generateRsaCsrPem static method
String
generateRsaCsrPem(
- Map<
String, String> attributes, - RSAPrivateKey privateKey,
- RSAPublicKey publicKey, {
- List<
String> ? san, - String signingAlgorithm = 'SHA-256',
Generates a Certificate Signing Request with the given attributes
using the given privateKey
and publicKey
.
The parameter san
defines the list of subject alternative names to be placed within the CSR.
signingAlgorithm
defines the algorithm to use to sign the distinguished names. Supported values are
- SHA-1
- SHA-224
- SHA-256 (default)
- SHA-384
- SHA-512
Implementation
static String generateRsaCsrPem(Map<String, String> attributes,
RSAPrivateKey privateKey, RSAPublicKey publicKey,
{List<String>? san, String signingAlgorithm = 'SHA-256'}) {
if (!_validRsaSigner.contains(signingAlgorithm)) {
ArgumentError('Signingalgorithm $signingAlgorithm not supported!');
}
var encodedDN = encodeDN(attributes);
var blockDN = ASN1Sequence();
blockDN.add(ASN1Integer(BigInt.from(0)));
blockDN.add(encodedDN);
blockDN.add(_makePublicKeyBlock(publicKey));
// Check if extensions are needed
if (san != null && san.isNotEmpty) {
var outerBlockExt = ASN1Sequence();
outerBlockExt.add(ASN1ObjectIdentifier.fromName('extensionRequest'));
var setExt = ASN1Set();
var innerBlockExt = ASN1Sequence();
var sanExtSeq = ASN1Sequence();
sanExtSeq.add(ASN1ObjectIdentifier.fromName('subjectAltName'));
var sanSeq = ASN1Sequence();
for (var s in san) {
var sanIa5 = ASN1IA5String(stringValue: s, tag: 0x82);
sanSeq.add(sanIa5);
}
var octet = ASN1OctetString(octets: sanSeq.encode());
sanExtSeq.add(octet);
innerBlockExt.add(sanExtSeq);
setExt.add(innerBlockExt);
outerBlockExt.add(setExt);
var asn1Null = ASN1OctetString(tag: 0xA0, octets: outerBlockExt.encode());
//asn1Null.valueBytes = outerBlockExt.encode();
blockDN.add(asn1Null);
} else {
blockDN.add(ASN1Null(tag: 0xA0)); // let's call this WTF
}
var blockProtocol = ASN1Sequence();
blockProtocol.add(ASN1ObjectIdentifier.fromName(
_getOiForSigningAlgorithm(signingAlgorithm)));
blockProtocol.add(ASN1Null());
var outer = ASN1Sequence();
outer.add(blockDN);
outer.add(blockProtocol);
outer.add(ASN1BitString(
stringValues:
_rsaSign(blockDN.encode(), privateKey, signingAlgorithm)));
var chunks = StringUtils.chunk(base64.encode(outer.encode()), 64);
return '$BEGIN_CSR\n${chunks.join('\r\n')}\n$END_CSR';
}