|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PureBasic) Generate a CSR with keyUsage, extKeyUsage, and other ExtensionsSee more CSR ExamplesDemonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:
IncludeFile "CkPublicKey.pb" IncludeFile "CkBinData.pb" IncludeFile "CkEcc.pb" IncludeFile "CkPrivateKey.pb" IncludeFile "CkPrng.pb" IncludeFile "CkXml.pb" IncludeFile "CkCsr.pb" Procedure ChilkatExample() ; This requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. ; This example will generate a secp256r1 ECDSA key for the CSR. ecc.i = CkEcc::ckCreate() If ecc.i = 0 Debug "Failed to create object." ProcedureReturn EndIf prng.i = CkPrng::ckCreate() If prng.i = 0 Debug "Failed to create object." ProcedureReturn EndIf privKey.i = CkEcc::ckGenEccKey(ecc,"secp256r1",prng) If CkEcc::ckLastMethodSuccess(ecc) = 0 Debug "Failed to generate a new ECDSA private key." CkEcc::ckDispose(ecc) CkPrng::ckDispose(prng) ProcedureReturn EndIf csr.i = CkCsr::ckCreate() If csr.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; Add common CSR fields: CkCsr::setCkCommonName(csr, "mysubdomain.mydomain.com") CkCsr::setCkCountry(csr, "GB") CkCsr::setCkState(csr, "Yorks") CkCsr::setCkLocality(csr, "York") CkCsr::setCkCompany(csr, "Internet Widgits Pty Ltd") CkCsr::setCkEmailAddress(csr, "support@mydomain.com") ; Add the following 1.2.840.113549.1.9.14 extensionRequest ; Note: The easiest way to know the content and format of the XML to be added is to examine ; a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to ; get the extensionRequest from an existing CSR. ; ; Here is a sample extension request: ; <?xml version="1.0" encoding="utf-8"?> ; <set> ; <sequence> ; <sequence> ; <oid>1.3.6.1.4.1.311.20.2</oid> ; <asnOctets> ; <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl ; AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal> ; </asnOctets> ; </sequence> ; <sequence> ; <oid>2.5.29.15</oid> ; <bool>1</bool> ; <asnOctets> ; <bits n="3">A0</bits> ; </asnOctets> ; </sequence> ; <sequence> ; <oid>2.5.29.37</oid> ; <asnOctets> ; <sequence> ; <oid>1.3.6.1.5.5.7.3.3</oid> ; </sequence> ; </asnOctets> ; </sequence> ; <sequence> ; <oid>2.5.29.14</oid> ; <asnOctets> ; <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets> ; </asnOctets> ; </sequence> ; </sequence> ; </set> ; Use this online tool to generate code from sample XML: ; Generate Code to Create XML ; A few notes: ; The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx" ; is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1" s.s = "EndEntityClientAuthCertificate_CSRPassthrough/V1" bdTemp.i = CkBinData::ckCreate() If bdTemp.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkBinData::ckAppendString(bdTemp,s,"utf-16be") s_base64_utf16be.s = CkBinData::ckGetEncoded(bdTemp,"base64") ; The string should be "AEUA....." Debug s_base64_utf16be ; Here's the code to generate the above extension request. xml.i = CkXml::ckCreate() If xml.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkXml::setCkTag(xml, "set") CkXml::ckUpdateChildContent(xml,"sequence|sequence|oid","1.3.6.1.4.1.311.20.2") CkXml::ckUpdateAttrAt(xml,"sequence|sequence|asnOctets|universal",1,"tag","30") CkXml::ckUpdateAttrAt(xml,"sequence|sequence|asnOctets|universal",1,"constructed","0") CkXml::ckUpdateChildContent(xml,"sequence|sequence|asnOctets|universal",s_base64_utf16be) CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|oid","2.5.29.15") CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|bool","1") CkXml::ckUpdateAttrAt(xml,"sequence|sequence[1]|asnOctets|bits",1,"n","3") ; A0 is hex for decimal 160. CkXml::ckUpdateChildContent(xml,"sequence|sequence[1]|asnOctets|bits","A0") CkXml::ckUpdateChildContent(xml,"sequence|sequence[2]|oid","2.5.29.37") CkXml::ckUpdateChildContent(xml,"sequence|sequence[2]|asnOctets|sequence|oid","1.3.6.1.5.5.7.3.3") ; This is the subjectKeyIdentifier extension. ; The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash. ; This is simply a hash of the DER of the public key. pubKey.i = CkPrivateKey::ckGetPublicKey(privKey) bdPubKeyDer.i = CkBinData::ckCreate() If bdPubKeyDer.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkBinData::ckAppendEncoded(bdPubKeyDer,CkPublicKey::ckGetEncoded(pubKey,1,"base64"),"base64") ski.s = CkBinData::ckGetHash(bdPubKeyDer,"sha1","base64") CkPublicKey::ckDispose(pubKey) CkXml::ckUpdateChildContent(xml,"sequence|sequence[3]|oid","2.5.29.14") CkXml::ckUpdateChildContent(xml,"sequence|sequence[3]|asnOctets|octets",ski) ; Add the extension request to the CSR CkCsr::ckSetExtensionRequest(csr,xml) ; Generate the CSR with the extension request csrPem.s = CkCsr::ckGenCsrPem(csr,privKey) If CkCsr::ckLastMethodSuccess(csr) = 0 Debug CkCsr::ckLastErrorText(csr) CkPrivateKey::ckDispose(privKey) CkEcc::ckDispose(ecc) CkPrng::ckDispose(prng) CkCsr::ckDispose(csr) CkBinData::ckDispose(bdTemp) CkXml::ckDispose(xml) CkBinData::ckDispose(bdPubKeyDer) ProcedureReturn EndIf Debug csrPem CkPrivateKey::ckDispose(privKey) CkEcc::ckDispose(ecc) CkPrng::ckDispose(prng) CkCsr::ckDispose(csr) CkBinData::ckDispose(bdTemp) CkXml::ckDispose(xml) CkBinData::ckDispose(bdPubKeyDer) ProcedureReturn EndProcedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.