设置证书属性
使用 ICertServerPolicy::SetCertificateProperty 方法设置证书的使用者属性。 使用者属性是与证书所有者或请求证书的个人相关的属性。 有关使用者属性的列表,请参阅 Name Properties。
还可以使用 SetCertificateProperty 方法设置 NotBefore 和 NotAfter 证书属性。 有关 NotBefore 和 NotAfter 证书属性的说明,请参阅 证书属性。
使用 ICertServerPolicy::SetCertificateExtension 方法向证书添加任意数量的扩展。 可以使用扩展将补充使用者或使用情况信息添加到证书。 有关详细信息,请参阅 扩展处理程序。
以下示例在证书上设置证书属性和扩展。 在 ICertPolicy2::VerifyRequest 实现中调用 SetCertificateProperty 和 SetCertificateExtension 方法。 示例不是完整的 VerifyRequest 实现;示例不显示验证逻辑。
#include <windows.h>
#include <stdio.h>
STDMETHODIMP CCertPolicy::VerifyRequest(
BSTR const strConfig,
LONG Context,
LONG bNewRequest,
LONG Flags,
LONG __RPC_FAR *pDisposition)
{
HRESULT hr = S_OK;
ICertServerPolicy *pServer = NULL;
BSTR bstrPropName = NULL;
VARIANT vPropValue;
BSTR bstrExtName = NULL;
VARIANT vExtValue;
// Retrieve an ICertServerPolicy interface pointer.
hr = CoCreateInstance( CLSID_CCertServerPolicy,
NULL,
CLSCTX_INPROC_SERVER,
IID_ICertServerPolicy,
(void **) &pServer );
if (FAILED( hr ))
{
printf("Failed CoCreateInstance for ICertServerPolicy "
"- %x\n", hr );
return hr;
}
// Set the context to which this request refers.
hr = pServer->SetContext(Context);
if (FAILED( hr ))
{
printf("Failed SetContext(%u) - %x\n", Context, hr );
pServer->Release();
return hr;
}
// Specify the subject property to set on the certificate.
bstrPropName = SysAllocString(L"Subject.EMail");
if ( NULL == bstrPropName )
{
hr = E_OUTOFMEMORY;
printf("Failed SysAllocString for bstrPropName "
"(no memory)\n" );
pServer->Release();
return hr;
}
VariantInit( &vPropValue );
vPropValue.VT_BSTR;
vPropValue.bstrVal = SysAllocString(L"someone@example.com");
if ( NULL == vPropValue.bstrVal )
{
hr = E_OUTOFMEMORY;
printf("Failed SysAllocString for vPropValue "
"(no memory)\n" );
SysFreeString(bstrPropName);
pServer->Release();
return hr;
}
// Set the subject property on the certificate.
hr = pServer->SetCertificateProperty( bstrPropName,
PROPTYPE_STRING,
&vPropValue );
SysFreeString(bstrPropName);
VariantClear(&vPropValue);
if (FAILED(hr))
{
printf("Failed SetCertificateProperty - %x\n", hr);
pServer->Release();
return hr;
}
// Specify the extension property to set on the certificate.
bstrExtName = SysAllocString(L"2.29.38.4");
if ( NULL == bstrExtName )
{
hr = E_OUTOFMEMORY;
printf("Failed SysAllocString for bstrExtName "
"(no memory)\n" );
pServer->Release();
return hr;
}
VariantInit( &vExtValue );
vExtValue.VT_BSTR;
vExtValue.bstrVal = SysAllocString
(L"https://example.microsoft.com");
if ( NULL == vExtValue.bstrVal )
{
hr = E_OUTOFMEMORY;
printf("Failed SysAllocString for vExtValue (no memory)\n" );
SysFreeString(bstrExtName);
pServer->Release();
return hr;
}
// Set the extension property on the certificate.
hr = pServer->SetCertificateExtension( bstrExtName,
PROPTYPE_STRING,
EXTENSION_CRITICAL_FLAG,
&vExtValue );
SysFreeString(bstrExtName);
VariantClear(&vExtValue);
if (FAILED(hr))
{
printf("Failed SetCertificateExtension - %x\n", hr);
pServer->Release();
return hr;
}
pServer->Release();
return(hr);
}