Hi,
Task: I need to add the certificate policy (OID.2.5.29.32) extension to the certificate request on Web-page by using CertEnroll and Javascript.
Policy Example: 1.2.643.3.131.1007.0.3.3.0 = http://test.ru/CertificatePolicies
OS: Windows 7 Enterprise
Browser: Internet Explorer 9 (9.0.8112.16421)
I have used the following examples:
http://technet.microsoft.com/en-us/library/ff182332 (WS.10). aspx
Here are two samples:
Sample1: by using X509Enrollment.CX509EnrollmentWebClassFactory (corresponds to the documentation, but does not allow CertificatePolicies)
When you try to create an object X509Enrollment.CCertificatePolicy (sample1, line 65) error: CertEnroll :: CX509EnrollmentWebClassFactory :: CreateObject: Interface not supported 0x80004002 (-2147467262)
var classFactory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory"); var objEnroll = classFactory.CreateObject("X509Enrollment.CX509Enrollment"); var objPrivateKey = classFactory.CreateObject("X509Enrollment.CX509PrivateKey"); var objRequest = classFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10"); var objDN = classFactory.CreateObject("X509Enrollment.CX500DistinguishedName"); objPrivateKey.ProviderName = CryptographicProviderName; objPrivateKey.KeySpec = "2"; objPrivateKey.ProviderType = "24"; //24 = XCN_PROV_RSA_AES objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); // 1 = ContextUser objDN.Encode(sDistinguishedName, 0); //0 = XCN_CERT_NAME_STR_NONE objRequest.Subject = objDN; // Certificate Policies // Problem Code var cpOid = classFactory.CreateObject( "X509Enrollment.CObjectId" ); cpOid.InitializeFromValue( "1.2.643.3.131.1007.0.3.3.0" ); // Error var cp = classFactory.CreateObject( "X509Enrollment.CCertificatePolicy" ); var qualifier = classFactory.CreateObject( "X509Enrollment.CPolicyQualifier" ); qualifier.InitializeEncode( 'http://test.ru/CertificatePolicies', 1 ); cp.Initialize( cpOid ); cp.PolicyQualifiers.Add( qualifier ); var cps = classFactory.CreateObject( "X509Enrollment.CCertificatePolicies" ); cps.Add( cp ); var cpExt = classFactory.CreateObject( "X509Enrollment.CX509ExtensionCertificatePolicies" ); cpExt.InitializeEncode( cps ); objRequest.X509Extensions.Add( cpExt ); // End Problem Code objEnroll.InitializeFromRequest(objRequest); szDN = objEnroll.CreateRequest(1); //1 = XCN_CRYPT_STRING_BASE64
Sample2: without using X509Enrollment.CX509EnrollmentWebClassFactory, I have created all objects directly.
Request has been created, policies have been added to the request, but the decision does not comply with the documentation so this doesn't look like a nice solution.
var objEnroll = new ActiveXObject("X509Enrollment.CX509Enrollment"); var objPrivateKey = new ActiveXObject("X509Enrollment.CX509PrivateKey"); var objRequest = new ActiveXObject("X509Enrollment.CX509CertificateRequestPkcs10"); var objDN = new ActiveXObject("X509Enrollment.CX500DistinguishedName"); objPrivateKey.ProviderName = CryptographicProviderName; objPrivateKey.KeySpec = "2"; // 2 = XCN_AT_SIGNATURE objPrivateKey.ProviderType = "24"; //24 = XCN_PROV_RSA_AES objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); // 1 = ContextUser objDN.Encode(sDistinguishedName, 0); //0 = XCN_CERT_NAME_STR_NONE objRequest.Subject = objDN; // Certificate Policies var cpOid = new ActiveXObject( "X509Enrollment.CObjectId" ); cpOid.InitializeFromValue( "1.2.643.3.131.1007.0.3.3.0" ); var cp = new ActiveXObject( "X509Enrollment.CCertificatePolicy" ); var qualifier = new ActiveXObject( "X509Enrollment.CPolicyQualifier" ); qualifier.InitializeEncode( 'http://test.ru/CertificatePolicies', 1 ); cp.Initialize( cpOid ); cp.PolicyQualifiers.Add( qualifier ); var cps = new ActiveXObject( "X509Enrollment.CCertificatePolicies" ); cps.Add( cp ); var cpExt = new ActiveXObject( "X509Enrollment.CX509ExtensionCertificatePolicies" ); cpExt.InitializeEncode( cps ); objRequest.X509Extensions.Add( cpExt ); // End Certificate Policies objEnroll.InitializeFromRequest(objRequest); szDN = objEnroll.CreateRequest(1); //1 = XCN_CRYPT_STRING_BASE64
So I have the following questions:
1. What is the correct way to add policies to the request?
2. Can I use a solution of 2? Or this can cause any problems?
Any help would be greatly appreciated!
Thanks,
Valentina.