generateEccCsrPem static method
String
generateEccCsrPem(
- Map<
String, String> attributes, - ECPrivateKey privateKey,
- ECPublicKey publicKey, {
- List<
String> ? san, - String signingAlgorithm = 'SHA-256',
Generates a eliptic curve Certificate Signing Request with the given attributes
using the given privateKey
and publicKey
.
The parameter san
defines the list of subject alternative names to be placed within the CSR.
signingAlgorithm
defines the algorithm to use to sign the distinguished names. Supported values are
- SHA-1
- SHA-224
- SHA-256 (default)
- SHA-384
- SHA-512
Implementation
static String generateEccCsrPem(Map<String, String> attributes,
ECPrivateKey privateKey, ECPublicKey publicKey,
{List<String>? san, String signingAlgorithm = 'SHA-256'}) {
if (!_validRsaSigner.contains(signingAlgorithm)) {
ArgumentError('Signingalgorithm $signingAlgorithm not supported!');
}
var encodedDN = encodeDN(attributes);
var publicKeySequence = _makeEccPublicKeyBlock(publicKey);
var blockDN = ASN1Sequence();
blockDN.add(ASN1Integer(BigInt.from(0)));
blockDN.add(encodedDN);
blockDN.add(publicKeySequence);
// Check if extensions are needed
if (san != null && san.isNotEmpty) {
var outerBlockExt = ASN1Sequence();
outerBlockExt.add(ASN1ObjectIdentifier.fromName('extensionRequest'));
var setExt = ASN1Set();
var innerBlockExt = ASN1Sequence();
var sanExtSeq = ASN1Sequence();
sanExtSeq.add(ASN1ObjectIdentifier.fromName('subjectAltName'));
var sanSeq = ASN1Sequence();
for (var s in san) {
var sanIa5 = ASN1IA5String(stringValue: s, tag: 0x82);
sanSeq.add(sanIa5);
}
var octet = ASN1OctetString(octets: sanSeq.encode());
sanExtSeq.add(octet);
innerBlockExt.add(sanExtSeq);
setExt.add(innerBlockExt);
outerBlockExt.add(setExt);
var asn1Null = ASN1OctetString(tag: 0xA0, octets: outerBlockExt.encode());
//asn1Null.valueBytes = outerBlockExt.encode();
blockDN.add(asn1Null);
} else {
blockDN.add(ASN1Null(tag: 0xA0)); // let's call this WTF
}
var blockSignatureAlgorithm = ASN1Sequence();
blockSignatureAlgorithm.add(ASN1ObjectIdentifier.fromName(
_getOiForSigningAlgorithm(signingAlgorithm, ecc: true)));
var ecSignature = eccSign(blockDN.encode(), privateKey, signingAlgorithm);
var bitStringSequence = ASN1Sequence();
bitStringSequence.add(ASN1Integer(ecSignature.r));
bitStringSequence.add(ASN1Integer(ecSignature.s));
var blockSignatureValue =
ASN1BitString(stringValues: bitStringSequence.encode());
var outer = ASN1Sequence();
outer.add(blockDN);
outer.add(blockSignatureAlgorithm);
outer.add(blockSignatureValue);
var chunks = StringUtils.chunk(base64.encode(outer.encode()), 64);
return '$BEGIN_CSR\n${chunks.join('\r\n')}\n$END_CSR';
}