void get_extensions() { schemaVersion = (Int32)_entry.Properties["msPKI-Template-Schema-Version"].Value; foreach (String oid in new [] { "2.5.29.15", "2.5.29.37", "2.5.29.32", "1.3.6.1.4.1.311.20.2", "2.5.29.19", "1.3.6.1.5.5.7.48.1.5" }) { switch (oid) { case "2.5.29.15": _exts.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, test_critical("2.5.29.15"))); break; case "2.5.29.37": if (_ekus.Count == 0) { break; } _exts.Add(new X509EnhancedKeyUsageExtension(_ekus, test_critical("2.5.29.37"))); _exts.Add(new X509ApplicationPoliciesExtension(_ekus, test_critical("1.3.6.1.4.1.311.21.10"))); break; case "2.5.29.32": if (CertificatePolicies.Count > 0) { X509CertificatePolicyCollection policies = new X509CertificatePolicyCollection(); foreach (Oid poloid in CertificatePolicies) { Oid2 oid2 = new Oid2(poloid.Value, OidGroupEnum.IssuancePolicy, true); X509CertificatePolicy policy = new X509CertificatePolicy(poloid.Value); try { policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0])); } catch { } policies.Add(policy); } _exts.Add(new X509CertificatePoliciesExtension(policies, test_critical("2.5.29.32"))); } break; case "1.3.6.1.4.1.311.20.2": if (schemaVersion == 1) { _exts.Add(new X509Extension(new Oid("1.3.6.1.4.1.311.20.2"), Asn1Utils.EncodeBMPString((String)_entry.Properties["cn"].Value), test_critical("1.3.6.1.4.1.311.20.2"))); } else { Int32 major = (Int32)_entry.Properties["Revision"].Value; Int32 minor = (Int32)_entry.Properties["msPKI-Template-Minor-Revision"].Value; Oid tempoid = new Oid((String)_entry.Properties["msPKI-Cert-Template-OID"].Value); _exts.Add(new X509CertificateTemplateExtension(tempoid, major, minor)); _exts[_exts.Count - 1].Critical = test_critical("1.3.6.1.4.1.311.21.7"); } break; case "2.5.29.19": if ( SubjectType == "Certification Authority" || SubjectType == "Cross Certification Authority" || (EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) != 0 ) { Boolean isCA; if (SubjectType == "Certification Authority" || SubjectType == "Cross Certification Authority") { isCA = true; } else { isCA = false; } Boolean hasConstraints = GetPathLengthConstraint() != -1; _exts.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), test_critical("2.5.29.19"))); } break; case "1.3.6.1.5.5.7.48.1.5": if ((EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) != 0) { _exts.Add(new X509Extension("1.3.6.1.5.5.7.48.1.5", new Byte[] { 5, 0 }, test_critical("1.3.6.1.5.5.7.48.1.5"))); } break; } } }
void readExtensions() { schemaVersion = (Int32)_entry[DsUtils.PropPkiSchemaVersion]; foreach (String oid in new[] { X509ExtensionOid.KeyUsage, X509ExtensionOid.EnhancedKeyUsage, X509ExtensionOid.CertificatePolicies, X509ExtensionOid.CertTemplateInfoV2, X509ExtensionOid.BasicConstraints, X509ExtensionOid.OcspRevNoCheck }) { switch (oid) { case X509ExtensionOid.KeyUsage: _extensions.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, isExtensionCritical(X509ExtensionOid.KeyUsage))); break; case X509ExtensionOid.EnhancedKeyUsage: if (_ekuList.Count == 0) { break; } _extensions.Add(new X509EnhancedKeyUsageExtension(EnhancedKeyUsage, isExtensionCritical(X509ExtensionOid.EnhancedKeyUsage))); _extensions.Add(new X509ApplicationPoliciesExtension(EnhancedKeyUsage, isExtensionCritical(X509ExtensionOid.ApplicationPolicies))); break; case X509ExtensionOid.CertificatePolicies: if (_certPolicies.Count > 0) { var policies = new X509CertificatePolicyCollection(); foreach (Oid policyOid in _certPolicies) { var oid2 = new Oid2(policyOid.Value, OidGroupEnum.IssuancePolicy, true); X509CertificatePolicy policy = new X509CertificatePolicy(policyOid.Value); try { policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0])); } catch { } policies.Add(policy); } _extensions.Add(new X509CertificatePoliciesExtension(policies, isExtensionCritical( X509ExtensionOid.CertificatePolicies))); } break; case X509ExtensionOid.CertTemplateInfoV2: Boolean isCritical = isExtensionCritical(X509ExtensionOid.CertTemplateInfoV2); if (schemaVersion == 1) { _extensions.Add(new X509Extension(new Oid(X509ExtensionOid.CertificateTemplate), Asn1Utils.EncodeBMPString((String)_entry[DsUtils.PropCN]), isCritical)); } else { Int32 major = (Int32)_entry[DsUtils.PropPkiTemplateMajorVersion]; Int32 minor = (Int32)_entry[DsUtils.PropPkiTemplateMinorVersion]; var templateOid = new Oid((String)_entry[DsUtils.PropCertTemplateOid]); var extension = new X509CertificateTemplateExtension(templateOid, major, minor) { Critical = isCritical }; _extensions.Add(extension); } break; case X509ExtensionOid.BasicConstraints: if ( SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA || (EnrollmentOptions & CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) > 0 ) { Boolean isCA; if (SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA) { isCA = true; } else { isCA = false; } Boolean hasConstraints = GetPathLengthConstraint() != -1; _extensions.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), isExtensionCritical( X509ExtensionOid.BasicConstraints))); } break; case X509ExtensionOid.OcspRevNoCheck: if ((EnrollmentOptions & CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) > 0) { _extensions.Add(new X509Extension(X509ExtensionOid.OcspRevNoCheck, new Byte[] { 5, 0 }, isExtensionCritical( X509ExtensionOid.OcspRevNoCheck))); } break; } } }
void get_extensions() { schemaVersion = (Int32)_entry[ActiveDirectory.PropPkiSchemaVersion]; foreach (String oid in new [] { X509CertExtensions.X509KeyUsage, X509CertExtensions.X509EnhancedKeyUsage, X509CertExtensions.X509CertificatePolicies, X509CertExtensions.X509CertTemplateInfoV2, X509CertExtensions.X509BasicConstraints, X509CertExtensions.X509OcspRevNoCheck }) { switch (oid) { case X509CertExtensions.X509KeyUsage: _exts.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, test_critical(X509CertExtensions.X509KeyUsage))); break; case X509CertExtensions.X509EnhancedKeyUsage: if (_ekus.Count == 0) { break; } _exts.Add(new X509EnhancedKeyUsageExtension(_ekus, test_critical(X509CertExtensions.X509EnhancedKeyUsage))); _exts.Add(new X509ApplicationPoliciesExtension(_ekus, test_critical(X509CertExtensions.X509ApplicationPolicies))); break; case X509CertExtensions.X509CertificatePolicies: if (CertificatePolicies.Count > 0) { X509CertificatePolicyCollection policies = new X509CertificatePolicyCollection(); foreach (Oid poloid in CertificatePolicies) { Oid2 oid2 = new Oid2(poloid.Value, OidGroupEnum.IssuancePolicy, true); X509CertificatePolicy policy = new X509CertificatePolicy(poloid.Value); try { policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0])); } catch { } policies.Add(policy); } _exts.Add(new X509CertificatePoliciesExtension(policies, test_critical( X509CertExtensions.X509CertificatePolicies))); } break; case X509CertExtensions.X509CertTemplateInfoV2: if (schemaVersion == 1) { _exts.Add(new X509Extension(new Oid(X509CertExtensions.X509CertTemplateInfoV2), Asn1Utils.EncodeBMPString((String)_entry[ActiveDirectory.PropCN]), test_critical( X509CertExtensions.X509CertTemplateInfoV2))); } else { Int32 major = (Int32)_entry[ActiveDirectory.PropPkiTemplateMajorVersion]; Int32 minor = (Int32)_entry[ActiveDirectory.PropPkiTemplateMinorVersion]; Oid tempoid = new Oid((String)_entry[ActiveDirectory.PropCertTemplateOid]); _exts.Add(new X509CertificateTemplateExtension(tempoid, major, minor)); _exts[_exts.Count - 1].Critical = test_critical(X509CertExtensions.X509CertificateTemplate); } break; case X509CertExtensions.X509BasicConstraints: if ( SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA || (EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) != 0 ) { Boolean isCA; if (SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA) { isCA = true; } else { isCA = false; } Boolean hasConstraints = GetPathLengthConstraint() != -1; _exts.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), test_critical( X509CertExtensions.X509BasicConstraints))); } break; case X509CertExtensions.X509OcspRevNoCheck: if ((EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) != 0) { _exts.Add(new X509Extension(X509CertExtensions.X509OcspRevNoCheck, new Byte[] { 5, 0 }, test_critical( X509CertExtensions.X509OcspRevNoCheck))); } break; } } }