generateEccCsrPem static method

String generateEccCsrPem(
  1. Map<String, String> attributes,
  2. ECPrivateKey privateKey,
  3. ECPublicKey publicKey, {
  4. List<String>? san,
  5. String signingAlgorithm = 'SHA-256',
})

Generates a eliptic curve Certificate Signing Request with the given attributes using the given privateKey and publicKey.

The parameter san defines the list of subject alternative names to be placed within the CSR.

signingAlgorithm defines the algorithm to use to sign the distinguished names. Supported values are

  • SHA-1
  • SHA-224
  • SHA-256 (default)
  • SHA-384
  • SHA-512

Implementation

static String generateEccCsrPem(Map<String, String> attributes,
    ECPrivateKey privateKey, ECPublicKey publicKey,
    {List<String>? san, String signingAlgorithm = 'SHA-256'}) {
  if (!_validRsaSigner.contains(signingAlgorithm)) {
    ArgumentError('Signingalgorithm $signingAlgorithm not supported!');
  }
  var encodedDN = encodeDN(attributes);
  var publicKeySequence = _makeEccPublicKeyBlock(publicKey);

  var blockDN = ASN1Sequence();
  blockDN.add(ASN1Integer(BigInt.from(0)));
  blockDN.add(encodedDN);
  blockDN.add(publicKeySequence);
  // Check if extensions are needed
  if (san != null && san.isNotEmpty) {
    var outerBlockExt = ASN1Sequence();
    outerBlockExt.add(ASN1ObjectIdentifier.fromName('extensionRequest'));

    var setExt = ASN1Set();

    var innerBlockExt = ASN1Sequence();

    var sanExtSeq = ASN1Sequence();
    sanExtSeq.add(ASN1ObjectIdentifier.fromName('subjectAltName'));
    var sanSeq = ASN1Sequence();
    for (var s in san) {
      var sanIa5 = ASN1IA5String(stringValue: s, tag: 0x82);
      sanSeq.add(sanIa5);
    }
    var octet = ASN1OctetString(octets: sanSeq.encode());
    sanExtSeq.add(octet);

    innerBlockExt.add(sanExtSeq);

    setExt.add(innerBlockExt);

    outerBlockExt.add(setExt);

    var asn1Null = ASN1OctetString(tag: 0xA0, octets: outerBlockExt.encode());
    //asn1Null.valueBytes = outerBlockExt.encode();
    blockDN.add(asn1Null);
  } else {
    blockDN.add(ASN1Null(tag: 0xA0)); // let's call this WTF
  }

  var blockSignatureAlgorithm = ASN1Sequence();
  blockSignatureAlgorithm.add(ASN1ObjectIdentifier.fromName(
      _getOiForSigningAlgorithm(signingAlgorithm, ecc: true)));

  var ecSignature = eccSign(blockDN.encode(), privateKey, signingAlgorithm);

  var bitStringSequence = ASN1Sequence();
  bitStringSequence.add(ASN1Integer(ecSignature.r));
  bitStringSequence.add(ASN1Integer(ecSignature.s));
  var blockSignatureValue =
      ASN1BitString(stringValues: bitStringSequence.encode());

  var outer = ASN1Sequence();
  outer.add(blockDN);
  outer.add(blockSignatureAlgorithm);
  outer.add(blockSignatureValue);
  var chunks = StringUtils.chunk(base64.encode(outer.encode()), 64);
  return '$BEGIN_CSR\n${chunks.join('\r\n')}\n$END_CSR';
}