3.10.4.4 GetCertInfoRemote (Opnum 16)

  • Article

The GetCertInfoRemote method retrieves properties from a certificate associated with the specified InstanceName.

 [id(10)] HRESULT GetCertInfoRemote(
   [out, retval] VARIANT* BinaryVariant
 );

BinaryVariant:  A pointer to a VARIANT that will contain the certificate data. If the method returns S_OK, BinaryVariant contains a single dimension SAFEARRAY of VT_UI1 elements as defined in [MS-OAUT]. The data contained in the array is a null-terminated Unicode string containing attribute data from the certificate. The format and contents are described further in the method details.

Return Values:  A signed 32-bit value that indicates return status. If the method returns a negative value, it failed. If the 12-bit facility code (bits 16–27) is set to 0x007, the value contains a Win32 error code in the lower 16 bits. Zero or positive values indicate success, with the lower 16 bits in positive nonzero values containing warnings or flags defined in the method implementation. For more information about Win32 error codes and HRESULT values, see [MS-ERREF].

Return value/code

Description

0x00000000

S_OK

The call was successful.

0x80070057

E_INVALIDARG

One or more arguments are invalid.

0x00000001

S_FALSE

The call was successful. No data was returned.

The opnum field value for this method is 16.

When processing this call, the server MUST do the following:

  • If the InstanceName (Set) method has not been called to set the web server instance, return E_INVALIDARG.

  • Attempt to retrieve the certificate referenced at the specified InstanceName. If the certificate cannot be retrieved on the target system or if no certificate is referenced at the specified InstanceName, return S_FALSE.

  • Attempt to retrieve the Subject field from the certificate ([RFC3280] section 4.1.2.6). For each relative distinguished name (RDN) contained in the Subject field, append the object identifier (OID) for the attribute type and the attribute value to a Unicode string separated by the equals character, '=' (0x003D). If there is more than one RDN contained in the Subject field, separate the type/value pairs with a newline character, '\n' (0x000A). Append a newline to the string.

  • Attempt to retrieve the Issuer field from the certificate ([RFC3280] section 4.1.2.4). Retrieve the attribute value for one of the RDNs in the Issuer field and append the characters '4' (0x0034), '=' (0x003D), the retrieved attribute value, and '\n' (0x000A) to the Unicode data string.<34>

  • Attempt to retrieve the notAfter value from the Validity field of the certificate ([RFC3280]  section 4.1.2.5). The time portion of this value is discarded and the date is converted to a Unicode string using the server's system locale. The characters '6' (0x0036), '=' (0x003D), the converted date string, and '\n' (0x000A) are then appended to the Unicode data string.<35>

  • Attempt to retrieve the Extended Key Usage values for the certificate ([RFC3280] section 4.2.1.13). The Unicode string "2.5.29.37=" is appended to the data string followed by descriptive names for the specific key usage object identifiers. For example the id-kp-serverAuth OID ("1.3.6.1.5.5.7.3.1") SHOULD be represented as the string "Server Authentication".<36> Multiple usages are separated by the comma ',' space ' ' (0x0027, 0x0020) character sequence.

  • If there are no errors encountered in accessing the certificate data, the Unicode string is converted into a SAFEARRAY of VT_UI1 and returned to the client in the BinaryVariant parameter. Otherwise, S_FALSE is returned.