The GetCertificateExtensionFlags method gets the flags from the extension acquired by the most recent call to GetCertificateExtension.
[VB] long GetCertificateExtensionFlags(void);
[JAVA] int GetCertificateExtensionFlags(void);
[C++] HRESULT GetCertificateExtensionFlags(
LONG *pExtFlags // out, return value
);
Returns a value containing the flags from the extension acquired by the most recent call to GetCertificateExtension. There are two kinds of flags used in extensions; policy flags and origin flags.
| Flag Type | Explanation |
|---|---|
| Policy | Provides information about the certificate extension. Policy flags can be set by the policy module. |
| Origin | Indicates the module that set the certificate extension. Origin flags are only set by the Server Engine. |
One or more policy flags can be returned from an extension. The following are predefined policy flags.
| Policy Flag Value | Explanation |
|---|---|
| EXTENSION_CRITICAL_FLAG | This is a critical extension. |
| EXTENSION_DISABLE_FLAG | Extension will not be used. |
One of the following origin flags can also be returned.
| Origin Flag Value | Explanation |
|---|---|
| EXTENSION_ORIGIN_REQUEST | A request set the extension. |
| EXTENSION_ORIGIN_POLICY | Policy module set the extension. |
| EXTENSION_ORIGIN_ADMIN | Admin set the extension. |
| EXTENSION_ORIGIN_SERVER | Server Engine set the extension. |
Pre-defined masks are provided for ease of use in determining which flags are set in the return value. The following masks are provided.
| Mask Value | Explanation |
|---|---|
| EXTENSION_POLICY_MASK | This value (0x0000FFFF) is used to examine policy flags. |
| EXTENSION_ORIGIN_MASK | This value (0x000F0000) is used to examine origin flags. |
The following C++ code demonstrates use of the pre-defined mask to examine policy flags:
HRESULT hr;
LONG ExtFlags
hr = pICertServerExit->GetCertificateExtensionFlags(
&ExtFlags);
// more than one policy flag might be set
LONG ExtPolicyFlags = ExtFlags & EXTENSION_POLICY_MASK;
if (ExtPolicyFlags & EXTENSION_CRITICAL_FLAG)
{
// do something
}
if (ExtPolicyFlags & EXTENSION_DISABLE_FLAG)
{
// do something
}
Note It is safe to use the high 8 bits of EXTENSION_POLICY_MASK for custom data. These bits will be saved persistently in the database, but will not be written to the certificate extensions.
The following C++ code demonstrates use of the pre-defined masks to examine origin flags:
HRESULT hr;
LONG ExtFlags
hr = pICertServerExit->GetCertificateExtensionFlags(
&ExtFlags);
// only one origin flag can be set
switch (ExtFlags & EXTENSION_ORIGIN_MASK)
{
case EXTENSION_ORIGIN_REQUEST:
// extension was set in certificate request
break;
case EXTENSION_ORIGIN_POLICY:
// extension was set by policy module
break;
case EXTENSION_ORIGIN_ADMIN:
// extension was set by admin
break;
case EXTENSION_ORIGIN_SERVER:
// extension was set by server engine
break;
default:
break;
}
Windows NT: Requires version 5.0 or later (or version 4.0 with the Windows NT 4.0 Option Pack).
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in certif.h.
Import Library: Use certidl.lib.