CERT_RDN_ATTR

The CERT_RDN_ATTR structure are attributes that make up a Relative Distinguished Name (RDN). The interpretation of the data member Value depends on the dwValueType.

typedef struct _CERT_RDN_ATTR {
    LPSTR                  pszObjId;
    DWORD                  dwValueType;
    CERT_RDN_VALUE_BLOB    Value;
} CERT_RDN_ATTR,          *PCERT_RDN_ATTR;
 

Members

pszObjId
Currently defined CERT_RDN attribute object identifiers are shown in the following table.
CERT_RDN attribute object identifier Value Comments
// Labeling attribute types:
szOID_COMMON_NAME "2.5.4.3" case-ignore string
szOID_SUR_NAME "2.5.4.4" case-ignore string
szOID_DEVICE_SERIAL_NUMBER "2.5.4.5" printable string
// Geographic attribute types:
szOID_COUNTRY_NAME "2.5.4.6" printable 2char string
szOID_LOCALITY_NAME "2.5.4.7" case-ignore string
szOID_STATE_OR_PROVINCE_NAME "2.5.4.8" case-ignore string
szOID_STREET_ADDRESS "2.5.4.9" case-ignore string
// Organizational attribute types:
szOID_ORGANIZATION_NAME "2.5.4.10" case-ignore string
szOID_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" case-ignore string
szOID_TITLE "2.5.4.12" case-ignore string
// Explanatory attribute types:
szOID_DESCRIPTION "2.5.4.13" case-ignore string
szOID_SEARCH_GUIDE "2.5.4.14"
szOID_BUSINESS_CATEGORY "2.5.4.15" case-ignore string
// Postal addressing attribute types:
szOID_POSTAL_ADDRESS "2.5.4.16"
szOID_POSTAL_CODE "2.5.4.17" case-ignore string
szOID_POST_OFFICE_BOX "2.5.4.18" case-ignore string
szOID_PHYSICAL_DELIVERY_OFFICE_NAME "2.5.4.19" case-ignore string
// Telecommunications addressing attribute types:
szOID_TELEPHONE_NUMBER "2.5.4.20" telephone number
szOID_TELEX_NUMBER "2.5.4.21"
szOID_TELETEXT_TERMINAL_IDENTIFIER "2.5.4.22"
szOID_FACSIMILE_TELEPHONE_NUMBER "2.5.4.23"
szOID_X21_ADDRESS "2.5.4.24" numeric string
szOID_INTERNATIONAL_ISDN_NUMBER "2.5.4.25" numeric string
szOID_REGISTERED_ADDRESS "2.5.4.26"
szOID_DESTINATION_INDICATOR "2.5.4.27" printable string
// Preference attribute types:
szOID_PREFERRED_DELIVERY_METHOD "2.5.4.28"
// OSI application attribute types:
szOID_PRESENTATION_ADDRESS "2.5.4.29"
szOID_SUPPORTED_APPLICATION_CONTEXT "2.5.4.30"
// Relational application attribute types:
szOID_MEMBER "2.5.4.31"
szOID_OWNER "2.5.4.32"
szOID_ROLE_OCCUPANT "2.5.4.33"
szOID_SEE_ALSO "2.5.4.34"
// Security attribute types:
szOID_USER_PASSWORD "2.5.4.35"
szOID_USER_CERTIFICATE "2.5.4.36"
szOID_CA_CERTIFICATE "2.5.4.37"
szOID_AUTHORITY_REVOCATION_LIST "2.5.4.38"
szOID_CERTIFICATE_REVOCATION_LIST "2.5.4.39"
szOID_CROSS_CERTIFICATE_PAIR "2.5.4.40"
// Name attribute types:
szOID_GIVEN_NAME "2.5.4.42" case-ignore string
szOID_INITIALS "2.5.4.43" case-ignore string
// Email:
szOID_RSA_emailAddr "1.2.840.
113549.1.
9.1"
IA5 string
szOID_DOMAIN_COMPONENT "0.9.2342.
19200300.
100.1.25"
IA5 string
//Pilot user attribute types:
szOID_DOMAIN_COMPONENT "0.9.2342.
19200300.
100.1.25"
IA5 string
//Used for PKCS 12 attributes
szOID_PKCS_12_FRIENDLY_NAME_ATTR "1.2.840.
113549.1.
9.20"
szOID_PKCS_12_LOCAL_KEY_ID "1.2.840.
113549.1.
9.21"

dwValueType
For CERT_RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded representation. Otherwise, it's an array of bytes.

For all CERT_RDN types, Value.cbData is always the number of bytes, not necessarily the number of elements in the string. For instance, CERT_RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and CERT_RDN_BMP_STRING is an array of unsigned
shorts (cbData == ushortCnt * 2).

The following dwValueTypes are defined in Wincrypt.h:

#define CERT_RDN_ANY_TYPE                    0
#define CERT_RDN_ENCODED_BLOB                1
#define CERT_RDN_OCTET_STRING                2
#define CERT_RDN_NUMERIC_STRING              3
#define CERT_RDN_PRINTABLE_STRING            4
#define CERT_RDN_TELETEX_STRING              5
#define CERT_RDN_T61_STRING                  5
#define CERT_RDN_VIDEOTEX_STRING             6
#define CERT_RDN_IA5_STRING                  7
#define CERT_RDN_GRAPHIC_STRING              8
#define CERT_RDN_VISIBLE_STRING              9
#define CERT_RDN_ISO646_STRING               9
#define CERT_RDN_GENERAL_STRING              10
#define CERT_RDN_UNIVERSAL_STRING            11
#define CERT_RDN_INT4_STRING                 11
#define CERT_RDN_BMP_STRING                  12
#define CERT_RDN_UNICODE_STRING              12

#define CERT_RDN_TYPE_MASK                  0x000000FF
#define CERT_RDN_FLAGS_MASK .........       0xff000000
#define CERT_RDN_ENABLE_T61_UNICODE_FLAG    0x80000000
#define CERT_RDN_DISABLE_CHECK_TYPE_FLAG    0x40000000
#define CERT_RDN_DISABLE_IE4_UTF8_FLAG      0x01000000
 

The following table describes the type of content that corresponds to various dwValueTypes.
dwValueType Value/ description
CERT_RDN_OCTET_STRING An arbitrary string of octets (8-bit)
CERT_RDN_NUMERIC_STRING Only the characters 0 through 9, and the space character (8-bit)
CERT_RDN_PRINTABLE_STRING An arbitrary string of printable characters (8-bit)
CERT_RDN_TELETEX_STRING An arbitrary string of T.61 (8-bit) characters
CERT_RDN_T61_STRING An arbitrary string of T.61 (8-bit) characters
CERT_RDN_VIDEOTEX_STRING An arbitrary string of VIDEOTEX characters
CERT_RDN_IA5_STRING An arbitrary string of IA5 (ASCII) characters
CERT_RDN_VISIBLE_STRING A 95-character set (8-bit)
CERT_RDN_ISO646_STRING A 128-character set (8-bit)
CERT_RDN_UNIVERSAL_STRING An array of INT4s (32-bit)
CERT_RDN_INT4_STRING An array of INT4s (32-bit)
CERT_RDN_BMP_STRING An array of Unicode characters (16-bit)
CERT_RDN_UNICODE_STRING An array of Unicode characters (16-bit)

The following flags can be combined with a bitwise OR operation into CERT_RDN_ATTR data structure's dwValueType.

dwValueType Value/ description
CERT_RDN_ENABLE_T61_
UNICODE_FLAG
For encoding. When set, if all the UNICODE characters are <= 0xFF, the CERT_RDN_T61_STRING is selected instead of the CERT_
RDN_UNICODE_STRING.
CERT_RDN_DISABLE_CHECK_
TYPE_FLAG
For encoding. When set, the characters are not checked to see if they are valid for the Value Type.
CERT_RDN_DISABLE_IE4_
UTF8_FLAG
For decoding. By default, CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as 8 bit characters. If this flag is set, it skips the initial attempt to decode as UTF8 and decodes the value as 8 bit characters.

Value
Either a null-terminated array of 8-bit or 16-bit characters, an array of INT4s, or an encoded representation.

See Also

BLOB Structure, CERT_RDN, CertIsRDNAttrsInCertificateName