Community articleGetDataByPath function (Certificate)
Added by IBM contributorIBM on May 2, 2012
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars


This function retrieves a piece of data from a certificate object.


   Function GetDataByPath(
      dataPath As String, 
      tagData As Boolean, 
      encoded As Boolean
      ) As String


Table 1. Function parameters
thePathStringThe path to the data you want to retrieve. See the Notes section below for more information on data paths.
tagDataBooleanTrue if the path should be prepended to the data, or False if not. If the path is prepended, an equals sign (=) is used as a separator.
For example, suppose the path is "Issuer: CN" and the data is "IBM®". If True, the path will be prepended, producing "CN=IBM". If False, the path will not be prepended, and the result will be "IBM".
encodedBooleanTrue if the return data is base 64 encoded, or False if not. The function returns binary data in base 64 encoding.


About data paths:
Data paths describe the location of information within a certificate, just like file paths describe the location of files on a disk. You describe the path with a series of colon separated tags. Each tag represents either a piece of data, or an object that contains further pieces of data (just like directories can contain files and subdirectories).
For example, to retrieve the version of a certificate, you would use the following data path:

However, to retrieve the subject's common name, you first need to locate the subject and then the common name within the subject, as follows:
   Subject: CN

Some tags may contain more than one piece of information. For example, the issuer's organizational unit may contain a number of entries. You can either retrieve all of the entries as a comma separated list, or you can specify a specific entry by using a zero-based element number.
For example, the following path would retrieve a comma separated list:
   Issuer: OU

Adding an element number of 0 would retrieve the first organizational unit in the list, as shown:
   Issuer: OU: 0

Certificate tags:
The following table lists the tags available in a certificate object:
Table 2. certificate object tag names
SubjectThe subject's distinguished name. This is an object that contains further information, as detailed in Distinguished Name Tags .
IssuerThe issuer's distinguished name. This is an object that contains further information, as detailed in Distinguished Name Tags .
IssuerCertThe issuer's certificate. This is an object that contains the complete list of certificate tags.
EngineThe security engine that generated the certificate. This is an object that contains further information, as detailed in Security Engine Tags .
VersionThe certificate version.
BeginDateThe date on which the certificate became valid.
EndDateThe date on which the certificate expires.
SerialThe certificates serial number.
SignatureAlgThe signature algorithm used to sign the certificate.
PublicKeyThe certificate's public key.
FriendlyNameThe certificate's friendly name.

Distinguished name tags:
The following table lists the tags available in a distinguished name object:
Table 3. distinguished tag names
CNThe common name.
EThe email address.
TThe title.
OThe organization.
OUThe organizational unit.
CThe country.
LThe locality.
STThe state.
AllThe entire distinguished name.

Security engine tags:
The following table lists the tags available in the security engine object:
Table 4. security engine tag names
NameThe name of the security engine used by the server.
HelpThe help text for the security engine.
HashAlgA hash algorithm supported by the security engine.


A string containing the certificate data (null if no data is found), or throws an exception if an error occurs.


The following function uses DereferenceEx to locate a signature button in the form. It then calls GetCertificateList to get a list of valid certificates for that button. The function then loops through the available certificates, using GetDataByPath to check the common name of each certificate. When it finds the certificate with the common name of "TJones", it calls SignForm and uses that certificate to sign the form.
   Sub ApplySignature(Form)
      Dim SigNode, SigObject  ' objects
      Dim TheCerts  ' CertificateList
      Dim CommonName  ' String
      Dim Cert  ' ICertificate
      ' Get the SignatureButton node
      Set SigNode = Form.DereferenceEx(vbNullString, _
         "PAGE1.SignatureButton", 0, UFL_ITEM_REFERENCE, Nothing)
      ' Get available certificates for that button
      Set TheCerts = SigNode.GetCertificateList(vbNullString, 1) 'vbNull
      ' Test each of the available certificates to see if it has a common
      ' name of "TJones".  If it does, use that certificate to sign
      ' the form.
      For Each Cert in TheCerts
         CommonName = Cert.GetDataByPath("Subject: CN", 
            False, 1) ' vbNull
         Response.Write CommonName & vbCrLf
         If CommonName = "TJones" Then
            Set SigObject = SigNode.SignForm(TheCerts(1), Nothing, 1) 
               ' vbNull
         End If
   End Sub

Parent topic:
Certificate functions