Hi,
Task: I need to add the certificate policy (OID.2.5.29.32) extension to the certificate request on Web-page by using CertEnroll and Javascript.
Policy Example: 1.2.643.3.131.1007.0.3.3.0 = http://test.ru/CertificatePolicies
OS: Windows 7 Enterprise
Browser: Internet Explorer 9 (9.0.8112.16421)
I have used the following examples:
http://technet.microsoft.com/en-us/library/ff182332 (WS.10). aspx
Here are two samples:
Sample1: by using X509Enrollment.CX509EnrollmentWebClassFactory (corresponds to the documentation, but does not allow CertificatePolicies)
When you try to create an object X509Enrollment.CCertificatePolicy (sample1, line 65) error: CertEnroll :: CX509EnrollmentWebClassFactory :: CreateObject: Interface not supported 0x80004002 (-2147467262)
var classFactory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory");
var objEnroll = classFactory.CreateObject("X509Enrollment.CX509Enrollment");
var objPrivateKey = classFactory.CreateObject("X509Enrollment.CX509PrivateKey");
var objRequest = classFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
var objDN = classFactory.CreateObject("X509Enrollment.CX500DistinguishedName");
objPrivateKey.ProviderName = CryptographicProviderName;
objPrivateKey.KeySpec = "2";
objPrivateKey.ProviderType = "24"; //24 = XCN_PROV_RSA_AES
objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); // 1 = ContextUser
objDN.Encode(sDistinguishedName, 0); //0 = XCN_CERT_NAME_STR_NONE
objRequest.Subject = objDN;
// Certificate Policies
// Problem Code
var cpOid = classFactory.CreateObject( "X509Enrollment.CObjectId" );
cpOid.InitializeFromValue( "1.2.643.3.131.1007.0.3.3.0" );
// Error
var cp = classFactory.CreateObject( "X509Enrollment.CCertificatePolicy" );
var qualifier = classFactory.CreateObject( "X509Enrollment.CPolicyQualifier" );
qualifier.InitializeEncode( 'http://test.ru/CertificatePolicies', 1 );
cp.Initialize( cpOid );
cp.PolicyQualifiers.Add( qualifier );
var cps = classFactory.CreateObject( "X509Enrollment.CCertificatePolicies" );
cps.Add( cp );
var cpExt = classFactory.CreateObject( "X509Enrollment.CX509ExtensionCertificatePolicies" );
cpExt.InitializeEncode( cps );
objRequest.X509Extensions.Add( cpExt );
// End Problem Code
objEnroll.InitializeFromRequest(objRequest);
szDN = objEnroll.CreateRequest(1); //1 = XCN_CRYPT_STRING_BASE64
Sample2: without using X509Enrollment.CX509EnrollmentWebClassFactory, I have created all objects directly.
Request has been created, policies have been added to the request, but the decision does not comply with the documentation so this doesn't look like a nice solution.
var objEnroll = new ActiveXObject("X509Enrollment.CX509Enrollment");
var objPrivateKey = new ActiveXObject("X509Enrollment.CX509PrivateKey");
var objRequest = new ActiveXObject("X509Enrollment.CX509CertificateRequestPkcs10");
var objDN = new ActiveXObject("X509Enrollment.CX500DistinguishedName");
objPrivateKey.ProviderName = CryptographicProviderName;
objPrivateKey.KeySpec = "2"; // 2 = XCN_AT_SIGNATURE
objPrivateKey.ProviderType = "24"; //24 = XCN_PROV_RSA_AES
objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); // 1 = ContextUser
objDN.Encode(sDistinguishedName, 0); //0 = XCN_CERT_NAME_STR_NONE
objRequest.Subject = objDN;
// Certificate Policies
var cpOid = new ActiveXObject( "X509Enrollment.CObjectId" );
cpOid.InitializeFromValue( "1.2.643.3.131.1007.0.3.3.0" );
var cp = new ActiveXObject( "X509Enrollment.CCertificatePolicy" );
var qualifier = new ActiveXObject( "X509Enrollment.CPolicyQualifier" );
qualifier.InitializeEncode( 'http://test.ru/CertificatePolicies', 1 );
cp.Initialize( cpOid );
cp.PolicyQualifiers.Add( qualifier );
var cps = new ActiveXObject( "X509Enrollment.CCertificatePolicies" );
cps.Add( cp );
var cpExt = new ActiveXObject( "X509Enrollment.CX509ExtensionCertificatePolicies" );
cpExt.InitializeEncode( cps );
objRequest.X509Extensions.Add( cpExt );
// End Certificate Policies
objEnroll.InitializeFromRequest(objRequest);
szDN = objEnroll.CreateRequest(1); //1 = XCN_CRYPT_STRING_BASE64So I have the following questions:
1. What is the correct way to add policies to the request?
2. Can I use a solution of 2? Or this can cause any problems?
Any help would be greatly appreciated!
Thanks,
Valentina.