(PureBasic) Generate a CSR containing an Extension Request

See more CSR Examples

Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest.

Note: This example requires Chilkat v9.5.0.91 or greater.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkXml.pb"
IncludeFile "CkEcc.pb"
IncludeFile "CkPrng.pb"
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkCsr.pb"

Procedure ChilkatExample()

    ; This requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; This example will generate a secp256r1 ECDSA key for the CSR.
    ecc.i = CkEcc::ckCreate()
    If ecc.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    prng.i = CkPrng::ckCreate()
    If prng.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    privKey.i = CkEcc::ckGenEccKey(ecc,"secp256r1",prng)
    If CkEcc::ckLastMethodSuccess(ecc) = 0
        Debug "Failed to generate a new ECDSA private key."
        CkEcc::ckDispose(ecc)
        CkPrng::ckDispose(prng)
        ProcedureReturn
    EndIf

    csr.i = CkCsr::ckCreate()
    If csr.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Add common CSR fields:
    CkCsr::setCkCommonName(csr, "mysubdomain.mydomain.com")
    CkCsr::setCkCountry(csr, "GB")
    CkCsr::setCkState(csr, "Yorks")
    CkCsr::setCkLocality(csr, "York")
    CkCsr::setCkCompany(csr, "Internet Widgits Pty Ltd")
    CkCsr::setCkEmailAddress(csr, "support@mydomain.com")

    ; Add the following 1.2.840.113549.1.9.14 extensionRequest
    ; Note: The easiest way to know the content and format of the XML to be added is to examine
    ; a pre-existing CSR with the same desired extensionRequest.  You can use Chilkat to
    ; get the extensionRequest from an existing CSR. 

    ; 
    ; Here is a sample extension request:

    ; <?xml version="1.0" encoding="utf-8"?>
    ; <set>
    ;    <sequence>
    ;        <sequence>
    ;            <oid>1.3.6.1.4.1.311.20.2</oid>
    ;            <asnOctets>
    ;                <printable>ZATCA-Code-Signing</printable>
    ;            </asnOctets>
    ;        </sequence>
    ;        <sequence>
    ;            <oid>2.5.29.17</oid>
    ;            <asnOctets>
    ;                <sequence>
    ;                    <contextSpecific tag="4" constructed="1">
    ;                        <sequence>
    ;                            <set>
    ;                                <sequence>
    ;                                    <oid>2.5.4.4</oid>
    ;                                    <utf8>334623324234325</utf8>
    ;                                </sequence>
    ;                            </set>
    ;                            <set>
    ;                                <sequence>
    ;                                    <oid>0.9.2342.19200300.100.1.1</oid>
    ;                                    <utf8>310122393500003</utf8>
    ;                                </sequence>
    ;                            </set>
    ;                            <set>
    ;                                <sequence>
    ;                                    <oid>2.5.4.12</oid>
    ;                                    <utf8>0000</utf8>
    ;                                </sequence>
    ;                            </set>
    ;                            <set>
    ;                                <sequence>
    ;                                    <oid>2.5.4.26</oid>
    ;                                    <utf8>Sample E</utf8>
    ;                                </sequence>
    ;                            </set>
    ;                            <set>
    ;                                <sequence>
    ;                                    <oid>2.5.4.15</oid>
    ;                                    <utf8>Sample Business</utf8>
    ;                                </sequence>
    ;                            </set>
    ;                        </sequence>
    ;                    </contextSpecific>
    ;                </sequence>
    ;            </asnOctets>
    ;        </sequence>
    ;    </sequence>
    ; </set>

    ; Use this online tool to generate code from sample XML: 
    ; Generate Code to Create XML

    ; Here's the code to generate the above extension request.

    xml.i = CkXml::ckCreate()
    If xml.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkXml::setCkTag(xml, "set")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence|oid","1.3.6.1.4.1.311.20.2")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence|asnOctets|printable","ZATCA-Code-Signing")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|oid","2.5.29.17")
    CkXml::ckUpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific",1,"tag","4")
    CkXml::ckUpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific",1,"constructed","1")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid","2.5.4.4")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8","334623324234325")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid","0.9.2342.19200300.100.1.1")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8","310122393500003")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid","2.5.4.12")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8","0000")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid","2.5.4.26")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8","Sample E")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid","2.5.4.15")
    CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8","Sample Business")

    ; Add the extension request to the CSR
    CkCsr::ckSetExtensionRequest(csr,xml)

    ; Generate the CSR with the extension request
    csrPem.s = CkCsr::ckGenCsrPem(csr,privKey)
    If CkCsr::ckLastMethodSuccess(csr) = 0
        Debug CkCsr::ckLastErrorText(csr)
        CkPrivateKey::ckDispose(privKey)

        CkEcc::ckDispose(ecc)
        CkPrng::ckDispose(prng)
        CkCsr::ckDispose(csr)
        CkXml::ckDispose(xml)
        ProcedureReturn
    EndIf

    Debug csrPem

    CkPrivateKey::ckDispose(privKey)

    ; Sample PEM output:

    ; -----BEGIN CERTIFICATE REQUEST-----
    ; MIICEjCCAbkCAQAwgZcxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
    ; bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
    ; HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxIzAhBgkqhkiG9w0BCQEW
    ; FHN1cHBvcnRAbXlkb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
    ; g8EVNSV0ttlM9kG2E+J3ZB9WEDYVf2QA/8idrPRUafia1CHjd1kslwZA8eP2bAcf
    ; 2O493QAENqtW6DTHJbRz8KCBvjCBuwYJKoZIhvcNAQkOMYGtMIGqMCEGCSsGAQQB
    ; gjcUAgQUExJaQVRDQS1Db2RlLVNpZ25pbmcwgYQGA1UdEQR9MHukeTB3MRgwFgYD
    ; VQQEDA8zMzQ2MjMzMjQyMzQzMjUxHzAdBgoJkiaJk/IsZAEBDA8zMTAxMjIzOTM1
    ; MDAwMDMxDTALBgNVBAwMBDAwMDAxETAPBgNVBBoMCFNhbXBsZSBFMRgwFgYDVQQP
    ; DA9TYW1wbGUgQnVzaW5lc3MwCgYIKoZIzj0EAwIDRwAwRAIgF7D30eSBklfo+oel
    ; 1B0z64eJDB9MB3rCoiFZlj+mz0YCIHYI87eyqdtw2LOcAoBRhyxlBT6i28+Z/8t9
    ; bYsMIYvp
    ; -----END CERTIFICATE REQUEST-----


    CkEcc::ckDispose(ecc)
    CkPrng::ckDispose(prng)
    CkCsr::ckDispose(csr)
    CkXml::ckDispose(xml)


    ProcedureReturn
EndProcedure