EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add QCStatements extension in the request

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#35412
Posted: 01/06/2016 15:08:26
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

Hello

I need to add the QCStatements extension in the request, I get the following error

"Certificate not issued (Denied) Error Parsing Request The parameter is incorrect."

I'm using TElCertificateRequest object.


certificateRequest.Extensions.Included = certificateRequest.Extensions.Included |
SBX509Ext.Unit.ceSubjectAlternativeName |
SBX509Ext.Unit.ceSubjectDirectoryAttributes;

int i = certificateRequest.Extensions.SubjectAlternativeName.Content.Add();
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).NameType = TSBGeneralName.gnRFC822Name;
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).RFC822Name = suscriptor.Email;
....

byte[] boid = SBStrUtils.Unit.StrToOID("1.3.6.1.5.5.7.1.3");

certificateRequest.Extensions.OtherCount = 1;

TElCustomExtension ce = certificateRequest.Extensions.get_OtherExtensions(0);

ce.OID = boid;

byte[] value = {0x30, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b, 0x02, 0x30, 0x08, 0x06, 0x06, 0x60, 0x20, 0x01, 0x0a, 0x02, 0x02 };

ce.Value = value;



this "{0x30, ..., 0x02 }" is the hexa of this ASN1

SEQUENCE {
SEQUENCE {
OBJECTIDENTIFIER 1.3.6.1.5.5.7.11.2
SEQUENCE {
OBJECTIDENTIFIER 2.16.32.1.10.2.2
}
}
}
#35414
Posted: 01/06/2016 16:06:34
by Ken Ivanov (EldoS Corp.)

Hi,

Your code looks pretty correct to me, so the extension should be added as expected. Would it be possible for you to send a sample request generated by this code to us for checking? You can do that securely and privately via Helpdesk.

Looking from a different point of view, what makes you think that the problem is somehow related to the QCStatements extension?

Ken
#35423
Posted: 01/07/2016 09:41:58
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

I Build the request without the QCStatement With code below.
I obtained and sending the request to the CA and generates the certificate.

Code

TElCertificateRequest certificateRequest = new TElCertificateRequest();

certificateRequest.SetKeyMaterial(KM);
certificateRequest.PreserveKeyMaterial = true;
certificateRequest.Subject.Count = 3;

certificateRequest.Subject.set_Values(0, Encoding.Default.GetBytes(suscriptor.Pais));
certificateRequest.Subject.set_OIDs(0, SBConstants.Unit.SB_CERT_OID_COUNTRY);

certificateRequest.Subject.set_Values(1, Encoding.Default.GetBytes(suscriptor.CN));
certificateRequest.Subject.set_OIDs(1, SBConstants.Unit.SB_CERT_OID_COMMON_NAME);

certificateRequest.Subject.set_Values(2, Encoding.Default.GetBytes(suscriptor.Cuit.ToString()));
certificateRequest.Subject.set_OIDs(2, SBConstants.Unit.SB_CERT_OID_SERIAL_NUMBER);

certificateRequest.Extensions.Included = certificateRequest.Extensions.Included |
                SBX509Ext.Unit.ceSubjectAlternativeName |
                SBX509Ext.Unit.ceSubjectDirectoryAttributes;


int i = certificateRequest.Extensions.SubjectAlternativeName.Content.Add();
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).NameType = TSBGeneralName.gnRFC822Name;
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).RFC822Name = suscriptor.Email;

i = certificateRequest.Extensions.SubjectAlternativeName.Content.Add();
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).NameType = TSBGeneralName.gnDirectoryName;
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.Count = 3;

certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Values(0, SBStrUtils.__Global.StrToUTF8(suscriptor.CN));
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Tags(0, SBASN1Tree.__Global.SB_ASN1_UTF8STRING);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_OIDs(0, SBConstants.Unit.SB_CERT_OID_COMMON_NAME);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Values(1, SBStrUtils.__Global.StrToUTF8("CUIT=" + suscriptor.Cuit.ToString()));
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Tags(1, SBASN1Tree.__Global.SB_ASN1_UTF8STRING);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_OIDs(1, SBConstants.Unit.SB_CERT_OID_SERIAL_NUMBER);


certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Values(2, SBStrUtils.__Global.StrToUTF8(suscriptor.Titulo));
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Tags(2, SBASN1Tree.__Global.SB_ASN1_UTF8STRING);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_OIDs(2, SBConstants.Unit.SB_CERT_OID_TITLE);

KeySize = 2048;

Algorithm = SBConstants.Unit.SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION;
Hash = SBConstants.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION;

certificateRequest.Generate(Algorithm, KeySize, Hash);


Request:

-----BEGIN CERTIFICATE REQUEST-----
MIIC7DCCAdQCAQAwOTELMAkGA1UEBhMCYXIxFDASBgNVBAMTC3Rlc3QgdGVzaXRv
MRQwEgYDVQQFEwsyMDAwMDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALV8m6tnkRwuJnozYlUhMBX2bUKnBK4ItcinBks4hBA5ltau6/Tfvs8d
fFch38qz7qRNWPeNsmwAYeUJrOxLgS/V9MlBD/oDHYYl+Wyu50kKV4yQ4CplPWMD
KxL+DEBK6ObcOaAIsc8GWEyyiwKR0dgCvhqtEL1fYOaiPG/zDxVanXRDRph3pe0n
ddVrjTUKmsfhrvsHy00txUFYnxODjYiDKCbjASu2cn1sVriKYpXBPMYm94Y0kEyc
ulqt/p/NJEBJ8+OAPBycR33E+PR/CwAQEZdSDx4L4rurm0Te3xUTaY/0Ux/p7b7j
5leoOeuOZW4V1V9vZ9wdBHxWSr1PkxsCAwEAAaBuMGwGCSqGSIb3DQEJDjFfMF0w
WwYDVR0RBFQwUoEQdHR0QHlhaG9vLmNvbS5hcqQ+MDwxFDASBgNVBAMMC3Rlc3Qg
dGVzaXRvMRkwFwYDVQQFDBBDVUlUPTIwMDAwMDAwMDAxMQkwBwYDVQQMDAAwDQYJ
KoZIhvcNAQEFBQADggEBAAu95Xs5aYaksPsRTQDwgTr4bdYxe3H7RR6NMYDWZTQ6
0no/uRm46NOt0s5Ump0BPSrx7yfK/t+QvC/0fRZ2WyMjMwQXz1kyZWxs9RMG4Ams
9+hQH1HU8XMW4UMqPwBkY0t4T1lZktwE0EeIfACUus1vu8MjBLasjAStCMHT5o35
ZsQ35kK7hdBTmfipkIcLQ+5bGZtAM94eKmuK4e/Poll9RkZib9929mOinUlaimCU
rDVh6nkYrYcYfW3SVJ5pd074ci4JdcBVhwW+KBXV5nOWgxwCgxM8B0EfjyxW5hdk
ei2mm7hy8RvZixgIV0HQyykebZwQILeLf6btNz6RUd4=
-----END CERTIFICATE REQUEST-----

Then modify the code as follows and generated the request

Code

TElCertificateRequest certificateRequest = new TElCertificateRequest();

certificateRequest.SetKeyMaterial(KM);
certificateRequest.PreserveKeyMaterial = true;
certificateRequest.Subject.Count = 3;

certificateRequest.Subject.set_Values(0, Encoding.Default.GetBytes(suscriptor.Pais));
certificateRequest.Subject.set_OIDs(0, SBConstants.Unit.SB_CERT_OID_COUNTRY);

certificateRequest.Subject.set_Values(1, Encoding.Default.GetBytes(suscriptor.CN));
certificateRequest.Subject.set_OIDs(1, SBConstants.Unit.SB_CERT_OID_COMMON_NAME);

certificateRequest.Subject.set_Values(2, Encoding.Default.GetBytes(suscriptor.Cuit.ToString()));
certificateRequest.Subject.set_OIDs(2, SBConstants.Unit.SB_CERT_OID_SERIAL_NUMBER);

certificateRequest.Extensions.Included = certificateRequest.Extensions.Included |
                   SBX509Ext.Unit.ceSubjectAlternativeName |
                   SBX509Ext.Unit.ceSubjectDirectoryAttributes;

int i = certificateRequest.Extensions.SubjectAlternativeName.Content.Add();
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).NameType = TSBGeneralName.gnRFC822Name;
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).RFC822Name = suscriptor.Email;

i = certificateRequest.Extensions.SubjectAlternativeName.Content.Add();
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).NameType = TSBGeneralName.gnDirectoryName;
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.Count = 3;

certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Values(0, SBStrUtils.__Global.StrToUTF8(suscriptor.CN));
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Tags(0, SBASN1Tree.__Global.SB_ASN1_UTF8STRING);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_OIDs(0, SBConstants.Unit.SB_CERT_OID_COMMON_NAME);

certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Values(1, SBStrUtils.__Global.StrToUTF8("CUIT=" + suscriptor.Cuit.ToString()));
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Tags(1, SBASN1Tree.__Global.SB_ASN1_UTF8STRING);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_OIDs(1, SBConstants.Unit.SB_CERT_OID_SERIAL_NUMBER);

certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Values(2, SBStrUtils.__Global.StrToUTF8(suscriptor.Titulo));
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_Tags(2, SBASN1Tree.__Global.SB_ASN1_UTF8STRING);
certificateRequest.Extensions.SubjectAlternativeName.Content.get_Names(i).DirectoryName.set_OIDs(2, SBConstants.Unit.SB_CERT_OID_TITLE);

/*********************************************************************************************/

byte[] oid = SBStrUtils.Unit.StrToOID("1.3.6.1.5.5.7.1.3");
certificateRequest.Extensions.OtherCount = 1;
TElCustomExtension ce = certificateRequest.Extensions.get_OtherExtensions(0);
ce.OID = oid;
byte[] value = { 0x30, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b, 0x02, 0x30, 0x08, 0x06, 0x06, 0x60, 0x20, 0x01, 0x0a, 0x02, 0x02};
ce.Value = value;

/*********************************************************************************************/
KeySize = 2048;

Algorithm = SBConstants.Unit.SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION;
Hash = SBConstants.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION;

certificateRequest.Generate(Algorithm, KeySize, Hash);



Request:

-----BEGIN CERTIFICATE REQUEST-----
MIIC7DCCAdQCAQAwOTELMAkGA1UEBhMCYXIxFDASBgNVBAMTC3Rlc3QgdGVzaXRv
MRQwEgYDVQQFEwsyMDAwMDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALV8m6tnkRwuJnozYlUhMBX2bUKnBK4ItcinBks4hBA5ltau6/Tfvs8d
fFch38qz7qRNWPeNsmwAYeUJrOxLgS/V9MlBD/oDHYYl+Wyu50kKV4yQ4CplPWMD
KxL+DEBK6ObcOaAIsc8GWEyyiwKR0dgCvhqtEL1fYOaiPG/zDxVanXRDRph3pe0n
ddVrjTUKmsfhrvsHy00txUFYnxODjYiDKCbjASu2cn1sVriKYpXBPMYm94Y0kEyc
ulqt/p/NJEBJ8+OAPBycR33E+PR/CwAQEZdSDx4L4rurm0Te3xUTaY/0Ux/p7b7j
5leoOeuOZW4V1V9vZ9wdBHxWSr1PkxsCAwEAAaBuMGwGCSqGSIb3DQEJDjFfMF0w
WwYDVR0RBFQwUoEQdHR0QHlhaG9vLmNvbS5hcqQ+MDwxFDASBgNVBAMMC3Rlc3Qg
dGVzaXRvMRkwFwYDVQQFDBBDVUlUPTIwMDAwMDAwMDAxMQkwBwYDVQQMDAAwDQYJ
KoZIhvcNAQEFBQADggEBAAu95Xs5aYaksPsRTQDwgTr4bdYxe3H7RR6NMYDWZTQ6
0no/uRm46NOt0s5Ump0BPSrx7yfK/t+QvC/0fRZ2WyMjMwQXz1kyZWxs9RMG4Ams
9+hQH1HU8XMW4UMqPwBkY0t4T1lZktwE0EeIfACUus1vu8MjBLasjAStCMHT5o35
ZsQ35kK7hdBTmfipkIcLQ+5bGZtAM94eKmuK4e/Poll9RkZib9929mOinUlaimCU
rDVh6nkYrYcYfW3SVJ5pd074ci4JdcBVhwW+KBXV5nOWgxwCgxM8B0EfjyxW5hdk
ei2mm7hy8RvZixgIV0HQyykebZwQILeLf6btNz6RUd4=
-----END CERTIFICATE REQUEST-----


I get the following error

"Certificate not issued (Denied) Error Parsing Request The parameter is incorrect."


I think the problem may be that not assign a constant for QCStatement
Code
certificateRequest.Extensions.Included = certificateRequest.Extensions.Included |
                   SBX509Ext.Unit.ceSubjectAlternativeName |
                   SBX509Ext.Unit.ceSubjectDirectoryAttributes;
                   



and I can not find the constant for QCStatement

Code
public const int ceAuthorityInformationAccess = 8192;
public const int ceAuthorityKeyIdentifier = 1;
public const int ceBasicConstraints = 256;
public const int ceCertificatePolicies = 16;
public const int ceCommonName = 4194304;
public const int ceCRLDistributionPoints = 4096;
public const int ceExtendedKeyUsage = 2048;
public const int ceIssuerAlternativeName = 128;
public const int ceKeyUsage = 4;
public const int ceNameConstraints = 512;
public const int ceNetscapeBaseURL = 32768;
public const int ceNetscapeCAPolicyURL = 524288;
public const int ceNetscapeCARevokeURL = 131072;
public const int ceNetscapeCertType = 16384;
public const int ceNetscapeComment = 2097152;
public const int ceNetscapeRenewalURL = 262144;
public const int ceNetscapeRevokeURL = 65536;
public const int ceNetscapeServerName = 1048576;
public const int cePolicyConstraints = 1024;
public const int cePolicyMappings = 32;
public const int cePrivateKeyUsagePeriod = 8;
public const int ceSubjectAlternativeName = 64;
public const int ceSubjectDirectoryAttributes = 8388608;
public const int ceSubjectKeyIdentifier = 2;
                   
#35426
Posted: 01/07/2016 11:55:13
by Ken Ivanov (EldoS Corp.)

Thank you for the detailed information.

I am afraid both requests above are exactly the same. Could you please re-check if you've posted the second one correctly?

Ken
#35431
Posted: 01/07/2016 12:48:37
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

Thank you, this is the second request:

-----BEGIN CERTIFICATE REQUEST-----
MIIDDDCCAfQCAQAwOTELMAkGA1UEBhMCYXIxFDASBgNVBAMTC3Rlc3QgdGVzaXRv
MRQwEgYDVQQFEwsyMDAwMDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALV8m6tnkRwuJnozYlUhMBX2bUKnBK4ItcinBks4hBA5ltau6/Tfvs8d
fFch38qz7qRNWPeNsmwAYeUJrOxLgS/V9MlBD/oDHYYl+Wyu50kKV4yQ4CplPWMD
KxL+DEBK6ObcOaAIsc8GWEyyiwKR0dgCvhqtEL1fYOaiPG/zDxVanXRDRph3pe0n
ddVrjTUKmsfhrvsHy00txUFYnxODjYiDKCbjASu2cn1sVriKYpXBPMYm94Y0kEyc
ulqt/p/NJEBJ8+OAPBycR33E+PR/CwAQEZdSDx4L4rurm0Te3xUTaY/0Ux/p7b7j
5leoOeuOZW4V1V9vZ9wdBHxWSr1PkxsCAwEAAaCBjTCBigYJKoZIhvcNAQkOMX0w
ezBbBgNVHREEVDBSgRB0dHRAeWFob28uY29tLmFypD4wPDEUMBIGA1UEAwwLdGVz
dCB0ZXNpdG8xGTAXBgNVBAUMEENVSVQ9MjAwMDAwMDAwMDExCTAHBgNVBAwMADAc
BgAEGDAWMBQGCCsGAQUFBwsCMAgGBmAgAQoCAjANBgkqhkiG9w0BAQUFAAOCAQEA
R/7JA+D8ALcGDtef8jVolp8pHGaGzso9Eif8VLKka2OHG+7GGGwClDJaGr/l6kAK
/v3yn2iIVYcbPi6xTjDvndEbkYSHf4Z/hWrwkXDl+piMng7JKTVtYsyAVC7NN9P9
bgOIcgimw/KGHnjH4G+rjlQlHYtgjtMdgZCqjQ1qPLMdxgghc0BD+IKlYjJcO/+S
2im3+a4YwsBgJRg1jwtf+t5NX9rWpn42DFod5tZf1izkligP26oGy9axEfTJ/BiV
RQPVKAJCFoZ1D6lduS5e9ejOScksU/L0NeSOyP/ddAgrsN9AYmFA0QNZPM+/2+1Q
NGB8f2dwePzmpTYvPJ0ecQ==
-----END CERTIFICATE REQUEST-----
#35435
Posted: 01/07/2016 14:54:50
by Ken Ivanov (EldoS Corp.)

Hi,

Thank you for the updated request. I can see the problem now.

Please try swapping the assignments of the custom extension's OID and Value properties in your code:

Code
byte[] value = { 0x30, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0b, 0x02, 0x30, 0x08, 0x06, 0x06, 0x60, 0x20, 0x01, 0x0a, 0x02, 0x02};
ce.Value = value;

byte[] oid = SBStrUtils.Unit.StrToOID("1.3.6.1.5.5.7.1.3");
certificateRequest.Extensions.OtherCount = 1;
TElCustomExtension ce = certificateRequest.Extensions.get_OtherExtensions(0);
ce.OID = oid;


This change should help.

Ken
#35461
Posted: 01/08/2016 08:43:18
by Desarrollo Alpha (Standard support level)
Joined: 11/30/2015
Posts: 15

Thank you. it works.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1972 times

Number of guests: 3, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!