Windows API authenticode获得根证书

时间:2018-07-16 14:59:24

标签: c windows winapi code-signing-certificate authenticode

我想使用Windows API遍历Authenticode签名的PE二进制文件的证书链。

要获取证书存储,我遵循了Microsoft的示例:
https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables
这样我得到了叶子证书和中间证书,但没有根证书。使用不同的Windows二进制文件(例如explorer.exe)进行了测试
我尝试了以下循环来逛商店:

while (pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_ANY, NULL, pCertContext));
while (pCertContext = CertEnumCertificatesInStore(hStore, pCertContext));

rootode认证中不包含根证书吗?
我会错过某些选择吗?

1 个答案:

答案 0 :(得分:0)

感谢@RbMm对CertGetCertificateChain的建议,确实解决了我的问题。
要获得整个链,您需要从叶子证书开始(存储接缝以自上而下开始)。

改编自https://docs.microsoft.com/de-de/windows/desktop/SecCrypto/example-c-program-creating-a-certificate-chain

CERT_INFO CertInfo;

CertInfo.Issuer = pSignerInfo->Issuer;
CertInfo.SerialNumber = pSignerInfo->SerialNumber;

pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
if (!pCertContext) {
    _tprintf(_T("CertFindCertificateInStore failed with %x\n"), GetLastError());
    __leave;
}

CERT_ENHKEY_USAGE        EnhkeyUsage;
CERT_USAGE_MATCH         CertUsage;
CERT_CHAIN_PARA          ChainPara;

EnhkeyUsage.cUsageIdentifier = 0;
EnhkeyUsage.rgpszUsageIdentifier = NULL;
CertUsage.dwType = USAGE_MATCH_TYPE_AND;
CertUsage.Usage = EnhkeyUsage;
ChainPara.cbSize = sizeof(CERT_CHAIN_PARA);
ChainPara.RequestedUsage = CertUsage;

if (!CertGetCertificateChain(
    NULL,                  // use the default chain engine
    pCertContext,          // pointer to the end certificate
    NULL,                  // use the default time
    NULL,                  // search no additional stores
    &ChainPara,            // use AND logic and enhanced key usage 
                           //  as indicated in the ChainPara 
                           //  data structure
    dwFlags,
    NULL,                  // currently reserved
    &pChainContext)) {
    cerr << "Error on CertGetCertificateChain" << endl;
    __leave;
}

PCERT_SIMPLE_CHAIN    rgpChain   = NULL;
PCERT_CHAIN_ELEMENT   rgpElement = NULL;

rgpChain = pChainContext->rgpChain[0];

for (int j = 0; j < rgpChain->cElement; j++) {
    rgpElement = rgpChain->rgpElement[j];
    PrintCertificateInfo(rgpElement->pCertContext);
    cout << endl;
}
相关问题
最新问题