73 lines
2.6 KiB
Plaintext
73 lines
2.6 KiB
Plaintext
The source code in this directory can be used to build a sample Policy Module
|
|
for Microsoft Certificate Services. It is meant to run on Windows 2000 or
|
|
later. Certificate Services must already be installed.
|
|
|
|
This policy module should mimic the Standalone policy module that ships with
|
|
the Windows 2000 Certificate Services.
|
|
|
|
Certificate Services calls the Policy Module through the ICertPolicy
|
|
interface, and the Policy Module can call back to Certificate Services
|
|
through the ICertServerPolicy interface.
|
|
|
|
Each time Certificate Services receives a certificate request, it passes
|
|
control to the ICertPolicy::VerifyRequest method in policy.cpp. The passed
|
|
Context parameter is used with the ICertServerPolicy interface to retrieve
|
|
properties from the request and potential certificate. The VerifyRequest
|
|
method may add, modify or enable Certificate Extensions, modify the NotBefore
|
|
and NotAfter dates and Subject name RDN (Relative Distinguished Name) strings
|
|
for the potential certificate. It must also perform any validation required,
|
|
and decide the disposition of the request. The method should return one of
|
|
VR_PENDING, VR_INSTANT_OK or VR_INSTANT_BAD to cause the request to be made
|
|
pending, to grant the request and issue the certificate, or to fail the
|
|
request.
|
|
|
|
Once the certpsam.dll DLL is built, its COM interface must be registered
|
|
via the following command:
|
|
regsvr32 certpsam.dll
|
|
|
|
Once registered, the Certification Authority management console snapin can
|
|
be used to make this the active policy module.
|
|
|
|
If you wish to see the debug print output from the sample Policy Module,
|
|
attach a debugger to the running service process, or stop the Certificate
|
|
Services service, then start Certificate Services as a console application
|
|
via the following command:
|
|
certsrv -z
|
|
|
|
Files:
|
|
------
|
|
atl.cpp -- ActiveX Template Library COM support code
|
|
|
|
cedebug.cpp -- Implements debug print routine
|
|
|
|
ceerror.cpp -- Implements error handling routines
|
|
|
|
ceformat.cpp -- Implements formatting routine
|
|
|
|
celib.cpp -- Implements support routines
|
|
|
|
certpsam.cpp -- Implements COM and initialization entry points:
|
|
DllMain
|
|
DllCanUnloadNow
|
|
DllGetClassObject
|
|
DllRegisterServer
|
|
DllUnregisterServer
|
|
|
|
certpsam.def -- Exports COM entry points
|
|
|
|
certpsam.idl -- Interface Definitions
|
|
|
|
certpsam.rc -- Version Resource
|
|
|
|
module.cpp -- Implements ICertManageModule
|
|
|
|
module.h -- Implements ICertManageModule
|
|
|
|
pch.cpp -- Precompiled Header file
|
|
|
|
policy.cpp -- Implements ICertPolicy
|
|
|
|
policy.h -- Implements ICertPolicy
|
|
|
|
resource.h -- Resource ID definitions
|