📄 fgccryptoapi.cpp
字号:
/*
* Date : 2004-09-13
* Author : Junhui Yang
* Filename : FGCCryptoAPI.cpp
* Description : FGCCryptoAPI is a code of CA from microsofe crypto API
*/
#include "stdafx.h"
#include "FGCCryptoAPI.h"
#include "FGString.h"
#include <wincrypt.h>
extern "C" {
#include "mymd5.h"
}
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
#define CERT_STORE_NAME L"MY"
#define ISSUER_NAME L"FGC_CA2"
CHAR szProvider1[260] = { MS_DEF_PROV };
CHAR szProvider2[260] = { MS_ENHANCED_PROV };
CHAR szProvider3[260] = { MS_STRONG_PROV };
static char alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
static char codes[256];
FGCCryptoAPI::FGCCryptoAPI()
{
inicode ();
}
FGCCryptoAPI::~FGCCryptoAPI()
{
}
BOOL FGCCryptoAPI::CreatePKS10 (FGString sub, FGString& pks10str, BOOL isM)
{
DWORD cbNameEncoded;
BYTE* pbNameEncoded;
CERT_NAME_BLOB SubjNameBlob;
CERT_REQUEST_INFO CertReqInfo;
HCRYPTPROV hCryptProv;
HCRYPTKEY hPubKey = 0;
DWORD cbPublicKeyInfo;
CERT_PUBLIC_KEY_INFO* pbPublicKeyInfo;
CRYPT_OBJID_BLOB Parameters;
CRYPT_ALGORITHM_IDENTIFIER SigAlg;
DWORD cbEncodedCertReqSize;
BYTE* pbSignedEncodedCertReq;
if (!CertStrToName(MY_ENCODING_TYPE, sub.String(), CERT_X500_NAME_STR, NULL, NULL, &cbNameEncoded, NULL)) {
ShowError (1);
return FALSE;
}
if(!(pbNameEncoded = (BYTE*)malloc(cbNameEncoded))) {
ShowError (2);
return FALSE;
}
if (!CertStrToName(MY_ENCODING_TYPE, sub.String(), CERT_X500_NAME_STR, NULL, pbNameEncoded, &cbNameEncoded, NULL)) {
ShowError (3);
free(pbNameEncoded);
return FALSE;
}
SubjNameBlob.cbData = cbNameEncoded;
SubjNameBlob.pbData = pbNameEncoded;
CertReqInfo.Subject = SubjNameBlob;
CertReqInfo.cAttribute = 0;
CertReqInfo.rgAttribute = NULL;
CertReqInfo.dwVersion = CERT_REQUEST_V1;
FGString tstr = GetNameFormSubject (sub);
tstr = "FGC_CA_" + tstr;
if (isM) {
tstr = tstr + "M";
} else {
tstr = tstr + "T";
}
CHAR SCPname[260];
if (!GetCSPName(SCPname)) {
free(pbNameEncoded);
return FALSE;
}
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(), // Use the current user's logon name.
SCPname, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (33);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(), //szContainer, // Use the current user's logon name.
SCPname, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
CRYPT_NEWKEYSET))
{
ShowError (4);
free(pbNameEncoded);
return FALSE;
}
}
/*
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(), // Use the current user's logon name.
szProvider3, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (33);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(),//szContainer, // Use the current user's logon name.
szProvider3, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
CRYPT_NEWKEYSET))
{
ShowError (4);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(), // Use the current user's logon name.
szProvider2, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (34);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(),//szContainer, // Use the current user's logon name.
szProvider2, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
CRYPT_NEWKEYSET))
{
ShowError (35);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(), // Use the current user's logon name.
szProvider1, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (36);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
tstr.String(),//szContainer, // Use the current user's logon name.
szProvider1, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
CRYPT_NEWKEYSET))
{
ShowError (37);
free(pbNameEncoded);
return FALSE;
}
}
}
}
}
}*/
// Generate Private/Public key pair
if (!CryptGenKey (hCryptProv, AT_SIGNATURE, CRYPT_EXPORTABLE, &hPubKey)) {
free(pbNameEncoded);
ShowError (5);
return FALSE;
}
if (!CryptGenKey(hCryptProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hPubKey))
{
free(pbNameEncoded);
ShowError (6);
return FALSE;
}
if (!CryptExportPublicKeyInfo(
hCryptProv, // Provider handle
AT_SIGNATURE, // Key spec
MY_ENCODING_TYPE, // Encoding type
NULL, // pbPublicKeyInfo
&cbPublicKeyInfo)) // Size of PublicKeyInfo
{
free(pbNameEncoded);
ShowError (7);
return FALSE;
}
if (!(pbPublicKeyInfo = (CERT_PUBLIC_KEY_INFO*)malloc(cbPublicKeyInfo)))
{
free(pbNameEncoded);
ShowError (8);
return FALSE;
}
if (!CryptExportPublicKeyInfo(
hCryptProv, // Provider handle
AT_SIGNATURE, // Key spec
MY_ENCODING_TYPE, // Encoding type
pbPublicKeyInfo, // pbPublicKeyInfo
&cbPublicKeyInfo)) // Size of PublicKeyInfo
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
ShowError (9);
return FALSE;
}
CertReqInfo.SubjectPublicKeyInfo = *pbPublicKeyInfo;
memset (&Parameters, 0, sizeof(Parameters));
SigAlg.pszObjId = szOID_OIWSEC_sha1RSASign;
SigAlg.Parameters = Parameters;
if (!CryptSignAndEncodeCertificate(
hCryptProv, // Crypto provider
AT_KEYEXCHANGE, // Key spec
MY_ENCODING_TYPE, // Encoding type
X509_CERT_REQUEST_TO_BE_SIGNED, // Structure type
&CertReqInfo, // Structure information
&SigAlg, // Signature algorithm
NULL, // Not used
NULL, // pbSignedEncodedCertReq
&cbEncodedCertReqSize))
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
ShowError (10);
return FALSE;
}
if (!(pbSignedEncodedCertReq = (BYTE*)malloc(cbEncodedCertReqSize)))
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
ShowError (11);
return FALSE;
}
if (!CryptSignAndEncodeCertificate(
hCryptProv, // Crypto provider
AT_KEYEXCHANGE, // Key spec
MY_ENCODING_TYPE, // Encoding type
X509_CERT_REQUEST_TO_BE_SIGNED, // Struct type
&CertReqInfo, // Struct info
&SigAlg, // Signature algorithm
NULL, // Not used
pbSignedEncodedCertReq, // Pointer
&cbEncodedCertReqSize))
{
free(pbNameEncoded);
free(pbPublicKeyInfo);
free(pbSignedEncodedCertReq);
ShowError (12);
return FALSE;
}
pks10str = Base64Encode (pbSignedEncodedCertReq, cbEncodedCertReqSize);
free (pbNameEncoded);
free (pbPublicKeyInfo);
free (pbSignedEncodedCertReq);
CryptReleaseContext (hCryptProv,0);
return TRUE;
}
BOOL FGCCryptoAPI::DelAccountInStore (FGString acc, BOOL isM)
{
HCERTSTORE hStoreHandle;
if (!( hStoreHandle = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
MY_ENCODING_TYPE,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
CERT_STORE_NAME)))
{
ShowError (13);
return FALSE;
}
PCCERT_CONTEXT pSignerCert = NULL;
FGString orgstr = "M";
if (!isM) {
orgstr = "T";
}
while (pSignerCert = CertFindCertificateInStore(
hStoreHandle,
MY_ENCODING_TYPE,
0,
CERT_FIND_ISSUER_STR,
ISSUER_NAME,
pSignerCert))
{
FGString substr = DecodeName (&pSignerCert->pCertInfo->Subject);
FGString subname = GetNameFormSubject (substr);
FGString orgname = GetOrgFormSubject (substr);
if (subname==acc && orgname==orgstr) {
if (!CertDeleteCertificateFromStore (pSignerCert)) {
CertFreeCertificateContext (pSignerCert);
CertCloseStore (hStoreHandle, 0);
ShowError (14);
return FALSE;
}
CertFreeCertificateContext (pSignerCert);
CertCloseStore (hStoreHandle, 0);
return TRUE;
}
}
if (pSignerCert) {
CertFreeCertificateContext (pSignerCert);
}
CertCloseStore (hStoreHandle, 0);
return FALSE;
}
BOOL FGCCryptoAPI::SetupCert (FGString PKS7)
{
HCERTSTORE hStoreHandle; // PKCS#7的证书库
HCERTSTORE hStoreHandle2; // 系统的证书库
PCCERT_CONTEXT certcontext; // PKCS#7证书库里面的证书context
PCCERT_CONTEXT certcontext2; // 系统的证书库里面的证书context
BYTE* certencode = NULL;//(BYTE*)PKS7.String();
DWORD certlen = 0;
Base64Decode ((BYTE*)PKS7.String(), PKS7.Len(), &certencode, certlen);
CRYPT_DATA_BLOB datablob;
ZeroMemory(&datablob, sizeof(datablob));
datablob.pbData = certencode;
datablob.cbData = certlen;
if (!( hStoreHandle = CertOpenStore(
CERT_STORE_PROV_PKCS7,
MY_ENCODING_TYPE,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
&datablob)))
{
if (certencode) {
delete[] certencode;
}
ShowError (15);
return FALSE;
}
certcontext = CertEnumCertificatesInStore (hStoreHandle, NULL);
if (!certcontext) {
if (certencode) {
delete[] certencode;
}
CertCloseStore (hStoreHandle, 0);
ShowError (16);
return FALSE;
}
FGString sub = DecodeName (&certcontext->pCertInfo->Subject);
FGString tstr = GetNameFormSubject(sub);
FGString ostr = GetOrgFormSubject (sub);
tstr = "FGC_CA_" + tstr;
tstr = tstr + ostr;
if (!( hStoreHandle2 = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
MY_ENCODING_TYPE,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
CERT_STORE_NAME)))
{
if (certencode) {
delete[] certencode;
}
ShowError (17);
CertFreeCertificateContext (certcontext);
CertCloseStore (hStoreHandle, 0);
return FALSE;
}
if (!CertAddCertificateContextToStore(
hStoreHandle2,
certcontext,
CERT_STORE_ADD_USE_EXISTING,
&certcontext2))
{
if (certencode) {
delete[] certencode;
}
CertFreeCertificateContext (certcontext);
CertCloseStore (hStoreHandle, 0);
CertCloseStore (hStoreHandle2, 0);
ShowError (18);
return FALSE;
}
CRYPT_KEY_PROV_INFO key_info;
ZeroMemory(&key_info, sizeof(key_info));
//key_info.pwszContainerName = W_CONTAINER_NAME_M;
WCHAR szwProvider[260];
CHAR SCPname[260];
if (!GetCSPName(SCPname)) {
if (certencode) {
delete[] certencode;
}
CertFreeCertificateContext (certcontext);
CertFreeCertificateContext (certcontext2);
CertCloseStore (hStoreHandle, 0);
CertCloseStore (hStoreHandle2, 0);
return FALSE;
}
WCHAR szwContainer[160];
int i = (int)mbstowcs(szwContainer, tstr.String(), (size_t)(tstr.Len()+1));
if (i == 0)
{
if (certencode) {
delete[] certencode;
}
CertFreeCertificateContext (certcontext);
CertFreeCertificateContext (certcontext2);
CertCloseStore (hStoreHandle, 0);
CertCloseStore (hStoreHandle2, 0);
ShowError (19);
return FALSE;
}
i = MultiByteToWideChar(0, 0, SCPname, -1, szwProvider, 260);
if (i==0)
{
if (certencode) {
delete[] certencode;
}
CertFreeCertificateContext (certcontext);
CertFreeCertificateContext (certcontext2);
CertCloseStore (hStoreHandle, 0);
CertCloseStore (hStoreHandle2, 0);
ShowError (20);
return FALSE;
}
key_info.pwszContainerName = szwContainer;
key_info.pwszProvName = szwProvider;
key_info.dwProvType = PROV_RSA_FULL;
key_info.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
key_info.dwKeySpec = AT_SIGNATURE;
/*
PCCERT_CONTEXT certcontext2 = CertEnumCertificatesInStore (hStoreHandle2, NULL);
if (!certcontext2) {
if (certencode) {
delete[] certencode;
}
return FALSE;
}*/
if (!CertSetCertificateContextProperty (certcontext2,
CERT_KEY_PROV_INFO_PROP_ID,
0,
(LPVOID)&key_info))
{
if (certencode) {
delete[] certencode;
}
CertFreeCertificateContext (certcontext);
CertFreeCertificateContext (certcontext2);
CertCloseStore (hStoreHandle, 0);
CertCloseStore (hStoreHandle2, 0);
ShowError (21);
return FALSE;
}
CertFreeCertificateContext (certcontext);
CertFreeCertificateContext (certcontext2);
CertCloseStore (hStoreHandle, 0);
CertCloseStore (hStoreHandle2, 0);
if (certencode) {
delete[] certencode;
}
return TRUE;
}
BOOL FGCCryptoAPI::SignData (FGString acc, FGString ram, FGString& signeddata, BOOL isM)
{
HCRYPTPROV hCryptProv;
acc = "FGC_CA_" + acc;
if (isM) {
acc = acc + "M";
} else {
acc = acc + "T";
}
CHAR SCPname[260];
if (!GetCSPName(SCPname)) {
return FALSE;
}
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
acc.String(), // Use the current user's logon name.
SCPname, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (22);
return FALSE;
}
/*
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
acc.String(), // Use the current user's logon name.
szProvider3, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (22);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
acc.String(), // Use the current user's logon name.
szProvider2, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (38);
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
acc.String(), // Use the current user's logon name.
szProvider1, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
ShowError (39);
return FALSE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -