IPolicyQualifier interface (certenroll.h)

The IPolicyQualifier interface represents a qualifier that can be associated with a certificate policy. The following syntax shows the Abstract Syntax Notation One (ASN.1) structures that define certificate policies and their associated qualifiers. The value is encoded by using Distinguished Encoding Rules (DER) and included in the certificate request with the policy object it qualifies.


----------------------------------------------------------------------
-- CertificatePolicies
-- XCN_OID_CERT_POLICIES (2.5.29.32)
----------------------------------------------------------------------

CertificatePolicies ::= SEQUENCE OF PolicyInformation

PolicyInformation ::= SEQUENCE 
{
   policyIdentifier    EncodedObjectID,
   policyQualifiers    PolicyQualifiers OPTIONAL
}

PolicyQualifiers ::=  SEQUENCE OF PolicyQualifierInfo

PolicyQualifierInfo ::= SEQUENCE 
{
   policyQualifierId   EncodedObjectID,
   qualifier           NOCOPYANY OPTIONAL
}

----------------------------------------------------------------------
-- UserNotice
-- XCN_OID_PKIX_POLICY_QUALIFIER_USERNOTICE (1.3.6.1.5.5.7.2.2)
----------------------------------------------------------------------

UserNotice ::= SEQUENCE 
{
   noticeRef,      -- Not supported
   explicitText    -- Not supported
}

----------------------------------------------------------------------
-- Certification Practice Statement (CPS) qualifier
-- XCN_OID_PKIX_POLICY_QUALIFIER_CPS (1.3.6.1.5.5.7.2.1)
----------------------------------------------------------------------

CpsURLs ::= SEQUENCE OF SEQUENCE 
{
   url                 IA5String,
   digestAlgorithmId,  -- Not supported
   digest              -- Not supported
}


Policy qualifiers can be used when an object identifier (OID) is considered insufficient to fully identify a policy. Qualifiers are defined by using the IPolicyQualifier interface and can be associated with a policy by adding qualifiers to the IPolicyQualifiers collection retrieved from an ICertificatePolicy object. A Windows certification authority supports the following qualifiers.

Value Description
XCN_OID_PKIX_POLICY_QUALIFIER_USERNOTICE(1.3.6.1.5.5.7.2.2) Contains a notice to be displayed to any user who relies on the certificate.
XCN_OID_PKIX_POLICY_QUALIFIER_CPS(1.3.6.1.5.5.7.2.1) Identifies a pointer to a URI that contains the Certification Practice Statement (CPS) defined by the certification authority.
 

Unless one user notice in the chain duplicates another, all notices in the certificate path should be displayed to the relying party. To minimize duplication, this qualifier should be present only in the end entity certificate and certification authority certificates issued to other organizations. The user notice has two optional fields, noticeRef and explicitText, that are not supported. Policies and policy qualifiers are used in IX509ExtensionCertificatePolicies objects.

Inheritance

The IPolicyQualifier interface inherits from the IDispatch interface. IPolicyQualifier also has these types of members:

Methods

The IPolicyQualifier interface has these methods.

 
IPolicyQualifier::get_ObjectId

Retrieves the object identifier (OID) for the qualifier.
IPolicyQualifier::get_Qualifier

Retrieves a string that contains the qualifier used to initialize the object.
IPolicyQualifier::get_RawData

Retrieves the Distinguished Encoding Rules (DER) encoded qualifier object.
IPolicyQualifier::get_Type

Retrieves the qualifier type.
IPolicyQualifier::InitializeEncode

Initializes the object from a string and a value that identifies the qualifier type.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

CertEnroll Interfaces

IDispatch

IPolicyQualifier

IX509ExtensionCertificatePolicies