The ICertServerPolicy interface is exported by the Server Engine and is called by the policy module. It allows the policy module to get and enumerate elements of requests and certificates, to get and set certificate extensions, and to set certain certificate properties.
From the time the VerifyRequest method is called until it returns, the unresolved request and certificate under construction can be accessed through a Context data object. Because the policy module can add to or override request properties by calling SetCertificateProperty, certificate properties can differ from request properties.
The strPropertyName parameter used by all of these methods must be a property name string as described in the following section on property names.
Only those properties passed to ICertRequest as part of the named attribute string parameter or the PKCS #10 certificate request can be accessed through this method. Examples of named attributes include "RequestAttributes.Type", "RequestAttributes.Version", or other arbitrarily named properties created by a site administrator to communicate site-specific information from the request generator to the policy module. Examples of PKCS #10 property names include those beginning with the Subject, PublicKey, and Signature prefixes.
The following methods are provided by the ICertServerPolicy interface.
| Method | Description |
|---|---|
| EnumerateAttributes | Returns the OID of the current attribute within the certificate to be published. |
| EnumerateAttributesClose | Frees any resources connected with attribute enumeration. |
| EnumerateAttributesSetup | Initializes the internal enumeration pointer to the first attribute within the certificate to be issued. |
| EnumerateExtensions | Returns the OID of the current extension within the certificate to be published. |
| EnumerateExtensionsClose | Frees any resources connected with extension enumeration. |
| EnumerateExtensionsSetup | Initializes the internal enumeration pointer to the first extension within the certificate to be issued. |
| GetCertificateExtension | Gets a specified certificate extension. |
| GetCertificateExtensionFlags | Gets the flags from the extension acquired by the most recent call to GetCertificateExtension. |
| GetCertificateProperty | Returns a named property from a certificate. |
| GetRequestAttribute | Returns a named attribute from a request. |
| GetRequestProperty | Returns a named property from a request. |
| SetCertificateExtension | Adds a new extension to the certificate to be issued. |
| SetCertificateProperty | Causes the Server Engine to add a named property to a certificate. |
| SetContext | Sets the current instantiation of the interface to operate on the specified request. |