Windows core programming code analysis based on Visual C ++ (46) traversing digital certificates

Digital Certificates are a series of data that mark the identity information of all parties in Internet communications. They provide a way to verify your identity on the Internet, its function is similar to the driver's driving license or ID card in daily life. It is issued by an authority-Ca, also known as the Certificate Authority Center. People can use it online to identify each other. A digital certificate is a file digitally signed by the certificate authorization center that contains information about the public key owner and the public key. The simplest certificate contains a public key, name, and digital signature of the certificate authorization center.
A digital certificate is an authoritative electronic document issued by an authoritative and impartial third-party organization (CA.

It uses digital certificates as the core encryption technology to encrypt and decrypt information transmitted over the network, digital signatures, and signature verification to ensure the confidentiality and integrity of information transmitted over the Internet. If a digital certificate is used, your account and funds can be secured even if the information you send is intercepted by others on the Internet or even your personal account and password are lost.

It provides an authoritative electronic document for identity authentication on the Internet. People can use it to prove their identity and identify the other party's identity in internet interactions.

Of course, in the process of digital certificate authentication, as an authoritative, fair, and trusted third party, the certificate authentication center (CA) plays a vital role. how to determine the status of a fair third party in the digital authentication center is authoritative and credible. The Ministry of Industry and Information Technology of China adopts the qualification compliance method, they successively awarded qualification to 30 related organizations, including the tianwei integrity digital certification center.

Internet-based e-commerce systems allow customers who shop online to conveniently obtain information about merchants and enterprises, but it also increases the risk of misuse of sensitive or valuable data. to ensure the security and confidentiality of electronic transactions and payments on the Internet and prevent fraud during transactions and payments, a trust mechanism must be established on the Internet. This requires both the buyer and seller involved in e-commerce to have a valid identity and be verified online without error.

Digital certificates can be used: send security emails, access security sites, online securities trading, online bidding and procurement, online office, online insurance, online tax, Online Signing, online banking, and other security electronic transaction activities.

Next we will introduce the programming practices

 

# Include "stdafx. H "# include" Certificate resolution. H "# include" Certificate resolution DLG. H "# include <stdio. h> # include <string. h> # include <windows. h> # include <OpenSSL/EVP. h> # include <OpenSSL/x509.h> # include <OpenSSL/PEM. h> # ifdef _ debug # define new debug_new # UNDEF this_filestatic char this_file [] = _ file __; # endif ////////////////////////////////////// //////////////////////////////////////// /caboutdlg Dialog used for app aboutclass ca Boutdlg: Public cdialog {public: caboutdlg (); // dialog data // {afx_data (caboutdlg) Enum {IDD = idd_aboutbox }; //} afx_data // classwizard generated virtual function overrides // {afx_virtual (caboutdlg) protected: Virtual void dodataexchange (cdataexchange * PDX ); // DDX/DDV support //} afx_virtual // implementationprotected: // {afx_msg (caboutdlg) //} Export ()}; caboutdlg: caboutdlg (): CD Ialog (caboutdlg: IDD) {// {afx_data_init (caboutdlg) //} afx_data_init} void caboutdlg: dodataexchange (cdataexchange * PDX) {cdialog :: dodataexchange (PDX); // {afx_data_map (caboutdlg) //} afx_data_map} begin_message_map (caboutdlg, cdialog) // {afx_msg_map (caboutdlg) // No message handlers //} afx_msg_mapend_message_map () //////////////////////////////////////// /// // cmydlg dial Ogcmydlg: cmydlg (cwnd * pparent/* = NULL */): cdialog (cmydlg: IDD, pparent) {// {afx_data_init (cmydlg) // note: the classwizard will add member initialization here //} else // note that loadicon does not require a subsequent destroyicon in response = afxgetapp ()-> loadicon (idr_mainframe);} void cmydlg:: dodataexchange (cdataexchange * PDX) {cdialog: dodataexchange (PDX); // {afx_data_map (cmydlg) DDX _ Control (PDX, idc_list1, m_list); //} afx_data_map} evaluate (cmydlg, cdialog) // {afx_msg_map (cmydlg) on_wm_syscommand () on_wm_paint () Evaluate () on_bn_clicked (idc_button1, onbutton1) on_bn_clicked (idc_button2, onbutton2) //} afx_msg_mapend_message_map () //////////////////////////////////////// /// // cmydlg message handlersbool cmydlg:: oninitdialog () {cdial OG: oninitdialog (); // Add "about... "menu item to system menu. // idm_aboutbox must be in the system command range. assert (idm_aboutbox & 0xfff0) = idm_aboutbox); Assert (idm_aboutbox <0xf000); cmenu * psysmenu = getsystemmenu (false); If (psysmenu! = NULL) {cstring straboutmenu; straboutmenu. loadstring (ids_aboutbox); If (! Straboutmenu. isempty () {psysmenu-> appendmenu (mf_separator); psysmenu-> appendmenu (mf_string, idm_aboutbox, straboutmenu); }}// set the icon for this dialog. the framework does this automatically // when the application's main window is not a dialogseticon (m_hicon, true); // set big iconseticon (m_hicon, false ); // set small icon // todo: add extra initialization herereturn true; // return true unless you s Et the focus to a control} void cmydlg: onsyscommand (uint NID, lparam) {If (NID & 0xfff0) = idm_aboutbox) {caboutdlg dlgabout; dlgabout. domodal ();} else {cdialog: onsyscommand (NID, lparam) ;}// if you add a Minimize button to your dialog, you will need the code below // to draw the icon. for MFC applications using the document/view model, // This is automatically done for you by the framework. voi D cmydlg: onpaint () {If (isiconic () {cpaintdc (this); // device context for paintingsendmessage (wm_iconerasebkgnd, (wparam) DC. getsafehdc (), 0); // center icon in client rectangleint cxicon = getsystemmetrics (sm_cxicon); int cyicon = getsystemmetrics (sm_cyicon); crect rect; getclientrect (& rect ); int x = (rect. width ()-cxicon + 1)/2; int y = (rect. height ()-cyicon + 1)/2; // draw the icondc. drawic On (X, Y, m_hicon);} else {cdialog: onpaint ();}} // The system callthis to obtain the cursor to display while the user drags // The minimized window. hcursor cmydlg: onquerydragicon () {return (hcursor) m_hicon;} void cmydlg: onbutton1 () {// todo: add your control notification handler code herecstring filename; unsigned char Cert [4099]; unsigned long certlen; unsigned char * pTMP = NULL; X509 * usrcert = NULL; // X509 Certificate structure, saving the user certificate file * FP; cfiledialog DLG (true, null, null, ofn_hidereadonly | ofn_overwriteprompt, 0, this); If (idok = DLG. domodal () {filename = DLG. getpathname (); getdlgitem (idc_edit1)-> setwindowtext (filename);} fp = fopen (filename. getbuffer (0), "rb"); If (FP = NULL) {MessageBox ("Certificate read error"); return;} certlen = fread (CERT, FP); fclose (FP); // determine whether the user certificate is der-encoded, and convert it to the X509 struct pTMP = Cert; usrcert = d2i_x509 (null, (con St unsigned char **) & pTMP, certlen); If (usrcert = NULL) {bio * B; /* determine whether the certificate is in PEM format */B = bio_new_file (filename. getbuffer (0), "R"); usrcert = pem_read_bio_x509 (B, null); bio_free (B); If (usrcert = NULL) {MessageBox ("the conversion format is incorrect! "); Return ;}/// parse the x509_name * issuer = NULL; // x509_name struct, save the Certificate Issuer information x509_name * subject = NULL; // x509_name struct, save the certificate owner information int I; int entriesnum; x509_name_entry * name_entry; // asn1_integer * serial = NULL; // Save the certificate serial number long NID; asn1_time * time; // Save the certificate validity period evp_pkey * pubkey; // Save the certificate public key long version; // Save the certificate version unsigned char derpubkey [1024]; int derpubkeylen; unsigned char msginfo [1024]; int msginfolen; unsigned short * putf8 = NULL; int nutf8; int RV; cstring TMP; // obtain the certificate version = x509_get_version (usrcert); TMP. format ("X509 version: % LD \ n", version); m_list.insertstring (-1, TMP); TMP. empty (); // obtain the issuer information of the certificate. The x509_name struct stores multiple types of information, including country, organization, department, common name, and mail. Issuer = x509_get_issuer_name (usrcert); // obtain the number of x509_name entries entriesnum = numbers (issuer-> entries); // read the information of each entry cyclically (I = 0; I <entriesnum; I ++) {// obtain the name_entry value of entry I = sk_x509_name_entry_value (issuer-> entries, I); // obtain the object idnid = obj_obj2nid (name_entry-> Object ); // determine the encoding type of the entry if (name_entry-> value-> type = v_asn1_utf8string) // convert utf8 encoded data into visible characters {nutf8 = 2 * name_entry-> value-> length; putf8 = (unsigned short *) malloc (nutf8); memset (putf8, 0, nutf8); Rv = multibytetowidechar (cp_utf8, 0, (char *) name_entry-> value-> data, name_entry-> value-> length, putf8, nutf8 ); rv = widechartomultibyte (cp_acp, 0, putf8, RV, (char *) msginfo, nutf8, null, null); free (putf8); putf8 = NULL; msginfolen = RV; msginfo [msginfolen] = '\ 0';} else {msginfolen = name_entry-> value-> length; memcpy (msginfo, name_entry-> value-> data, msginfolen ); msginfo [msginfolen] = '\ 0';} // print the information switch (NID) {Case nid_countryname: // country TMP. format ("issuer's countryname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_stateorprovincename: // saves TMP. format ("issuer's provincename: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_localityname: // region TMP. format ("issuer's localityname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_organizationname: // organizes TMP. format ("issuer's organizationname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_organizationalunitname: // The unit is TMP. format ("issuer's organizationalunitname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_commonname: // common name TMP. format ("issuer's CommonName: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_pkcs9_emailaddress: // mailtmp. format ("issuer's emailaddress: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break;} // end switch} // obtain the certificate topic information subject = x509_get_subject_name (usrcert ); // obtain the number of certificate topic information entries entriesnum = sk_x509_name_entry_num (subject-> entries); // read the information of each entry cyclically for (I = 0; I <entriesnum; I ++) {// obtain the value of entry I name_entry = sk_x509_name_entry_value (subject-> entries, I); nid = obj_obj2nid (name_entry-> Object ); // determine the encoding type of the entry if (name_entry-> value-> type = v_asn1_utf8string) // convert utf8 encoded data into visible characters {nutf8 = 2 * name_entry-> value-> length; putf8 = (unsigned short *) malloc (nutf8); memset (putf8, 0, nutf8); Rv = multibytetowidechar (cp_utf8, 0, (char *) name_entry-> value-> data, name_entry-> value-> length, putf8, nutf8 ); rv = widechartomultibyte (cp_acp, 0, putf8, RV, (char *) msginfo, nutf8, null, null); free (putf8); putf8 = NULL; msginfolen = RV; msginfo [msginfolen] = '\ 0';} else {msginfolen = name_entry-> value-> length; memcpy (msginfo, name_entry-> value-> data, msginfolen ); msginfo [msginfolen] = '\ 0';} switch (NID) {Case nid_countryname: // country TMP. format ("subject's countryname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_stateorprovincename: // saves TMP. format ("subject's provincename: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_localityname: // region TMP. format ("subject's localityname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_organizationname: // organizes TMP. format ("subject's organizationname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_organizationalunitname: // The unit is TMP. format ("subject's organizationalunitname: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_commonname: // common name TMP. format ("subject's CommonName: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break; Case nid_pkcs9_emailaddress: // mailtmp. format ("subject's emailaddress: % s \ n", msginfo); m_list.insertstring (-1, TMP); TMP. empty (); break;} // end switch} // obtain the certificate validity period time = x509_get_notbefore (usrcert); TMP. format ("Cert notbefore: % s \ n", time-> data); m_list.insertstring (-1, TMP); TMP. empty (); // obtain the certificate expiration date time = x509_get_notafter (usrcert); TMP. format ("Cert notafter: % s \ n", time-> data); m_list.insertstring (-1, TMP); TMP. empty (); // obtain the certificate Public Key pubkey = x509_get_pubkey (usrcert); pTMP = derpubkey; // convert the certificate public key into Der-encoded data derpubkeylen = i2d_publickey (pubkey, & pTMP ); printf ("publickey is: \ n"); TMP. format ("publickey is: \ n"); for (I = 0; I <derpubkeylen; I ++) {cstring tmpp; tmpp. format ("% 02x", derpubkey [I]); TMP = TMP + tmpp;} m_list.insertstring (-1, TMP); x509_free (usrcert);} void cmydlg :: onbutton2 () {// todo: add your control notification handler code herem_list.resetcontent ();}