예제 C 프로그램: 인증서 확인 작업
다음 예제에서는 이러한 작업 및 CryptoAPI 함수를 보여 줍니다.
- 시스템 저장소를 열고 닫습니다.
- 주체 이름으로 인증서 찾기
- CertVerifyTimeValidity 함수를 사용하여 인증서의 시간 유효성을 검사.
- CertOpenStore
- CertFindCertificateInStore
- CertVerifyTimeValidity
- CertFreeCertificateContext
- CertCloseStore
이 예제에서는 MyHandleError 함수를 사용합니다. 이 함수의 코드는 샘플에 포함되어 있습니다. 이 함수 및 기타 보조 함수에 대한 코드도 범용 Functions 아래에 나열됩니다.
//-------------------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// This example demonstrates:
// 1. Opening and closing a system store.
// 2. Finding a certificate by subject name.
// 3. Using the CertVerifyTimeValidity function to check the
// certificate's time validity.
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE hSystemStore;
PCCERT_CONTEXT pTargetCert=NULL;
PCERT_INFO pTargetCertInfo;
char szSubjectName[] = "Insert_cert_subject_name1";
// String to be found in a certificate subject
//-------------------------------------------------------------------
// Call CertOpenStore to open the CA store.
if(hSystemStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
L"CA"))
{
printf("CertOpenStore succeeded. The CA store is open. \n");
}
else
{
MyHandleError( "Error opening the Root store.");
}
//-------------------------------------------------------------------
// Get a particular certificate using CertFindCertificateInStore.
if(pTargetCert = CertFindCertificateInStore(
hSystemStore, // Store handle.
MY_ENCODING_TYPE, // Encoding type.
0, // Not used.
CERT_FIND_SUBJECT_STR_A,// Find type. Find a string in the
// certificate's subject.
szSubjectName, // The string to be searched for.
pTargetCert)) // Previous context.
{
printf("Found the certificate. \n");
}
else
{
MyHandleError("Could not find the required certificate");
}
//-------------------------------------------------------------------
// pTargetCert is a pointer to the desired certificate.
// Check the certificate's time validity.
pTargetCertInfo = pTargetCert->pCertInfo;
switch(CertVerifyTimeValidity(
NULL, // Use current time.
pTargetCertInfo)) // Pointer to CERT_INFO.
{
case -1 :
{
printf("Certificate is not valid yet. \n");
break;
}
case 1:
{
printf("Certificate is expired. \n");
break;
}
case 0:
{
printf("Certificate's time is valid. \n");
break;
}
};
//-------------------------------------------------------------------
// Clean up memory and quit.
if (pTargetCert)
CertFreeCertificateContext(pTargetCert);
if(hSystemStore)
{
if (!CertCloseStore(
hSystemStore,
CERT_CLOSE_STORE_CHECK_FLAG))
MyHandleError("Could not close the certificate store");
}
printf("The certificate has been freed and the store closed. \n");
printf("The certificate verification program ran to completion "
"without error. \n");
} // End of main
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function, to print an error message to the
// standard error (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of MyHandleError