📄 certcreate.cpp
字号:
&SigAlg, // Signature algorithm
NULL, // Not used
NULL, // pbSignedEncodedCertReq
&cbEncodedCertReqSize))
{
nErr = -3310;
break;
}
if (!(pbSignedEncodedCertReq = (BYTE*)malloc(cbEncodedCertReqSize)))
{
nErr = -3311;
break;
}
if (!CryptSignAndEncodeCertificate(
hCryptProv, // Crypto provider
AT_SIGNATURE, // Key spec
MYCODING_TYPE, // Encoding type
X509_CERT_REQUEST_TO_BE_SIGNED, // Struct type
&CertReqInfo, // Struct info
&SigAlg, // Signature algorithm
NULL, // Not used
pbSignedEncodedCertReq, // Pointer
&cbEncodedCertReqSize))
{
nErr = -3312;
break;
}
XFBase64encode (pbSignedEncodedCertReq, cbEncodedCertReqSize,(unsigned char *)pkcs10str,FALSE);
break;
} //end while
if(pbNameEncoded) free (pbNameEncoded);
if(pbPublicKeyInfo) free (pbPublicKeyInfo);
if(pbSignedEncodedCertReq) free (pbSignedEncodedCertReq);
if(hCryptProv) CryptReleaseContext (hCryptProv,0);
*pkcs10len = strlen(pkcs10str);
return 0;
}
int InstallCert (BYTE* pPKS7)
{
int nErr=0;
int i;
HCERTSTORE hStoreHandle; // PKCS#7的证书库
HCERTSTORE hStoreHandle2; // 系统的证书库
PCCERT_CONTEXT certcontext=NULL; // PKCS#7证书库里面的证书context
PCCERT_CONTEXT certcontext2=NULL; // 系统的证书库里面的证书context
PCCERT_CONTEXT exist_certcontext=NULL; // 系统的证书库里面的已存在证书context
WCHAR szwSignStore[260];
BYTE certencode[2000];//(BYTE*)PKS7.String();
DWORD certlen = 0;
memset(certencode,0,sizeof(certencode));
XFBase64decode (pPKS7, certencode,certlen);
CRYPT_DATA_BLOB datablob;
ZeroMemory(&datablob, sizeof(datablob));
datablob.pbData = certencode;
datablob.cbData = certlen;
while(1)
{
if (!( hStoreHandle = CertOpenStore(
CERT_STORE_PROV_PKCS7,
MYCODING_TYPE,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
&datablob)))
{
nErr = -3340;
break;
}
certcontext = CertEnumCertificatesInStore (hStoreHandle, NULL);
if (!certcontext) {
nErr = -3341;
break;
}
// Convert Store string to unicode
i = MultiByteToWideChar(0, 0, szSignStore, -1, szwSignStore, 20);
if (i == 0)
{
nErr = -3342;
break;
}
//open SIGNCERTNAME store
if (!( hStoreHandle2 = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
szwSignStore)))
{
nErr = -3343;
break;
}
//find cert from SIGNCERTNAME store
do
{
exist_certcontext = CertFindCertificateInStore(
hStoreHandle2,
MYCODING_TYPE,
0,
CERT_FIND_ANY,
NULL,
NULL
);
if(exist_certcontext)
{
if(!CertDeleteCertificateFromStore(exist_certcontext))
{
nErr = -3353;
break;
}
}
} while(exist_certcontext != NULL);
if (!CertAddCertificateContextToStore(
hStoreHandle2,
certcontext,
CERT_STORE_ADD_USE_EXISTING,
&certcontext2))
{
return -3343;
break;
}
CRYPT_KEY_PROV_INFO key_info;
ZeroMemory(&key_info, sizeof(key_info));
//key_info.pwszContainerName = W_CONTAINER_NAME_M;
WCHAR szwProvider[260];
WCHAR szwSignContainer[260];
// int i = (int)mbstowcs(szwSignContainer, szSignContainer, (size_t)strlen(szSignContainer));
int i = MultiByteToWideChar(0, 0, szSignContainer, -1, szwSignContainer, 260);
if (i == 0)
{
nErr = -3345;
break;
}
i = MultiByteToWideChar(0, 0, szProvider, -1, szwProvider, 260);
if (i==0)
{
nErr = -3346;
break;
}
key_info.pwszContainerName = szwSignContainer;
key_info.pwszProvName = szwProvider;
key_info.dwProvType = PROV_RSA_FULL;
key_info.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
key_info.dwKeySpec = AT_SIGNATURE;
if (!CertSetCertificateContextProperty (certcontext2,
CERT_KEY_PROV_INFO_PROP_ID,
0,
(LPVOID)&key_info))
{
nErr = -3347;
break;
}
break;
} //end while
if(hStoreHandle) CertCloseStore (hStoreHandle, 0);
if(hStoreHandle2) CertCloseStore (hStoreHandle2, 0);
if(certcontext) CertFreeCertificateContext(certcontext);
if(certcontext2) CertFreeCertificateContext(certcontext2);
if(exist_certcontext) CertFreeCertificateContext(exist_certcontext);
return 0;
}
int GenSignCert()
{
int nRtn=0;
char pkcs10str[2000];
DWORD pkcs10len=2000;
BYTE pbCert[3000];
DWORD cbSize=3000;
BYTE pbData[3000];
DWORD cbData=3000;
memset(pkcs10str,0,sizeof(pkcs10str));
nRtn = CreatePKCS10(SIGNCERTNAME,pkcs10str,&pkcs10len);
if(nRtn != 0 )
return nRtn;
memset(pbCert,0,sizeof(pbCert));
nRtn = SignP10(SIGNCERTSUBJECT, //in 主题名
pkcs10str, //in BASE64编码的pkcs10字符串
5, //in 系列号
120, //in 有效期(现在开始的月数)
pbCert, //out 证书
&cbSize); //in-out pbCert缓冲区长度/证书长度
if(nRtn != 0 )
return nRtn;
memset(pbData,0,sizeof(pbData));
nRtn = GenP7(pbCert, //in 用户证书
cbSize, //in 用户证书长度
pbData, //out base64编码后的p7内容
&cbData); //in/out pbData缓冲区长度/返回长度
if(nRtn != 0 )
return nRtn;
//安装pkcs7证书
nRtn = InstallCert (pbData); //base64编码后的pkcs7证书,安装在CERT_STORE_PROV_SYSTEM,,CERT_SYSTEM_STORE_CURRENT_USER
//SIGNCERTNAME为STORE名
if(nRtn != 0 )
return nRtn;
return 0;
}
int RestoreKey(BYTE* pbKEYBIN,int nKeyLen,char *pKeyPwd,int nKeyFlag)
{
DWORD dwError=0;
BOOL bResult;
HCRYPTPROV hCryptProv = 0;
HCRYPTKEY hPubKey = 0;
HCRYPTKEY hSessionKey = 0;
HCRYPTHASH hHash = 0;
while(1)
{
if(!CryptAcquireContext(&hCryptProv, // 返回CSP句柄
szContainer, // 密码容器名
szProvider, // NULL时使用默认CSP名(微软RSA Base Provider)
PROV_RSA_FULL, // CSP类型
0)) // Flag values
{
if(!CryptAcquireContext(&hCryptProv,
szContainer,
szProvider,
PROV_RSA_FULL,
CRYPT_NEWKEYSET)) //创建以szContainer为名的密钥容器
{
dwError = GetLastError();
break;
}
}
// Create hash
bResult = CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Hash password
bResult = CryptHashData(hHash, (LPBYTE)pKeyPwd, (DWORD)strlen(pKeyPwd), 0);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Derive Session Key from hash
bResult = CryptDeriveKey(hCryptProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hSessionKey);
if (!bResult)
{
dwError = GetLastError();
break;
}
bResult = CryptImportKey(hCryptProv,pbKEYBIN,nKeyLen,hSessionKey,CRYPT_EXPORTABLE,&hPubKey);
if (!bResult)
{
dwError = GetLastError();
break;
}
break;
}//end while
if (hPubKey) CryptDestroyKey(hPubKey);
if (hSessionKey) CryptDestroyKey(hSessionKey);
if (hHash) CryptDestroyHash(hHash);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
return dwError;
}
int RestoreCert(BYTE* pbCERTBIN,int nCertLen)
{
int nRtn = 0;
DWORD dwError=0;
BOOL bResult = FALSE;
DWORD dwSubjectFlags =CERT_SYSTEM_STORE_LOCAL_MACHINE;
WCHAR szwStore[260];
WCHAR szwContainer[260];
WCHAR szwProvider[260];
CRYPT_KEY_PROV_INFO CryptKeyProvInfo;
HCERTSTORE hStore = 0;
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pTmpCertContext = NULL;
while(1)
{
// Convert Store string to unicode
nRtn = MultiByteToWideChar(0, 0, szIssuerStore, -1, szwStore, 260);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Convert Container string to unicode
nRtn = MultiByteToWideChar(0, 0, szContainer, -1, szwContainer, 260);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Convert Provider string to unicode
nRtn = MultiByteToWideChar(0, 0, szProvider, -1, szwProvider, 260);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Delete Certificate store
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
CERT_STORE_DELETE_FLAG, dwSubjectFlags, (LPVOID)szwStore);
// Open Certificate store
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
MYCODING_TYPE,
0, dwSubjectFlags, (LPVOID)szwStore);
if (!hStore)
{
dwError = GetLastError();
break;
}
//find and delete cert from SIGNCERTNAME store
do
{
pTmpCertContext = CertFindCertificateInStore(
hStore,
MYCODING_TYPE,
0,
CERT_FIND_ANY,
NULL,
NULL
);
if(pTmpCertContext)
{
if(!CertDeleteCertificateFromStore(pTmpCertContext))
{
dwError = -3409;
break;
}
}
} while(pTmpCertContext != NULL);
// Place Certificate in store
bResult = CertAddEncodedCertificateToStore(hStore, MYCODING_TYPE,
pbCERTBIN, nCertLen,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bResult)
{
dwError = GetLastError();
break;
}
// Convert container to unicode
nRtn = MultiByteToWideChar(0, 0, szContainer, -1, szwContainer, 160);
if (nRtn == 0)
{
dwError = GetLastError();
break;
}
// Initialize CRYPT_KEY_PROV_INFO structure
ZeroMemory(&CryptKeyProvInfo, sizeof(CryptKeyProvInfo));
CryptKeyProvInfo.pwszContainerName = szwContainer;
CryptKeyProvInfo.pwszProvName = szwProvider;
CryptKeyProvInfo.dwProvType = PROV_RSA_FULL;
CryptKeyProvInfo.dwKeySpec = AT_SIGNATURE;
// Set Certificate's Key Provider info
bResult = CertSetCertificateContextProperty(pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
0, (LPVOID)&CryptKeyProvInfo);
if (!bResult)
{
dwError = GetLastError();
break;
}
break;
}//end while
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (pTmpCertContext) CertFreeCertificateContext(pTmpCertContext);
if (hStore) CertCloseStore(hStore, 0);
return dwError;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -