/// <inheritdoc /> public void SetCertificateExtension(Int32 requestID, X509Extension extension) { if (extension == null) { throw new ArgumentNullException(nameof(extension)); } var certAdmin = new CCertAdminClass(); // BSTR is length-prefixed type, so allocate extra 4 bytes to store BSTR length IntPtr pbBstr = Marshal.AllocHGlobal(extension.RawData.Length + 4); // write length in front of actual BSTR value Marshal.WriteInt32(pbBstr, 0, extension.RawData.Length); // copy raw bytes right after length prefix Marshal.Copy(extension.RawData, 0, pbBstr + 4, extension.RawData.Length); // create an instance of VARIANT and configure it var variant = new OleAut.VARIANT { vt = OleAut.VT_BSTR, // the pointer to BSTR doesn't include prefix length, so skip 4 bytes pvRecord = pbBstr + 4 }; Int32 flags = extension.Critical ? 1 : 0; IntPtr pvarValue = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(OleAut.VARIANT))); Marshal.StructureToPtr(variant, pvarValue, false); try { certAdmin.SetCertificateExtension(_configString, requestID, extension.Oid.Value, CertAdmConstants.ProptypeBinary, flags, pvarValue); } finally { Marshal.FreeHGlobal(pbBstr); Marshal.FreeHGlobal(pvarValue); CryptographyUtils.ReleaseCom(certAdmin); } }
static void Main(string[] args) { CCertAdminClass admin = new CCertAdminClass(); CCertEncodeAltNameClass altNames = new CCertEncodeAltNameClass(); altNames.Reset(2); altNames.SetNameEntry(0, 3, "mail2.domain.com"); // 3 for CERT_ALT_NAME_DNS_NAME altNames.SetNameEntry(1, 3, "websso.sysfil.systest.sanpaoloimi.com"); BStrWrapper wrapper = new BStrWrapper(altNames.Encode()); admin.SetCertificateExtension("10.190.65.163\\EDETOCVM-CA", 23, "2.5.29.17", 3, 0, wrapper); // #define PROPTYPE_BINARY 0x00000003 // Binary data }