Encoding the CERT_INFO Structure

The encoding process is essentially just the reverse process to that described in the preceding section. If, for example, you want to add an encoded Issuer to a CERT_INFO structure, you would use the following procedure. Also refer to the illustration that follows the procedure.

    To add an encoded Issuer to a CERT_INFO structure
  1. Create a string containing the name you wish to use.
  2. Create an array of CERT_RDN_ATTR structures, one of which you would initialize to contain the proper information about the string you just created.
  3. Create an array of CERT_RDN structures, one of which has the information about the array of CERT_RDN_ATTR structures you just initialized.
  4. Create a CERT_NAME_INFO structure that has a pointer to the array of CERT_RDN structures that you just created.
  5. Call CryptEncodeObject to get the size of the output encoded blob, passing it the address of the CERT_NAME_INFO structure that you just created.
  6. Allocate memory for the output encoded blob.
  7. Call CryptEncodeObject again, passing it the same information, but now passing it the address of the memory just allocated.
  8. Set the Issuer.cbData member of the CERT_INFO structure to the size returned in step 5, and the Issuer.pbData member to the address obtained in step 6. The encoded Issuer blob now resides there.

Suppose you wanted to initialize and encode some certificate extension information. You would use the following procedure. Also see the illustration that follows the procedure.

    To add encoded extension information to a CERT_INFO structure
  1. Create and initialize an extension information structure—for this example it is a CERT_BASIC_CONSTRAINTS_INFO structure.
  2. Call CryptEncodeObject, passing it the address of the structure just created, to get the size of the output encoded blob.
  3. Allocate memory for the output encoded blob.
  4. Call CryptEncodeObject again, passing the same information, except now pass in the address of the allocated memory.
  5. Create an array of CERT_EXTENSION structures.
  6. Initialize one of the CERT_EXTENSION structures so that the pszObjId is the proper string for the data contained in Value, and that Value contains the encrypted data blob that was output from the call to CryptEncodeObject.
  7. Initialize the rgExtension member of the CERT_INFO structure to point to the array of CERT_EXTENSION structures.