3.2.1.4.3.3 ICertRequestD2::GetCAPropertyInfo (Opnum 8)

The GetCAPropertyInfo method retrieves a set of property structures from the CA. The list of properties is specified in section 3.2.1.4.3.2.

 HRESULT GetCAPropertyInfo(
   [in, string, unique, range(1, 1536)] wchar_t const * pwszAuthority,
   [out] long* pcProperty,
   [out, ref] CERTTRANSBLOB* pctbPropInfo
 );

pwszAuthority: Contains the name of the CA.

pcProperty: An integer value that contains the number of property structures returned.

pctbPropInfo: A CERTTRANSBLOB structure that contains zero or more CATRANSPROP structures. For more information about the CERTTRANSBLOB and CATRANSPROP structures, see Common Structures.

Return Values: For a successful invocation, the CA MUST return 0. Otherwise, the CA MUST return a nonzero value.

The processing rules for this method are as follows.

If Config_CA_Interface_Flags contains the value IF_NOREMOTEICERTREQUEST, the server SHOULD return 0x80094011 (CERTSRV_E_ENROLL_DENIED) to the client. <107>

If Config_CA_Interface_Flags contains the value IF_ENFORCEENCRYPTICERTREQUEST and the RPC_C_AUTHN_LEVEL_PKT_PRIVACY authentication level, as defined in [MS-RPCE] section 2.2.1.1.8, is not specified on the RPC connection from the client, the CA MUST refuse to establish a connection with the client by returning a nonzero error.<108>

When the CA receives this invocation, it MUST verify the CA name that is passed in pwszAuthority by invoking the processing rules in section 3.2.1.4.2.1.1 with the CANameString input parameter set to the CA name passed in the pwszAuthority parameter and the EmptyNameAllowed input parameter set to false. If false is returned, the CA MUST return the E_INVALIDARG (0x80070057) error code to the client.

If the CA name validation succeeded, the CA MUST return success (0), MUST construct the returned CA properties information in the pctbPropInfo field (as specified in section 2.2.2.3.1), and MUST return the number of CA properties in the pcProperty parameter.