Windows API authenticode 获取根证书
Windows API authenticode get root certificate
我想使用 Windows API.
遍历经过验证码签名的 PE 二进制文件的证书链
为了获取证书存储,我遵循了 Microsoft 的示例:
https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables
这样我就获得了叶证书和中间证书,但没有获得根证书。使用不同的 Windows 二进制文件进行测试(例如 explorer.exe)
我尝试了以下循环来逛商店:
while (pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_ANY, NULL, pCertContext));
while (pCertContext = CertEnumCertificatesInStore(hStore, pCertContext));
authenticode 签名中没有包含根证书吗?
我是否错过了某些选项?
感谢@RbMm 对 CertGetCertificateChain
的建议,这确实解决了我的问题。
要获得整个链,您需要从叶证书开始(存储接缝从上到下开始)。
CERT_INFO CertInfo;
CertInfo.Issuer = pSignerInfo->Issuer;
CertInfo.SerialNumber = pSignerInfo->SerialNumber;
pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
if (!pCertContext) {
_tprintf(_T("CertFindCertificateInStore failed with %x\n"), GetLastError());
__leave;
}
CERT_ENHKEY_USAGE EnhkeyUsage;
CERT_USAGE_MATCH CertUsage;
CERT_CHAIN_PARA ChainPara;
EnhkeyUsage.cUsageIdentifier = 0;
EnhkeyUsage.rgpszUsageIdentifier = NULL;
CertUsage.dwType = USAGE_MATCH_TYPE_AND;
CertUsage.Usage = EnhkeyUsage;
ChainPara.cbSize = sizeof(CERT_CHAIN_PARA);
ChainPara.RequestedUsage = CertUsage;
if (!CertGetCertificateChain(
NULL, // use the default chain engine
pCertContext, // pointer to the end certificate
NULL, // use the default time
NULL, // search no additional stores
&ChainPara, // use AND logic and enhanced key usage
// as indicated in the ChainPara
// data structure
dwFlags,
NULL, // currently reserved
&pChainContext)) {
cerr << "Error on CertGetCertificateChain" << endl;
__leave;
}
PCERT_SIMPLE_CHAIN rgpChain = NULL;
PCERT_CHAIN_ELEMENT rgpElement = NULL;
rgpChain = pChainContext->rgpChain[0];
for (int j = 0; j < rgpChain->cElement; j++) {
rgpElement = rgpChain->rgpElement[j];
PrintCertificateInfo(rgpElement->pCertContext);
cout << endl;
}
我想使用 Windows API.
遍历经过验证码签名的 PE 二进制文件的证书链为了获取证书存储,我遵循了 Microsoft 的示例:
https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables
这样我就获得了叶证书和中间证书,但没有获得根证书。使用不同的 Windows 二进制文件进行测试(例如 explorer.exe)
我尝试了以下循环来逛商店:
while (pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_ANY, NULL, pCertContext));
while (pCertContext = CertEnumCertificatesInStore(hStore, pCertContext));
authenticode 签名中没有包含根证书吗?
我是否错过了某些选项?
感谢@RbMm 对 CertGetCertificateChain
的建议,这确实解决了我的问题。
要获得整个链,您需要从叶证书开始(存储接缝从上到下开始)。
CERT_INFO CertInfo;
CertInfo.Issuer = pSignerInfo->Issuer;
CertInfo.SerialNumber = pSignerInfo->SerialNumber;
pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
if (!pCertContext) {
_tprintf(_T("CertFindCertificateInStore failed with %x\n"), GetLastError());
__leave;
}
CERT_ENHKEY_USAGE EnhkeyUsage;
CERT_USAGE_MATCH CertUsage;
CERT_CHAIN_PARA ChainPara;
EnhkeyUsage.cUsageIdentifier = 0;
EnhkeyUsage.rgpszUsageIdentifier = NULL;
CertUsage.dwType = USAGE_MATCH_TYPE_AND;
CertUsage.Usage = EnhkeyUsage;
ChainPara.cbSize = sizeof(CERT_CHAIN_PARA);
ChainPara.RequestedUsage = CertUsage;
if (!CertGetCertificateChain(
NULL, // use the default chain engine
pCertContext, // pointer to the end certificate
NULL, // use the default time
NULL, // search no additional stores
&ChainPara, // use AND logic and enhanced key usage
// as indicated in the ChainPara
// data structure
dwFlags,
NULL, // currently reserved
&pChainContext)) {
cerr << "Error on CertGetCertificateChain" << endl;
__leave;
}
PCERT_SIMPLE_CHAIN rgpChain = NULL;
PCERT_CHAIN_ELEMENT rgpElement = NULL;
rgpChain = pChainContext->rgpChain[0];
for (int j = 0; j < rgpChain->cElement; j++) {
rgpElement = rgpChain->rgpElement[j];
PrintCertificateInfo(rgpElement->pCertContext);
cout << endl;
}