Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getting Subject DN from cert

Thanks Tim, that code works well.

The next question is if there is an OID->string attribute type translator in OS X. Or do I have write my own table. If I have to write my own table, where do I get all of the values from? I'm aware of RFC2253, but it only covers CN, O, OU, and a few others.

Thanks again!

Jason

On Jul 18, 2008, at 11:17 AM, Tim Nowaczyk wrote:

Here’s some code that I use to get CN.  Tweaking to your specific need is left as an exercise. :)

#define isCSSMOIDtheSame(a, b) (a.Length == b.Length && memcmp(a.Data, b.Data, a.Length) == 0) ? TRUE : FALSE

+ (CSSM_FIELD_PTR) getFieldFromCertificate: (SecCertificateRef) cert matchingOID: (CSSM_OID) OID
{
    CSSM_DATA myCSSMData;
    if (noErr != SecCertificateGetData(cert, &myCSSMData)) { return NULL; }
    
    uint32 numberOfFields = 0;
    CSSM_CL_HANDLE clHandle;
    CSSM_FIELD_PTR fields;
    
    if (noErr != SecCertificateGetCLHandle(cert, &clHandle))
        return NULL;
    
    if (CSSM_OK != CSSM_CL_CertGetAllFields(clHandle, &myCSSMData, &numberOfFields, &fields))
        return NULL;
        
    for (int j = 0; j < numberOfFields; ++j) {
        if (isCSSMOIDtheSame(fields[j].FieldOid, OID)) return &fields[j];
    }
            
    // OID not found
    return NULL;
}

+ (NSString *)  getNameOfCertificate: (SecCertificateRef) cert
{
    CSSM_FIELD_PTR field = [self getFieldFromCertificate: cert matchingOID: CSSMOID_X509V1SubjectNameCStruct];
    if (field == NULL) return NULL;

    CSSM_X509_NAME_PTR x509NamePtr = (CSSM_X509_NAME_PTR)field->FieldValue.Data;
    
    for (int k = 0; k < x509NamePtr->numberOfRDNs; k++) {
        CSSM_X509_RDN_PTR relDistNamePtr = &x509NamePtr->RelativeDistinguishedName[k];
        for (int l = 0; l < relDistNamePtr->numberOfPairs; l++) {
            CSSM_X509_TYPE_VALUE_PAIR * thisAttributeTypeAndValue = &relDistNamePtr->AttributeTypeAndValue[l];
                            
            if(isCSSMOIDtheSame(thisAttributeTypeAndValue->type, CSSMOID_CommonName)) {
                return [NSString stringWithCString:(char *)thisAttributeTypeAndValue->value.Data length:thisAttributeTypeAndValue->value.Length];
            }

        }
    }
    
    return NULL;
}


On 7/18/08 2:57 AM, "Jason Bobier" <email@hidden> wrote:

Hi folks,

I've been reading darwin code, and looking all around for how to get the Subject DN out of a SecCertificateRef and turn it into standard format string "C=US, OU=something, CN=Jason Bobier "

This has to work on 10.4 and 10.5.

Thanks greatly for any help!

Jason


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden

--
Timothy Nowaczyk
Network Systems Engineer
University of Virginia - ITC
email@hidden

 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden
References: 
 >Re: getting Subject DN from cert (From: Tim Nowaczyk <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.