api-reference/nanocert/a00545_source.html

 /*
  * pkcs10.h
  *
  * PKCS #10 Header
  *
  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
  * Proprietary and Confidential Material.
  *
  */

 /*------------------------------------------------------------------*/

 #ifndef __PKCS10_HEADER__
 #define __PKCS10_HEADER__

 #ifdef __cplusplus
 extern "C" {
 #endif


 #ifdef __ENABLE_MOCANA_PKCS10__

 /* PKCS#10 certificate request attributes as defined in PKCS#9 */
 typedef struct requestAttributes
 {
     sbyte*      pChallengePwd;             /* ChallengePassword */
     ubyte4      challengePwdLength;

     certExtensions *pExtensions;
 } requestAttributes;

 /* This holds a P10 cert request attribute.
  * An attribute consists of an OID and data. It is encoded as follows:
  *   SEQ {
  *     OID,
  *     SET OF
  *       ANY }
  * There can be many attribute values for each OID.
  * At the moment, we don't support multiple values for an attribute.
  * The actual data can be ANY. It might be a SEQUENCE of some group of elements,
  * it could be an OCTET STRING.
  * When you set the value field, you should set it to a buffer containing the DER
  * encoding of the "ANY". For example, if you are adding the Microsoft
  * EnrollmentNameValuePair, and the pair is "CertificateTemplate" and "User",
  * then the value will be
  *   30 32
  *      1e 26 <Unicode String of CertificateTemplate>
  *      1e 08 <Unicode String of User>
  * and the valueLen will be 52.
  * The OID can be one of the *_OID values defined in /mss/src/asn1/oiddefs.h, or
  * it can be your own buffer if the attribute OID is not defined in Mocana's
  * code. The format of the OID is <len || OID>. That is, build a buffer, set the
  * first byte to be the length and then the next length bytes to be the actual
  * OID. For example, the subjectAltName OID would be { 3, 0x55, 0x1D, 0x11 }, or
  * the Microsoft EnrollmentNameValuePair would be
  * { 10, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0D, 0x01, 0x01 }
  * Because the first byte is the length, you don't need to specify the length
  * searately, and that's why there is no oidLen field.
  */
 typedef struct MocRequestAttr
 {
   ubyte   *oid;
   ubyte   *pValue;
   ubyte4   valueLen;
 } MocRequestAttr;

 /* This is the same as requestAttributes, except it is extended.
  * It contains a field for other attributes, just as the certExtensions struct
  * contains a field for other extensions.
  * If there are no other attributes, set pOtherAttrs to NULL and set
  * otherAttrCount to 0. Otherwise, create an array of MocRequestAttr, set the
  * fields in each entry to that array, and set pOtherAttrs to that array and
  * otherAttrCount to the number of entries in the array.
  */
 typedef struct requestAttributesEx
 {
   sbyte           *pChallengePwd;
   ubyte4           challengePwdLength;

   certExtensions  *pExtensions;

   MocRequestAttr  *pOtherAttrs;
   ubyte4           otherAttrCount;
 } requestAttributesEx;

 /* outbound CSR BER encoded use FREE to delete */

 MOC_EXTERN MSTATUS PKCS10_GenerateCertReqFromDN(AsymmetricKey* pKey,
                                                 ubyte signAlgo,
                                                 const certDistinguishedName *pCertInfo,
                                                 const requestAttributes *pReqAttrs, /* can be null */
                                                 ubyte** ppCertReq,
                                                 ubyte4* pCertReqLength);

 MOC_EXTERN MSTATUS PKCS10_GenerateCertReqFromASN1Name(AsymmetricKey* pKey,
                                                       ubyte signAlgo,
                                                       const ubyte* pASN1Name,
                                                       ubyte4 asn1NameLen,
                                                       const requestAttributes *pReqAttrs, /* can be null */
                                                       ubyte** ppCertReq,
                                                       ubyte4* pCertReqLength);

 MOC_EXTERN MSTATUS PKCS10_CertReqToCSR( const ubyte* pCertReq, ubyte4 pCertReqLength,
                                        ubyte** ppCsr, ubyte4* pCsrLength);

 MOC_EXTERN MSTATUS PKCS10_GenerateCertReqFromDNEx (
   AsymmetricKey* pKey,
   ubyte signAlgo,
   const certDistinguishedName *pCertInfo,
   const requestAttributesEx *pReqAttrs, /* can be null */
   ubyte** ppCertReq,
   ubyte4* pCertReqLength
   );

 #endif /* __ENABLE_MOCANA_PKCS10__ */

 #ifdef __cplusplus
 }
 #endif

 #endif /* __PKCS10_HEADER__ */
PKCS10_GenerateCertReqFromDN
MOC_EXTERN MSTATUS PKCS10_GenerateCertReqFromDN(AsymmetricKey *pKey, ubyte signAlgo, const certDistinguishedName *pCertInfo, const requestAttributes *pReqAttrs, ubyte **ppCertReq, ubyte4 *pCertReqLength)
Generate a DER-encoded PKCS&#160;#10 certificate request for a given distinguished name.

PKCS10_CertReqToCSR
MOC_EXTERN MSTATUS PKCS10_CertReqToCSR(const ubyte *pCertReq, ubyte4 pCertReqLength, ubyte **ppCsr, ubyte4 *pCsrLength)
Generate a text representation of a DER-encoded certificate request.

certDistinguishedName
Distinguished name data (names and start/end dates) to support certificate generation.
Definition: ca_mgmt.h:424

certExtensions
Container for a certificate&#39;s version 3 extensions.
Definition: ca_mgmt.h:560

PKCS10_GenerateCertReqFromASN1Name
MOC_EXTERN MSTATUS PKCS10_GenerateCertReqFromASN1Name(AsymmetricKey *pKey, ubyte signAlgo, const ubyte *pASN1Name, ubyte4 asn1NameLen, const requestAttributes *pReqAttrs, ubyte **ppCertReq, ubyte4 *pCertReqLength)
Generate a DER-encoded PKCS&#160;#10 certificate request for a given ASN.1 name.

PKCS10_GenerateCertReqFromDNEx
MOC_EXTERN MSTATUS PKCS10_GenerateCertReqFromDNEx(AsymmetricKey *pKey, ubyte signAlgo, const certDistinguishedName *pCertInfo, const requestAttributesEx *pReqAttrs, ubyte **ppCertReq, ubyte4 *pCertReqLength)
This is the same as PKCS10_GenerateCertReqFromDN, except that it takes a requestAttributesEx.