📄 certcreate.cpp
字号:
(BYTE *)pbCert,
cbSize,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bRtn)
{
dwError = GetLastError();
break;
}
*/
pIssuerCertContext = FindCertificate( ISSUERNAME,
szIssuerStore,
CERT_SYSTEM_STORE_LOCAL_MACHINE,
&KeyId,
&hIssuerProv,
&dwKeyType);
if(!pIssuerCertContext)
{
dwError = GetLastError();
break;
}
// Add CA Certificate to store
bRtn = CertAddEncodedCertificateToStore(hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
(BYTE *)pIssuerCertContext->pbCertEncoded,
pIssuerCertContext->cbCertEncoded,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bRtn)
{
dwError = GetLastError();
break;
}
memset(&mem_blob,0,sizeof(mem_blob));
bRtn = CertSaveStore(
hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&mem_blob,//pbData,
0);
if (!bRtn)
{
dwError = GetLastError();
break;
}
mem_blob.pbData = (BYTE *)HeapAlloc(hHeap, 0, mem_blob.cbData);
if(!(mem_blob.pbData))
{
dwError = GetLastError();
return -3002;
}
bRtn = CertSaveStore(
hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&mem_blob,//pbData,
0);
if (!bRtn)
{
dwError = GetLastError();
break;
}
memset(pbData,0,sizeof(pbData));
XFBase64encode(mem_blob.pbData,mem_blob.cbData,pbData, FALSE);
cbData = strlen((char *)pbData);
WriteToFile(pbData,cbData,"CAcert.p7b");
dwError = 0;
break;
} //end while
{
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (pIssuerCertContext) CertFreeCertificateContext(pIssuerCertContext);
if (hStore) CertCloseStore(hStore, 0);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
if (hIssuerProv) CryptReleaseContext(hIssuerProv, 0);
if (KeyId) HeapFree(hHeap, 0, KeyId);
if (mem_blob.pbData) HeapFree(hHeap,0,mem_blob.pbData);
}
return dwError;
}
int DecryptPwd(char *szPWD, //in,out 用户密码的密文/明文(base64编码)
int *nDataLen,//in,out 数据长度
int nBufLen) //in 缓冲区长度
{
BOOL fResult = FALSE;
HCRYPTPROV hProv = NULL;
HCRYPTKEY hRSAKey = NULL;
char szPWDdecode[1000];
int nLen=0;
if(*nDataLen > 1000)
return -3009;
//DECRYPT PWD
fResult = CryptAcquireContext(&hProv,szContainer,szProvider,PROV_RSA_FULL,0);
if (!fResult)
{
printf("CryptAcquireContext failed with %X\n", GetLastError());
return -3010;
}
fResult = CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hRSAKey);
if (!fResult)
{
printf("CryptGetUserKey failed with %X\n", GetLastError());
return -3011;
}
nLen = *nDataLen;
memset(szPWDdecode,0,sizeof(szPWDdecode));
XFBase64decode((const unsigned char *)szPWD, (unsigned char *)szPWDdecode,(unsigned long &)nLen);
fResult = CryptDecrypt(hRSAKey,0,1,0,(unsigned char *)szPWDdecode,(DWORD *)&nLen);
if (!fResult)
{
printf("CryptDecrypt failed with %X\n", GetLastError());
return -3012;
}
memset(szPWD,0,nBufLen);
//for base64
XFBase64encode((const unsigned char*)szPWDdecode,nLen,(unsigned char *)szPWD,FALSE);
*nDataLen = strlen(szPWD);
//for no base64
/*
memcpy(szPWD,szPWDdecode,nLen);
*nDataLen = nLen;
*/
return 0;
}
int VerifySign(unsigned char * pUserCert, //in 用户证书,base64编码
LPSTR szSign,//in 签名值
LPSTR szRandom) //in 随机数
{
BOOL bRtn;
DWORD dwError=0;
DWORD dwSize;
HANDLE hHeap = GetProcessHeap();
LPSTR szStore="MyVerifyStore";
WCHAR szwStore[260];
PCCERT_CONTEXT pCertContext = NULL;
HCERTSTORE hStore = NULL;
HCRYPTPROV hCryptProv = NULL;
HCRYPTPROV hProv = NULL;
HCRYPTHASH hHash = NULL;
HCRYPTKEY hPubKey = NULL;
unsigned char pbCert[MAXCERTLEN];
DWORD cbSize;
DWORD dwKeySpec = AT_SIGNATURE;
BOOL fFreeProv = TRUE;
ALG_ID HashAlgId = CALG_SHA1;//CALG_MD5;//
unsigned char szSignature[1000];
DWORD dwSignature=1000;
BOOL bSign = FALSE;
while(1)
{
XFBase64decode(pUserCert, pbCert, dwSize);
// Open Certificate Store
cbSize = dwSize;
if (mbstowcs(szwStore, szStore, strlen(szStore)+1) == (size_t)-1)
{
dwError = GetLastError();
break;
}
hStore = CertOpenStore(CERT_STORE_PROV_MEMORY,//CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
szwStore);
if (!hStore)
{
dwError = GetLastError();
break;
}
// Add User Certificate to store
bRtn = CertAddEncodedCertificateToStore(hStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
(BYTE *)pbCert,
cbSize,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bRtn)
{
dwError = GetLastError();
break;
}
//get PUBKEY
bRtn = GetRSAKeyFromCert(pCertContext,
bSign,
&hProv,
&hPubKey,
&dwKeySpec,
&fFreeProv);
if (!bRtn)
{
dwError = -3200;
break;
}
// Create Hash
bRtn = CryptCreateHash(hProv, HashAlgId, 0, 0, &hHash);
if (!bRtn)
{
dwError = GetLastError();
break;
}
//Hash Data
bRtn = CryptHashData(hHash, (const unsigned char *)szRandom, strlen(szRandom), 0);
if (!bRtn)
{
dwError = GetLastError();
break;
}
XFBase64decode((const unsigned char * )szSign, szSignature, dwSignature);
// Verify Signature
bRtn = CryptVerifySignature(hHash, szSignature, dwSignature, hPubKey, NULL, 0);
if (!bRtn)
{
dwError = GetLastError();
break;
}
break;
} //end while
{
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (hStore) CertCloseStore(hStore, 0);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
if (hProv) CryptReleaseContext(hProv, 0);
if (hHash) CryptDestroyHash(hHash);
if (hPubKey) CryptDestroyKey(hPubKey);
}
if(dwError == 0) //验证成功
return 0;
else
return -3201;
}
/*
int GenRSAKEY()
{
int nERR=0;
BOOL bRTN;
HCRYPTPROV hCryptProv = 0;
if(!CryptAcquireContext(&hCryptProv, // 返回CSP句柄
szContainer, // 密码容器名
szProvider, // NULL时使用默认CSP名(微软RSA Base Provider)
PROV_RSA_FULL, // CSP类型
0)) // Flag values
{
if(!CryptAcquireContext(&hCryptProv,
szContainer,
szProvider,
PROV_RSA_FULL,
CRYPT_NEWKEYSET)) //创建以szContainer为名的密钥容器
{
nERR = GetLastError();
return nERR;
}
}
bRTN = CryptGenKey(hCryptProv,
AT_SIGNATURE,
0x04000000,
NULL);
nERR = GetLastError();
if(bRTN)
{
return nERR;
}
bRTN = CryptGenKey(hCryptProv,
AT_KEYEXCHANGE,
0x04000000,
NULL);
nERR = GetLastError();
if(bRTN)
{
return nERR;
}
return 0;
}
*/
//pkcs10len in/out 缓冲区长度/返回数据长度
int CreatePKCS10(char* szX509Name, char* pkcs10str, DWORD* pkcs10len)
{
int nErr = 0;
DWORD cbNameEncoded;
BYTE* pbNameEncoded;
CERT_NAME_BLOB SubjNameBlob;
CERT_REQUEST_INFO CertReqInfo;
HCRYPTPROV hCryptProv;
HCRYPTKEY hPubKey = 0;
DWORD cbPublicKeyInfo;
CERT_PUBLIC_KEY_INFO* pbPublicKeyInfo;
CRYPT_OBJID_BLOB Parameters;
CRYPT_ALGORITHM_IDENTIFIER SigAlg;
DWORD cbEncodedCertReqSize;
BYTE* pbSignedEncodedCertReq;
while(1)
{
if (!CertStrToName(MYCODING_TYPE, szX509Name, CERT_X500_NAME_STR, NULL, NULL, &cbNameEncoded, NULL)) {
nErr = -3301;
break;
}
if(!(pbNameEncoded = (BYTE*)malloc(cbNameEncoded))) {
nErr = -3302;
break;
}
if (!CertStrToName(MYCODING_TYPE, szX509Name, CERT_X500_NAME_STR, NULL, pbNameEncoded, &cbNameEncoded, NULL)) {
free(pbNameEncoded);
nErr = -3303;
break;
}
SubjNameBlob.cbData = cbNameEncoded;
SubjNameBlob.pbData = pbNameEncoded;
CertReqInfo.Subject = SubjNameBlob;
CertReqInfo.cAttribute = 0;
CertReqInfo.rgAttribute = NULL;
CertReqInfo.dwVersion = CERT_REQUEST_V1;
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
szSignContainer, // Use the x509 name.
szProvider, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
0))
{
if (!CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
szSignContainer,//szContainer, // Use the x509 name.
szProvider, // Use the default provider.
PROV_RSA_FULL, // Need to both encrypt and sign.
CRYPT_NEWKEYSET))
{
nErr = -3304;
break;
}
}
// Generate Private/Public key pair
if (!CryptGenKey (hCryptProv, AT_SIGNATURE, CRYPT_EXPORTABLE, &hPubKey)) {
free(pbNameEncoded);
nErr = -3305;
break;
}
if (!CryptGenKey(hCryptProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hPubKey))
{
nErr = -3306;
break;
}
if (!CryptExportPublicKeyInfo(
hCryptProv, // Provider handle
AT_SIGNATURE, // Key spec
MYCODING_TYPE, // Encoding type
NULL, // pbPublicKeyInfo
&cbPublicKeyInfo)) // Size of PublicKeyInfo
{
nErr = -3307;
break;
}
if (!(pbPublicKeyInfo = (CERT_PUBLIC_KEY_INFO*)malloc(cbPublicKeyInfo)))
{
nErr = -3308;
break;
}
if (!CryptExportPublicKeyInfo(
hCryptProv, // Provider handle
AT_SIGNATURE, // Key spec
MYCODING_TYPE, // Encoding type
pbPublicKeyInfo, // pbPublicKeyInfo
&cbPublicKeyInfo)) // Size of PublicKeyInfo
{
nErr = -3309;
break;
}
CertReqInfo.SubjectPublicKeyInfo = *pbPublicKeyInfo;
memset (&Parameters, 0, sizeof(Parameters));
SigAlg.pszObjId = szOID_OIWSEC_sha1RSASign;
SigAlg.Parameters = Parameters;
if (!CryptSignAndEncodeCertificate(
hCryptProv, // Crypto provider
AT_SIGNATURE, // Key spec
MYCODING_TYPE, // Encoding type
X509_CERT_REQUEST_TO_BE_SIGNED, // Structure type
&CertReqInfo, // Structure information
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -