API Reference | developer.brewmp.com API Reference | developer.brewmp.com

Developer

API Reference

CERTDATAOPT

Brew Release
Brew MP 1.0.2
See Also
ICertBag_AddOpt ICertBag_AddCert ICertChain_Verify
Description
ICertBag and ICertChain work with an X.509 certificate stored as IxOpts. Defined here are the particular ID's for root, branch and leaf certificates. The IDs are:
   CERTDATAOPT_ROOT_CERTS   Indicates this is a trusted root cert

   CERTDATAOPT_BRANCH_CERTS These are intermediate certs that might be
                            used to complete the chain from the leaf
                            to the root.

   CERTDATAOPT_LEAF_CERT    ICertChain_Verify uses the 0th leaf certificate as the
                            one to be verified and builds the chain up from there
                            towards the root.
Comments
Note that you can add the same cert multiple times as different types. When completing a cert chain, the root certs are searched first, then the branch certs. See documentation on ICertChain_Verify() to understand how the certs are used in completing the chain. Another way to add certificates so they are accessible to be parsed individually or to be used as part of chain in a verify operation is to put them in another ICertBag or IxOpts object and add that object as a default to an instance of ICertBag. (add the interface pointer as type XOPT_DEFAULTS). Further, the IxOpts object added doesn't necessarily have to implement all of IxOpts. The implementation can be extremely simple. Only the IxOpts_GetOpt() and IxOpts_AddOpt() functions are called. A read-only implementation for IxOpts_AddOpt() need only indicate success for the single xOpt id XOPT_COPYOPTS (no actual copy is necessary). This can be used to connect up ICertBag to an external certificate store.