PureBasic
PureBasic
Generate a CSR containing an Extension Request
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest.Chilkat PureBasic Downloads
IncludeFile "CkXml.pb"
IncludeFile "CkEcc.pb"
IncludeFile "CkPrng.pb"
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkCsr.pb"
Procedure ChilkatExample()
success.i = 0
; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; This example will generate a secp256r1 ECDSA key for the CSR.
ecc.i = CkEcc::ckCreate()
If ecc.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
prng.i = CkPrng::ckCreate()
If prng.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
privKey.i = CkPrivateKey::ckCreate()
If privKey.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkEcc::ckGenKey(ecc,"secp256r1",prng,privKey)
If success = 0
Debug "Failed to generate a new ECDSA private key."
CkEcc::ckDispose(ecc)
CkPrng::ckDispose(prng)
CkPrivateKey::ckDispose(privKey)
ProcedureReturn
EndIf
csr.i = CkCsr::ckCreate()
If csr.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Add common CSR fields:
CkCsr::setCkCommonName(csr, "mysubdomain.mydomain.com")
CkCsr::setCkCountry(csr, "GB")
CkCsr::setCkState(csr, "Yorks")
CkCsr::setCkLocality(csr, "York")
CkCsr::setCkCompany(csr, "Internet Widgits Pty Ltd")
CkCsr::setCkEmailAddress(csr, "support@mydomain.com")
; Add the following 1.2.840.113549.1.9.14 extensionRequest
; Note: The easiest way to know the content and format of the XML to be added is to examine
; a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
; get the extensionRequest from an existing CSR.
;
; Here is a sample extension request:
; <?xml version="1.0" encoding="utf-8"?>
; <set>
; <sequence>
; <sequence>
; <oid>1.3.6.1.4.1.311.20.2</oid>
; <asnOctets>
; <printable>ZATCA-Code-Signing</printable>
; </asnOctets>
; </sequence>
; <sequence>
; <oid>2.5.29.17</oid>
; <asnOctets>
; <sequence>
; <contextSpecific tag="4" constructed="1">
; <sequence>
; <set>
; <sequence>
; <oid>2.5.4.4</oid>
; <utf8>334623324234325</utf8>
; </sequence>
; </set>
; <set>
; <sequence>
; <oid>0.9.2342.19200300.100.1.1</oid>
; <utf8>310122393500003</utf8>
; </sequence>
; </set>
; <set>
; <sequence>
; <oid>2.5.4.12</oid>
; <utf8>0000</utf8>
; </sequence>
; </set>
; <set>
; <sequence>
; <oid>2.5.4.26</oid>
; <utf8>Sample E</utf8>
; </sequence>
; </set>
; <set>
; <sequence>
; <oid>2.5.4.15</oid>
; <utf8>Sample Business</utf8>
; </sequence>
; </set>
; </sequence>
; </contextSpecific>
; </sequence>
; </asnOctets>
; </sequence>
; </sequence>
; </set>
; Use this online tool to generate code from sample XML:
; Generate Code to Create XML
; Here's the code to generate the above extension request.
xml.i = CkXml::ckCreate()
If xml.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkXml::setCkTag(xml, "set")
CkXml::ckUpdateChildContent(xml,"sequence|sequence|oid","1.3.6.1.4.1.311.20.2")
CkXml::ckUpdateChildContent(xml,"sequence|sequence|asnOctets|printable","ZATCA-Code-Signing")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|oid","2.5.29.17")
CkXml::ckUpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific",1,"tag","4")
CkXml::ckUpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific",1,"constructed","1")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid","2.5.4.4")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8","334623324234325")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid","0.9.2342.19200300.100.1.1")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8","310122393500003")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid","2.5.4.12")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8","0000")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid","2.5.4.26")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8","Sample E")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid","2.5.4.15")
CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8","Sample Business")
; Add the extension request to the CSR
CkCsr::ckSetExtensionRequest(csr,xml)
; Generate the CSR with the extension request
csrPem.s = CkCsr::ckGenCsrPem(csr,privKey)
If CkCsr::ckLastMethodSuccess(csr) = 0
Debug CkCsr::ckLastErrorText(csr)
CkEcc::ckDispose(ecc)
CkPrng::ckDispose(prng)
CkPrivateKey::ckDispose(privKey)
CkCsr::ckDispose(csr)
CkXml::ckDispose(xml)
ProcedureReturn
EndIf
Debug csrPem
; Sample PEM output:
; -----BEGIN CERTIFICATE REQUEST-----
; MIICEjCCAbkCAQAwgZcxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
; bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
; HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxIzAhBgkqhkiG9w0BCQEW
; FHN1cHBvcnRAbXlkb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
; g8EVNSV0ttlM9kG2E+J3ZB9WEDYVf2QA/8idrPRUafia1CHjd1kslwZA8eP2bAcf
; 2O493QAENqtW6DTHJbRz8KCBvjCBuwYJKoZIhvcNAQkOMYGtMIGqMCEGCSsGAQQB
; gjcUAgQUExJaQVRDQS1Db2RlLVNpZ25pbmcwgYQGA1UdEQR9MHukeTB3MRgwFgYD
; VQQEDA8zMzQ2MjMzMjQyMzQzMjUxHzAdBgoJkiaJk/IsZAEBDA8zMTAxMjIzOTM1
; MDAwMDMxDTALBgNVBAwMBDAwMDAxETAPBgNVBBoMCFNhbXBsZSBFMRgwFgYDVQQP
; DA9TYW1wbGUgQnVzaW5lc3MwCgYIKoZIzj0EAwIDRwAwRAIgF7D30eSBklfo+oel
; 1B0z64eJDB9MB3rCoiFZlj+mz0YCIHYI87eyqdtw2LOcAoBRhyxlBT6i28+Z/8t9
; bYsMIYvp
; -----END CERTIFICATE REQUEST-----
CkEcc::ckDispose(ecc)
CkPrng::ckDispose(prng)
CkPrivateKey::ckDispose(privKey)
CkCsr::ckDispose(csr)
CkXml::ckDispose(xml)
ProcedureReturn
EndProcedure