This function will get the issuer of the client certificate as a string using the format "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253.
Input:
req : SYSHANDLE
A handle to the request.
Output:
str : STRING
The issuer of the certificate.
Returns: INT
1
|
|
- Success
|
0
|
|
- Not supported
|
-1
|
|
- Invalid request
|
-5
|
|
- Not an incoming request
|
-6
|
|
- Request does not contain a client certificate.
|
-21
|
|
- Issuer was not found.
|
Declaration:
FUNCTION restReqClientCertIssuerGet : INT;
VAR_INPUT
req : SYSHANDLE;
str : ACCESS STRING;
END_VAR;
Example:
FUNCTION dumpCert;
VAR_INPUT
req : SYSHANDLE;
rip : DINT;
END_VAR;
VAR
rc : INT;
str : STRING;
d : DINT;
i : INT;
ip : DINT;
END_VAR;
rc := restReqClientCertPresent(req:=req);
IF rc = 1 THEN
DebugFmt(message:="Client cert present");
rc := restReqClientCertSubjectGet(req := req, str := str);
DebugFmt(message:=" Subject: "+str+": \1", v1 := rc);
rc := restReqClientCertSubjectCNGet(req := req, str := str);
DebugFmt(message:=" CN: "+str+": \1", v1 := rc);
rc := restReqClientCertIssuerGet(req := req, str := str);
DebugFmt(message:=" Issuer: "+str+": \1", v1 := rc);
rc := restReqClientCertVersionGet(req := req);
DebugFmt(message:=" Version: \1", v1 := rc);
d := restReqClientCertValidFrom(req := req);
DebugFmt(message:=" Valid from: \4, "+linsecToStr(linsec := d), v4 := d);
d := restReqClientCertValidTo(req := req);
DebugFmt(message:=" Valid to: \4, "+linsecToStr(linsec := d), v4 := d);
rc := restReqClientCertSerialGet(req := req, str := str);
DebugFmt(message:=" Serial: "+str+": \1", v1 := rc);
rc := restReqClientCertFingerprintGet(req := req, type := 0, str := str);
DebugFmt(message:=" SHA1 : "+str+": \1", v1 := rc);
rc := restReqClientCertFingerprintGet(req := req, type := 1, str := str);
DebugFmt(message:=" MD51 : "+str+": \1", v1 := rc);
rc := restReqClientCertCheckHostname(req := req, hostname := "localhost");
DebugFmt(message:=" Match localhost(\2): \1", v1 := rc, v2 := i);
rc := restReqClientCertCheckEmail(req := req, email := "test@example.com");
DebugFmt(message:=" Match test@example.com: \1", v1 := rc);
i := 0;
REPEAT
rc := restReqClientCertSANGet(req := req, idx := i, san := str);
DebugFmt(message:= " SAN[\1]: \2: "+str, v1 := i, v2 := rc);
IF rc = 4 THEN
ip := soAddrToIP(address := str);
IF ip = rip THEN
DebugMsg(message:=" Matching IP found: "+str);
END_IF;
END_IF;
i := i + 1;
UNTIL rc = -21
END_REPEAT;
ELSE
DebugFmt(message:="No client cert present: \1", v1 := rc);
END_IF;
END_FUNCTION;
|