C
C
Duplicate CSR Created by OpenSSL with Config.cnf
See more CSR Examples
Demonstrates how to duplicate a CSR created by the following commands:# Generate Private Key openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem #Generate CSR openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config Config.cnf -out CSR.csr
Chilkat C Downloads
#include <C_CkStringBuilder.h>
#include <C_CkCsr.h>
#include <C_CkXml.h>
#include <C_CkEcc.h>
#include <C_CkPrng.h>
#include <C_CkPrivateKey.h>
void ChilkatSample(void)
{
BOOL success;
HCkStringBuilder sbCsr;
HCkCsr csr0;
HCkXml xml0;
HCkXml xml;
HCkEcc ecdsa;
HCkPrng prng;
HCkPrivateKey privKey;
HCkCsr csr;
const char *csrPem;
success = FALSE;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example duplicates the CSR created by OpenSSL with the following config file:
// oid_section = OIDs
// [ OIDs ]
// certificateTemplateName= 1.3.6.1.4.1.311.20.2
//
// [ req ]
// default_bits = 2048
// emailAddress = it@example.sa
// req_extensions = v3_req
// x509_extensions = v3_ca
// prompt = no
// default_md = sha256
// req_extensions = req_ext
// distinguished_name = dn
//
// [ v3_req ]
// basicConstraints = CA:FALSE
// keyUsage = digitalSignature, nonRepudiation, keyEncipherment
//
// [req_ext]
// certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing
// subjectAltName = dirName:alt_names
//
// [ dn ]
// CN =EXAMPLE-CORP # Common Name
// C=SA # Country Code e.g SA
// OU=HEAD-OFFICE # Organization Unit Name
// O=ASC # Organization Name
//
// [alt_names]
// SN=1-ASC|2-V01|3-1234567890 # EGS Serial Number 1-ABC|2-PQR|3-XYZ
// UID=312345678900003 # Organization Identifier (VAT Number)
// title=1100 # Invoice Type
// registeredAddress=Dammam # Address
// businessCategory=IT # Business Category
// The OpenSSL commands we are duplicating:
// openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem
// openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config Config.cnf -out CSR.csr
// The 1st step is to actually use OpenSSL to generate a sample CSR.csr that we wish to duplicate.
// With the sample CSR.csr, we get the ExtensionRequest as XML.
// For example:
sbCsr = CkStringBuilder_Create();
success = CkStringBuilder_LoadFile(sbCsr,"qa_data/csr/openssl_cnf/CSR.csr","utf-8");
if (success == FALSE) {
printf("Failed to load CSR.csr\n");
CkStringBuilder_Dispose(sbCsr);
return;
}
csr0 = CkCsr_Create();
success = CkCsr_LoadCsrPem(csr0,CkStringBuilder_getAsString(sbCsr));
if (success == FALSE) {
printf("%s\n",CkCsr_lastErrorText(csr0));
CkStringBuilder_Dispose(sbCsr);
CkCsr_Dispose(csr0);
return;
}
xml0 = CkXml_Create();
success = CkCsr_GetExtensionRequest(csr0,xml0);
if (success == FALSE) {
printf("%s\n",CkCsr_lastErrorText(csr0));
CkStringBuilder_Dispose(sbCsr);
CkCsr_Dispose(csr0);
CkXml_Dispose(xml0);
return;
}
// Let's examine the extension request..
printf("%s\n",CkXml_getXml(xml0));
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <printable>ZATCA-Code-Signing</printable>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.17</oid>
// <asnOctets>
// <sequence>
// <contextSpecific tag="4" constructed="1">
// <sequence>
// <set>
// <sequence>
// <oid>2.5.4.4</oid>
// <utf8>1-ASC|2-V01|3-1234567890</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>0.9.2342.19200300.100.1.1</oid>
// <utf8>312345678900003</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>2.5.4.12</oid>
// <utf8>1100</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>2.5.4.26</oid>
// <utf8>Dammam</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>2.5.4.15</oid>
// <utf8>IT</utf8>
// </sequence>
// </set>
// </sequence>
// </contextSpecific>
// </sequence>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// If you wish to generate the above XML without going through the above steps, copy the XML into
// the online tool at https://tools.chilkat.io/xmlCreate
// Here is the generated code for the above XML:
xml = CkXml_Create();
CkXml_putTag(xml,"set");
CkXml_UpdateChildContent(xml,"sequence|sequence|oid","1.3.6.1.4.1.311.20.2");
CkXml_UpdateChildContent(xml,"sequence|sequence|asnOctets|printable","ZATCA-Code-Signing");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|oid","2.5.29.17");
CkXml_UpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific",TRUE,"tag","4");
CkXml_UpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific",TRUE,"constructed","1");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid","2.5.4.4");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8","1-ASC|2-V01|3-1234567890");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid","0.9.2342.19200300.100.1.1");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8","312345678900003");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid","2.5.4.12");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8","1100");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid","2.5.4.26");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8","Dammam");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid","2.5.4.15");
CkXml_UpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8","IT");
// We'll need a new secp256k1 private key, so let's generate it.
ecdsa = CkEcc_Create();
prng = CkPrng_Create();
privKey = CkPrivateKey_Create();
success = CkEcc_GenKey(ecdsa,"secp256k1",prng,privKey);
if (success == FALSE) {
printf("%s\n",CkEcc_lastErrorText(ecdsa));
CkStringBuilder_Dispose(sbCsr);
CkCsr_Dispose(csr0);
CkXml_Dispose(xml0);
CkXml_Dispose(xml);
CkEcc_Dispose(ecdsa);
CkPrng_Dispose(prng);
CkPrivateKey_Dispose(privKey);
return;
}
printf("Generated secp256k1 private key.\n");
// Use a new CSR object to generate a CSR with the private key and extension request.
csr = CkCsr_Create();
// Add the [dn] fields
// [ dn ]
// CN =EXAMPLE-CORP # Common Name
// C=SA # Country Code e.g SA
// OU=HEAD-OFFICE # Organization Unit Name
// O=ASC # Organization Name
CkCsr_putCommonName(csr,"EXAMPLE-CORP");
CkCsr_putCountry(csr,"SA");
CkCsr_putCompanyDivision(csr,"HEAD-OFFICE");
CkCsr_putCompany(csr,"ASC");
// Add the extension request to the CSR
CkCsr_SetExtensionRequest(csr,xml);
// Generate the CSR with the extension request
csrPem = CkCsr_genCsrPem(csr,privKey);
if (CkCsr_getLastMethodSuccess(csr) == FALSE) {
printf("%s\n",CkCsr_lastErrorText(csr));
CkStringBuilder_Dispose(sbCsr);
CkCsr_Dispose(csr0);
CkXml_Dispose(xml0);
CkXml_Dispose(xml);
CkEcc_Dispose(ecdsa);
CkPrng_Dispose(prng);
CkPrivateKey_Dispose(privKey);
CkCsr_Dispose(csr);
return;
}
printf("%s\n",csrPem);
// Sample output:
// -----BEGIN CERTIFICATE REQUEST-----
// MIIBuDCCAV8CAQAwSDEVMBMGA1UEAwwMRVhBTVBMRS1DT1JQMQswCQYDVQQGEwJT
// QTEUMBIGA1UECwwLSEVBRC1PRkZJQ0UxDDAKBgNVBAoMA0FTQzBWMBAGByqGSM49
// AgEGBSuBBAAKA0IABFI5rusr76HiJcMMr1r4L0B0BOAs6azLkt/RwHoT6A0xFRRt
// tulWT40tNhx3qJ4I5ePNgMceOEtuK1kMGVTovI6ggbcwgbQGCSqGSIb3DQEJDjGB
// pjCBozAhBgkrBgEEAYI3FAIEFBMSWkFUQ0EtQ29kZS1TaWduaW5nMH4GA1UdEQR3
// MHWkczBxMSEwHwYDVQQEDBgxLUFTQ3wyLVYwMXwzLTEyMzQ1Njc4OTAxHzAdBgoJ
// kiaJk/IsZAEBDA8zMTIzNDU2Nzg5MDAwMDMxDTALBgNVBAwMBDExMDAxDzANBgNV
// BBoMBkRhbW1hbTELMAkGA1UEDwwCSVQwCgYIKoZIzj0EAwIDRwAwRAIgJnbgpSGb
// diB+0M1VTqc1GU9sFsfnOvVN/8WhWRRxQIwCIF5eH9vgMgXyoU284X8Bx3dqOJ4q
// xashGWci87POxSvT
// -----END CERTIFICATE REQUEST-----
CkStringBuilder_Dispose(sbCsr);
CkCsr_Dispose(csr0);
CkXml_Dispose(xml0);
CkXml_Dispose(xml);
CkEcc_Dispose(ecdsa);
CkPrng_Dispose(prng);
CkPrivateKey_Dispose(privKey);
CkCsr_Dispose(csr);
}