184.108.40.206.3.2.16 PropID = 0x00000010 (CR_PROP_CAXCHGCERTCHAIN) "CA Exchange Certificate Chain"
If PropIndex parameter is not equal to 0x0 or 0xFFFFFFFF, return the E_INVALIDARG (0x80070057) error to the client.
Validate that the Current_CA_Exchange_Cert datum contains a current, valid CA exchange certificate by executing steps 2 and 3 in section 220.127.116.11.3.2.15.
Construct a signed CMS message with the following fields:
ContentType: szOID_RSA_signedData (1.2.840.113518.104.22.168, id-signedData).
Content: SignedData (as specified in [RFC3852], section 5.1) with the following requirements:
version: See section [RFC3852], section 5.1.
digestAlgorithms: Same digest algorithm as was used to sign current CA's certificate stored in Signing_Cert_Certificate datum.
encapContentInfo: EncapsulatedContentInfo structure (as specified in [RFC3852], section 5.2) with the eContentType set to the OID szOID_PKCS_7_DATA (1.2.840.113522.214.171.124, id-data) and the eContent field set to the CA's exchange certificate from the Current_CA_Exchange_Cert datum.
certificates: Contains CA's certificate stored in the Signing_Cert_Certificate datum and its parent certificates excluding the root certificate. To obtain parent certificates, the CA SHOULD use Authority Information Access (AIA) extension of its certificate and its parent certificates. The AIA extension is specified in [RFC3280] section 126.96.36.199.
crls: Not used.
signerInfos: Not used.
Return the CMS message through a CERTTRANSBLOB structure (as specified in section 188.8.131.52). Marshaling rules for the CERTTRANSBLOB structure are specified in section 184.108.40.206.