📄 certcreate.cpp
字号:
// Set Key Usage according to Public Key Type
ZeroMemory(&KeyUsage, sizeof(KeyUsage));
KeyUsage.cbData = 1;
KeyUsage.pbData = &ByteData;
ByteData = CERT_DIGITAL_SIGNATURE_KEY_USAGE|
CERT_NON_REPUDIATION_KEY_USAGE|
CERT_KEY_CERT_SIGN_KEY_USAGE |
CERT_CRL_SIGN_KEY_USAGE;
// Get Key Usage Extension blob
bReturn = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_KEY_USAGE,
(LPVOID)&KeyUsage,
&pbKeyUsage, &dwSize);
if(!bReturn)
{
dwError = -3109;
break;
}
// Set Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbKeyUsage;
// Increase extension count
CertInfo.cExtension++;
if (CertEnhKeyUsage.cUsageIdentifier != 0)
{
// Get Enhanced Key Usage Extension blob
bReturn = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_ENHANCED_KEY_USAGE,
(LPVOID)&CertEnhKeyUsage,
&pbEnhKeyUsage, &dwSize);
if(!bReturn)
{
dwError = -3110;
break;
}
// Set Enhanced Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_ENHANCED_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbEnhKeyUsage;
// Increase extension count
CertInfo.cExtension++;
}
// Zero Basic Constraints structure
ZeroMemory(&BasicConstraints, sizeof(BasicConstraints));
// not a CA certificate
BasicConstraints.fCA = FALSE;
// Get Basic Constraints Extension blob
bReturn = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_BASIC_CONSTRAINTS2,
(LPVOID)&BasicConstraints,
&pbBasicConstraints, &dwSize);
if(!bReturn)
{
dwError = -3111;
break;
}
// Set Basic Constraints extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_BASIC_CONSTRAINTS2;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbBasicConstraints;
// Increase extension count
CertInfo.cExtension++;
if (KeyId)
{
AuthorityKeyId.KeyId = *KeyId;
AuthorityKeyId.CertIssuer = pIssuerCert->pCertInfo->Issuer;
AuthorityKeyId.CertSerialNumber = pIssuerCert->pCertInfo->SerialNumber;
bAddAuthorityExtension = TRUE;
// Get Authority Key Id blob
bReturn = XFCryptEncodeObject(hHeap,MYCODING_TYPE,
X509_AUTHORITY_KEY_ID,
(LPVOID)&AuthorityKeyId,
&pbAuthorityKeyId, &dwSize);
if(!bReturn)
{
dwError = -3112;
break;
}
// Set Authority Key Id extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_AUTHORITY_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbAuthorityKeyId;
// Increase extension count
CertInfo.cExtension++;
}
CertInfo.rgExtension = CertExtension;
/**************************************************************************************/
// Get Encoded Certificate Size
bReturn = CryptSignAndEncodeCertificate(hIssuerProv, dwIssuerKeyType,
MYCODING_TYPE, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(pIssuerCert->pCertInfo->SignatureAlgorithm),
NULL, NULL, &dwSize);
if (!bReturn)
{
dwError = GetLastError();
break;
}
// Allocate memory for encoded certificate
bpEncodedCert = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!bpEncodedCert)
{
dwError = GetLastError();
break;
}
// Sign and Encode certificate
bReturn = CryptSignAndEncodeCertificate(hIssuerProv, dwIssuerKeyType,
MYCODING_TYPE, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(pIssuerCert->pCertInfo->SignatureAlgorithm),
NULL, bpEncodedCert, &dwSize);
if (!bReturn)
{
dwError = GetLastError();
break;
}
// Write encoded Certificate to file
/*
nRtn = WriteToFile((char *)bpEncodedCert, dwSize,"signp10.cer");
if (nRtn < 0)
{
dwError = GetLastError();
__leave;
}
*/
if(dwSize > *cbSize)
{
dwError = GetLastError();
break;
}
*cbSize = dwSize;
memcpy(pbCert,bpEncodedCert,dwSize);
dwError = 0;
break;
} //end while
{
// Clean up
if (pbNameBlob) HeapFree(hHeap, 0, pbNameBlob);
if (CertEnhKeyUsage.rgpszUsageIdentifier)
HeapFree(hHeap, 0, CertEnhKeyUsage.rgpszUsageIdentifier);
if (PublicKeyInfo) HeapFree(hHeap, 0, PublicKeyInfo);
if (pbKeyIdentifier) HeapFree(hHeap, 0, pbKeyIdentifier);
if (SubjectKeyIdentifier) HeapFree(hHeap, 0, SubjectKeyIdentifier);
if (pbKeyUsage) HeapFree(hHeap, 0, pbKeyUsage);
if (pbEnhKeyUsage) HeapFree(hHeap, 0, pbEnhKeyUsage);
if (pbBasicConstraints) HeapFree(hHeap, 0, pbBasicConstraints);
if (KeyId) HeapFree(hHeap, 0, KeyId);
if (pbCertSerialNum) HeapFree(hHeap,0,pbCertSerialNum);
if (pbAuthorityKeyId) HeapFree(hHeap, 0, pbAuthorityKeyId);
if (bpEncodedCert) HeapFree(hHeap, 0, bpEncodedCert);
if (pbExportedKey) HeapFree(hHeap, 0, pbExportedKey);
// if (szContainer) RpcStringFree((unsigned char **)&szContainer);
if (hCertFile) CloseHandle(hCertFile);
if (hKeyFile) CloseHandle(hKeyFile);
if (hPubKey) CryptDestroyKey(hPubKey);
if (hSessionKey) CryptDestroyKey(hSessionKey);
if (hHash) CryptDestroyHash(hHash);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
if (hIssuerProv) CryptReleaseContext(hIssuerProv, 0);
if (pIssuerCert) CertFreeCertificateContext(pIssuerCert);
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (hStore) CertCloseStore(hStore, 0);
if (pvCertReqInfo) HeapFree(hHeap, 0, pvCertReqInfo);
}
return dwError;
}
int GenP7(BYTE* pbCert, //in 用户证书
DWORD cbSize, //in 用户证书长度
BYTE* pbData, //out base64编码后的p7内容
DWORD* cbData) //in/out pbData缓冲区长度/返回长度
{
int nRtn=0;
BOOL bRtn;
DWORD dwError;
DWORD dwKeyType;
// DWORD dwSize;
HANDLE hHeap = GetProcessHeap();
LPSTR szStore="MyPkcs7Store";
WCHAR szwStore[260];
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pIssuerCertContext = NULL;
HCERTSTORE hStore = NULL;
HCRYPTPROV hCryptProv = NULL;
PCRYPT_DATA_BLOB KeyId = NULL;
HCRYPTPROV hIssuerProv = 0;
CRYPT_INTEGER_BLOB mem_blob;
while(1)
{
if(!CryptAcquireContext(&hCryptProv, // 返回CSP句柄
szContainer, // 密码容器名
szProvider, // NULL时使用默认CSP名(微软RSA Base Provider)
PROV_RSA_FULL, // CSP类型
0)) // Flag values
{
if(!CryptAcquireContext(&hCryptProv,
szContainer,
szProvider,
PROV_RSA_FULL,
CRYPT_NEWKEYSET)) //创建以UserName为名的密钥容器
{
dwError = GetLastError();
break;
}
}
// Open Certificate Store
if (mbstowcs(szwStore, szStore, strlen(szStore)+1) == (size_t)-1)
{
dwError = GetLastError();
break;
}
hStore = CertOpenStore(CERT_STORE_PROV_MEMORY,//CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
hCryptProv,
CERT_SYSTEM_STORE_CURRENT_USER,
szwStore);
if (!hStore)
{
dwError = GetLastError();
break;
}
// Add User Certificate to store
bRtn = CertAddEncodedCertificateToStore(hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
(BYTE *)pbCert,
cbSize,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bRtn)
{
dwError = GetLastError();
break;
}
pIssuerCertContext = FindCertificate( ISSUERNAME,
szIssuerStore,
CERT_SYSTEM_STORE_LOCAL_MACHINE,
&KeyId,
&hIssuerProv,
&dwKeyType);
if(!pIssuerCertContext)
{
dwError = GetLastError();
break;
}
// Add CA Certificate to store
bRtn = CertAddEncodedCertificateToStore(hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
(BYTE *)pIssuerCertContext->pbCertEncoded,
pIssuerCertContext->cbCertEncoded,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bRtn)
{
dwError = GetLastError();
break;
}
/*
bRtn = CertSaveStore(
hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_FILENAME_A,
"file3.p7b",
0);
nRtn = ReadFromFile(pTmpBuf,pTmpBufLen,"file3.p7b");
if(nRtn < 0)
{
dwError = GetLastError();
break;
}
if((unsigned int)nRtn == pTmpBufLen)
{
dwError = -12342;
break;
}
XFBase64encode(pTmpBuf,nRtn,pbData, FALSE);
*cbData = strlen((char *)pbData);
*/
//write file
//dwSize = WriteToFile(pbData,*cbData,"file4.p7b");
memset(&mem_blob,0,sizeof(mem_blob));
bRtn = CertSaveStore(
hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&mem_blob,//pbData,
0);
if (!bRtn)
{
dwError = GetLastError();
break;
}
mem_blob.pbData = (BYTE *)HeapAlloc(hHeap, 0, mem_blob.cbData);
if(!(mem_blob.pbData))
{
dwError = GetLastError();
return -3002;
}
bRtn = CertSaveStore(
hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&mem_blob,//pbData,
0);
if (!bRtn)
{
dwError = GetLastError();
break;
}
XFBase64encode(mem_blob.pbData,mem_blob.cbData,pbData, FALSE);
*cbData = strlen((char *)pbData);
// WriteToFile(pbData,*cbData,"file4.p7b");
dwError = 0;
break;
} //end while
{
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (pIssuerCertContext) CertFreeCertificateContext(pIssuerCertContext);
if (hStore) CertCloseStore(hStore, 0);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
if (hIssuerProv) CryptReleaseContext(hIssuerProv, 0);
if (KeyId) HeapFree(hHeap, 0, KeyId);
if (mem_blob.pbData) HeapFree(hHeap,0,mem_blob.pbData);
}
return dwError;
}
//生成根证书的p7格式
int GenCAP7()
{
int nRtn=0;
BOOL bRtn;
DWORD dwError;
DWORD dwKeyType;
// DWORD dwSize;
BYTE pbData[5000];
DWORD cbData;
HANDLE hHeap = GetProcessHeap();
LPSTR szStore="CAPkcs7Store";
WCHAR szwStore[260];
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pIssuerCertContext = NULL;
HCERTSTORE hStore = NULL;
HCRYPTPROV hCryptProv = NULL;
PCRYPT_DATA_BLOB KeyId = NULL;
HCRYPTPROV hIssuerProv = 0;
CRYPT_INTEGER_BLOB mem_blob;
while(1)
{
if(!CryptAcquireContext(&hCryptProv, // 返回CSP句柄
szContainer, // 密码容器名
szProvider, // NULL时使用默认CSP名(微软RSA Base Provider)
PROV_RSA_FULL, // CSP类型
0)) // Flag values
{
if(!CryptAcquireContext(&hCryptProv,
szContainer,
szProvider,
PROV_RSA_FULL,
CRYPT_NEWKEYSET)) //创建以UserName为名的密钥容器
{
dwError = GetLastError();
break;
}
}
// Open Certificate Store
if (mbstowcs(szwStore, szStore, strlen(szStore)+1) == (size_t)-1)
{
dwError = GetLastError();
break;
}
hStore = CertOpenStore(CERT_STORE_PROV_MEMORY,//CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
hCryptProv,
CERT_SYSTEM_STORE_CURRENT_USER,
szwStore);
if (!hStore)
{
dwError = GetLastError();
break;
}
/*
// Add User Certificate to store
bRtn = CertAddEncodedCertificateToStore(hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -