Exemple de programme C : Opérations de vérification de certificat
L’exemple suivant illustre ces tâches et les fonctions CryptoAPI :
- Ouverture et fermeture du magasin système.
- Recherche d’un certificat par nom d’objet.
- Utilisation de la fonction CertVerifyTimeValidity pour case activée la validité temporelle du certificat.
- CertOpenStore
- CertFindCertificateInStore
- CertVerifyTimeValidity
- CertFreeCertificateContext
- CertCloseStore
Cet exemple utilise la fonction MyHandleError. Le code de cette fonction est inclus dans l’exemple. Le code de cette fonction auxiliaire et d’autres fonctions auxiliaires est également répertorié sous usage général Fonctions.
//-------------------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// This example demonstrates:
// 1. Opening and closing a system store.
// 2. Finding a certificate by subject name.
// 3. Using the CertVerifyTimeValidity function to check the
// certificate's time validity.
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE hSystemStore;
PCCERT_CONTEXT pTargetCert=NULL;
PCERT_INFO pTargetCertInfo;
char szSubjectName[] = "Insert_cert_subject_name1";
// String to be found in a certificate subject
//-------------------------------------------------------------------
// Call CertOpenStore to open the CA store.
if(hSystemStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
L"CA"))
{
printf("CertOpenStore succeeded. The CA store is open. \n");
}
else
{
MyHandleError( "Error opening the Root store.");
}
//-------------------------------------------------------------------
// Get a particular certificate using CertFindCertificateInStore.
if(pTargetCert = CertFindCertificateInStore(
hSystemStore, // Store handle.
MY_ENCODING_TYPE, // Encoding type.
0, // Not used.
CERT_FIND_SUBJECT_STR_A,// Find type. Find a string in the
// certificate's subject.
szSubjectName, // The string to be searched for.
pTargetCert)) // Previous context.
{
printf("Found the certificate. \n");
}
else
{
MyHandleError("Could not find the required certificate");
}
//-------------------------------------------------------------------
// pTargetCert is a pointer to the desired certificate.
// Check the certificate's time validity.
pTargetCertInfo = pTargetCert->pCertInfo;
switch(CertVerifyTimeValidity(
NULL, // Use current time.
pTargetCertInfo)) // Pointer to CERT_INFO.
{
case -1 :
{
printf("Certificate is not valid yet. \n");
break;
}
case 1:
{
printf("Certificate is expired. \n");
break;
}
case 0:
{
printf("Certificate's time is valid. \n");
break;
}
};
//-------------------------------------------------------------------
// Clean up memory and quit.
if (pTargetCert)
CertFreeCertificateContext(pTargetCert);
if(hSystemStore)
{
if (!CertCloseStore(
hSystemStore,
CERT_CLOSE_STORE_CHECK_FLAG))
MyHandleError("Could not close the certificate store");
}
printf("The certificate has been freed and the store closed. \n");
printf("The certificate verification program ran to completion "
"without error. \n");
} // End of main
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function, to print an error message to the
// standard error (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of MyHandleError