📄 createcert.c
字号:
dwSize = GetFileSize(hFile, NULL);
if (dwSize == 0xFFFFFFFF)
{
printf("Unable to get size of certificate file\n");
__leave;
}
// Allocate memory for encoded key
pbEncodedKey = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbEncodedKey)
{
printf("Unable to allocate memory for encoded key\n");
__leave;
}
// Read encoded key data
bResult = ReadFile(hFile,
(LPVOID)pbEncodedKey,
dwSize,
&dwRead,
NULL);
if (!bResult)
{
printf("Unable to read encoded key\n");
__leave;
}
// Close file handle
CloseHandle(hFile);
hFile = INVALID_HANDLE_VALUE;
{
HCRYPTPROV hTemp;
// Create Temporary Provider
bResult = CryptAcquireContext(&hTemp,
NULL,
MS_DEF_PROV,
PROV_RSA_FULL,
CRYPT_NEWKEYSET);
if (!bResult)
{
// If Temporary Provider exists already,
// open it
if (GetLastError() == NTE_EXISTS)
{
bResult = CryptAcquireContext(&hTemp,
NULL,
MS_DEF_PROV,
PROV_RSA_FULL,
0);
if (!bResult)
{
printf("Unable to get temporary provider handle\n");
__leave;
}
}
else
{
printf("Unable to create temporary provider handle\n");
__leave;
}
}
// Place random data in Uuid
// Could have used UuidCreate but it is not supported
// under Win9x.
bResult = CryptGenRandom(hTemp, sizeof(Uuid), (LPBYTE)&Uuid);
if (!bResult)
{
printf("CryptGenRandom failed with %x\n", GetLastError());
__leave;
}
// Close Provider handle
CryptReleaseContext(hTemp, 0);
// Delete Container
CryptAcquireContext(&hTemp,
NULL,
MS_DEF_PROV,
PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
// Create a random uuid
/*Status = UuidCreate(&Uuid);
if (Status != RPC_S_OK)
{
printf("Unable to create random container\n");
__leave;
}*/
// convert random uuid to a string, we will use it as a container
Status = UuidToString(&Uuid, &szContainer);
if (Status != RPC_S_OK)
{
printf("Unable to convert uuid to string\n");
__leave;
}
}
// Create new crypto context
bResult = CryptAcquireContext(&hProv,
szContainer,
szProvider,
dwProviderType,
CRYPT_NEWKEYSET | dwAcquireFlags);
if (!bResult)
{
printf("CryptAcquireContext failed with %x\n", GetLastError());
__leave;
}
// Create Hash to hash password
bResult = CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash);
if (!bResult)
{
printf("CryptCreateHash failed with %x\n", GetLastError());
__leave;
}
// Hash Password
bResult = CryptHashData(hHash, (LPBYTE)szPassword, (DWORD)strlen(szPassword), 0);
if (!bResult)
{
printf("CryptHashData failed with %x\n", GetLastError());
__leave;
}
// Derive Session Key from password hash
bResult = CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey);
if (!bResult)
{
printf("CryptDeriveKey failed with %x\n", GetLastError());
__leave;
}
// Import Private/Public Key into Provider
bResult = CryptImportKey(hProv, pbEncodedKey, dwSize, hKey,
CRYPT_EXPORTABLE, &hPubKey);
if (!bResult)
{
printf("CryptImportKey failed with %x\n", GetLastError());
__leave;
}
// Open Certificate file
hFile = CreateFile(szCertFile,
GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("Unable to open certificate file\n");
__leave;
}
// Get file length
dwSize = GetFileSize(hFile, NULL);
if (dwSize == 0xFFFFFFFF)
{
printf("Unable to get size of certificate file\n");
__leave;
}
// Allocate memory for encoded certificate
pbEncodedCert = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbEncodedCert)
{
printf("Unable to allocate memory for encoded certificate\n");
__leave;
}
// Read encoded certificate data
bResult = ReadFile(hFile,
(LPVOID)pbEncodedCert,
dwSize,
&dwRead,
NULL);
if (!bResult)
{
printf("Unable to read encoded certificate\n");
__leave;
}
// Close file handle
CloseHandle(hFile);
hFile = INVALID_HANDLE_VALUE;
// Convert multibyte store name to wide char string
if (mbstowcs(szwStore, szStore, strlen(szStore)+1) == (size_t)-1)
{
printf("Unable to convert store to Unicode string\n");
__leave;
}
// Open Certificate Store
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
ENCODING,
0,
dwCertOpenFlags,
(LPVOID)szwStore);
if (!hStore)
{
printf("CertOpenStore failed with %x\n", GetLastError());
__leave;
}
// Add Certificate to store
bResult = CertAddEncodedCertificateToStore(hStore,
X509_ASN_ENCODING,
pbEncodedCert,
dwSize,
CERT_STORE_ADD_REPLACE_EXISTING,
&pCertContext);
if (!bResult)
{
printf("CertAddEncodedCertificateToStore failed with %x\n", GetLastError());
__leave;
}
{
WCHAR szwContainer[160];
WCHAR szwProvider[260];
i = (int)mbstowcs(szwContainer, szContainer, (size_t)(sizeof(szContainer)+1));
if (i == 0)
{
printf("MultiByteToWideChar failed with %d\n", GetLastError());
__leave;
}
i = MultiByteToWideChar(0, 0, szProvider, -1, szwProvider, 260);
if (i == 0)
{
printf("MultiByteToWideChar failed with %d\n", GetLastError());
__leave;
}
ZeroMemory(&CertKeyInfo, sizeof(CertKeyInfo));
CertKeyInfo.pwszContainerName = szwContainer;
CertKeyInfo.pwszProvName = szwProvider;
CertKeyInfo.dwProvType = dwProviderType;
bResult = CryptGetKeyParam(hPubKey, KP_ALGID, (LPBYTE)&CertKeyInfo.dwKeySpec,
&dwSize, 0);
if (!bResult)
{
printf("CryptGetKeyParam failed with %x\n", GetLastError());
__leave;
}
// Set Key property for Certificate
bResult = CertSetCertificateContextProperty(pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
0,
(LPVOID)&CertKeyInfo);
if (!bResult)
{
printf("CertSetCertificateContextProperty failed with %x\n", GetLastError());
__leave;
}
}
fReturn = TRUE;
}
_finally
{
// Clean up
if (szContainer) RpcStringFree(&szContainer);
if (hHash) CryptDestroyHash(hHash);
if (hKey) CryptDestroyKey(hKey);
if (hPubKey) CryptDestroyKey(hPubKey);
if (hProv) CryptReleaseContext(hProv, 0);
if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile);
if (pbEncodedCert) HeapFree(hHeap, 0, pbEncodedCert);
if (pbEncodedKey) HeapFree(hHeap, 0, pbEncodedKey);
if (pCertContext) CertFreeCertificateContext(pCertContext);
if (hStore) CertCloseStore(hStore, 0);
}
return fReturn;
}
BOOL CreateCertificate(LPSTR szX509, DWORD dwKeyType,
LPSTR szSigAlg, WORD wMonths,
DWORD dwUsage, BOOL bCA, BOOL bUseProv,
DWORD dwProviderNum, LPSTR szSubjectStore,
BOOL bSubjectUser, BOOL bSelfSigned,
LPSTR szIssuerName, LPSTR szIssuerStore,
BOOL bIssuerUser, BOOL bExport,
LPSTR szCertFile, LPSTR szKeyFile,
LPSTR szPassword)
{
BOOL bReturn = FALSE;
BOOL bResult;
LPBYTE pbNameBlob = NULL;
LPSTR szContainer = NULL;
RPC_STATUS Status;
HCRYPTPROV hProv = 0;
HCRYPTPROV hIssuerProv = 0;
HCRYPTKEY hPubKey = 0;
HCRYPTKEY hSessionKey = 0;
HCRYPTHASH hHash = 0;
HCERTSTORE hStore = 0;
HANDLE hCertFile = INVALID_HANDLE_VALUE;
HANDLE hKeyFile = INVALID_HANDLE_VALUE;
PCRYPT_DATA_BLOB KeyId = NULL;
PCERT_PUBLIC_KEY_INFO PublicKeyInfo = NULL;
PCCERT_CONTEXT pIssuerCert = NULL;
PCCERT_CONTEXT pCertContext = NULL;
LPBYTE pbKeyIdentifier = NULL;
LPBYTE SubjectKeyIdentifier = NULL;
LPBYTE pbKeyUsage = NULL;
LPBYTE pbEnhKeyUsage = NULL;
LPBYTE pbBasicConstraints = NULL;
LPBYTE pbAuthorityKeyId = NULL;
LPBYTE bpEncodedCert = NULL;
LPBYTE pbExportedKey = NULL;
CERT_ENHKEY_USAGE CertEnhKeyUsage = { 0, NULL };
BYTE SerialNumber[8];
CERT_BASIC_CONSTRAINTS2_INFO BasicConstraints;
CERT_AUTHORITY_KEY_ID_INFO AuthorityKeyId;
BYTE ByteData;
CRYPT_BIT_BLOB KeyUsage;
CERT_EXTENSION CertExtension[5];
CRYPT_DATA_BLOB CertKeyIdentifier;
CERT_NAME_BLOB IssuerName;
HANDLE hHeap = GetProcessHeap();
CERT_INFO CertInfo;
DWORD dwSize, m, q;
DWORD dwAcquireFlags, dwIssuerKeyType;
DWORD dwIssuerFlags, dwSubjectFlags;
FILETIME ftTime;
SYSTEMTIME stTime;
CHAR szProvider[260] = { MS_DEF_PROV };
DWORD dwProviderType = PROV_RSA_FULL;
BOOL bAddAuthorityExtension = FALSE;
__try
{
// Enumerate Provider
if (bUseProv)
{
dwSize = 260;
bResult = MyCryptEnumProviders(
dwProviderNum,
NULL,
0,
&dwProviderType,
szProvider,
&dwSize);
if (!bResult)
{
printf("Unable to get provider\n");
__leave;
}
}
if (bSubjectUser)
{
// Certificate will be in the User store and
// key container will be a User container
dwAcquireFlags = 0;
dwSubjectFlags = CERT_SYSTEM_STORE_CURRENT_USER;
}
else
{
// Certificate will be in the Machine store and
// key container will be a Mahince container
dwAcquireFlags = CRYPT_MACHINE_KEYSET;
dwSubjectFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
}
if (bIssuerUser)
{
// Get Issuer Certificate from User store
dwIssuerFlags = CERT_SYSTEM_STORE_CURRENT_USER;
}
else
{
// Get Issuer Certificate from Machine store
dwIssuerFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
}
// Get X509 Name and convert it to a Name Blob
bResult = CertStrToName(X509_ASN_ENCODING,
szX509,
CERT_X500_NAME_STR,
NULL,
NULL,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -