public void TryGenerateCSRCustomOID()
{
int rc;
KeyBlob keyBlob = new KeyBlob();
Template template = new Template();
Csr csr = new Csr();
byte[] output = new byte[Device.MAX_TPM_BUFFER];
string subject = "/C=US/ST=Oregon/L=Portland/SN=Development" +
"/O=wolfSSL/OU=RSA/CN=www.wolfssl.com" +
"/[email protected]";
string keyUsage = "serverAuth,clientAuth,codeSigning";
string custOid = "1.2.3.4.5";
string custOidVal = "This is NOT a critical extension";
Console.WriteLine("Testing generate CSR custom");
rc = template.GetKeyTemplate_RSA((ulong)(
TPM2_Object.sensitiveDataOrigin |
TPM2_Object.userWithAuth |
TPM2_Object.decrypt |
TPM2_Object.sign |
TPM2_Object.noDA));
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = device.CreateKey(keyBlob, parent_key, template,
"ThisIsMyStorageKeyAuth");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.SetSubject(subject);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.SetKeyUsage(keyUsage);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.SetCustomExtension(custOid, custOidVal, 0);
/* if custom OID support is not compiled in then test is
* inconclusive */
if (rc == (int)Status.NOT_COMPILED_IN)
{
device.UnloadHandle(keyBlob);
Assert.Inconclusive();
}
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output);
Assert.That(rc, Is.GreaterThan(0));
Console.WriteLine("CSR PEM {0} bytes", rc.ToString());
rc = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
