Http Client Protocol Issues

If you use any of these solutions, Please let me know so I can track if any of this is useful to you! Thanks! This is an area to share observations I have made working with Http Client Protocols and the associated technologies. I currently work for the Microsoft team that supports the WinInet, WinHTTP and System.Net API's and classes associated with these technologies. This is not a replacement for Microsoft Support, but an area to discuss these technologies. These postings are provided "AS IS" with no warranties, and confer no rights. Use of included code samples are subject to the terms specified at Microsoft - Information on Terms of Use

How to get Certificate Information Using WinInet APIs

There are two different structures you can query in order to retrieve server certificate information.  You must do some sort of request to complete the SSL server certificate exchange, and then you can retrieve this information.  Here is an example of that technique.

C++ code listing for sample (Copy Code):

// CertificateInfo.cpp : Defines the entry point for the console application.
// This is sample code. You are responsible for input validation, and error processing.
// The following macros define the minimum required platform. The minimum required platform
// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
// your application. The macros work by enabling all features available on platform versions up to and
// including the version specified.
// Modify the following defines if you have to target a platform prior to the ones specified below.
// Refer to MSDN for the latest info on corresponding values for different platforms.
#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
#endif
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <tchar.h>
#include <wininet.h> // make sure you link with WinInet.lib

int _tmain(int argc, _TCHAR* argv[])
{

  if (argc < 2)
  {
    std::cout << "Please specify and HTTPS address to query the certificate information for" << std::endl;
  }
  else
  {
    // Get Scheme and HostName from URL passed in
    ::URL_COMPONENTS urlComp;
    ::ZeroMemory((void *)&urlComp,sizeof(URL_COMPONENTS));
    urlComp.dwSchemeLength = -1;
    urlComp.dwHostNameLength = -1;
    urlComp.dwStructSize = sizeof(URL_COMPONENTS);
    if (!::InternetCrackUrl(argv[1],wcslen(argv[1]),0,&urlComp))
    {
        std::cout << "InternetCrackUrl failed" << std::endl;
    }
    else
    {
        if (urlComp.nScheme != INTERNET_SCHEME_HTTPS)
        {
            std::cout << "Please specify and HTTPS address to query the certificate information for: https://www.someserver.com" << std::endl;
        }
        else
        {
            std::wcout << "opening connection to host: " << (LPWSTR)urlComp.lpszHostName << std::endl;

            HINTERNET hInternet = ::InternetOpen(_T("Test Certificate Info"), INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
            if (hInternet)
            {
                HINTERNET hConnect = ::InternetConnect( hInternet, urlComp.lpszHostName, INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, INTERNET_FLAG_SECURE, NULL);
                if (hConnect)
                {
                    // you could use HEAD,GET or POST here. HEAD will not return the body of the page so will be more efficient
                    HINTERNET hRequest = ::HttpOpenRequest(hConnect,_T("HEAD"), argv[1], NULL, NULL,
NULL, INTERNET_FLAG_SECURE, NULL); 
 
                    if (NULL != hRequest)
                    { 
                        // Send
                        BOOL fRet = ::HttpSendRequest( hRequest, _T(""), 0, NULL, 0);

                        if (fRet)
                        {
                            char certificateInfoStr[2048];
                            certificateInfoStr[0] = '\0';
                            DWORD certInfoLength = 2048;
                            if ( TRUE  == ::InternetQueryOption( hRequest, INTERNET_OPTION_SECURITY_CERTIFICATE, &certificateInfoStr, &certInfoLength) )
                            {
                                if ( certificateInfoStr )
                                {
                                    std::cout << (char *) certificateInfoStr << std::endl;
                                }
                            } 
                            else
                            {
                                // process error here
                                DWORD error = GetLastError(); 
                            }

                            INTERNET_CERTIFICATE_INFO certificateInfo;
                            certInfoLength = sizeof(INTERNET_CERTIFICATE_INFO);
                            if ( TRUE == InternetQueryOption( hRequest,
                                                                              INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT,
                                                                              &certificateInfo,
                                                                              &certInfoLength) )
                            { 
                                // free up memory with LocalFree()

                                if ( certificateInfo.lpszEncryptionAlgName )
                                {
                                    std::cout << (char *) certificateInfo.lpszEncryptionAlgName << std::endl;
                                    LocalFree( certificateInfo.lpszEncryptionAlgName);
                                }

                                if ( certificateInfo.lpszIssuerInfo )
                                {
                                    std::cout << (char *) certificateInfo.lpszIssuerInfo << std::endl;
                                    LocalFree( certificateInfo.lpszIssuerInfo );
                                }

                                if ( certificateInfo.lpszProtocolName )
                                {
                                    std::cout << (char *) certificateInfo.lpszProtocolName << std::endl;
                                    LocalFree( certificateInfo.lpszProtocolName );
                                }

                                if ( certificateInfo.lpszSignatureAlgName )
                                {
                                    std::cout << (char *) certificateInfo.lpszSignatureAlgName << std::endl;
                                    LocalFree( certificateInfo.lpszSignatureAlgName );
                                }

                                if ( certificateInfo.lpszSubjectInfo )
                                {
                                    std::cout << (char *) certificateInfo.lpszSubjectInfo << std::endl;
                                    LocalFree( certificateInfo.lpszSubjectInfo );
                                }

                            } 
                            else 
                            { 
                                    // process error
                                    DWORD error = GetLastError(); 
                            } 
                        }

                        ::InternetCloseHandle(hRequest);
                    }
                    else 
                    {
                        std::cout << "HttpOpenRequest failed" << std::endl;
                    }

                    ::InternetCloseHandle(hConnect);

                }
                else
                {
                    std::cout << "InternetConnect failed" << std::endl;
                }
                ::InternetCloseHandle(hInternet);
            }
            else
            {
                 std::cout << "InternetOpen failed" << std::endl;
            }
        }
    }
  }

return 0;
}

Please Drop me a comment if you found this useful!
Published Friday, April 17, 2009 10:10 AM by jpsanders
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Lakshman Prabhu said:

Useful post! Thanks.

The dwStructSize of URL_COMPONENTS struct needs to be set to prevent InternetCrackUrl failing with error 87.

May 8, 2009 9:10 PM
 

jpsanders said:

You are correct.  I fixed the sample!

May 14, 2009 9:27 AM
 

Vino said:

Thanks for the post. I am more concerned with the flags INTERNET_OPTION_SECURITY_CERTIFICATE*.

This is my scenario. I have a SSL server which has client authentication enabled. There are multiple CA's present on the server. On the client side I have a smart card which has 3 certificates certA, certB and certC. Of these certificates, certA alone is the one which has the corresponding CA on the server side. I have made certB as the default certificate which means when the server requests a certificate, it is certB which gets picked up and send to the server.

What I wish to do is to read the list of CA's from the server and pick a client cert whose CA is present. Is there any way I can get this information from the server. The other thing to note is that the CA of the server certificate and CA of the client certificate need not be the same.

Here are the set of API's I use to retrieve the certificate from the smart card

CryptAcquireContext

CryptGetProvParam

CryptGetUserKey

CryptGetKeyParam and

CertCreateCertificateContext

Thanks,

Vino

June 26, 2009 6:16 AM

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required
Submit

This Blog

Syndication

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker