如何在不使用第三方库的情况下从C#的证书吊销列表中提取序列号列表?
[英]How do I extract the list of serial numbers from a Certificate Revocation List in C# without using third party libraries?
问题描述
I've connected to a MS PKI Certificate Revocation List distribution point and obtained the CRL 
我已连接到MS PKI证书吊销列表分发点,并获得了CRL
What's the most straightforward way to extract the list of serial numbers from the CRL without using third party libraries? 不使用第三方库从CRL中提取序列号列表的最直接方法是什么?
1 个解决方案
解决方案1
0 2016-12-18 13:52:30
You will have to unroll the CRL by using unmanaged CryptoAPI functions (through p/invoke, of course). 您将必须使用非托管的CryptoAPI函数(当然是通过p / invoke)来展开CRL。 Generally, you will have to the following high-level step-by-step: 通常,您将必须执行以下高级操作:
- CertCreateCRLContext -- this function will return a pointer to a CRL_CONTEXT structure. CertCreateCRLContext-此函数将返回一个指向CRL_CONTEXT结构的指针。
- Use
Marshal.PtrToStructure.NET method to convertpCrlInfopointer ofCRL_CONTEXTstructure toCRL_INFOstructure.使用Marshal.PtrToStructure.NET方法将CRL_CONTEXT结构的pCrlInfo指针转换为CRL_INFO结构。 -
rgCRLEntryis an array of pointers (array size is determined bycCRLEntrymember ofCRL_INFO).rgCRLEntry是一个指针数组(数组大小由下式确定cCRLEntry的构件CRL_INFO)。 - Iterate over this array by incrementing starting pointer by the size of
CRL_ENTRYstructure.通过将起始指针增加CRL_ENTRY结构的大小来循环访问此数组。 -
SerialNumbermember ofCRL_ENTRYis a byte array.CRL_ENTRYSerialNumber成员是一个字节数组。 You can directly useMarshal.Copy(IntPtr, Byte[], Int32, Int32)method to copy unmanaged array to managed.您可以直接使用Marshal.Copy(IntPtr, Byte[], Int32, Int32)方法将非托管数组复制到托管。 This will give you serial number.这将为您提供序列号。 Repeat steps 4-5 for each CRL entry. 对每个CRL条目重复步骤4-5。
Do not forget to release pointer to CRL_CONTEXT structure by calling CertFreeCRLContext function when finished to prevent memory leaks. 完成操作以防止内存泄漏时,请不要忘记通过调用CertFreeCRLContext函数来释放指向CRL_CONTEXT结构的指针。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.