RSA Security logo

RSA BSAFE Cert-C
API Reference

certext.h File Reference

This file defines the Cert-C certificate extension API and data types.

#include "basetype.h"
#include "certlist.h"
#include "certattr.h"
#include "certname.h"

Go to the source code of this file.

Data Structures

 AIA_DESCRIPTION
 Represents the Authority Information Access extension for X.509 v3 certificates. More...

 ALTERNATE_NAME
 Holds a variety of name forms. More...

 AUTHORITY_KEY_ID
 Represents the Authority Key Identifier extension for X.509 v3 certificates and CRLs. More...

 BASIC_CONSTRAINTS
 Represents the Basic Constraints extension for X.509 certificates. More...

 DIST_POINT_NAME
 Represents the ASN.1 DistributionPointName structure in RFC 2459. More...

 DISTRIBUTION_POINT
 Represents a CRL Distribution Point extension for X.509 v3 CRLs. More...

 EXTENDED_KEY_USAGE
 Represents the Extended Key Usage extension for X.509 v3 certificates. More...

 DEFINED_ATTRIBUTE
 Stores a domain-defined attribute of the O/R Address. More...

 DEFINED_ATTRIBUTES
 Stores the domain-defined attributes of the O/R Address. More...

 E163_4_ADDR
 A type of extended network address in the EXTENSION_ATTRIBUTE structure. More...

 EDI_PARTY_NAME
 The EDI_PARTY_NAME structure contains an alternate name in a format agreed upon between communicating EDI partners. More...

 EXTENDED_NETWORK_ADDR
 Contains an extended network address. More...

 EXTENSION_ATTRIBUTE
 Stores an extension attribute of the O/R Address. More...

 EXTENSION_ATTRIBUTES
 When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the EXTENSION_ATTRIBUTES structure to store the extension attributes of the O/R Address. More...

 EXTENSION_HANDLER
 Contains pointers to callback functions for a particular extension type. More...

 EXTENSION_INFO
 Retrieves extension-entry information from an opaque EXTENSIONS_OBJ object, by calling the C_GetExtensionInfo() function. More...

 EXTENSION_TYPE_INFO
 Displays or changes the default setting of a supported standard extension. More...

 GENERAL_NAMES
 Represents the ASN.1 GeneralNames structure as described in RFC 2459. More...

 GENERAL_SUBTREE
 Specifies one or more naming subtrees, each defined by the name of the root of the subtree. More...

 ISSUING_DISTRIBUTION_POINT
 Represents an Issuing Distribution Point extension for X.509 v3 CRLs. More...

 NAME_CONSTRAINTS
 Contains a Name Constraints extension for X.509 v3 certificates. More...

 OCSP_ACCEPTABLE_RESPONSES
 Defines OCSP acceptable response types. More...

struct  OCSP_CRL_REFERENCE
 Represents the CRL References extension for an OCSP response. More...

 OR_ADDRESS
 Contains an O/R Address that is defined in accordance with the X.411 standard. More...

 ORG_UNIT_NAMES
 Contains an organizational unit name. More...

 OTHER_NAME
 Contains an application-defined alternate name. More...

 PDS_PARAMETER
 Contains a physical delivery system value. More...

 PERSONAL_NAME
 Contains a personal name. More...

 POLICY_CONSTRAINTS_36
 Represents the Policy Constraints extension for X.509 v3 certificates. More...

 POLICY_INFO
 Represents the Certificate Policies extension for X.509 v3 certificates. More...

 POLICY_MAPPING
 Represents a Policy Mappings extension for an X.509 v3 certificate. More...

 PRESENTATION_ADDR
 A type of extended network address in the EXTENSION_ATTRIBUTE structure. More...

 PRIVATE_KEY_USAGE_PERIOD
 Represents the Private-Key Usage Period extension for X.509 v3 certificates. More...

 QualifierInfo
 Stores a policy qualifier. More...

 STANDARD_ATTRIBUTES
 When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the STANDARD_ATTRIBUTES structure to store the standard attributes of the O/R Address. More...

 TYPED_STRING
 A convenient structure that holds a typed string. More...

 UNFORMATTED_POSTAL_ADDR
 Contains a non-formatted postal address. More...


Defines

#define TELETEX_PERSONAL_NAME
 Contains a personal name. More...

#define TELETEX_DOMAIN_DEFINED_ATTRS
 Contains an array of domain-defined attributes. More...


Typedefs

typedef TYPED_STRING TYPED_STRING
 A convenient structure that holds a typed string. More...

typedef EXTENSION_HANDLER EXTENSION_HANDLER
 Contains pointers to callback functions for a particular extension type. More...

typedef EXTENSION_TYPE_INFO EXTENSION_TYPE_INFO
 Displays or changes the default setting of a supported standard extension. More...

typedef EXTENSION_INFO EXTENSION_INFO
 Retrieves extension-entry information from an opaque EXTENSIONS_OBJ object, by calling the C_GetExtensionInfo() function. More...

typedef UINT4 KEY_USAGE
 Represents the Key Usage extension for X.509 v3 certificates. More...

typedef ITEM SUBJECT_KEY_ID
 Represents a Subject Key Identifier extension for an X.509 v3 certificate. More...

typedef ATTRIBUTES_OBJ SUBJECT_DIR_ATTRIB
 Represents a Subject Directory Attributes extension for an X.509 v3 certificate. More...

typedef OTHER_NAME OTHER_NAME
 Contains an application-defined alternate name. More...

typedef EDI_PARTY_NAME EDI_PARTY_NAME
 The EDI_PARTY_NAME structure contains an alternate name in a format agreed upon between communicating EDI partners. More...

typedef PERSONAL_NAME PERSONAL_NAME
 Contains a personal name. More...

typedef ORG_UNIT_NAMES ORG_UNIT_NAMES
 Contains an organizational unit name. More...

typedef STANDARD_ATTRIBUTES STANDARD_ATTRIBUTES
 When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the STANDARD_ATTRIBUTES structure to store the standard attributes of the O/R Address. More...

typedef DEFINED_ATTRIBUTE DEFINED_ATTRIBUTE
 Stores a domain-defined attribute of the O/R Address. More...

typedef DEFINED_ATTRIBUTES DEFINED_ATTRIBUTES
 Stores the domain-defined attributes of the O/R Address. More...

typedef PDS_PARAMETER PDS_PARAMETER
 Contains a physical delivery system value. More...

typedef UNFORMATTED_POSTAL_ADDR UNFORMATTED_POSTAL_ADDR
 Contains a non-formatted postal address. More...

typedef E163_4_ADDR E163_4_ADDR
 A type of extended network address in the EXTENSION_ATTRIBUTE structure. More...

typedef PRESENTATION_ADDR PRESENTATION_ADDR
 A type of extended network address in the EXTENSION_ATTRIBUTE structure. More...

typedef EXTENDED_NETWORK_ADDR EXTENDED_NETWORK_ADDR
 Contains an extended network address. More...

typedef EXTENSION_ATTRIBUTE EXTENSION_ATTRIBUTE
 Stores an extension attribute of the O/R Address. More...

typedef EXTENSION_ATTRIBUTES EXTENSION_ATTRIBUTES
 When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the EXTENSION_ATTRIBUTES structure to store the extension attributes of the O/R Address. More...

typedef OR_ADDRESS OR_ADDRESS
 Contains an O/R Address that is defined in accordance with the X.411 standard. More...

typedef ALTERNATE_NAME ALTERNATE_NAME
 Holds a variety of name forms. More...

typedef ALTERNATE_NAME GENERAL_NAME
 An application-defined ALTERNATE_NAME that can be converted to and from an ASN.1 data type, using ASN.1 encoding rules. More...

typedef ALTERNATE_NAME ISSUER_ALTNAME
 Represents an Issuer Alternate Name extension for an X.509 v3 certificate or CRL. More...

typedef ALTERNATE_NAME SUBJECT_ALTNAME
 Represents a Subject Alternate Name extension for an X.509 v3 certificate. More...

typedef AUTHORITY_KEY_ID AUTHORITY_KEY_ID
 Represents the Authority Key Identifier extension for X.509 v3 certificates and CRLs. More...

typedef BASIC_CONSTRAINTS BASIC_CONSTRAINTS
 Represents the Basic Constraints extension for X.509 certificates. More...

typedef PRIVATE_KEY_USAGE_PERIOD PRIVATE_KEY_USAGE_PERIOD
 Represents the Private-Key Usage Period extension for X.509 v3 certificates. More...

typedef QualifierInfo QualifierInfo
 Stores a policy qualifier. More...

typedef POLICY_INFO POLICY_INFO
 Represents the Certificate Policies extension for X.509 v3 certificates. More...

typedef POLICY_CONSTRAINTS_36 POLICY_CONSTRAINTS_36
 Represents the Policy Constraints extension for X.509 v3 certificates. More...

typedef EXTENDED_KEY_USAGE EXTENDED_KEY_USAGE
 Represents the Extended Key Usage extension for X.509 v3 certificates. More...

typedef GENERAL_SUBTREE GENERAL_SUBTREE
 Specifies one or more naming subtrees, each defined by the name of the root of the subtree. More...

typedef NAME_CONSTRAINTS NAME_CONSTRAINTS
 Contains a Name Constraints extension for X.509 v3 certificates. More...

typedef POLICY_MAPPING POLICY_MAPPING
 Represents a Policy Mappings extension for an X.509 v3 certificate. More...

typedef GENERAL_NAMES GENERAL_NAMES
 Represents the ASN.1 GeneralNames structure as described in RFC 2459. More...

typedef DIST_POINT_NAME DIST_POINT_NAME
 Represents the ASN.1 DistributionPointName structure in RFC 2459. More...

typedef DISTRIBUTION_POINT DISTRIBUTION_POINT
 Represents a CRL Distribution Point extension for X.509 v3 CRLs. More...

typedef ISSUING_DISTRIBUTION_POINT ISSUING_DISTRIBUTION_POINT
 Represents an Issuing Distribution Point extension for X.509 v3 CRLs. More...

typedef GENERAL_NAME CERT_ISSUER
 Represents a Certificate Issuer extension for X.509 v3 CRL entries. More...

typedef AIA_DESCRIPTION AIA_DESCRIPTION
 Represents the Authority Information Access extension for X.509 v3 certificates. More...

typedef UINT2 CRL_NUMBER
 Represents the CRL Number extension for X.509 v3 CRLs. More...

typedef UINT2 DELTA_CRL_INDICATOR
 Represents the Delta CRL Indicator extension for X.509 v3 CRLs. More...

typedef unsigned int REASON_CODE
 Represents a Reason Code extension for X.509 v3 CRL entries. More...

typedef OCSP_ACCEPTABLE_RESPONSES OCSP_ACCEPTABLE_RESPONSES
 Defines OCSP acceptable response types. More...

typedef GENERALIZED_TIME ARCHIVE_CUTOFF
 Represents the Archive Cutoff extension for an OCSP response. More...

typedef ITEM INSTRUCTION_CODE
 Represents a Hold Instruction Code extension for X.509 v3 CRL entries. More...

typedef GENERALIZED_TIME INVALID_DATE
 Represents an Invalidity Date extension for X.509 v3 CRL entries. More...


Enumerations

enum  OCSP_CRLREF_TYPE { OCSP_CRLREF_TYPE_UNSPECIFIED, OCSP_CRLREF_TYPE_URL, OCSP_CRLREF_TYPE_NUMBER, OCSP_CRLREF_TYPE_TIME }
 The OCSP_CRLREF_TYPE enumeration indicates the type of information contained in the OCSP_CRL_REFERENCE structure that is currently being used. More...


Functions

int C_GetExtensionTypeInfo (CERTC_CTX ctx, unsigned char *type, unsigned int typeLen, EXTENSION_TYPE_INFO *info)
 Searches for the extension type in ctx. More...

int C_RegisterExtensionType (CERTC_CTX ctx, EXTENSION_TYPE_INFO *info)
 Registers an application-defined extension type, or overrides the default setting of a supported standard extension type, with the value given in info. More...

int C_UnregisterExtensionType (CERTC_CTX ctx, unsigned char *type, unsigned int typeLen)
 Resets or removes a registered extension handler and extension type from ctx. More...

int C_CreateExtensionsObject (EXTENSIONS_OBJ *extensionsObject, unsigned int extensionsObjectType, CERTC_CTX ctx)
 Creates an extensionsObject of type extensionsObjectType. More...

void C_DestroyExtensionsObject (EXTENSIONS_OBJ *extensionsObject)
 Destroys all extensions in the extensionsObject and deletes all associated value lists. More...

int C_FindExtensionByType (EXTENSIONS_OBJ extensionsObject, unsigned char *type, unsigned int typeLen, unsigned int *index)
 Finds the extension of the type given in type. More...

int C_GetExtensionTypeByIndex (EXTENSIONS_OBJ extensionsObject, unsigned char **type, unsigned int *typeLen, unsigned int index)
 Gets the extension type from extensionsObject at the index given in index. More...

int C_GetExtensionCount (EXTENSIONS_OBJ extensionsObject, unsigned int *count)
 Gets the total number of extension entries in extensionsObject and returns it in count. More...

void C_ResetExtensionsObject (EXTENSIONS_OBJ extensionsObject)
 Returns extensionsObject to the state it was in after it was created. More...

int C_GetExtensionsObjectDER (EXTENSIONS_OBJ extensionsObject, unsigned char **der, unsigned int *derLen)
 Gets the DER-encoded value of all the extensions in extensionsObject. More...

int C_SetExtensionsObjectBER (EXTENSIONS_OBJ extensionsObject, unsigned char *ber, unsigned int berLen)
 Sets extensionsObject with the new extension entries given in ber. More...

int C_GetExtensionsInAttributesObj (EXTENSIONS_OBJ extensionsObject, ATTRIBUTES_OBJ attributesObject)
 Transfers the value of attributesObject into extensionsObject. More...

int C_GetAttributeInExtensionsObj (EXTENSIONS_OBJ extensionsObject, ATTRIBUTES_OBJ attributesObject)
 Transfers data from extensionsObject to attributesObject. More...

int C_CreateExtension (EXTENSIONS_OBJ extensionsObject, unsigned char *type, unsigned int typeLen, unsigned int *index, int criticality, EXTENSION_HANDLER *newHandler)
 Creates a new extension entry in extensionsObject. More...

int C_SetExtensionBER (EXTENSIONS_OBJ extensionsObject, unsigned int *index, unsigned char *ber, unsigned int berLen)
 Instantiates an extension with the information in ber and berLen. More...

int C_GetExtensionValue (EXTENSIONS_OBJ extensionsObject, unsigned int extenIndex, unsigned int valueIndex, POINTER *value)
 Gets the value referenced by valueIndex in the extension's value list. More...

int C_DestroyExtension (EXTENSIONS_OBJ extensionsObject, unsigned int index)
 Destroys one extension as referenced by index. More...

int C_GetExtensionInfo (EXTENSIONS_OBJ extensionsObject, unsigned int index, EXTENSION_INFO *extensionInfo)
 Gets information about the extension referenced by index, and places it in extensionInfo. More...

int C_AddExtensionValue (EXTENSIONS_OBJ extensionsObject, unsigned int index, POINTER value, unsigned int *valueIndex)
 Adds an extension value to an existing extension entry in extensionsObject, which must be referenced by index. More...

int C_DeleteExtensionValue (EXTENSIONS_OBJ extensionsObject, unsigned int index, unsigned int valueIndex)
 Deletes the extension value referenced by valueIndex in the extension entry referenced by index. More...

int C_GetExtensionDER (EXTENSIONS_OBJ extensionsObject, unsigned int index, unsigned char **valueDER, unsigned int *valueDERLen)
 Gets the DER encoding of the extension entry referenced by index. More...

int C_GetEncodedExtensionValue (EXTENSIONS_OBJ extensionsObject, unsigned int index, unsigned char **encodedValue, unsigned int *encodedValueLen)
 Gets the encoded form of the value(s) of the extension referenced by index. More...

int C_SetEncodedExtensionValue (EXTENSIONS_OBJ extensionsObject, unsigned int index, unsigned char *encodedValue, unsigned int encodedValueLen)
 Sets the extension referenced by index with the value given in encodedValue and encodedValueLen. More...

int C_CompareExtension (EXTENSIONS_OBJ extensionsObject1, unsigned int extensionIndex1, EXTENSIONS_OBJ extensionsObject2, unsigned int extensionIndex2)
 Compares two extensions. More...

int C_CompareExtensions (EXTENSIONS_OBJ extensionsObject1, EXTENSIONS_OBJ extensionsObject2)
 Compares two extensions objects (each representing a set of extensions). More...

Define Documentation

#define TELETEX_DOMAIN_DEFINED_ATTRS
 

Contains an array of domain-defined attributes. It can be used as an extension attribute in an OR_ADDRESS structure. (The OR_ADDRESS can be used as the alternate name in an ALTERNATE_NAME structure.) In the extension attribute structure, EXTENSION_ATTRIBUTE, if EA_TELETEX_DOMAIN_DEFINED_ATTRS is set as the extension-attribute type, complete a TELETEX_DOMAIN_DEFINED_ATTRS structure to specify the extension-attribute value. For a detailed description of the defined-attribute structures, see DEFINED_ATTRIBUTES and DEFINED_ATTRIBUTE.

#define TELETEX_PERSONAL_NAME
 

Contains a personal name. It can be used as an extension attribute in an OR_ADDRESS structure. (The OR_ADDRESS can be used as the alternate name in an ALTERNATE_NAME structure.) In the extension-attribute structure, EXTENSION_ATTRIBUTE, if EA_TELETEX_PERSONAL_NAME is set as the extension-attribute type, complete a TELETEX_PERSONAL_NAME structure to specify the extension-attribute value. For a detailed description of the personal-name structure, see PERSONAL_NAME.

Typedef Documentation

typedef struct AIA_DESCRIPTION AIA_DESCRIPTION
 

Represents the Authority Information Access extension for X.509 v3 certificates. It specifies how to obtain CA information about the issuer of the certificate. This CA information can include CA validation services and CA policy information. However, it does not include CRLs. The location of CRLs is specified by the CRL Distribution Points extension. (See DISTRIBUTION_POINT.) The default criticality for this extension is NON_CRITICAL. A certificate can have multiple Authority Information Access extensions at the same time. Use the AIA_DESCRIPTION structure with the C_AddExtensionsValue() and C_GetExtensionsValue() functions.

Parameters:
accessMethod An ITEM structure whose data member points to an OID that indicates the type and format of the CA access information. The access method uses either a chain of CA issuers or a set of OCSP responders. The possible values are:

CA Access Method OID Length
AIA_CAISSUERS AIA_CAISSUERS_LEN
AIA_OCSP AIA_OCSP_LEN

accessLocation A GENERAL_NAME structure that specifies the location of the CA access information.

typedef struct ALTERNATE_NAME ALTERNATE_NAME
 

Holds a variety of name forms. This structure is a component of several X.509 v3 certificate extensions (AIA_DESCRIPTION, AUTHORITY_KEY_ID, ISSUER_ALTNAME, NAME_CONSTRAINTS, and SUBJECT_ALTNAME); CRL extensions (AUTHORITY_KEY_ID, ISSUER_ALTNAME, and ISSUING_DISTRIBUTION_POINT); and CRL entry extensions (CERT_ISSUER). It is also used in the PKI_POP_GEN_SIGNATURE_INFO structure.

Parameters:
altNameType An unsigned int value that identifies the type of data structure in the altName union. Cert-C supports the following alternate-name types:

Alternate-Name Type Description
CN_OTHER_NAME Name of any form defined as an instance of OTHER_NAME
CN_RFC822_NAME Internet e-mail address, defined in accordance with Internet RFC 822, of IA5 string type
CN_DNS_NAME Internet domain-name service, defined in accordance with Internet RFC 1035, of IA5 string type
CN_X400_ADDRESS O/R Address structure, defined in accordance with the X.411 standard
CN_DIRECTORY_NAME DN, defined in accordance with the X.501 standard
CN_EDI_PARTY_NAME Name of a form agreed upon between communicating EDI partners
CN_RESOURCE_LOCATOR Uniform Resource Locator for the World-Wide Web, defined in accordance with Internet RFC 1630, of IA5 string type
CN_IP_ADDRESS Internet Protocol address, defined in accordance with Internet RFC 791, represented as an octet string
CN_REGISTERED_ID Identifier of any registered object, defined in accordance with the X.660 standard

altName A union that contains an alternate name in the format specified by altNameType.
    otherName An OTHER_NAME structure that represents any application-defined type of name.
    rfc822Name An ITEM structure that represents an Internet e-mail address that is defined in accordance with Internet RFC 822. The data member points to an IA5 string.
    dNSName An ITEM structure that represents an Internet domain-name service that is defined in accordance with Internet RFC 1035. The data member points to an IA5 string.
    x400Address An OR_ADDRESS structure that represents an O/R Address that is defined in accordance with the X.411 standard.
    directoryName A NAME_OBJ object that represents a DN that is defined in accordance with the X.501 standard.
    ediPartyName An EDI_PARTY_NAME structure that represents an EDI name.
    resourceLocator An ITEM structure that represents a URL that is defined in accordance with Internet RFC 1630. The data member points to an IA5 string.
    ipAddress An ITEM structure that represents an IP address that is defined in accordance with Internet RFC 791. The data member points to an octet string.
    registeredID An ITEM structure that represents a registered OID that is defined in accordance with the X.660 standard. The data member points to the object identifier.

typedef GENERALIZED_TIME ARCHIVE_CUTOFF
 

Represents the Archive Cutoff extension for an OCSP response. It indicates that the OCSP responder has chosen to retain revocation information beyond the certificate's expiration date. The archive cutoff date is obtained by subtracting this retention period from the producedAt time in the OCSP response of the associated OCSP_EVIDENCE. The default criticality for this extension is NON_CRITICAL. An OCSP response can contain only one ARCHIVE_CUTOFF extension for each certificate for which status is being requested. This extension can be present only in an EXTENSIONS_OBJ of type OCSP_SINGLE_EXTENSIONS_OBJ. Use the ARCHIVE_CUTOFF structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef struct AUTHORITY_KEY_ID AUTHORITY_KEY_ID
 

Represents the Authority Key Identifier extension for X.509 v3 certificates and CRLs. It is used to identify the public key that corresponds to the private key used to sign the certificate or CRL. The identification is based on the issuer's key identifier or on the issuer's name and serial number.

The certificate's or CRL's Authority Key Identifier extension can be used together with the issuer's Subject Key Identifier extension to facilitate chain building. See SUBJECT_KEY_ID. The default criticality for this extension is NON_CRITICAL. A certificate or CRL can have only one Authority Key Identifier extension at a time.

Use the AUTHORITY_KEY_ID structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
keyIdentifier An ITEM structure that specifies the unique key identifier of the issuer that signs this certificate or CRL. This field can be used alone or together with the issuerNames and serialNumber pair. To omit this field, set the data member to NULL_PTR, and the len member to 0 (zero).
serialNumber An ITEM structure that specifies the issuer's certificate serial number. This field, together with the issuerNames field, forms a unique identifier for a certificate. To omit this field, set the data member to NULL_PTR and the len member to 0 (zero). If this field is omitted, then omit issuerNameCount and issuerNames.
issuerNameCount An unsigned int value that indicates the number of alternate names in the issuerNames array. If the serialNumber field is omitted, then omit this field.
issuerNames A pointer to an ALTERNATE_NAME array that contains a list of the issuer's alternative names. See the ALTERNATE_NAME data structure for more information. This field, together with the serialNumber field, forms the issuer's unique key identifier. To omit this field, set it to (NAME_OBJ)NULL_PTR. If this field is omitted, then omit serialNumber and set issuerNameCount to 0 (zero).

typedef struct BASIC_CONSTRAINTS BASIC_CONSTRAINTS
 

Represents the Basic Constraints extension for X.509 certificates. It indicates whether or not the subject of the certificate can act as a CA, and specifies the constraints on that authority. The default criticality for this extension is CRITICAL. A certificate can have only one Basic Constraints extension at a time. Use the BASIC_CONSTRAINTS structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
subjectType An unsigned int value that indicates whether or not the certificate subject can act as a CA. Set subjectType to one of the following types:

Subject Type Description
SUBJECT_TYPE_END_ENTITY Subject is an end entity.
SUBJECT_TYPE_CA Subject can act as a CA.

pathLenConstraint An int value that indicates the maximum number of CA certificates that can follow this certificate in a certification path. This field is meaningful only for a CA certificate.
  • If the subjectType is SUBJECT_TYPE_END_ENTITY, set this field to NOT_IN_USE. Cert-C will ignore it.

    Path-Length Constraint Description
    NOT_IN_USE Field is not used and should be ignored.
  • If the subjectType is SUBJECT_TYPE_CA, set this field to one of the following path-length constraints:

    Path-Length Constraint Description
    UNLIMITED_PATH_LEN The certification path length is unlimited; this certificate can be followed by any number of certificates.
    n The number of CA certificates allowed in the certification path.
    0 Only an end-entity certificate can follow in the path.

typedef GENERAL_NAME CERT_ISSUER
 

Represents a Certificate Issuer extension for X.509 v3 CRL entries. This extension identifies the certificate issuer associated with an entry in an indirect CRL. An indirect CRL contains revocation notifications from CAs other than the CA that issued the CRL. The indirect CRL identifies only the issuer of the CRL, not the issuer of the certificates in the CRL. Therefore, the CA that issued the certificates in the CRL must be identified by a Certificate Issuer extension in each CRL entry. If a CRL's Issuing Distribution Point extension has the IDP_INDIRECT_CRL_ENABLED indicator set, it is an indirect CRL. The default criticality for this extension is CRITICAL. A CRL entry can have multiple Certificate Issuer extensions at the same time.

Use the CERT_ISSUER structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef UINT2 CRL_NUMBER
 

Represents the CRL Number extension for X.509 v3 CRLs. It holds a sequence number for each CRL issued by a given CRL issuer through a given CRL distribution point. The default criticality for this extension is NON_CRITICAL. A CRL can have only one CRL Number extension at a time. Use the CRL_NUMBER type with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef struct DEFINED_ATTRIBUTE DEFINED_ATTRIBUTE
 

Stores a domain-defined attribute of the O/R Address. Use this structure to fill the array of attributes in one of the following:

Parameters:
type An ITEM structure that specifies the type of defined attribute in value. The data member points to one of the following defined-attribute types:

Defined-Attribute Type Description
printablestring A printable string; a member of a DEFINED_ATTRIBUTES structure
teletexstring A teletex string; a member of a TELETEX_DOMAIN_DEFINED_ATTRS structure (in an EXTENSION_ATTRIBUTE structure)

The maximum length is UB_DefinedAttributeTypeLength.
value An ITEM structure that specifies a defined-attribute value. The data member points to a printable string or a teletex string, depending on the attribute type. The maximum length is UB_DefinedAttributeValueLength.

typedef struct DEFINED_ATTRIBUTES DEFINED_ATTRIBUTES
 

Stores the domain-defined attributes of the O/R Address. When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the DEFINED_ATTRIBUTES structure to store the domain-defined attributes of the O/R Address. This structure is also defined as TELETEX_DOMAIN_DEFINED_ATTRS. The teletex defined-attributes structure is used as an extension attribute in the OR_ADDRESS structure.

Parameters:
definedAttributesCount An unsigned int value that indicates the number of elements in the definedAttribute array. The maximum number of elements is UB_DefinedAttributes.
definedAttribute A pointer to an array of DEFINED_ATTRIBUTE structures that represent the built-in, domain-defined attributes of the O/R Address.

typedef UINT2 DELTA_CRL_INDICATOR
 

Represents the Delta CRL Indicator extension for X.509 v3 CRLs. It indicates that this CRL is a delta CRL, and contains the same sequence number as the base CRL that was used as the starting point for generating this CRL. (In the base CRL, this number is in the CRL Number extension.) The delta CRL and the corresponding complete CRL, which are always issued at the same time, contain the same CRL Number extension. A delta CRL contains only the differences between the base CRL and the complete CRL. Using delta CRLs can improve processing time for applications that store CRL information. The default criticality for this extension is CRITICAL. A CRL can have only one Delta CRL Indicator extension at a time. Use the DELTA_CRL_INDICATOR type with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef struct DIST_POINT_NAME DIST_POINT_NAME
 

Represents the ASN.1 DistributionPointName structure in RFC 2459. It contains the DNs of a CRL distribution point. It is used in two structures:

If DISTRIBUTION_POINT contains a distPointName value of type URI, then distPointName's value must point to the current CRL for the associated reasons. The reasons value is issued by the associated cRLIssuer. If the DISTRIBUTION_POINT omits reasons, the CRL must include revocations for all reasons. If the DISTRIBUTION_POINT omits cRLIssuer, the CRL must be issued by the CA that issued the certificate.
Parameters:
nameType An unsigned int value that identifies the type of data structure in the name union. Cert-C supports the following types of distribution-point names:

Distribution-Point-Name Type Description
DPN_FULL_NAME A GENERAL_NAMES structure. See fullNames.
DPN_RELATIVE_NAME A NAME_OBJ object.

name A union that contains a distribution-point name in the format specified by nameType.
    fullNames A GENERAL_NAMES structure that contains multiple full DNs for the CRL distribution point.
    nameRelativeToCRLIssuer A NAME_OBJ object that contains the CRL-distribution-point name that is directly subordinate to the directory name of the CRL issuer. This NAME_OBJ must contain only one RDN (RelativeDistinguishedName).

typedef struct DISTRIBUTION_POINT DISTRIBUTION_POINT
 

Represents a CRL Distribution Point extension for X.509 v3 CRLs. It identifies how the CRL distribution point is obtained. While both distPointName and cRLIssuers are optional fields, at least one of these fields must contain a value; RFC 2459 states that reasons cannot be the only field in the encoding. The default criticality for this extension is NON_CRITICAL. A CRL can have multiple CRL Distribution Point extensions at any time. Use the DISTRIBUTION_POINT structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
distPointName A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL distribution point from which this CRL is distributed. This field is optional. A NULL value means this field is omitted from the DER encoding. See DIST_POINT_NAME for more information.
reasons A UINT4 value that can be used to limit the revocation reasons specified by this CRL. This field can be set to one or more of the values in the following table. If this field is not set, the CRL can specify any revocation reasons. Currently, the reason is ignored in Cert-C.

Reason Type Description
DPR_NO_REASONS Indicates that the reason was not contained in the DER encoding
DPR_UNUSED Indicates that a reason is not used
DPR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised
DPR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised
DPR_AFFILIATION_CHANGED Indicates that the subject's name or other information has been changed
DPR_SUPERSEDED Indicates that the certificate has been superseded
DPR_CESSATION_OF_OPERATION Indicates that the certificate is no longer needed
DPR_CERTIFICATE_HOLD Indicates that the certificate is on hold

crlIssuers A pointer to a GENERAL_NAMES structure that contains a sequence of GENERAL_NAMEs. This field is optional. A NULL value means this field is omitted from the DER encoding. Cert-C uses the x500 DN to select CRLs from the CRL distribution point when the path algorithm is set to PKIX2.

typedef struct E163_4_ADDR E163_4_ADDR
 

A type of extended network address in the EXTENSION_ATTRIBUTE structure. Use this structure only if you are providing an OR_ADDRESS structure as the alternate name in an ALTERNATE_NAME structure, and you are completing an extended network address for the EXTENSION_ATTRIBUTE. This E163_4_ADDR structure designates the E163-4 address number as the type of extended network address.

Parameters:
number An ITEM structure whose data member points to a numeric string and whose len member indicates the length of the string. The maximum length is UB_el634NumberLength.
subAddress An ITEM structure whose data member points to a numeric string and whose len member indicates the length of the string. The maximum length is UB_e1634SubAddressLength.

typedef struct EDI_PARTY_NAME EDI_PARTY_NAME
 

The EDI_PARTY_NAME structure contains an alternate name in a format agreed upon between communicating EDI partners. It represents an ediPartyName in the ALTERNATE_NAME structure; if you set CN_EDI_PARTY_NAME as the altNametype, you must complete an EDI_PARTY_NAME structure to specify the altName.

Parameters:
nameAssigner A TYPED_STRING structure that identifies the authority that assigned the unique name in the partyName field.
partyName A TYPED_STRING structure that represents the name of a communicating EDI partner.

typedef struct EXTENDED_KEY_USAGE EXTENDED_KEY_USAGE
 

Represents the Extended Key Usage extension for X.509 v3 certificates. This value indicates one or more purposes for which the public key in a certificate can be used. It can be used for these extended purposes in addition to, or in place of, the basic purposes indicated in the KEY_USAGE extension. Extended key purposes can be defined by any organization with a need to do so. The default criticality for this extension is NON_CRITICAL. A certificate can have multiple Extended Key Usage extensions at the same time. Use the EXTENDED_KEY_USAGE structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
keyUsagePurpose An ITEM structure whose data member points to the extended-key-usage OIDs that indicate the purposes of the key in the certificate. Cert-C defines the extended-key-usage OIDs listed in the following table:

PKIX Extended-Key-Usage OID Extended-Key-Usage OID Length
KP_SERVERAUTH KP_SERVERAUTH_LEN
KP_CLIENTAUTH KP_CLIENTAUTH_LEN
KP_CODESIGNING KP_CODESIGNING_LEN
KP_EMAILPROTECTION KP_EMAILPROTECTION_LEN
KP_IPSECENDSYSTEM KP_IPSECENDSYSTEM_LEN
KP_IPSECTUNNEL KP_IPSECTUNNEL_LEN
KP_IPSECUSER KP_IPSECUSER_LEN
KP_TIMESTAMPING KP_TIMESTAMPING_LEN
KP_OCSPSIGNING KP_OCSPSIGNING_LEN

typedef struct EXTENDED_NETWORK_ADDR EXTENDED_NETWORK_ADDR
 

Contains an extended network address. It can be used as an extension attribute in an OR_ADDRESS structure. (The OR_ADDRESS can be used as the alternate name in an ALTERNATE_NAME structure.) To set the EXTENSION_ATTRIBUTE to contain EXTENDED_NETWORK_ADDR, first set the type in the EXTENSION_ATTRIBUTE struct to EA_EXTENDED_NETWORK_ADDR. Next, set the value in EXTENSION_ATTRIBUTE to point to an EXTENDED_NETWORK_ADDR structure.

Parameters:
type An unsigned int value that identifies the type of data structure in the addr union. Cert-C supports the following extended-network-address types:

ENA Type Description
ENA_E163_4 E163-4 Address Number
MTS.ExtendedNetworkAddress.e163-4-address.number
ENA_PRESENTATION Presentation Address
MTS.ExtendedNetworkAddress.psap-address

addr A union that contains an extended network address in the format specified by type.
    e1634Addr An E163_4_ADDR data structure that represents an E163-4 address.
    presentationAddr A PRESENTATION_ADDR data structure that represents a PSAP address.

typedef struct EXTENSION_ATTRIBUTE EXTENSION_ATTRIBUTE
 

Stores an extension attribute of the O/R Address. Use this structure to fill the array of attributes in an EXTENSION_ATTRIBUTES structure.

Parameters:
type An unsigned int value that indicates the extension-attribute type. The following types are defined:

Extension-Attribute Type Description
EA_COMMON_NAME ITEM - Printable string
EA_TELETEX_COMMON_NAME ITEM - Teletex/T61 string
EA_TELETEX_ORG_NAME ITEM - Teletex/T61 string
EA_TELETEX_PERSONAL_NAME TELETEX_PERSONAL_NAME
EA_TELETEX_ORG_UNIT_NAME ORG_UNIT_NAMES
EA_TELETEX_DOMAIN_DEFINED_ATTRS TELETEX_DOMAIN_DEFINED_ATTRS
EA_PDS_NAME ITEM - Printable string
EA_PHYSICAL_DELIVERY_COUNTRY_NAME TYPED_STRING - Printable string or numeric string
EA_POSTAL_CODE TYPED_STRING - Printable string or numeric string
EA_PHYSICAL_DELIVERY_OFFICE_NAME PDS_PARAMETER
EA_PHYSICAL_DELIVERY_OFFICE _NUMBER PDS_PARAMETER
EA_EXTENSION_OR_ADDR_COMPONENTS PDS_PARAMETER
EA_PHYSICAL_DELIVERY_PERSONAL_NAME PDS_PARAMETER
EA_PHYSICAL_DELIVERY_ORG_NAME PDS_PARAMETER
EA_PHYSICAL_DELIVERY_ADDR_COMPONENTS PDS_PARAMETER
EA_UNFORMATTED_POSTAL_ADDR UNFORMATTED_POSTAL_ADDR
EA_STREET_ADDR PDS_PARAMETER
EA_PO_BOX PDS_PARAMETER
EA_POSTE_RESTANTE_ADDR PDS_PARAMETER
EA_UNIQUE_POSTAL_NAME PDS_PARAMETER
EA_LOCAL_POSTAL_ATTRS PDS_PARAMETER
EA_EXTENDED_NETWORK_ADDR EXTENDED_NETWORK_ADDR
EA_TERMINAL_TYPE Integer, defined as one of the following values:
EA_TT_TELEX 3:
EA_TT_TELETEX 4:
EA_TT_G3_FACSIMILE 5:
EA_TT_G4_FACSIMILE 6:
EA_TT_IA5_TERMINAL 7:
EA_TT_VIDEOTEX 8:

The maximum lengths for the string types are:

String Type Length
EA_COMMON_NAME UB_CommonNameLength
EA_TELETEX_COMMON_NAME UB_CommonNameLength
EA_TELETEX_ORG_NAME UB_OrganizationNameLength
EA_PDS_NAME UB_pdsNameLength
EA_PHYSICAL_DELIVERY_COUNTRY_NAME UB_CountryNameNumericLength for a numeric string, or
UB_CountryNameAlphaLength for a printable string
EA_POSTAL_CODE UB_postalCodeLength

value A pointer to the extension-attribute value of the O/R Address. The structure that holds the attribute value is determined by the attribute type.

typedef struct EXTENSION_ATTRIBUTES EXTENSION_ATTRIBUTES
 

When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the EXTENSION_ATTRIBUTES structure to store the extension attributes of the O/R Address.

Parameters:
extensionAttributesCount An unsigned int value that indicates the number of elements in the extensionAttribute array. The maximum number of extensionAttribute elements is UB_ExtensionAttributes.
extensionAttribute A pointer to an array of EXTENSION_ATTRIBUTE structures that represent the extension attributes of the O/R Address.

typedef struct EXTENSION_HANDLER EXTENSION_HANDLER
 

Contains pointers to callback functions for a particular extension type. Cert-C provides a default extension handler for each Cert-C-defined extension type. However, when overriding a default extension handler or when defining a new extension type, it is necessary to provide the callback functions. The following table lists the four callback functions to provide for each extension type, and the Cert-C functions that call each callback function:

Callback Function Cert-C Functions that Call the Callback
AllocAndCopy C_AddExtensionValue()
Destructor C_DeleteExtensionValue()
GetEncodedValue C_GetEncodedExtensionValue()
SetEncodedValue C_SetEncodedExtensionValue()
C_SetExtensionsObjectBER()
C_SetExtensionBER()

The EXTENSION_HANDLER structure is used in the EXTENSION_TYPE_INFO structure, and as:

  • An input to the C_RegisterExtensionType() function. Use this function to:
    • Specify a customized extension handler for a Cert-C-defined extension type
    • Specify an application-defined extension type

    Note: When overriding the default handler or registering a new extension type, it is necessary to provide all the callback functions listed in EXTENSION_HANDLER. Otherwise, Cert-C returns an error when calling C_RegisterExtensionType().

  • An output from the C_GetExtensionTypeInfo() function. Use this function to get the default or registered extension handler for a particular extension type.

  • An input to the C_CreateExtension() function. Use this function to override the default or registered extension handler for a particular extension type.
To override only one callback in a handler, use the C_GetExtensionTypeInfo() function to get a copy of the default handler. Overwrite the target callback; then call the C_RegisterExtensionType() function to override the default handler.
Parameters:
AllocAndCopy The AllocAndCopy callback function allocates memory for newValue and copies the information given in value to newValue. If AllocAndCopy is successful, it returns 0 (zero). If AllocAndCopy fails to allocate memory, it returns the E_ALLOC error. If the data in value is not valid, then AllocAndCopy does not allocate memory and it returns the E_DATA error. This function is called by C_AddExtensionValue() to add an extension value into an existing extension entry.
    newValue An output field that contains the new copy of value that is returned by the AllocAndCopy function.
    value An input field that contains extension information to be duplicated by the AllocAndCopy function.
Destructor The Destructor callback function de-allocates the value that was allocated by AllocAndCopy, freeing all memory associated with it. If the value is (POINTER)NULL_PTR, then Destructor performs no operation. The Destructor function is called by the C_DeleteExtensionValue() function to delete an extension value from an extension entry.
GetEncodedValue The GetEncodedValue callback function is called by the C_GetEncodedExtensionValue() function to encode the extension entry's value list. GetEncodedValue calls the C_GetListObjectCount() and C_GetListObjectEntry() functions to extract the extension value(s) to be encoded from the valueList. GetEncodedValue allocates a block of memory to store the encoded value and saves a pointer to this block in der and its length in derLen. GetEncodedValue encodes all the value(s) in the valueList. If GetEncodedValue is successful, it returns 0 (zero); if it fails, it returns a non-zero value.

The C_GetEncodedExtensionValue() function saves the der value in the extension entry. The der value is destroyed when you modify or destroy the extension entry that owns the valueList.
    valueList An input field containing the list of extension values that are to be encoded by the GetEncodedValue function.
    der An output field that the GetEncodedValue function uses to store the encoded extension values.
    derLen An output field that contains the length of the encoded extension values.
SetEncodedValue The SetEncodedValue callback function decodes the extension value given in ber and berLen into a C data structure representation of the value(s). The Cert-C function passes a listEntryHandler to SetEncodedValue. The list handler includes its own AllocAndCopy and Destructor callbacks that recognize the data structure for the decoded value of this extension type. SetEncodedValue calls the C_AddListObjectEntry() function to add the C data structure representation of the value(s) to the valueList. These new value entries can be destroyed by the C_DeleteExtension(), C_DeleteExtensionValue(), or C_DestroyExtensionsObject() functions. The Cert-C function that calls this function creates valueList; it is destroyed when the extension that owns the valueList is destroyed. This function is called by C_SetExtensionsObjectBER(), C_SetExtensionBER(), and C_SetEncodedExtensionValue().
    valueList An input field containing the list of extension values that are to be decoded by the SetEncodedValue function. The Cert-C function that calls this function creates valueList; it is destroyed when the extension that owns the valueList is destroyed.
    ber An input field used to store the value to bedecoded.
    berLen An input field used to store the length of the values to be decoded.
    listEntryHandler An input/output field that points to a LIST_OBJ_ENTRY_HANDLER structure. The application can use this to insert application-defined extension values into the valueList.

typedef struct EXTENSION_INFO EXTENSION_INFO
 

Retrieves extension-entry information from an opaque EXTENSIONS_OBJ object, by calling the C_GetExtensionInfo() function.

Parameters:
type A pointer to an unsigned char array that specifies the extension type.
typeLen An unsigned int value that indicates the length of the extension type. See the tables for the type member.
criticalFlag An unsigned int value that indicates the extension entry's criticality.

Extension Criticality Description
NON_CRITICAL Extension is not critical.
CRITICAL Extension is critical.

valueCount An unsigned int value that indicates the number of value entries in the extension entry's value list.
  • If the extension type can have only one value at a time, the valueCount is 0 (zero) or 1 (one).
  • If the extension type can have multiple values at the same time, the valueCount is the current number of value entries in the extension's value list.
reserved Set this field to NULL_PTR; it is reserved for future use.

typedef struct EXTENSION_TYPE_INFO EXTENSION_TYPE_INFO
 

Displays or changes the default setting of a supported standard extension. It also registers an application-defined extension type in the Cert-C context. This structure is used with the C_GetExtensionTypeInfo() and C_RegisterExtensionType() functions.

Parameters:
type An ITEM structure that indicates the extension type.
criticality An unsigned int value that indicates the extension type's default criticality.

Extension Criticality Flag Description
NON_CRITICAL Extension is not critical.
CRITICAL Extension is critical.

overrideCriticality An unsigned int value that allows you to override the extension type's default criticality when you call the C_CreateExtension() function. Note that the Cert-C default for all extension types is to allow the criticality to be overridden.

Override Criticality Flag Description
ALLOW_OVERRIDE_CRITICALITY Extension criticality can be overridden.
0 Extension criticality cannot be overridden.

overrideHandler An unsigned int value that allows you to override the extension type's default handler when you call the C_CreateExtension() function. Note that the Cert-C default for all extension types is to allow the handler to be overridden.

Override Handler Flag Description
ALLOW_OVERRIDE_HANDLER Extension handler can be overridden.
0 Extension handler cannot be overridden.

authenObjects A UINT2 value that designates the object types that can include this extension type. This field can be set to one object type, or to a combination of object types by 'OR'ing them together.

Authentication Object Type Description
CERT_EXTENSIONS_OBJ Authenticates certificate extensions.
CRL_EXTENSIONS_OBJ Authenticates CRL extensions.
CRL_ENTRY_EXTENSIONS_OBJ Authenticates CRL entry extensions.
OCSP_REQUEST_EXTENSONS_OBJ Authenticates OCSP request extensions.
OCSP_SINGLE_EXTENSIONS_OBJ Authenticates OCSP single-certificate extensions.

uniqueValue An unsigned int value that indicates whether the extension can have multiple extension values or only a single extension value. If the extension can have multiple values, set it to 0. Otherwise, set it to 1 (one).
handler An EXTENSION_HANDLER structure that specifies the handler for this extension type. Cert-C provides a default extension handler for each Cert-C-defined extension type. However, if the default extension handler is overridden, or if a new extension type is defined, it is necessary to provide the callback functions. See the EXTENSION_HANDLER structure for a complete description of the callback functions.

typedef ALTERNATE_NAME GENERAL_NAME
 

An application-defined ALTERNATE_NAME that can be converted to and from an ASN.1 data type, using ASN.1 encoding rules.

typedef struct GENERAL_NAMES GENERAL_NAMES
 

Represents the ASN.1 GeneralNames structure as described in RFC 2459. It contains a sequence of GENERAL_NAMEs. This structure is used in the DISTRIBUTION_POINT and DIST_POINT_NAME structures.

Parameters:
nameCount An unsigned int value that indicates the number of elements in the names array.
names A pointer to an array of GENERAL_NAME structures.

typedef struct GENERAL_SUBTREE GENERAL_SUBTREE
 

Specifies one or more naming subtrees, each defined by the name of the root of the subtree.

Parameters:
base An ALTERNATE_NAME structure that contains the base name of the general subtree. Use only base names that have a well-defined hierarchical structure.
minimum An int value that specifies the upper bound of the area within the subtree. All names whose last component is above the level specified are excluded from the subtree.
  • If minimum is set to 0 (the default), then the naming subtree includes the base name, that is, the top node of the subtree. The PKIX standard recommends that this value should always be set to 0 (zero).
  • If minimum is set to 1 (one), then the naming subtree excludes the base node but includes subordinate nodes.
maximum An int value that specifies the lower bound of the area within the subtree. All names whose last component is below the level specified are excluded from the subtree.
  • If maximum is set to 0 (zero), then the naming subtree includes the base node at the top of the subtree, and excludes all subordinate nodes.
  • If maximum is set to 1 (one), then the naming subtree includes the base node and its immediate subordinates, and excludes all other subordinate nodes.
  • This is an optional field; to omit this field, set it to NOT_IN_USE. If a maximum value is not provided, a lower limit is not imposed on the subtree.

typedef ITEM INSTRUCTION_CODE
 

Represents a Hold Instruction Code extension for X.509 v3 CRL entries. This extension contains instructions about the action to be taken if a CRL entry indicates that a certificate is on hold. It is an ITEM structure whose data member points to an instruction OID. This instruction code can indicate that, if a certificate is on hold, an application should reject the certificate, a user should call the certificate issuer, or some other such action should be taken. (If a CRL entry's Reason Code extension has the CR_CERTIFICATE_HOLD flag set, the certificate is on hold.) The default criticality for this extension is NON_CRITICAL. A CRL entry can have only one Hold Instruction Code extension at a time.

Use the INSTRUCTION_CODE structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef GENERALIZED_TIME INVALID_DATE
 

Represents an Invalidity Date extension for X.509 v3 CRL entries. It indicates the time at which the private key in the certificate was compromised or the time at which the certificate was determined to be invalid.

The invalidity time can be earlier than the revocation time, which is the time at which the CA processed the revocation and updated the CRL. The default criticality for this extension is NON_CRITICAL. A CRL entry can have only one Invalidity Date extension at a time. Use the INVALID_DATE structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef ALTERNATE_NAME ISSUER_ALTNAME
 

Represents an Issuer Alternate Name extension for an X.509 v3 certificate or CRL. It allows the issuer's alternative names to be bound to the certificate or CRL, in addition to the issuer's DN. The default criticality for this extension is NON_CRITICAL. However, if the certificate's issuer-distinguished-name field (issuerName) is empty, this extension must be marked CRITICAL. A certificate or CRL can have multiple Issuer Alternate Name extensions at the same time. Use the ISSUER_ALTNAME structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef struct ISSUING_DISTRIBUTION_POINT ISSUING_DISTRIBUTION_POINT
 

Represents an Issuing Distribution Point extension for X.509 v3 CRLs. It identifies the CRL distribution point from which this CRL is distributed, and the types of information this CRL can contain. The default criticality for this extension is CRITICAL. A CRL can have only one Issuing Distribution Point extension at a time. Use the ISSUING_DISTRIBUTION_POINT structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
distributionPoint A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL distribution point from which this CRL is distributed.
userCerts An int value that indicates whether this CRL covers revocation for end-entity certificates or not. This field can be set to one of the values in the following table:

End-Entity Certificate Type Description
IDP_VALUE_TRUE Indicates that the CRL covers revocation for end-entity certificates.
IDP_VALUE_FALSE Indicates that the CRL does not cover revocation for end-entity certificates.

CACerts An int value that indicates whether this CRL covers revocation for CA certificates or not. This field can be set to one of the values in the following table:

CA Certificate Type Description
IDP_VALUE_TRUE Indicates that the CRL covers revocation for CA certificates.
IDP_VALUE_FALSE Indicates that the CRL does not cover revocation for CA certificates.

reasons A UINT4 value that limits the revocation reasons that can be specified by this CRL. This field can be set to one or more of the values in the following table. If this field is not set, the CRL can specify any revocation reasons.

Revocation Reason Description
DPR_NO_REASONS Indicates that the reason was not contained in the DER encoding.
DPR_UNUSED Indicates that a reason is not used.
DPR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised.
DPR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised.
DPR_AFFILIATION_CHANGED Indicates that the subject's name or other information has been changed.
DPR_SUPERSEDED Indicates that the certificate has been superseded.
DPR_CESSATION_OF_OPERATION Indicates that the certificate is no longer needed.
DPR_CERTIFICATE_HOLD Indicates that the certificate is on hold.

indirectCRL An int value that indicates whether this CRL can contain revocation notifications from CAs other than the issuer of the CRL. This field can be set to one of the values in the following table:

Indirect CRL Option Description
IDP_VALUE_TRUE The CRL can contain revocation notifications from CAs other than the CA that issued the CRL.
IDP_VALUE_FALSE The CRL can contain only revocation notifications from the CA that issued the CRL.

If this is an indirect CRL, note that distributionPoint identifies only the issuer of the CRL, not the issuer of the certificates in the CRL. Therefore, the CA that issued the certificates in the CRL must be identified by a Certificate Issuer extension in each CRL entry.

typedef UINT4 KEY_USAGE
 

Represents the Key Usage extension for X.509 v3 certificates. This value indicates one or more purposes for which the public key in the certificate can be used. It can also be used for the purposes indicated in the Extended Key Usage extension. The default criticality for this extension is CRITICAL. A certificate can have only one Key Usage extension at a time. Use the KEY_USAGE type with the C_AddExtensionValue() and C_GetExtensionValue() functions. It contains one or more of the following bit-flags:

Key Usage Flag Description
CF_DIGITAL_SIGNATURE Indicates that the key can be used to verify signatures other than non-repudiation signatures (CF_NON_REPUDIATION), certificate signatures (CF_KEY_CERT_SIGN), or CRL signatures (CF_CRL_SIGN).
CF_NON_REPUDIATION Indicates that the key can be used to verify digital signatures that protect against falsely denying some action.
CF_KEY_ENCIPHERMENT Indicates that the key can be used to encrypt other keys, such as for key transport.
CF_DATA_ENCIPHERMENT Indicates that the key can be used to encrypt data other than keys.
CF_KEY_AGREEMENT Indicates that the key can be used as a public-key agreement key.
CF_KEY_CERT_SIGN Indicates that the key can be used to verify the CA's signature on a certificate.
CF_CRL_SIGN Indicates that the key can be used to verify the CA's signature on a CRL.
CF_ENCIPHER_ONLY Indicates that the key is a public-key agreement key that can be used only to encipher data. It is used together with the CF_KEY_AGREEMENT flag.
CF_DECIPHER_ONLY Indicates that the key is a public-key agreement key that can be used only to decipher data. It is used together with the CF_KEY_AGREEMENT flag.

typedef struct NAME_CONSTRAINTS NAME_CONSTRAINTS
 

Contains a Name Constraints extension for X.509 v3 certificates. This extension is used only in CA certificates. This extension describes the name space where all subject names of subsequent certificates in a certification path must be located. The name constraints can apply to a subject's DN or to a subject's alternative names. The default criticality for this extension is CRITICAL. A certificate can have only one Name Constraints extension at a time. The NAME_CONSTRAINTS structure is used with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
permittedSubtreeCount An int value that specifies the number of elements in the permittedSubtrees array.
permittedSubtrees A pointer to a GENERAL_SUBTREE array that contains the subtrees that are to be permitted in the certification path. If permittedSubtrees is present, of all the certificates issued by the subject CA and subsequent CAs in the certification path, only those certificates with subject names within these subtrees are acceptable.
excludedSubtreeCount An int value that specifies the number of elements in the excludedSubtrees array.
excludedSubtree A pointer to a GENERAL_SUBTREE array that contains the subtrees to exclude from the certification path. If excludedSubtrees is present, any certificate issued by the subject CA or subsequent CAs in the certification path that has a subject name within these subtrees is unacceptable.

Note: If both permittedSubtrees and excludedSubtrees are present and the name spaces overlap, the exclusion statement takes precedence.

typedef struct OCSP_ACCEPTABLE_RESPONSES OCSP_ACCEPTABLE_RESPONSES
 

Defines OCSP acceptable response types. This structure is an input parameter to C_SetExtensionValue() to convey the list of acceptable responses.

Parameters:
numTypes The number of elements in the array pointed to by type.
type An array (or allocated block) of acceptable OCSP responses. Each element contains the DER encoding of the OID value octets for an OCSP acceptable response type. It should not contain the leading type (0x06) or the length octets.

typedef struct OR_ADDRESS OR_ADDRESS
 

Contains an O/R Address that is defined in accordance with the X.411 standard. It represents an x400Address in the ALTERNATE_NAME structure. If CN_X400_ADDRESS is set as the altNameType, complete an OR_ADDRESS structure to specify the altName.

Parameters:
standardAttributes A STANDARD_ATTRIBUTES structure that contains the standard attributes of the O/R Address.
definedAttributes A DEFINED_ATTRIBUTES structure that contains the domain-defined attributes of the O/R Address.
extensionAttributes An EXTENSION_ATTRIBUTES structure that contains the extension attributes of the O/R Address.

typedef struct ORG_UNIT_NAMES ORG_UNIT_NAMES
 

Contains an organizational unit name. It can be used as either a standard attribute or as an extension attribute in an OR_ADDRESS structure. (The OR_ADDRESS can be used as the alternate name in an ALTERNATE_NAME structure.)

  • In the standard attributes structure, STANDARD_ATTRIBUTES, if the SA_ORG_UNIT_NAMES_VALID flag is set in validFields, complete an ORG_UNIT_NAMES structure to specify orgUnitNames.
  • In the extension-attribute structure, EXTENSION_ATTRIBUTE, if EA_TELETEX_ORG_UNIT_NAME is set as the extension-attribute type, complete an ORG_UNIT_NAMES structure to specify the extension-attribute value.
Parameters:
orgUnitNameCount An unsigned int value that indicates the number of elements in the orgUnitName array. The maximum number of orgUnitName elements is UB_OrganizationalUnits.
orgUnitName A pointer to an ITEM array that represents the organization unit name. The data members point to printable strings if it is a standard attribute or to teletex strings if it is an extension attribute. The maximum length of the data members is UB_OrganizationalUnitNameLength.

typedef struct OTHER_NAME OTHER_NAME
 

Contains an application-defined alternate name. It represents an otherName in the ALTERNATE_NAME structure. If CN_OTHER_NAME is set as the altNameType, complete an OTHER_NAME structure to specify the altName.

Parameters:
typeId An ITEM structure whose data member points to an object identifier (OID) for the type of value.
value An ITEM structure whose data member points to the value of the other name.

typedef struct PDS_PARAMETER PDS_PARAMETER
 

Contains a physical delivery system value. It can be used as an extension attribute in an OR_ADDRESS structure. (The OR_ADDRESS structure can be used as the alternate name in an ALTERNATE_NAME structure.) In an extension-attribute structure, EXTENSION_ATTRIBUTE, it is required to specify an extension-attribute type and a corresponding extension-attribute value.

Parameters:
printableString An ITEM structure whose data member points to a printable string. The maximum length is UB_pdsParameterLength.
teletexString An ITEM structure whose data member points to a teletex string. The maximum length is UB_pdsParameterLength.

typedef struct PERSONAL_NAME PERSONAL_NAME
 

Contains a personal name. It can be used as a standard attribute in an OR_ADDRESS structure (which can be used as an alternate name). In the STANDARD_ATTRIBUTES structure, when using the PERSONAL_NAME structure to specify a personalName, set the SA_PERSONAL_NAME_VALID flag in validFields. This structure is also defined as TELETEX_PERSONAL_NAME. The teletex structure is used as an extension attribute, rather than a standard attribute, in the OR_ADDRESS structure.

Parameters:
surname An ITEM structure that represents a surname. The data member points to a printable string if it is in a PERSONAL_NAME, or to a teletex string if it is in a TELETEX_PERSONAL_NAME. The maximum length is UB_SurNameLength.
givenName An ITEM structure that represents a given name. The data member points to a printable string if it is in a PERSONAL_NAME, or to a teletex string if it is in a TELETEX_PERSONAL_NAME. The maximum length is UB_GivenNameLength.
initials An ITEM structure that represents the middle initials of a personal name. The data member points to a printable string if it is in a PERSONAL_NAME, or to a teletex string if it is in a TELETEX_PERSONAL_NAME. The maximum length is UB_InitialsLength.
generationQualifier An ITEM structure that represents the generation qualifier of a personal name. The data member points to a printable string if it is in a PERSONAL_NAME, or to a teletex string if it is in a TELETEX_PERSONAL_NAME. The maximum length is UB_GenerationQualifierLength.

typedef struct POLICY_CONSTRAINTS_36 POLICY_CONSTRAINTS_36
 

Represents the Policy Constraints extension for X.509 v3 certificates. This extension is used only in CA certificates. It constrains path validation by requiring a policy identifier or by prohibiting policy mapping. The default criticality for this extension is NON_CRITICAL. A certificate can have only one Policy Constraints extension at a time. Use the POLICY_CONSTRAINTS_36 structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
requireExplicitPolicy An int value that indicates the number of certificates to skip before policy constraints apply. To omit this constraint, set it to NOT_IN_USE.
inhibitPolicyMapping An int value that indicates the number of certificates to skip before policy mapping is not permitted. To omit this constraint, set it to NOT_IN_USE.

typedef struct POLICY_INFO POLICY_INFO
 

Represents the Certificate Policies extension for X.509 v3 certificates. It indicates the policy under which the certificate was issued and the purposes for which the certificate can be used. Applications with specific policy requirements can check the policyID to determine whether or not the certificate is acceptable. The default criticality for this extension is NON_CRITICAL. A certificate can have multiple Certificate Policies extensions at the same time. Use the POLICY_INFO structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
policyID An ITEM structure whose data member points to the certificate policy's OID.
qualifierInfoCount An unsigned int value that indicates the number of policy qualifiers in the qualifierInfo array.
qualifierInfo A pointer to a QualifierInfo array that contains policy qualifier information. If qualifierInfo is (QualifierInfo *)NULL_PTR, set qualifierInfoCount to 0 (zero).

typedef struct POLICY_MAPPING POLICY_MAPPING
 

Represents a Policy Mappings extension for an X.509 v3 certificate. This extension is used only in CA certificates. It contains a pair of domain policies: one for the issuing CA, and another for the subject CA. These are considered to be equivalent by the issuing CA. The policy mapping indicates to the issuing CA that the subject CA's policy is comparable to its own policy. The default criticality for this extension is NON_CRITICAL. A certificate can have multiple Policy Mappings extensions at the same time. Use the POLICY_MAPPING structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
issuerDomainPolicy An ITEM structure whose data member points to the issuing CA's domain policy OID.
subjectDomainPolicy An ITEM structure whose data member points to the subject CA's domain policy OID.

typedef struct PRESENTATION_ADDR PRESENTATION_ADDR
 

A type of extended network address in the EXTENSION_ATTRIBUTE structure. Use this structure only when providing an OR_ADDRESS structure as the alternate name in an ALTERNATE_NAME structure, and when completing an extended network address for the EXTENSION_ATTRIBUTE. This PRESENTATION_ADDR structure designates Presentation Address as the type of extended network address.

Parameters:
pSelector An ITEM structure whose data member points to an octet string.
sSelector An ITEM structure whose data member points to an octet string.
tSelector An ITEM structure whose data member points to an octet string.
nAddressCount An unsigned int value that indicates the number of elements in the nAddress array.
nAddress A pointer to an ITEM array that specifies the presentation address. The data members point to octet strings.

typedef struct PRIVATE_KEY_USAGE_PERIOD PRIVATE_KEY_USAGE_PERIOD
 

Represents the Private-Key Usage Period extension for X.509 v3 certificates. It allows the certificate issuer to specify a different validity period for the private key than for the certificate. The default criticality for this extension is NON_CRITICAL. A certificate can have only one Private-Key Usage Period extension at a time. Use the PRIVATE_KEY_USAGE_PERIOD structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Parameters:
start A GENERALIZED_TIME structure that specifies the time when the private-key validity starts. To omit, set all GENERALIZED_TIME fields to 0 (zero).
end A GENERALIZED_TIME structure that specifies the time when the private-key validity ends. To omit, set all GENERALIZED_TIME fields to 0 (zero).
  • Only one of the two fields, start or end, may be omitted.

typedef struct QualifierInfo QualifierInfo
 

Stores a policy qualifier. Use QualifierInfo in the POLICY_INFO structure.

Parameters:
qualifierID An ITEM structure that specifies the policy-qualifier object identifier.
qualifier An ITEM structure that specifies the policy qualifier. If the qualifier is DER encoded, then at encoding time its value is saved as is. Otherwise, it is encoded as an octet string. To omit, set the data field to NULL_PTR, and the len field to 0 (zero).

When the policy certificate extension value is retrieved, Cert-C returns the entire BER encoding of the qualifier that is defined by the qualifierID member. See RFC 2459 for the possible encodings for qualifierID. The application must perform any further BER decoding that is necessary.

typedef unsigned int REASON_CODE
 

Represents a Reason Code extension for X.509 v3 CRL entries. It indicates the reason the certificate in the CRL entry was revoked. The default criticality for this extension is NON_CRITICAL. A CRL entry can have only one Reason Code extension at a time. Use the REASON_CODE number with the C_AddExtensionValue() and C_GetExtensionValue() functions.

It contains one of the following flags:

Reason Code Description
CR_UNSPECIFIED Indicates revocation of a certificate for an unspecified reason.
CR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised.
CR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised.
CR_AFFILIATION_CHANGED Indicates that the subject's name or other information has been changed.
CR_SUPERSEDED Indicates that the certificate has been superseded.
CR_CESSATION_OF_OPERATION Indicates that the certificate is no longer needed.
CR_CERTIFICATE_HOLD Indicates that the certificate is on hold.
CR_REMOVE_FROM_CRL In a delta CRL, indicates that the existing CRL entry should now be removed due to certificate expiration or hold release.
CR_PRIVILEGE_WITHDRAWN Indicates that a certificate (public-key or attribute certificate) was revoked because a privilege contained within that certificate has been withdrawn.
CR_AA_COMPROMISE Indicates that it is known or suspected that aspects of the AA validated in the attribute certificate have been compromised.

typedef struct STANDARD_ATTRIBUTES STANDARD_ATTRIBUTES
 

When specifying an OR_ADDRESS structure (as a member of an ALTERNATE_NAME structure), use the STANDARD_ATTRIBUTES structure to store the standard attributes of the O/R Address.

Parameters:
validFields A UINT4 value that indicates which of the optional members of the structure are present. This field is set by 'OR'ing together the flags for each of the valid fields. Set the applicable flags from the following table to identify the valid fields:

Valid Field Description
SA_COUNTRY_NAME_VALID Country Name is valid.
SA_ADMIN_DOMAIN_NAME_VALID Administration Domain Name is valid.
SA_NETWORK_ADDRESS_VALID Network Address is valid.
SA_TERMINAL_ID_VALID Terminal Identifier is valid.
SA_PRIVATE_DOMAIN_VALID Private Domain Name is valid.
SA_ORGANIZATION_NAME_VALID Organizational Name is valid.
SA_NUMERIC_USER_ID_VALID Numeric User Identifier is valid.
SA_PERSON_NAME_VALID Personal Name is valid.
SA_ORG_UNIT_NAMES_VALID Organizational Unit Name is valid.

countryName A TYPED_STRING structure that represents a country name. Valid only if SA_COUNTRY_NAME_VALID is set in validFields. The type member indicates that the value member holds either a numeric string or a printable string. The maximum length for a numeric string is UB_CountryNameNumericLength. The maximum length for a printable string is UB_CountryNameAlphaLength.
administrationDomainName A TYPED_STRING structure that represents an administration domain name. Valid only if SA_ADMIN_DOMAIN_NAME_VALID is set in validFields. The type member indicates that the value member holds either a numeric string or a printable string. The maximum length is UB_DomainNameLength.
networkAddress An ITEM structure that represents a network address. Valid only if SA_NETWORK_ADDRESS_VALID is set in validFields. The data member points to a numeric string. The maximum length is UB_x121AddressLength.
terminalId An ITEM structure that represents a terminal identifier. Valid only if SA_TERMINAL_ID_VALID is set in validFields. The data member points to a printable string. The maximum length is UB_TerminalIdLength.
privateDomainName A TYPED_STRING structure that represents a private domain name. Valid only if SA_PRIVATE_DOMAIN_VALID is set in validFields. The type member indicates that the value member holds either a numeric string or a printable string. The maximum length is UB_DomainNameLength.
organizationName An ITEM structure that represents an organization name. Valid only if SA_ORGANIZATION_NAME_VALID is set in validFields. The data member points to a printable string. The maximum length is UB_OrganizationNameLength.
numericUserId An ITEM structure that represents a numeric user identifier. Valid only if SA_NUMERIC_USER_ID_VALID is set in validFields. The data member points to a numeric string. The maximum length is UB_NumericUserIdLength.
personalName A PERSONAL_NAME structure that represents a personal name. Valid only if SA_PERSONAL_NAME_VALID is set in validFields.
orgUnitNames An ORG_UNIT_NAMES structure that represents the organizational unit names. Valid only if SA_ORG_UNIT_NAMES_VALID is set in validFields.

typedef ALTERNATE_NAME SUBJECT_ALTNAME
 

Represents a Subject Alternate Name extension for an X.509 v3 certificate. It allows the subject's alternative names to be bound to the certificate, in addition to the subject's DN. For the certificate to be valid, all of the alternative names must also be verified by the CA, because the alternative names are also definitively bound to the subject's public key. The default criticality for this extension is NON_CRITICAL. However, if the certificate's subject-distinguished-name field (subjectName) is empty, this extension must be marked CRITICAL. The subject's alternative names can be constrained by the Name Constraints extension. A certificate can have multiple Subject Alternate Name extensions at the same time. Use the SUBJECT_ALTNAME structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef ATTRIBUTES_OBJ SUBJECT_DIR_ATTRIB
 

Represents a Subject Directory Attributes extension for an X.509 v3 certificate. It contains additional attribute values, beyond those already contained in the subject's DN, that can be used to identify the subject of the certificate. The SUBJECT_DIR_ATTRIB object is an ATTRIBUTES_OBJ object. The default criticality for this extension is NON_CRITICAL. A certificate can have multiple Subject Directory Attributes extensions at the same time. Use the SUBJECT_DIR_ATTRIB object with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef ITEM SUBJECT_KEY_ID
 

Represents a Subject Key Identifier extension for an X.509 v3 certificate. It is an ITEM structure whose data member points to the certificate subject's public-key identifier. This identifier provides a way to identify certificates that contain a particular public key.

  • In a CA certificate, this extension is used to facilitate chain building. This extension should be included in all CA certificates. The CA should also place the same key identifier into the Authority Key Identifier extension of each certificate or CRL that it issues. This can help applications build a certificate chain back to the CA more quickly.
  • In an end-entity certificate, this extension is used to help applications quickly identify the appropriate end-entity certificate when the end entity has multiple certificates. This extension should be included in all end-entity certificates.
The default criticality for this extension is NON_CRITICAL. A certificate can have only one Subject Key Identifier extension at a time. Use the SUBJECT_KEY_ID structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

typedef struct TYPED_STRING TYPED_STRING
 

A convenient structure that holds a typed string. It can be used as either a standard attribute or an extension attribute in an OR_ADDRESS structure (which can be used as the alternate name in an ALTERNATE_NAME structure).

  • In the standard attributes structure, STANDARD_ATTRIBUTES, three fields are represented by a TYPED_STRING structure: countryName, administrationDomainName, and privateDomainName. It is also necessary to set the corresponding flag in validFields. See STANDARD_ATTRIBUTES for more information.
  • In the extension-attribute structure, EXTENSION_ATTRIBUTE, two fields are represented by a TYPED_STRING structure. If either EA_POSTAL_CODE or EA_PHYSICAL_DELIVERY_COUNTRY_NAME is set as the extension-attribute type, complete a TYPED_STRING structure to specify the extension-attribute value.
Parameters:
type An unsigned int value that indicates the character type of the string in value. Set one of the following ASN.1 Value Tags, defined in the asn1pub.h header file, to identify the character type:

ASN.1 Value Tag Character Type
VT_UTF8_STRING UTF-8 string
VT_NUMERIC_STRING Numeric string
VT_PRINTABLE_STRING Printable string
VT_T61_STRING Teletex 61 string
VT_IA5_STRING IA5 string
VT_BMP_STRING BMP string
VT_UNIVERSAL_STRING Universal string

value An ITEM structure whose data member points to the string value and whose len member is the string length in bytes.

typedef struct UNFORMATTED_POSTAL_ADDR UNFORMATTED_POSTAL_ADDR
 

Contains a non-formatted postal address. It can be used as an extension attribute in an OR_ADDRESS structure. (The OR_ADDRESS can be used as the alternate name in an ALTERNATE_NAME structure.) In the extension-attribute structure, EXTENSION_ATTRIBUTE, if EA_UNFORMATTED_POSTAL_ADDR is set as the extension-attribute type, complete an UNFORMATTED_POSTAL_ADDR structure to specify the extension-attribute value.

Parameters:
printableAddrCount An unsigned int value that indicates the number of elements in the printableAddr array. The maximum number of printableAddr elements is UB_pdsPhysicalAddressLines.
printableAddr A pointer to an ITEM array. The data members point to printable strings. The maximum length is UB_pdsParameterLength.
teletexString An ITEM structure whose data member points to a teletex string. The maximum length is UB_unformattedAddressLength.

Enumeration Type Documentation

enum OCSP_CRLREF_TYPE
 

The OCSP_CRLREF_TYPE enumeration indicates the type of information contained in the OCSP_CRL_REFERENCE structure that is currently being used.

Enumeration values:
OCSP_CRLREF_TYPE_UNSPECIFIED OCSP_CRL_REFERENCE.info is undefined.
OCSP_CRLREF_TYPE_URL OCSP_CRL_REFERENCE.info is a URL.
OCSP_CRLREF_TYPE_NUMBER OCSP_CRL_REFERENCE.info is a CRL number.
OCSP_CRLREF_TYPE_TIME OCSP_CRL_REFERENCE.info is a GENERALIZED_TIME structure.

Function Documentation

int C_AddExtensionValue EXTENSIONS_OBJ    extensionsObject,
unsigned int    index,
POINTER    value,
unsigned int *    valueIndex
;
 

Adds an extension value to an existing extension entry in extensionsObject, which must be referenced by index.

Parameters:
extensionsObject This input and output parameter is the extensions object to be updated with the new extension value.
index This input parameter is the index of the extension entry in the extensions object.
value This input parameter is the extension value to be added.
  • If the value is NULL_PTR, an error is returned.
  • If the extension entry has no value yet, the new value is added to the extension's value list.
  • If the extension entry already has one or more values and allows multiple values, the new value is appended to the value list.
  • If the extension entry already has a value and allows only a single value, the new value replaces the old value.
The C data structure for value is a generic pointer type; it must point to a C data structure that matches the extension's type.

When you provide this value pointer, Cert-C calls your extension handler's AllocAndCopy callback function to create a separate copy of value for the extensionsObject. Therefore, after this call to C_AddExtensionValue(), you can modify this copy of value.
valueIndex This output parameter is the index of the value in the extension entry's value list. The position of the inserted value is saved in valueIndex, unless valueIndex is (unsigned int *)NULL_PTR.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_CompareExtension EXTENSIONS_OBJ    extensionsObject1,
unsigned int    extensionIndex1,
EXTENSIONS_OBJ    extensionsObject2,
unsigned int    extensionIndex2
;
 

Compares two extensions. If the extensions are of the same type, and if at least one value of the first extension matches a value of the second extension, the extensions match. In general, the entire DER encoding of both extensions must be identical for the extensions to match. However, C_CompareExtension() implements more permissive matching rules for extensions of type ET_SUBJECT_ALTNAME, ET_ISSUER_ALT_NAME, ET_KEY_USAGE, and ET_EXTENDED_KEY_USAGE. For subject and issuer alternative names, C_CompareExtension() compares individual values using the matching rules defined for general names in the "Name Constraints" section of RFC 2459. The value of the first extension is considered to be the constraint and the second value is matched against that constraint. If the set of values described by the constraint includes the second value, the extension values (and therefore the extensions as a whole) match. For key usage extensions, C_CompareExtension() compares the individual bits of the first extension with the second. If all of the bits set in the first extension are also set in the second, the extensions match. For extended key usage extensions, C_CompareExtension() compares the individual key purpose identifiers of the two extensions. If at least one identifier from the first extension is also contained in the second extension, the extensions match.

Parameters:
extensionsObject1 This input parameter is the first extensions object.
extensionIndex1 This input parameter is the index of the first extension to compare.
extensionsObject2 This input parameter is the second extensions object.
extensionIndex2 This input parameter is the index of the second extension to compare.
Returns:
If the extension entries match, returns 0 (zero). If not, returns a non-zero value.

int C_CompareExtensions EXTENSIONS_OBJ    extensionsObject1,
EXTENSIONS_OBJ    extensionsObject2
;
 

Compares two extensions objects (each representing a set of extensions). If each extension in the first object matches the corresponding extension in the second object, the extensions objects match. Individual extensions are compared using the same rules as defined for the C_CompareExtension() function.

Parameters:
extensionsObject1 This input parameter is the first extensions set to compare.
extensionsObject2 This input parameter is the second extensions set to compare.
Returns:
If the extension objects match, returns 0 (zero). If not, returns a non-zero value.

int C_CreateExtension EXTENSIONS_OBJ    extensionsObject,
unsigned char *    type,
unsigned int    typeLen,
unsigned int *    index,
int    criticality,
EXTENSION_HANDLER   newHandler
;
 

Creates a new extension entry in extensionsObject. If the extension type already exists in the extensions object, an error is returned. The C_CreateExtensionsObject() function constrains the extension type that can be created. If the extension type is not allowed, an error is returned. Otherwise, a new extension is created with the type set to type. Separate copies of type and newHandler are created for the new extension. The extension's value list is empty at this point.

Parameters:
extensionsObject This input and output parameter is the extensions object to be updated with the new extension.
type This input parameter is the extension type.
typeLen This input parameter is the length of the extension type.
index This output parameter is the index of the new extension in the extensions object.
criticality This input parameter is the extension's criticality. Set this flag to one of the following values:

Criticality Flag Description
NOT_IN_USE The extension is created with the registered or default criticality.
CRITICAL If the override-criticality flag is set, the extension is marked critical.
NON_CRITICAL If the override-criticality flag is set, the extension is marked noncritical.

If this flag is set to NOT_IN_USE:
  • If it is an extension type whose criticality has been set by the C_RegisterExtensionType() function, the registered criticality is used.
  • Otherwise, the default criticality is used.
If this flag is set to CRITICAL or NON_CRITICAL:
  • If the default or registered override-criticality flag for this extension type is set to ALLOW_OVERRIDE_CRITICALITY, then the criticality of this extension is set to criticality.
  • If the override-criticality flag for this extension type is not set, then the E_OVERRIDE_CRITICAL_NOT_ALLOWED error is returned. Lastly, if the extension type is unknown, and if criticality is set to CRITICAL, then the E_UNKNOWN_CRITICAL_EXTENSION error is returned.
newHandler This input parameter is the extension handler to be used for manipulating the values of this extension.
  • If newHandler is NULL_PTR, the new extension uses the default handler; a reference to the default handler is saved in the extension.
  • If newHandler is not NULL_PTR, and the registered handler for this extension type allows overriding, a copy of newHandler is saved in the extension. Otherwise, E_OVERRIDE_HANDLER_NOT_ALLOWED is returned.
The handler can be overridden only if the registered handler allows overriding. The replaced handler affects only the extension being created, and is destroyed when the extension is deleted. All supported standard extensions allow overriding of the default extension handlers.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_CreateExtensionsObject EXTENSIONS_OBJ   extensionsObject,
unsigned int    extensionsObjectType,
CERTC_CTX    ctx
;
 

Creates an extensionsObject of type extensionsObjectType. The extensionsObjectType constrains the types of extensions that can be added to the extensionsObject. If ctx is not NULL_PTR, a reference to it is saved in extensionsObject.

Parameters:
extensionsObject This output parameter points to an EXTENSIONS_OBJ.
extensionsObjectType This input parameter is the type of extensions object to create.

Extensions Object Type Description
CERT_EXTENSIONS_OBJ Certificate extensions object
CRL_EXTENSIONS_OBJ CRL extensions object
CRL_ENTRY_EXTENSIONS_OBJ CRL entry extensions object
OCSP_REQUEST_EXTENSIONS_OBJ OCSP request extensions object
OCSP_SINGLE_EXTENSIONS_OBJ OCSP single-certificate extensions object

ctx This input parameter is the Cert-C context.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_DeleteExtensionValue EXTENSIONS_OBJ    extensionsObject,
unsigned int    index,
unsigned int    valueIndex
;
 

Deletes the extension value referenced by valueIndex in the extension entry referenced by index. All of the extension's values after the deleted value are shifted back by one. If the extension or the extension value is not found, an error is returned. Otherwise, the value is destroyed. The extension type handler's Destructor callback is called to free the memory associated with the extension value.

Parameters:
extensionsObject This is both an input and an output parameter; it is the extensions object.
index This input parameter is the index of the extension entry that contains the value to be deleted.
valueIndex This input parameter is the index of the value to be deleted.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_DestroyExtension EXTENSIONS_OBJ    extensionsObject,
unsigned int    index
;
 

Destroys one extension as referenced by index. If the extension is not found, an error is returned. Otherwise, the extension and its associated value list are deleted. All the extensions after the deleted extension are shifted back by one in the extension index.

Parameters:
extensionsObject This is both an input and an output parameter. As an input parameter, it is the extensions object that contains the extension entry to destroy. As an output parameter, it is the updated extensions object.
index This input parameter is the index of the extension entry to destroy.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

void C_DestroyExtensionsObject EXTENSIONS_OBJ   extensionsObject ;
 

Destroys all extensions in the extensionsObject and deletes all associated value lists. This function frees all memory used, and sets extensionsObject to NULL_PTR. If extensionsObject is already (EXTENSIONS_OBJ)NULL_PTR, then no action is taken.

Parameters:
extensionsObject This is both an input and an output parameter. As an input parameter, it is the extensions object that Cert-C should destroy. As an output parameter, it is (EXTENSIONS_OBJ)NULL_PTR.
Returns:
None.

int C_FindExtensionByType EXTENSIONS_OBJ    extensionsObject,
unsigned char *    type,
unsigned int    typeLen,
unsigned int *    index
;
 

Finds the extension of the type given in type. If an extension is found, its index is returned in index. Otherwise, an error is returned.

Parameters:
extensionsObject This input parameter is the extensions object.
type This input parameter is the extension type.
typeLen This input parameter is the length of the extension type.
index This output parameter is the index of the extension.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetAttributeInExtensionsObj EXTENSIONS_OBJ    extensionsObject,
ATTRIBUTES_OBJ    attributesObject
;
 

Transfers data from extensionsObject to attributesObject. If attributesObject does not include an attribute of the type AT_X509_V3_EXTENSIONS, a new attribute of this type is created with the value set to the DER-encoded value of the extensionsObject. Otherwise, its value is overwritten with the DER-encoded value of extensionsObject. If extensionsObject is empty, an error is returned and attributesObject remains unchanged.

Parameters:
extensionsObject This input parameter is the extensions object.
attributesObject This output parameter is the attributes object.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetEncodedExtensionValue EXTENSIONS_OBJ    extensionsObject,
unsigned int    index,
unsigned char **    encodedValue,
unsigned int *    encodedValueLen
;
 

Gets the encoded form of the value(s) of the extension referenced by index. If the extension is found, its value list is encoded (by calling the extension handler's GetEncodedValue callback) and saved in encodedValue and encodedValueLen. Otherwise, an error is returned.

Note: You do not need to create any objects or items before calling this function. After calling this function, you share the returned fields with the extensionsObj. If you modify any of these fields, you must call the C_SetEncodedExtensionValue() function to ensure that the internal state of the object is consistent with these modifications.

Parameters:
extensionsObject This input parameter is the extensions object.
index This input parameter is the extension's index.
encodedValue This output parameter is the encoded extension's value.
encodedValueLen This output parameter is the length of the encoded extension's value.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionCount EXTENSIONS_OBJ    extensionsObject,
unsigned int *    count
;
 

Gets the total number of extension entries in extensionsObject and returns it in count.

Parameters:
extensionsObject This input parameter is the extensions object.
count This output parameter is the number of extension entries in the extensions object.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionDER EXTENSIONS_OBJ    extensionsObject,
unsigned int    index,
unsigned char **    valueDER,
unsigned int *    valueDERLen
;
 

Gets the DER encoding of the extension entry referenced by index. If the extension is found, valueDER is set to the DER encoding of the extension with the length valueDERLen. Otherwise, an error is returned. The valueDER field includes the encoding of the extension type and criticality, and the DER encoding of the extension's value(s). If this function is called on an extension that currently has no extension value, an error is returned. For an unknown extension type, if the extension value is already DER encoded, then its value is saved as is. Otherwise, it is encoded as an octet string.

Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

Parameters:
extensionsObject This input parameter is the extensions object.
index This input parameter is the extension entry's index.
valueDER This output parameter is the DER-encoded extension entry.
valueDERLen This output parameter is the length of the DER-encoded extension entry.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionInfo EXTENSIONS_OBJ    extensionsObject,
unsigned int    index,
EXTENSION_INFO   extensionInfo
;
 

Gets information about the extension referenced by index, and places it in extensionInfo. The data structure for extensionInfo is EXTENSION_INFO.

Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

Parameters:
extensionsObject This input parameter is the extensions object.
index This input parameter is the extension's index.
extensionInfo This output parameter points to the data structure for extensionInfo. If an extension is found, then the type and typeLen fields of extensionInfo are set to the type and type length of the extension. The criticalFlag field is set to the extension's criticality flag. The valueCount field is set to the number of values in the extension's value list. The reserved field is set to NULL_PTR, and should be ignored. If an extension is not found, an error is returned. C_GetExtensionInfo() is intended to get a read-only type field. Do not attempt to call a C_Set*() or C_Destroy*() function on it. The type field is undefined after either extensionsObject or the extension is destroyed.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionsInAttributesObj EXTENSIONS_OBJ    extensionsObject,
ATTRIBUTES_OBJ    attributesObject
;
 

Transfers the value of attributesObject into extensionsObject. If attributesObject does not contain an attribute of the type AT_X509_V3_EXTENSIONS, then the error E_NOT_FOUND is returned, and extensionsObject remains unchanged. Otherwise, the current value of extensionsObject is overwritten with the attribute's value.

Parameters:
extensionsObject This output parameter is the extensions object.
attributesObject This input parameter is the attributes object.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionsObjectDER EXTENSIONS_OBJ    extensionsObject,
unsigned char **    der,
unsigned int *    derLen
;
 

Gets the DER-encoded value of all the extensions in extensionsObject. For each extension type in the extensionsObject, the corresponding GetEncodedValue callback in the handler is called to obtain the encoded extension value.

Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

Parameters:
extensionsObject This input parameter is the extensions object.
der This output parameter stores a pointer to the DER-encoded extension value.
derLen This output parameter is a pointer to the length of the DER-encoded extension value.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionTypeByIndex EXTENSIONS_OBJ    extensionsObject,
unsigned char **    type,
unsigned int *    typeLen,
unsigned int    index
;
 

Gets the extension type from extensionsObject at the index given in index. Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

Parameters:
extensionsObject This input parameter is the extensions object.
type This output parameter is the extension type.
typeLen This output parameter is the length of the extension type.
index This input parameter is the index of the extension entry.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionTypeInfo CERTC_CTX    ctx,
unsigned char *    type,
unsigned int    typeLen,
EXTENSION_TYPE_INFO   info
;
 

Searches for the extension type in ctx. If it is not found, it searches the default standard extension table that Cert-C provides. If an extension type is not found, an error is returned. Otherwise, the associated extension's information is copied into info. For example, to encode an extension value with an encoding scheme other than DER encoding, an application might call this function to obtain a copy of the extension handler. In this case, it overrides the handler's SetEncodedValue and GetEncodedValue callbacks with its own decoding and encoding functions, respectively. For the overriding to take effect globally, the C_RegisterExtensionType() function is called with the modified handler. Note that this affects only those extensions that are created after this call, not those that were created before it. Alternatively, C_CreateExtension() can be called for a local overriding of a single extension's handler and its criticality.

Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

Parameters:
ctx This input parameter is the Cert-C context.
type This input parameter is the OID for the extension type.
typeLen This input parameter is the length of the extension type's OID.
info This output parameter is the definition information for the extension type.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_GetExtensionValue EXTENSIONS_OBJ    extensionsObject,
unsigned int    extenIndex,
unsigned int    valueIndex,
POINTER *    value
;
 

Gets the value referenced by valueIndex in the extension's value list. The target extension is referenced by the extenIndex. The pointer to the extension value that is referenced by the valueIndex is saved in value. The data structure for value depends on the extension type. C_GetExtensionValue() is intended to get a read-only value. Do not attempt to call a C_Set*() or C_Destroy*() function on it. The value is undefined after the extensionsObject or the extension is destroyed.

Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

Parameters:
extensionsObject This input parameter is the extensions object.
extenIndex This input parameter is the extension's index.
valueIndex This input parameter is the extension value's index.
value This output parameter is the extension value.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_RegisterExtensionType CERTC_CTX    ctx,
EXTENSION_TYPE_INFO   info
;
 

Registers an application-defined extension type, or overrides the default setting of a supported standard extension type, with the value given in info. When an extension type and its handler are registered, a new entry is created in ctx, with the given information in info. The data structure for info is EXTENSION_TYPE_INFO.

Parameters:
ctx This input parameter is the Cert-C context.
info This input parameter is the extension definition information.

Setting the Extension-Type Fields

The type and typeLen contain the extension OID and length, respectively.

The criticality field indicates the extension's criticality. Set criticality to CRITICAL if the extension is always critical. Otherwise, set it to NON_CRITICAL.

Set the overrideCriticality flag to ALLOW_OVERRIDE_CRITICALITY if you want to allow a local overriding of the given criticality at C_CreateExtension() time. Otherwise, set it to 0 (zero).

Set the overrideHandlerFlag flag to ALLOW_OVERRIDE_HANDLER if you want to allow a local overriding of the given handler at C_CreateExtension() time. Otherwise, set it to 0 (zero).

The authenObjects field indicates the type of object that can include this extension type. It can be set to CERT_EXTENSIONS_OBJ, CRL_EXTENSIONS_OBJ, CRL_ENTRY_EXTENSIONS_OBJ, OCSP_REQUEST_EXTENSIONS_OBJ, OCSP_SINGLE_EXTENSIONS_OBJ, or a combination of these by 'OR'ing them together.

If the uniqueValue flag is set to a non-zero value, the extension type can have only a single value. If the flag is set to 0 (zero), the extension type can have multiple values.

If handler is (EXTENSION_HANDLER*)NULL_PTR, or if the callbacks in handler are not all provided, an error is returned.

Overriding the Extension-Type Fields

To override the default setting of a supported standard extension type, or of a preregistered application-defined extension of type type, only the criticality and the handler are allowed to change; other fields are ignored.
  • To override the default criticality, set overrideCriticality to a non-zero value, and criticality to the target criticality. Otherwise, set overrideCriticality to 0 (zero). If the target extension does not allow overriding of the criticality, an error is returned. Otherwise, the default criticality is replaced by criticality.
  • To override the default handler, set overrideHandler to a non-zero value and handler to the target callbacks. Otherwise, set overrideHandler to 0 (zero). If the callbacks in handler are not all provided, an error is returned. If the extension allows overriding of the handler, then handler replaces the default handler.
These overridings have a global effect on all C_CreateExtension() calls (after this call) performed within the application context, until C_UnregisterExtensionType() or C_FinalizeCertC() is called. Otherwise, an error is returned.

The callbacks provided in handler must manipulate the value (or possibly a list of values) for the extension type. Because a copy of the given extension type and its settings are saved in ctx, the application is expected to call C_FinalizeCertC() before it shuts down, to free the allocated memory.

Note that all supported standard extension types allow the default handlers to be overridden.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

void C_ResetExtensionsObject EXTENSIONS_OBJ    extensionsObject ;
 

Returns extensionsObject to the state it was in after it was created. It does this by deleting all the extensions and their value lists, and freeing any memory that was held by the object. Note that the object type is the same as when the object was created.

Parameters:
extensionsObject This is both an input and an output parameter. As an input parameter, it is the extensions object that Cert-C should reset. As an output parameter, it is the reset extensions object.
Returns:
None.

int C_SetEncodedExtensionValue EXTENSIONS_OBJ    extensionsObject,
unsigned int    index,
unsigned char *    encodedValue,
unsigned int    encodedValueLen
;
 

Sets the extension referenced by index with the value given in encodedValue and encodedValueLen. If an extension-type handler is not registered, then the encodedValue is added as an uninterpreted byte string. Otherwise, encodedValue is decoded and instantiated as a C data structure by calling the extension handler's SetEncodedValue callback. In both cases, the new value replaces any existing value. A separate copy of encodedValue is created internally for extensionsObject, so the encodedValue can be reused by the caller.

Parameters:
extensionsObject This is both an input and an output parameter; it is the extensions object.
index This input parameter is the extension index.
encodedValue This input parameter is the encoded extension value.
encodedValueLen This input parameter is the length of the encoded extension value.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_SetExtensionBER EXTENSIONS_OBJ    extensionsObject,
unsigned int *    index,
unsigned char *    ber,
unsigned int    berLen
;
 

Instantiates an extension with the information in ber and berLen. If an extension of the same type already exists in extensionsObject, its value is overridden with the new data. Otherwise, a new extension entry is created.

For extension types whose criticalities can be overridden, if the incoming extension criticality is CRITICAL and it is registered as NON_CRITICAL, then the extension is saved with the criticality set to CRITICAL. However, if the incoming criticality is NON_CRITICAL but is registered as CRITICAL, E_INVALID_CRITICALITY is returned.

For extension types whose criticalities cannot be overridden, if the incoming criticality is not the same as the default or registered criticality, E_OVERRIDE_CRITICAL_NOT_ALLOWED is returned.

If an extension type is unknown and the incoming criticality is NON_CRITICAL, then the content is added as an uninterpreted byte string. (The SetEncodedValue callback in the default unknown extension type ET_UNKNOWN_TYPE handler is used to handle this case.) If an extension type is unknown and the incoming criticality is CRITICAL, then E_UNKNOWN_CRITICAL_EXTENSION is returned.

For an unknown noncritical extension type, if the extension value is not BER encoded, this function returns an error. If it is BER encoded and not of type VT_OCTET_STRING, then the value is saved as is. If the type is VT_OCTET_STRING, the content is saved as the extension value.

Parameters:
extensionsObject This is both an input and an output parameter; it is the extensions object.
index This is both an input and an output parameter; it is the extension index. If index is not (unsigned int *)NULL_PTR, then the index of the new extension is returned in index. Otherwise, it is not used.
ber This input parameter is the BER-encoded extension value. When ber is accepted, it is decoded and instantiated with the new criticality and value (as a C data structure by calling the extension handler's SetEncodedValue callback). A separate copy of ber is created internally for extensionsObject, so the ber can be reused by the application.
berLen This input parameter is the length of the BER-encoded extension value.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_SetExtensionsObjectBER EXTENSIONS_OBJ    extensionsObject,
unsigned char *    ber,
unsigned int    berLen
;
 

Sets extensionsObject with the new extension entries given in ber. The extension types in ber must be compatible with the object type of the extensionsObject. If extensionsObject is already set with extension entries before calling this function, they are overwritten with any new extension entries. A separate copy of ber is created internally for extensionsObject, so that ber can be modified by the caller after calling this function. The incoming extensions are checked against the object type of the extensionsObject. If an extension type is unknown and the incoming criticality is NON_CRITICAL, then the content is added as an uninterpreted byte string. (The SetEncodedValue callback in the default unknown extension type ET_UNKNOWN_TYPE handler is used to handle this case.) If an extension type is unknown and the incoming criticality is CRITICAL, then E_UNKNOWN_CRITICAL_EXTENSION is returned. For extension types whose criticalities can be overridden, if the incoming extension criticality is CRITICAL and it is registered as NON_CRITICAL, then the extension is saved with the criticality set to CRITICAL. However, if the incoming criticality is NON_CRITICAL but is registered as CRITICAL, E_INVALID_CRITICALITY is returned. For extension types whose criticalities cannot be overridden, if the incoming criticality is not the same as the default or registered criticality, E_OVERRIDE_CRITICAL_NOT_ALLOWED is returned. For each extension type in ber, the corresponding SetEncodedValue callback in the handler is called to obtain the decoded extension value in a C data structure format. This structure is added to the extension's value list by calling the corresponding AllocAndCopy callback of the handler. If an extension of the same type occurs more than once, an error is returned.

Parameters:
extensionsObject This is both an input and an output parameter; it is the extensions object.
ber This input parameter is the BER-encoded extension-type value.
berLen This input parameter is the length of the BER-encoded extension-type value.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.

int C_UnregisterExtensionType CERTC_CTX    ctx,
unsigned char *    type,
unsigned int    typeLen
;
 

Resets or removes a registered extension handler and extension type from ctx. If type is an application-defined extension type, this function removes the extension and its setting from ctx. After this point, any attempt to create or use this extension type results in an error. However, this does not affect those extensions of the same type that were created before this call. If the extension type is one of the supported standard extension types, and the corresponding setting was overridden, then this function resets the extension to the default value. After this point, the default setting is used for any attempt to create or use this extension type. However, this function does not affect those extensions of the same extension type that were created before this call. If the extension type is one of the supported standard extension types, and it was not overridden, then E_DEFAULT_STANDARD_EXTENSION is returned. Otherwise, E_NOT_FOUND is returned. If ctx is NULL_PTR, an error is returned. If type is NULL_PTR or typeLen is 0 (zero), then nothing occurs.

Parameters:
ctx This input parameter is the Cert-C context.
type This input parameter is the OID for the extension type.
typeLen This input parameter is the length of the extension type's OID.
Returns:
If successful, returns 0 (zero). If not, returns a Cert-C error code.


RSA BSAFE® Cert-C 2.7 API Reference