Edit

ICertServerPolicy::GetCertificateExtension method (certif.h)

  • Article

The GetCertificateExtension method retrieves a specific certificate extension.

Syntax

HRESULT GetCertificateExtension(
  [in]  const BSTR strExtensionName,
  [in]  LONG       Type,
  [out] VARIANT    *pvarValue
);

Parameters

[in] strExtensionName

A string that contains the name of the extension.

[in] Type

Specifies the type of the extension. The type can be one of the following values.

Value Meaning
PROPTYPE_LONG
 Signed long data
PROPTYPE_DATE
 Date/time
PROPTYPE_BINARY
 The extension value is retrieved as is and is ASN.1 encoded if necessary.
PROPTYPE_STRING
 The extension value is ASN.1 encoded as an IA5 string.

[out] pvarValue

A pointer to a VARIANT that receives the requested extension value.

Return value

C++

If the method succeeds, the method returns S_OK, and the pvarValue parameter contains the extension value.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.

VB

The return value is the requested extension value.

Remarks

The SetContext method must be called prior to calling this method. The call to SetContext specifies which request is used as the current context.

Certificate extensions are distinct from certificate properties. Properties are generic data that is attached to the request. Some of these properties are encoded into the certificate (for example: BeginDate), while others are just used to mark requests in the queue and log. Extensions that are not disabled are encoded into the certificate. Extensions are always marked with an object identifier, and always have a critical/noncritical flag.

Examples

VARIANT    varExt;
HRESULT    hr;

VariantInit(&varExt);
// Get the Extension value.
// bstrExtName is BSTR assigned by EnumerateExtensions.
// pCertServerPolicy has been used to call SetContext previously.
hr = pCertServerPolicy->GetCertificateExtension(bstrExtName,
                                                PROPTYPE_BINARY,
                                                &varExt);

if (FAILED(hr))
{
    printf("Failed GetCertificateExtension [%x]\n", hr);
    goto error;
}
// Successful call; use the value in varExt as needed.
// ...

// When done, clear the Variant
VariantClear(&varExt);

Requirements

Requirement Value
Minimum supported client None supported
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header certif.h (include Certsrv.h)
Library Certidl.lib
DLL Certcli.dll

See also

ICertServerPolicy

ICertServerPolicy::GetCertificateExtensionFlags

ICertServerPolicy::SetContext