The CERT_RDN_ATTR structure contains a single attribute of a relative distinguished name (RDN). A whole RDN is expressed in a CERT_RDN structure that contains an array of CERT_RDN_ATTR structures.
Syntax
typedef struct _CERT_RDN_ATTR {
LPSTR pszObjId;
DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value;
} CERT_RDN_ATTR, *PCERT_RDN_ATTR;
Members
pszObjId
Object identifier (OID) for the type of the attribute defined in this structure. This member can be one of the following OIDs.
| Value |
Meaning |
- szOID_AUTHORITY_REVOCATION_LIST
|
Security attribute.
|
- szOID_BUSINESS_CATEGORY
|
Case-insensitive string.
Explanatory attribute.
|
- szOID_CA_CERTIFICATE
|
Security attribute.
|
- szOID_CERTIFICATE_REVOCATION_LIST
|
Security attribute.
|
- szOID_COMMON_NAME
|
Case-insensitive string.
Labeling attribute.
|
- szOID_COUNTRY_NAME
|
Two-character printable string.
Geographic attribute.
|
- szOID_CROSS_CERTIFICATE_PAIR
|
Security attribute.
|
- szOID_DESCRIPTION
|
Case-insensitive string. Explanatory attribute.
|
- szOID_DESTINATION_INDICATOR
|
Printable string.
Telecommunications addressing attribute.
|
- szOID_DEVICE_SERIAL_NUMBER
|
Printable string.
Labeling attribute.
|
- szOID_DOMAIN_COMPONENT
|
IA5 string. DNS name component such as "com."
|
- szOID_FACSIMILE_TELEPHONE_NUMBER
|
Telecommunications addressing attribute.
|
- szOID_GIVEN_NAME
|
Case-insensitive string.
Name attribute.
|
- szOID_INITIALS
|
Case-insensitive string. Name attribute.
|
- szOID_INTERNATIONAL_ISDN_NUMBER
|
Numeric string.
Telecommunications addressing attribute.
|
- szOID_LOCALITY_NAME
|
Case-insensitive string.
Geographic attribute.
|
- szOID_MEMBER
|
Relational application attribute.
|
- szOID_ORGANIZATION_NAME
|
Case-insensitive string.
Organizational attribute.
|
- szOID_ORGANIZATIONAL_UNIT_NAME
|
Case-insensitive string.
Organizational attribute.
|
- szOID_OWNER
|
Relational application attribute.
|
- szOID_PHYSICAL_DELIVERY_OFFICE_NAME
|
Case-insensitive string.
Postal addressing attribute.
|
- szOID_PKCS_12_FRIENDLY_NAME_ATTR
|
PKCS #12 attribute.
|
- szOID_PKCS_12_LOCAL_KEY_ID
|
PKCS #12 attribute.
|
- szOID_POST_OFFICE_BOX
|
Case-insensitive string.
Postal addressing attribute.
|
- szOID_POSTAL_ADDRESS
|
Printable string.
Postal addressing attribute.
|
- szOID_POSTAL_CODE
|
Case-insensitive string.
Postal addressing attribute.
|
- szOID_PREFERRED_DELIVERY_METHOD
|
Preference attribute.
|
- szOID_PRESENTATION_ADDRESS
|
OSI application attribute.
|
- szOID_REGISTERED_ADDRESS
|
Telecommunications addressing attribute.
|
- szOID_ROLE_OCCUPANT
|
Relational application attribute.
|
- szOID_RSA_emailAddr
|
IA5 string.
Email attribute.
|
- szOID_SEARCH_GUIDE
|
Explanatory attribute.
|
- szOID_SEE_ALSO
|
Relational application attribute.
|
- szOID_STATE_OR_PROVINCE_NAME
|
Case-insensitive string.
Geographic attribute.
|
- szOID_STREET_ADDRESS
|
Case-insensitive string.
Geographic attribute.
|
- szOID_SUPPORTED_APPLICATION_CONTEXT
|
OSI application attribute.
|
- szOID_SUR_NAME
|
Case-insensitive string.
Labeling attribute.
|
- szOID_TELEPHONE_NUMBER
|
Telecommunications addressing attribute.
|
- szOID_TELETEXT_TERMINAL_IDENTIFIER
|
Telecommunications addressing attribute.
|
- szOID_TELEX_NUMBER
|
Telecommunications addressing attribute.
|
- szOID_TITLE
|
Case-insensitive string.
Organizational attribute.
|
- szOID_USER_CERTIFICATE
|
Security attribute.
|
- szOID_USER_PASSWORD
|
Security attribute.
|
- szOID_X21_ADDRESS
|
Numeric string.
Telecommunications addressing attribute.
|
dwValueType
Indicates the interpretation of the Value member.
This member can be one of the following values.
| Value |
Meaning |
- CERT_RDN_ANY_TYPE
|
The pszObjId member determines the assumed type and length.
|
- CERT_RDN_BMP_STRING
|
An array of Unicode characters (16-bit).
|
- CERT_RDN_ENCODED_BLOB
|
An encoded data BLOB.
|
- CERT_RDN_GENERAL_STRING
|
Currently not used.
|
- CERT_RDN_GRAPHIC_STRING
|
Currently not used.
|
- CERT_RDN_IA5_STRING
|
An arbitrary string of IA5 (ASCII) characters.
|
- CERT_RDN_INT4_STRING
|
An array of INT4 elements (32-bit).
|
- CERT_RDN_ISO646_STRING
|
A 128-character set (8-bit).
|
- CERT_RDN_NUMERIC_STRING
|
Only the characters 0 through 9 and the space character (8-bit).
|
- CERT_RDN_OCTET_STRING
|
An arbitrary string of octets (8-bit).
|
- CERT_RDN_PRINTABLE_STRING
|
An arbitrary string of printable characters (8-bit).
|
- CERT_RDN_T61_STRING
|
An arbitrary string of T.61 characters (8-bit).
|
- CERT_RDN_TELETEX_STRING
|
An arbitrary string of T.61 characters (8-bit)
|
- CERT_RDN_UNICODE_STRING
|
An array of Unicode characters (16-bit).
|
- CERT_RDN_UNIVERSAL_STRING
|
An array of INT4 elements (32-bit).
|
- CERT_RDN_UTF8_STRING
|
An array of 16 bit Unicode characters UTF8 encoded on the wire as a sequence of one, two, or three, eight-bit characters.
|
- CERT_RDN_VIDEOTEX_STRING
|
An arbitrary string of videotext characters.
|
- CERT_RDN_VISIBLE_STRING
|
A 95-character set (8-bit).
|
The following flags can be combined by using a bitwise-OR operation into the dwValueType member.
| Value |
Meaning |
- CERT_RDN_DISABLE_CHECK_TYPE_FLAG
|
For encoding. When set, the characters are not checked to determine whether they are valid for the value type.
|
- CERT_RDN_DISABLE_IE4_UTF8_FLAG
|
For decoding. By default, CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, the value is decoded as 8-bit characters. If this flag is set, it skips the initial attempt to decode as UTF8 and decodes the value as 8-bit characters.
|
- CERT_RDN_ENABLE_T61_UNICODE_FLAG
|
For encoding. When set, if all the Unicode characters are <= 0xFF, the CERT_RDN_T61_STRING value is selected instead of the CERT_RDN_UNICODE_STRING value.
|
- CERT_RDN_ENABLE_UTF8_UNICODE_FLAG
|
For encoding. When set, strings are encoded with the CERT_RDN_UTF8_STRING value instead of
the CERT_RDN_UNICODE_STRING value.
|
- CERT_RDN_FORCE_UTF8_UNICODE_FLAG
|
For encoding. When set, strings are encoded with the CERT_RDN_UTF8_STRING value instead of CERT_RDN_PRINTABLE_STRING value for DirectoryString types. In addition, CERT_RDN_ENABLE_UTF8_UNICODE_FLAG is enabled.
Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported.
|
- CERT_RDN_ENABLE_PUNYCODE_FLAG
|
For encoding. If the string contains an email RDN, and the email address is Punycode encoded, then the resultant email address is encoded as an IA5String. The Punycode encoding of the host name is performed on
a label-by-label basis.
For decoding. If the name contains an email RDN, and the local part or host name
portion of the email address contains a Punycode encoded IA5String,
the RDN string value is converted to its Unicode equivalent.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This flag is not supported.
|
Value
A CERT_RDN_VALUE_BLOB that contains the attribute value. The cbData member of Value is the length, in bytes, of the pbData member. It is not the number of elements in the pbData string.
For example, a DWORD is 32 bits or 4 bytes long. If pbData is a DWORD array, cbData would be four times the number of DWORD elements in the array. A SHORT is 16 bits or 2 bytes long. If pbData is an array of SHORT elements, cbData must be two times the length of the array.
The pbData member of Value can be a null-terminated array of 8-bit or 16-bit characters or a fixed-length array of elements. If dwValueType is set to CERT_RDN_ENCODED_BLOB, pbData is encoded.
Requirements
| Requirement |
Value |
| Minimum supported client |
Windows XP [desktop apps only] |
| Minimum supported server |
Windows Server 2003 [desktop apps only] |
| Header |
wincrypt.h |
See also
CERT_RDN
CRYPT_INTEGER_BLOB
CertIsRDNAttrsInCertificateName