IPWorks OpenPGP 2020 Java Edition

Questions / Feedback?

CertExtension Type

Represents an extension for a certificate.

Remarks

A CertExtension represents an extension that adds to or modifies an X509 Certificate. Certificate extensions are defined by their ASN.1 Object-Identifier (OID). The Value field contains the raw data of the extension which is usually ASN.1-encoded.

Fields

Critical
boolean

Whether or not the extension is defined as critical.

OID
String

The ASN.1 Object-Identifier (OID) that defines this certificate extension.

Value
String

The raw value of this certificate extension. This value is encoded according to the extension's ASN.1 specification and should contain everything following the OID. Below is an example for clarity.

The example will

  • Add a sequence of basicConstraints indicating the holder of this certificate may not act as a CA.
  • Add a sequence of cRLDistributionPoints for where to get CRLs.

Certmgr mgr = new Certmgr();
mgr.Cert = new Certificate(CertStoreTypes.cstPFXFile, @"C:\signingcert.pfx", "password", "*");
mgr.CertExtensions.Clear();
mgr.Config("CertUsageFlags=0xA0"); //Key Encryption and Digital Signatures
mgr.Config("CertExtendedKeyUsage=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"); //Server and Client authentication (respectively)
mgr.Config("CertValidityTime=10000");

Netcode nc = new Netcode();
nc.Format = NetcodeFormats.fmtHex;

// Set basicConstraints to be an end-entity.
// Below is the hex-encoded value broken down.
// 30     // Tag = sequence
// 03     // Length
//   01   // Tag = boolean
//   01   // Length
//     00 // False (not a CA)

// Convert hex string to byte[]
nc.EncodedData = "3003010100";
nc.Decode();

string oid = "2.5.29.19"; // basicConstraints
byte[] value = nc.DecodedDataB;
bool critical = false;
CertExtension basicConstraints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(basicConstraints);

// Add one point: http://www.nsoftware.com/dummy/MyCA.crl
// Below is the hex-encoded value broken down.
// 30                    // Tag = sequence
// 2F                    // Length
//   30                  // Tag = DistributionPoint
//   2D                  // Length
//     A0                // Tag = DistributionPointName
//     2B                // Length
//       A0              // Tag = GeneralNames
//       29              // Length
//         86            // Tag = GeneralName
//         27            // Length
//           687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C // URL

// Convert hex string to byte[]
nc.EncodedData = "302F302DA02BA0298627687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C";
nc.Decode();

oid = "2.5.29.31"; // cRLDistributionPoints
value = nc.DecodedDataB;
critical = false;
CertExtension crlDistributionPoints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(crlDistributionPoints);

mgr.IssueCertificate("CN=www.petsbymatilda.com", 123);
Console.WriteLine(mgr.Cert.Encoded);

ValueB
byte[]

The raw value of this certificate extension. This value is encoded according to the extension's ASN.1 specification and should contain everything following the OID. Below is an example for clarity.

The example will

  • Add a sequence of basicConstraints indicating the holder of this certificate may not act as a CA.
  • Add a sequence of cRLDistributionPoints for where to get CRLs.

Certmgr mgr = new Certmgr();
mgr.Cert = new Certificate(CertStoreTypes.cstPFXFile, @"C:\signingcert.pfx", "password", "*");
mgr.CertExtensions.Clear();
mgr.Config("CertUsageFlags=0xA0"); //Key Encryption and Digital Signatures
mgr.Config("CertExtendedKeyUsage=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"); //Server and Client authentication (respectively)
mgr.Config("CertValidityTime=10000");

Netcode nc = new Netcode();
nc.Format = NetcodeFormats.fmtHex;

// Set basicConstraints to be an end-entity.
// Below is the hex-encoded value broken down.
// 30     // Tag = sequence
// 03     // Length
//   01   // Tag = boolean
//   01   // Length
//     00 // False (not a CA)

// Convert hex string to byte[]
nc.EncodedData = "3003010100";
nc.Decode();

string oid = "2.5.29.19"; // basicConstraints
byte[] value = nc.DecodedDataB;
bool critical = false;
CertExtension basicConstraints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(basicConstraints);

// Add one point: http://www.nsoftware.com/dummy/MyCA.crl
// Below is the hex-encoded value broken down.
// 30                    // Tag = sequence
// 2F                    // Length
//   30                  // Tag = DistributionPoint
//   2D                  // Length
//     A0                // Tag = DistributionPointName
//     2B                // Length
//       A0              // Tag = GeneralNames
//       29              // Length
//         86            // Tag = GeneralName
//         27            // Length
//           687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C // URL

// Convert hex string to byte[]
nc.EncodedData = "302F302DA02BA0298627687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C";
nc.Decode();

oid = "2.5.29.31"; // cRLDistributionPoints
value = nc.DecodedDataB;
critical = false;
CertExtension crlDistributionPoints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(crlDistributionPoints);

mgr.IssueCertificate("CN=www.petsbymatilda.com", 123);
Console.WriteLine(mgr.Cert.Encoded);

Constructors

public CertExtension(String oid, byte[] value, boolean critical);



Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks OpenPGP 2020 Java Edition - Version 20.0 [Build 8249]