000021566 - How to set SubjectAltName cert extension via RSA Keon Certificate Authority OneStep plugin KCSOSD_EXTENSION parameter

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021566
Applies ToKeon Certificate Authority OneStep 6.5.1
Keon Certificate Authority OneStep Build 229 adds the ability to set certificate extensions
Extension data can be created within OneStep plugins using KCA-API functions and then passed to the OneStep executable via the KCSOSD_EXTENSION parameter
Sample plugin source flatdemo.c contains several example certificate extensions
IssueHow to set SubjectAltName cert extension via RSA Keon Certificate Authority OneStep plugin KCSOSD_EXTENSION parameter
There is no RSA Keon Certificate Authority API sample for creating a SubjectAltName extension with the 'otherName' type
Creating a SubjectAltName otherName type is documented in the RSA Keon Certificate Authority API Guide, but without an example, it is not obvious how to translate the description into code
ResolutionThe following code can be added to the addExtensions function in flatdemo.c to add this type of extension:


/******************* Create SubjectAltName Extension (otherName) ******************/

#define EXTENSION_SUB_ALT_NAME_OID "2.5.29.17"

/* SubjectAltName List */

xrc = XudaXTInstance ( XPTList, &xanyList);

if (xrc!=XrcOK)

return xrc;

xrc = XudaXTInstance ( XPTList, &xanyOtherNameList);

if (xrc!=XrcOK)

return xrc;

xrc = XudaXTInstance ( XPTList, &xanyValueList);

if (xrc!=XrcOK)

return xrc;

//name

XudaXPTListAdd(xanyOtherNameList, XudaXPTUTF8Temp("otherName"));

//value (otherNameObject)

XudaXPTListAdd(xanyValueList, XudaXPTUTF8Temp("typeid"));

XudaXPTListAdd(xanyValueList, XudaXPTUTF8Temp("oid"));

//example oid

XudaXPTListAdd(xanyValueList, XudaXPTUTF8Temp("1.3.6.1.4.1.311.20.2.3"));

XudaXPTListAdd(xanyValueList, XudaXPTUTF8Temp("value"));

XudaXPTListAdd(xanyValueList, XudaXPTUTF8Temp("utf8String"));

XudaXPTListAdd(xanyValueList, XudaXPTUTF8Temp("walker@ghn.org"));

XudaXPTListAdd(xanyOtherNameList, xanyValueList);

XudaFree(xanyValueList);

XudaXPTListAdd(xanyList, xanyOtherNameList);

XudaFree(xanyOtherNameList);

/*

now create the extension by passing the list of name/value pairs

*/

xrc = XudaCreateGeneralNamesExtension(EXTENSION_SUB_ALT_NAME_OID,

0, /* boolean - 1 if critical */

xanyList,

&xaExtension);

XudaFree(xanyList);

/* get the raw data and data length for the extension */

xrc = XudaXPTOctetsGet(xaExtension, &data, &dataLen);

if (xrc != XrcOK) goto cleanup;

/* pass extension generated back to onestep as name-value pair */

sprintf(name, "%s%d", KCSOSD_EXTENSION, ++suffix);

status = pInterface->InsertEntry(pInterface->NVlist, name, data, dataLen);

XudaFree(xaExtension);

XudaMEMFREE(data);

/******************************************************************/
Legacy Article IDa23670

Attachments

    Outcomes