Partager via

2.2.1.9 CERTTRANSDBEXTENSION

  • Article

The CERTTRANSDBEXTENSION structure is encoded within a CERTTRANSBLOB structure. The CERTTRANSDBEXTENSION structure is used by the server to return certificate extension information, as specified in [RFC3280] section 4, that is associated with a request. This associated request to the client occurs when the client performs a query by invoking the EnumAttributesOrExtensions method of the ICertAdminD interface.

 typedef struct _CERTTRANSDBEXTENSION {
   ULONG obwszName;
   LONG ExtFlags;
   DWORD cbValue;
   ULONG obValue;
 } CERTTRANSDBEXTENSION;

obwszName: An unsigned integer that contains the offset from the beginning of the byte array buffer that is pointed to by the pb member in the containing CERTTRANSBLOB structure to the string representation of an OID (1) of this extension (as specified in [X680]). The string format is a null-terminated UNICODE string. The offset MUST be divisible by 4.

ExtFlags: An integer value that specifies the flags that are associated with the extension. The following diagram shows its contents.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

C

D

0

0

0

0

0

0

0

0

0

0

0

0

0

0

Nigiro

C (1 bit): C is the ExtensionCriticalFlag, as defined in section 3.1.1.3, the Extension_Flags ADM element. A value of 0 means the extension is not critical. A value of 1 means the extension is critical.

D (1 bit): D is the ExtensionDisabledFlag, as defined in section 3.1.1.3, the Extension_Flags ADM element. A value of 0 means the extension is not disabled. A value of 1 means the extension is disabled.

Nigiro (2 bytes): The Nigiro field is defined as follows:

Mirrored (Nigiro) byte

Meaning

0x8000

The extension comes from the request.

0x4000

The extension was added by the CA. The CA assigns a value of 2 if the extension was added by the policy module of the CA.

0xC000

The extension was added by the CA. The CA assigns a value of 3 if the extension was added interactively by a human administrator of the CA.

0x2000

The extension was added by the CA. The CA assigns a value of 4 if the extension was added by the certificate server engine and not the policy module component of the CA.

0xA000

The extension was in the preceding certificate, which might occur, for example, when a certificate is renewed.

0x6000

The extension comes from an imported certificate (a certificate that was imported into the CA database).

0xE000

The extension comes from a PKCS7 request.

0x1000

The extension comes from a CMC request.

0x9000

The extension comes from the current CA signing certificate.

cbValue: An unsigned integer value that contains the length, in bytes, of data that is referenced by the obValue parameter.

obValue: An unsigned integer that contains the offset from the beginning of the byte array buffer that is pointed to by the pb member in the containing CERTTRANSBLOB structure to where the value for this extension can be found. The length of the value is specified in the cbValue field. The value is in ASN.1 Distinguished Encoding Rules (DER) format for the extension, as specified in [X660]. The offset MUST be divisible by 4.