SFBCertParse

Wrapper Class for the ICertParse interface.

#include <SFBCertParse.h.hpp>

class SFBCertParse : public SFBParameters1;

SFMTYPEDEFWRAPPER(SFBCertParse)

Inheritance diagram

Version

BREW 2.0	BREW 2.1	BREW 3.1	BREW 4.0
X	X	X	O

Reference

BREW API ICertParse

Member

Public Functions
`Void`	Find( `SFBxOptsSmpConstRef` opts , `CertDataIssuerAndSerial const *` IssuerAndSerial , `SInt32Ptr` certXOpt , `SInt32Ptr` certIndex ) This function searches collections of certificates by subject, issuer and/or serial number
`SFCError`	GetBasic( `CertDataBasic *` basic ) Get basic and small fields in a certificate
`SFCError`	GetBasicEfficiently( `CertDataBasic *` basic ) Get basic and small fields in a certificate except TrustOverrideID.
`SFCError`	GetField( `SInt32` id , `UInt08ConstHandle` field , `SInt32Ptr` len ) This function gets a field out of an X.509 certificate.
`SFCError`	GetFieldPart( `CertDataPartRequest const ` req , `CertDataCertPart ` part ) This function gets individual X.509 v3 extensions or parts out of the subject or issuer DN.
`SFCError`	GetPubKeyParameters( `SFBParametersPtr` param ) This function gets the public key out of the certificate
`SFCError`	GetStruct( `SInt32` id , `VoidPtr` pStruct , `SInt32` size ) Get a structure or data blob from a parsed certificate.
`SFCError`	GetStruct( `SInt32` id , `SFXBufferPtr` buf ) Get a structure or data blob from a parsed certificate.
static `SFBCertParseSmp`	NewInstance( `SFCErrorPtr` exception = null ) Create a new SFBCertParse instance.
static `SFBCertParseSmp`	NewInstance( `AEECLSID` id , `SFCErrorPtr` exception = null ) Create a new SFBCertParse instance.
`Void`	SetASN1OIDMap( `ASN1OIDMap const *` map ) Add additional mapping from OID to ASN1OIDs
`SFCError`	SetCert( `UInt08ConstPtr` certificate , `SInt32` len ) Set the certificate to be parsed
`SFCError`	SetCertByOpt( `SFBxOptsSmpConstRef` opts , `SInt32` id , `SInt32` index ) Set the certificate with an SFBxOpt containing the cert.
`SFCError`	SetParam( `SInt32` id , `VoidConstPtr` data , `UInt32` length ) (inherits from SFBParameters1) This method sets a parameter value.
`SFCError`	SetParam( `SInt32` id , `SFXBufferConstRef` data ) (inherits from SFBParameters1) This method sets a parameter value.
`SFCError`	SetParam( `SInt32` id , `SFXAnsiStringConstRef` data ) (inherits from SFBParameters1) This method sets a parameter value.

SFBCertParse::Find

This function searches collections of certificates by subject, issuer and/or serial number

[ public ]
Void Find(
    SFBxOptsSmpConstRef opts                          // opts to search or NULL 
    CertDataIssuerAndSerial const * IssuerAndSerial   // Issuer and/or serial number to search for 
    SInt32Ptr certXOpt                                // xOpt type (cert type) of cert found 
    SInt32Ptr certIndex                               // index of cert found 
);

Return value

AEE_SUCCESS: certificate was found
AEE_EFAILED: no certificate found
AEE_EBADPARAM: if any of the parameters are NULL

Description

The xOpt type and index returned are valid only until options (certs) are added to or removed from the collection.

The search can be by issuer, by serial number or both. To not search by issuer or serial, set the associated pointer in pstIssuerAndSerial to NULL.

The options searched include any sub IxOpts objects that have been added as XOPT_DEFAULTS. First options of type/id CERTDATAOPT_ROOT_CERTS are searched, then CERTDATAOPT_BRANCH_CERTS and finally CERTDATAOPT_LEAF_CERT.

If the search is successful the certificate found is set as the one being parsed. This overrides any cert set by ICertParse_SetCert() or ICertParse_SetCertByOpt().

Reference

BREW API ICertParse_Find

SFBCertParse::GetBasic

Get basic and small fields in a certificate

[ public ]
SFCError GetBasic(
    CertDataBasic * basic   // Place to put fields retrieved. Caller supplies the storage
);

Return value

AEE_SUCCESS: Fetched basic details about the certificate
AEE_EFAILED: No certificate set
AEESEC_X509_BAD_CERT: The certificate was NULL or can't be parsed
CERTDATA_BAD_FORMAT: The certificate was in bad format
AEESEC_X509_BAD_VALIDITY: The validity dates were bad

This returns only the first error encountered for the certificate; there may be multiple problems with any given certificate.

Description

The year handling in the dates conforms to RFC 2549/3280. Four digit years in GeneralizedTime are handled. Two digit years in UTCTime less than 50 are consider 2000 and above; years greater than or equal to 50 are mapped from 1950 up to 1999.

Reference

BREW API ICertParse_GetBasic

SFBCertParse::GetBasicEfficiently

Get basic and small fields in a certificate except TrustOverrideID.

[ public ]
SFCError GetBasicEfficiently(
    CertDataBasic * basic   // place to put fields retrieved. Caller supplies the storage
);

Reference

BREW API ICertParse_GetBasic_Efficiently | SFBCertParse::GetBasic

SFBCertParse::GetField

This function gets a field out of an X.509 certificate.

[ public ]
SFCError GetField(
    SInt32 id                 // ID
    UInt08ConstHandle field   // Place to put pointer to field 
    SInt32Ptr len             // Place to put length of field 
);

Return value

AEE_SUCCESS; Certificate field was successfully returned
AEE_EFAILED: No certificate set
AEESEC_X509_BAD_CERT: the certificate was NULL or can't be parsed
AEE_EBADPARAM: requested non-existent field

Description

This allows fetching most of the fields in a certificate. In most cases the part is unparsed. For example the ASN.1 DER encoding of the date, subject or key is returned unparsed. The serial number is parsed and just the actual serial number is returned.

Reference

BREW API ICertParse_GetField | SFBCertParse::GetFieldPart

SFBCertParse::GetFieldPart

This function gets individual X.509 v3 extensions or parts out of the subject or issuer DN.

[ public ]
SFCError GetFieldPart(
    CertDataPartRequest const * req   // The description of the request 
    CertDataCertPart * part           // Filled in with the response. 
);

Return value

AEE_SUCCESS: Field part was returned
AEE_EFAILED: No certificate set
AEESEC_X509_BAD_CERT: the certificate was NULL or can't be parsed
AEE_EBADPARM: asked for a field that we don't know about
AEESEC_X509_NO_PART: could not find an instance of OID requested

Description

While certificate extensions and subject and issuer parts aren't semantically related, they are similar enough in structure that this same function is used to get them.

Reference

BREW API ICertParse_GetField | SFBCertParse::GetField

SFBCertParse::GetPubKeyParameters

This function gets the public key out of the certificate

[ public ]
SFCError GetPubKeyParameters(
    SFBParametersPtr param   // Place to store the public key parameters 
);

Return value

AEE_SUCCESS: pub key was returned
AEE_EFAILED: No certificate set
AEESEC_X509_BAD_CERT: certificate parsed incorrectly
AEESEC_X509_BAD_KEY: key can't be parsed out
AEESEC_X509_UNKNOWN_KEY: key isn't of a known format
AEE_EBADPARM: NULL was passed in for piPubKeyParms

Reference

BREW API ICertParse_GetPubKeyParameters

SFBCertParse::GetStruct

Get a structure or data blob from a parsed certificate.

[ public ]
SFCError GetStruct(
    SInt32 id         // Identifies which structure to fetch
    VoidPtr pStruct   // Pointer to memory into which struct is copied 
    SInt32 size       // Size of the block of memory pointed to by pStruct 
);

[ public ]
SFCError GetStruct(
    SInt32 id          // Identifies which structure to fetch
    SFXBufferPtr buf   // Pointer to memory into which struct is copied 
);

Return value

AEE_SUCCESS: Fetched basic details about the certificate
AEE_EFAILED: No certificate set
AEESEC_X509_BAD_CERT: The certificate was NULL or can't be parsed
AEESEC_X509_BAD_VALIDITY: The validity dates were bad
AEE_ENOMEMORY: Out of memory
AEE_EBADPARM: nStructID refers to structure that is not known, nStructSize is too small, or possibly the hash requested is not supported
AEE_ECLASSNOTSUPPORT: Hash requested is not available

This returns only the first error encountered for the certificate; there may be multiple problems with any given certificate.

Description

Returns data about a certificate by copying it into the buffer or structure provided by the caller. The parameter nStructID identifies what is copied. This contrasts to SFBCertParse::GetField which returns a pointer to the certificate stored internally and thereby has a more complicated and limited lifetime.

Reference

BREW API ICertParse_GetStruct

SFBCertParse::NewInstance

Create a new SFBCertParse instance.

[ public, static ]
SFBCertParseSmp NewInstance(
    SFCErrorPtr exception = null   // Error
);

[ public, static ]
SFBCertParseSmp NewInstance(
    AEECLSID id                    // Class ID
    SFCErrorPtr exception = null   // Error
);

SFBCertParse::SetASN1OIDMap

Add additional mapping from OID to ASN1OIDs

[ public ]
Void SetASN1OIDMap(
    ASN1OIDMap const * map   // The translation map 
);

Description

This adds to the map for this instance of ICertParse.

Reference

BREW API ICertParse_SetASN1OIDMap

SFBCertParse::SetCert

Set the certificate to be parsed

[ public ]
SFCError SetCert(
    UInt08ConstPtr certificate   // Pointer to a DER encoded X.509 certificate 
    SInt32 len                   // Length of the buffer pointed to by certificate 
);

Return value

AEE_SUCCESS: Certificate set successfully
AEE_EFAILED: pCert is NULL or nCertLen is empty
AEESEC_X509_BAD_CERT: error parsing the cert

Description

Sets the certificate to be parsed.

Reference

BREW API ICertParse_SetCert

SFBCertParse::SetCertByOpt

Set the certificate with an SFBxOpt containing the cert.

[ public ]
SFCError SetCertByOpt(
    SFBxOptsSmpConstRef opts   // An object with SFBxOpts interface to search for certs 
    SInt32 id                  // The option ID to search for (usually the cert type) 
    SInt32 index               // The index or instance of the cert to set for parsing 
);

Return value

AEE_SUCCESS: Certificate successfully set
AEE_EFAILED: nOptID and nIndex couldn't be found in piCerts
AEESEC_X509_BAD_CERT: error parsing the certificate

Description

Sets the certificate to be parsed.

Reference

BREW API ICERTPARSE_SetCertXOpt