Getting Extension Information
Using the Toolkit

prevnext

Getting Extension Information

Your application can get information about certificate extensions for a specific certificate. Your application can do this by first getting a list of extensions using the Vtk_CertGetExtensions function which returns a Vtk_Extensions structure for the certificate. This structure contains the list of extensions that can be parsed using several of the extension functions. It represents X.509 extensions used in certificates, CRLs, and the OCSP and CRT protocols.

An application can obtain this structure using the Vtk_CertGetExtensions function or from the Vtk_ValRespDetails or Vtk_ValRespSingleCertDetails structure returned by the Vtk_CRLValidateCert, Vtk_ValidationGetRevStatus and Vtk_ValHdlGetRevStatus functions.

The Toolkit provides several other functions that allow your application to parse the Vtk_Extensions structure and return the following:

These search functions can be used to search a list of any type of extensions, that is certificate, OCSP, CRT, or CRL extensions.

The Vtk_ExtensionGetByOID can be used to search for a specific Object Identifier (OID) in the list of extensions currently in Vtk_Extensions structure. The OID can be specified in dot notation. The application must call Vtk_ExtensionDelete when finished with the returned structure, otherwise memory leaks and other problems can occur.

The Vtk_ExtensionsGetCount function can be used to determine the number of extensions currently in the Vtk_Extensions structure for the specified context. This function can be used to search a list of any type of extensions, that is certificate, OCSP, CRT, or CRL extensions.

The Vtk_ExtensionsGetith function can be used to search for a specific occurrence of an extension within the list of extensions currently in Vtk_Extensions structure. The application must call Vtk_ExtensionDelete when finished with the returned structure, otherwise memory leaks and other problems can occur.

Note: The Vtk_ExtensionsGetith function adds a comment, enclosed by parentheses, to the OID. For example:

2.5.29.15(X509v3 Key Usage)

If you use the Vtk_ExtensionGetByOID function to search the extensions list, be sure that the OID does not contain a comment.



Code Sample for Getting Extension Information

This code sample demonstrates how to process extensions, get the number of extensions in the extension container, and access individual extensions in the extension container.

/*
* Extensions
*
*
* Parameters:
* pCtxt - pointer to Toolkit context
* pExtensions - container for extensions; this can certificate,
* OCSP,CRT or CRL extensions; You can obtain
* certificate extensions by calling
* Vtk_CertGetExtensions. The OCSP/CRT/CRL
* extensions are part of the Vtk_ValRespDetails
* and Vtk_ValRespSingleCertDetails data
* structures.
*/

void Extensions(const Vtk_Ctxt *pCtxt, const Vtk_Extensions *pExtensions)
{
Vtk_uint32 ret;
Vtk_Buffer oidBuf;
char oid[12] = "2.5.29.31";
Vtk_Extension *pFoundExt = NULL;
int i;
int nNumExt;
Vtk_Extension *pExt;

/*
* Print OID of all certificate extensions
*/

/*
* Get Number of extensions
*/
nNumExt = Vtk_ExtensionsGetCount(pCtxt, pExtensions);

/*
* Print OID part of each extension
*/
for (i=0; i<nNumExt; i++)
{
/*
* Get next extension from extension container
*
* Application is responsible for deleting extension obtained by
* function Vtk_ExtensionsGetith
*/
pExt = NULL;
ret = Vtk_ExtensionsGetith(pCtxt, pExtensions, i, &pExt);
if (ret != VTK_OK)
{
showError("Vtk_ExtensionsGetith", ret);
return;
}
/*
* Print out the OID
*/
if (pExt)
{
printf("/nOid: %s", pExt->oid.dPtr);
/*
* Release current extension
*/
Vtk_ExtensionDelete(pExt);
}
}
/*
* Search for specific extension - 2.5.29.31 (CRL Distribution
* Points)
*/
oidBuf.type = VTK_DF_STRING;
oidBuf.dPtr = (unsigned char *) oid;
oidBuf.len = strlen(oid);

ret = Vtk_ExtensionGetByOid(pCtxt, pExtensions, &oidBuf, &pFoundExt);
if (ret != VTK_OK)
myPrintf("\nExtension not found .\n");

/*
* IMPORTANT
*
* Application continues using the extension it has found.
*/
/*
* Application is responsible for deleting found extension
*/
if (pFoundExt)
Vtk_ExtensionDelete(pFoundExt);

prevnext


ValiCert, Inc.
http://www.valicert.com
Voice: +1.650.567.5469
Fax: (+1.650.254.2148
support@valicert.com