| ||||
| ||||
| Здравствуйте! Подскажите, пожалуйста, как сформировать CRL с более чем одним элементом...Вот такой код (DELPHI) не работает: {CRLEntry:CRL_ENTRY; CRLs: CRL_INFO; ser_num: PBYTE; ser_num_len: DWORD; ser_num_int: integer; nameAttr: CERT_RDN_ATTR; nameString: PChar; rdn: CERT_RDN; nameInfo: CERT_NAME_INFO; encNameLen: DWORD; EncName: PBYTE; st1:string; params: CRYPT_OBJID_BLOB; CRL_enc_len: DWORD; CRL_enc: PBYTE; extension: CERT_EXTENSION; crls_extension: CERT_EXTENSION; reason_code: integer; i:integer;} st1:='name'; nameString:= StrAlloc (length (st1)+1); StrPCopy (nameString, st1); nameAttr.pszObjId:= '2.5.4.3'; nameAttr.dwValueType:= CERT_RDN_PRINTABLE_STRING; nameAttr.Value.cbData:= length (st1); nameAttr.Value.pbData:= PBYTE (nameString); rdn.cRDNAttr:= 1; rdn.rgRDNAttr:= @nameAttr; nameInfo.cRDN:= 1; nameInfo.rgRDN:= @rdn; CryptEncodeObject (PKCS_7_ASN_ENCODING or X509_ASN_ENCODING, X509_NAME,@nameInfo, nil, @encNameLen ); GetMem (encName, encNameLen); CryptEncodeObject (PKCS_7_ASN_ENCODING or X509_ASN_ENCODING, X509_NAME, @nameInfo, encName,@encNameLen); for i:=1 to 10 do begin ser_num_int:=i; CRLEntry.SerialNumber.cbData:=sizeof(ser_num_int); CRLEntry.SerialNumber.pbData:=@ser_num_int; DateTimeToSystemTime(now(), sysTime); SystemTimeToFileTime (sysTime,CRLEntry.RevocationDate); reason_code:=1; CryptEncodeObject(PKCS_7_ASN_ENCODING or X509_ASN_ENCODING,X509_CRL_REASON_CODE,@reason_code,nil,@extension.Value.cbData); GetMem(extension.Value.pbData,extension.Value.cbData); CryptEncodeObject(PKCS_7_ASN_ENCODING or X509_ASN_ENCODING,X509_CRL_REASON_CODE,@reason_code,extension.Value.pbData,@extension.Value.cbData); extension.pszObjId:= szOID_CRL_REASON_CODE; extension.fCritical:=false; CRLEntry.cExtension:=1; CRLEntry.rgExtension:=@extension; array_crl[i]:=@CRLEntry; end; CRLs.dwVersion:=CRL_V2; FillChar (params, sizeof (params), 0); CRLs.SignatureAlgorithm.pszObjId:=szOID_OIWSEC_sha1RSASign; CRLS.SignatureAlgorithm.Parameters:=params; DateTimeToSystemTime (StrToDateTime (DateTimeToStr(Now)), sysTime); SystemTimeToFileTime (sysTime, CRLS.ThisUpdate ); DateTimeToSystemTime(StrtoDateTime (DateTimeToStr(Now+365)), sysTime); SystemTimeToFileTime (sysTime, CRLS.NextUpdate); CRLS.cCRLEntry:=10; CRLS.rgCRLEntry:=@array_crl; CRLS.cExtension:=0; CRLS.rgExtension:=nil; CRLs.Issuer.cbData:=encNameLen; CRLs.Issuer.pbData:=encName; CryptSignAndEncodeCertificate(prov,AT_SIGNATURE,PKCS_7_ASN_ENCODING or X509_ASN_ENCODING,X509_CERT_CRL_TO_BE_SIGNED ,@CRLs,@(CRLs.SignatureAlgorithm),nil,nil,@CRL_enc_len); GetMem(CRL_enc,CRL_enc_len); CryptSignAndEncodeCertificate(prov,AT_SIGNATURE,PKCS_7_ASN_ENCODING or X509_ASN_ENCODING,X509_CERT_CRL_TO_BE_SIGNED ,@CRLs,@(CRLs.SignatureAlgorithm),nil,CRL_enc,@CRL_enc_len); .... Первый CryptSignAndEncodeCertificate выдает ошибку 3221225477 :) В чем может быть проблема? Если в количество отозванных сертификатов не превышает одного, то все прекрасно работает (в таком виде CRLS.rgCRLEntry:=@CRLEntry;) |
tranquilla