boise bjgxjob@163.com
以前都是先安装数字证书,然后通过类似下面的步骤获取证书信息:
Opening a system store using CertOpenSystemStore.
Using CertEnumCertificatesInStore to list all of the certificates in the open store.
Retrieving and printing the subject name from the certificate using CertGetNameString.
微软的CryptoAPI中有直接从数字证书文件中读取证书信息的函数吗?
(也就是说不需要先安装证书,然后再从证书库中获取证书再获取其属性)
1.对于一个证书文件,首先要解码,调用函数CertCreateCertificateContext()
2.CertCreateCertificateContext()创建一个CERT_CONTEXT类型的结构和一个CERT_INFO类型的结构
其中CERT_CONTEXT是上下文,CONTEXT里面有个指向CERT_INFO的指针,而CERT_INFO结构中保存了证书的信息。
3.WINCRYPT.H相关的定义:
typedef struct _CERT_CONTEXT {
DWORD dwCertEncodingType;
BYTE* *pbCertEncoded;
DWORD cbCertEncoded;
PCERT_INFO pCertInfo;
HCERTSTORE hCertStore;
} CERT_CONTEXT, *PCERT_CONTEXT;
typedef const CERT_CONTEXT *PCCERT_CONTEXT;
typedef struct _CERT_INFO {
DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME NotBefore;
FILETIME NotAfter;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO;
所以我的理解是先定义BYTE* buf,把证书文件读进buf
然后定义PCCERT_CONTEXT pCertContext = NULL;
pCertContext = CertCreateCertificateContext(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
buf ,
sizeof(buf));
这样就得到了一个CertContext的指针,然后得到CERTINFO的指针.
boise