📄 certcreate.cpp
字号:
//find cert from SIGNCERTNAME store
do
{
pTmpCertContext = CertFindCertificateInStore(
hStore,
MYCODING_TYPE,
0,
CERT_FIND_ANY,
NULL,
NULL
);
if(pTmpCertContext)
{
if(!CertDeleteCertificateFromStore(pTmpCertContext))
{
dwError = -3119;
break;
}
}
} while(pTmpCertContext != NULL);
// Place Certificate in store
bResult = CertAddEncodedCertificateToStore(hStore, MYCODING_TYPE,
bpEncodedCert, dwSize,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bResult)
{
dwError = GetLastError();
break;
}
/*******************************************************/
//save CA ROOT CERTIFICATION TO ROOT STORE
// Open Certificate store
hStoreRoot = CertOpenSystemStore(hCryptProv,"ROOT");
if (!hStoreRoot)
{
dwError = GetLastError();
break;
}
//find and delete cert from SIGNCERTNAME store
do
{
pTmpCertContext = CertFindCertificateInStore(
hStoreRoot,
MYCODING_TYPE,
0,
CERT_FIND_SUBJECT_STR_A,
ISSUERNAME,
NULL
);
if(pTmpCertContext)
{
if(!CertDeleteCertificateFromStore(pTmpCertContext))
{
dwError = -3120;
break;
}
}
} while(pTmpCertContext != NULL);
// Place Certificate in store
bResult = CertAddEncodedCertificateToStore(hStoreRoot, MYCODING_TYPE,
bpEncodedCert, dwSize,
CERT_STORE_ADD_REPLACE_EXISTING,
NULL);
if (!bResult)
{
dwError = GetLastError();
break;
}
// end save ROOT store
/*******************************************************/
// Convert container to unicode
nRtn = MultiByteToWideChar(0, 0, szContainer, -1, szwContainer, 160);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Initialize CRYPT_KEY_PROV_INFO structure
ZeroMemory(&CryptKeyProvInfo, sizeof(CryptKeyProvInfo));
CryptKeyProvInfo.pwszContainerName = szwContainer;
CryptKeyProvInfo.pwszProvName = szwProvider;
CryptKeyProvInfo.dwProvType = dwProviderType;
CryptKeyProvInfo.dwKeySpec = AT_SIGNATURE;
// Set Certificate's Key Provider info
bResult = CertSetCertificateContextProperty(pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
0, (LPVOID)&CryptKeyProvInfo);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Destroy previous hash
if (hHash) CryptDestroyHash(hHash);
hHash = 0;
// Create hash
bResult = CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Hash password
bResult = CryptHashData(hHash, (LPBYTE)szPassword, (DWORD)strlen(szPassword), 0);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Derive Session Key from hash
bResult = CryptDeriveKey(hCryptProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hSessionKey);
if (!bResult)
{
dwError = GetLastError();
break;
}
//**************************AT_SIGNATURE KEY***************************//
// Get size of exported AT_SIGNATURE key blob
bResult = CryptExportKey(hPubKey, hSessionKey, PRIVATEKEYBLOB, 0, NULL, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Allocate memory for exported AT_SIGNATURE key blob
pbExportedKey = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbExportedKey)
{
dwError = GetLastError();
break;
}
// Get exported AT_SIGNATURE key blob
bResult = CryptExportKey(hPubKey, hSessionKey, PRIVATEKEYBLOB,0, pbExportedKey, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Create Exported AT_SIGNATURE Key File
nRtn = WriteToFile((char *)pbExportedKey, dwSize,szKeyFile);
if (nRtn < 0)
{
dwError = GetLastError();
break;
}
//**************************AT_KEYEXCHANGE KEY***************************//
// Get size of exported AT_KEYEXCHANGE key blob
bResult = CryptExportKey(hXCHGPubKey, hSessionKey, PRIVATEKEYBLOB, 0, NULL, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Allocate memory for exported AT_KEYEXCHANGE key blob
pbXCHGExportedKey = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbXCHGExportedKey)
{
dwError = GetLastError();
break;
}
// Get exported AT_KEYEXCHANGE key blob
bResult = CryptExportKey(hXCHGPubKey, hSessionKey, PRIVATEKEYBLOB,0, pbXCHGExportedKey, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Create Exported AT_KEYEXCHANGE Key File
nRtn = WriteToFile((char *)pbXCHGExportedKey, dwSize,szXCHGKeyFile);
if (nRtn < 0)
{
dwError = GetLastError();
break;
}
//**************************AT_KEYEXCHANGE KEY***************************//
// Get size of exported AT_KEYEXCHANGE PUBLIC key blob
bResult = CryptExportKey(hXCHGPubKey, 0, PUBLICKEYBLOB, 0, NULL, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Allocate memory for exported AT_KEYEXCHANGE PUBLIC key blob
pbXCHGExportedPUBLICKey = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbXCHGExportedPUBLICKey)
{
dwError = GetLastError();
break;
}
// Get exported AT_KEYEXCHANGE key PUBLIC blob
bResult = CryptExportKey(hXCHGPubKey,0, PUBLICKEYBLOB,0, pbXCHGExportedPUBLICKey, &dwSize);
if (!bResult)
{
dwError = GetLastError();
break;
}
memset(szXCHGExpPubKey,0,sizeof(szXCHGExpPubKey));
XFBase64encode(pbXCHGExportedPUBLICKey,dwSize,(unsigned char *)szXCHGExpPubKey, FALSE);
// Create Exported AT_KEYEXCHANGE PUBLIC Key File
nRtn = WriteToFile((char *)szXCHGExpPubKey, strlen(szXCHGExpPubKey),szXCHGPubFile);
if (nRtn < 0)
{
dwError = GetLastError();
break;
}
//export p7b file
nRtn = GenCAP7();
if (nRtn < 0)
{
dwError = nRtn;
break;
}
bReturn = TRUE;
break;
} //end while
{
// Clean up
if (pbNameBlob) HeapFree(hHeap, 0, pbNameBlob);
if (CertEnhKeyUsage.rgpszUsageIdentifier)
HeapFree(hHeap, 0, CertEnhKeyUsage.rgpszUsageIdentifier);
if (PublicKeyInfo) HeapFree(hHeap, 0, PublicKeyInfo);
if (pbKeyIdentifier) HeapFree(hHeap, 0, pbKeyIdentifier);
if (SubjectKeyIdentifier) HeapFree(hHeap, 0, SubjectKeyIdentifier);
if (pbKeyUsage) HeapFree(hHeap, 0, pbKeyUsage);
if (pbEnhKeyUsage) HeapFree(hHeap, 0, pbEnhKeyUsage);
if (pbBasicConstraints) HeapFree(hHeap, 0, pbBasicConstraints);
if (KeyId) HeapFree(hHeap, 0, KeyId);
if (pbCertSerialNum) HeapFree(hHeap,0,pbCertSerialNum);
if (pbAuthorityKeyId) HeapFree(hHeap, 0, pbAuthorityKeyId);
if (bpEncodedCert) HeapFree(hHeap, 0, bpEncodedCert);
if (pbExportedKey) HeapFree(hHeap, 0, pbExportedKey);
if (pbXCHGExportedKey) HeapFree(hHeap, 0, pbXCHGExportedKey);
if (pbXCHGExportedPUBLICKey) HeapFree(hHeap, 0, pbXCHGExportedPUBLICKey);
// if (szContainer) RpcStringFree((unsigned char **)&szContainer);
if (hCertFile) CloseHandle(hCertFile);
if (hKeyFile) CloseHandle(hKeyFile);
if (hPubKey) CryptDestroyKey(hPubKey);
if (hXCHGPubKey) CryptDestroyKey(hXCHGPubKey);
if (hSessionKey) CryptDestroyKey(hSessionKey);
if (hHash) CryptDestroyHash(hHash);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
if (hIssuerProv) CryptReleaseContext(hIssuerProv, 0);
if (pIssuerCert) CertFreeCertificateContext(pIssuerCert);
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (pTmpCertContext) CertFreeCertificateContext(pTmpCertContext);
if (hStore) CertCloseStore(hStore, 0);
if (hStoreRoot) CertCloseStore(hStoreRoot, 0);
}
return dwError;
}
int SignP10(LPSTR szUserSubject, //in 主题名
LPSTR szP10, //in BASE64编码的pkcs10字符串
DWORD dwSerialNum, //in 系列号
DWORD dwValid, //in 有效期(现在开始的月数)
BYTE* pbCert, //out 证书
DWORD *cbSize) //in-out pbCert缓冲区长度/证书长度
{
DWORD dwError=0;
BOOL bReturn = FALSE;
int nRtn=0;
LPBYTE pbNameBlob = NULL;
// RPC_STATUS Status;
HCRYPTPROV hCryptProv = 0;
HCRYPTPROV hIssuerProv = 0;
HCRYPTKEY hPubKey = 0;
HCRYPTKEY hSessionKey = 0;
HCRYPTHASH hHash = 0;
HCERTSTORE hStore = 0;
HANDLE hCertFile = INVALID_HANDLE_VALUE;
HANDLE hKeyFile = INVALID_HANDLE_VALUE;
PCRYPT_DATA_BLOB KeyId = NULL;
PCERT_PUBLIC_KEY_INFO PublicKeyInfo = NULL;
PCCERT_CONTEXT pIssuerCert = NULL;
PCCERT_CONTEXT pCertContext = NULL;
LPBYTE pbKeyIdentifier = NULL;
LPBYTE SubjectKeyIdentifier = NULL;
LPBYTE pbKeyUsage = NULL;
LPBYTE pbEnhKeyUsage = NULL;
LPBYTE pbBasicConstraints = NULL;
LPBYTE pbAuthorityKeyId = NULL;
LPBYTE bpEncodedCert = NULL;
LPBYTE pbExportedKey = NULL;
CERT_ENHKEY_USAGE CertEnhKeyUsage = { 0, NULL };
CERT_BASIC_CONSTRAINTS2_INFO BasicConstraints;
CERT_AUTHORITY_KEY_ID_INFO AuthorityKeyId;
BYTE ByteData;
CRYPT_BIT_BLOB KeyUsage;
CERT_EXTENSION CertExtension[5];
CRYPT_DATA_BLOB CertKeyIdentifier;
HANDLE hHeap = GetProcessHeap();
CERT_INFO CertInfo;
DWORD dwSize;
DWORD dwIssuerKeyType;
DWORD dwSubjectFlags =CERT_SYSTEM_STORE_LOCAL_MACHINE;
FILETIME ftTime;
SYSTEMTIME stTime;
DWORD dwProviderType = PROV_RSA_FULL;
BOOL bAddAuthorityExtension = FALSE;
LPBYTE pbCertSerialNum = NULL;
PCERT_REQUEST_INFO pvCertReqInfo = NULL;
while(1)
{
// Zero CERT_INFO structure
ZeroMemory(&CertInfo, sizeof(CertInfo));
// Set Version of Certificate
CertInfo.dwVersion = CERT_V3;
// Set Serial Number of Certificate
DWORD serNum = dwSerialNum;
bReturn = XFCryptEncodeObject(hHeap,MYCODING_TYPE,X509_INTEGER,(LPVOID)&serNum,&pbCertSerialNum,&dwSize);
if(!bReturn)
{
dwError = -3107;
break;
}
// Set Serial Number of Certificate
CertInfo.SerialNumber.cbData = dwSize;
CertInfo.SerialNumber.pbData = pbCertSerialNum;
// Set Signature Algorithm of Certificate
CertInfo.SignatureAlgorithm.pszObjId = szOID_RSA_SHA1RSA;//szOID_RSA_MD5;//szOID_RSA_SHA1RSA;//szOID_RSA_SHA1RSA;//szOID_RSA;
CertInfo.SignatureAlgorithm.Parameters.cbData = 0;
CertInfo.SignatureAlgorithm.Parameters.pbData = NULL;
// set NotBefore date
GetSystemTime(&stTime);
SystemTimeToFileTime(&stTime, &ftTime);
CertInfo.NotBefore = ftTime;
// Set After Date
stTime.wMonth += (unsigned short)dwValid;
if ((stTime.wMonth / 12) > 0)
{
stTime.wYear += (stTime.wMonth / 12);
stTime.wMonth = (stTime.wMonth % 12);
}
SystemTimeToFileTime(&stTime, &ftTime);
CertInfo.NotAfter = ftTime;
// Get Public Key Info
nRtn = GetPubKeyFromP10(hHeap,szP10,&pvCertReqInfo);
if(nRtn < 0)
{
dwError = GetLastError();
break;
}
// Set Public Key info of Certificate
CertInfo.SubjectPublicKeyInfo = pvCertReqInfo->SubjectPublicKeyInfo;
// Set Subject of Certificate
CertInfo.Subject = pvCertReqInfo->Subject;
pIssuerCert = FindCertificate(ISSUERNAME, szIssuerStore,
CERT_SYSTEM_STORE_LOCAL_MACHINE, &KeyId,
&hIssuerProv, &dwIssuerKeyType);
if (!pIssuerCert)
{
dwError = -3107;
break;
}
// Set Issuer of Certificate
CertInfo.Issuer = pIssuerCert->pCertInfo->Subject;
/*************************************************************************************/
// Get Hash of Public Key Info
nRtn = GetPubKeyHash(hIssuerProv,hHeap,&CertInfo.SubjectPublicKeyInfo,&dwSize,&pbKeyIdentifier);
if(nRtn < 0)
{
dwError = nRtn;
break;
}
// We will use this to set the Key Identifier extension
CertKeyIdentifier.cbData = dwSize;
CertKeyIdentifier.pbData = pbKeyIdentifier;
// Get Subject Key Identifier Extension
bReturn = XFCryptEncodeObject(hHeap,MYCODING_TYPE,szOID_SUBJECT_KEY_IDENTIFIER,(LPVOID)&CertKeyIdentifier,&SubjectKeyIdentifier,&dwSize);
if(!bReturn)
{
dwError = -3108;
break;
}
// Set Subject Key Identifier
CertExtension[CertInfo.cExtension].pszObjId = szOID_SUBJECT_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = SubjectKeyIdentifier;
// Increase extension count
CertInfo.cExtension++;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -