void get_extensions()
{
schemaVersion = (Int32)_entry.Properties["msPKI-Template-Schema-Version"].Value;
foreach (String oid in new [] { "2.5.29.15", "2.5.29.37", "2.5.29.32", "1.3.6.1.4.1.311.20.2", "2.5.29.19", "1.3.6.1.5.5.7.48.1.5" })
{
switch (oid)
{
case "2.5.29.15":
_exts.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, test_critical("2.5.29.15")));
break;
case "2.5.29.37":
if (_ekus.Count == 0)
{
break;
}
_exts.Add(new X509EnhancedKeyUsageExtension(_ekus, test_critical("2.5.29.37")));
_exts.Add(new X509ApplicationPoliciesExtension(_ekus, test_critical("1.3.6.1.4.1.311.21.10")));
break;
case "2.5.29.32":
if (CertificatePolicies.Count > 0)
{
X509CertificatePolicyCollection policies = new X509CertificatePolicyCollection();
foreach (Oid poloid in CertificatePolicies)
{
Oid2 oid2 = new Oid2(poloid.Value, OidGroupEnum.IssuancePolicy, true);
X509CertificatePolicy policy = new X509CertificatePolicy(poloid.Value);
try {
policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0]));
} catch { }
policies.Add(policy);
}
_exts.Add(new X509CertificatePoliciesExtension(policies, test_critical("2.5.29.32")));
}
break;
case "1.3.6.1.4.1.311.20.2":
if (schemaVersion == 1)
{
_exts.Add(new X509Extension(new Oid("1.3.6.1.4.1.311.20.2"), Asn1Utils.EncodeBMPString((String)_entry.Properties["cn"].Value), test_critical("1.3.6.1.4.1.311.20.2")));
}
else
{
Int32 major = (Int32)_entry.Properties["Revision"].Value;
Int32 minor = (Int32)_entry.Properties["msPKI-Template-Minor-Revision"].Value;
Oid tempoid = new Oid((String)_entry.Properties["msPKI-Cert-Template-OID"].Value);
_exts.Add(new X509CertificateTemplateExtension(tempoid, major, minor));
_exts[_exts.Count - 1].Critical = test_critical("1.3.6.1.4.1.311.21.7");
}
break;
case "2.5.29.19":
if (
SubjectType == "Certification Authority" ||
SubjectType == "Cross Certification Authority" ||
(EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) != 0
)
{
Boolean isCA;
if (SubjectType == "Certification Authority" || SubjectType == "Cross Certification Authority")
{
isCA = true;
}
else
{
isCA = false;
}
Boolean hasConstraints = GetPathLengthConstraint() != -1;
_exts.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), test_critical("2.5.29.19")));
}
break;
case "1.3.6.1.5.5.7.48.1.5":
if ((EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) != 0)
{
_exts.Add(new X509Extension("1.3.6.1.5.5.7.48.1.5", new Byte[] { 5, 0 }, test_critical("1.3.6.1.5.5.7.48.1.5")));
}
break;
}
}
}
void readExtensions()
{
schemaVersion = (Int32)_entry[DsUtils.PropPkiSchemaVersion];
foreach (String oid in new[] {
X509ExtensionOid.KeyUsage,
X509ExtensionOid.EnhancedKeyUsage,
X509ExtensionOid.CertificatePolicies,
X509ExtensionOid.CertTemplateInfoV2,
X509ExtensionOid.BasicConstraints,
X509ExtensionOid.OcspRevNoCheck
})
{
switch (oid)
{
case X509ExtensionOid.KeyUsage:
_extensions.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, isExtensionCritical(X509ExtensionOid.KeyUsage)));
break;
case X509ExtensionOid.EnhancedKeyUsage:
if (_ekuList.Count == 0)
{
break;
}
_extensions.Add(new X509EnhancedKeyUsageExtension(EnhancedKeyUsage, isExtensionCritical(X509ExtensionOid.EnhancedKeyUsage)));
_extensions.Add(new X509ApplicationPoliciesExtension(EnhancedKeyUsage, isExtensionCritical(X509ExtensionOid.ApplicationPolicies)));
break;
case X509ExtensionOid.CertificatePolicies:
if (_certPolicies.Count > 0)
{
var policies = new X509CertificatePolicyCollection();
foreach (Oid policyOid in _certPolicies)
{
var oid2 = new Oid2(policyOid.Value, OidGroupEnum.IssuancePolicy, true);
X509CertificatePolicy policy = new X509CertificatePolicy(policyOid.Value);
try {
policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0]));
} catch { }
policies.Add(policy);
}
_extensions.Add(new X509CertificatePoliciesExtension(policies, isExtensionCritical(
X509ExtensionOid.CertificatePolicies)));
}
break;
case X509ExtensionOid.CertTemplateInfoV2:
Boolean isCritical = isExtensionCritical(X509ExtensionOid.CertTemplateInfoV2);
if (schemaVersion == 1)
{
_extensions.Add(new X509Extension(new Oid(X509ExtensionOid.CertificateTemplate), Asn1Utils.EncodeBMPString((String)_entry[DsUtils.PropCN]), isCritical));
}
else
{
Int32 major = (Int32)_entry[DsUtils.PropPkiTemplateMajorVersion];
Int32 minor = (Int32)_entry[DsUtils.PropPkiTemplateMinorVersion];
var templateOid = new Oid((String)_entry[DsUtils.PropCertTemplateOid]);
var extension = new X509CertificateTemplateExtension(templateOid, major, minor)
{
Critical = isCritical
};
_extensions.Add(extension);
}
break;
case X509ExtensionOid.BasicConstraints:
if (
SubjectType == CertTemplateSubjectType.CA ||
SubjectType == CertTemplateSubjectType.CrossCA ||
(EnrollmentOptions & CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) > 0
)
{
Boolean isCA;
if (SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA)
{
isCA = true;
}
else
{
isCA = false;
}
Boolean hasConstraints = GetPathLengthConstraint() != -1;
_extensions.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), isExtensionCritical(
X509ExtensionOid.BasicConstraints)));
}
break;
case X509ExtensionOid.OcspRevNoCheck:
if ((EnrollmentOptions & CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) > 0)
{
_extensions.Add(new X509Extension(X509ExtensionOid.OcspRevNoCheck, new Byte[] { 5, 0 }, isExtensionCritical(
X509ExtensionOid.OcspRevNoCheck)));
}
break;
}
}
}
void get_extensions()
{
schemaVersion = (Int32)_entry[ActiveDirectory.PropPkiSchemaVersion];
foreach (String oid in new [] {
X509CertExtensions.X509KeyUsage,
X509CertExtensions.X509EnhancedKeyUsage,
X509CertExtensions.X509CertificatePolicies,
X509CertExtensions.X509CertTemplateInfoV2,
X509CertExtensions.X509BasicConstraints,
X509CertExtensions.X509OcspRevNoCheck
})
{
switch (oid)
{
case X509CertExtensions.X509KeyUsage:
_exts.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, test_critical(X509CertExtensions.X509KeyUsage)));
break;
case X509CertExtensions.X509EnhancedKeyUsage:
if (_ekus.Count == 0)
{
break;
}
_exts.Add(new X509EnhancedKeyUsageExtension(_ekus, test_critical(X509CertExtensions.X509EnhancedKeyUsage)));
_exts.Add(new X509ApplicationPoliciesExtension(_ekus, test_critical(X509CertExtensions.X509ApplicationPolicies)));
break;
case X509CertExtensions.X509CertificatePolicies:
if (CertificatePolicies.Count > 0)
{
X509CertificatePolicyCollection policies = new X509CertificatePolicyCollection();
foreach (Oid poloid in CertificatePolicies)
{
Oid2 oid2 = new Oid2(poloid.Value, OidGroupEnum.IssuancePolicy, true);
X509CertificatePolicy policy = new X509CertificatePolicy(poloid.Value);
try {
policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0]));
} catch { }
policies.Add(policy);
}
_exts.Add(new X509CertificatePoliciesExtension(policies, test_critical(
X509CertExtensions.X509CertificatePolicies)));
}
break;
case X509CertExtensions.X509CertTemplateInfoV2:
if (schemaVersion == 1)
{
_exts.Add(new X509Extension(new Oid(X509CertExtensions.X509CertTemplateInfoV2), Asn1Utils.EncodeBMPString((String)_entry[ActiveDirectory.PropCN]), test_critical(
X509CertExtensions.X509CertTemplateInfoV2)));
}
else
{
Int32 major = (Int32)_entry[ActiveDirectory.PropPkiTemplateMajorVersion];
Int32 minor = (Int32)_entry[ActiveDirectory.PropPkiTemplateMinorVersion];
Oid tempoid = new Oid((String)_entry[ActiveDirectory.PropCertTemplateOid]);
_exts.Add(new X509CertificateTemplateExtension(tempoid, major, minor));
_exts[_exts.Count - 1].Critical = test_critical(X509CertExtensions.X509CertificateTemplate);
}
break;
case X509CertExtensions.X509BasicConstraints:
if (
SubjectType == CertTemplateSubjectType.CA ||
SubjectType == CertTemplateSubjectType.CrossCA ||
(EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) != 0
)
{
Boolean isCA;
if (SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA)
{
isCA = true;
}
else
{
isCA = false;
}
Boolean hasConstraints = GetPathLengthConstraint() != -1;
_exts.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), test_critical(
X509CertExtensions.X509BasicConstraints)));
}
break;
case X509CertExtensions.X509OcspRevNoCheck:
if ((EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) != 0)
{
_exts.Add(new X509Extension(X509CertExtensions.X509OcspRevNoCheck, new Byte[] { 5, 0 }, test_critical(
X509CertExtensions.X509OcspRevNoCheck)));
}
break;
}
}
}
