKR rv = ((LowLevelAPI81.RutokenPkcs11Library)_pkcs11Library).C_EX_CreateCSR(_sessionId, (NativeULong)(publicKey.ObjectId),
dnPtr, (NativeULong)dnPtr.Length,
out csr, out csrLength,
(NativeULong)(privateKey.ObjectId),
null, 0,
extsPtr, (NativeULong)extsPtr.Length);
StringArrayHelpers.FreeUnmanagedIntPtrArray(dnPtr);
StringArrayHelpers.FreeUnmanagedIntPtrArray(extsPtr);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_EX_CreateCSR", rv);
}
try
{
var csrString = PKIHelpers.GetBase64CSR(csr, (int)csrLength);
if (csrString.Length == 0)
{
throw new InvalidOperationException("C_EX_CreateCSR: invalid csr length");
}
return(csrString);
}
finally
{
rv = ((LowLevelAPI81.RutokenPkcs11Library)_pkcs11Library).C_EX_FreeBuffer(csr);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_EX_FreeBuffer", rv);
}
}
}
public void _LL_33_01_CreateCSR_PKCS10Test()
{
Helpers.CheckPlatform();
CKR rv = CKR.CKR_OK;
using (var pkcs11 = new RutokenPkcs11Library(Settings.Pkcs11LibraryPath))
{
// Инициализация библиотеки
rv = pkcs11.C_Initialize(Settings.InitArgs41);
if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED))
{
Assert.Fail(rv.ToString());
}
// Установление соединения с Рутокен в первом доступном слоте
NativeULong slotId = Helpers.GetUsableSlot(pkcs11);
// Открытие RW сессии
NativeULong session = CK.CK_INVALID_HANDLE;
rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero,
IntPtr.Zero, ref session);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
// Выполнение аутентификации пользователя
rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length));
if (rv != CKR.CKR_OK && rv != CKR.CKR_USER_ALREADY_LOGGED_IN)
{
Assert.Fail(rv.ToString());
}
// Генерация ключевой пары ГОСТ Р 34.10-2001
NativeULong pubKeyId = CK.CK_INVALID_HANDLE;
NativeULong privKeyId = CK.CK_INVALID_HANDLE;
Helpers.GenerateGostKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId, Settings.GostKeyPairId1);
// Создание запроса на сертификат
string[] dn =
{
"CN",
"UTF8String:Иванов",
"C",
"RU",
"2.5.4.5",
"12312312312",
"1.2.840.113549.1.9.1",
"*****@*****.**",
"ST",
"UTF8String:Москва",
};
string[] exts =
{
"keyUsage",
"digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment",
"extendedKeyUsage",
"1.2.643.2.2.34.6,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
"2.5.29.14",
"ASN1:FORMAT:HEX,OCTETSTRING:FE117B93CEC6B5065E1613E155D3A9CA597C0F81",
"1.2.643.100.111",
"ASN1:UTF8String:СКЗИ \\\"Рутокен ЭЦП 2.0\\\""
};
IntPtr[] dnPtr = StringArrayHelpers.ConvertStringArrayToIntPtrArray(dn);
IntPtr[] extsPtr = StringArrayHelpers.ConvertStringArrayToIntPtrArray(exts);
IntPtr csr;
NativeULong csrLength;
rv = pkcs11.C_EX_CreateCSR(session, pubKeyId,
dnPtr, (NativeULong)dnPtr.Length,
out csr, out csrLength,
privKeyId,
null, 0,
extsPtr, (NativeULong)extsPtr.Length);
StringArrayHelpers.FreeUnmanagedIntPtrArray(dnPtr);
StringArrayHelpers.FreeUnmanagedIntPtrArray(extsPtr);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
var csrString = PKIHelpers.GetBase64CSR(csr, (int)csrLength);
Assert.IsTrue(csrString.Length > 0);
// Очистка памяти, выделенной для полученного буфера
rv = pkcs11.C_EX_FreeBuffer(csr);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_DestroyObject(session, privKeyId);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_DestroyObject(session, pubKeyId);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_CloseSession(session);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_Finalize(IntPtr.Zero);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
}
}