I generated RSA keys and my backend sends 3 parameters in BASE64 (except signatureAlgorithm) for creating CSR to me:
"subject" : "MIGfMQswCQYDVQQGEwJJUjEvMC0GA1UEAwwmMTAwMDAwMzg1MDA3NjAxMy3YqNmH2LLYp9ivINi12KfYr9mC24wxGTAXBgNVBAUTEDEwMDAwMDM4NTAwNzYwMTMxEzARBgNVBCoMCtio2YfYstin2K8xEzARBgNVBAQMCti12KfYr9mC24wxGjAYBgkqhkiG9w0BCQEWC2luZm9AdWlkLmly",
"extensions" : "MDMwDgYDVR0PAQH/BAQDAgXgMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMAkGA1UdEQQCMAA="
"signatureAlgorithm" : "SHA256_WITH_RSA"
I have sample code in Android/java using BouncyCastle to do this:
byte[] subjectBytes = EncodingUtils.decode(receivedSubject);
byte[] extensionsBytes = EncodingUtils.decode(receivedExtensions);
X500Name subject = X500Name.getInstance(ASN1Primitive.fromByteArray(subjectBytes));
Extensions extensions = Extensions.getInstance(ASN1Primitive.fromByteArray(extensionsBytes));
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
if (extensions != null)
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions);
ContentSigner signer = new ContentSigner() {
final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new DefaultSignatureAlgorithmIdentifierFinder()
.find(receivedAlgorithm);
}
@Override
public OutputStream getOutputStream() {
return this.outputStream;
}
@Override
public byte[] getSignature() {
try {
byte[] tbs = ((ByteArrayOutputStream) getOutputStream()).toByteArray();
return SignatureHelper.sign(privateKey, tbs,
csrFormat.getSignatureProfile().getSignatureAlgorithm());
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
throw new CsrGenerationException();
}
}
};
return p10Builder.build(signer).getEncoded();
How can I do the same in iOS with swift?
Is there any library to accept subject and extensions to create CSR and sign it?
