z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_decode_import_certificate()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Decodes certificate from DERencoded or PKCS #7encoded data stream.

Format

   #include <gskcms.h>

   gsk_status gsk_decode_import_certificate (
                                          gsk_buffer *        stream,
                                          pkcs_certificate *  subject_certificate,
                                          pkcs_certificates * issuer_certificates)

Parameters

stream
Specifies the byte stream of the encoded certificate.
subject_certificate
Returns the decoded certificate.
issuer_certificates
Returns the decoded certificate chain for the subject certificate.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
[CMSERR_BAD_BASE64_ENCODING]
The Base64 encoding of the import stream is not correct.
[CMSERR_BAD_ENCODING]
The certificate request stream is not valid.
[CMSERR_NO_MEMORY]
Insufficient storage is available.
[CMSERR_NO_IMPORT_CERTIFICATE]
No certificate in import file.

Usage

The gsk_decode_import_certificate() function decodes a data stream into a pkcs_certificate structure. The pkcs_certificate structure subject_certificate returns the subject certificate, and the pkcs_certificates structure issuer_certificates returns the certificate chain for the subject certificate (all other certificates not part of the subject certificates chain are discarded). The root certificate for the chain is the final entry in the array.

The supplied stream can represent either the ASN.1 DER encoding for the certificate or the Cryptographic Message Syntax (PKCS #7) encoding for the certificate. This can be either the binary value or the Base64 encoding of the binary value. A Base64 Encoded stream must be in the local code page and must include the encoding header and footer lines.

The gsk_decode_import_certificate() function decodes a single certificate. If the PKCS #7 message contains multiple certificates, only the first certificate and its certificate chain will be decoded.

Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014