Welcome to TechNet Blogs Sign in | Join | Help

Enterprise IT Identity & Access Management

A Buyer's & Integrator's Guide - WebLog Version 1.0

Syndication

News

Hi, I've moved into an Information Security Research & Strategy role from an IAM Architecture role. So this blog site is retired. I may launch a security blog in the future. Thank you all for visiting!
Sample Code (C++) - Scan Certificate Expiration Date Remotely

It is hard to find a tool to check certificate expiration date on a remote machine without logon locally. Here is my code to accomplish this job:

// to build: cl scancert.cpp -link crypt32.lib
//------------------------------------------------------

#include <windows.h>
#include <wincrypt.h>
#include <stdlib.h>
#include <stdio.h>
#include <shlwapi.h>
const char *s1 = "\\my";
void listlocalcertstore(char const * const s);
 
void main(int argc, char** argv)
{
   if (argc != 2) {
      printf("Usage %s servername\n", argv[0]);
      exit(1);
   }
   char *s2 = (char*)malloc( (strlen(s1) + strlen(argv[1]) +1) * sizeof(char));
   if( s2 == NULL) {
      printf("Can not allocate memory on s2\n");
      exit(1);
   }
   strcpy(s2, argv[1]);
   strcat (s2, s1);

   char *s0 = (char*)malloc( (3 + strlen(s2)) * sizeof(char));

   if( s0 == NULL) {
      printf("Can not allocate memory on s0\n");
      exit(1);
   }
   strcpy(s0,"\\\\");
   strcat (s0, s2);
   listlocalcertstore(s0);
   free(s2);
   free(s0);
}

void HandleError(char *s);

void listlocalcertstore(char const * const pszStoreName) {
   HANDLE          hStoreHandle;
   PCCERT_CONTEXT  pCertContext=NULL;  
   PCCERT_CONTEXT  pDupCertContext;
   PCERT_PUBLIC_KEY_INFO pOldPubKey = NULL;
   PCERT_PUBLIC_KEY_INFO pNewPubKey;
   char pszNameString[256];
   wchar_t pwszStoreName[256];
   swprintf(pwszStoreName, L"%S", pszStoreName);
   hStoreHandle = CertOpenStore(
      CERT_STORE_PROV_SYSTEM,  
      0,                       
      NULL,                    
      CERT_SYSTEM_STORE_LOCAL_MACHINE,
      pwszStoreName
   );

   if(hStoreHandle)
   {
      // printf("The %s store has been opened. \n", pszStoreName);
   }
   else
   {
      HandleError("The store was not opened.");
   }

   /* Find the certificates in the system store.  */

   while(pCertContext = CertEnumCertificatesInStore(hStoreHandle, pCertContext)) {
      /* Get and display the name of subject of the certificate. */
      if(CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pszNameString, 128)) {
             printf("\nCertificate: %s \n",pszNameString);
      }
      else
      {
             HandleError("CertGetName failed.");
      }

      if(CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, pszNameString, 128)) {
             // printf("Issuer %s \n",pszNameString);
      }
      else
      {
             HandleError("CertGetName failed.");
      }

      FILETIME expirytime;
      SYSTEMTIME systime;
      expirytime = pCertContext->pCertInfo->NotAfter;
      FileTimeToSystemTime(&expirytime, &systime);
      printf("Expiry date: %d %d %d\n", systime.wYear, systime.wMonth, systime.wDay);
   }
   CertCloseStore(hStoreHandle, 0);
}

void printError(DWORD messageId) {
   LPSTR pBuf;

   if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, messageId, 0, (LPSTR) &pBuf, 0, NULL)) {
      fprintf(stderr, "%s\n", pBuf);
      LocalFree(pBuf);
   }
   else
   {
      fprintf(stderr, "Error %d (0x%x)\n", messageId);
   }
}

void HandleError(char *s)
{
   DWORD dwErr = GetLastError();
   fprintf(stderr,"An error occurred in running the program. \n");
   fprintf(stderr,"%s\n",s);
   fprintf(stderr, "Error number %x.\n", dwErr);
   printError(dwErr);
   fprintf(stderr, "Program terminating. \n");
   exit(1);
}

Published Sunday, March 26, 2006 2:00 AM by Yale Li

Filed under:

Comments

No Comments

Anonymous comments are disabled
Page view tracker