NPKIFindUserCertificates
Finds all of the certificates for the userDN that
meets the search criteria, stores the certificates in context specific
values, and returns the number of certificates that meet the search
criteria (formerly NWPKIFindUserCertificates).
Syntax
#include "npki.h"
NWRCODE NPKIFindUserCertificates(
const NPKIContext context,
const unicode *userDN,
const unicode *nickName,
const pnuint8 serialNumber,
const nuint32 serialNumberLen,
const nuint32 keyType,
const nuint32 minKeySize,
const nuint32 maxKeySize,
const nuint32 searchOnKeyUsage,
const nuint16 keyUsageValue,
const unicode *issuerDN,
const unicode *subjectDN,
const nuint32 certificateValid,
const nuint32 vendorID,
const nuint32 certificateStatus,
void *reserved1,
void *reserved2,
void *reserved3,
void *reserved4,
nuint32 *numberOfUserCerts);
Parameters
- context
- (IN) Specifies the NPKI context for the request.
- userDN
- (IN) Specifies the FDN of the user for which you
want to find a certificate. userDN must be a valid
user object in the current tree.
- nickName
- (IN) (Optional) Specifies the certificate nickname
that identifies which user certificate is to be read. nickName must
be either NULL or a valid certificate nickname for the specified
user.
- serialNumber
- (IN) (Optional) Specifies the certificate serial
number. serialNumber must be either NULL or the
serial number of a certificate for the specified user. If serialNumber is
specified, serialNumber also must be specified.
- serialNumberLen
- (IN) (Optional) Specifies the length of the field serialNumber parameter.
If serialNumber is specified, serialNumber must
be specified. If you don't specify serialNumber,
set serialNumber to zero.
- keyType
- (IN) (Optional) Specifies the algorithm type used
to generate the public/private key pair. Currently the
only algorithm supported is RSA (PKI_RSA_ALGORITHM)
(see Key Generation Algorithms Defines). If
you don't specify keyType, set it to zero.
- minKeySize
- (IN) (Optional) Specifies the minimum key size of
the public/private key pair. If you don't specify minKeySize.
set it to zero.
- maxKeySize
- (IN) (Optional) Specifies the maximum key size of
the public/private key pair. If you don't specify maxKeySize,
set it to zero.
- searchOnKeyUsage
- (IN) (Optional) Specifies whether to search using
the keyUsageValue parameter. This parameter is
necessary because a value of zero is valid for the keyUsageValue parameter. Set searchOnKeyUsage to
TRUE or FALSE.
- keyUsageValue
- (IN) (Optional) Specifies the X.509 certificate
extension, Key Usage. keyUsage is a bit field, and
can either be zero (that is, not present or not specified) or it
can be constructed using any valid combination of the following
defines:
- X509_KEY_USAGE_DIGITAL_SIGNATURE
- X509_KEY_USAGE_NON_REPUDIATION
- X509_KEY_USAGE_KEY_ENCIPHERMENT
- X509_KEY_USAGE_DATA_ENCIPHERMENT
- X509_KEY_USAGE_KEY_AGREEMENT
- X509_KEY_USAGE_KEY_CERT_SIGN
- X509_KEY_USAGE_CRL_SIGN
- X509_KEY_USAGE_ENCIPHER_ONLY
- X509_KEY_USAGE_DECIPHER_ONLY
- issuerDN
- (IN) (Optional) Specifies the X.509 FDN typed of
the CA that issued the certificate. If you don't specify issuerDN,
set it to NULL.
- subjectDN
- (IN) (Optional) Specifies the X.509 typed FDN of
the subject of the certificate. If you don't specify subjectDN,
set it to NULL.
- certificateValid
- (IN) (Optional) Specifies a specific date on which
the requested certificate is valid. The date is represented as the
number of seconds since 00:00:00 UTC January 1, 1970. If you don't
specify certificateValid, set it to zero.
- vendorID
- (IN) (Optional) Specifies the vendor that issued
the certificate. This parameter can be used to narrow the search
to certificates supplied by a specific vendor. If you don't specify vendorID, set
it to zero or PKI_ALL_VENDORS.
- certificateStatus
- (IN) (Optional) Specifies the status of the certificates
you want to find. This parameter can be used to narrow the search
to certificates that have a specific status. If you don't specify certificateStatus,
set it to zero.
- reserved1
- Reserved for future use.
- reserved2
- Reserved for future use.
- reserved3
- Reserved for future use.
- reserved4
- Reserved for future use.
- numberOfUserCerts
- (OUT) Returns the number of user certificates that
meet the specified search criteria.
Return Values
Returns 0 if successful, or an eDirectory or PKI error code
if not successful.
Remarks
Call NPKIUserCertInfo to
access the certificates and their sizes.
If you specify nickName, the certificate
matching the nickname is returned (assuming a valid nickname) and
all other search parameters are ignored. For all other cases, the
set of certificates match all of the search criteria. If no search
criteria are specified, all certificates for the user are available.
For sample code, see FindUserCerts.