NPKIGetCACertificates

Reads the CA certificates for objectDN and stores them in context specific values (formerly NWPKIGetCACertificates).

Syntax

    #include "npki.h"
    
    NWRCODE NPKIGetCACertificates(
       const NPKIContext    context, 
       const unicode       *objectDN,
       const nuint32        flags,
       pnuint32             objectCertSize,
       nuint8 const       **objectCert,
       pnuint32             selfSignedCertSize,
       nuint8 const       **selfSignedCert,
       pnuint32             numberOfChainCerts,
       pnuint32             rootCertIndex,
       void                *reserved1,
       void                *reserved2);

Parameters

context
(IN) Specifies the NPKI context for the request.
objectDN
(IN) Specifies the FDN of the object whose CA certificates you want. objectDN must be a valid CA object in the current tree.
flags
(IN) Specifies which certificates are read and stored. The following flags are currently defined:
  • PKI_CHAIN_CERTIFICATE—Retrieves the certificate chain (that is, the chain rooted in the Novell Certifier CA). Only software that natively understands and processes the Novell Security Attributes Extension should use this chain.
  • PKI_TRUSTED_ROOT_CERTIFICATE—Retrieves the trusted root certificate. Only software that natively understands and processes the Novell Security Attributes Extension should use this certificate.
  • PKI_SELF_SIGNED_CERTIFICATE—Retrieves the self-signed certificate.

    NOTE:Most applications should use this certificate.

  • PKI_OBJECT_KEY_CERTIFICATE—Retrieves the object certificate (that is, the certificate for the specified object). Only software that natively understands and processes the Novell Security Attributes Extension should use this certificate.

PKI_OBJECT_KEY_CERTIFICATE can be combined with any of the other flags, but none of the other flags can be used together at one time. Also, NPKIGetServerCertificates and NPKIGetCACertificates use the same internal variables to store results, so calling either of these functions destroys the result of the previous call.

objectCertSize
(OUT) Returns the size of the object certificate.
objectCert
(OUT) Returns to the DER encoder X.509 object certificate.
selfSignedCertSize
(OUT) Returns the size of the self-signed certificate.
selfSignedCert
(OUT) Returns to the DER-encoded X.509 self-signed certificate.
numberOfChainCerts
(OUT) Returns the number of certificates in the certificate chain. You can call NPKIChainCertInfo to retrieve the certificates in the certificate chain.
rootCertIndex
(OUT) Returns which certificate in the certificate chain is marked as the root certificate.
reserved1
Reserved for future use.
reserved2
Reserved for future use.

Return Values

Returns 0 if successful, or an eDirectory, PKI, or NetWare® error code if not successful.

PKI NCP Calls

0x2222 93 05 PKI Get Certificate

Remarks

The flags field determines which certificates are read. For sample code, see GetCACert.

See Also

NPKIChainCertInfo, NPKIFindOrganizationalCA