generateRsaCsrPem static method

String generateRsaCsrPem(
  1. Map<String, String> attributes,
  2. RSAPrivateKey privateKey,
  3. RSAPublicKey publicKey, {
  4. List<String>? san,
  5. String signingAlgorithm = 'SHA-256',
})

Generates a Certificate Signing Request with the given attributes using the given privateKey and publicKey.

The parameter san defines the list of subject alternative names to be placed within the CSR.

signingAlgorithm defines the algorithm to use to sign the distinguished names. Supported values are

  • SHA-1
  • SHA-224
  • SHA-256 (default)
  • SHA-384
  • SHA-512

Implementation

static String generateRsaCsrPem(Map<String, String> attributes,
    RSAPrivateKey privateKey, RSAPublicKey publicKey,
    {List<String>? san, String signingAlgorithm = 'SHA-256'}) {
  if (!_validRsaSigner.contains(signingAlgorithm)) {
    ArgumentError('Signingalgorithm $signingAlgorithm not supported!');
  }
  var encodedDN = encodeDN(attributes);

  var blockDN = ASN1Sequence();
  blockDN.add(ASN1Integer(BigInt.from(0)));
  blockDN.add(encodedDN);
  blockDN.add(_makePublicKeyBlock(publicKey));

  // Check if extensions are needed
  if (san != null && san.isNotEmpty) {
    var outerBlockExt = ASN1Sequence();
    outerBlockExt.add(ASN1ObjectIdentifier.fromName('extensionRequest'));

    var setExt = ASN1Set();

    var innerBlockExt = ASN1Sequence();

    var sanExtSeq = ASN1Sequence();
    sanExtSeq.add(ASN1ObjectIdentifier.fromName('subjectAltName'));
    var sanSeq = ASN1Sequence();
    for (var s in san) {
      var sanIa5 = ASN1IA5String(stringValue: s, tag: 0x82);
      sanSeq.add(sanIa5);
    }
    var octet = ASN1OctetString(octets: sanSeq.encode());
    sanExtSeq.add(octet);

    innerBlockExt.add(sanExtSeq);

    setExt.add(innerBlockExt);

    outerBlockExt.add(setExt);

    var asn1Null = ASN1OctetString(tag: 0xA0, octets: outerBlockExt.encode());
    //asn1Null.valueBytes = outerBlockExt.encode();
    blockDN.add(asn1Null);
  } else {
    blockDN.add(ASN1Null(tag: 0xA0)); // let's call this WTF
  }

  var blockProtocol = ASN1Sequence();
  blockProtocol.add(ASN1ObjectIdentifier.fromName(
      _getOiForSigningAlgorithm(signingAlgorithm)));
  blockProtocol.add(ASN1Null());

  var outer = ASN1Sequence();
  outer.add(blockDN);
  outer.add(blockProtocol);
  outer.add(ASN1BitString(
      stringValues:
          _rsaSign(blockDN.encode(), privateKey, signingAlgorithm)));
  var chunks = StringUtils.chunk(base64.encode(outer.encode()), 64);
  return '$BEGIN_CSR\n${chunks.join('\r\n')}\n$END_CSR';
}