Überprüfen von Dokumentsignaturen und Zertifikaten
In diesem Thema wird beschrieben, wie Sie die Signaturen in einem XPS-Dokument überprüfen und die Zertifikate überprüfen, die mit diesen Signaturen zusammenhängen.
Bevor Sie die folgenden Codebeispiele in Ihrem Programm verwenden, lesen Sie den Haftungsausschluss in Allgemeine Aufgaben bei der Programmierung digitaler Signaturen.
Im folgenden Codebeispiel werden die digitalen Signaturen überprüft, die in einem XPS-Dokument gefunden werden.
Führen Sie die folgenden Schritte aus, um die Signaturen in einem XPS-Dokument zu überprüfen:
- Laden Sie das Dokument in einen Signatur-Manager, wie in Signatur-Manager initialisieren beschrieben.
- Abrufen der Sammlung von Unterschriften aus dem digitalen Signatur-Manager.
- Abfrage der Anzahl der Signaturen in der Sammlung.
- Rufen Sie für jede Signatur in der Auflistung die Überprüfungs-Methode auf, wie im folgenden Codebeispiel gezeigt.
HRESULT
VerifyAllDigitalSignaturesAndAuthenticateCertificates(
IXpsSignatureManager *signatureManager
)
{
HRESULT hr = S_OK;
IXpsSignature *signature = NULL;
IXpsSignatureCollection *signaturesInDocument = NULL;
UINT32 numberOfSignaturesInDocument = NULL;
hr = signatureManager->GetSignatures(&signaturesInDocument);
if (SUCCEEDED(hr)) {
hr = signaturesInDocument->GetCount(&numberOfSignaturesInDocument);
}
if (SUCCEEDED(hr)) {
// Check each signature in the XPS document that was opened in
// the signature manager.
for (UINT32 index = 0; index < numberOfSignaturesInDocument; index++)
{
// Get the signature in the current index of the
// IXpsSignatureCollection object
hr = signaturesInDocument->GetAt(index, &signature);
if (SUCCEEDED(hr)) {
PCCERT_CONTEXT signingCertificate = NULL;
XPS_SIGNATURE_STATUS signatureStatus;
signatureStatus = XPS_SIGNATURE_STATUS_BROKEN;
// Verify the signature and authenticate
// its signing certificate
hr = VerifySignatureAndCertificates (
signature,
&signingCertificate,
&signatureStatus);
if (FAILED(hr)) {
// If a FACILITY_SECURITY error code is returned then
// the current certificate was not the
// signing certificate, so continue with
// the enumeration.
if (HRESULT_FACILITY(hr) != FACILITY_SECURITY)
{
// If the error was not a FACILITY_SECURITY error
// then exit and return the error
break; // out of for loop
}
}
// release pointers for next loop
if (NULL != signature) {
signature->Release();
signature = NULL;
}
if (NULL != signingCertificate) {
CertFreeCertificateContext (signingCertificate);
signingCertificate = NULL;
}
}
}
}
if (NULL != signaturesInDocument) signaturesInDocument->Release();
return hr;
}
Um eine digitale Signatur zu überprüfen, überprüfen Sie zuerst die Signatur, die vom Signaturzertifikat erstellt wurde, und überprüfen Sie dann das Signaturzertifikat. Die im folgenden Codebeispiel verwendete Überprüfungsmethode speichert die Zertifikate in einem temporären Zertifikatspeicher zwischen, die die Crypto-API-Funktionen verwenden, wenn sie später in diesem Beispiel aufgerufen werden.
Führen Sie die folgenden Schritte aus, um einen temporären Zertifikatspeicher zu erstellen:
- Erstellen Sie einen temporären Zertifikatspeicher, um die von der Signatur verwendeten Zertifikate aufzubewahren.
- Durchlaufen Sie den Zertifikatsatz der Signatur, und laden Sie jedes Zertifikat in den temporären Zertifikatspeicher.
HRESULT VerifySignatureAndCertificates (
IXpsSignature *signature,
PCCERT_CONTEXT *signingCertificate,
XPS_SIGNATURE_STATUS *signatureStatus
)
{
HRESULT hr = S_OK;
BOOL moreCertificates = FALSE;
IOpcCertificateEnumerator *certificatesInSignature = NULL;
HCERTSTORE signatureCertificateStore = NULL;
// Create a temporary certificate store.
signatureCertificateStore = CertOpenStore(
CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING,
NULL,
0,
NULL);
// Create a certificate enumerator to store the certificates
// that are associated with the current signature.
hr = signature->GetCertificateEnumerator(&certificatesInSignature);
if (SUCCEEDED(hr))
{
// We need to call the MoveNext method to initialize the enumerator.
hr = certificatesInSignature->MoveNext(&moreCertificates);
}
if (SUCCEEDED(hr))
{
// Iterate through the certificates in the signature,
// and add each one to the temporary certificate store.
// This temporary certificate store simplifies
// authentication of the signing certificate.
while (moreCertificates)
{
PCCERT_CONTEXT certificate = NULL;
hr = certificatesInSignature->GetCurrent(&certificate);
if (SUCCEEDED(hr))
{
// got the next certificate so
// add the current certificate to the temporary certificate store.
if (!CertAddCertificateContextToStore(signatureCertificateStore,
certificate,
CERT_STORE_ADD_REPLACE_EXISTING,
NULL))
{
hr = E_FAIL;
// ERROR: could not add the certificate to the certificate store
break; // out of while loop
}
CertFreeCertificateContext (certificate);
}
else
{
// unable to get the certificate so skip
}
// move to next certificate in set
if (FAILED(hr = certificatesInSignature->MoveNext(&moreCertificates)))
{
// ERROR: could not move to the next certificate in the enumerator
break; // out of while loop
}
// moreCertificates == FALSE when the end of the set has been reached.
}//End while
}
if (NULL != certificatesInSignature) certificatesInSignature->Release();
Führen Sie die folgenden Schritte aus, um die digitale Signatur und das zum Signieren des Dokuments verwendete Zertifikat zu überprüfen:
- Suchen Sie das Signaturzertifikat, indem Sie die Zertifikate durchlaufen, die von der Signatur verwendet werden.
- Testen Sie das Zertifikat, indem Sie die Signatur anhand des Zertifikats überprüfen. Das Signaturzertifikat wird gefunden, wenn die Überprüfungs-Methode einen XPS_SIGNATURE_STATUS von XPS_SIGNATURE_STATUS_VALID oder XPS_SIGNATURE_STATUS_QUESTIONABLE zurückgibt und keinen FACILITY_SECURITY-Fehler zurückgibt .
// Reset the enumerator
hr = signature->GetCertificateEnumerator(&certificatesInSignature);
if (SUCCEEDED (hr))
{
moreCertificates = FALSE;
hr = certificatesInSignature->MoveNext(&moreCertificates);
}
if (SUCCEEDED(hr))
{
// Iterate through the certificates in the signature,
// and call the IXpsSignature.Verify() method
// on each certificate.
// A signature can include an entire certificate chain, and so
// only one of the certificates found in this enumeration
// is the certificate that was used to sign the package.
// The signing certificate is the one to authenticate.
// To find the signing certificate, iterate through
// the certificates in the signature and select the certificate that
// returns an XPS_SIGNATURE_STATUS of XPS_SIGNATURE_STATUS_VALID
// or XPS_SIGNATURE_STATUS_QUESTIONABLE and does not return a
// FACILITY_SECURITY error.
XPS_SIGNATURE_STATUS localSignatureStatus;
localSignatureStatus = XPS_SIGNATURE_STATUS_INCOMPLIANT;
do
{
PCCERT_CONTEXT certificate = NULL;
DWORD certificateStatus = NULL;
if (FAILED(hr = certificatesInSignature->GetCurrent(&certificate)))
{
// We will skip corrupted certificates
// free this one and move to the next
CertFreeCertificateContext (certificate);
hr = certificatesInSignature->MoveNext(&moreCertificates);
if (FAILED(hr))
{
// ERROR: could not move to the next
// certificate in the enumerator
break; // out of do loop with failed hr
}
// continue with next loop iteration
continue;
}
// Verify that the signature conforms to the XPS signing policy.
hr = signature->Verify(certificate, &localSignatureStatus);
if (FAILED(hr))
{
// If a FACILITY_SECURITY error code is returned, then the
// current certificate was not the signing certificate,
// so continue to the next certificate.
if (HRESULT_FACILITY(hr) == FACILITY_SECURITY)
{
// free this one and move to the next
CertFreeCertificateContext (certificate);
hr = certificatesInSignature->MoveNext(&moreCertificates);
if (FAILED(hr))
{
// ERROR: could not move to the next certificate
// in the enumerator
break; // out of do loop with failed hr
}
continue;
}
// ERROR: An attempt to verify the signature has failed
break; // out of do loop with failed hr
}
// if verification was successful, localSignatureStatus will
// contain the status of the signature.
//
// do loop continues in next code example
Wenn das Signaturzertifikat gefunden wurde, führen Sie die folgenden Schritte aus:
- Speichern Sie den Status der zurückgegebenen Signatur.
- Aktualisieren Sie falls erforderlich den lokalen Status, um nachfolgende Zertifikattests durchzuführen:
- Wenn der Signaturstatus erfolgreich ist, legen Sie den lokalen Status auf fragwürdig fest, um die Zertifikate zu testen.
- Wenn der Signaturstatus nicht konform ist, lassen Sie den lokalen Status als inkompatibel.
- Wenn der Signaturstatus beschädigt oder unvollständig ist, legen Sie den lokalen Status auf fehlerhaften Status fest.
Ein Signaturstatus XPS_SIGNATURE_STATUS_INCOMPLIANT bedeutet, dass Teile des XPS-Dokuments, die nicht signiert werden sollten, signiert wurden, oder Teile des XPS-Dokuments, die signiert werden sollten, nicht signiert wurden. Wenn Überprüfen diesen Signaturstatus zurückgibt, ist eine weitere Überprüfung der Signatur unnötig.
// continuing do loop from previous code example
*signingCertificate = certificate;
*signatureStatus = localSignatureStatus;
// note that this test should only downgrade the
// signature status, it should not upgrade it.
switch (localSignatureStatus) {
case XPS_SIGNATURE_STATUS_VALID:
case XPS_SIGNATURE_STATUS_QUESTIONABLE:
// the signature is valid or questionable so
// save the actual status and set the new status
// to questionable so the certificates will be checked.
localSignatureStatus = XPS_SIGNATURE_STATUS_QUESTIONABLE;
break;
case XPS_SIGNATURE_STATUS_INCOMPLIANT:
// the signature is not compliant
break;
case XPS_SIGNATURE_STATUS_INCOMPLETE:
case XPS_SIGNATURE_STATUS_BROKEN:
// The Windows 7 XPS viewer displays incomplete signatures
// and broken signatures as broken.
*signatureStatus = XPS_SIGNATURE_STATUS_BROKEN;
localSignatureStatus = XPS_SIGNATURE_STATUS_BROKEN;
break;
default:
// there should be no other possible status values
break;
}
// do loop continues in next code example
Führen Sie die folgenden Schritte aus, um die Vertrauenswürdigkeit des Zertifikats zu überprüfen, wenn der Signaturstatus gültig oder fraglich war:
- Rufen Sie den Zertifikatvertrauensstatus ab.
- Bewerten Sie den zurückgegebenen Zertifikatvertrauensstatus.
- Geben Sie den resultierenden Status zurück.
Im nächsten Codebeispiel wird nicht auf jeden möglichen Zertifikatvertrauensstatus getestet. Weitere Informationen zu den Statuswerten, die zurückgegeben werden können, finden Sie unter CERT_TRUST_STATUS.
// continuing do loop from previous code example
//
// at this point, localSignatureStatus should be less than or
// equal to what it was before the test.
// Check the certificate to see if it is valid
if ((localSignatureStatus == XPS_SIGNATURE_STATUS_VALID) ||
(localSignatureStatus == XPS_SIGNATURE_STATUS_QUESTIONABLE))
{
// This call builds the certificate trust chain from the
// supplied certificate. The certificate chain is used to
// authenticate the supplied certificate.
hr = GetCertificateTrustStatus (
*signingCertificate,
&signatureCertificateStore,
&certificateStatus);
if (FAILED(hr))
{
// ERROR: An attempt to authenticate the certificate
// has failed
break; // out of do loop with failed hr
}
// The Crypt API returns a status that can contain more than
// one status value.
// statusFlagMask is set to test all bits except for the
// CERT_TRUST_REVOCATION_STATUS_UNKNOWN
// CERT_TRUST_IS_OFFLINE_REVOCATION
// CERT_TRUST_IS_NOT_TIME_VALID
// values because, for this test, these are not considered
// to be error conditions.
DWORD statusFlagMask = ~(
CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
CERT_TRUST_IS_OFFLINE_REVOCATION |
CERT_TRUST_IS_NOT_TIME_VALID);
if (CERT_TRUST_NO_ERROR == (certificateStatus & statusFlagMask))
{
// If *signatureStatus is already
// XPS_SIGNATURE_STATUS_VALID then there is no need to
// change the status as the certificate status has no
// certificate trust errors.
// If *signatureStatus is already
// XPS_SIGNATURE_STATUS_QUESTIONABLE then we will not
// upgrade the trust status of the signature just
// because there is no trust issue with the certificate.
}
else
{
// If trust errors were detected with the certificate,
// then this XPS signature is given a status of
// XPS_SIGNATURE_STATUS_QUESTIONABLE
*signatureStatus = XPS_SIGNATURE_STATUS_QUESTIONABLE;
}
// Handle additional certificate errors.
// This is not an exhaustive list of possible errors.
if (certificateStatus & CERT_TRUST_IS_NOT_TIME_VALID)
{
// The XPS Viewer considers signatures with
// expired certificates as valid.
}
if (certificateStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
{
// This test ensures that we only degrade the
// trust status and never upgrade it
if (XPS_SIGNATURE_STATUS_VALID == *signatureStatus)
{
*signatureStatus = XPS_SIGNATURE_STATUS_QUESTIONABLE;
}
}
if (certificateStatus & CERT_TRUST_IS_NOT_SIGNATURE_VALID)
{
// This test ensures that we only degrade the
// trust status and never upgrade it
if (XPS_SIGNATURE_STATUS_VALID == *signatureStatus)
{
*signatureStatus = XPS_SIGNATURE_STATUS_QUESTIONABLE;
}
}
if (certificateStatus & CERT_TRUST_IS_SELF_SIGNED)
{
// This test ensures that we only degrade the
// trust status and never upgrade it
if (XPS_SIGNATURE_STATUS_VALID == *signatureStatus)
{
*signatureStatus = XPS_SIGNATURE_STATUS_QUESTIONABLE;
}
}
if (certificateStatus & CERT_TRUST_IS_UNTRUSTED_ROOT)
{
// This test ensures that we only degrade the
// trust status and never upgrade it
if (XPS_SIGNATURE_STATUS_VALID == *signatureStatus)
{
*signatureStatus = XPS_SIGNATURE_STATUS_QUESTIONABLE;
}
}
}//End if
hr = certificatesInSignature->MoveNext(&moreCertificates);
if (FAILED(hr))
{
// ERROR: could not move to the next
// certificate in the enumerator
break; // out of do loop with failed hr
}
} while((*signatureStatus != XPS_SIGNATURE_STATUS_VALID) &&
moreCertificates);
} // end if successful
if (NULL != certificatesInSignature) certificatesInSignature->Release();
return hr;
}
Im nächsten Codebeispiel wird der Zertifikatvertrauensstatus abgerufen, indem die im folgenden Codebeispiel gezeigte Methode aufgerufen wird.
HRESULT GetCertificateTrustStatus(
__in PCCERT_CONTEXT certificate,
__in HCERTSTORE* certificateStore,
__out DWORD* certificateStatus
)
{
HRESULT hr = S_OK;
// The certificate chain that will be created from
// the PCCERT_CONTEXT object passed in.
PCCERT_CHAIN_CONTEXT certificateChain = NULL;
hr = CreateCertificateChain(
certificate,
*certificateStore,
&certificateChain);
if (SUCCEEDED(hr)) {
*certificateStatus =
certificateChain->TrustStatus.dwErrorStatus;
}
return hr;
}
Die im vorherigen Codebeispiel verwendete Zertifikatkette wird durch Aufrufen der im folgenden Codebeispiel gezeigten Methode erstellt.
HRESULT
CreateCertificateChain (
__in PCCERT_CONTEXT certificate,
__in HCERTSTORE certificateStore,
__out PCCERT_CHAIN_CONTEXT* certificateChain
)
{
HRESULT hr = S_OK;
CERT_CHAIN_PARA certificateChainParameters = {0};
certificateChainParameters.cbSize = sizeof(CERT_CHAIN_PARA);
certificateChainParameters.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
// CertGetCertificateChain builds a certificate chain that starts
// from the PCCERT_CONTEXT structure provided by the caller.
// After the certificate chain has been successfully created,
// then the authenticity of the certificate can be determined
// by examining the errors, if any, that occurred while the chain
// was created.
BOOL successCreatingCertChain = CertGetCertificateChain (
NULL,
certificate,
NULL,
certificateStore,
&certificateChainParameters,
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
NULL,
certificateChain);
if (!successCreatingCertChain)
{
hr = HRESULT_FROM_WIN32(GetLastError());
}
return hr;
}
Zugehörige Themen
-
In diesem Abschnitt verwendet
-
Weitere Informationen