Community articleCertificate_GetIssuer function
Added by IBM contributorIBM on May 2, 2012
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.



Description

This function extracts the issuer certificate from the certificate provided.

Function

   r_error Certificate_GetIssuer(
      Certificate *theCertificate, 
      SecurityUserStatusType *theStatus, 
      Certificate **issuerCert);


Parameters

Table 1. Function parameters
ExpressionTypeDescription
theCertificate Certificate*A pointer to the certificate object from which you want to extract the issuer certificate.
theStatusSecurityUserStatusType*A pointer that is set with the status of the operation. This will be one of the following:
SUSTATUS_OK — The operation was successful.
SUSTATUS_CANCELLED— the operation was cancelled by the user.
SUSTATUS_INPUT_REQUIRED — the operation required user input, but could not receive it (for example, it was run on a server with no user).
issuerCert Certificate**A pointer that is set with the issuers certificate.


Returns

OK on success or an error code on failure.

Example

The following example gets the signing certificate from a signature object, then iterates through the certificate issuers until it reaches the end of the chain. During the iteration, each certificate is passed to a function that processes them.
   r_error processCertChain(Signature *theSig)
   {
   Certificate *theCert, *issuerCert;
   SecurityUserStatusType theStatus;
   
   /* Get the signing certificate from the signature. */
 
      if (Signature_GetSigningCert(theSig, &theCert) != OK)
      { 
         fprintf(stderr, "Could not get signing certificate.\n"); 
         return(NOTOK); 
      }
 
      /* Loop through the certificate chain, passing each certificate to the 
         ProcessCert function. The loop ends when the issuer certificate is 
         NULL. */
      
while (theCert != NULL)
      {
   
         /* Pass the certificate to the processCert function.  Note that 
            this is not an API function, but rather a function you would 
            write to process the certificate in some way. */
 
         if (ProcessCert(theCert) != OK)
         { 
            fprintf(stderr, "Could not process certificate.\n"); 
            return(NOTOK); 
         }
 
         /* Get the issuer certificate from theCert. */
 
         if (Certificate_GetIssuer(theCert, &theStatus, &issuerCert) != OK)
         {
            fprintf(stderr, "Could not get issuer certificate.\n");
            return(NOTOK);
         }
 
         /* Check to ensure the function exited with the correct status. */
 
         if (theStatus != SUSTATUS_OK)
         {
            fprintf(stderr, "GetIssuer exited with wrong status.\n");
            return(NOTOK);
         }
   
         /* Free theCert object. */
 
         IFSObject_ReleaseRef(theCert);
 
         /* Assign theCert to equal the issuerCert for next iteration of the 
            loop. */
 
         theCert = issuerCert;
      }
      return(OK);
   }


Parent topic:
Certificate functions