📄 certcreate.cpp.bak
字号:
}
// Open Certificate store
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
0, dwSubjectFlags, (LPVOID)szwStore);
if (!hStore)
{
dwError = GetLastError();
break;
}
// Place Certificate in store
bResult = CertAddEncodedCertificateToStore(hStore, MYCODING_TYPE,
bpEncodedCert, dwSize,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Convert container to unicode
nRtn = MultiByteToWideChar(0, 0, szContainer, -1, szwContainer, 160);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Initialize CRYPT_KEY_PROV_INFO structure
ZeroMemory(&CryptKeyProvInfo, sizeof(CryptKeyProvInfo));
CryptKeyProvInfo.pwszContainerName = szwContainer;
CryptKeyProvInfo.pwszProvName = szwProvider;
CryptKeyProvInfo.dwProvType = dwProviderType;
CryptKeyProvInfo.dwKeySpec = AT_SIGNATURE;
// Set Certificate's Key Provider info
bResult = CertSetCertificateContextProperty(pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
0, (LPVOID)&CryptKeyProvInfo);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Destroy previous hash
if (hHash) CryptDestroyHash(hHash);
hHash = 0;
// Create hash
bResult = CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Hash password
bResult = CryptHashData(hHash, (LPBYTE)szPassword, (DWORD)strlen(szPassword), 0);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Derive Session Key from hash
bResult = CryptDeriveKey(hCryptProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hSessionKey);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Get size of exported key blob
bResult = CryptExportKey(hPubKey, hSessionKey, PRIVATEKEYBLOB, 0, NULL, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Allocate memory for exported key blob
pbExportedKey = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbExportedKey)
{
dwError = GetLastError();
break;
}
// Get exported key blob
bResult = CryptExportKey(hPubKey, hSessionKey, PRIVATEKEYBLOB,
0, pbExportedKey, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Create Exported Key File
nRtn = WriteToFile((char *)pbExportedKey, dwSize,szKeyFile);
bReturn = TRUE;
break;
} //end while
{
// Clean up
if (pbNameBlob) HeapFree(hHeap, 0, pbNameBlob);
if (CertEnhKeyUsage.rgpszUsageIdentifier)
HeapFree(hHeap, 0, CertEnhKeyUsage.rgpszUsageIdentifier);
if (PublicKeyInfo) HeapFree(hHeap, 0, PublicKeyInfo);
if (pbKeyIdentifier) HeapFree(hHeap, 0, pbKeyIdentifier);
if (SubjectKeyIdentifier) HeapFree(hHeap, 0, SubjectKeyIdentifier);
if (pbKeyUsage) HeapFree(hHeap, 0, pbKeyUsage);
if (pbEnhKeyUsage) HeapFree(hHeap, 0, pbEnhKeyUsage);
if (pbBasicConstraints) HeapFree(hHeap, 0, pbBasicConstraints);
if (KeyId) HeapFree(hHeap, 0, KeyId);
if (pbCertSerialNum) HeapFree(hHeap,0,pbCertSerialNum);
if (pbAuthorityKeyId) HeapFree(hHeap, 0, pbAuthorityKeyId);
if (bpEncodedCert) HeapFree(hHeap, 0, bpEncodedCert);
if (pbExportedKey) HeapFree(hHeap, 0, pbExportedKey);
// if (szContainer) RpcStringFree((unsigned char **)&szContainer);
if (hCertFile) CloseHandle(hCertFile);
if (hKeyFile) CloseHandle(hKeyFile);
if (hPubKey) CryptDestroyKey(hPubKey);
if (hSessionKey) CryptDestroyKey(hSessionKey);
if (hHash) CryptDestroyHash(hHash);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
if (hIssuerProv) CryptReleaseContext(hIssuerProv, 0);
if (pIssuerCert) CertFreeCertificateContext(pIssuerCert);
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (hStore) CertCloseStore(hStore, 0);
}
return dwError;
}
int SignP10(LPSTR szUserSubject, //in 主题名
LPSTR szP10, //in BASE64编码的pkcs10字符串
DWORD dwSerialNum, //in 系列号
DWORD dwValid, //in 有效期(现在开始的月数)
BYTE* pbCert, //out 证书
DWORD *cbSize) //in-out pbCert缓冲区长度/证书长度
{
DWORD dwError=0;
BOOL bReturn = FALSE;
BOOL bResult;
LPBYTE pbNameBlob = NULL;
RPC_STATUS Status;
HCRYPTPROV hCryptProv = 0;
HCRYPTPROV hIssuerProv = 0;
HCRYPTKEY hPubKey = 0;
HCRYPTKEY hSessionKey = 0;
HCRYPTHASH hHash = 0;
HCERTSTORE hStore = 0;
HANDLE hCertFile = INVALID_HANDLE_VALUE;
HANDLE hKeyFile = INVALID_HANDLE_VALUE;
PCRYPT_DATA_BLOB KeyId = NULL;
PCERT_PUBLIC_KEY_INFO PublicKeyInfo = NULL;
PCCERT_CONTEXT pIssuerCert = NULL;
PCCERT_CONTEXT pCertContext = NULL;
LPBYTE pbKeyIdentifier = NULL;
LPBYTE SubjectKeyIdentifier = NULL;
LPBYTE pbKeyUsage = NULL;
LPBYTE pbEnhKeyUsage = NULL;
LPBYTE pbBasicConstraints = NULL;
LPBYTE pbAuthorityKeyId = NULL;
LPBYTE bpEncodedCert = NULL;
LPBYTE pbExportedKey = NULL;
CERT_ENHKEY_USAGE CertEnhKeyUsage = { 0, NULL };
CERT_BASIC_CONSTRAINTS2_INFO BasicConstraints;
CERT_AUTHORITY_KEY_ID_INFO AuthorityKeyId;
BYTE ByteData;
CRYPT_BIT_BLOB KeyUsage;
CERT_EXTENSION CertExtension[5];
CRYPT_DATA_BLOB CertKeyIdentifier;
HANDLE hHeap = GetProcessHeap();
CERT_INFO CertInfo;
DWORD dwSize;
DWORD dwIssuerKeyType;
DWORD dwSubjectFlags =CERT_SYSTEM_STORE_LOCAL_MACHINE;
FILETIME ftTime;
SYSTEMTIME stTime;
DWORD dwProviderType = PROV_RSA_FULL;
BOOL bAddAuthorityExtension = FALSE;
LPBYTE pbCertSerialNum = NULL;
PCERT_REQUEST_INFO pvCertReqInfo = NULL;
while(1)
{
// Zero CERT_INFO structure
ZeroMemory(&CertInfo, sizeof(CertInfo));
// Set Version of Certificate
CertInfo.dwVersion = CERT_V3;
// Set Serial Number of Certificate
DWORD serNum = dwSerialNum;
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,X509_INTEGER,(LPVOID)&serNum,&pbCertSerialNum,&dwSize);
if(!bResult)
{
dwError = 3107;
break;
}
// Set Serial Number of Certificate
CertInfo.SerialNumber.cbData = dwSize;
CertInfo.SerialNumber.pbData = pbCertSerialNum;
// Set Signature Algorithm of Certificate
CertInfo.SignatureAlgorithm.pszObjId = szOID_RSA_SHA1RSA;//szOID_RSA_MD5;//szOID_RSA_SHA1RSA;//szOID_RSA_SHA1RSA;//szOID_RSA;
CertInfo.SignatureAlgorithm.Parameters.cbData = 0;
CertInfo.SignatureAlgorithm.Parameters.pbData = NULL;
// set NotBefore date
GetSystemTime(&stTime);
SystemTimeToFileTime(&stTime, &ftTime);
CertInfo.NotBefore = ftTime;
// Set After Date
stTime.wMonth += (unsigned short)dwValid;
if ((stTime.wMonth / 12) > 0)
{
stTime.wYear += (stTime.wMonth / 12);
stTime.wMonth = (stTime.wMonth % 12);
}
SystemTimeToFileTime(&stTime, &ftTime);
CertInfo.NotAfter = ftTime;
// Get Public Key Info
dwSize = GetPubKeyFromP10(hHeap,szP10,&pvCertReqInfo);
if(dwSize < 0)
{
dwError = GetLastError();
break;
}
// Set Public Key info of Certificate
CertInfo.SubjectPublicKeyInfo = pvCertReqInfo->SubjectPublicKeyInfo;
// Set Subject of Certificate
CertInfo.Subject = pvCertReqInfo->Subject;
pIssuerCert = FindCertificate(ISSUERNAME, szIssuerStore,
CERT_SYSTEM_STORE_LOCAL_MACHINE, &KeyId,
&hIssuerProv, &dwIssuerKeyType);
if (!pIssuerCert)
{
dwError = GetLastError();
break;
}
// Set Issuer of Certificate
CertInfo.Issuer = pIssuerCert->pCertInfo->Subject;
/*************************************************************************************/
// Get Hash of Public Key Info
dwSize = GetPubKeyHash(hIssuerProv,hHeap,&CertInfo.SubjectPublicKeyInfo,&dwSize,&pbKeyIdentifier);
if(dwSize < 0)
{
dwError = dwSize;
break;
}
// We will use this to set the Key Identifier extension
CertKeyIdentifier.cbData = dwSize;
CertKeyIdentifier.pbData = pbKeyIdentifier;
// Get Subject Key Identifier Extension
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,szOID_SUBJECT_KEY_IDENTIFIER,(LPVOID)&CertKeyIdentifier,&SubjectKeyIdentifier,&dwSize);
if(!bResult)
{
dwError = -3108;
break;
}
// Set Subject Key Identifier
CertExtension[CertInfo.cExtension].pszObjId = szOID_SUBJECT_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = SubjectKeyIdentifier;
// Increase extension count
CertInfo.cExtension++;
// Set Key Usage according to Public Key Type
ZeroMemory(&KeyUsage, sizeof(KeyUsage));
KeyUsage.cbData = 1;
KeyUsage.pbData = &ByteData;
ByteData = CERT_DIGITAL_SIGNATURE_KEY_USAGE|
CERT_NON_REPUDIATION_KEY_USAGE|
CERT_KEY_CERT_SIGN_KEY_USAGE |
CERT_CRL_SIGN_KEY_USAGE;
// Get Key Usage Extension blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_KEY_USAGE,
(LPVOID)&KeyUsage,
&pbKeyUsage, &dwSize);
if(!bResult)
{
dwError = -3109;
break;
}
// Set Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbKeyUsage;
// Increase extension count
CertInfo.cExtension++;
if (CertEnhKeyUsage.cUsageIdentifier != 0)
{
// Get Enhanced Key Usage Extension blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_ENHANCED_KEY_USAGE,
(LPVOID)&CertEnhKeyUsage,
&pbEnhKeyUsage, &dwSize);
if(!bResult)
{
dwError = -3110;
break;
}
// Set Enhanced Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_ENHANCED_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbEnhKeyUsage;
// Increase extension count
CertInfo.cExtension++;
}
// Zero Basic Constraints structure
ZeroMemory(&BasicConstraints, sizeof(BasicConstraints));
// not a CA certificate
BasicConstraints.fCA = FALSE;
// Get Basic Constraints Extension blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_BASIC_CONSTRAINTS2,
(LPVOID)&BasicConstraints,
&pbBasicConstraints, &dwSize);
if(!bResult)
{
dwError = -3111;
break;
}
// Set Basic Constraints extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_BASIC_CONSTRAINTS2;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbBasicConstraints;
// Increase extension count
CertInfo.cExtension++;
if (KeyId)
{
AuthorityKeyId.KeyId = *KeyId;
AuthorityKeyId.CertIssuer = pIssuerCert->pCertInfo->Issuer;
AuthorityKeyId.CertSerialNumber = pIssuerCert->pCertInfo->SerialNumber;
bAddAuthorityExtension = TRUE;
// Get Authority Key Id blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_AUTHORITY_KEY_ID,
(LPVOID)&AuthorityKeyId,
&pbAuthorityKeyId, &dwSize);
if(!bResult)
{
dwError = -3112;
break;
}
// Set Authority Key Id extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_AUTHORITY_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbAuthorityKeyId;
// Increase extension count
CertInfo.cExtension++;
}
CertInfo.rgExtension = CertExtension;
/**************************************************************************************/
// Get Encoded Certificate Size
bResult = CryptSignAndEncodeCertificate(hIssuerProv, dwIssuerKeyType,
MYCODING_TYPE, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(pIssuerCert->pCertInfo->SignatureAlgorithm),
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -