[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: Extension data definition
From: "Rivard, Dennis" <dennis.rivard () INTEL ! COM>
Date: 2000-07-19 16:50:06
[Download RAW message or body]
this code fragment should help...
When you get the extension,m the info is encoded, so you need to decode...
Here is exampe code for getting the CRL distribution point...
hope the formatting doesn't get mangled...
// begin code fragment...
HCERTSTORE hCertStore = pCertContext->hCertStore;
DWORD cBufferSize = 0;
PCERT_EXTENSION pCertExtInfo = NULL;
PCRL_DIST_POINTS_INFO pCRLDist=NULL; // use the struct for the ifo
you need
// search for the dist points extension
pCertExtInfo = CertFindExtension(szOID_CRL_DIST_POINTS/* your OID
here */, pCertContext->pCertInfo->cExtension,
pCertContext->pCertInfo->rgExtension);
if (NULL != pCertExtInfo)
{
TRACE(_T("objid = %s\r\n"),pCertExtInfo->pszObjId);
// convert the BLOB info into something useful for decoding
const BYTE* ptemp = pCertExtInfo->Value.pbData;
DWORD cbCount = pCertExtInfo->Value.cbData;
if(CryptDecodeObject(
MY_ENCODING_TYPE,
X509_CRL_DIST_POINTS, // your OID goes here
ptemp , // The buffer to be decoded.
cbCount,
CRYPT_DECODE_NOCOPY_FLAG,
//0,
NULL,
&cBufferSize))
{
TRACE(_T("The needed buffer length is
%d\n"),cBufferSize);
}
else
{
HandleError(_T("The first decode pass failed."));
}
//--------------------------------------------------------------------
// Allocate memory for the decoded information
if(!(pCRLDist = new CRL_DIST_POINTS_INFO[cBufferSize*2]))
{
HandleError(_T("Decode buffer memory allocation
failed."));
}
if(CryptDecodeObject(
MY_ENCODING_TYPE,
X509_CRL_DIST_POINTS, // your OID goes here
ptemp, // The buffer to be decoded.
cBufferSize,
CRYPT_DECODE_NOCOPY_FLAG,
pCRLDist,
&cBufferSize)) // FRANK: the bug was here
{
TRACE(_T("Decode object OK!"));
// do what you need to do...
}
-----Original Message-----
From: J Michael Workman [mailto:jworkman@MITRE.ORG]
Sent: Wednesday, July 19, 2000 11:47 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: Extension data definition
I cannot determine what the values are supposed to be. A quick study of the
function, CertFindExtension, and it's members and sub-members:
CertFindExtension - finds the first extension in the CERT_EXTENSION array,
as identified by its OID. A CERT_INFO structure is derived from a decoded
certificate. That structure's rgExtension array is passed to
CertFindExtension which returns a pointer to the extension if it is in the
array.
Parameters
pszObjId [in] Pointer to the Object Identifier
(OID) to use in the search.
cExtensions Number of extensions in the rgExtensions
array.
rgExtensions Array of CERT_EXTENSION structures.
CERT_EXTENSION Members
pszObjId OID specifies the structure
of the extension data contained
in the Value member. See X.509
Certificate Extension Structures
for OIDs.
fCritical Specifies if extension is necessary.
Value A BLOB structure that contains
encoded extension data.
Value members
cbData Count of bytes in the buffer
pointed to by pbData.
pbData Pointer to a block of data bytes.
After using this function, I get a successful return of data in Value.cbData
and Value.pbData. Unfortunately, I do not know what to do with the returned
values. I have examined the pbData byte by byte (4 bytes) and get returned
values that look like (in hex):
03 02 05 20
and also
03 02 06 c0
Does anybody know what I am talking about? I don't...
On Mon, 17 Jul 2000 16:42:59 -0500, Suhail Ansari <sansari@MEDNA.COM> wrote:
>See MSDN it has a good explanation of the return value by this function. It
>returns pointer to CERT_EXTENSION structure if found. Then you can get the
>value of the extension.
>
>-----Original Message-----
>From: J Michael Workman [mailto:jworkman@MITRE.ORG]
>>I am using the following CAPI function call to get the key usage extension
>>from a x.509 certificate:
>>
>> ext=CertFindExtension(szOID_KEY_USAGE ,
>> cExtension,
>> rgExtension);
>>
>>This call is successful (no error returned) and I have data to examine at
>>ext->Value.pbData. But I don't know what this data means. I am looking for
>>key encypherment or digital signing bits being set. How is this data
>>formatted. What do the values mean? Is there a definition someplace of the
>>data returned by this function?
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic