CMC Extensions

Extensions are included in a CMC request by adding them to the TaggedAttributes structure shown in the following ASN.1 syntax example. For more information, see the Attributes topic.

CmcData ::= SEQUENCE 
{
   controlSequence         ControlSequence,
   reqSequence             ReqSequence,
   cmsSequence             CmsSequence,
   otherMsgSequence        OtherMsgSequence
}


ControlSequence  ::=    SEQUENCE OF TaggedAttribute

TaggedAttribute ::= SEQUENCE 
{
   bodyPartID              BodyPartID,
   type                    EncodedObjectID,
   values                  AttributeSetValue
}

BodyPartID ::= INTEGER (0..4294967295)
EncodedObjectID ::= OBJECT IDENTIFIER
AttributeSetValue ::= SET OF ANY

Each structure in the TaggedAttributes collection contains an integer ID, an ASN.1 object identifier (OID), and a set of values. Extensions are incorporated into a request by adding a CmcAddExtensions structure to the values field. The ASN.1 structure syntax is shown in the following example. The object identifier is XCN_OID_CMC_ADD_EXTENSIONS (1.3.6.1.5.5.7.7.8).

CmcAddExtensions ::= SEQUENCE 
{
   pkiDataReference        BodyPartID,
   certReferences          BodyPartIDSequence,
   extensions              Extensions
}

Extensions ::= SEQUENCE OF Extension

Extension ::= SEQUENCE 
{
   extnId              EncodedObjectID,
   critical            BOOLEAN DEFAULT FALSE,
   extnValue           OCTETSTRING
}

The following procedure discusses how to use the Certificate Enrollment API to add extensions to a CMC certificate request.

To use the Certificate Enrollment API to add extensions to a CMC certificate request

1. Create an extension by using any of the available interfaces that derive from the IX509Extension interface or use the IX509Extension object directly to create custom extensions.
2. Call the X509Extensions property on the IX509CertificateRequestCmc object to retrieve an IX509Extensions collection.
3. Add the extensions created in step 1 to the IX509Extensions collection.
4. Call Enroll to automatically perform the following actions:
   • Retrieve an ICryptAttributes object from the IX509CertificateRequestCmc object.
   • Create and initialize an IX509AttributeExtensions object by using the IX509Extensions collection retrieved in step 2.
   • Create an IX509Attributes collection and add the IX509AttributeExtensions object to it.
   • Use the IX509Attributes collection to initialize an ICryptAttribute object.
   • Add the ICryptAttribute object to the ICryptAttributes collection.

Related topics

Attributes

Attribute Architecture

CMC Attributes

Extensions