3.1.4.2 Processing Rules for ICertAdminD2
The ICertAdminD2 interface extends the ICertAdminD interface described in the preceding section.<65>
The version number for this interface is "1.0". The UUID for this interface is: "7fe0d935-dda6-443f-85d0-1cfb58fe41dd".
Opnum values start with the value subsequent to the last opnum value in the last inherited method. Therefore, opnum for this interface starts with 31.
Methods in RPC Opnum Order
|
Method |
Description |
|---|---|
|
The PublishCRLs method forces a CA to publish CRLs and delta CRLs. Opnum: 31 |
|
|
The GetCAProperty method is used to retrieve a given property's value from the CA. Opnum: 32 |
|
|
The SetCAProperty method is used to set CA properties. Opnum: 33 |
|
|
The GetCAPropertyInfo method is used to retrieve information about a property on the CA, such as its type and length. Opnum: 34 |
|
|
The EnumViewColumnTable method retrieves information about one or more columns from the specified CA database table. Opnum: 35 |
|
|
The GetCASecurity method is used to retrieve CA server's security descriptor. Opnum: 36 |
|
|
The SetCASecurity method is used to set CA server's security descriptor. Opnum: 37 |
|
|
The Ping2 method is used to determine whether the CA service is started and responding. Opnum: 38 |
|
|
The GetArchivedKey method is used to retrieve an archived private key and the associated certificate. Opnum: 39 |
|
|
The GetAuditFilter method retrieves the list of events for which the CA server is currently set to create security audit events, as specified in [CIMC-PP]. Opnum: 40 |
|
|
The SetAuditFilter method sets the list of events that the CA server MUST create security audit events, as specified in [CIMC-PP]. Opnum: 41 |
|
|
The GetOfficerRights method is used to retrieve the Officer rights, as specified in [CIMC-PP]. Opnum: 42 |
|
|
The SetOfficerRights method is used to set the Officer rights. Opnum: 43 |
|
|
The GetConfigEntry method retrieves the CA configuration data. Opnum: 44 |
|
|
The SetConfigEntry method is used to set the configuration information for the Certificate server. Opnum: 45 |
|
|
The ImportKey method adds an encrypted key set to an item in the CA database. Opnum: 46 |
|
|
The GetMyRoles method retrieves the roles, as specified in [CIMC-PP], assigned to the user who calls the method. Opnum: 47 |
|
|
The DeleteRow method deletes a row or set of rows from a database table. Opnum: 48 |
All methods MUST NOT throw exceptions.
The CA MUST execute the following processing rules for each invocation of the methods listed below in this section. Then the CA MUST proceed to execute the processing rules listed for each method.
The CA MUST determine the identity of the caller by checking the value of the element uToken.Sids[uToken.UserIndex]. The ADM element uToken is initialized by retrieving the identity token for the current execution context by calling the abstract interface GetRpcImpersonationAccessToken() as specified in [MS-RPCE] section 3.3.3.4.3.1. The SID of the caller is the value of the uToken.Sids array element indexed at uToken.UserIndex. If the caller cannot be identified, the CA MUST refuse to establish a connection, returning an error.<66>
If Config_CA_Interface_Flags contains the value IF_ENFORCEENCRYPTICERTADMIN (section 3.1.4.2.14) and the RPC_C_AUTHN_LEVEL_PKT_PRIVACY authentication level, as defined in [MS-RPCE] section 2.2.1.1.8, is not specified on the RPC connection from the client, the CA MUST refuse to establish a connection with the client by returning an error. In Windows the error is E_ACCESSDENIED (0x80070005).<67>
If Config_CA_Interface_Flags contains the value IF_NOREMOTEICERTADMIN, the CA SHOULD return an error for any of the methods listed in this section.<68>