API Reference | developer.brewmp.com API Reference | developer.brewmp.com

Developer

API Reference

ICERTPARSE

Brew Release
Brew MP 1.0.2
Description
This interface is used for parsing the fields out of a certificate.

This interface can also search certificate collections stored in an object that has an ICertBag or IxOpts interface.

Most of the fields found in common certificates are readily accessible in parsed form. It is also possible to fetch unparsed fields and do further parsing manually. For example, X.509 v3 extensions, the format of which is not handled here, can be fetched and parsed manually.

The X.509 parser is hand-coded to X.509v3. It is not based on a general ASN.1 parser. It does generate correct results from correct input. It does not verify every shred of ASN.1 (ASN.1 is a very redundant syntax and thus very large amounts of validation are possible). On incorrectly formatted ASN.1, it will never run off the end of the buffer and generally returns an error. In rare cases where a corrupt certificate is parsed, it does not catch the error and returns data as if it were valid, where a pedantic ASN.1 parser would catch the error and return no data.

Note that this parser has a minor obscure requirement that the signature at the end of the certificate be at least 4 bytes long or the certificate is considered invalid. It seems extremely unlikely that signatures as small as 32 bits will ever be secure, let alone be used.
Usage
None