(DataFlex) Generate a CSR with keyUsage, extKeyUsage, and other Extensions

See more CSR Examples

Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:

• 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
• 2.5.29.15 keyUsage
• 2.5.29.37 extKeyUsage
• 2.5.29.14 subjectKeyIdentifier

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Handle hoEcc
    Variant vPrng
    Handle hoPrng
    Variant vPrivKey
    Handle hoPrivKey
    Handle hoCsr
    String s
    Handle hoBdTemp
    Boolean iSuccess
    String sS_base64_utf16be
    Variant vXml
    Handle hoXml
    Variant vPubKey
    Handle hoPubKey
    Handle hoBdPubKeyDer
    String sSki
    String sCsrPem
    String sTemp1
    Boolean bTemp1

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // This example will generate a secp256r1 ECDSA key for the CSR.
    Get Create (RefClass(cComChilkatEcc)) To hoEcc
    If (Not(IsComObjectCreated(hoEcc))) Begin
        Send CreateComObject of hoEcc
    End
    Get Create (RefClass(cComChilkatPrng)) To hoPrng
    If (Not(IsComObjectCreated(hoPrng))) Begin
        Send CreateComObject of hoPrng
    End

    Get pvComObject of hoPrng to vPrng
    Get ComGenEccKey Of hoEcc "secp256r1" vPrng To vPrivKey
    If (IsComObject(vPrivKey)) Begin
        Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
        Set pvComObject Of hoPrivKey To vPrivKey
    End
    Get ComLastMethodSuccess Of hoEcc To bTemp1
    If (bTemp1 = False) Begin
        Showln "Failed to generate a new ECDSA private key."
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatCsr)) To hoCsr
    If (Not(IsComObjectCreated(hoCsr))) Begin
        Send CreateComObject of hoCsr
    End

    // Add common CSR fields:
    Set ComCommonName Of hoCsr To "mysubdomain.mydomain.com"
    Set ComCountry Of hoCsr To "GB"
    Set ComState Of hoCsr To "Yorks"
    Set ComLocality Of hoCsr To "York"
    Set ComCompany Of hoCsr To "Internet Widgits Pty Ltd"
    Set ComEmailAddress Of hoCsr To "support@mydomain.com"

    // Add the following 1.2.840.113549.1.9.14 extensionRequest
    // Note: The easiest way to know the content and format of the XML to be added is to examine
    // a pre-existing CSR with the same desired extensionRequest.  You can use Chilkat to
    // get the extensionRequest from an existing CSR. 

    // 
    // Here is a sample extension request:

    // <?xml version="1.0" encoding="utf-8"?>
    // <set>
    //     <sequence>
    //         <sequence>
    //             <oid>1.3.6.1.4.1.311.20.2</oid>
    //             <asnOctets>
    //                 <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
    // AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
    //             </asnOctets>
    //         </sequence>
    //         <sequence>
    //             <oid>2.5.29.15</oid>
    //             <bool>1</bool>
    //             <asnOctets>
    //                 <bits n="3">A0</bits>
    //             </asnOctets>
    //         </sequence>
    //         <sequence>
    //             <oid>2.5.29.37</oid>
    //             <asnOctets>
    //                 <sequence>
    //                     <oid>1.3.6.1.5.5.7.3.3</oid>
    //                 </sequence>
    //             </asnOctets>
    //         </sequence>
    //         <sequence>
    //             <oid>2.5.29.14</oid>
    //             <asnOctets>
    //                 <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
    //             </asnOctets>
    //         </sequence>
    //     </sequence>
    // </set>

    // Use this online tool to generate code from sample XML: 
    // Generate Code to Create XML

    // A few notes:
    // The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
    // is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"

    Move "EndEntityClientAuthCertificate_CSRPassthrough/V1" To s
    Get Create (RefClass(cComChilkatBinData)) To hoBdTemp
    If (Not(IsComObjectCreated(hoBdTemp))) Begin
        Send CreateComObject of hoBdTemp
    End
    Get ComAppendString Of hoBdTemp s "utf-16be" To iSuccess
    Get ComGetEncoded Of hoBdTemp "base64" To sS_base64_utf16be
    // The string should be "AEUA....."
    Showln sS_base64_utf16be

    // Here's the code to generate the above extension request.

    Get Create (RefClass(cComChilkatXml)) To hoXml
    If (Not(IsComObjectCreated(hoXml))) Begin
        Send CreateComObject of hoXml
    End
    Set ComTag Of hoXml To "set"
    Send ComUpdateChildContent To hoXml "sequence|sequence|oid" "1.3.6.1.4.1.311.20.2"
    Get ComUpdateAttrAt Of hoXml "sequence|sequence|asnOctets|universal" True "tag" "30" To iSuccess
    Get ComUpdateAttrAt Of hoXml "sequence|sequence|asnOctets|universal" True "constructed" "0" To iSuccess
    Send ComUpdateChildContent To hoXml "sequence|sequence|asnOctets|universal" sS_base64_utf16be
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|oid" "2.5.29.15"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|bool" "1"
    Get ComUpdateAttrAt Of hoXml "sequence|sequence[1]|asnOctets|bits" True "n" "3" To iSuccess
    // A0 is hex for decimal 160.
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|bits" "A0"
    Send ComUpdateChildContent To hoXml "sequence|sequence[2]|oid" "2.5.29.37"
    Send ComUpdateChildContent To hoXml "sequence|sequence[2]|asnOctets|sequence|oid" "1.3.6.1.5.5.7.3.3"

    // This is the subjectKeyIdentifier extension.
    // The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
    // This is simply a hash of the DER of the public key.

    Get ComGetPublicKey Of hoPrivKey To vPubKey
    If (IsComObject(vPubKey)) Begin
        Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
        Set pvComObject Of hoPubKey To vPubKey
    End
    Get Create (RefClass(cComChilkatBinData)) To hoBdPubKeyDer
    If (Not(IsComObjectCreated(hoBdPubKeyDer))) Begin
        Send CreateComObject of hoBdPubKeyDer
    End
    Get ComGetEncoded Of hoPubKey True "base64" To sTemp1
    Get ComAppendEncoded Of hoBdPubKeyDer sTemp1 "base64" To iSuccess
    Get ComGetHash Of hoBdPubKeyDer "sha1" "base64" To sSki
    Send Destroy of hoPubKey

    Send ComUpdateChildContent To hoXml "sequence|sequence[3]|oid" "2.5.29.14"
    Send ComUpdateChildContent To hoXml "sequence|sequence[3]|asnOctets|octets" sSki

    // Add the extension request to the CSR
    Get pvComObject of hoXml to vXml
    Get ComSetExtensionRequest Of hoCsr vXml To iSuccess

    // Generate the CSR with the extension request
    Get ComGenCsrPem Of hoCsr vPrivKey To sCsrPem
    Get ComLastMethodSuccess Of hoCsr To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoCsr To sTemp1
        Showln sTemp1
        Send Destroy of hoPrivKey
        Procedure_Return
    End

    Showln sCsrPem

    Send Destroy of hoPrivKey


End_Procedure