(Unicode C) Get Certificate Authority Information Access

Demonstrates how to get a certificate's Authority Information Access extension data (if it exists).

Note: This example requires Chilkat v9.5.0.76 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkCertW.h>
#include <C_CkXmlW.h>
#include <C_CkStringBuilderW.h>

void ChilkatSample(void)
    {
    HCkCertW cert;
    BOOL success;
    const wchar_t *extensionXmlStr;
    HCkXmlW xml;
    HCkStringBuilderW sbOcsp;
    HCkStringBuilderW sbIssuer;

    cert = CkCertW_Create();

    success = CkCertW_LoadFromFile(cert,L"qa_data/certs/test_haswdt.cer");
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkCertW_Dispose(cert);
        return;
    }

    //  Get the Authority Information Access extension, which is at OID 1.3.6.1.5.5.7.1.1
    extensionXmlStr = CkCertW_getExtensionAsXml(cert,L"1.3.6.1.5.5.7.1.1");
    if (CkCertW_getLastMethodSuccess(cert) == FALSE) {
        wprintf(L"Certificate does not have the AuthInfoAccess extension.\n");
        CkCertW_Dispose(cert);
        return;
    }

    xml = CkXmlW_Create();
    CkXmlW_LoadXml(xml,extensionXmlStr);

    //  See what we have..
    wprintf(L"%s\n",CkXmlW_getXml(xml));

    //  We should get XML like this:

    //  <?xml version="1.0" encoding="utf-8" ?>
    //  <sequence>
    //      <sequence>
    //          <oid>1.3.6.1.5.5.7.48.2</oid>
    //          <contextSpecific tag="6" constructed="0">aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
    //  cmVFbWFpbENBLmNydA==</contextSpecific>
    //      </sequence>
    //      <sequence>
    //          <oid>1.3.6.1.5.5.7.48.1</oid>
    //          <contextSpecific tag="6" constructed="0">aHR0cDovL29jc3AuY29tb2RvY2EuY29t</contextSpecific>
    //      </sequence>
    //  </sequence>

    //  Typically, a certificate AIA(Authority Information access) contains 2 parts:
    // 
    //      On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
    //      Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
    // 
    //  The base64 content for each OID (in this case) is just a string.
    //  The data can be accessed and decoded like this:

    sbOcsp = CkStringBuilderW_Create();
    success = CkXmlW_GetChildContentSb(xml,L"/C/oid,1.3.6.1.5.5.7.48.1|++",sbOcsp);
    if (success == TRUE) {
        CkStringBuilderW_Decode(sbOcsp,L"base64",L"utf-8");
        wprintf(L"1.3.6.1.5.5.7.48.1:  %s\n",CkStringBuilderW_getAsString(sbOcsp));
    }

    sbIssuer = CkStringBuilderW_Create();
    success = CkXmlW_GetChildContentSb(xml,L"/C/oid,1.3.6.1.5.5.7.48.2|++",sbIssuer);
    if (success == TRUE) {
        CkStringBuilderW_Decode(sbIssuer,L"base64",L"utf-8");
        wprintf(L"1.3.6.1.5.5.7.48.2:  %s\n",CkStringBuilderW_getAsString(sbIssuer));
    }

    //  The output looks like this:

    //  1.3.6.1.5.5.7.48.1:  http://ocsp.comodoca.com
    //  1.3.6.1.5.5.7.48.2:  http://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt

    //  -------------------------------------------------------------------------------
    //  Note: The Chilkat path passed to GetChildContentSb is composed of two commands:
    //  The first command is "/C/oid,1.3.6.1.5.5.7.48.1".   It says "traverse the XML tree from the caller
// node and stop at the 1st node having tag = "oid" and content = "1.3.6.1.5.5.7.48.1".
    //  The "|" char separates the 1st command from the 2nd.
    //  The 2nd command is "++" and says "move to the next sibling".


    CkCertW_Dispose(cert);
    CkXmlW_Dispose(xml);
    CkStringBuilderW_Dispose(sbOcsp);
    CkStringBuilderW_Dispose(sbIssuer);

    }