Contoh Program C: Serialisasi Sertifikat
Contoh berikut menunjukkan serialisasi konteks sertifikat dan propertinya ke dalam formulir yang dapat disimpan dalam file, dikirim dengan pesan email, atau dikirimkan ke pengguna lain. Contohnya juga menunjukkan bagaimana sertifikat berseri dapat diubah kembali menjadi sertifikat dan ditambahkan ke penyimpanan sertifikat. Proses yang sama juga berfungsi dengan CRL dan CTL menggunakan CertSerializeCRLStoreElement dan CertSerializeCTLStoreElement.
Contoh ini mengilustrasikan tugas-tugas berikut dan fungsi CryptoAPI:
- Membuka penyimpanan sertifikat sistem menggunakan CertOpenSystemStore.
- Membuka penyimpanan sertifikat menggunakan CertOpenStore.
- Mengambil sertifikat dari penyimpanan menggunakan CertEnumCertificatesInStore.
- Mendapatkan nama subjek sertifikat menggunakan CertGetNameString.
- Membuat bentuk berseri konteks sertifikat dan propertinya menggunakan CertSerializeCertificateStoreElement.
- Membuat sertifikat baru dari string berseri dan menambahkannya ke penyimpanan sertifikat menggunakan CertAddSerializedElementToStore.
- Menggunakan CertAddEncodedCertificateToStore untuk membuat sertifikat baru dari bagian yang dikodekan dari sertifikat yang ada.
- Menggunakan CertCloseStore untuk menutup penyimpanan sertifikat.
//------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// Example that uses CertSerializeCertificateStoreElement to
// serialize the data from a certificate,
// and CertAddSerializedElementToStore to add that data as a new
// certificate to a store.
// CertAddEncodeCertificateToStore is also demonstrated.
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE hSystemStore;
HCERTSTORE hFileStore;
PCCERT_CONTEXT pCertContext = NULL;
char pszNameString[256];
BYTE* pbElement;
DWORD cbElement;
//-------------------------------------------------------------------
// Open a system certificate store.
if(hSystemStore = CertOpenSystemStore(
0,
"CA"))
{
printf("The CA system store is open. Continue.\n");
}
else
{
MyHandleError("The first system store did not open.");
}
//-------------------------------------------------------------------
// Open a second store.
// In order to work, a file-based certificate store named
// teststor.sto must be available in the working directory.
if(hFileStore = CertOpenStore(
CERT_STORE_PROV_FILENAME,
MY_ENCODING_TYPE,
NULL,
0,
L"testStor.sto" ))
{
printf("The file store is open. Continue.\n");
}
else
{
MyHandleError("The file store did not open.");
}
//-------------------------------------------------------------------
// Retrieve the first certificate from the Root store.
// CertFindCertificateInStore could be used here to find
// a certificate with a specific property.
if(pCertContext=CertEnumCertificatesInStore(
hSystemStore,
pCertContext))
{
printf("A certificate is available. Continue.\n");
}
else
{
MyHandleError("No certificate available. "
"The store may be empty.");
}
//-------------------------------------------------------------------
// Find and print the name of the subject of the certificate
// just retrieved.
if(CertGetNameString(
pCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("Certificate for %s has been retrieved.\n",
pszNameString);
}
else
{
printf("CertGetName failed. \n");
}
//-------------------------------------------------------------------
// Find out how much memory to allocate for the serialized element.
if(CertSerializeCertificateStoreElement(
pCertContext, // The existing certificate.
0, // Accept default for dwFlags,
NULL, // NULL for the first function call.
&cbElement)) // Address where the length of the
// serialized element will be placed.
{
printf("The length of the serialized string is %d.\n",
cbElement);
}
else
{
MyHandleError("Finding the length of the serialized "
"element failed.");
}
//-------------------------------------------------------------------
// Allocate memory for the serialized element.
if(pbElement = (BYTE*)malloc(cbElement))
{
printf("Memory has been allocated. Continue.\n");
}
else
{
MyHandleError("The allocation of memory failed.");
}
//-------------------------------------------------------------------
// Create the serialized element from a certificate context.
if(CertSerializeCertificateStoreElement(
pCertContext, // The certificate context source for the
// serialized element.
0, // dwFlags. Accept the default.
pbElement, // A pointer to where the new element will
// be stored.
&cbElement)) // The length of the serialized element,
{
printf("The encoded element has been serialized. \n");
}
else
{
MyHandleError("The element could not be serialized.");
}
//-------------------------------------------------------------------
// pbElement could be written to a file or be sent by email
// to another user.
// The following process uses the serialized
// pbElement and its length, cbElement, to
// add a new certificate to a store.
if(CertAddSerializedElementToStore(
hFileStore, // Store where certificate is to be added.
pbElement, // The serialized element for another
// certificate.
cbElement, // The length of pbElement.
CERT_STORE_ADD_REPLACE_EXISTING,
// Flag to indicate what to do if a matching
// certificate is already in the store.
0, // dwFlags. Accept the default.
CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
NULL,
NULL
))
{
printf("The new certificate is added to the second store.\n");
}
else
{
MyHandleError("The new element was not added to a store.");
}
//-------------------------------------------------------------------
// Next, another certificate will be retrieved from the system store
// and its encoded part, pCertContext->pbCertEncoded, will be
// used to create a new certificate to be added to the file store.
if(pCertContext=CertEnumCertificatesInStore(
hSystemStore,
pCertContext))
{
printf("Another certificate is available. Continue.\n");
}
else
{
MyHandleError("No certificate is available. "
"The store may be empty.");
}
//-------------------------------------------------------------------
// Find and print the name of the subject of the certificate
// just retrieved.
if(CertGetNameString(
pCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("Certificate for %s has been retrieved.\n",
pszNameString);
}
else
{
printf("CertGetName failed. \n");
}
//-------------------------------------------------------------------
// Create a new certificate from the encoded portion of pCertContext
// and add it to the file-based store.
if(CertAddEncodedCertificateToStore(
hFileStore,
MY_ENCODING_TYPE,
pCertContext->pbCertEncoded,
pCertContext->cbCertEncoded,
CERT_STORE_ADD_USE_EXISTING,
NULL))
{
printf("Another certificate is added to the file store.\n");
}
else
{
MyHandleError("The new certificate was not added to the "
"file store.");
}
//-------------------------------------------------------------------
// Free memory.
free(pbElement);
CertCloseStore(hSystemStore,0);
CertCloseStore(hFileStore,0);
printf("The program ran without error to the end.\n");
} // End of main
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function, to print an error message to the standard
// error (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of MyHandleError