public void TryGenerateCSRCustomOID() { int rc; KeyBlob keyBlob = new KeyBlob(); Template template = new Template(); Csr csr = new Csr(); byte[] output = new byte[Device.MAX_TPM_BUFFER]; string subject = "/C=US/ST=Oregon/L=Portland/SN=Development" + "/O=wolfSSL/OU=RSA/CN=www.wolfssl.com" + "/[email protected]"; string keyUsage = "serverAuth,clientAuth,codeSigning"; string custOid = "1.2.3.4.5"; string custOidVal = "This is NOT a critical extension"; Console.WriteLine("Testing generate CSR custom"); rc = template.GetKeyTemplate_RSA((ulong)( TPM2_Object.sensitiveDataOrigin | TPM2_Object.userWithAuth | TPM2_Object.decrypt | TPM2_Object.sign | TPM2_Object.noDA)); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); rc = device.CreateKey(keyBlob, parent_key, template, "ThisIsMyStorageKeyAuth"); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); rc = device.LoadKey(keyBlob, parent_key); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); rc = csr.SetSubject(subject); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); rc = csr.SetKeyUsage(keyUsage); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); rc = csr.SetCustomExtension(custOid, custOidVal, 0); /* if custom OID support is not compiled in then test is * inconclusive */ if (rc == (int)Status.NOT_COMPILED_IN) { device.UnloadHandle(keyBlob); Assert.Inconclusive(); } Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output); Assert.That(rc, Is.GreaterThan(0)); Console.WriteLine("CSR PEM {0} bytes", rc.ToString()); rc = device.UnloadHandle(keyBlob); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); }