📄 cview.vbs
字号:
'******************************************************************************
'
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' Copyright (C) 1999- 2002. Microsoft Corporation. All rights reserved.
'
'******************************************************************************
'
' CView.vbs
'
' This is a sample script to illustrate how to use features introduced in
' CAPICOM v2.0 to display certificate, optionally including the chain, from a
' CER or PFX file.
'
' Note: For simplicity, this script does not handle exception.
'
'******************************************************************************
Option Explicit
' Chain check flag.
Const CAPICOM_CHECK_NONE = &H00000000
Const CAPICOM_CHECK_TRUSTED_ROOT = &H00000001
Const CAPICOM_CHECK_TIME_VALIDITY = &H00000002
Const CAPICOM_CHECK_SIGNATURE_VALIDITY = &H00000004
Const CAPICOM_CHECK_ONLINE_REVOCATION_STATUS = &H00000008
Const CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS = &H00000010
Const CAPICOM_CHECK_COMPLETE_CHAIN = &H00000020
Const CAPICOM_CHECK_NAME_CONSTRAINTS = &H00000040
Const CAPICOM_CHECK_BASIC_CONSTRAINTS = &H00000080
Const CAPICOM_CHECK_NESTED_VALIDITY_PERIOD = &H00000100
Const CAPICOM_CHECK_ONLINE_ALL = &H000001EF
Const CAPICOM_CHECK_OFFLINE_ALL = &H000001F7
' Chain status codes.
Const CAPICOM_TRUST_IS_NOT_TIME_VALID = &H00000001
Const CAPICOM_TRUST_IS_NOT_TIME_NESTED = &H00000002
Const CAPICOM_TRUST_IS_REVOKED = &H00000004
Const CAPICOM_TRUST_IS_NOT_SIGNATURE_VALID = &H00000008
Const CAPICOM_TRUST_IS_NOT_VALID_FOR_USAGE = &H00000010
Const CAPICOM_TRUST_IS_UNTRUSTED_ROOT = &H00000020
Const CAPICOM_TRUST_REVOCATION_STATUS_UNKNOWN = &H00000040
Const CAPICOM_TRUST_IS_CYCLIC = &H00000080
Const CAPICOM_TRUST_INVALID_EXTENSION = &H00000100
Const CAPICOM_TRUST_INVALID_POLICY_CONSTRAINTS = &H00000200
Const CAPICOM_TRUST_INVALID_BASIC_CONSTRAINTS = &H00000400
Const CAPICOM_TRUST_INVALID_NAME_CONSTRAINTS = &H00000800
Const CAPICOM_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT = &H00001000
Const CAPICOM_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT = &H00002000
Const CAPICOM_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT = &H00004000
Const CAPICOM_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT = &H00008000
Const CAPICOM_TRUST_IS_OFFLINE_REVOCATION = &H01000000
Const CAPICOM_TRUST_NO_ISSUANCE_CHAIN_POLICY = &H02000000
Const CAPICOM_TRUST_IS_PARTIAL_CHAIN = &H00010000
Const CAPICOM_TRUST_CTL_IS_NOT_TIME_VALID = &H00020000
Const CAPICOM_TRUST_CTL_IS_NOT_SIGNATURE_VALID = &H00040000
Const CAPICOM_TRUST_CTL_IS_NOT_VALID_FOR_USAGE = &H00080000
Const KNOWN_TRUST_STATUS_MASK = &H030FFFFF
' Command line arguments
Dim CertFile : CertFile = NULL
Dim VerificationTime : VerificationTime = NULL
Dim UrlRetrievalTimeout : UrlRetrievalTimeout = NULL
Dim Password : Password = ""
Dim CheckFlag : CheckFlag = NULL
Dim CompleteChain : CompleteChain = FALSE
Dim Verbose : Verbose = FALSE
Dim ExtendedHelp : ExtendedHelp = False
' Chain policies (can be multiples).
Dim Usages()
Dim Policies()
' First make sure the script is executed by CScript.exe.
If InStr(1, UCase(Wscript.FullName), "CSCRIPT.EXE", vbTextCompare) = 0 Then
Wscript.Echo "This script can only be executed by CScript.exe." & vbCRLF & vbCRLF &_
"You can either:" & vbCRLF & vbCRLF & _
"1. Set CScript.exe as the default (Run CScript //h:cscript), or" & vbCRLF & _
"2. Run CScript.exe directly as in, CScript " & Wscript.ScriptName & "."
Wscript.Quit(-1)
End If
' Parse the command line.
ParseCommandLine
' Load the certificate.
Dim Certificate
Set Certificate = CreateObject("CAPICOM.Certificate")
Certificate.Load CertFile, Password
' Create the chain object.
Dim Chain
Set Chain = CreateObject("CAPICOM.Chain")
' Set check flag.
If Not IsNull(CheckFlag) Then
Certificate.IsValid.CheckFlag = CheckFlag
End If
' Set chain building application usages as necesary.
Dim OID
Dim strOid
Dim Index
If IsReDimed(Usages) Then
For Index = LBound(Usages) To UBound(Usages)
Set OID = CreateObject("CAPICOM.OID")
' See if this is a dotted OID.
If InStr(Usages(Index), ".") Then
' It is a dotted OID.
'
' Note: For known OIDs, this will also reset
' OID.Name and OID.FriendlyName.
OID.Value = Usages(Index)
Else
' Note: For known OIDs, this will also reset
' OID.Name and OID.Value.
OID.FriendlyName = Usages(Index)
End If
' Make sure the OID.Value is indeed available, otherwise ignore it.
If Len(OID.Value) > 0 Then
Certificate.IsValid.ApplicationPolicies.Add OID
End If
Set OID = Nothing
Next
End If
' Set chain building certificate policies as necessary.
If IsReDimed(Policies) Then
For Index = LBound(Policies) To UBound(Policies)
Set OID = CreateObject("CAPICOM.OID")
' See if this is a dotted OID.
If InStr(Policies(Index), ".") Then
' It is a dotted OID.
'
' Note: For known OIDs, this will also reset
' OID.Name and OID.FriendlyName.
OID.Value = Policies(Index)
Else
' Note: For known OIDs, this will also reset
' OID.Name and OID.Value.
OID.FriendlyName = Policies(Index)
End If
' Make sure the OID.Value is indeed available, otherwise ignore it.
If Len(OID.Value) > 0 Then
Certificate.IsValid.CertificatePolicies.Add OID
End If
Set OID = Nothing
Next
End If
' Set verification time as necessary.
If Not IsNull(VerificationTime) Then
Certificate.IsValid.VerificationTime = VerificationTime
End If
' Set CRL retrieval timeout value as necessary.
If Not IsNull(UrlRetrievalTimeout) Then
Certificate.IsValid.UrlRetrievalTimeout = UrlRetrievalTimeout
End If
' Build the chain.
If Chain.Build(Certificate) Then
Wscript.Stdout.Writeline
Wscript.Stdout.Writeline "The overall chain status is valid."
Else
Wscript.Stdout.Writeline
Wscript.Stdout.Writeline "The overall chain status is not valid."
Wscript.Stdout.Writeline "Overall chain status code = 0x" & Hex(Chain.Status) & " (" & GetStatusString(Chain.Status) & ")"
Wscript.Stdout.Writeline "Extended error information = " & Chain.ExtendedErrorInfo
End If
Wscript.Stdout.Writeline
' Display the entire chain, if requested.
If Not IsNull(CheckFlag) Then
Dim cIndex
For cIndex = 1 to Chain.Certificates.Count
' Display the current certificate.
DisplayCertificate Chain, cIndex
' Note: When we load a PFX file, a key container is always created for any
' certificate with private key associated. So we must manually delete
' the container to ensure the private key will not remain on the
' system and become "orphaned".
'
' Delete the key if available.
If cIndex = 1 AND Certificate.HasPrivateKey Then
Certificate.PrivateKey.Delete
End If
Next
Else
' Display only the end certificate.
DisplayCertificate Chain, 1
' Note: When we load a PFX file, a key container is always created for any
' certificate with private key associated. So we must manually delete
' the container to ensure the private key will not remain on the
' system and become "orphaned".
'
' Delete the key if available.
If Certificate.HasPrivateKey Then
Certificate.PrivateKey.Delete
End If
End If
' Release resources.
Set Chain = Nothing
Set Certificate = Nothing
' We are all done.
Wscript.Quit(0)
' End Main
'******************************************************************************
'
' Function: GetStatusString
'
' Synopsis : Return status string(s) of the specified status code.
'
' Parameter : Status - Status code.
'
'******************************************************************************
Function GetStatusString (Status)
Dim StatusCodes(21)
Dim ErrorStrings(21)
StatusCodes(0) = CAPICOM_TRUST_IS_NOT_TIME_VALID
StatusCodes(1) = CAPICOM_TRUST_IS_NOT_TIME_NESTED
StatusCodes(2) = CAPICOM_TRUST_IS_REVOKED
StatusCodes(3) = CAPICOM_TRUST_IS_NOT_SIGNATURE_VALID
StatusCodes(4) = CAPICOM_TRUST_IS_NOT_VALID_FOR_USAGE
StatusCodes(5) = CAPICOM_TRUST_IS_UNTRUSTED_ROOT
StatusCodes(6) = CAPICOM_TRUST_REVOCATION_STATUS_UNKNOWN
StatusCodes(7) = CAPICOM_TRUST_IS_CYCLIC
StatusCodes(8) = CAPICOM_TRUST_INVALID_EXTENSION
StatusCodes(9) = CAPICOM_TRUST_INVALID_POLICY_CONSTRAINTS
StatusCodes(10) = CAPICOM_TRUST_INVALID_BASIC_CONSTRAINTS
StatusCodes(11) = CAPICOM_TRUST_INVALID_NAME_CONSTRAINTS
StatusCodes(12) = CAPICOM_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
StatusCodes(13) = CAPICOM_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT
StatusCodes(14) = CAPICOM_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
StatusCodes(15) = CAPICOM_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
StatusCodes(16) = CAPICOM_TRUST_IS_OFFLINE_REVOCATION
StatusCodes(17) = CAPICOM_TRUST_NO_ISSUANCE_CHAIN_POLICY
StatusCodes(18) = CAPICOM_TRUST_IS_PARTIAL_CHAIN
StatusCodes(19) = CAPICOM_TRUST_CTL_IS_NOT_TIME_VALID
StatusCodes(20) = CAPICOM_TRUST_CTL_IS_NOT_SIGNATURE_VALID
StatusCodes(21) = CAPICOM_TRUST_CTL_IS_NOT_VALID_FOR_USAGE
ErrorStrings(0) = "Invalid time"
ErrorStrings(1) = "Time not nested"
ErrorStrings(2) = "Revoked"
ErrorStrings(3) = "Invalid signature"
ErrorStrings(4) = "Invalid usage"
ErrorStrings(5) = "Untrusted root"
ErrorStrings(6) = "Unknown revocation"
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -