[kmf-discuss] OIDs and Extensions
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Tue May 22 11:53:09 PDT 2007
Darn it, the example is still not right.
The fact that the ASN.1 library (libkmfberder.so.1)
is not exposed makes it harder than I had thought.
newextn.BERvalue.Data/Length need to refer to the
entire ASN.1 encoded octet stream for the entire extension.
Basically, you must properly encode your extension using whatever
means you have at your disposal and
then set the various fields in the KMF_X509_EXTENSION
structure. KMF doesn't provide any good ASN.1 routines
for consumers, unfortunately. If this becomes
a big pain, we could consider exposing libkmfberder.so.1
(and delivering the necessary headers to use it) in
the future.
For a multi-part extension, I think as long as you
encode it correctly, KMF will add it just fine.
-Wyllys
Wyllys Ingersoll wrote:
> Oops, I forgot a piece. See below...
>
> Wyllys Ingersoll wrote:
>> Try this:
>>
>> ...
>> KMF_X509_EXTENSION newextn;
>> char openca_extn = {0x01, 0x02, 0x03, 0x04, 0xAA, 0xF8 };
>> KMF_OID oid; /* initialize oid with your custom OID value */
>
> char *value = "TEST VALUE";
>
>> (void) memset(&newextn, 0, sizeof (newextn));
>>
>> newextn.critical = 1;
>> newextn.extnId = oid;
>> newextn.format = KMF_X509_DATAFORMAT_ENCODED;
>> newextn.BERvalue.Data = openca_extn;
>> newextn.BERvalue.Length = sizeof (openca_extn);
>>
>
> newextn.value.tagAndValue = malloc(sizeof (KMF_X509EXT_TAGandVALUE));
> newextn.value.tagAndValue->tag = 12; /* UTF8_STRING tag*/
> newextn.value.tagAndValue->value.Data = value;
> newextn.value.tagAndValue->value.Length = strlen(value);
>
>> rv = KMF_SetCertExtension(Cert, &newextn);
>> ...
More information about the kmf-discuss
mailing list