Syntax

   #include "NPKIT_x509.h"
   
   NWRCODE NPKIT_x509DecodeCertificate
   (
      NPKIT_x509Context     context,
      const nuint8         *certificate,
      const nuint32         certificateLen,
      nuint8 const        **unsignedCertificate,
      pnuint32              unsignedCertificateLen,
      nuint8 const        **signature,
      pnuint32              signatureLen,
      nuint8 const        **serialNumber,
      pnuint32              serialNumberLen,
      nuint8 const        **keyModulus,
      pnuint32              keyModulusLen,
      nuint8 const        **keyExponent,
      pnuint32              keyExponentLen,
      unicode const       **publicKeyAlgorithmOID,
      unicode const       **signatureKeyAlgorithmOID,
      unicode const       **subjectName,
      unicode const       **issuerName,
      struct tm const     **startDate,
      struct tm const     **endDate,
      time_t const        **startTime,
      time_t const        **endTime,
      pnuint32              numberOfExtensions
      pnuint32              version
      pnuint32              keySize
   );
   

Parameters

context

(IN) Specifies the NPKIT_x509 context handle for the request. This is a nuint32 value.

certificate

(IN) Points to the DER encoded X.509 certificate you want to be ASN.1 decoded.

certificateLen

(IN) Specifies the size of the certificate.

unsignedCertificate

(OUT) Points to the unsigned certificate. This is a pointer to the start of the tbsCertificate field of the ASN.1 object Certificate. (The unsigned portion of the certificate should be used along with the signature to validate that the data in the certificate has not been modified or corrupted.)

unsignedCertificateLen

(OUT) Specifies the ASN.1 encoded value for the size of unsignedCertificate This is the size of the data returned in unsignedCertificate (that is, the size of the tbsCertificate field of the ASN.1 object Certificate).

signature

(OUT) Points to the start of the signatureValue field of the ASN.1 object Certificate. The unsigned portion of the certificate should be used along with the signature to validate that the data in the certificate has not been modified or corrupted.

signatureLen

(OUT) Specifies the ASN.1 encoded value for the size of signature. This is the size of the data returned in signature (that is, the size of the signatureValue field in the ASN.1 object Certificate).

serialNumber

(OUT) Points to the serial number.

serialNumberLen

(OUT) Specifies the length of serialNumber.

keyModulus

(OUT) Points to the key modulus.

keyModulusLen

(OUT) Specifies the length of keyModulus.

keyExponent

(OUT) Points to the key exponent.

keyExponentLen

(OUT) Specifies the length of keyExponent.

publicKeyAlgorithmOID

(OUT) Points to a Unicode string that contains a human-readable representation of the public key algorithm OID (for example, {1 2 840 113549 1 1 1}).

signatureKeyAlgorithmOID

(OUT) Points to a Unicode string that contains a human-readable representation of the signature key algorithm OID (for example, {1 2 840 113549 1 1 5}).

subjectName

(OUT) Points to a Unicode string representing the subject name.

issuerName

(OUT) Points to a Unicode string representing the issuer name.

startDate

(OUT) Points to a struct tm representation of the validFrom portion of the Validity. The time is in UTC standard time.

endDate

(OUT) Points to a struct tm representation of the validTo portion of the Validity. The time is in UTC standard time.

startTime

(OUT) Points to a time_t representation of the validFrom portion of the Validity. This time is represented as the number of seconds since 00:00:00 UTC January 1, 1970.

endTime

(OUT) Points to a time_t representation of the validTo portion of the Validity. This time is represented as the number of seconds since 00:00:00 UTC January 1, 1970.

numberOfExtensions

(OUT) Specifies the number of extensions encoded in the certificate.

version

(OUT) Specifies the version of the certificate.

keySize

(OUT) Specifies the key size of the public key in the certificate.

Return Values

Returns 0 if successful or a PKI error code if not successful. For a listing of NPKIT error codes, see Certificate Server Error Code Constants.

Remarks

After calling this function successfully, iterative calls to NPKIT_x509GetExtensionData can be made to retrieve the ASN.1 encoded certificate extensions. Also, if the corresponding extensions exist in the certificate, you can call the following functions to get the decoded specifics about the extension:

• NPKIT_x509BasicConstraintsInfo
• NPKIT_x509SubjectAltNamesInfo
• NPKIT_x509IssuerAltNamesInfo
• NPKIT_x509KeyUsageInfo
• NPKIT_x509CRLDistributionPointsInfo
• NPKIT_x509NovellExtensionInfo

See Also

NPKIT_x509BasicConstraintsInfo, NPKIT_x509CRLDistributionPointsInfo, NPKIT_x509GetExtensionData, NPKIT_x509IssuerAltNamesInfo, NPKIT_x509KeyUsageInfo, NPKIT_x509NovellExtensionInfo, NPKIT_x509SubjectAltNamesInfo