IX509AttributeExtensions interface (certenroll.h)
The IX509AttributeExtensions interface defines methods and properties that initialize and retrieve certificate extensions in a certificate request. For example, the CertificateRequestInfo structure of a PKCS #10 request does not contain a field for version 3 extensions. Instead, the extensions must be added to the attributes collection in the request.
CertificationRequestInfo ::= SEQUENCE
{
version INTEGER { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
Also, extensions are included in a CMC request by adding them to the TaggedAttributes structure shown in the following Abstract Syntax Notation One (ASN.1) syntax example. For more information, see Attributes and Extensions.
CmcData ::= SEQUENCE
{
controlSequence ControlSequence,
reqSequence ReqSequence,
cmsSequence CmsSequence,
otherMsgSequence OtherMsgSequence
}
ControlSequence ::= SEQUENCE OF TaggedAttribute
TaggedAttribute ::= SEQUENCE
{
bodyPartID BodyPartID,
type EncodedObjectID,
values AttributeSetValue
}
BodyPartID ::= INTEGER (0..4294967295)
EncodedObjectID ::= OBJECT IDENTIFIER
AttributeSetValue ::= SET OF ANY
You can create one or more version 3 extensions and include them in a certificate request in the following manner:
- Initialize any of the following IX509Extension objects:
- IX509ExtensionAlternativeNames
- IX509ExtensionAuthorityKeyIdentifier
- IX509ExtensionBasicConstraints
- IX509ExtensionCertificatePolicies
- IX509ExtensionMSApplicationPolicies
- IX509ExtensionEnhancedKeyUsage
- IX509ExtensionKeyUsage
- IX509ExtensionSmimeCapabilities
- IX509ExtensionSubjectKeyIdentifier
- IX509ExtensionTemplate
- IX509ExtensionTemplateName
- Add the extension objects into an IX509Extensions collection.
- Use the IX509Extensions collection to initialize an IX509AttributeExtensions object.
- Add the IX509AttributeExtensions object to an IX509Attributes collection.
- Use the IX509Attributes collection to initialize an ICryptAttribute object.
- Initialize a CMC or PKCS #10 request object and retrieve the ICryptAttributes collection.
- Add the ICryptAttribute object to the ICryptAttributes collection for the request.
Inheritance
The IX509AttributeExtensions interface inherits from IX509Attribute. IX509AttributeExtensions also has these types of members:
Methods
The IX509AttributeExtensions interface has these methods.
| IX509AttributeExtensions::get_X509Extensions Retrieves the certificate extensions. |
| IX509AttributeExtensions::InitializeDecode Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the attribute value. (IX509AttributeExtensions.InitializeDecode) |
| IX509AttributeExtensions::InitializeEncode Initializes the object from an IX509Extensions collection. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |