IPolicyQualifier interface

The IPolicyQualifier interface represents a qualifier that can be associated with a certificate policy. The following syntax shows the Abstract Syntax Notation One (ASN.1) structures that define certificate policies and their associated qualifiers. The value is encoded by using Distinguished Encoding Rules (DER) and included in the certificate request with the policy object it qualifies.


----------------------------------------------------------------------
-- CertificatePolicies
-- XCN_OID_CERT_POLICIES (2.5.29.32)
----------------------------------------------------------------------

CertificatePolicies ::= SEQUENCE OF PolicyInformation

PolicyInformation ::= SEQUENCE 
{
   policyIdentifier    EncodedObjectID,
   policyQualifiers    PolicyQualifiers OPTIONAL
}

PolicyQualifiers ::=  SEQUENCE OF PolicyQualifierInfo

PolicyQualifierInfo ::= SEQUENCE 
{
   policyQualifierId   EncodedObjectID,
   qualifier           NOCOPYANY OPTIONAL
}

----------------------------------------------------------------------
-- UserNotice
-- XCN_OID_PKIX_POLICY_QUALIFIER_USERNOTICE (1.3.6.1.5.5.7.2.2)
----------------------------------------------------------------------

UserNotice ::= SEQUENCE 
{
   noticeRef,      -- Not supported
   explicitText    -- Not supported
}

----------------------------------------------------------------------
-- Certification Practice Statement (CPS) qualifier
-- XCN_OID_PKIX_POLICY_QUALIFIER_CPS (1.3.6.1.5.5.7.2.1)
----------------------------------------------------------------------

CpsURLs ::= SEQUENCE OF SEQUENCE 
{
   url                 IA5String,
   digestAlgorithmId,  -- Not supported
   digest              -- Not supported
}


Policy qualifiers can be used when an object identifier (OID) is considered insufficient to fully identify a policy. Qualifiers are defined by using the IPolicyQualifier interface and can be associated with a policy by adding qualifiers to the IPolicyQualifiers collection retrieved from an ICertificatePolicy object. A Windows certification authority supports the following qualifiers.

ValueDescription
XCN_OID_PKIX_POLICY_QUALIFIER_USERNOTICE

(1.3.6.1.5.5.7.2.2)

Contains a notice to be displayed to any user who relies on the certificate.
XCN_OID_PKIX_POLICY_QUALIFIER_CPS

(1.3.6.1.5.5.7.2.1)

Identifies a pointer to a URI that contains the Certification Practice Statement (CPS) defined by the certification authority.

 

Unless one user notice in the chain duplicates another, all notices in the certificate path should be displayed to the relying party. To minimize duplication, this qualifier should be present only in the end entity certificate and certification authority certificates issued to other organizations. The user notice has two optional fields, noticeRef and explicitText, that are not supported. Policies and policy qualifiers are used in IX509ExtensionCertificatePolicies objects.

Members

The IPolicyQualifier interface inherits from the IDispatch interface. IPolicyQualifier also has these types of members:

Methods

The IPolicyQualifier interface has these methods.

MethodDescription
InitializeEncode

Initializes the object from a string and a value that identifies the qualifier type.

 

Properties

The IPolicyQualifier interface has these properties.

PropertyDescription

ObjectId

Retrieves the OID for the qualifier.

Qualifier

Retrieves a string that contains the qualifier used to initialize the object.

RawData

Retrieves the DER-encoded qualifier object.

Type

Retrieves the qualifier type.

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

CertEnroll Interfaces
IPolicyQualifier
IX509ExtensionCertificatePolicies

 

 

Community Additions

ADD
Show:
© 2014 Microsoft