Community articlegetDataByPath method (Certificate)
Added by IBM contributorIBM on August 15, 2011
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars




Description

This method retrieves a piece of data from a certificate object.

Method

   public String getDataByPath(
 
     String thePath,
     Boolean tagData,
     BooleanHolder encoded,
	 ) throws UWIException;


Parameters

Table 1. Method parameters
ExpressionTypeDescription
thePathStringThe path to the data you want to retrieve. See the Notes section below for more information on data paths.
tagDatabooleantrue if the path should be prepended to the data, or false if not. If the path is prepended, an equals sign (=) is used as a separator.
For example, suppose the path is "Issuer: CN" and the data is "IBM®". If true, the path will be prepended, producing "CN=IBM". If false, the path will not be prepended, and the result will be "IBM".
encodedBooleanHoldertrue if the return data is base 64 encoded, or false if not. The function returns binary data in base 64 encoding.


Notes

About data paths:
Data paths describe the location of information within a certificate, just like file paths describe the location of files on a disk. You describe the path with a series of colon separated tags. Each tag represents either a piece of data, or an object that contains further pieces of data (just like directories can contain files and subdirectories).
For example, to retrieve the version of a certificate, you would use the following data path:
   Version

However, to retrieve the subject's common name, you first need to locate the subject and then the common name within the subject, as follows:
   Subject: CN

Some tags may contain more than one piece of information. For example, the issuer's organizational unit may contain a number of entries. You can either retrieve all of the entries as a comma separated list, or you can specify a specific entry by using a zero-based element number.
For example, the following path would retrieve a comma separated list:
   Issuer: OU

Adding an element number of 0 would retrieve the first organizational unit in the list, as shown:
   Issuer: OU: 0


Certificate tags:
The following table lists the tags available in a certificate object:
Table 2. certificate object tag names
TagDescription
SubjectThe subject's distinguished name. This is an object that contains further information, as detailed in Distinguished Name Tags .
IssuerThe issuer's distinguished name. This is an object that contains further information, as detailed in Distinguished Name Tags .
IssuerCertThe issuer's certificate. This is an object that contains the complete list of certificate tags.
EngineThe security engine that generated the certificate. This is an object that contains further information, as detailed in Security Engine Tags .
VersionThe certificate version.
BeginDateThe date on which the certificate became valid.
EndDateThe date on which the certificate expires.
SerialThe certificates serial number.
SignatureAlgThe signature algorithm used to sign the certificate.
PublicKeyThe certificate's public key.
FriendlyNameThe certificate's friendly name.


Distinguished name tags:
The following table lists the tags available in a distinguished name object:
Table 3. distinguished tag names
TagDescription
CNThe common name.
EThe email address.
TThe title.
OThe organization.
OUThe organizational unit.
CThe country.
LThe locality.
STThe state.
AllThe entire distinguished name.


Security engine tags:
The following table lists the tags available in the security engine object:
Table 4. security engine tag names
TagDescription
NameThe name of the security engine used by the server.
HelpThe help text for the security engine.
HashAlgA hash algorithm supported by the security engine.


Returns

A string containing the certificate data (null if no data is found), or throws a generic exception (UWIException) if an error occurs.

Example

The following method uses dereferenceEx to locate a signature button in the form. It then uses getCertificateList to get a list of valid certificates for that button. Next, the method cycles through the returned certificates, uses getDataByPath to get the common name for each certificate, and identifies the certificate with a common name of "IBM Forms Server". Then the method uses signForm to sign the form with the server's certificate.
   public void serverSign(FormNodeP form) throws UWIException
   {
   IntHolder theStatus;
   FormNodeP buttonNode;
   Certificate  [] certList;
   Signature theSignature;
   String signerCommonName;
   boolean encodedResult;
   int certCount;
   int correctCert = -1;
   int i;
 
      if ((buttonNode = theForm.dereferenceEx(null, "PAGE1.SIGBUTTON1", 
         0, FormNodeP.UFL_ITEM_REFERENCE, null)) == null)
      {
         throw new UWIException("Could not locate SIGBUTTON1 node.");
      }
 
      theStatus = new IntHolder();
 
      certList = buttonNode.getCertificateList(null, theStatus);
 
      if (theStatus.value == SecurityUserStatusType.SUSTATUS_INPUT_REQUIRED)
      {         for (i=0; i<certCount; i++)
        {
          certList [i].release();
        }
         throw new UWIException("User input required to sign form.");
      }
      certCount = certList.length;
 
      encodedResult = new BooleanHolder;
 
      for (i=0; i<certCount; i++)
      {
         signerCommonName = certList [i].getDataByPath(
            "Subject: CN", false, encodedResult);
         if (signerCommonName.equals("IBM Forms Server"))
         {
            correctCert = i;
            break;
         }
      }
 
      if (correctCert == -1)
      {
        for (i=0; i<certCount; i++)
        {
          certList [i].release();
        }
        throw new UWIException("Could not locate required certificate");
      }
 
      theSignature = buttonNode.signForm(certList [correctCert], null, 
         theStatus);
      theSignature.release();
 
      /* release each certificate */
      for (i=0; i<certCount; i++)
      {
        certList [i].release();
      }
 
      if (theStatus.value == SUSTATUS_INPUT_REQUIRED)
      {
         throw new UWIException("User input required to sign form.");
      }
 
   }


Parent topic:
Certificate class