CERT_RDN_ATTR

The CERT_RDN_ATTR structure are attributes that make up a Relative Distinguished Name (RDN). The interpretation of the data member Value depends on the dwValueType.

typedef struct _CERT_RDN_ATTR {
    LPSTR                  pszObjId;
    DWORD                  dwValueType;
    CERT_RDN_VALUE_BLOB    Value;
} CERT_RDN_ATTR,          *PCERT_RDN_ATTR;

Members

pszObjId

Currently defined CERT_RDN attribute object identifiers are shown in the following table.

CERT_RDN attribute object identifier	Value	Comments
// Labeling attribute types:
szOID_COMMON_NAME	"2.5.4.3"	case-ignore string
szOID_SUR_NAME	"2.5.4.4"	case-ignore string
szOID_DEVICE_SERIAL_NUMBER	"2.5.4.5"	printable string

// Geographic attribute types:
szOID_COUNTRY_NAME	"2.5.4.6"	printable 2char string
szOID_LOCALITY_NAME	"2.5.4.7"	case-ignore string
szOID_STATE_OR_PROVINCE_NAME	"2.5.4.8"	case-ignore string
szOID_STREET_ADDRESS	"2.5.4.9"	case-ignore string

// Organizational attribute types:
szOID_ORGANIZATION_NAME	"2.5.4.10"	case-ignore string
szOID_ORGANIZATIONAL_UNIT_NAME	"2.5.4.11"	case-ignore string
szOID_TITLE	"2.5.4.12"	case-ignore string

// Explanatory attribute types:
szOID_DESCRIPTION	"2.5.4.13"	case-ignore string
szOID_SEARCH_GUIDE	"2.5.4.14"
szOID_BUSINESS_CATEGORY	"2.5.4.15"	case-ignore string

// Postal addressing attribute types:
szOID_POSTAL_ADDRESS	"2.5.4.16"
szOID_POSTAL_CODE	"2.5.4.17"	case-ignore string
szOID_POST_OFFICE_BOX	"2.5.4.18"	case-ignore string
szOID_PHYSICAL_DELIVERY_OFFICE_NAME	"2.5.4.19"	case-ignore string

// Telecommunications addressing attribute types:
szOID_TELEPHONE_NUMBER	"2.5.4.20"	telephone number
szOID_TELEX_NUMBER	"2.5.4.21"
szOID_TELETEXT_TERMINAL_IDENTIFIER	"2.5.4.22"
szOID_FACSIMILE_TELEPHONE_NUMBER	"2.5.4.23"
szOID_X21_ADDRESS	"2.5.4.24"	numeric string
szOID_INTERNATIONAL_ISDN_NUMBER	"2.5.4.25"	numeric string
szOID_REGISTERED_ADDRESS	"2.5.4.26"
szOID_DESTINATION_INDICATOR	"2.5.4.27"	printable string

// Preference attribute types:
szOID_PREFERRED_DELIVERY_METHOD	"2.5.4.28"

// OSI application attribute types:
szOID_PRESENTATION_ADDRESS	"2.5.4.29"
szOID_SUPPORTED_APPLICATION_CONTEXT	"2.5.4.30"

// Relational application attribute types:
szOID_MEMBER	"2.5.4.31"
szOID_OWNER	"2.5.4.32"
szOID_ROLE_OCCUPANT	"2.5.4.33"
szOID_SEE_ALSO	"2.5.4.34"

// Security attribute types:
szOID_USER_PASSWORD	"2.5.4.35"
szOID_USER_CERTIFICATE	"2.5.4.36"
szOID_CA_CERTIFICATE	"2.5.4.37"
szOID_AUTHORITY_REVOCATION_LIST	"2.5.4.38"
szOID_CERTIFICATE_REVOCATION_LIST	"2.5.4.39"
szOID_CROSS_CERTIFICATE_PAIR	"2.5.4.40"

// Name attribute types:
szOID_GIVEN_NAME	"2.5.4.42"	case-ignore string
szOID_INITIALS	"2.5.4.43"	case-ignore string
// Email:
szOID_RSA_emailAddr	"1.2.840. 113549.1. 9.1"	IA5 string
szOID_DOMAIN_COMPONENT	"0.9.2342. 19200300. 100.1.25"	IA5 string

//Pilot user attribute types:
szOID_DOMAIN_COMPONENT	"0.9.2342. 19200300. 100.1.25"	IA5 string

//Used for PKCS 12 attributes
szOID_PKCS_12_FRIENDLY_NAME_ATTR	"1.2.840. 113549.1. 9.20"
szOID_PKCS_12_LOCAL_KEY_ID	"1.2.840. 113549.1. 9.21"

dwValueType

For CERT_RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded representation. Otherwise, it's an array of bytes.

For all CERT_RDN types, Value.cbData is always the number of bytes, not necessarily the number of elements in the string. For instance, CERT_RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and CERT_RDN_BMP_STRING is an array of unsigned
shorts (cbData == ushortCnt * 2).

The following dwValueTypes are defined in Wincrypt.h:

#define CERT_RDN_ANY_TYPE                    0
#define CERT_RDN_ENCODED_BLOB                1
#define CERT_RDN_OCTET_STRING                2
#define CERT_RDN_NUMERIC_STRING              3
#define CERT_RDN_PRINTABLE_STRING            4
#define CERT_RDN_TELETEX_STRING              5
#define CERT_RDN_T61_STRING                  5
#define CERT_RDN_VIDEOTEX_STRING             6
#define CERT_RDN_IA5_STRING                  7
#define CERT_RDN_GRAPHIC_STRING              8
#define CERT_RDN_VISIBLE_STRING              9
#define CERT_RDN_ISO646_STRING               9
#define CERT_RDN_GENERAL_STRING              10
#define CERT_RDN_UNIVERSAL_STRING            11
#define CERT_RDN_INT4_STRING                 11
#define CERT_RDN_BMP_STRING                  12
#define CERT_RDN_UNICODE_STRING              12

#define CERT_RDN_TYPE_MASK                  0x000000FF
#define CERT_RDN_FLAGS_MASK .........       0xff000000
#define CERT_RDN_ENABLE_T61_UNICODE_FLAG    0x80000000
#define CERT_RDN_DISABLE_CHECK_TYPE_FLAG    0x40000000
#define CERT_RDN_DISABLE_IE4_UTF8_FLAG      0x01000000

The following table describes the type of content that corresponds to various dwValueTypes.

dwValueType Value/ description

CERT_RDN_OCTET_STRING An arbitrary string of octets (8-bit)

CERT_RDN_NUMERIC_STRING Only the characters 0 through 9, and the space character (8-bit)

CERT_RDN_PRINTABLE_STRING An arbitrary string of printable characters (8-bit)

CERT_RDN_TELETEX_STRING An arbitrary string of T.61 (8-bit) characters

CERT_RDN_T61_STRING An arbitrary string of T.61 (8-bit) characters

CERT_RDN_VIDEOTEX_STRING An arbitrary string of VIDEOTEX characters

CERT_RDN_IA5_STRING An arbitrary string of IA5 (ASCII) characters

CERT_RDN_VISIBLE_STRING A 95-character set (8-bit)

CERT_RDN_ISO646_STRING A 128-character set (8-bit)

CERT_RDN_UNIVERSAL_STRING An array of INT4s (32-bit)

CERT_RDN_INT4_STRING An array of INT4s (32-bit)

CERT_RDN_BMP_STRING An array of Unicode characters (16-bit)

CERT_RDN_UNICODE_STRING An array of Unicode characters (16-bit)

dwValueType	Value/ description
CERT_RDN_OCTET_STRING	An arbitrary string of octets (8-bit)
CERT_RDN_NUMERIC_STRING	Only the characters 0 through 9, and the space character (8-bit)
CERT_RDN_PRINTABLE_STRING	An arbitrary string of printable characters (8-bit)
CERT_RDN_TELETEX_STRING	An arbitrary string of T.61 (8-bit) characters
CERT_RDN_T61_STRING	An arbitrary string of T.61 (8-bit) characters
CERT_RDN_VIDEOTEX_STRING	An arbitrary string of VIDEOTEX characters
CERT_RDN_IA5_STRING	An arbitrary string of IA5 (ASCII) characters
CERT_RDN_VISIBLE_STRING	A 95-character set (8-bit)
CERT_RDN_ISO646_STRING	A 128-character set (8-bit)
CERT_RDN_UNIVERSAL_STRING	An array of INT4s (32-bit)
CERT_RDN_INT4_STRING	An array of INT4s (32-bit)
CERT_RDN_BMP_STRING	An array of Unicode characters (16-bit)
CERT_RDN_UNICODE_STRING	An array of Unicode characters (16-bit)

The following flags can be combined with a bitwise OR operation into CERT_RDN_ATTR data structure's dwValueType.

dwValueType	Value/ description
CERT_RDN_ENABLE_T61_ UNICODE_FLAG	For encoding. When set, if all the UNICODE characters are <= 0xFF, the CERT_RDN_T61_STRING is selected instead of the CERT_ RDN_UNICODE_STRING.
CERT_RDN_DISABLE_CHECK_ TYPE_FLAG	For encoding. When set, the characters are not checked to see if they are valid for the Value Type.
CERT_RDN_DISABLE_IE4_ UTF8_FLAG	For decoding. By default, CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as 8 bit characters. If this flag is set, it skips the initial attempt to decode as UTF8 and decodes the value as 8 bit characters.

Value: Either a null-terminated array of 8-bit or 16-bit characters, an array of INT4s, or an encoded representation.

CERT_RDN_ATTR

Members

See Also