CSR失敗：錯誤解析請求ASN1壞標記值滿足（ASN：267 CRYPT_E_ASN1_BADTAG）

Question

我試圖提交下列方式CSR的要求：

require 'openssl' 
require 'json' 

def public_key_info 
    key_info = private_key.public_key.to_pem 
    key_info = key_info.sub! '-----BEGIN PUBLIC KEY-----', '-----BEGIN CERTIFICATE REQUEST-----' 
    key_info = key_info.sub! '-----END PUBLIC KEY-----', '-----END CERTIFICATE REQUEST-----' 
    key_info 
end 

# "Creating a new 2048bit RSA Keypair..." 
def private_key 
    @private_key = OpenSSL::PKey::RSA.new 2048 
end 

payload = { 
    "CsrData" => public_key_info, 
    "certTemplate" => "MyTemplate" 
} 

encoded = JSON.generate(payload)  
p "Payload is #{encoded}" 

response = RestClient::Resource.new(
    'http://myURL/GenerateCertificateUsingCsr', 
).post encoded, :content_type => 'application/json', :accept => 'text/plain' 

response_json = JSON.parse(response.body) 
p response_json 

請求失敗，錯誤提交失敗：錯誤解析請求。 ASN1壞標記值已滿足。 0x8009310b（ASN：267 CRYPT_E_ASN1_BADTAG）：

{ 
    "certTemplate":"MyTemplate", 
    "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWeK196VcjZZFbKyEjpj\n8I6DjHbwiMi9I10tV41OEt9Ozp+M0V6TYOKNlJTXGxNUHD0lXFJBlS2z/PLQbW/3\n6C9xRkIclve5Uq8J2NmubnR9+NOt/cjPb4EJtMlxySq5cWOqEyq4UirUEfch9HMC\nkLwJ0MPdrDatZqfIv1IvhBiKfyqWV2jds3X60NlmvyGxnrd54dO8/OqNJNmw2BP9\n3aa21asRqB7oPW2H49o2gwDxF6ZEwymAFvU4jvO+BQLRDYTm8GslHyX9kCXWnYHg\nX7gqvek/mu7KqyIB44YyOjGYkVX76El32B08ruKlc+xZ8kFWC1bMzwZNoFEBKO6D\n9QIDAQAB\n-----END CERTIFICATE REQUEST-----" 
} 

{"ErrorCode"=>1005, "ErrorMessage"=>"The submission failed: Error Parsing Request ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)", "Return"=>false, "p12Data"=>nil, "certexpdate"=>nil, "serialNo"=>nil} 
=> true 

但是，如果我創建的命令行的CSR請求：

OpenSSL的REQ -out mytest.csr -new -newkey RSA：2048 -nodes -keyout mytest.key

然後轉換CSR以便用\n字符串替換新行。

然後準備一個JSON有效載荷：

{ 
    "certTemplate":"MyTemplate", 
    "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC8zCCAdsCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEWMBQGA1UE\nBwwNU2lsdmVyIFNwcmluZzELMAkGA1UECgwCRVMxCzAJBgNVBAsMAk1MMSAwHgYD\nVQQDDBcgbXNjbGllbnQ1MS5zYW10ZXN0LmNvbTElMCMGCSqGSIb3DQEJARYWbXNj\nbGllbnQ1MUBzYW10ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL+X4YJ041JDVfYZr2IXHEAsBc9cbtYxuLa4FkXz+enZYj+9J4qK7zl9OJ7P\nfW29jf82oyQ83RH6XrYcFJKO9cuXgkkQaNV8X6J7sbn87hHUn8xZ1SORd+OPV/ws\nHdOuuv/kQi0S1Rz9Qn7RJiEnQqC14bp50fjJDxxYBVcU/bevlMuFzf8pKQbNfWD5\nbpHHPKpN6uKAXQa2vCqRPAHMvlxCqVHf1Lmy6xojsHGDdqYcYgwG2JB140nOpKtA\nwO9jR5wF7HmqUs/u/fV+p86IaHt6rAxo8WX0Ymu+48DanMdlBqjQ222OthnTbgmD\nbW9j16kNesriu8APSpxW6f7InhsCAwEAAaAYMBYGCSqGSIb3DQEJAjEJDAdNTF9U\nVjJHMA0GCSqGSIb3DQEBCwUAA4IBAQCOxISJbXXQqFmHTwcIP+jaYM1souuptE5l\nhrG/5T1Irz357DABfQpaZkon8dIF8QRpjCY2+b44srGtbKBbnUDAgM5e+qqZjx6X\ng7Yp7LLVW9EplvMYT83M62K9UyNFqjizgXbNIxJRsApLutLBpTpB3vIpQcZYhygf\nfJx/zmN3rD3K47SdaDd9JyD7W3tnAQ1rHEG1uS+Pm9Cq5+Wi8k+nEeGHtQnY5eps\nYqA/g86m4VR5RP0+oTvq3FC57PFqrbv+lwD9brCzjAK/c/QcyBnoxnMNbFVzwhcf\nKAF82Vl9kvwOwyD8sPN19V9ldmZpMhQ/2hsuHxRLAnlwHYhqfl/9\n-----END CERTIFICATE REQUEST-----" 
} 

上述CSR請求工作正常。

我在做什麼錯了上面的ruby代碼？

Answer 1

這是因爲CSR請求不是pem格式的公鑰。與公鑰相比，CSR具有不同的ASN1表示法。這就是爲什麼你得到ASN1相關的錯誤。

關於如何使用OpenSSL的Ruby包裝器創建CSR，您可以看到this gist。如您所見，您還需要指定您的專有名稱。

def csr(key) 
    options = { 
    :country  => 'PL', 
    :state  => 'M', 
    :city   => 'Cracow', 
    :organization => 'OSPL', 
    :department => '', 
    :common_name => 'OSPL', 
    :email  => '' 
    } 

    request = OpenSSL::X509::Request.new 
    request.version = 0 
    request.subject = OpenSSL::X509::Name.new([ 
    ['C',    options[:country], OpenSSL::ASN1::PRINTABLESTRING], 
    ['ST',   options[:state],  OpenSSL::ASN1::PRINTABLESTRING], 
    ['L',    options[:city],   OpenSSL::ASN1::PRINTABLESTRING], 
    ['O',    options[:organization], OpenSSL::ASN1::UTF8STRING], 
    ['OU',   options[:department], OpenSSL::ASN1::UTF8STRING], 
    ['CN',   options[:common_name], OpenSSL::ASN1::UTF8STRING], 
    ['emailAddress', options[:email],  OpenSSL::ASN1::UTF8STRING] 
    ]) 
    request.public_key = key.public_key 
    request.sign(key, OpenSSL::Digest::SHA1.new) 
end