我正在尝试使用 pkijs 库使用本地证书签署 CSR,但 CA 总是返回错误:无法解析 PKIOperation 请求。
我还认为 pkijs 中的 sign 方法只返回签名而不是带有它的封装数据,因为我的封装数据大小比签名数据大小大得多。
这是我用来签署数据的代码:
public signScepCsr(csr: ArrayBuffer, signingCert: Certificate, privateKey: any) {
let sequence = Promise.resolve();
//region Create a message digest
const crypto = getCrypto();
sequence.then(() => {
let certSigned = new SignedData({
version: 1,
encapContentInfo: new EncapsulatedContentInfo({
eContentType: this.envelopedDataOid
}),
signerInfos: [new SignerInfo({
version: 1,
sid: new IssuerAndSerialNumber({
issuer: signingCert.issuer,
serialNumber: signingCert.serialNumber
}),
messageType: 19,
transactionID: Guid.create().toString(),
})],
certificaes: [signingCert]
});
// Sign the CSR buffer with local certificate private key.
return certSigned.sign(privateKey, 0, this.hashAlg, csr);
});
let result = '';
return sequence.then((result) => {
let r2 = result as SignedData;
let certSignedSchema = r2.toSchema(true);
let signedContent = new ContentInfo({
contentType: this.signedDataOid,
content: certSignedSchema
});
let finalSignedSchema = signedContent.toSchema();
//region Make length of some elements in "indefinite form"
finalSignedSchema.lenBlock.isIndefiniteForm = true;
var block1 = finalSignedSchema.valueBlock.value[1];
block1.lenBlock.isIndefiniteForm = true;
var block2 = block1.valueBlock.value[0];
block2.lenBlock.isIndefiniteForm = true;
let signedContentBuffer = finalSignedSchema.toBER(false);
let resultStr = window.btoa(String.fromCharCode.apply(null, new Uint8Array(signedContentBuffer)));
return resultStr;
},
() => Promise.reject('Failed to successfully sign the CSR.'));
}
有什么建议吗?