Compartilhar via


3.2.1.4.3.2.16 PropID = 0x00000010 (CR_PROP_CAXCHGCERTCHAIN) "CA Exchange Certificate Chain"

The client has requested the CA exchange certificate and its complete chain. The CA MUST follow these processing rules to process the client's request:

  1. If PropIndex parameter is not equal to 0x0 or 0xFFFFFFFF, return the E_INVALIDARG (0x80070057) error to the client.

  2. Validate that the Current_CA_Exchange_Cert datum contains a current, valid CA exchange certificate by executing steps 2 and 3 in section 3.2.1.4.3.2.15.

  3. Retrieve the Issuer_Name_Id from the request database by finding the row with the Certificate_Hash equal to the Current_CA_Exchange_Cert hash value.

  4. Find the CA signing certificate corresponding to the Current_CA_Exchange_Cert by looking for an entry in the Signing_Cert table with the certificate index (section 3.2.1.4.3.2.39) matching the lower 16 bits of the Issuer_Name_Id value retrieved in step 3 of this procedure.<97>

  5. Construct a signed CMS message with the following fields:

    • ContentType: szOID_RSA_signedData (1.2.840.113549.1.7.2, id-signedData).

    • Content: SignedData (as specified in [RFC3852], section 5.1) with the following requirements:

  6. Return the CMS message through a CERTTRANSBLOB structure (as specified in section 2.2.2.2). Marshaling rules for the CERTTRANSBLOB structure are specified in section 2.2.2.2.