EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add crl entry to CRL

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#11654
Posted: 11/12/2009 07:30:37
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Hi,

I'd like to add more complex crl entry to CRL.

With code:

TElCertificateRevocationListEx crl = new TElCertificateRevocationListEx();
crl.ThisUpdate = DateTime.Now;
crl.NextUpdate = DateTime.Now.AddDays(7.0);
crl.Issuer.Assign(_CAcertificate.SubjectRDN);

crl.Extensions.CRLNumber.Critical = false;
crl.Extensions.CRLNumber.Number = 1;
crl.Extensions.Included = 1;

crl.Add(_certificate); //certificate to revoke

it works fine, but entry with customer certificate is quite simple (only revocation date and revoke/hold certificate serial number).

Now, I'd like to add revocation reason.

In documentation i I've found, that in SBB contains class TElRevocationItem, which could contain revocation reason, but I haven't find any way to add such object to TElCertificateRevocationListEx.

Would you mind helping me?

Regards

Pawel.
#11656
Posted: 11/12/2009 07:57:50
by Eugene Mayevski (EldoS Corp.)

Add() method returns the index of the newly created TElRevocationItem object in Items property (in C# this would be get_Items() method). So you need to do something like this:

int idx = crl.Add(_certificate);
TElRevocationItem item = crl.get_Items(idx);
item.Exensions.Included = 1;
item.Extensions.ReasonCode.Reason = 2;


Sincerely yours
Eugene Mayevski
#11657
Posted: 11/12/2009 09:00:50
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

It works perfectly fine!

Thank you for your help and very quick answer.

One more (and I'm think last) issue. How to specify crlnumber extension? I'm trying with code:

TElCertificateRevocationListEx crl = new TElCertificateRevocationListEx();
crl.ThisUpdate = DateTime.Now;
crl.NextUpdate = DateTime.Now.AddDays(7.0);
crl.Issuer.Assign(_certificate.SubjectRDN);

crl.Extensions.Included = 1;

crl.Extensions.AuthorityKeyIdentifier.KeyIdentifier = _certificate.Extensions.AuthorityKeyIdentifier.KeyIdentifier;
crl.Extensions.AuthorityKeyIdentifier.AuthorityCertSerial = _certificate.SerialNumber;
crl.Extensions.AuthorityKeyIdentifier.IssuerSet = true;

TElCRLNumberCRLExtension cex = crl.Extensions.CRLNumber;
cex.Number = 1;


Best regards,

Pawel.
#11658
Posted: 11/12/2009 09:16:51
by Ken Ivanov (EldoS Corp.)

You should enable the corresponding flag in the Included set as well:

crl.Extensions.Included = 1 /* authority key identitifer */ | 4 /* crl number */;
#11659
Posted: 11/12/2009 09:33:43
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Again, works fine.

Thank you for your help and patience.

Best regards,

Pawel.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1738 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!