📄 createcert.c
字号:
pbKeyUsage, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Set Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbKeyUsage;
// Increase extension count
CertInfo.cExtension++;
if (CertEnhKeyUsage.cUsageIdentifier != 0)
{
// Get Enhanced Key Usage size
bResult = CryptEncodeObject(ENCODING,
X509_ENHANCED_KEY_USAGE,
(LPVOID)&CertEnhKeyUsage,
NULL, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Allocate Memory for Enhanced Key usage Blob
pbEnhKeyUsage = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbEnhKeyUsage)
{
printf("Unable to allocate memory for Subject Key Identifier\n");
__leave;
}
// Get Enhanced Key Usage Extension blob
bResult = CryptEncodeObject(ENCODING,
X509_ENHANCED_KEY_USAGE,
(LPVOID)&CertEnhKeyUsage,
pbEnhKeyUsage, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Set Enhanced Key Usage extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_ENHANCED_KEY_USAGE;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbEnhKeyUsage;
// Increase extension count
CertInfo.cExtension++;
}
// Zero Basic Constraints structure
ZeroMemory(&BasicConstraints, sizeof(BasicConstraints));
// Self-signed is always a CA
if (bSelfSigned)
{
BasicConstraints.fCA = TRUE;
BasicConstraints.fPathLenConstraint = TRUE;
BasicConstraints.dwPathLenConstraint = 1;
}
else
{
BasicConstraints.fCA = bCA;
}
// Get Basic Constraints blob size
bResult = CryptEncodeObject(ENCODING,
X509_BASIC_CONSTRAINTS2,
(LPVOID)&BasicConstraints,
NULL, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Allocate Memory for Basic Constraints Blob
pbBasicConstraints = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbBasicConstraints)
{
printf("Unable to allocate memory for Subject Key Identifier\n");
__leave;
}
// Get Basic Constraints Extension blob
bResult = CryptEncodeObject(ENCODING,
X509_BASIC_CONSTRAINTS2,
(LPVOID)&BasicConstraints,
pbBasicConstraints, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Set Basic Constraints extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_BASIC_CONSTRAINTS2;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbBasicConstraints;
// Increase extension count
CertInfo.cExtension++;
if (bSelfSigned)
{
AuthorityKeyId.KeyId = CertKeyIdentifier;
AuthorityKeyId.CertIssuer = CertInfo.Issuer;
AuthorityKeyId.CertSerialNumber = CertInfo.SerialNumber;
bAddAuthorityExtension = TRUE;
}
else
{
if (KeyId)
{
AuthorityKeyId.KeyId = *KeyId;
AuthorityKeyId.CertIssuer = pIssuerCert->pCertInfo->Issuer;
AuthorityKeyId.CertSerialNumber = pIssuerCert->pCertInfo->SerialNumber;
bAddAuthorityExtension = TRUE;
}
}
if (bAddAuthorityExtension)
{
// Get Authority Key Id blob size
bResult = CryptEncodeObject(ENCODING,
X509_AUTHORITY_KEY_ID,
(LPVOID)&AuthorityKeyId,
NULL, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Allocate Authority Key Id Blob
pbAuthorityKeyId = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbAuthorityKeyId)
{
printf("Unable to allocate memory for Subject Key Identifier\n");
__leave;
}
// Get Authority Key Id blob
bResult = CryptEncodeObject(ENCODING,
X509_AUTHORITY_KEY_ID,
(LPVOID)&AuthorityKeyId,
pbAuthorityKeyId, &dwSize);
if (!bResult)
{
printf("CryptEncodeObject failed with %x\n", GetLastError());
__leave;
}
// Set Authority Key Id extension
CertExtension[CertInfo.cExtension].pszObjId = szOID_AUTHORITY_KEY_IDENTIFIER;
CertExtension[CertInfo.cExtension].fCritical = FALSE;
CertExtension[CertInfo.cExtension].Value.cbData = dwSize;
CertExtension[CertInfo.cExtension].Value.pbData = pbAuthorityKeyId;
// Increase extension count
CertInfo.cExtension++;
}
CertInfo.rgExtension = CertExtension;
if (bSelfSigned)
{
// Get Encoded Certificate Size
bResult = CryptSignAndEncodeCertificate(hProv, dwKeyType,
X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(CertInfo.SignatureAlgorithm),
NULL, NULL, &dwSize);
if (!bResult)
{
printf("CryptSignAndEncodeCertificate failed with %x\n", GetLastError());
__leave;
}
// Allocate memory for encoded certificate
bpEncodedCert = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!bpEncodedCert)
{
printf("Unable to allocate memory for encoded certficate\n");
__leave;
}
// Sign and Encode certificate
bResult = CryptSignAndEncodeCertificate(hProv, dwKeyType,
X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(CertInfo.SignatureAlgorithm),
NULL, bpEncodedCert, &dwSize);
if (!bResult)
{
printf("CryptSignAndEncodeCertificate failed with %x\n", GetLastError());
__leave;
}
}
else
{
// Get Encoded Certificate Size
bResult = CryptSignAndEncodeCertificate(hIssuerProv, dwIssuerKeyType,
X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(pIssuerCert->pCertInfo->SignatureAlgorithm),
NULL, NULL, &dwSize);
if (!bResult)
{
printf("CryptSignAndEncodeCertificate failed with %x\n", GetLastError());
__leave;
}
// Allocate memory for encoded certificate
bpEncodedCert = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!bpEncodedCert)
{
printf("Unable to allocate memory for encoded certficate\n");
__leave;
}
// Sign and Encode certificate
bResult = CryptSignAndEncodeCertificate(hIssuerProv, dwIssuerKeyType,
X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
(LPVOID)&CertInfo,
&(pIssuerCert->pCertInfo->SignatureAlgorithm),
NULL, bpEncodedCert, &dwSize);
if (!bResult)
{
printf("CryptSignAndEncodeCertificate failed with %x\n", GetLastError());
__leave;
}
}
if (bExport)
{
DWORD dwWritten;
// Create Certificate file
hCertFile = CreateFile(szCertFile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hCertFile == INVALID_HANDLE_VALUE)
{
printf("CreateFile failed with %d\n", GetLastError());
__leave;
}
// Write encoded Certificate to file
bResult = WriteFile(hCertFile, (LPVOID)bpEncodedCert, dwSize, &dwWritten, NULL);
if (!bResult)
{
printf("WriteFile failed with %d\n", GetLastError());
__leave;
}
// Destroy previous hash
if (hHash) CryptDestroyHash(hHash);
hHash = 0;
// Create hash
bResult = CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash);
if (!bResult)
{
printf("CryptCreateHash failed with %x\n", GetLastError());
__leave;
}
// Hash password
bResult = CryptHashData(hHash, (LPBYTE)szPassword, (DWORD)strlen(szPassword), 0);
if (!bResult)
{
printf("CryptHashData failed with %x\n", GetLastError());
__leave;
}
// Derive Session Key from hash
bResult = CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hSessionKey);
if (!bResult)
{
printf("CryptDeriveKey failed with %x\n", GetLastError());
__leave;
}
// Get size of exported key blob
bResult = CryptExportKey(hPubKey, hSessionKey, PRIVATEKEYBLOB, 0, NULL, &dwSize);
if (!bResult)
{
printf("CryptExportKey failed with %x\n", GetLastError());
__leave;
}
// Allocate memory for exported key blob
pbExportedKey = (LPBYTE)HeapAlloc(hHeap, 0, dwSize);
if (!pbExportedKey)
{
printf("Unable to allocate memory for exported key\n");
__leave;
}
// Get exported key blob
bResult = CryptExportKey(hPubKey, hSessionKey, PRIVATEKEYBLOB,
0, pbExportedKey, &dwSize);
if (!bResult)
{
printf("CryptExportKey failed with %x\n", GetLastError());
__leave;
}
// Create Exported Key File
hKeyFile = CreateFile(szKeyFile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hKeyFile == INVALID_HANDLE_VALUE)
{
printf("CreateFile failed with %d\n", GetLastError());
__leave;
}
// Write exported key to file
bResult = WriteFile(hKeyFile, (LPVOID)pbExportedKey, dwSize, &dwWritten, NULL);
if (!bResult)
{
printf("WriteFile failed with %d\n", GetLastError());
__leave;
}
// Create new crypto context
bResult = CryptAcquireContext(&hProv,
szContainer,
szProvider,
dwProviderType,
CRYPT_DELETEKEYSET | dwAcquireFlags);
if (!bResult)
{
printf("CryptAcquireContext failed with %x\n", GetLastError());
__leave;
}
bReturn = TRUE;
printf("Certificate and Key information stored to files\n");
}
else
{
WCHAR szwStore[20];
WCHAR szwContainer[160];
WCHAR szwProvider[260];
CRYPT_KEY_PROV_INFO CryptKeyProvInfo;
LPSTR szFile;
int i;
DWORD dwWritten;
if (bSelfSigned)
{
szFile = "SelfSigned.cer";
}
else
{
szFile = "Certificate.cer";
}
// Create Certificate file
hCertFile = CreateFile(szFile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hCertFile == INVALID_HANDLE_VALUE)
{
printf("CreateFile failed with %d\n", GetLastError());
__leave;
}
// Write encoded Certificate to file
bResult = WriteFile(hCertFile, (LPVOID)bpEncodedCert, dwSize, &dwWritten, NULL);
if (!bResult)
{
printf("WriteFile failed with %d\n", GetLastError());
__leave;
}
printf("File called %s has been saved.\n", szFile);
// Convert Store string to unicode
i = MultiByteToWideChar(0, 0, szSubjectStore, -1, szwStore, 20);
if (i == 0)
{
printf("MultiByteToWideChar failed with %d\n", GetLastError());
__leave;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -