An application can add OCSP extension to an entire OCSP validation request or to a single certificate within the request. A validation request can be made up of one or more certificates. An extension can be any data that the application wants to add to a validation request.
To add an extension, an application must allocate memory for the Vtk_Extension structure and creates an empty extension structure using the The Vtk_ExtensionNew extension function. The application can then call the Vtk_ExtensionInit function to initialize the Vtk_Extension data structure, The data structure is based on the data the application passes to it.
Once the extension is created and initialized, the application can add the extension to an entire validation request or to a specific certificate in the validation query. To add to an entire validation request, the application must call the Vtk_ValidationAddReqExt function. An extension added using this function applies to all the certificates in the request. To add an extension to a specific certificate in the query, the application has two options. One option is for the application to use the Vtk_ValidationAddReqExtForSingleCert, which uses the certificate and issuer certificate information passed in this function to identify the certificate to which the application wants an extension added. The other option is to use the Vtk_ValidationAddReqExtForSingleCertHdl function, which uses the Vtk_ValHdl passed in this function to identify the certificate to which the application wants an extension added.
Note: If the application wants to identify the certificate by means of its validation handle using this function, the application must first obtain the Vtk_ValHdl structure by calling the Vtk_AddCert, Vtk_AddCertRaw, or Vtk_ValidationGetValHdl function.
Code Sample for Adding OCSP Extensions
/* * AddRequestExtension * * Adds an extension to the OCSP query associated with a particular * certificate (identified through Vtk_ValHdl) and to the entire * OCSP request. * * Parameters: * ctxt - ValiCert Toolkit context * q - validation query structure * hdl - validation handle identifying the particular certificate * information in the OCSP query for which the extension * is to be added */ int AddRequestExtension(Vtk_Ctxt *ctxt, Vtk_Validation *q, Vtk_ValHdl *hdl) { const char extOid[] = "1.2.3"; const char extData[] = "testMsg"; Vtk_uint32 retCode; Vtk_Extension *ext = NULL; Vtk_Buffer oid; Vtk_Buffer data; /* * Initialize OID buffer */ oid.type = VTK_DF_STRING; oid.dPtr = (Vtk_Byte*) extOid; oid.len = strlen(extOid); /* * Initialize data buffer */ data.type = VTK_DF_STRING; data.dPtr = (Vtk_Byte*) extData; data.len = strlen(extData) + 1; /* * Create an extension object */ ext = Vtk_ExtensionNew(ctxt); assert(ext); /* * Initialize with extension data */ if ((retCode = Vtk_ExtensionInit(ctxt, ext, &oid, 0, &data)) != VTK_OK) { Vtk_ExtensionDelete(ext); showError("Vtk_ExtensionInit", retCode); return -1; } /* * Add extension to the validation query for a specific * certificate. */ if ((retCode = Vtk_ValidationAddReqExtForSingleCertHdl(ctxt, hdl, ext)) != VTK_OK) { Vtk_ExtensionDelete(ext); showError("Vtk_ValidationAddReqExtForSingleCertHdl", retCode); return -1; } /* * Add extension to the entire OCSP request. */ if ((retCode = Vtk_ValidationAddReqExt(ctxt, q, ext)) != VTK_OK) { Vtk_ExtensionDelete(ext); showError("Vtk_ValidationAddReqExt", retCode); return -1; } /* * Delete the extension data */ Vtk_ExtensionDelete(ext); return VTK_OK; } /* AddRequestExtension */ /* * GetResponseExtension * * Obtains an OCSP extension from an OCSP response associated with * a particular certificate (identified through Vtk_ValHdl) and * from the set of extensions present for the entire response. * * Parameters: * ctxt - ValiCert Toolkit context * hdl - Validation handle identifying the particular certificate * information in the OCSP query for which the extension * is to be obtained */ int GetResponseExtension(const Vtk_Ctxt *ctxt, Vtk_ValHdl *hdl) { Vtk_Extension *ext = NULL; const char extOid[] = "1.2.3"; Vtk_Buffer oid; Vtk_uint32 retCode; Vtk_uint32 status; Vtk_ValRespDetails *respDetails = NULL; Vtk_ValRespSingleCertDetails *certDetails = NULL; /* * Initialize Oid buffer */ oid.type = VTK_DF_STRING; oid.dPtr = (Vtk_Byte*) extOid; oid.len = strlen(extOid); /* * Obtain the extension from the response. */ if ((retCode = Vtk_ValHdlGetRevStatus(ctxt, hdl, &status, &respDetails, &certDetails)) != VTK_OK) { showError("Vtk_ValHdlGetRevStatus", retCode); return -1; } /* * First get the extension from the overall response extensions. */ if (respDetails) { retCode = Vtk_ExtensionGetByOid(ctxt, respDetails->extensions, &oid, &ext); if (retCode == VTK_ERR_NOT_FUND) { printf("\nSpecified extension (%s) not found on OCSP response.", extOid); } else if (retCode == VTK_OK) { printf("\nFound extensions %s in OCSP response."); /* * Delete the extension data. */ Vtk_ExtensionDelete(ext); } else showError("Vtk_ExtensionGetByOid", retCode); } /* * Get the extension from the specific certificate OCSP reply. */ if (certDetails) { retCode = Vtk_ExtensionGetByOid(ctxt, certDetails->extensions, &oid, &ext); if (retCode == VTK_ERR_NOT_FUND) { printf("\nSpecified extension (%s) not found on OCSP response.", extOid); } else if (retCode == VTK_OK) { printf("\nFound extensions %s in OCSP response."); /* * Delete the extension data. */ Vtk_ExtensionDelete(ext); } else showError("Vtk_ExtensionGetByOid", retCode); } /* * Delete the OCSP response details. */ Vtk_ValRespDetailsDelete(respDetails); Vtk_ValRespSingleCertDetailsDelete(certDetails); return VTK_OK; } /* GetResponseExtension */