Windows创建个人证书(C++实现,使用 as administrator)

  1 #include "stdio.h"
  2 #include "conio.h"
  3 #include "windows.h"
  4 #include "wincrypt.h"
  5 #include "tchar.h"
  6 
  7 
  8 #pragma comment(lib, "Crypt32.lib")
  9 
 10 
 11 int SelfSignedCertificateTest()
 12 {
 13     // CREATE KEY PAIR FOR SELF-SIGNED CERTIFICATE IN MACHINE PROFILE
 14 
 15     HCRYPTPROV hCryptProv = NULL;
 16     HCRYPTKEY hKey = NULL;
 17 
 18     __try
 19     {
 20         // Acquire key container
 21         _tprintf(_T("CryptAcquireContext... "));
 22         if (!CryptAcquireContext(&hCryptProv, _T("alejacma"), NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
 23         {
 24             // Error
 25             _tprintf(_T("Error 0x%x\n"), GetLastError());
 26 
 27             // Try to create a new key container
 28             _tprintf(_T("CryptAcquireContext... "));
 29             if (!CryptAcquireContext(&hCryptProv, _T("alejacma"), NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
 30             {
 31                 // Error
 32                 _tprintf(_T("Error 0x%x\n"), GetLastError());
 33                 return 0;
 34             }
 35             else
 36             {
 37                 _tprintf(_T("Success\n"));
 38             }
 39         }
 40         else
 41         {
 42             _tprintf(_T("Success\n"));
 43         }
 44 
 45         // Generate new key pair
 46         _tprintf(_T("CryptGenKey... "));
 47         if (!CryptGenKey(hCryptProv, AT_SIGNATURE, 0x08000000 /*RSA-2048-BIT_KEY*/, &hKey))
 48         {
 49             // Error
 50             _tprintf(_T("Error 0x%x\n"), GetLastError());
 51             return 0;
 52         }
 53         else
 54         {
 55             _tprintf(_T("Success\n"));
 56         }
 57     }
 58     __finally
 59     {
 60         // Clean up  
 61 
 62         if (hKey)
 63         {
 64             _tprintf(_T("CryptDestroyKey... "));
 65             CryptDestroyKey(hKey);
 66             _tprintf(_T("Success\n"));
 67         }
 68         if (hCryptProv)
 69         {
 70             _tprintf(_T("CryptReleaseContext... "));
 71             CryptReleaseContext(hCryptProv, 0);
 72             _tprintf(_T("Success\n"));
 73         }
 74     }
 75 
 76     // CREATE SELF-SIGNED CERTIFICATE AND ADD IT TO ROOT STORE IN MACHINE PROFILE
 77 
 78     PCCERT_CONTEXT pCertContext = NULL;
 79     BYTE *pbEncoded = NULL;
 80     HCERTSTORE hStore = NULL;
 81     HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey = NULL;
 82     BOOL fCallerFreeProvOrNCryptKey = FALSE;
 83 
 84     __try
 85     {
 86         // Encode certificate Subject
 87         LPCTSTR pszX500 = _T("CN=Alejacma, T=Test");
 88         DWORD cbEncoded = 0;
 89         _tprintf(_T("CertStrToName... "));
 90         if (!CertStrToName(X509_ASN_ENCODING, pszX500, CERT_X500_NAME_STR, NULL, pbEncoded, &cbEncoded, NULL))
 91         {
 92             // Error
 93             _tprintf(_T("Error 0x%x\n"), GetLastError());
 94             return 0;
 95         }
 96         else
 97         {
 98             _tprintf(_T("Success\n"));
 99         }
100 
101         _tprintf(_T("malloc... "));
102         if (!(pbEncoded = (BYTE *)malloc(cbEncoded)))
103         {
104             // Error
105             _tprintf(_T("Error 0x%x\n"), GetLastError());
106             return 0;
107         }
108         else
109         {
110             _tprintf(_T("Success\n"));
111         }
112 
113         _tprintf(_T("CertStrToName... "));
114         if (!CertStrToName(X509_ASN_ENCODING, pszX500, CERT_X500_NAME_STR, NULL, pbEncoded, &cbEncoded, NULL))
115         {
116             // Error
117             _tprintf(_T("Error 0x%x\n"), GetLastError());
118             return 0;
119         }
120         else
121         {
122             _tprintf(_T("Success\n"));
123         }
124 
125         // Prepare certificate Subject for self-signed certificate
126         CERT_NAME_BLOB SubjectIssuerBlob;
127         memset(&SubjectIssuerBlob, 0, sizeof(SubjectIssuerBlob));
128         SubjectIssuerBlob.cbData = cbEncoded;
129         SubjectIssuerBlob.pbData = pbEncoded;
130 
131         // Prepare key provider structure for self-signed certificate
132         CRYPT_KEY_PROV_INFO KeyProvInfo;
133         memset(&KeyProvInfo, 0, sizeof(KeyProvInfo));
134         const TCHAR* name = _T("alejacma");
135         KeyProvInfo.pwszContainerName = (LPTSTR)name;
136         KeyProvInfo.pwszProvName = NULL;
137         KeyProvInfo.dwProvType = PROV_RSA_FULL;
138         KeyProvInfo.dwFlags = CRYPT_MACHINE_KEYSET;
139         KeyProvInfo.cProvParam = 0;
140         KeyProvInfo.rgProvParam = NULL;
141         KeyProvInfo.dwKeySpec = AT_SIGNATURE;
142 
143         // Prepare algorithm structure for self-signed certificate
144         CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
145         memset(&SignatureAlgorithm, 0, sizeof(SignatureAlgorithm));
146         SignatureAlgorithm.pszObjId = (LPSTR)szOID_RSA_SHA1RSA;
147 
148         // Prepare Expiration date for self-signed certificate
149         SYSTEMTIME EndTime;
150         GetSystemTime(&EndTime);
151         EndTime.wYear += 5;
152 
153         // Create self-signed certificate
154         _tprintf(_T("CertCreateSelfSignCertificate... "));
155         pCertContext = CertCreateSelfSignCertificate(NULL, &SubjectIssuerBlob, 0, &KeyProvInfo, &SignatureAlgorithm, 0, &EndTime, 0);
156         if (!pCertContext)
157         {
158             // Error
159             _tprintf(_T("Error 0x%x\n"), GetLastError());
160             return 0;
161         }
162         else
163         {
164             _tprintf(_T("Success\n"));
165         }
166 
167         // Open Root cert store in machine profile
168         _tprintf(_T("CertOpenStore... "));
169         hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0
170             , CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY");
171         if (!hStore)
172         {
173             // Error
174             _tprintf(_T("Error 0x%x\n"), GetLastError());
175             return 0;
176         }
177         else
178         {
179             _tprintf(_T("Success\n"));
180         }
181 
182         // Add self-signed cert to the store
183         _tprintf(_T("CertAddCertificateContextToStore... "));
184         if (!CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, 0))
185         {
186             // Error
187             _tprintf(_T("Error 0x%x\n"), GetLastError());
188             return 0;
189         }
190         else
191         {
192             _tprintf(_T("Success\n"));
193         }
194 
195         // Just for testing, verify that we can access self-signed cert's private key
196         DWORD dwKeySpec;
197         _tprintf(_T("CryptAcquireCertificatePrivateKey... "));
198         if (!CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL, &hCryptProvOrNCryptKey, &dwKeySpec, &fCallerFreeProvOrNCryptKey))
199         {
200             // Error
201             _tprintf(_T("Error 0x%x\n"), GetLastError());
202             return 0;
203         }
204         else
205         {
206             _tprintf(_T("Success\n"));
207         }
208     }
209     __finally
210     {
211         // Clean up
212 
213         if (!pbEncoded) {
214             _tprintf(_T("free... "));
215             free(pbEncoded);
216             _tprintf(_T("Success\n"));
217         }
218 
219         if (hCryptProvOrNCryptKey)
220         {
221             _tprintf(_T("CryptReleaseContext... "));
222             CryptReleaseContext(hCryptProvOrNCryptKey, 0);
223             _tprintf(_T("Success\n"));
224         }
225 
226         if (pCertContext)
227         {
228             _tprintf(_T("CertFreeCertificateContext... "));
229             CertFreeCertificateContext(pCertContext);
230             _tprintf(_T("Success\n"));
231         }
232 
233         if (hStore)
234         {
235             _tprintf(_T("CertCloseStore... "));
236             CertCloseStore(hStore, 0);
237             _tprintf(_T("Success\n"));
238         }
239     }
240 }
241 
242 int _tmain(int argc, _TCHAR* argv[])
243 {
244     SelfSignedCertificateTest();
245 
246     _tprintf(_T("<< Press any key>>\n"));
247     _getch();
248     return 0;
249 }
上一篇:Windows 端口被占用,但进程号对应的进程不存在,使用Get-Process来查找进程挺方便的


下一篇:Ubuntu关于文件的一些常用命令