Hi,
I generate CA root selfsign certificate file and CSR + private key file for
web server name server1.test.internal .
I try to generate signed certificate file by reading data from CSR file and
sign that file using CA root certificate public key.
I use this part of code to read data from CSR and add extensions to new
generated certificate for web server.
Pkcs10CertificationRequest csr = ..
Org.BouncyCastle.X509.X509Certificate rootCert = ..
Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes;
if (attributes != null)
{
for (int i = 0; i != attributes.Count; i++)
{
AttributePkcs attr =
AttributePkcs.GetInstance(attributes[i]);
if
(attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
X509Extensions extensions1 =
X509Extensions.GetInstance(attr.AttrValues[0]);
foreach (DerObjectIdentifier
oid in extensions1.ExtensionOids)
{
Org.BouncyCastle.Asn1.X509.X509Extension ext =
extensions1.GetExtension(oid);
certGen.AddExtension(oid, ext.IsCritical,
ext.Value.GetOctets());
}
}
}
}
Org.BouncyCastle.X509.X509Certificate issuedCert =
certGen.Generate(issuerKeyPair.Private);
I getting error that sed that cannot add first extension added by
certGen.AddExtension(...) when generating cetificate
throw new CertificateParsingException("cannot construct
BasicConstraints: " + e);
Then I try to explicitly add some extensions manually and another
extensions by reading data from CSR (code below)
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
new
AuthorityKeyIdentifierStructure(rootCert));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(csr.GetPublicKey()));
//certGen.AddExtension(X509Extensions.BasicConstraints, true, new
BasicConstraints(false));
//certGen.AddExtension(X509Extensions.KeyUsage, true, new
KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
//certGen.AddExtension(X509Extensions.KeyUsage, true, new
KeyUsage(KeyUsage.DigitalSignature ));
//certGen.AddExtension(X509Extensions.ExtendedKeyUsage, true, new
ExtendedKeyUsage( ArrayList.Repeat(KeyPurposeID.IdKPServerAuth, 1)));
Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes;
if (attributes != null)
{
for (int i = 0; i != attributes.Count; i++)
{
AttributePkcs attr =
AttributePkcs.GetInstance(attributes[i]);
if
(attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
X509Extensions extensions1 =
X509Extensions.GetInstance(attr.AttrValues[0]);
foreach (DerObjectIdentifier
oid in extensions1.ExtensionOids)
{
Org.BouncyCastle.Asn1.X509.X509Extension ext =
extensions1.GetExtension(oid);
if
(oid.Equals(X509Extensions.KeyUsage) ||
oid.Equals(X509Extensions.ExtendedKeyUsage) ||
oid.Equals(X509Extensions.SubjectAlternativeName))
{
certGen.AddExtension(oid, ext.IsCritical, ext.Value.GetOctets());
}
}
}
}
}
This time I got error:
throw new CertificateParsingException("cannot construct KeyUsage: " + e);
This is the first extension added by following line of code:
certGen.AddExtension(oid, ext.IsCritical, ext.Value.GetOctets());
Does anyone have an idea how to use a piece of code below in the right way?
certGen.AddExtension(oid, ext.IsCritical, ext.Value.GetOctets());
Thanks in advance,
VladanO
