本主題描述如何確認系統支援摘要方法。
XPS 數位簽名會使用 Crypto API,其提供驗證系統是否支援特定摘要方法的方法。 若要使用 Crypto API 的 CryptXmlEnumAlgorithmInfo 函式來列舉系統支援的摘要方法,呼叫端必須提供回呼方法和數據結構。 CryptXmlEnumAlgorithmInfo 函式會透過回呼方法將列舉數據傳回呼叫端。
此範例中使用的數據結構會顯示在下列程式代碼範例中,並包含下列欄位:
| 領域 | 描述 |
|---|---|
| userDigestAlgorithm | LPWSTR 欄位,指向包含要檢查之摘要演算法 URI 的字串。 |
| 驗證用戶摘要算法支持 | 布爾值 值,指出憑證是否支援摘要演算法。 |
struct DigestMethodData
{
LPCWSTR userDigestAlgorithm;
BOOL userDigestAlgorithmSupported;
};
列舉摘要方法的 Crypto API 方法會使用回呼方法將數據傳回給呼叫端。 CryptXmlEnumAlgorithmInfo 列舉系統支援的摘要方法,並針對它列舉的每個摘要方法呼叫回呼方法,直到回呼方法傳回 FALSE,或直到列舉系統支援的所有摘要方法為止。 範例中的回呼方法會比較由 CryptXmlEnumAlgorithmInfo 傳入的摘要方法與呼叫方法所提供的摘要方法。
BOOL WINAPI
EnumDigestMethodCallback (
__in const CRYPT_XML_ALGORITHM_INFO *certMethodInfo,
__inout_opt void *userArg
)
{
// MAX_ALG_ID_LEN is used to set the maximum length of the
// algorithm URI in the string comparison. The URI is not
// likely to be longer than 128 characters so a fixed-size
// buffer is used in this example.
// To make this function more robust, consider
// setting this value dynamically.
static const size_t MAX_ALG_ID_LEN = 128;
DigestMethodData *certificateAlgorithmData =
(DigestMethodData*)userArg;
if (NULL != userArg) {
// Assign user data to local data structure
certificateAlgorithmData = (DigestMethodData*)userArg;
} else {
// Unable to continue this enumeration without
// data from calling method.
return FALSE;
}
// For each algorithm in the enumeration, check to see
// if the URI of the current supported algorithm matches
// the URI passed in userArg.
int cmpResult = 0;
cmpResult = wcsncmp(
certMethodInfo->wszAlgorithmURI,
certificateAlgorithmData->userDigestAlgorithm,
MAX_ALG_ID_LEN );
if ( 0 == cmpResult )
{
// This is a match...
// set supported value to true
certificateAlgorithmData->userDigestAlgorithmSupported = TRUE;
// ...and return FALSE to stop any further enumeration
return FALSE;
}
else
{
// no match was found
// return TRUE to continue enumeration
return TRUE;
}
}
下列程式代碼範例會將驗證功能包裝成單一方法,這個方法會傳回 布爾值 值,指出系統是否支援摘要方法。
BOOL
SupportsDigestAlgorithm (
__in LPCWSTR digestMethodToCheck
)
{
HRESULT hr = S_OK;
// Initialize the structure that will hold information about the
// digest method to check
DigestMethodData certificateAlgorithmData;
certificateAlgorithmData.userDigestAlgorithmSupported = FALSE;
certificateAlgorithmData.userDigestAlgorithm = digestMethodToCheck;
// Enumerate the algorithms that are supported on the system,
// the callback method compares each supported algorithm to the one
// passed in digestMethodToCheck and returns true in the
// certificateAlgorithmData.userDigestAlgorithmSupported field if
// the provided digest algorithm is supported by system.
//
// Note that CRYPT_XML_GROUP_ID_HASH is set to enumerate
// digest methods
hr = CryptXmlEnumAlgorithmInfo(
CRYPT_XML_GROUP_ID_HASH, // NOTE: CRYPT_XML_GROUP_ID_HASH
CRYPT_XML_FLAG_DISABLE_EXTENSIONS,
(void*)&certificateAlgorithmData,
EnumDigestMethodCallback);
return certificateAlgorithmData.userDigestAlgorithmSupported;
}
相關主題
-
後續步驟
-
從檔案 載入憑證
-
此範例中使用的
-
CryptXmlEnumAlgorithmInfo
-
如需詳細資訊