证书续订控制器(Windows 应用商店应用)
展示可实现用于续订证书的 System.Web.Mvc 控制器的代码。
用于证书续订的银行应用 Web 服务
适用于银行的 Windows 应用商店应用需要提供证书检查和续订终结点的 Web 服务。
以下代码示例展示如何实现用于检查和续订证书的 System.Web.Mvc 控制器。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Security.Cryptography.X509Certificates;
using CERTCLILib;
namespace BankServer.Controllers
{
public class RenewalController : Controller
{
internal abstract class Constants
{
// Constants for property IDs
public const int CR_PROP_CAXCHGCERT = 15;
//constants for data types and indexed status
public const int PROPTYPE_BINARY = 0x3;
//Constants for binary flags
public const int CV_OUT_BASE64 = 0x1;
public const int CR_DISP_ERROR = 0x1;
public const int CR_DISP_DENIED = 0x2;
public const int CR_DISP_ISSUED = 0x3;
public const int CR_DISP_UNDER_SUBMISSION = 0x5;
public const int CR_IN_BASE64HEADER = 0;
public const int CR_IN_BASE64 = 0x1;
public const int CR_IN_BINARY = 0x2;
public const int CR_IN_ENCODEANY = 0xff;
public const int CR_IN_FORMATANY = 0x00;
public const int CR_IN_ROBO = 0x00200000;
public const int CR_IN_PKCS10 = 0x100;
public const int CR_IN_PKCS7 = 0x300;
public const int CR_IN_CMC = 0x400;
public const int CR_IN_FORMATMASK = 0xff00;
public const int CR_IN_CLIENTIDNONE = 0x00400000;
public const int CR_IN_CONNECTONLY = 0x00800000;
public const int CR_OUT_BASE64HEADER = 0x0;
public const int CR_OUT_BASE64 = 0x1;
public const int FR_PROP_FULLRESPONSE = 1; // Binary
// Constant strings for all logging, and hardcoded strings
public const string TOKEN_TYPE_TEXT = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
public const string SOAP_ENVELOPE_NS_TEXT = "http://www.w3.org/2003/05/soap-envelope";
}
[HttpPost]
public JsonResult CheckCert()
{
var result = new JsonResult();
DateTime currentDate = DateTime.Now;
long twoMonthsTicks = 51840000000000;
HttpClientCertificate clientCert = Request.ClientCertificate;
if (clientCert != null && clientCert.Certificate != null &&
clientCert.Certificate.Length > 0)
{
X509Certificate2 mycert =
new X509Certificate2(clientCert.Certificate);
if (mycert.NotAfter.Ticks < currentDate.Ticks + twoMonthsTicks)
{
result.Data = new { renew = true,
hasCert = true,
pfx = false, // Server policy
user = mycert.SubjectName.Name
};
}
else
{
result.Data = new { renew = false, hasCert = true };
}
} else {
result.Data = new { renew = false, hasCert = false };
}
return result;
}
[HttpPost]
public JsonResult RenewP10(string request)
{
const string CAConfig = "Devt-StandAloneCA.enrolldev.nttest.microsoft.com\\enrolldev-Devt-StandAlone-CA";
ICertRequest CertRequest = new CCertRequest();
CertRequest.Submit(Constants.CR_IN_ENCODEANY,
request,
"",
CAConfig);
string certificate =
CertRequest.GetCertificate(Constants.CR_OUT_BASE64);
var result = new JsonResult();
result.Data = new { certificate = certificate };
return result;
}
}
}