| ||||
| ||||
| Создаю запрос на сертификат следующим образом: CERT_RDN_ATTR rgNameAttr[] = { "2.5.4.3", CERT_RDN_PRINTABLE_STRING, strlen(CERT_SUBJECT_NAME), (BYTE*)CERT_SUBJECT_NAME}; CERT_RDN rgRDN[] = { 1, &rgNameAttr[0]}; CERT_NAME_INFO Name = { 1, rgRDN}; //ïûòàåìñÿ îòêðûòü êëþ÷åâîé êîíòåéíåð if (!CryptAcquireContext( &hCryptProv, "mycontainer", NULL, 75, CRYPT_NEWKEYSET)) { ShowMessage("failed CryptAcquireContext"); return; } if (!CryptGenKey( hCryptProv, CALG_GR3410, AT_SIGNATURE, &hKey)) { ShowMessage("failed CryptGenKey"); } if(!CryptEncodeObject( MY_ENCODING_TYPE, X509_NAME, &Name, NULL, &cbNameEncoded)) { ShowMessage("First call to CryptEncodeObject failed."); return; } if(!(pbNameEncoded = (BYTE*)malloc(cbNameEncoded))) ShowMessage("Îøèáêà âûääåëåíèÿ ïàìÿòè äëÿ pbNameEncoded failed.\n"); if(!CryptEncodeObject( MY_ENCODING_TYPE, // Encoding type X509_NAME, // Structure type &Name, // Address of CERT_NAME_INFO structure pbNameEncoded, // pbEncoded &cbNameEncoded)) // pbEncoded size { free(pbNameEncoded); ShowMessage("Second call to CryptEncodeObject failed."); } SubjNameBlob.cbData = cbNameEncoded; SubjNameBlob.pbData = pbNameEncoded; CertReqInfo.Subject = SubjNameBlob; CertReqInfo.cAttribute = 0; CertReqInfo.rgAttribute = NULL; CertReqInfo.dwVersion = CERT_REQUEST_V1; if(!CryptExportPublicKeyInfo( hCryptProv, // Provider handle AT_SIGNATURE, // Key spec MY_ENCODING_TYPE, // Encoding type NULL, // pbPublicKeyInfo &cbPublicKeyInfo)) // Size of PublicKeyInfo { free(pbNameEncoded); ShowMessage("First call to CryptExportPublickKeyInfo failed"); } if(!(pbPublicKeyInfo=(CERT_PUBLIC_KEY_INFO*)malloc(cbPublicKeyInfo))) { free(pbNameEncoded); ShowMessage("Memory allocation failed."); } if(!CryptExportPublicKeyInfo( hCryptProv, // Provider handle AT_SIGNATURE, // Key spec MY_ENCODING_TYPE, // Encoding type pbPublicKeyInfo, // pbPublicKeyInfo &cbPublicKeyInfo)) // Size of PublicKeyInfo { free(pbNameEncoded); free(pbPublicKeyInfo); ShowMessage("Second call to CryptExportPublicKeyInfo failed."); } CertReqInfo.SubjectPublicKeyInfo = *pbPublicKeyInfo; memset(&Parameters, 0, sizeof(Parameters)); SigAlg.pszObjId = szOID_OIWSEC_sha1RSASign; SigAlg.Parameters = Parameters; if(!CryptSignAndEncodeCertificate( hCryptProv, AT_SIGNATURE, MY_ENCODING_TYPE, X509_CERT_REQUEST_TO_BE_SIGNED, &CertReqInfo, &SigAlg, NULL, NULL, &cbEncodedCertReqSize)) { free(pbNameEncoded); free(pbPublicKeyInfo); ShowMessage("First call to CryptSignandEncode failed."); } if(!(pbSignedEncodedCertReq = (BYTE*)malloc(cbEncodedCertReqSize))) { free(pbNameEncoded); free(pbPublicKeyInfo); ShowMessage("Malloc operation failed."); } if(!CryptSignAndEncodeCertificate( hCryptProv, // Crypto provider AT_SIGNATURE, // Key spec MY_ENCODING_TYPE, // Encoding type X509_CERT_REQUEST_TO_BE_SIGNED, // Struct type &CertReqInfo, // Struct info &SigAlg, // Signature algorithm NULL, // Not used pbSignedEncodedCertReq, // Pointer &cbEncodedCertReqSize)) // Length of the message { free(pbNameEncoded); free(pbPublicKeyInfo); free(pbSignedEncodedCertReq); ShowMessage("The message isn't encoded signed"); } pSignedEncodedCertReqBlob=new char[(cbEncodedCertReqSize *2) +1]; ReqFile=fopen("request","w+t"); ByteToStr(cbEncodedCertReqSize, pbSignedEncodedCertReq, pSignedEncodedCertReqBlob); fwrite(pSignedEncodedCertReqBlob,1,cbEncodedCertReqSize,ReqFile); void ByteToStr( DWORD cb, void* pv, LPSTR sz) //------------------------------------------------------------------- // Parameters passed are: // pv is the array of BYTEs to be converted. // cb is the number of BYTEs in the array. // sz is a pointer to the string to be returned. { //------------------------------------------------------------------- // Declare and initialize local variables. BYTE* pb = (BYTE*) pv; // local pointer to a BYTE in the BYTE array DWORD i; // local loop counter int b; // local variable //------------------------------------------------------------------- // Begin processing loop. for (i = 0; i<cb; i++) { b = (*pb & 0xF0) >> 4; *sz++ = (b <= 9) ? b + '0' : (b - 10) + 'A'; b = *pb & 0x0F; *sz++ = (b <= 9) ? b + '0' : (b - 10) + 'A'; pb++; } *sz++ =0; Все нормально отрабатывает но когда я захожу на УЦ через web интефейс и пытаюсь запросить сертификат зи файла, появляется ошибка Your Request Id is 0. The disposition message is "Error Parsing Request ASN1 bad tag value met. 0x8009310b (ASN: 267)". Что не так? | ||||
| Ответы: | ||||
| ||||
| Hello! Good Site! Thanks you! imenxpitizsrs | ||||
| ||||
| Где-то что-тов запросе неправильно закодировано. Чтобы узнать где можно посмотреть получившийся запрос dumpasn1 | ||||
Волков