Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Extracting all values of a subject attribute in a certificate

I'm currently using CertGetNameString to extract the values for each subject attribute like so:

CertGetNameString(pCertificate,
                  CERT_NAME_ATTR_TYPE,
                  0,
                  szOID_ORGANIZATIONAL_UNIT_NAME,
                  buf,
                  _countof(buf));

However some certificates I've found have multiple values for the organizational unit name (OU) and CertGetNameString can only read the first. For instance this is the subject of an Adobe certificate:

CN = Adobe Systems, Incorporated
OU = Acrobat Engineering
OU = Digital ID Class 3 - Microsoft Software Validation v2
O = Adobe Systems, Incorporated
L = San Jose
S = California
C = US

How can I read all values for the OU (and other) attribute(s) using CryptoAPI?

like image 727
Andreas Magnusson Avatar asked Feb 29 '12 09:02

Andreas Magnusson


1 Answers

Ok, found the solution. The correct API to use is CertNameToStr, like so:

    CertNameToStr(X509_ASN_ENCODING,
                  &pCertificate->pCertInfo->Subject,
                  CERT_X500_NAME_STR,
                  buf,
                  _countof(buf));

It will return a string such as:

C=US, S=California, L=San Jose, O="Adobe Systems, Incorporated", OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Acrobat Engineering, CN="Adobe Systems, Incorporated"

Which can then be parsed if individual attribute values are required.

like image 104
Andreas Magnusson Avatar answered Oct 13 '22 01:10

Andreas Magnusson