| Platform SDK: Certificate Enrollment Control |
The following C++ sample program shows how the Certificate Enrollment Control can be used with the ICertRequest object to create and submit a certificate request.
// Example code for Certificate Enrollment Control
// used with ICertRequest in C++
//
#include <stdio.h>
#include <certsrv.h> // for ICertRequest object
#include <xenroll.h>
HRESULT __cdecl main()
{
// pointer to interface objects
ICEnroll2 * pEnroll = NULL;
ICertRequest * pRequest = NULL;
// BSTR variables
BSTR bstrDN = NULL;
BSTR bstrOID = NULL;
BSTR bstrCertAuth = NULL;
BSTR bstrReq = NULL;
BSTR bstrAttrib = NULL;
// Request disposition variable
long nDisp;
// variable for return value
HRESULT hr;
// initialize COM
hr = CoInitializeEx( NULL, COINIT_APARTMENTTHREADED );
// check status
if ( FAILED( hr ) )
{
printf("Failed CoInitializeEx - [%x]\n", hr);
goto error;
}
// Create an instance of the Certificate Enrollment object.
hr = CoCreateInstance( CLSID_CEnroll,
NULL,
CLSCTX_INPROC_SERVER,
IID_ICEnroll2,
(void **)&pEnroll);
// check status
if ( FAILED( hr ) )
{
printf("Failed CoCreateInstance - pEnroll [%x]\n", hr);
goto error;
}
// Create an instance of the Certificate Request object.
hr = CoCreateInstance( CLSID_CCertRequest,
NULL,
CLSCTX_INPROC_SERVER,
IID_ICertRequest,
(void **)&pRequest);
// check status
if ( FAILED( hr ) )
{
printf("Failed CoCreateInstance - pRequest [%x]\n", hr);
goto error;
}
// Create the data for the request.
// A user interface or database retrieval could
// be used instead of this sample's hardcoded text.
bstrDN = SysAllocString(L"CN=UserName" // Common Name
L",OU=UserUnit" // Org Unit
L",O=UserOrg" // Org
L",L=UserCity" // Locality
L",S=WA" // State
L",C=US"); // Country/Region
// Allocate the BSTR representing the certification authority.
// Note the use of '\\' to produce a single '\' in C++.
bstrCertAuth = SysAllocString(L"Server\\CertAuth");
// Allocate the BSTR for the certificate usage.
bstrOID = SysAllocString(L"1.3.6.1.4.1.311.2.1.21");
// Allocate the BSTR for the attributes.
// In this case, no attribute is specified.
bstrAttrib = SysAllocString(L"");
// Create the PKCS #10.
hr = pEnroll->createPKCS10( bstrDN, bstrOID, &bstrReq );
// check status
if ( FAILED( hr ) )
{
printf("Failed createPKCS10 - [%x]\n", hr);
goto error;
}
// Submit the certificate request.
hr = pRequest->Submit( CR_IN_BASE64 | CR_IN_PKCS10,
bstrReq,
bstrAttrib,
bstrCertAuth,
&nDisp );
// check status
if ( FAILED( hr ) )
{
printf("Failed Request Submit - [%x]\n", hr);
goto error;
}
else
printf("Request submitted; disposition = %d\n", nDisp );
error:
// done processing
// clean up object resources
if ( NULL != pEnroll )
pEnroll->Release();
if ( NULL != pRequest )
pRequest->Release();
// free BSTR variables
if ( NULL != bstrDN )
SysFreeString ( bstrDN );
if ( NULL != bstrOID )
SysFreeString ( bstrOID );
if ( NULL != bstrCertAuth )
SysFreeString ( bstrCertAuth );
if ( NULL != bstrReq )
SysFreeString ( bstrReq );
if ( NULL != bstrAttrib )
SysFreeString ( bstrAttrib );
// free COM resources
CoUninitialize();
return hr;
}