NPKIFindUserCertificates

Finds all of the certificates for the userDN that meets the search criteria, stores the certificates in context specific values, and returns the number of certificates that meet the search criteria (formerly NWPKIFindUserCertificates).

Syntax

    #include "npki.h"
    
    NWRCODE NPKIFindUserCertificates(
       const NPKIContext   context,
       const unicode       *userDN,
       const unicode       *nickName,
       const pnuint8        serialNumber,
       const nuint32        serialNumberLen,
       const nuint32        keyType,
       const nuint32        minKeySize,
       const nuint32        maxKeySize,
       const nuint32        searchOnKeyUsage,
       const nuint16        keyUsageValue,
       const unicode       *issuerDN,
       const unicode       *subjectDN,
       const nuint32        certificateValid, 
       const nuint32        vendorID,
       const nuint32        certificateStatus,
       void                *reserved1,
       void                *reserved2, 
       void                *reserved3,
       void                *reserved4,
       nuint32             *numberOfUserCerts);

Parameters

context
(IN) Specifies the NPKI context for the request.
userDN
(IN) Specifies the FDN of the user for which you want to find a certificate. userDN must be a valid user object in the current tree.
nickName
(IN) (Optional) Specifies the certificate nickname that identifies which user certificate is to be read. nickName must be either NULL or a valid certificate nickname for the specified user.
serialNumber
(IN) (Optional) Specifies the certificate serial number. serialNumber must be either NULL or the serial number of a certificate for the specified user. If serialNumber is specified, serialNumber also must be specified.
serialNumberLen
(IN) (Optional) Specifies the length of the field serialNumber parameter. If serialNumber is specified, serialNumber must be specified. If you don't specify serialNumber, set serialNumber to zero.
keyType
(IN) (Optional) Specifies the algorithm type used to generate the public/private key pair. Currently the only algorithm supported is RSA (PKI_RSA_ALGORITHM) (see Key Generation Algorithms Defines). If you don't specify keyType, set it to zero.
minKeySize
(IN) (Optional) Specifies the minimum key size of the public/private key pair. If you don't specify minKeySize. set it to zero.
maxKeySize
(IN) (Optional) Specifies the maximum key size of the public/private key pair. If you don't specify maxKeySize, set it to zero.
searchOnKeyUsage
(IN) (Optional) Specifies whether to search using the keyUsageValue parameter. This parameter is necessary because a value of zero is valid for the keyUsageValue parameter. Set searchOnKeyUsage to TRUE or FALSE.
keyUsageValue
(IN) (Optional) Specifies the X.509 certificate extension, Key Usage. keyUsage is a bit field, and can either be zero (that is, not present or not specified) or it can be constructed using any valid combination of the following defines:
  • X509_KEY_USAGE_DIGITAL_SIGNATURE
  • X509_KEY_USAGE_NON_REPUDIATION
  • X509_KEY_USAGE_KEY_ENCIPHERMENT
  • X509_KEY_USAGE_DATA_ENCIPHERMENT
  • X509_KEY_USAGE_KEY_AGREEMENT
  • X509_KEY_USAGE_KEY_CERT_SIGN
  • X509_KEY_USAGE_CRL_SIGN
  • X509_KEY_USAGE_ENCIPHER_ONLY
  • X509_KEY_USAGE_DECIPHER_ONLY
issuerDN
(IN) (Optional) Specifies the X.509 FDN typed of the CA that issued the certificate. If you don't specify issuerDN, set it to NULL.
subjectDN
(IN) (Optional) Specifies the X.509 typed FDN of the subject of the certificate. If you don't specify subjectDN, set it to NULL.
certificateValid
(IN) (Optional) Specifies a specific date on which the requested certificate is valid. The date is represented as the number of seconds since 00:00:00 UTC January 1, 1970. If you don't specify certificateValid, set it to zero.
vendorID
(IN) (Optional) Specifies the vendor that issued the certificate. This parameter can be used to narrow the search to certificates supplied by a specific vendor. If you don't specify vendorID, set it to zero or PKI_ALL_VENDORS.
certificateStatus
(IN) (Optional) Specifies the status of the certificates you want to find. This parameter can be used to narrow the search to certificates that have a specific status. If you don't specify certificateStatus, set it to zero.
reserved1
Reserved for future use.
reserved2
Reserved for future use.
reserved3
Reserved for future use.
reserved4
Reserved for future use.
numberOfUserCerts
(OUT) Returns the number of user certificates that meet the specified search criteria.

Return Values

Returns 0 if successful, or an eDirectory or PKI error code if not successful.

Remarks

Call NPKIUserCertInfo to access the certificates and their sizes.

If you specify nickName, the certificate matching the nickname is returned (assuming a valid nickname) and all other search parameters are ignored. For all other cases, the set of certificates match all of the search criteria. If no search criteria are specified, all certificates for the user are available.

For sample code, see FindUserCerts.

See Also

NPKICreateUserCertificate, NPKIStoreUserCertificate, NPKIUserCertInfo