从 ISAPI 请求中检索客户端证书链

发布于 2025-01-04 03:22:00 字数 457 浏览 0 评论 0原文

我想从 ISAPI 中的请求检索整个客户端证书链。

我已经通过调用以下代码成功获取了客户端证书链中的第一个证书：

LPEXTENSION_CONTROL_BLOCK ecb_;

...

CERT_CONTEXT_EX cce;
memset(&cce, 0, sizeof(CERT_CONTEXT_EX));
char certbuf[64*1024];
cce.cbAllocated = sizeof(certbuf);
cce.CertContext.pbCertEncoded = (BYTE *) &certbuf;
ecb_->ServerSupportFunction(ecb_->ConnID, HSE_REQ_GET_CERT_INFO_EX, &cce, 0, 0)

但是，我没有找到如何从此 CERT_CONTEXT_EX 结构中检索证书链的其余部分。

原文

I would like to retrieve the entire client certificate chain from a request in ISAPI.

I already succeeded to get the first certificate in the client's certificate chain by invoking the code below:

LPEXTENSION_CONTROL_BLOCK ecb_;

...

CERT_CONTEXT_EX cce;
memset(&cce, 0, sizeof(CERT_CONTEXT_EX));
char certbuf[64*1024];
cce.cbAllocated = sizeof(certbuf);
cce.CertContext.pbCertEncoded = (BYTE *) &certbuf;
ecb_->ServerSupportFunction(ecb_->ConnID, HSE_REQ_GET_CERT_INFO_EX, &cce, 0, 0)

However, I did not find out how to retrieve the rest of the certificate chain from this CERT_CONTEXT_EX struct.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

少女的英雄梦 2025-01-11 03:22:00

我刚刚遇到这个老问题。很抱歉我没有早点看到它。

许多年前，我编写了一个示例，展示了如何使用 CAPICOM 执行此操作。不幸的是，CAPICOM 正在被微软淘汰，尽管它仍然有效。

我在 Koders 上找到了旧的 isapiCertPolicy 示例：

http://www.koders.com/cpp/fid977D79B2C51AD2423E4F57B6B36C3806F167CF79.aspx

以下是相关代码片段：

#import "capicom.dll"

char CertificateBuf[8192];
CERT_CONTEXT_EX ccex;
ccex.cbAllocated = sizeof(CertificateBuf);
ccex.CertContext.pbCertEncoded = (BYTE*)CertificateBuf;
ccex.dwCertificateFlags = 0;
DWORD dwSize = sizeof(ccex);

fOk = pCtxt->ServerSupportFunction(
    (enum SF_REQ_TYPE)HSE_REQ_GET_CERT_INFO_EX,
    (LPVOID)&ccex,
    &dwSize,
    NULL);

_bstr_t bstrCert(
    SysAllocStringLen(
        (OLECHAR * )ccex.CertContext.pbCertEncoded,
        (ccex.CertContext.cbCertEncoded+1)/2),
    FALSE);

CAPICOM::ICertificate2Ptr Cert(__uuidof(CAPICOM::Certificate));
Cert->Import(bstrCert);

CAPICOM::IChainPtr Chain(__uuidof(CAPICOM::Chain));
BOOL fOk = Chain->Build(Cert);

CAPICOM::ICertificatesPtr Certs(NULL);
Certs = Chain->Certificates;

CAPICOM::ICertificate2Ptr ParentCert(Certs->Item[2])

Chain 对象构建证书链。如果您无法使用 CAPICOM，您可以使用 Crypto API 的 CertGetCertificateChain 函数获取证书链，但工作量更大。

I just came across this old question. I'm sorry I didn't see it sooner.

Many years ago I wrote a sample that shows how do do this using CAPICOM. Unfortunately CAPICOM is being phased out by Microsoft, though it still works.

I found the old isapiCertPolicy sample on Koders:

http://www.koders.com/cpp/fid977D79B2C51AD2423E4F57B6B36C3806F167CF79.aspx

Here are the relevant code fragments:

#import "capicom.dll"

char CertificateBuf[8192];
CERT_CONTEXT_EX ccex;
ccex.cbAllocated = sizeof(CertificateBuf);
ccex.CertContext.pbCertEncoded = (BYTE*)CertificateBuf;
ccex.dwCertificateFlags = 0;
DWORD dwSize = sizeof(ccex);

fOk = pCtxt->ServerSupportFunction(
    (enum SF_REQ_TYPE)HSE_REQ_GET_CERT_INFO_EX,
    (LPVOID)&ccex,
    &dwSize,
    NULL);

_bstr_t bstrCert(
    SysAllocStringLen(
        (OLECHAR * )ccex.CertContext.pbCertEncoded,
        (ccex.CertContext.cbCertEncoded+1)/2),
    FALSE);

CAPICOM::ICertificate2Ptr Cert(__uuidof(CAPICOM::Certificate));
Cert->Import(bstrCert);

CAPICOM::IChainPtr Chain(__uuidof(CAPICOM::Chain));
BOOL fOk = Chain->Build(Cert);

CAPICOM::ICertificatesPtr Certs(NULL);
Certs = Chain->Certificates;

CAPICOM::ICertificate2Ptr ParentCert(Certs->Item[2])

The Chain object builds the certificate chain. If you can't use CAPICOM, you can get the certificate chain using the Crypto API's CertGetCertificateChain function, but it's more work.

回复收藏 0 原文

~没有更多了~