X509CertCmsVerify (FUN) ¶ FUNCTION X509CertCmsVerify : RTS_IEC_RESULT Verifies a CMS signature. This function can handle both (detached and attached) signatures. The signers certificate has to be located in the CMS container. Otherwise the verify will fail. The signers certificate is always verified against the trusted certificate store on the PLC. InOut: Scope Name Type Comment Return X509CertCmsVerify RTS_IEC_RESULT ERR_OK if the signature is valid and the signer was trustworthy. ERR_SIGNATURE_MISMATCH if the signature is invalid and / or the signer was not trustworthy. ERR_PARAMETER if the given parameters are not consistent. Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. pCms POINTER TO RtsByteString Pointer to a byte string storing the CMS container. encoding RtsCertEncoding Encoding of the CMS container. pInData POINTER TO RtsByteString Used only if the signature is detached. In this case this byte string has to store the data to be verified pOutData POINTER TO RtsByteString Pointer to a byte string where to store the extracted data.
CertificateStore ¶ X509CertCreateCSR (Function) X509CertCreateSelfSigned (Function) X509CertGetPrivateKey (Function) X509CertStoreAddCert (Function) X509CertStoreClose (Function) X509CertStoreGetFirstCert (Function) X509CertStoreGetNextCert (Function) X509CertStoreGetRegisteredCert (Function) X509CertStoreOpen (Function) X509CertStoreRegister (Function) X509CertStoreRemoveCert (Function) X509CertStoreSearchGetFirst (Function) X509CertStoreSearchGetNext (Function) X509CertStoreUnregister (Function) X509CertVerify (Function) X509CertVerify2 (Function)
X509CertCreateCSR (FUN) ¶ FUNCTION X509CertCreateCSR : RTS_IEC_RESULT Create a new certificate request. A new PRIVATE key will be generated and automatically stored in the key store. The certificate request can be sent to an official CA to get a signed certificate. InOut: Scope Name Type Comment Return X509CertCreateCSR RTS_IEC_RESULT Input hCertStore RTS_IEC_HANDLE Handle to the certificate store hBackend RTS_IEC_HANDLE Handle to the back-end where to store the generated certificate. RTS_INVALID_HANDLE should be used if no back- end is specified. pCertInfo POINTER TO RtsX509CertInfo Information of the certificate to be generated. ui32KeySize UDINT Size in bits of the private key. encoding RtsCertEncoding Encoding of the generated CSR. pCSR POINTER TO RtsByteString The signing request in binary form.
X509CertCreateSelfSigned (FUN) ¶ FUNCTION X509CertCreateSelfSigned : RTS_IEC_HANDLE Create a new self signed certificate. A private key is generated and automatically stored. InOut: Scope Name Type Comment Return X509CertCreateSelfSigned RTS_IEC_HANDLE Input hCertStore RTS_IEC_HANDLE Handle to the certificate store hBackend RTS_IEC_HANDLE Handle to the back-end where to store the generated certificate. RTS_INVALID_HANDLE should be used if no back- end is specified. pCertInfo POINTER TO RtsX509CertInfo Information of the certificate to be generated. ui32KeySize UDINT Size in bits of the private key. pResult POINTER TO RTS_IEC_RESULT Result of the operation. ERR_OK: Everything went fine. ERR_INVALID_HANDLE: Some input handle is invalid. ERR_PARAMETER: Some input parameter is invalid. ERR_OVERFLOW: The timestamps of the certificate would overflow. ERR_NOMEMORY: Not enough memory to perform this operation. ERR_FAILED: Creation of self signed certificate failed. failed
X509CertGetPrivateKey (FUN) ¶ FUNCTION X509CertGetPrivateKey : RTS_IEC_RESULT Get the PRIVATE key OF the certificate. THIS is only possible if the private key stored in the certificate store. The format of this key is an implementation detail and has to match the expected format of the asymmetric functions of the CmpCrpyotItf. The key data is opaque for the user of the keys. InOut: Scope Name Type Comment Return X509CertGetPrivateKey RTS_IEC_RESULT Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. hCert RTS_IEC_HANDLE Handle of the certificate of interest. pPrivateKey POINTER TO RtsCryptoKey Pointer to the cryptographic key storing the private key.
X509CertStoreAddCert (FUN) ¶ FUNCTION X509CertStoreAddCert : RTS_IEC_RESULT Add the given certificate to the Certificate store InOut: Scope Name Type Comment Return X509CertStoreAddCert RTS_IEC_RESULT Handle to the imported certificate. Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hBackend RTS_IEC_HANDLE Handle to the back-end where to store the generated certificate. RTS_INVALID_HANDLE should be used if no back- end is specified. hCert RTS_IEC_HANDLE Handle of the certificate to be imported. trustLevel RtsCertTrustLevel The category where to store the certificate. Note: RtsTrustLevel_Own ist not selectable.
X509CertStoreClose (FUN) ¶ FUNCTION X509CertStoreClose : RTS_IEC_RESULT Close the certificate store. InOut: Scope Name Type Comment Return X509CertStoreClose RTS_IEC_RESULT Input hCertStore RTS_IEC_HANDLE Handle of to certificate store.
X509CertStoreGetFirstCert (FUN) ¶ FUNCTION X509CertStoreGetFirstCert : RTS_IEC_HANDLE Get the first certificate of the certificate store. InOut: Scope Name Type Comment Return X509CertStoreGetFirstCert RTS_IEC_HANDLE Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hBackend RTS_IEC_HANDLE Pointer to a handle of the back-end where to iterate. RTS_INVALID_HANDLE if all back-ends should be iterated. A valid handle if only a specific back-end should be iterated. trustLevel RtsCertTrustLevel Category of certificates to iterate. pResult POINTER TO RTS_IEC_RESULT Result of the operation.
X509CertStoreGetNextCert (FUN) ¶ FUNCTION X509CertStoreGetNextCert : RTS_IEC_HANDLE Get the next certificate of the certificate store. If all certificates are read the function will return RTS_INVALID_HANDLE. InOut: Scope Name Type Comment Return X509CertStoreGetNextCert RTS_IEC_HANDLE Handle to the next certificate of the given category. Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hBackend RTS_IEC_HANDLE Pointer to a handle of the back-end where to iterate. RTS_INVALID_HANDLE if all back-ends should be iterated. A valid handle if only a specific back-end should be iterated. hCert RTS_IEC_HANDLE Handle to the last certificate got by X509CertStoreGetFirst or X509CertStoreGetNext pResult POINTER TO RTS_IEC_RESULT Result of the operation.
X509CertStoreGetRegisteredCert (FUN) ¶ FUNCTION X509CertStoreGetRegisteredCert : RTS_IEC_HANDLE Get the certificate available for a registered use case. If not certificate is available RTS_INVALID_HANDLE will be returned. The following rules apply for selecting the certificate: Check if a certificate is configured by the user. (The thumb-print is pinned for component and index). Use this one if available, return error if not available. If no certificate is configured filter the available certificates by subject, key usage, extended key usage and a valid timestamp. Return error if list is empty. Split the available certificates by signed and self signed certificates. Prefer the signed certificates over the self signed certificates: Select the certificate with the longest period of validity. If some certificates have the same period of validity select the one with the strongest key. InOut: Scope Name Type Comment Return X509CertStoreGetRegisteredCert RTS_IEC_HANDLE Handle to the certificate. Use X509CertClose to close the certificate. Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hUseCase RTS_IEC_HANDLE Handle to the registered use case. Retrieved using X509CertStoreRegister. pResult POINTER TO RTS_IEC_RESULT Pointer to error code
