API Reference | developer.brewmp.com API Reference | developer.brewmp.com

Developer

API Reference

IX509CHAIN_GETFIELD()

Brew Release
Brew MP 1.0.2
See Also
Error Codes IX509Chain IX509CHAIN_GetFieldPart IX509CHAIN_GetRSAKey IX509CHAIN_Verify
Description
This function gets a field out of an X.509 certificate.
Params
pMe
[]:
the interface pointer
nCertWebOpt
[]:
which WebOpt ID set to get them from; either WEBOPT_X509_ROOT_CERT, or xxx_LEAF_CERT, or xxx_BRANCH_CERT.
nCertIndex
[]:
the index of certificate of the given WebOpt ID/type.
nField
[]:
which field in the certificate to get. One of X509CHAIN_FIELD_*.
ppcField
[]:
place to put pointer to the field.
puFieldLen
[]:
length of field.
Interface
  • IX509CHAIN
Prototype
  •     int IX509CHAIN_GetField
        (
          const IX509Chain *pMe, 
          int32 nCertWebOpt, 
          int32 nCertIndex, 
          int nField, 
          const uint8 **ppcField, 
          uint32 *puFieldLen
        );
    
Return
  • AEE_SUCCESS: if task is successful. AEE_EFAILED: couldn't find the certificate. AEE_X509_BAD_CERT: the certificate was NULL or can't be parsed. AEE_ECLASSNOTSUPPORT: don't have the hash function for the hash requested. AEE_ENOMEMORY: out of memory (couldn't instantiate hash function). AEE_EBADPARM: requested a non-existant field. AEE_X509_NO_CHAIN_YET: tried to get WEBOPT_X509_CHAIN_CERT before IX509CHAIN_Verify() was called successfuly.
Side Effect
  • None
Comments
This allows fetching most of the fields in a certificate. In most cases the part is unparsed. For example the ASN.1 DER encoding of the date, subject or key would be returned unparsed. The serial number is parsed and just the actual serial number is returned. The storage for the field has the lifetime of the IX509Chain or until the WebOpt storing the certificate is removed. This function can also return the MD5 or SHA1 hash over the entire cert. The following constants passed in the nField parameter specify which parts can be fetched: X509CHAIN_FIELD_RAW_CERT The full unparsed cert just as it was added. ~ X509CHAIN_FIELD_SIGNED The unparsed signed part of the cert. ~ X509CHAIN_FIELD_SERIAL The parsed-out serial number. ~ X509CHAIN_FIELD_SIG_TYPE The unparsed signature type. This is available in parsed form in X509BasicCert. ~ X509CHAIN_FIELD_ISSUER The unparsed Issuer DN. Use IX509CHAIN_GetFieldPart() to get this in parsed form. ~ X509CHAIN_FIELD_VALIDITY Unparsed validity dates; This is available in parsed form in X509BasicCert. ~ X509CHAIN_FIELD_SUBJECT The unparsed Subject DN. Use IX509CHAIN_GetFieldPart() to get this in parsed form. ~ X509CHAIN_FIELD_PUBKEY Unparsed public key; Use IX509CHAIN_GetRSAKey() or X509BasicCert for parsed key. ~ X509CHAIN_FIELD_EXTENSIONS The whole unprocessed extension block. ~ X509CHAIN_FIELD_SIGN_ALG Unparsed second instance of SIG_TYPE. ~ X509CHAIN_FIELD_SIGNATURE Unparsed signature by the isser over the cert. ~ X509CHAIN_FIELD_MD5HASH The MD5 hash over the entire cert. ~ X509CHAIN_FIELD_SHAHASH The SHA hash over the entire cert.