编程方式读取X.509证书吊销列表(CRL)(二)应用Mono Security

作为.NET的跨平台项目,Mono拓展了.NET cryptography框架中不足的地方,具体参见官方说明:

http://www.mono-project.com/Cryptography

1. Mono的X.509 certificates类是100%使用托管代码实现的;

2. Mono推荐优先使用他们的Mono.Security.X509.*,并许诺以后有升级保障,可以支持一些加密工具;他们还说:

We pass the fifteen tests from Merlin’s xmldsig suite with success. Which is funny because Microsoft fails in one case where both a X509Certificate and an X509CRL are present in an X509Data.

唯一遗憾的是,Mono将读取CRL信息的X509CrlEntry类放在了X509Crl内部,只暴露了ArrayList(因无法访问,所以无法转换为X509CrlEntry)和一个输出byte[]类型SerialNumber的读取方法;另一提供的GetCrlEntry方法必须是已知证书或已知SerialNumber的情况下才能查找X509CrlEntry。所以,要实现更多的功能,尤其是在DN和SerialNumber的处理上,还是优先选用Bouncy Castle Crypto。

下面是X509CrlEntry的源代码:

http://www.koders.com/csharp/fid7A8A0694ACFA57ED4F39F7F93511E896CA71068E.aspx?s=mdef%3Ainsert

下载Mono for Windows安装之后,将Mono.Security.dll引入工程,读取X509Crl序列号的代码如下:

using System;
using Mono.Security.X509;
namespace Security {
    public class CrlTest {
        public CrlTest(byte[] obj) {
            X509Crl crl = new X509Crl(obj);
            for ( int i = 0; i < crl.Entries.Count; i++ ) {
                int serialNumber = Convert.ToInt32(crl[i].SerialNumber);
            }
        }
    }
}
© 2018 Silent River All Rights Reserved. 本站访客数人次 本站总访问量
Theme by hiero