AppendCertificateRequest (Stringlist function): Difference between revisions

Revision as of 19:47, 25 May 2012

Add certificate request to a Stringlist (Stringlist class)

[Requires Janus Network Security]

This callable method generates an SSL client certificate request from a given private key, and it adds the certificate request lines to the end of a Stringlist.

Syntax

[%rc =] sl:AppendCertificateRequest( [PrivateKey=] string, - [[Country=] string], [[State=] string], - [[City=] string], - [[Organization=] string], - [[OrganizationalUnit=] string], - [[CommonName=] string], - [SignatureAlgorithm= digestAlgorithm])

Syntax terms

%rc	An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in "Return codes".
sl	A `Stringlist` object to contain the generated request.
`PrivateKey`	This name allowed parameter is a `Stringlist` object that contains an RSA-generated private key. This value must be less than or equal to 2048 bits.
`Country`	This name allowed, optional, string argument inserts a country value into the generated certificate request.
`State`	This name allowed, optional, string argument inserts a state/province value into the generated certificate request.
`City`	This name allowed, optional, string argument inserts a city value into the generated certificate request.
`Organization`	This name allowed, optional, string argument inserts an organization value into the generated certificate request.
`OrganizationalUnit`	This name allowed, optional, string argument inserts an organization unit value into the generated certificate request.
`CommonName`	This name allowed, optional, string argument inserts a common-name value into the generated certificate request.

Return codes

0	All is well.
3	Out of CCATEMP.
5	`Stringlist` identifier missing.
6	Invalid `Stringlist` identifier.
7	Insufficient storage.
10	Private key `Stringlist` identifier missing.
11	Invalid private key `Stringlist` identifier.
12	Invalid private key.
13	Challenge data mismatch.
14	Bad private key/challenge signature.

Usage notes

To review the contents of the generated request, you can use DerToXmlDoc.

Examples

In the following example, the certificate request that is generated from a private key by AppendCertificateRequest is displayed in base64, then checked by CheckCertificateRequest, then converted to string by PemToString and loaded to an XmlDoc by DerToXmlDoc:

b %sl is object stringlist %pk is object stringlist %rc is float %ls is longstring %sl = new text to %pk raw -----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2 40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9 BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3 p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6 kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh 8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe +3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4 votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5 xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll -----END RSA PRIVATE KEY----- end text %rc = %sl:appendCertificaterequest(%pk, country='USA') print 'return code is ' %rc %sl:print %rc = %sl:CheckCertificateRequest(PrivateKey=%pk) print 'checkcert return code is ' %rc %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST') %ls:derToXmlDoc:print end

The result is something like:

return code is 0 -----BEGIN NEW CERTIFICATE REQUEST----- MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI -----END NEW CERTIFICATE REQUEST----- checkcert return code is 0 <Sequence> <Sequence> <Integer>0</Integer> <Sequence/> <Set> <Sequence> <ObjectIdentifier>2.5.4.6</ObjectIdentifier> <PrintableString>USA</PrintableString> </Sequence> </Set> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6- FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2- 188604D88FFC451E082F020103 </BitString> </Sequence> <ContextSpecific tag="0"/> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231- C691EBD4D0C963E4 ... 45775F5B3AEFB948 </BitString> </Sequence>

@@ Line 12: / Line 12: @@
 <tr><th>sl</th>
-<td>A Stringlist object to contain the generated request.</td></tr>
+<td>A <var>Stringlist</var> object to contain the generated request.</td></tr>
 <tr><th><var>PrivateKey</var></th>
@@ Line 18: / Line 18: @@
 <tr><th><var>Country</var></th>
-<td>string</td></tr>
+<td>This name allowed, optional, string argument inserts a country value into the generated certificate request. </td></tr>
 <tr><th><var>State</var></th>
-<td>string</td></tr>
+<td>This name allowed, optional, string argument inserts a state/province value into the generated certificate request. </td></tr>
 <tr><th><var>City</var></th>
-<td>string</td></tr>
+<td>This name allowed, optional, string argument inserts a city value into the generated certificate request. </td></tr>
 <tr><th><var>Organization</var></th>
-<td>string</td></tr>
+<td>This name allowed, optional, string argument inserts an organization value into the generated certificate request. </td></tr>
 <tr><th><var>OrganizationalUnit</var></th>
-<td>string</td></tr>
+<td>This name allowed, optional, string argument inserts an organization unit value into the generated certificate request. </td></tr>
 <tr><th><var>CommonName</var></th>
-<td>string</td></tr>
+<td>This name allowed, optional, string argument inserts a common-name value into the generated certificate request.</td></tr>
 </table>
@@ Line 56: / Line 56: @@
 ==Examples==
-In the following example, the certificate request that is generated from a private key by <var>AppendCertificateRequest</var> is displayed in base64, then checked by <var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var>, then converted to string by <var>[[PemToString (Stringlist function)|PemToString]]</var>:
+In the following example, the certificate request that is generated from a private key by <var>AppendCertificateRequest</var> is displayed in base64, then checked by <var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var>, then converted to string by <var>[[PemToString (Stringlist function)|PemToString]]</var> and loaded to an <var>XmlDoc</var> by <var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var>:
 <p class="code">b
@@ Line 83: / Line 83: @@
 end text
-%rc = %sl:appendCertificaterequest(%pk)
+%rc = %sl:appendCertificaterequest(%pk, country='USA')
 print 'return code is ' %rc
 %sl:print
 %rc = %sl:CheckCertificateRequest(PrivateKey=%pk)
-print 'round trip return code is ' %rc
+print 'checkcert return code is ' %rc
 %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST')
@@ Line 105: / Line 105: @@
 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj
 e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI
 &#45;----END NEW CERTIFICATE REQUEST-----
-round trip return code is 0
+checkcert return code is 0
 <Sequence>
     <Sequence>
        <Integer>0</Integer>
        <Sequence/>
+         <Set>
+            <Sequence>
+               <ObjectIdentifier>2.5.4.6</ObjectIdentifier>
+               <PrintableString>USA</PrintableString>
+            </Sequence>
+         </Set>
        <Sequence>
           <Sequence>
              <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier>  <Null/>
           </Sequence>
-          <BitString bits="1104"> 30818702818100B51EF473FB925CBFE8DA94E2F5866766FF0144B64FF7912B1D8591D63B906497379C210476E34C01914801BAC62E6E24D904599F6-
+          <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6-
-FA5A8AA26A09A7F140621BC7DDAD0E7E69CD7E9E1CB2E117AEAAFDDD58BC435532C65A8B30D1511968ED1B6669536ADDDB7A6A7C19921DD7658A3B0AFF8CC9486A2-
+FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2-
-D88FFC451E082F020103</BitString>
+D88FFC451E082F020103
+         </BitString>
        </Sequence>
-       <ContextSpecific tag="0"/> </Sequence>
+       <ContextSpecific tag="0"/>
+   </Sequence>
     <Sequence>
        <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier>
        <Null/>
     </Sequence>
-    <BitString bits="1024"> 35ACB1696F680E795C883455ECE280C4A922E993B51514187480DC7DE5F1FEDBA3714B3F25A0D5DAF6312C09296D3D3A61003C67D0826C4DF8B4C49339231-
+    <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231-
-C691EBD4D0C963E4CBED9C5DE5B5D55B6C91D263E296F83ADD7918D4FF90223237BFE377D84E16F679AE09C927B3558EC051296CE7EE02D72C745775F5B3AEFB948
+C691EBD4D0C963E4 ... 45775F5B3AEFB948
     </BitString>
 </Sequence>    </p>
@@ Line 134: / Line 142: @@
 <li><var>[[AppendCertificateRequestInfo (Stringlist function)|AppendCertificateRequestInfo]]</var>
 <li><var>[[AppendClientCertificateRequest (Stringlist function)|AppendClientCertificateRequest]]</var>
+<li><var>[[AppendGeneratedPrivateKey (Stringlist function)|AppendGeneratedPrivateKey]]</var>
 <li><var>[[AppendPrivateKeyInfo (Stringlist function)|AppendPrivateKeyInfo]]</var>
 <li><var>[[AppendSignedCertificate (Stringlist function)|AppendSignedCertificate]]</var>

Stringlist class	List of Stringlist methods	Stringlist methods syntax
Notation conventions for methods