📄 certcreate.cpp
字号:
#ifndef _WIN32_WINNT
#define _WIN32_WINNT 0x0400
#endif
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <wincrypt.h>
#include <Rpcdce.h>
#include "certcreate.h"
#include "certtools.h"
#include "certglobal.h"
LPSTR szIssuerStore = "FGC_CA_STORE3";//"FGC_CA_STORE2";//"MY";
LPSTR szSignStore = "FGC_CA_MASTER3";//"FGC_CA_MASTER"; //用于存放签名证书的STORE
LPSTR szSignContainer = "FGC_CA_MASTER_CONTAINER3";//"FGC_CA_MASTER_CONTAINER"; //用于签名证书的CONTAINER
LPSTR szContainer = "FGKeyContainerTest3";//"FGKeyContainerTest";
CHAR szProvider[260] = { MS_STRONG_PROV };
// Every Enhanced Usage Extension has a
// corresponding number to it. Just add
// the number to set the appropriate
// extension:
// Server Authentication 1
// Client Authentication 2
// Code Signing 4
// Email Protection 8
// Time Stamping 16
ENHKEYUSAGE g_EnhKeyUsage =
{
KEY_USAGE_SIZE,
{
szOID_PKIX_KP_SERVER_AUTH,
szOID_PKIX_KP_CLIENT_AUTH,
szOID_PKIX_KP_CODE_SIGNING,
szOID_PKIX_KP_EMAIL_PROTECTION,
szOID_PKIX_KP_TIMESTAMP_SIGNING
},
{ 1, 2, 4, 8, 16}
};
int CACreateCertificate(
LPSTR szCertFile, //根证书导出到该证书文件
LPSTR szKeyFile, //签名公私钥保存文件
LPSTR szXCHGKeyFile, //交换公私钥保存文件
LPSTR szXCHGPubFile, //交换公钥保存文件
LPSTR szPassword) //密钥文件口令
{
char szXCHGExpPubKey[2000];
int nRtn;
DWORD dwError=0;
BOOL bReturn = FALSE;
BOOL bResult;
LPBYTE pbNameBlob = NULL;
// RPC_STATUS Status;
HCRYPTPROV hCryptProv = 0;
HCRYPTPROV hIssuerProv = 0;
HCRYPTKEY hPubKey = 0;
HCRYPTKEY hXCHGPubKey = 0;
HCRYPTKEY hSessionKey = 0;
HCRYPTHASH hHash = 0;
HCERTSTORE hStore = 0;
HCERTSTORE hStoreRoot = 0;
HANDLE hCertFile = INVALID_HANDLE_VALUE;
HANDLE hKeyFile = INVALID_HANDLE_VALUE;
PCRYPT_DATA_BLOB KeyId = NULL;
PCERT_PUBLIC_KEY_INFO PublicKeyInfo = NULL;
PCCERT_CONTEXT pIssuerCert = NULL;
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pTmpCertContext = NULL;
LPBYTE pbKeyIdentifier = NULL;
LPBYTE SubjectKeyIdentifier = NULL;
LPBYTE pbKeyUsage = NULL;
LPBYTE pbEnhKeyUsage = NULL;
LPBYTE pbBasicConstraints = NULL;
LPBYTE pbAuthorityKeyId = NULL;
LPBYTE bpEncodedCert = NULL;
LPBYTE pbExportedKey = NULL;
LPBYTE pbXCHGExportedKey = NULL;
LPBYTE pbXCHGExportedPUBLICKey = NULL;
CERT_ENHKEY_USAGE CertEnhKeyUsage = { 0, NULL };
// BYTE SerialNumber[8];
CERT_BASIC_CONSTRAINTS2_INFO BasicConstraints;
CERT_AUTHORITY_KEY_ID_INFO AuthorityKeyId;
BYTE ByteData;
CRYPT_BIT_BLOB KeyUsage;
CERT_EXTENSION CertExtension[5];
CRYPT_DATA_BLOB CertKeyIdentifier;
CERT_NAME_BLOB IssuerName;
HANDLE hHeap = GetProcessHeap();
CERT_INFO CertInfo;
DWORD dwSize, m, q;
// DWORD dwAcquireFlags, dwIssuerKeyType;
// DWORD dwIssuerFlags, dwSubjectFlags;
DWORD dwSubjectFlags =CERT_SYSTEM_STORE_LOCAL_MACHINE;
FILETIME ftTime;
SYSTEMTIME stTime;
DWORD dwProviderType = PROV_RSA_FULL;
BOOL bAddAuthorityExtension = FALSE;
LPBYTE pbCertSerialNum = NULL;
while(1)
{
if(!CryptAcquireContext(&hCryptProv, // 返回CSP句柄
szContainer, // 密码容器名
szProvider, // NULL时使用默认CSP名(微软RSA Base Provider)
PROV_RSA_FULL, // CSP类型
0)) // Flag values
{
if(!CryptAcquireContext(&hCryptProv,
szContainer,
szProvider,
PROV_RSA_FULL,
CRYPT_NEWKEYSET)) //创建以szContainer为名的密钥容器
{
dwError = GetLastError();
break;
}
}
// Generate AT_SIGNATURE Private/Public key pair
bResult = CryptGenKey(hCryptProv, AT_SIGNATURE, CRYPT_EXPORTABLE, &hPubKey);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Generate AT_KEYEXCHANGE Private/Public key pair
bResult = CryptGenKey(hCryptProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hXCHGPubKey);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Find Enhanced Key Usage extensions count
for (m = 0; m < g_EnhKeyUsage.dwCount; m++)
{
if ((g_EnhKeyUsage.dwValue[m] & 0xffff) == g_EnhKeyUsage.dwValue[m])
{
CertEnhKeyUsage.cUsageIdentifier++;
}
}
// If extensions exist continue
if (CertEnhKeyUsage.cUsageIdentifier != 0)
{
// Allocate memory for Enhanced Key Usage array
CertEnhKeyUsage.rgpszUsageIdentifier =
(LPSTR *)HeapAlloc(hHeap, 0, CertEnhKeyUsage.cUsageIdentifier * sizeof(LPSTR));
if (!CertEnhKeyUsage.rgpszUsageIdentifier)
{
printf("Unable to allocate memory for Enhanced Usage array\n");
break;
}
// Initialize Enhanced Key Usage array to NULL
for (m = 0; m < CertEnhKeyUsage.cUsageIdentifier; m++)
{
CertEnhKeyUsage.rgpszUsageIdentifier[m] = NULL;
}
// Add proper extension OID to array
q = 0;
for (m = 0; m < g_EnhKeyUsage.dwCount; m++)
{
if ((g_EnhKeyUsage.dwValue[m] & 0xffff) == g_EnhKeyUsage.dwValue[m])
{
CertEnhKeyUsage.rgpszUsageIdentifier[q++] = g_EnhKeyUsage.szUsage[m];
}
}
}
// Zero CERT_INFO structure
ZeroMemory(&CertInfo, sizeof(CertInfo));
// Set Version of Certificate
CertInfo.dwVersion = CERT_V3;
// Set Serial Number of Certificate
DWORD serNum = 1;
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,X509_INTEGER,(LPVOID)&serNum,&pbCertSerialNum,&dwSize);
if(!bResult)
{
dwError = -3101;
break;
}
// Set Serial Number of Certificate
CertInfo.SerialNumber.cbData = dwSize;
CertInfo.SerialNumber.pbData = pbCertSerialNum;
// Set Signature Algorithm of Certificate
CertInfo.SignatureAlgorithm.pszObjId = szOID_RSA_SHA1RSA;//szOID_RSA_MD5;//szOID_RSA_SHA1RSA;//szOID_RSA_SHA1RSA;//szOID_RSA;
CertInfo.SignatureAlgorithm.Parameters.cbData = 0;
CertInfo.SignatureAlgorithm.Parameters.pbData = NULL;
// set NotBefore date
GetSystemTime(&stTime);
SystemTimeToFileTime(&stTime, &ftTime);
CertInfo.NotBefore = ftTime;
// Set After Date
stTime.wYear += 10;
SystemTimeToFileTime(&stTime, &ftTime);
CertInfo.NotAfter = ftTime;
// Get Public Key Info
nRtn = GetPublicKey(hCryptProv,hHeap,&PublicKeyInfo);
if(nRtn < 0)
{
dwError = nRtn;
break;
}
// Set Public Key info of Certificate
CertInfo.SubjectPublicKeyInfo = *PublicKeyInfo;
// Get Hash of Public Key Info
nRtn = GetPubKeyHash(hCryptProv,hHeap,PublicKeyInfo,&dwSize,&pbKeyIdentifier);
if(nRtn < 0)
{
dwError = nRtn;
break;
}
// We will use this to set the Key Identifier extension
CertKeyIdentifier.cbData = dwSize;
CertKeyIdentifier.pbData = pbKeyIdentifier;
// Convert X509 Name to Name Blob
bResult = XFCertStrToName(hHeap,MYCODING_TYPE,ISSUERX509NAME,CERT_X500_NAME_STR,NULL,(LPBYTE *)&pbNameBlob,&dwSize,NULL);
if(!bResult)
{
dwError = -3100;
break;
}
IssuerName.cbData = dwSize;
IssuerName.pbData = pbNameBlob;
// Set Subject of Certificate
CertInfo.Subject = IssuerName;
// Set Issuer of Certificate
CertInfo.Issuer = IssuerName;
// Get Subject Key Identifier Extension
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,szOID_SUBJECT_KEY_IDENTIFIER,(LPVOID)&CertKeyIdentifier,&SubjectKeyIdentifier,&dwSize);
if(!bResult)
{
dwError = -3102;
break;
}
// Set Subject Key Identifier
CertExtension[CertInfo.cExtension].pszObjId = szOID_SUBJECT_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = SubjectKeyIdentifier;
// Increase extension count
CertInfo.cExtension++;
// Set Key Usage according to Public Key Type
ZeroMemory(&KeyUsage, sizeof(KeyUsage));
KeyUsage.cbData = 1;
KeyUsage.pbData = &ByteData;
ByteData = CERT_DIGITAL_SIGNATURE_KEY_USAGE|
CERT_NON_REPUDIATION_KEY_USAGE|
CERT_KEY_CERT_SIGN_KEY_USAGE |
CERT_CRL_SIGN_KEY_USAGE;
// Get Key Usage Extension blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_KEY_USAGE,
(LPVOID)&KeyUsage,
&pbKeyUsage, &dwSize);
if(!bResult)
{
dwError = -3103;
break;
}
// Set Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbKeyUsage;
// Increase extension count
CertInfo.cExtension++;
if (CertEnhKeyUsage.cUsageIdentifier != 0)
{
// Get Enhanced Key Usage Extension blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_ENHANCED_KEY_USAGE,
(LPVOID)&CertEnhKeyUsage,
&pbEnhKeyUsage, &dwSize);
if(!bResult)
{
dwError = -3104;
break;
}
// Set Enhanced Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_ENHANCED_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbEnhKeyUsage;
// Increase extension count
CertInfo.cExtension++;
}
// Zero Basic Constraints structure
ZeroMemory(&BasicConstraints, sizeof(BasicConstraints));
// Self-signed is always a CA
BasicConstraints.fCA = TRUE;
BasicConstraints.fPathLenConstraint = TRUE;
BasicConstraints.dwPathLenConstraint = 1;
// Get Basic Constraints Extension blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_BASIC_CONSTRAINTS2,
(LPVOID)&BasicConstraints,
&pbBasicConstraints, &dwSize);
if(!bResult)
{
dwError = -3105;
break;
}
// Set Basic Constraints extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_BASIC_CONSTRAINTS2;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbBasicConstraints;
// Increase extension count
CertInfo.cExtension++;
AuthorityKeyId.KeyId = CertKeyIdentifier;
AuthorityKeyId.CertIssuer = CertInfo.Issuer;
AuthorityKeyId.CertSerialNumber = CertInfo.SerialNumber;
bAddAuthorityExtension = TRUE;
// Get Authority Key Id blob
bResult = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_AUTHORITY_KEY_ID,
(LPVOID)&AuthorityKeyId,
&pbAuthorityKeyId, &dwSize);
if(!bResult)
{
dwError = -3106;
break;
}
// Set Authority Key Id extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_AUTHORITY_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbAuthorityKeyId;
// Increase extension count
CertInfo.cExtension++;
CertInfo.rgExtension = CertExtension;
// Get Encoded Certificate Size
bResult = CryptSignAndEncodeCertificate(hCryptProv, AT_SIGNATURE,
MYCODING_TYPE, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(CertInfo.SignatureAlgorithm),
NULL, NULL, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Allocate memory for encoded certificate
bpEncodedCert = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!bpEncodedCert)
{
dwError = GetLastError();
break;
}
// Sign and Encode certificate
bResult = CryptSignAndEncodeCertificate(hCryptProv, AT_SIGNATURE,
MYCODING_TYPE, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(CertInfo.SignatureAlgorithm),
NULL, bpEncodedCert, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Write encoded Certificate to file
nRtn = WriteToFile((char *)bpEncodedCert, dwSize,szCertFile);
if (nRtn < 0)
{
dwError = -3115;
break;
}
WCHAR szwStore[20];
WCHAR szwContainer[160];
WCHAR szwProvider[260];
CRYPT_KEY_PROV_INFO CryptKeyProvInfo;
// Convert Store string to unicode
nRtn = MultiByteToWideChar(0, 0, szIssuerStore, -1, szwStore, 20);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
nRtn = MultiByteToWideChar(0, 0, szProvider, -1, szwProvider, 260);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Delete Certificate store
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
CERT_STORE_DELETE_FLAG, dwSubjectFlags, (LPVOID)szwStore);
// Open Certificate store
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
0, dwSubjectFlags, (LPVOID)szwStore);
if (!hStore)
{
dwError = GetLastError();
break;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -