通过OpenSSL获取证书扩展属性之四:“CRL 分发点”和"颁发机构信息访问"

        上篇文章讲述了如何使用OpenSSL获取证书的“颁发机构密钥标识”和"使用者密钥标识"扩展属性:通过OpenSSL获取证书扩展属性之三:“颁发机构密钥标识”和"使用者密钥标识"

        今天继续讲述如何获取“CRL 分发点”和"颁发机构信息访问"这两个扩展属性。这两个扩展属性在证书中如下图所示:


        通过OpenSSL获取这两个扩展属性,具体步骤如下:
1、调用X509_get_ext_d2i()获取对应的扩展属性对象;
2、解析对象结构体,得到具体的用法类型。其中:
CRL 分发点”使用结构体DIST_POINT_st表示,其具体定义如下:

struct DIST_POINT_st {
DIST_POINT_NAME	*distpoint;
ASN1_BIT_STRING *reasons;
GENERAL_NAMES *CRLissuer;
int dp_reasons;
};
"颁发机构信息访问"使用结构体ACCESS_DESCRIPTION表示,其具体定义如下:

typedef struct ACCESS_DESCRIPTION_st {
	ASN1_OBJECT *method;
	GENERAL_NAME *location;
} ACCESS_DESCRIPTION;
3、解析结构体中的值,得到具体含义
       基于以上过程,下面给出获取“CRL 分发点”和“颁发机构信息访问”两个扩展属性的完整代码。“CRL 分发点”扩展属性的获取代码如下:

ULONG COpenSSLCertificate::_GetExtCRLDistPoints(X509 *pX509Cert, LPSTR lpscProperty, ULONG* pulLen)
{
	int i = 0;
	int crit = 0;
	char value[512] = {0};
	CRL_DIST_POINTS *crlpoints = NULL;

	if (!m_pX509)
	{
		return CERT_ERR_INVILIDCALL;
	}
	if (!pulLen)
	{
		return CERT_ERR_INVALIDPARAM;
	}

	crlpoints = (CRL_DIST_POINTS*)X509_get_ext_d2i(m_pX509, NID_crl_distribution_points, &crit, NULL);
	if (!crlpoints)
	{
		return CERT_ERR_ATTR_NOTEXIST;
	}

	for (i = 0; i < sk_DIST_POINT_num(crlpoints); i++)
	{
		int j, gtype;
		GENERAL_NAMES *gens;
		GENERAL_NAME *gen;
		ASN1_STRING *uri;
		DIST_POINT *dp = sk_DIST_POINT_value(crlpoints, i);		
		if (!dp->distpoint || dp->distpoint->type != 0)
			continue;
		
		gens = dp->distpoint->name.fullname;
		for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) 
		{
			gen = sk_GENERAL_NAME_value(gens, j);
			uri = (ASN1_STRING*)GENERAL_NAME_get0_value(gen, >ype);
			if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) 
			{
				char *uptr = (char *)ASN1_STRING_data(uri);
				if (strlen(value) > 0)
				{
					strcat_s(value, 512, " | ");
				}
				strcat_s(value, 512, uptr);
			}
		}
	}
	CRL_DIST_POINTS_free(crlpoints);
	
	if (!lpscProperty)
	{
		*pulLen = strlen(value) + 1;
	}
	if (*pulLen < (strlen(value) + 1))
	{
		return CERT_ERR_BUFFER_TOO_SMALL;
	}
	strcpy_s(lpscProperty, *pulLen, value);

	return CERT_ERR_OK;
}

颁发机构信息访问”的获取代码如下:

ULONG COpenSSLCertificate::_GetExtAuthorityInfoAccess(X509 *pX509Cert, LPSTR lpscProperty, ULONG* pulLen)
{
	int i = 0;
	int crit = 0;
	char value[512] = {0};
	AUTHORITY_INFO_ACCESS *accinfo = NULL;

	if (!m_pX509)
	{
		return CERT_ERR_INVILIDCALL;
	}
	if (!pulLen)
	{
		return CERT_ERR_INVALIDPARAM;
	}

	accinfo = (AUTHORITY_INFO_ACCESS*)X509_get_ext_d2i(m_pX509, NID_info_access, &crit, NULL);
	if (!accinfo)
	{
		return CERT_ERR_ATTR_NOTEXIST;
	}	
	
    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(accinfo); i++) 
	{
        ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(accinfo, i);
        if (ad && ad->location && ad->location->type == GEN_URI) 
		{
			char temp[256] = {0};
			char method[32] = {0};

			char *uptr = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
			if (strlen(value) > 0)
			{
				strcat_s(value, 512, " | ");
			}
			OBJ_obj2txt(method, 32, ad->method, 1);
			sprintf_s(temp, 256, "Access Method=证书颁发机构颁发者 (%s), \r\n", method);
			strcat_s(value, 512, temp);
			strcat_s(value, 512, uptr);
		}
    }
    AUTHORITY_INFO_ACCESS_free(accinfo);
	
	if (!lpscProperty)
	{
		*pulLen = strlen(value) + 1;
	}
	if (*pulLen < (strlen(value) + 1))
	{
		return CERT_ERR_BUFFER_TOO_SMALL;
	}
	strcpy_s(lpscProperty, *pulLen, value);

	return CERT_ERR_OK;
}
发布了49 篇原创文章 · 获赞 18 · 访问量 27万+
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览