restReqClientCertFingerprintGet (Function)

 Top  Previous  Next

Architecture:

NX32L

Device support:

ALL

Firmware version:

2.10.00

This function will calculate the fingerprint of the client certificate using the specified algorithm.

 

Input:

req : SYSHANDLE

A handle to the request.

 

type : INT (Default 0)

The algorithm to use:

0

- SHA-1

1

- MD5

 

Output:

str : STRING

The fingerprint of the certificate.

 

 

Returns: INT

1

- Success

0

- Not supported

-1

- Invalid request

-3

- Failed to calculate fingerprint

-4

- Invalid algorithm.

-5

- Not an incoming request

-6

- Request does not contain a client certificate.

 

Declaration:

FUNCTION restReqClientCertFingerprintGet : INT;
VAR_INPUT
  req            : SYSHANDLE;
  type           : INT;
  str            : ACCESS STRING;
END_VAR;

 

 

Example:

FUNCTION dumpCert;
VAR_INPUT
  req : SYSHANDLE;
  rip : DINT;
END_VAR;
VAR
  rc  : INT;
  str : STRING;
  d   : DINT;
  i   : INT;
  ip  : DINT;
END_VAR;
  rc := restReqClientCertPresent(req:=req);
  IF rc = 1 THEN
    DebugFmt(message:="Client cert present");
    rc := restReqClientCertSubjectGet(req := req, str := str);
    DebugFmt(message:=" Subject: "+str+": \1", v1 := rc);
    rc := restReqClientCertSubjectCNGet(req := req, str := str);
    DebugFmt(message:=" CN: "+str+": \1", v1 := rc);
    rc := restReqClientCertIssuerGet(req := req, str := str);
    DebugFmt(message:=" Issuer: "+str+": \1", v1 := rc);
    rc := restReqClientCertVersionGet(req := req);
    DebugFmt(message:=" Version: \1", v1 := rc);
    d := restReqClientCertValidFrom(req := req);
    DebugFmt(message:=" Valid from: \4, "+linsecToStr(linsec := d), v4 := d);
    d := restReqClientCertValidTo(req := req);
    DebugFmt(message:=" Valid to: \4, "+linsecToStr(linsec := d), v4 := d);
    rc := restReqClientCertSerialGet(req := req, str := str);
    DebugFmt(message:=" Serial: "+str+": \1", v1 := rc);
    rc := restReqClientCertFingerprintGet(req := req, type := 0, str := str);
    DebugFmt(message:=" SHA1  : "+str+": \1", v1 := rc);
    rc := restReqClientCertFingerprintGet(req := req, type := 1, str := str);
    DebugFmt(message:=" MD51  : "+str+": \1", v1 := rc);
     
    rc := restReqClientCertCheckHostname(req := req, hostname := "localhost");
    DebugFmt(message:=" Match localhost(\2): \1", v1 := rc, v2 := i);
       
    rc := restReqClientCertCheckEmail(req := req, email := "test@example.com");
    DebugFmt(message:=" Match test@example.com: \1", v1 := rc);
     
     
    i := 0;    
    REPEAT
        rc := restReqClientCertSANGet(req := req, idx := i, san := str);
        DebugFmt(message:= "  SAN[\1]: \2: "+str, v1 := i, v2 := rc);
        IF rc = 4 THEN
          ip := soAddrToIP(address := str);
          IF ip = rip THEN
              DebugMsg(message:="   Matching IP found: "+str);
          END_IF;
        END_IF;
        i := i + 1;
    UNTIL rc = -21
    END_REPEAT;
     
  ELSE
    DebugFmt(message:="No client cert present: \1", v1 := rc);
  END_IF;
END_FUNCTION;