[xmlsec] RE: Entrust CSP and XMLSec mscrypto - Part 5

Ed Shallow ed.shallow at rogers.com
Sat Sep 16 12:49:24 PDT 2006


Hi Guys,

Perhaps adding another cert find attempt. Something like the following

in xmlSecMSCryptoKeysStoreFindCert ...

 

Current 1st attempt

    /* first attempt: search by cert id == name */

 

Current 2nd attempt

    /* We don't give up easily, now try to fetch the cert with a full blown 

     * subject dn

     */

 

Current 3rd attempt

    /* We don't give up easily, now try to fetch the cert with a full blown 

     * subject dn, and try with a reversed dn

     */

 

Here we could add a 4th attempt which loops through the store's certificates
and for each context loops through the properties looking for the Friendly
Name and then return this cert context if Friendly Name matches.

 

while(pCertContext= CertEnumCertificatesInStore(

     hStoreHandle,

     pCertContext))

{

//-------------------------------------------------------------------

// Loop to find all of the property identifiers for the specified  

// certificate. The loop continues until 

// CertEnumCertificateContextProperties returns zero.

 

    while(dwPropId = CertEnumCertificateContextProperties(

           pCertContext, // The context whose properties are to be listed.

           dwPropId))    // Number of the last property found.  

                     // This must be zero to find the first 

                     // property identifier.

    {

 

// Use a switch in case we want to test for other properties in the future

// Wouter I think one could replace the loop thru the Properties above with 

// a direct call to CertGetCertificateContextProperty specifying
CERT_FRIENDLY_NAME_PROP_ID

// as the dwPropId argument. You may try this method if you like it better.
Ed

 

       switch(dwPropId)

       {

         case CERT_FRIENDLY_NAME_PROP_ID:

         {

// We found our property identifier

           break;

         }

       } // End switch.

 

//-------------------------------------------------------------------

// Retrieve information on the property by first getting the 

// property size. 

 

       if(CertGetCertificateContextProperty(

             pCertContext, 

             dwPropId , 

             NULL, 

             &cbData))

        {

        //  Continue.

        }

        else {  

// If the first call to the function failed,

// exit to an error routine.

          xmlSecError(XMLSEC_ERRORS_HERE, ……

        }

//-------------------------------------------------------------------

// The call succeeded. Use the size to allocate memory 

// for the property.

   

        if(pvData = (void*)malloc(cbData)) {

        // Memory is allocated. Continue.

        }

        else {

        // If memory allocation failed, exit to an error routine.

           xmlSecError(XMLSEC_ERRORS_HERE, ……

        }

        // Allocation succeeded. Retrieve the property data.

   

        if(CertGetCertificateContextProperty(

            pCertContext,

            dwPropId,

            pvData, 

            &cbData)) {

            if (pvData == name) {          // is it name which contains the
incoming <KeyName>?

                return pCertContext;

            }

        }

        else {

        // If an error occurred in the second call, 

        // exit to an error routine.

          xmlSecError(XMLSEC_ERRORS_HERE, ……

        }

        //----------------------------------------------------------------

        // Free the certificate context property memory.   

        free(pvData);                        // or is it xmlFree(pvData)

    }   // End inner while.

} // End outer while.

 

Ed

 

-----Original Message-----
From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
Behalf Of Aleksey Sanin
Sent: Saturday, September 16, 2006 12:56 PM
To: Ed Shallow
Cc: 'Wouter'; xmlsec at aleksey.com
Subject: Re: [xmlsec] RE: Entrust CSP and XMLSec mscrypto - Part 4

 

> I can see in the code that Wouter is already trying several options to 

> get certificates out using the <KeyName> string., this would simply be 

> one more.

> 

> I would vote for 1) above.

> 

> Would do you think ?

 

Sounds good to me... Though, I can not say I am an expert

on MSCrypto API to understand the "little details" :) You know

that I love patches, don't you? :) :) :)

 

Aleksey

 

_______________________________________________

xmlsec mailing list

xmlsec at aleksey.com

http://www.aleksey.com/mailman/listinfo/xmlsec

 

-- 

No virus found in this incoming message.

Checked by AVG Free Edition.

Version: 7.1.405 / Virus Database: 268.12.4/449 - Release Date: 9/15/2006

 


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.4/449 - Release Date: 9/15/2006
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20060916/a029f389/attachment-0001.htm


More information about the xmlsec mailing list