CertIsRDNAttrsInCertificateName

The CertIsRDNAttrsInCertificateName function compares the attributes in the certificate name with the specified CERT_RDN to determine whether all attributes are included there. The comparison iterates through the CERT_RDN and looks for an attribute match in any of the certificate name's CERT_RDNs.

#include <wincrypt.h>
BOOL WINAPI CertIsRDNAttrsInCertificateName(
  DWORD dwCertEncodingType,    // in
  DWORD dwFlags,               // in
  PCERT_NAME_BLOB pCertName,   // in
  PCERT_RDN pRDN               // in
);

Parameters

dwCertEncodingType
The type of encoding used on the certificate. Currently defined certificate encoding types are shown in the following table:
Encoding type Value
X509_ASN_ENCODING 0x00000001

dwFlags
CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the pRDN was initialized with UNICODE strings as in CryptEncodeObject(X509_UNICODE_NAME).
pCertName
A pointer to an encoded subject or issuer name.
pRDN
The array of attributes to be found in the name. The CERT_RDN_ATTR field of the CERT_RDN has the following special considerations.
CERT_RDN_ATTR Comments
If pszObjId = NULL Ignore the attribute Object Identifier.
If dwValueType = CERT_RDN_ANY_TYPE Ignore the value type.
If Value.pbData = NULL Match any value.

Return Values

Returns TRUE if all attributes are found and match. Returns FALSE if an error occurred.

Call GetLastError to see the reason for any failures. This function has the following error codes.

Error code Description
CRYPT_E_NO_MATCH Not all the attributes were found and match.
CRYPT_E_OSS_ERROR ASN.1 decoding error. Note: To get the OSS error, subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
ERROR_FILE_NOT_FOUND Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.

Remarks

Currently, only an exact, case-sensitive match is supported.

Example

// EXAMPLE CODE FOR USING CertIsRDNAttrsInCertificateName.
// Compares the attributes in the certificate name with the specified
// CERT_RDN to determine whether all attributes are included there.
// Assume that a pointer to the subject (pCertName) for which
// the intended attributes are being compared and a pointer to the
// array of attributes (pRDN) is already known

// Set up the variables.
DWORD dwCertEncodingType = X509_ASN_ENCODING;
                             // Type of encoding
DWORD dwFlags = CERT_UNICODE_IS_RDN_ATTRS_FLAG;
                             // Initialized with UNICODE strings
PCERT_NAME_BLOB pCertName;   // Initialized elsewhere
PCERT_RDN pRDN;              // Initialized elsewhere
BOOL fResult;                // Returned TRUE if all attributes match
                             //   FALSE if an error occurs

fResult = CertIsRDNAttrsInCertificateName(
            dwCertEncodingType, // in - X509_ASN_ENCODING
            dwFlags,            // in - Flag set for X509 UNICODE_NAME 
            pCertName,          // in - Pointer to subject
            pRDN);              // in - Pointer to array of attributes

if (!fResult) {                 // FALSE
  cout<< "function failed "<< endl
      << "not all attributes match "<< endl
      << "error code = "<< GetLastError()<< endl;
}
else {                          // TRUE
  cout<< "all attributes match "<< endl;
}

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CertFindCertificateInStore