EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add Extensions property

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#6125
Posted: 05/06/2008 03:25:04
by  xu cong
hi,
I want to add Extensions property while awarding the certificate.
My way is:
Code
TElCertificateRequest FRequest = new TElCertificateRequest();
TElX509Certificate TELX509 = new TElX509Certificate();

...

DateTime date = DateTime.Now;
string date_ = date.ToString("yyyyMMddHHmmss");
TElX509Certificate certificate = new TElX509Certificate(null);

certificate.SerialNumber = SBUtils.Unit.StrToUTF8(date_);
certificate.ValidFrom = Convert.ToDateTime(TextBox3.Text);
certificate.ValidTo = Convert.ToDateTime(TextBox4.Text);
certificate.Extensions.AuthorityInformationAccess.Count = 1;
certificate.Extensions.CRLDistributionPoints.Count = 1;
certificate.Extensions.AuthorityInformationAccess.Value = SBUtils.Unit.StrToUTF8("http://secure.globalsign.net/cacert/orgv1.crt");
certificate.Extensions.CRLDistributionPoints.Value = SBUtils.Unit.StrToUTF8("http://crl.globalsign.net/OrganizationVal1.crl");
certificate.Extensions.ExtendedKeyUsage.ClientAuthentication = true;
certificate.Extensions.ExtendedKeyUsage.CodeSigning = true;
certificate.Extensions.ExtendedKeyUsage.EmailProtection = true;
certificate.Extensions.ExtendedKeyUsage.ServerAuthentication = true;
certificate.Extensions.ExtendedKeyUsage.TimeStamping = true;
certificate.Extensions.AuthorityKeyIdentifier.Value = TELX509.Extensions.SubjectKeyIdentifier.Value;
certificate.Extensions.SubjectKeyIdentifier.Value = FRequest.Extensions.SubjectKeyIdentifier.Value;
certificate.Extensions.BasicConstraints.CA = false;
certificate.Extensions.BasicConstraints.PathLenConstraint = 0;
certificate.Extensions.CertificatePolicies.Value = SBUtils.Unit.StrToUTF8("http://www.globalsign.net/repository/");
certificate.Extensions.CertificatePolicies.OID = SBUtils.Unit.StrToUTF8("1.3.6.1.4.1.4146.1.20");
certificate.Extensions.KeyUsage.Critical = true;
certificate.Extensions.KeyUsage.DigitalSignature = true;
certificate.Extensions.KeyUsage.KeyEncipherment = true;
            
TELX509.Generate(FRequest, certificate);

...


However, can not add Extensions property into the certificate after carrying out the procedure.
I have read the Help document, have not found the method to solve.
#6126
Posted: 05/06/2008 03:45:25
by Eugene Mayevski (EldoS Corp.)

You don't set Included property, which indicates, what extensions you want to include.


Sincerely yours
Eugene Mayevski
#6127
Posted: 05/06/2008 03:59:14
by  xu cong
How should I do ? can provide a Demo .
#6128
Posted: 05/06/2008 04:14:21
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Please read our documentation at http://www.eldos.com/documentation/sbb/documentation/ref_cl_certificateextensions_prp_included.html

You should write something like
certificate.Extensions.Included := [ceCRLDistributionPoints, ceAuthorityInformationAccess, ceKeyUsage], depending on what extensions you want to include into the certificate.
#6129
Posted: 05/06/2008 04:28:46
by Eugene Mayevski (EldoS Corp.)

This is C#. The code will be different.


Sincerely yours
Eugene Mayevski
#6130
Posted: 05/06/2008 04:44:54
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Sorry, for C# code will be as following:
certificate.Extensions.In­cluded = SBX509Ext.Unit.ceAuthorityKeyIdentifier | SBX509Ext.Unit.cePrivateKeyUsagePeriod | SBX509Ext.Unit.ceCRLDistributionPoints;
#6152
Posted: 05/07/2008 04:21:42
by  xu cong
A related question:
How to set up AccessMethod property in AuthorityInformationAccess?
This is my code:
Code
...

            SBX509Ext.TElGeneralName AIA_URL = new SBX509Ext.TElGeneralName();            
            AIA_URL.UniformResourceIdentifier = "http://secure.globalsign.net/cacert/orgv1.crt";
            AIA_URL.NameType = SBX509Ext.TSBGeneralName.gnUniformResourceIdentifier;
            certificate.Extensions.AuthorityInformationAccess.Count = 1;
            certificate.Extensions.AuthorityInformationAccess.get_AccessDescriptions(0).AccessMethod = SBUtils.Unit.StrToUTF8("1.3.6.1.5.5.7.48.1");
            certificate.Extensions.AuthorityInformationAccess.get_AccessDescriptions(0).AccessLocation.Assign(AIA_URL);

...

But AccessMethod property set is wrong.
Can you tell me how to correctly set up?
#6153
Posted: 05/07/2008 04:46:29
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

To get OID from this numeric notation, you should use function SBUtils.Unit.StrToOID("1­.3.6.1.5.5.7.48.1");
#6154
Posted: 05/07/2008 05:09:15
by  xu cong
Thank you very much!
#6177
Posted: 05/08/2008 02:07:40
by  xu cong
1)How to disappear UserNotice property in CertificatePolicies ?
2)How to disappear CRL Reason property in CRLDistributionPoints ?
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 7376 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!