IPWorks S/MIME 2020 Kotlin Edition

Questions / Feedback?

CertExtension Type

Represents an extension for a certificate.

Remarks

A CertExtension represents an extension that adds to or modifies an X509 Certificate. Certificate extensions are defined by their ASN.1 Object-Identifier (OID). The Value field contains the raw data of the extension which is usually ASN.1-encoded.

Fields

Critical
Boolean

Whether or not the extension is defined as critical.

OID
String?

The ASN.1 Object-Identifier (OID) that defines this certificate extension.

Value
String

The raw value of this certificate extension. This value is encoded according to the extension's ASN.1 specification and should contain everything following the OID. Below is an example for clarity.

The example will

  • Add a sequence of basicConstraints indicating the holder of this certificate may not act as a CA.
  • Add a sequence of cRLDistributionPoints for where to get CRLs.

Certmgr mgr = new Certmgr();
mgr.Cert = new Certificate(CertStoreTypes.cstPFXFile, @"C:\signingcert.pfx", "password", "*");
mgr.CertExtensions.Clear();
mgr.Config("CertUsageFlags=0xA0"); //Key Encryption and Digital Signatures
mgr.Config("CertExtendedKeyUsage=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"); //Server and Client authentication (respectively)
mgr.Config("CertValidityTime=10000");

Netcode nc = new Netcode();
nc.Format = NetcodeFormats.fmtHex;

// Set basicConstraints to be an end-entity.
// Below is the hex-encoded value broken down.
// 30     // Tag = sequence
// 03     // Length
//   01   // Tag = boolean
//   01   // Length
//     00 // False (not a CA)

// Convert hex string to byte[]
nc.EncodedData = "3003010100";
nc.Decode();

string oid = "2.5.29.19"; // basicConstraints
byte[] value = nc.DecodedDataB;
bool critical = false;
CertExtension basicConstraints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(basicConstraints);

// Add one point: http://www.nsoftware.com/dummy/MyCA.crl
// Below is the hex-encoded value broken down.
// 30                    // Tag = sequence
// 2F                    // Length
//   30                  // Tag = DistributionPoint
//   2D                  // Length
//     A0                // Tag = DistributionPointName
//     2B                // Length
//       A0              // Tag = GeneralNames
//       29              // Length
//         86            // Tag = GeneralName
//         27            // Length
//           687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C // URL

// Convert hex string to byte[]
nc.EncodedData = "302F302DA02BA0298627687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C";
nc.Decode();

oid = "2.5.29.31"; // cRLDistributionPoints
value = nc.DecodedDataB;
critical = false;
CertExtension crlDistributionPoints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(crlDistributionPoints);

mgr.IssueCertificate("CN=www.petsbymatilda.com", 123);
Console.WriteLine(mgr.Cert.Encoded);

ValueB
ByteArray?

The raw value of this certificate extension. This value is encoded according to the extension's ASN.1 specification and should contain everything following the OID. Below is an example for clarity.

The example will

  • Add a sequence of basicConstraints indicating the holder of this certificate may not act as a CA.
  • Add a sequence of cRLDistributionPoints for where to get CRLs.

Certmgr mgr = new Certmgr();
mgr.Cert = new Certificate(CertStoreTypes.cstPFXFile, @"C:\signingcert.pfx", "password", "*");
mgr.CertExtensions.Clear();
mgr.Config("CertUsageFlags=0xA0"); //Key Encryption and Digital Signatures
mgr.Config("CertExtendedKeyUsage=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2"); //Server and Client authentication (respectively)
mgr.Config("CertValidityTime=10000");

Netcode nc = new Netcode();
nc.Format = NetcodeFormats.fmtHex;

// Set basicConstraints to be an end-entity.
// Below is the hex-encoded value broken down.
// 30     // Tag = sequence
// 03     // Length
//   01   // Tag = boolean
//   01   // Length
//     00 // False (not a CA)

// Convert hex string to byte[]
nc.EncodedData = "3003010100";
nc.Decode();

string oid = "2.5.29.19"; // basicConstraints
byte[] value = nc.DecodedDataB;
bool critical = false;
CertExtension basicConstraints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(basicConstraints);

// Add one point: http://www.nsoftware.com/dummy/MyCA.crl
// Below is the hex-encoded value broken down.
// 30                    // Tag = sequence
// 2F                    // Length
//   30                  // Tag = DistributionPoint
//   2D                  // Length
//     A0                // Tag = DistributionPointName
//     2B                // Length
//       A0              // Tag = GeneralNames
//       29              // Length
//         86            // Tag = GeneralName
//         27            // Length
//           687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C // URL

// Convert hex string to byte[]
nc.EncodedData = "302F302DA02BA0298627687474703A2F2F7777772E6E736F6674776172652E636F6D2F64756D6D792F4D7943412E63726C";
nc.Decode();

oid = "2.5.29.31"; // cRLDistributionPoints
value = nc.DecodedDataB;
critical = false;
CertExtension crlDistributionPoints = new CertExtension(oid, value, critical);
mgr.CertExtensions.Add(crlDistributionPoints);

mgr.IssueCertificate("CN=www.petsbymatilda.com", 123);
Console.WriteLine(mgr.Cert.Encoded);

Constructors

public constructor(oid: String?, value: ByteArray?, critical: Boolean)



Copyright (c) 2021 /n software inc. - All rights reserved.
IPWorks S/MIME 2020 Kotlin Edition - Version 20.0 [Build 7941]