|
|
 |
|
Most recent blog entries
|
|
|
Oct
18
Written by:
Mad Druid
Thursday, October 18, 2007
Those of you working with Microsoft Certification Authority in a .NET environment probably noticed that during the use of a specific Win32 dll in .NET an anomalous situation arises.
Prologue
CertAdm.dll library expose, among other ca administrative methods, the RevokeCertificate method of the ICertAdmin2 interface. Those method, as explained in documentation, accept the LONG Reason input parameter (We could argue why a LONG, given that allowed values are 0..6).
However, from the documentation we can read that in case of certificates revoked with CRL_REASON_CERTIFICATE_HOLD reason (Reason=6) it is possible to invoke again RevokeCertificate method to do a certificate resume using MAXDWORD (0xffffffff as defined in Winnt.h) as Reason value. After it is reinstated, the certificate will not appear in future CRLs.
The anomaly
When importing CertAdm.dll in your .NET project, Visual Studio provide to create the wrapper Interop.CERTADMINLib.dll. With this wrapper you can create a CCertAdmin object that expose:
objAdmin.RevokeCertificate(string Config, string SN, int Reason, DateTime Date);
Note that Reason is now an int, no more a LONG.
int Reason = 0xffffffff;
rises the following error:
Cannot implicitly convert type 'uint' to 'int'
So, how to assign a uint value to an int?
The solution ?
Another try could be this one:
int Reason = (int)0xffffffff;
but it rises the following error:
Constant value '4294967295' cannot be converted to a 'int' (use 'unchecked' syntax to override)
In fact, giving a look at some articles around the internet, comes out that one method to do the trick could be the use of unchecked keyword:
"Conversions between numeric types, where the value to be converted overflows the destination type, can also be checked/unchecked."
So this seems to be the solution:
int Reason = unchecked((int)0xffffffff);
Egg of Columbus
The problem is indeed simpler than how it seems.
In fact, it's enough to remember that int type is a representation of signed integers in two's complement. And which is the representation of 0xffffffff in two's complement?
ffffffff (exadecimal)
00000000 (One's complement)
+ 1
----------
00000001 (Two's complement)
^
sign -
0xffffffff equivals to -1 in decimal when we are representing a 4 byte signed integer value.
So, the smartest solutions is:
int Reason = -1;
Tags:
|
|
|
|
|
|
Sponsors
|
|
|
|
|
|
|