API Reference | developer.brewmp.com API Reference | developer.brewmp.com

Developer

API Reference

IX509CHAIN_GETBASIC()

Brew Release
Brew MP 1.0.2
See Also
Error Codes IX509Chain IX509CHAIN_Verify
Description
Get basic and small fields in a certificate.
Params
pMe
[]:
the interface pointer.
nCertWebOpt
[]:
which WebOpt ID to get them from; either WEBOPT_X509_ROOT_CERT, or xxx_LEAF_CERT, or xxx_BRANCH_CERT, or xxx_CHAIN_CERT.
nCertIndex
[]:
the index of certificate of the given WebOpt ID/type.
pBasic
[]:
a place to put fields retrieved. The caller supplies the storage.
Interface
Prototype
  •     int IX509CHAIN_GetBasic
        (
          const IX509Chain *pMe, 
          int32 nCertWebOpt, 
          int32 nCertIndex, 
          X509BasicCert *pBasic
        );
    
Return
  • AEE_SUCCESS: the task is successful. AEE_EFAILED: couldn't find the certificate. AEE_X509_BAD_CERT: the certificate was NULL or can't be parsed. AEE_X509_UNKNOWN_KEY: the key type is unknown (not RSA). AEE_X509_BAD_KEY: the key can't be parsed. AEE_X509_BAD_VALIDITY: the validity dates were bad. AEE_X509_NO_CHAIN_YET: tried to get WEBOPT_X509_CHAIN_CERT before IX509CHAIN_Verify() was called or no leaf added.
    This returns only the first error encountered for the certificate; there may be multiple problems with any given certificate.
Side Effect
  • None
Comments
The X.509 parser is hand-coded to X.509v3. It is not based on a general ASN.1 parser. It will generate correct results from correct input. It will not verify every shred of ASN.1 (ASN.1 is a very redundant syntax and thus very large amounts of validation are possible). On incorrectly formatted ASN.1, it will never execute or run off the end of the buffer and will generally return an error. In rare cases it will return incorrect data where a pedantic ASN.1 parser would catch the error. The year-handling in the dates conforms to RFC 2549/3280. For digit years in GeneralizedTime are handled. Two digit years in UTCTime less than 50 are consider 2000 and above; greater than or equal to 50 are from 1950 up to 1999. The storage for the key has the lifetime of the IX509Chain or until the cert is removed from the chain. Note that this parser has a minor obscure requirement that the signature at the end of the certificate be at least 4 bytes long or the cert will be considered invalid.