/// <inheritdoc />
public void SetCertificateExtension(Int32 requestID, X509Extension extension)
{
if (extension == null)
{
throw new ArgumentNullException(nameof(extension));
}
var certAdmin = new CCertAdminClass();
// BSTR is length-prefixed type, so allocate extra 4 bytes to store BSTR length
IntPtr pbBstr = Marshal.AllocHGlobal(extension.RawData.Length + 4);
// write length in front of actual BSTR value
Marshal.WriteInt32(pbBstr, 0, extension.RawData.Length);
// copy raw bytes right after length prefix
Marshal.Copy(extension.RawData, 0, pbBstr + 4, extension.RawData.Length);
// create an instance of VARIANT and configure it
var variant = new OleAut.VARIANT {
vt = OleAut.VT_BSTR,
// the pointer to BSTR doesn't include prefix length, so skip 4 bytes
pvRecord = pbBstr + 4
};
Int32 flags = extension.Critical ? 1 : 0;
IntPtr pvarValue = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(OleAut.VARIANT)));
Marshal.StructureToPtr(variant, pvarValue, false);
try {
certAdmin.SetCertificateExtension(_configString, requestID, extension.Oid.Value, CertAdmConstants.ProptypeBinary, flags, pvarValue);
} finally {
Marshal.FreeHGlobal(pbBstr);
Marshal.FreeHGlobal(pvarValue);
CryptographyUtils.ReleaseCom(certAdmin);
}
}
static void Main(string[] args)
{
CCertAdminClass admin = new CCertAdminClass();
CCertEncodeAltNameClass altNames = new CCertEncodeAltNameClass();
altNames.Reset(2);
altNames.SetNameEntry(0, 3, "mail2.domain.com"); // 3 for CERT_ALT_NAME_DNS_NAME
altNames.SetNameEntry(1, 3, "websso.sysfil.systest.sanpaoloimi.com");
BStrWrapper wrapper = new BStrWrapper(altNames.Encode());
admin.SetCertificateExtension("10.190.65.163\\EDETOCVM-CA", 23, "2.5.29.17", 3, 0, wrapper); // #define PROPTYPE_BINARY 0x00000003 // Binary data
}
