X509CertHasExtendedKeyUsage (FUN) ¶ FUNCTION X509CertHasExtendedKeyUsage : BOOL Check if the extended keyusages of the specified certificate has the specified extended keyusages InOut: Scope Name Type Comment Return X509CertHasExtendedKeyUsage BOOL True if all key usages are part of the certificate. Input hCert RTS_IEC_HANDLE Handle of to certificate. numOfExKeyUsages UDINT Number of extended keyusages pExKeyUsages POINTER TO RtsOID Pointer to list of extended keyusages pResult POINTER TO RTS_IEC_RESULT POINTER TO error code
X509CertHasKeyUsage (FUN) ¶ FUNCTION X509CertHasKeyUsage : BOOL Check if the specified key-usages are defined within the certificate. InOut: Scope Name Type Comment Return X509CertHasKeyUsage BOOL True if all key usages are part of the certificate. Input hCert RTS_IEC_HANDLE Handle of to certificate. keyUsage UDINT Key usages to check. Refer to Key Usage flags. pResult POINTER TO RTS_IEC_RESULT POINTER TO error code
X509CertIsAuthority (FUN) ¶ FUNCTION X509CertIsAuthority : BOOL Check if the given certificate is certificate autority. Typically this is indicated by the corresponding key usage. Some older ca certificates may be identified by other means. InOut: Scope Name Type Comment Return X509CertIsAuthority BOOL Input hCert RTS_IEC_HANDLE Handle of to certificate. pResult POINTER TO RTS_IEC_RESULT Pointer to error code. ERR_OK if everything went fine, ERR_PARAMETER if hCert was invalid. Output pathLen DINT The maximum path length of the CA. -1 if there is no limit. Only valid, if the function returned TRUE
X509CertIsDateValid (FUN) ¶ FUNCTION X509CertIsDateValid : BOOL Check if a certificate has a valid date (notbefore and notafter is in the current time period) InOut: Scope Name Type Comment Return X509CertIsDateValid BOOL True if the certificate date is valid Input hCert RTS_IEC_HANDLE Handle of to certificate. pResult POINTER TO RTS_IEC_RESULT Pointer to error code. ERR_OK: Everything went fine, ERR_PARAMETER: hCert was invalid
X509CertIsSelfSigned (FUN) ¶ FUNCTION X509CertIsSelfSigned : BOOL Check if a certificate is selfsigned of is signed by a CA authority InOut: Scope Name Type Comment Return X509CertIsSelfSigned BOOL True if the certificate is self signed, False if the certificate is signed by a CA. Input hCert RTS_IEC_HANDLE Handle of to certificate. pResult POINTER TO RTS_IEC_RESULT Pointer to error code. ERR_OK if everything went fine, ERR_PARAMETER if hCert was invalid.
X509CertKeyClose (FUN) ¶ FUNCTION X509CertKeyClose : RTS_IEC_RESULT Release a PRIVATE OR PUBLIC key with THIS FUNCTION. THIS FUNCTION indicates that this key is not needed anymore and allows to clean up ressources used by this key InOut: Scope Name Type Comment Return X509CertKeyClose RTS_IEC_RESULT Result of the operation Input pKey POINTER TO RtsCryptoKey Pointer to the key
X509ParseCertificate (FUN) ¶ FUNCTION X509ParseCertificate : RTS_IEC_HANDLE Parse a certificate which is located in the memory (e.g received FROM a communication partner). Once parsed the certificate is stored in a temporary store. Use the function X509CertClose to close the certificate. InOut: Scope Name Type Comment Return X509ParseCertificate RTS_IEC_HANDLE Handle to the parsed certificate. Input pCert POINTER TO RtsByteString Binary encoded certificate. encoding RtsCertEncoding Encoding of the certificate. pResult POINTER TO RTS_IEC_RESULT Result of the operation
CMS ¶ X509CertCmsDecrypt (Function) X509CertCmsVerify (Function)
X509CertCmsDecrypt (FUN) ¶ FUNCTION X509CertCmsDecrypt : RTS_IEC_RESULT Decrypt a CMS container. InOut: Scope Name Type Comment Return X509CertCmsDecrypt RTS_IEC_RESULT ERR_OK if the container was successfully decrypted. ERR_PARAMETER if the given parameters are not consistent. Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. hRecipientCert RTS_IEC_HANDLE Handle to the recipients certificate. A private key of the certificate has to be available. Though the certificate has to be located in the “own” store. pCms POINTER TO RtsByteString Pointer to a byte string storing the CMS container. encoding RtsCertEncoding Encoding of the CMS container. pOutData POINTER TO RtsByteString Pointer to a byte string where to store the extracted data.
X509CertCmsVerify (FUN) ¶ FUNCTION X509CertCmsVerify : RTS_IEC_RESULT Verifies a CMS signature. This function can handle both (detached and attached) signatures. The signers certificate has to be located in the CMS container. Otherwise the verify will fail. The signers certificate is always verified against the trusted certificate store on the PLC. InOut: Scope Name Type Comment Return X509CertCmsVerify RTS_IEC_RESULT ERR_OK if the signature is valid and the signer was trustworthy. ERR_SIGNATURE_MISMATCH if the signature is invalid and / or the signer was not trustworthy. ERR_PARAMETER if the given parameters are not consistent. Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. pCms POINTER TO RtsByteString Pointer to a byte string storing the CMS container. encoding RtsCertEncoding Encoding of the CMS container. pInData POINTER TO RtsByteString Used only if the signature is detached. In this case this byte string has to store the data to be verified pOutData POINTER TO RtsByteString Pointer to a byte string where to store the extracted data.