RE: CAPI Revocation checking PKCS#7 issues : CertDllVerifyRevocation d

Hello jaslong,

If I were you, I would take a good look at the CryptMsg* APIs with
particular attention to CryptMsgOpenToDecode() perhaps.

HTH,
rowein

"jaslong@xxxxxxxxxxx" wrote:



My problem is that I can determine what encoding type I receive, but I
cannot extract
the certificates (X.509) from a PKCS7!

I need to perfrom this operation in order to pass the X.509
certificates to a third party authentication server.
The authentication server automaticall does path building - so there
is no point in using CAPI built in service for this (and is not the
problem - just background).

I am not interested in signatures as its only revocation checking I
wish to perfrom.
Obviously Im bound by CAPI client - means I must support the Microsoft
interface fully if im going to
implement my own revocation check.

so in short, I have a PKCS#7 and wish to extract the X509 Certificates
(into an array fro example).


// Externally called DLL method called by CAPI's
CertVerifyRevocation(...)
BOOL WINAPI CertDllVerifyRevocation(IN DWORD dwEncodingType,
DWORD dwRevType,

DWORD cContext,
PVOID rgpvContext[],
DWORD dwFlags,
PCERT_REVOCATION_PARA pRevPara,
OUT PCERT_REVOCATION_STATUS pRevStatus)


if ((dwEncodingType & X509_ASN_ENCODING) == X509_ASN_ENCODING) {

// OK just call soap method passing in cert.

} else if((dwEncodingType & PKCS_7_ASN_ENCODING) ==
PKCS_7_ASN_ENCODING) {

// Not ok - need to get cert and call method with DER encoded X509
Certs contained within.

// HELP!!!!
}



I would be very greatful to anyone who could help!

I seem to be asking the wrong questions in groups and cannot find any
relevent information on this?

many thanks in advance


.

Relevant Pages