Compartir a través de


3.1.4.2 Processing Rules for ICertAdminD2

The ICertAdminD2 interface extends the ICertAdminD interface described in the preceding section.<65>

The version number for this interface is "1.0". The UUID for this interface is: "7fe0d935-dda6-443f-85d0-1cfb58fe41dd".

Opnum values start with the value subsequent to the last opnum value in the last inherited method. Therefore, opnum for this interface starts with 31.

Methods in RPC Opnum Order

Method

Description

PublishCRLs

The PublishCRLs method forces a CA to publish CRLs and delta CRLs.

Opnum: 31

GetCAProperty

The GetCAProperty method is used to retrieve a given property's value from the CA.

Opnum: 32

SetCAProperty

The SetCAProperty method is used to set CA properties.

Opnum: 33

GetCAPropertyInfo

The GetCAPropertyInfo method is used to retrieve information about a property on the CA, such as its type and length.

Opnum: 34

EnumViewColumnTable

The EnumViewColumnTable method retrieves information about one or more columns from the specified CA database table.

Opnum: 35

GetCASecurity

The GetCASecurity method is used to retrieve CA server's security descriptor.

Opnum: 36

SetCASecurity

The SetCASecurity method is used to set CA server's security descriptor.

Opnum: 37

Ping2

The Ping2 method is used to determine whether the CA service is started and responding.

Opnum: 38

GetArchivedKey

The GetArchivedKey method is used to retrieve an archived private key and the associated certificate.

Opnum: 39

GetAuditFilter

The GetAuditFilter method retrieves the list of events for which the CA server is currently set to create security audit events, as specified in [CIMC-PP].

Opnum: 40

SetAuditFilter

The SetAuditFilter method sets the list of events that the CA server MUST create security audit events, as specified in [CIMC-PP].

Opnum: 41

GetOfficerRights

The GetOfficerRights method is used to retrieve the Officer rights, as specified in [CIMC-PP].

Opnum: 42

SetOfficerRights

The SetOfficerRights method is used to set the Officer rights.

Opnum: 43

GetConfigEntry

The GetConfigEntry method retrieves the CA configuration data.

Opnum: 44

SetConfigEntry

The SetConfigEntry method is used to set the configuration information for the Certificate server.

Opnum: 45

ImportKey

The ImportKey method adds an encrypted key set to an item in the CA database.

Opnum: 46

GetMyRoles

The GetMyRoles method retrieves the roles, as specified in [CIMC-PP], assigned to the user who calls the method.

Opnum: 47

DeleteRow

The DeleteRow method deletes a row or set of rows from a database table.

Opnum: 48

All methods MUST NOT throw exceptions.

The CA MUST execute the following processing rules for each invocation of the methods listed below in this section. Then the CA MUST proceed to execute the processing rules listed for each method.

The CA MUST determine the identity of the caller by checking the value of the element uToken.Sids[uToken.UserIndex]. The ADM element uToken is initialized by retrieving the identity token for the current execution context by calling the abstract interface GetRpcImpersonationAccessToken() as specified in [MS-RPCE] section 3.3.3.4.3.1. The SID of the caller is the value of the uToken.Sids array element indexed at uToken.UserIndex. If the caller cannot be identified, the CA MUST refuse to establish a connection, returning an error.<66>

If Config_CA_Interface_Flags contains the value IF_ENFORCEENCRYPTICERTADMIN (section 3.1.4.2.14) and the RPC_C_AUTHN_LEVEL_PKT_PRIVACY authentication level, as defined in [MS-RPCE] section 2.2.1.1.8, is not specified on the RPC connection from the client, the CA MUST refuse to establish a connection with the client by returning an error. In Windows the error is E_ACCESSDENIED (0x80070005).<67>

If Config_CA_Interface_Flags contains the value IF_NOREMOTEICERTADMIN, the CA SHOULD return an error for any of the methods listed in this section.<68>