06.04.2007 9:20:09Создание запроса на сертификат Ответов: 2
Волков
Создаю запрос на сертификат следующим образом:
CERT_RDN_ATTR rgNameAttr[] = {
"2.5.4.3",
CERT_RDN_PRINTABLE_STRING,
strlen(CERT_SUBJECT_NAME),
(BYTE*)CERT_SUBJECT_NAME};
CERT_RDN rgRDN[] = {
1,
&rgNameAttr[0]};
CERT_NAME_INFO Name = {
1,
rgRDN};


//ïûòàåìñÿ îòêðûòü êëþ÷åâîé êîíòåéíåð
if (!CryptAcquireContext(
&hCryptProv,
"mycontainer",
NULL,
75,
CRYPT_NEWKEYSET))
{
ShowMessage("failed CryptAcquireContext");
return;
}

if (!CryptGenKey(
hCryptProv,
CALG_GR3410,
AT_SIGNATURE,
&hKey))
{
ShowMessage("failed CryptGenKey");
}

if(!CryptEncodeObject(
MY_ENCODING_TYPE,
X509_NAME,
&Name,
NULL,
&cbNameEncoded))
{
ShowMessage("First call to CryptEncodeObject failed.");
return;
}

if(!(pbNameEncoded = (BYTE*)malloc(cbNameEncoded)))
ShowMessage("Îøèáêà âûääåëåíèÿ ïàìÿòè äëÿ pbNameEncoded failed.\n");

if(!CryptEncodeObject(
MY_ENCODING_TYPE, // Encoding type
X509_NAME, // Structure type
&Name, // Address of CERT_NAME_INFO structure
pbNameEncoded, // pbEncoded
&cbNameEncoded)) // pbEncoded size
{
free(pbNameEncoded);
ShowMessage("Second call to CryptEncodeObject failed.");
}

SubjNameBlob.cbData = cbNameEncoded;
SubjNameBlob.pbData = pbNameEncoded;
CertReqInfo.Subject = SubjNameBlob;

CertReqInfo.cAttribute = 0;
CertReqInfo.rgAttribute = NULL;
CertReqInfo.dwVersion = CERT_REQUEST_V1;

if(!CryptExportPublicKeyInfo(
hCryptProv, // Provider handle
AT_SIGNATURE, // Key spec
MY_ENCODING_TYPE, // Encoding type
NULL, // pbPublicKeyInfo
&cbPublicKeyInfo)) // Size of PublicKeyInfo
{
free(pbNameEncoded);
ShowMessage("First call to CryptExportPublickKeyInfo failed");
}

if(!(pbPublicKeyInfo=(CERT_PUBLIC_KEY_INFO*)malloc(cbPublicKeyInfo)))
{
free(pbNameEncoded);
ShowMessage("Memory allocation failed.");
}

if(!CryptExportPublicKeyInfo(
hCryptProv, // Provider handle
AT_SIGNATURE, // Key spec
MY_ENCODING_TYPE, // Encoding type
pbPublicKeyInfo, // pbPublicKeyInfo
&cbPublicKeyInfo)) // Size of PublicKeyInfo
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
ShowMessage("Second call to CryptExportPublicKeyInfo failed.");
}
CertReqInfo.SubjectPublicKeyInfo = *pbPublicKeyInfo;
memset(&Parameters, 0, sizeof(Parameters));
SigAlg.pszObjId = szOID_OIWSEC_sha1RSASign;
SigAlg.Parameters = Parameters;

if(!CryptSignAndEncodeCertificate(
hCryptProv,
AT_SIGNATURE,
MY_ENCODING_TYPE,
X509_CERT_REQUEST_TO_BE_SIGNED,
&CertReqInfo,
&SigAlg,
NULL,
NULL,
&cbEncodedCertReqSize))
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
ShowMessage("First call to CryptSignandEncode failed.");
}

if(!(pbSignedEncodedCertReq = (BYTE*)malloc(cbEncodedCertReqSize)))
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
ShowMessage("Malloc operation failed.");
}

if(!CryptSignAndEncodeCertificate(
hCryptProv, // Crypto provider
AT_SIGNATURE, // Key spec
MY_ENCODING_TYPE, // Encoding type
X509_CERT_REQUEST_TO_BE_SIGNED, // Struct type
&CertReqInfo, // Struct info
&SigAlg, // Signature algorithm
NULL, // Not used
pbSignedEncodedCertReq, // Pointer
&cbEncodedCertReqSize)) // Length of the message
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
free(pbSignedEncodedCertReq);
ShowMessage("The message isn't encoded signed");
}

pSignedEncodedCertReqBlob=new char[(cbEncodedCertReqSize *2) +1];

ReqFile=fopen("request","w+t");
ByteToStr(cbEncodedCertReqSize,
pbSignedEncodedCertReq,
pSignedEncodedCertReqBlob);
fwrite(pSignedEncodedCertReqBlob,1,cbEncodedCertReqSize,ReqFile);
void ByteToStr(
DWORD cb,
void* pv,
LPSTR sz)
//-------------------------------------------------------------------
// Parameters passed are:
// pv is the array of BYTEs to be converted.
// cb is the number of BYTEs in the array.
// sz is a pointer to the string to be returned.

{
//-------------------------------------------------------------------
// Declare and initialize local variables.

BYTE* pb = (BYTE*) pv; // local pointer to a BYTE in the BYTE array
DWORD i; // local loop counter
int b; // local variable

//-------------------------------------------------------------------
// Begin processing loop.

for (i = 0; i<cb; i++)
{
b = (*pb & 0xF0) >> 4;
*sz++ = (b <= 9) ? b + '0' : (b - 10) + 'A';
b = *pb & 0x0F;
*sz++ = (b <= 9) ? b + '0' : (b - 10) + 'A';
pb++;
}
*sz++ =0;
Все нормально отрабатывает но когда я захожу на УЦ через web интефейс и пытаюсь запросить сертификат зи файла, появляется ошибка Your Request Id is 0. The disposition message is "Error Parsing Request ASN1 bad tag value met. 0x8009310b (ASN: 267)". Что не так?
 
Ответы:
13.08.2007 0:35:55snwylyugoj
Hello! Good Site! Thanks you! imenxpitizsrs
13.08.2007 10:18:31Kirill Sobolev
Где-то что-тов запросе неправильно закодировано. Чтобы узнать где можно посмотреть получившийся запрос dumpasn1