fgccryptoapi.cpp

可用于生成证书请求、安装和验证数字证书的activex控件

		}
	}*/

	HCRYPTKEY hPubKey;
	if (!CryptGetUserKey (hCryptProv,AT_SIGNATURE, &hPubKey)) 
	{
		CryptReleaseContext (hCryptProv,0);
		ShowError (23);
		return FALSE;
	}

    // Create Hash
	HCRYPTHASH hHash = NULL;
    if (!CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash))
	{
		CryptReleaseContext (hCryptProv,0);
		ShowError (24);
		return FALSE;
	}

    if (!CryptHashData(hHash, (BYTE*)ram.String(), ram.Len(), 0)) 
	{
		CryptDestroyHash (hHash);
		CryptReleaseContext (hCryptProv,0);
		ShowError (25);
		return FALSE;
	}

     // Get Signature size
	DWORD dwSignature;
	LPBYTE pbSignature = NULL;
	if (!CryptSignHash(hHash, AT_SIGNATURE, NULL, 0, NULL, &dwSignature))
	{
		CryptDestroyHash (hHash);
		CryptReleaseContext (hCryptProv,0);
		ShowError (26);
		return FALSE;
	}

	// Allocate signature bytes
	pbSignature = (LPBYTE)malloc(dwSignature);
	if (!pbSignature)
	{
		CryptDestroyHash (hHash);
		CryptReleaseContext (hCryptProv,0);
		ShowError (27);
		return FALSE;
	}

	// Sign and get back signature
	if (!CryptSignHash(hHash, AT_SIGNATURE, NULL, 0, pbSignature, &dwSignature))
	{
		free(pbSignature);
		CryptDestroyHash (hHash);
		CryptReleaseContext (hCryptProv,0);
		ShowError (28);
		return FALSE;
	}

	signeddata = Base64Encode (pbSignature, dwSignature);

	free(pbSignature);
	CryptDestroyHash (hHash);
	CryptReleaseContext (hCryptProv,0);

	return TRUE;
}

void FGCCryptoAPI::inicode () {
	int i = 0;
    for (i=0; i<256; i++) codes[i] = -1;
    for (i = 'A'; i <= 'Z'; i++) codes[i] = i - 'A';
    for (i = 'a'; i <= 'z'; i++) codes[i] = 26 + i - 'a';
    for (i = '0'; i <= '9'; i++) codes[i] = 52 + i - '0';
    codes['+'] = 62;
    codes['/'] = 63; 
}

BOOL FGCCryptoAPI::Base64Decode(BYTE* src, DWORD slen, BYTE** dec, DWORD& dlen)
{
	inicode ();

    DWORD tempLen = slen;
    for( DWORD ix=0; ix<slen; ix++ ) {
        int value = codes[ src[ix] & 0xFF ];
        if( (value < 0) && (src[ix] != 61) ) {
            --tempLen;
        }
    }

    dlen = ((tempLen + 3) / 4) * 3;
    if( tempLen>0 && src[tempLen-1] == '=') --dlen;
    if( tempLen>1 && src[tempLen-2] == '=') --dlen;

	*dec = new BYTE[dlen];

    DWORD shift = 0;
    DWORD accum = 0;
    DWORD index = 0;

    for (ix=0; ix<slen; ix++) {
        int value = codes[ src[ix] & 0xFF ];
        if ( value >= 0 ) {
            accum <<= 6;
            shift += 6;
            accum |= value;
            if ( shift >= 8 ) {
              shift -= 8;
              (*dec)[index++] =(BYTE) ((accum >> shift) & 0xff);
            }
        }
    }
    if( index != dlen) {
        FALSE;
    }
    return TRUE;
}

FGString FGCCryptoAPI::Base64Encode(BYTE* src, DWORD slen) 
{
	inicode ();

	FGString out = "";
	DWORD dlen = ((slen + 2) / 3) * 4;
    BYTE* dec = new BYTE[dlen+1];
    //
    // 3 bytes encode to 4 chars.  Output is always an even
    // multiple of 4 characters.
    //
	DWORD i = 0;
	DWORD index = 0;
    for (i=0, index=0; i<slen; i+=3, index+=4) {
        BOOL quad = FALSE;
        BOOL trip = FALSE;

        DWORD val = (0xFF & (DWORD) src[i]);
        val <<= 8;
        if ((i+1) < slen) {
            val |= (0xFF & (DWORD) src[i+1]);
            trip = TRUE;
        }
        val <<= 8;
        if ((i+2) < slen) {
            val |= (0xFF & (DWORD) src[i+2]);
            quad = TRUE;
        }
        dec[index+3] = alphabet[(quad? (val & 0x3F): 64)];
        val >>= 6; 
        dec[index+2] = alphabet[(trip? (val & 0x3F): 64)];
        val >>= 6;
        dec[index+1] = alphabet[val & 0x3F];
        val >>= 6;
        dec[index+0] = alphabet[val & 0x3F];
    }

	dec[dlen] = 0;
	out = (char*)dec;

    return out;
}

FGString FGCCryptoAPI::GetNameFormSubject (FGString sub)
{
	int index = sub.Find ("CN=");
	FGString tstr = sub;
	if (index!=-1) {
		tstr = tstr.GetSubStr (index+3, tstr.Len()-1);
		index = tstr.Find (",");
		if (index!=-1) {
			tstr = tstr.GetSubStr (0, index-1);
		}
	}
	return tstr;
}

FGString FGCCryptoAPI::GetOrgFormSubject (FGString sub)
{
	int index = sub.Find ("O=");
	FGString tstr = sub;
	if (index!=-1) {
		tstr = tstr.GetSubStr (index+2, tstr.Len()-1);
		index = tstr.Find (",");
		if (index!=-1) {
			tstr = tstr.GetSubStr (0, index-1);
		}
	}
	return tstr;
}

BOOL FGCCryptoAPI::isHere (FGString account, BOOL isM)
{
	HCERTSTORE hStoreHandle;

	if (!( hStoreHandle = CertOpenStore(
		CERT_STORE_PROV_SYSTEM,
		MY_ENCODING_TYPE,
		NULL,
		CERT_SYSTEM_STORE_CURRENT_USER,
		CERT_STORE_NAME)))
	{
		ShowError (29);
		return FALSE;
	}

	PCCERT_CONTEXT pSignerCert = NULL;
	FGString orgstr = "M";
	if (!isM) {
		orgstr = "T";
	}

	while (pSignerCert = CertFindCertificateInStore(
						   hStoreHandle,
						   MY_ENCODING_TYPE,
						   0,
						   CERT_FIND_ISSUER_STR,
						   ISSUER_NAME,
						   pSignerCert))
	{
		FGString substr = DecodeName (&pSignerCert->pCertInfo->Subject);
		FGString subname = GetNameFormSubject (substr);
		FGString orgname = GetOrgFormSubject (substr);
		if (subname==account && orgname==orgstr) {
			CertFreeCertificateContext(pSignerCert);
			CertCloseStore (hStoreHandle, 0);
			return TRUE;
		}
	}

	if (pSignerCert) {
		CertFreeCertificateContext(pSignerCert);
	}

	CertCloseStore (hStoreHandle, 0);
	ShowError (30);
	return FALSE;
}

FGString FGCCryptoAPI::DecodeName (CERT_NAME_BLOB* name)
{
	FGString restr = "";
	DWORD dwSize = CertNameToStr (MY_ENCODING_TYPE, 
								name,
								CERT_X500_NAME_STR,
								NULL,
								0);
	if(dwSize<2) {
		return restr;
	}

	char* SubjectName = new char[dwSize];

	dwSize = CertNameToStr (MY_ENCODING_TYPE, 
							name,
							CERT_X500_NAME_STR,
							SubjectName,
							dwSize);

	if(dwSize<2) {
		if (SubjectName) {
			delete[] SubjectName;
		}
		return restr;
	}

	restr = SubjectName;
	if (SubjectName) {
		delete[] SubjectName;
	}

	return restr;
}
 
BOOL FGCCryptoAPI::EncodeMD5 (FGString ranstr, FGString psw, FGString& encodedstr)
{
	MD5_CTX_MY context;
	unsigned char digest[16];

	FGString srcstr = ranstr + psw;
	srcstr = srcstr + "FGCMD5ENCODE";

	myMD5Init (&context);
	myMD5Update (&context, (unsigned char*)srcstr.String(), srcstr.Len());
	myMD5Final (digest, &context);

	encodedstr = Base64Encode (digest, 16);

	return TRUE;
}

BOOL FGCCryptoAPI::EncodePSW (FGString Pkey, FGString psw, FGString& encodedstr)
{
	HCRYPTPROV	hCryptProv;
	BOOL		fResult = FALSE;

	CHAR SCPname[260];
	if (!GetCSPName(SCPname)) {
		return FALSE;
	}

	if (!CryptAcquireContext(
				&hCryptProv,        // Address for handle to be returned.
				"RootPubKey",      // Use the current user's logon name.
				SCPname,         // Use the default provider.
				PROV_RSA_FULL,      // Need to both encrypt and sign.
				0)) 
	{
		if (!CryptAcquireContext(
			&hCryptProv,        // Address for handle to be returned.
			"RootPubKey",	//szContainer,               // Use the current user's logon name.
			SCPname,               // Use the default provider.
			PROV_RSA_FULL,      // Need to both encrypt and sign.
			CRYPT_NEWKEYSET)) 
		{
			return FALSE;
		}
	}
/*
	if (!CryptAcquireContext(
				&hCryptProv,        // Address for handle to be returned.
				"RootPubKey",      // Use the current user's logon name.
				szProvider3,         // Use the default provider.
				PROV_RSA_FULL,      // Need to both encrypt and sign.
				0)) 
	{
		if (!CryptAcquireContext(
			&hCryptProv,        // Address for handle to be returned.
			"RootPubKey",	//szContainer,               // Use the current user's logon name.
			szProvider3,               // Use the default provider.
			PROV_RSA_FULL,      // Need to both encrypt and sign.
			CRYPT_NEWKEYSET)) 
		{
			ShowError (31);
			if (!CryptAcquireContext(
						&hCryptProv,        // Address for handle to be returned.
						"RootPubKey",      // Use the current user's logon name.
						szProvider2,         // Use the default provider.
						PROV_RSA_FULL,      // Need to both encrypt and sign.
						0)) 
			{
				ShowError (39);
				if (!CryptAcquireContext(
					&hCryptProv,        // Address for handle to be returned.
					"RootPubKey",	//szContainer,               // Use the current user's logon name.
					szProvider2,               // Use the default provider.
					PROV_RSA_FULL,      // Need to both encrypt and sign.
					CRYPT_NEWKEYSET)) 
				{
					ShowError (40);
					if (!CryptAcquireContext(
								&hCryptProv,        // Address for handle to be returned.
								"RootPubKey",      // Use the current user's logon name.
								szProvider1,         // Use the default provider.
								PROV_RSA_FULL,      // Need to both encrypt and sign.
								0)) 
					{
						ShowError (41);
						if (!CryptAcquireContext(
							&hCryptProv,        // Address for handle to be returned.
							"RootPubKey",	//szContainer,               // Use the current user's logon name.
							szProvider1,               // Use the default provider.
							PROV_RSA_FULL,      // Need to both encrypt and sign.
							CRYPT_NEWKEYSET)) 
						{
							ShowError (41);
							return FALSE;
						}
					}
				}
			}
		}
	}*/


	BYTE* pswencode = NULL;//(BYTE*)PKS7.String();
	DWORD pswlen = 0;
	Base64Decode ((BYTE*)Pkey.String(), Pkey.Len(), &pswencode, pswlen);

	HCRYPTKEY hCLTKey = NULL;

	//IMPORT PUBLIC KEY
	if (!CryptImportKey(hCryptProv, pswencode, pswlen, 0, 0, &hCLTKey)) {
		ShowError (32);
		return FALSE;
	}

	//ENCRYPT PWD
	unsigned char pswbuf[1024];
	memcpy (pswbuf, psw.String(), 1024);
	DWORD dwPWDLen = psw.Len ();
	if (!CryptEncrypt(hCLTKey, 0, 1, 0, pswbuf, &dwPWDLen, 1024)) {
		ShowError (33);
		return FALSE;
	}

	encodedstr = Base64Encode (pswbuf, dwPWDLen);

	if (hCLTKey) {
		CryptDestroyKey (hCLTKey);
	}

	if (hCryptProv) {
		CryptReleaseContext(hCryptProv, 0);
	}

	return TRUE;
}

/*
BOOL FGCCryptoAPI::GetCertNumber (FGString account, FGString& certnum, BOOL isM)
{
	HCERTSTORE hStoreHandle;

	if (!( hStoreHandle = CertOpenStore(
		CERT_STORE_PROV_SYSTEM,
		MY_ENCODING_TYPE,
		NULL,
		CERT_SYSTEM_STORE_CURRENT_USER,
		CERT_STORE_NAME)))
	{
		return FALSE;
	}

	PCCERT_CONTEXT pSignerCert = NULL;
	FGString orgstr = "M";
	if (!isM) {
		orgstr = "T";
	}

	while (pSignerCert = CertFindCertificateInStore(
						   hStoreHandle,
						   MY_ENCODING_TYPE,
						   0,
						   CERT_FIND_ISSUER_STR,
						   ISSUER_NAME,
						   pSignerCert))
	{
		FGString substr = DecodeName (&pSignerCert->pCertInfo->Subject);
		FGString subname = GetNameFormSubject (substr);
		FGString orgname = GetOrgFormSubject (substr);
		if (subname==account && orgname==orgstr) {




			CertCloseStore (hStoreHandle, 0);
			return TRUE;
		}
	}

	CertCloseStore (hStoreHandle, 0);
	return FALSE;
}
*/

void FGCCryptoAPI::ShowError (int e)
{/*
	DWORD err = GetLastError();
	FGString errstr;
	
	char mes[1024];
	FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 0, err, LANG_SYSTEM_DEFAULT, mes, 1024, 0);

	errstr.Format ("%d(%d)<%s>", err, e, mes);
	::MessageBox (NULL, errstr.String(), "Error", MB_OK);
*/
}

BOOL FGCCryptoAPI::GetCSPName (CHAR pname[260])
{
	HCRYPTPROV	hCryptProv;

	if (!CryptAcquireContext(
				&hCryptProv,     
				"testRootPubKey20041022",  
				szProvider3,      
				PROV_RSA_FULL, 
				0)) 
	{
		ShowError (42);
		if (CryptAcquireContext(
			&hCryptProv,     
			"testRootPubKey20041022",
			szProvider3,    
			PROV_RSA_FULL,   
			CRYPT_NEWKEYSET)) 
		{
			memcpy (pname, szProvider3, sizeof(CHAR)*260);
			if (hCryptProv) {
				CryptReleaseContext(hCryptProv, 0);
			}
			return TRUE;
		}
		ShowError (43);
	} else {
		memcpy (pname, szProvider3, sizeof(CHAR)*260);
		if (hCryptProv) {
			CryptReleaseContext(hCryptProv, 0);
		}
		return TRUE;
	}

	if (!CryptAcquireContext(
				&hCryptProv,     
				"testRootPubKey20041022",  
				szProvider2,      
				PROV_RSA_FULL, 
				0)) 
	{
		ShowError (44);
		if (CryptAcquireContext(
			&hCryptProv,     
			"testRootPubKey20041022",
			szProvider2,    
			PROV_RSA_FULL,   
			CRYPT_NEWKEYSET)) 
		{
			memcpy (pname, szProvider2, sizeof(CHAR)*260);
			if (hCryptProv) {
				CryptReleaseContext(hCryptProv, 0);
			}
			return TRUE;
		}
		ShowError (45);
	} else {
		memcpy (pname, szProvider2, sizeof(CHAR)*260);
		if (hCryptProv) {
			CryptReleaseContext(hCryptProv, 0);
		}
		return TRUE;
	}

	if (!CryptAcquireContext(
				&hCryptProv,     
				"testRootPubKey20041022",  
				szProvider1,      
				PROV_RSA_FULL, 
				0)) 
	{
		ShowError (46);
		if (CryptAcquireContext(
			&hCryptProv,     
			"testRootPubKey20041022",
			szProvider1,    
			PROV_RSA_FULL,   
			CRYPT_NEWKEYSET)) 
		{
			memcpy (pname, szProvider1, sizeof(CHAR)*260);
			if (hCryptProv) {
				CryptReleaseContext(hCryptProv, 0);
			}
			return TRUE;
		}
		ShowError (47);
	} else {
		memcpy (pname, szProvider1, sizeof(CHAR)*260);
		if (hCryptProv) {
			CryptReleaseContext(hCryptProv, 0);
		}
		return TRUE;
	}

	return FALSE;
}