|
|
(JavaScript) Generate a CSR containing an Extension Request
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest.Note: This example requires Chilkat v11.0.0 or greater.
var success = false;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will generate a secp256r1 ECDSA key for the CSR.
var ecc = new CkEcc();
var prng = new CkPrng();
var privKey = new CkPrivateKey();
success = ecc.GenKey("secp256r1",prng,privKey);
if (success == false) {
console.log("Failed to generate a new ECDSA private key.");
return;
}
var csr = new CkCsr();
// Add common CSR fields:
csr.CommonName = "mysubdomain.mydomain.com";
csr.Country = "GB";
csr.State = "Yorks";
csr.Locality = "York";
csr.Company = "Internet Widgits Pty Ltd";
csr.EmailAddress = "support@mydomain.com";
// Add the following 1.2.840.113549.1.9.14 extensionRequest
// Note: The easiest way to know the content and format of the XML to be added is to examine
// a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
// get the extensionRequest from an existing CSR.
//
// Here is a sample extension request:
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <printable>ZATCA-Code-Signing</printable>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.17</oid>
// <asnOctets>
// <sequence>
// <contextSpecific tag="4" constructed="1">
// <sequence>
// <set>
// <sequence>
// <oid>2.5.4.4</oid>
// <utf8>334623324234325</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>0.9.2342.19200300.100.1.1</oid>
// <utf8>310122393500003</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>2.5.4.12</oid>
// <utf8>0000</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>2.5.4.26</oid>
// <utf8>Sample E</utf8>
// </sequence>
// </set>
// <set>
// <sequence>
// <oid>2.5.4.15</oid>
// <utf8>Sample Business</utf8>
// </sequence>
// </set>
// </sequence>
// </contextSpecific>
// </sequence>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
// Here's the code to generate the above extension request.
var xml = new CkXml();
xml.Tag = "set";
xml.UpdateChildContent("sequence|sequence|oid","1.3.6.1.4.1.311.20.2");
xml.UpdateChildContent("sequence|sequence|asnOctets|printable","ZATCA-Code-Signing");
xml.UpdateChildContent("sequence|sequence[1]|oid","2.5.29.17");
xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|sequence|contextSpecific",true,"tag","4");
xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|sequence|contextSpecific",true,"constructed","1");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid","2.5.4.4");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8","334623324234325");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid","0.9.2342.19200300.100.1.1");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8","310122393500003");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid","2.5.4.12");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8","0000");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid","2.5.4.26");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8","Sample E");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid","2.5.4.15");
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8","Sample Business");
// Add the extension request to the CSR
csr.SetExtensionRequest(xml);
// Generate the CSR with the extension request
var csrPem = csr.GenCsrPem(privKey);
if (csr.LastMethodSuccess == false) {
console.log(csr.LastErrorText);
return;
}
console.log(csrPem);
// Sample PEM output:
// -----BEGIN CERTIFICATE REQUEST-----
// MIICEjCCAbkCAQAwgZcxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
// bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
// HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxIzAhBgkqhkiG9w0BCQEW
// FHN1cHBvcnRAbXlkb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
// g8EVNSV0ttlM9kG2E+J3ZB9WEDYVf2QA/8idrPRUafia1CHjd1kslwZA8eP2bAcf
// 2O493QAENqtW6DTHJbRz8KCBvjCBuwYJKoZIhvcNAQkOMYGtMIGqMCEGCSsGAQQB
// gjcUAgQUExJaQVRDQS1Db2RlLVNpZ25pbmcwgYQGA1UdEQR9MHukeTB3MRgwFgYD
// VQQEDA8zMzQ2MjMzMjQyMzQzMjUxHzAdBgoJkiaJk/IsZAEBDA8zMTAxMjIzOTM1
// MDAwMDMxDTALBgNVBAwMBDAwMDAxETAPBgNVBBoMCFNhbXBsZSBFMRgwFgYDVQQP
// DA9TYW1wbGUgQnVzaW5lc3MwCgYIKoZIzj0EAwIDRwAwRAIgF7D30eSBklfo+oel
// 1B0z64eJDB9MB3rCoiFZlj+mz0YCIHYI87eyqdtw2LOcAoBRhyxlBT6i28+Z/8t9
// bYsMIYvp
// -----END CERTIFICATE REQUEST-----
|
