?????? ??????This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
?? ?? ???ICertRequest::Submit (??)method, a request for the certificate is submitted to the
certification authority.
The certificate is retrieved from the certification
authority, and then it is installed in the appropriate store. The IIS Server
Certificate Wizard looks only for certificates that it can use for server authentication in the Local Computer certificate store.
After you save the certificate to the store, you must configure
IIS as follows:
?????CertGetCertificateContextProperty()method to obtain the values of the???????????? ??CERT_HASH_PROP_ID???? TheCertGetCertificateContextProperty()function uses theCryptHashCertificate()method to compute the value for theCERT_HASH_PROP_ID???? If the HASH value does not exist,CertGetCertificateContextProperty()???? ??SHA1??????????
#include <stdio.h>
#include <windows.h>
#include <wincrypt.h>
#define MY_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
//--------------------------------------------------------------------
// Define the name of the store where the needed certificate
// can be found.
#define CERT_STORE_NAME L"MY"
//--------------------------------------------------------------------
// Declare local functions.
// Local function definitions follow main.
void HandleError(char *s);
void main(void)
{
//--------------------------------------------------------------------
// Declare and initialize local variables.
// This includes initializing a pointer to the message.
// Usually, the message will exist somewhere and a pointer will
// be passed to the application.
//--------------------------------------------------------------------
// System store handle
HCERTSTORE hStoreHandle;
//--------------------------------------------------------------------
// Pointer to a certificate
PCCERT_CONTEXT pCert;
PCCERT_CONTEXT pPrevCert;
LPBYTE pEncodedBytes = NULL;
LPBYTE pHash;
DWORD cbData, i;
//--------------------------------------------------------------------
// Open a certificate store.
if ( !( hStoreHandle = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_LOCAL_MACHINE,
CERT_STORE_NAME)))
{
HandleError("The MY store could not be opened.");
}
pPrevCert = NULL;
for (; ((pCert = CertEnumCertificatesInStore(hStoreHandle, pPrevCert))
!= NULL);
pPrevCert = pCert)
{
CERT_ENHKEY_USAGE *pKeyUsage;
DWORD j, nLen;
BOOL bFound = FALSE;
char certName[1024];
nLen = sizeof(certName);
certName[0] = 0;
if (CertNameToStr(MY_TYPE, &(pCert->pCertInfo->Subject),
CERT_X500_NAME_STR,
certName,
sizeof(certName)))
{
printf("Checking %s certificate\n", certName);
}
cbData = 0;
if (!CertGetEnhancedKeyUsage(pCert,
0,
NULL,
&cbData) || cbData == 0)
{
if (GetLastError() == CRYPT_E_NOT_FOUND)
{
printf("%s certificate is for all key usages\n", certName);
break;
}
else
printf("CertGetEnhancedKeyUsage failed with error code : %08X\n",
GetLastError());
}
pKeyUsage = (CERT_ENHKEY_USAGE *)
HeapAlloc(GetProcessHeap(), 0, cbData);
if (pKeyUsage == NULL)
{
printf("HeapAlloc failed with error code : %08X\n",
GetLastError());
HandleError("Certificate not found.");
}
if (!CertGetEnhancedKeyUsage(pCert,
0,
pKeyUsage,
&cbData))
{
if (GetLastError() == CRYPT_E_NOT_FOUND)
{
printf("%s certificate is for all key usages\n", certName);
HeapFree(GetProcessHeap(), 0, pKeyUsage);
break;
}
else
{
printf("CertGetEnhancedKeyUsage failed with error code : %08X\n",
GetLastError());
HeapFree(GetProcessHeap(), 0, pKeyUsage);
continue;
}
}
if (pKeyUsage->cUsageIdentifier == 0)
{
printf("%s certificate is for all key usages\n", certName);
HeapFree(GetProcessHeap(), 0, pKeyUsage);
break;
}
bFound = FALSE;
for (j = 0; j < pKeyUsage->cUsageIdentifier; j++)
{
if (strcmpi(pKeyUsage->rgpszUsageIdentifier[j],
szOID_PKIX_KP_SERVER_AUTH) == 0)
{
printf("%s certificate is for Server Authentication\n",
certName);
bFound = TRUE;
break;
}
}
HeapFree(GetProcessHeap(), 0, pKeyUsage);
if (bFound)
break;
}
if (pCert == NULL)
HandleError("Certificate not found.");
if (pPrevCert)
{
CertFreeCertificateContext(pPrevCert);
pPrevCert = NULL;
}
/// CASE 2 Get the hash from the certificate
pHash = NULL;
cbData = 0;
CertGetCertificateContextProperty(pCert, CERT_HASH_PROP_ID, NULL, &cbData);
if (cbData == 0)
{
HandleError("CertGetCertificateContextProperty 1 failed");
}
pHash = (LPBYTE)HeapAlloc(GetProcessHeap(), 0, cbData);
if (pHash == NULL)
{
HandleError("HeapAlloc failed");
}
if (!CertGetCertificateContextProperty(pCert, CERT_HASH_PROP_ID, pHash,
&cbData))
{
HandleError("CertGetCertificateContextProperty 2 failed");
}
printf("CERT_HASH_PROP_ID Length is %d\n", cbData);
printf("CERT_HASH_PROP_ID BYTES [", cbData);
for (i = 0; i < cbData; i++)
{
printf("%02X", pHash[i]);
}
printf("]\n");
//--------------------------------------------------------------------
// Clean up and free memory.
if (pEncodedBytes)
HeapFree(GetProcessHeap(), 0, pEncodedBytes);
if (pHash)
HeapFree(GetProcessHeap(), 0, pHash);
if(pCert)
CertFreeCertificateContext(pCert);
if(CertCloseStore(
hStoreHandle,
CERT_CLOSE_STORE_CHECK_FLAG))
{
printf("The store closed and all certificates are freed. \n");
}
else
{
printf("Store closed -- \n"
"not all certificates, CRLs or CTLs were freed");
}
} // End of main
//--------------------------------------------------------------------
// This example uses the function HandleError, a simple error
// handling function, to print an error message to the standard error
// (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void HandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of HandleError
Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
Email
???? ?????? ????????
????? ?? ???? ????
