http://weng851217.blog.163.com/blog/static/884996120110205622778/
// ============================ 证书管理
// 获取证书名称
void viewCertCN(PCCERT_CONTEXT hCert)
{
TCHAR sName[1024];
DWORD nNameSize = 1000;
DWORD nNameType =0; // CERT_X500_NAME_STR for FULL name, like C=.., O=.., OU=..,CN=,
nNameSize = CertGetNameString(
hCert,
CERT_NAME_SIMPLE_DISPLAY_TYPE, // CERT_NAME_RDN_TYPE for FULL name.
0,
&nNameType,
sName,
nNameSize);
_tprintf(L"CN: %s\n", sName);
}
// 获取证书签发者
void viewCertIS(PCCERT_CONTEXT hCert)
{
TCHAR sName[1024];
DWORD nNameSize = 1000;
DWORD nNameType =0; // CERT_X500_NAME_STR for FULL name, like C=.., O=.., OU=..,CN=,
nNameSize = CertGetNameString(
hCert,
CERT_NAME_SIMPLE_DISPLAY_TYPE, // CERT_NAME_RDN_TYPE for FULL name.
CERT_NAME_ISSUER_FLAG,
&nNameType,
sName,
nNameSize);
_tprintf(L"IS: %s\n", sName);
}
// 获取证书序列号
void viewCertSN(PCCERT_CONTEXT hCert)
{
// 获取解码后的长度
CRYPT_INTEGER_BLOB SerialNumber;
BOOL bRet = FALSE;
bRet = CryptFormatObject(
hCert->dwCertEncodingType,
0,
0,
NULL,
0,
hCert->pCertInfo->SerialNumber.pbData,
hCert->pCertInfo->SerialNumber.cbData,
NULL,
&SerialNumber.cbData);
if(!bRet)
{
CancelByError(L"Get SerialNumber decode length failed!\n");
}
// 分配解码空间
SerialNumber.pbData = (BYTE*) new char[SerialNumber.cbData];
// 获取解码数据
bRet = CryptFormatObject(
hCert->dwCertEncodingType,
0,
0,
NULL,
0,
hCert->pCertInfo->SerialNumber.pbData,
hCert->pCertInfo->SerialNumber.cbData,
SerialNumber.pbData,
&SerialNumber.cbData);
if(!bRet)
{
delete [] SerialNumber.pbData;
CancelByError(L"SerialNumber decode failed!\n");
}
// char* tmpStr =_com_util::ConvertBSTRToString((BSTR)SerialNumber.pbData);
_tprintf(L"SN: %s\n", SerialNumber.pbData);
delete [] SerialNumber.pbData;
// delete [] tmpStr;
}
// 获取证书有效期
void viewCertDate(PCCERT_CONTEXT hCert)
{
CTimedtBefore(hCert->pCertInfo->NotBefore);
CTimedtAfter(hCert->pCertInfo->NotAfter);
_tprintf(L"DT: %s TO %s\n", dtBefore.Format(L"%Y-%m-%d %H:%M:%S"),dtAfter.Format(L"%Y-%m-%d %H:%M:%S"));
}
// 校验证书合法性
void verifyCert(PCCERT_CONTEXT hCert)
{
// 校验证书日期
int nRetCode = CertVerifyTimeValidity(NULL,hCert->pCertInfo);
if(nRetCode < 0)
{
_tprintf(L"Verify cert's date failed: BEFORE date afterTODAY!\n");
}
if(nRetCode > 0)
{
_tprintf(L"Verify cert's date failed: Cert has expired!\n");
}
if(nRetCode == 0)
{
_tprintf(L"Verify cert's date succeed!\n");
}
// 校验签名者证书
HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0,NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"ROOT");
if(hCertStore != NULL)
{
// 2.
DWORD dwFlags = CERT_STORE_SIGNATURE_FLAG;
PCCERT_CONTEXT hIssuserCert =CertGetIssuerCertificateFromStore(hCertStore, hCert, NULL,&dwFlags);
if(hIssuserCert != NULL)
{
BOOL bCheckOK = FALSE;
while(hIssuserCert != NULL)
{
// 校验证书签发者信息合法性
dwFlags = CERT_STORE_SIGNATURE_FLAG;
if(CertVerifySubjectCertificateContext(hCert, hIssuserCert,&dwFlags))
{
if(dwFlags == 0)
{
_tprintf(L"Verify cert by issuser's cert succeed! \n");
bCheckOK = TRUE;
break;
}
}
else
{
_tprintf(L"Verify cert by issuser's cert failed! \n");
break;
}
// Next ..
hIssuserCert = CertGetIssuerCertificateFromStore(hCertStore,hCert, hIssuserCert, &dwFlags);
}
if(!bCheckOK)
{
_tprintf(L"Verify cert by issuser's cert failed! \n");
}
}
else
{
_tprintf(L"Can not find cert issuser's cert!\n");
}
if(hIssuserCert != NULL)
{
CertFreeCertificateContext(hIssuserCert);
hIssuserCert = NULL;
}
}
else
{
_tprintf(L"Open ROOT CertStore failed!\n");
}
if(hCertStore != NULL)
{
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
hCertStore = NULL;
}
// 校验 CRL 列表
// 1.
BYTE* pbCrlData = NULL;
DWORD cbCrlData = 0;
readFile("c:\\cfcaT.crl", NULL, cbCrlData);
if(cbCrlData > 0)
{
pbCrlData = (BYTE*) new char[cbCrlData];
readFile("c:\\cfcaT.crl", pbCrlData, cbCrlData);
}
// 2.转换CRL数据为CRL句柄
PCCRL_CONTEXT hCRL = CertCreateCRLContext(MY_ENCODING_TYPE,pbCrlData, cbCrlData);
delete [] pbCrlData;
if(hCRL != NULL)
{
if(CertIsValidCRLForCertificate(hCert, hCRL, 0, NULL))
{
_tprintf(L"CRL is valid for the cert!\n");
}
else
{
_tprintf(L"CRL is invalid for the cert!!\n");
}
// Step 4: 检查CRL是否包含该证书
PCRL_ENTRY pCrlEntry = NULL;
if(CertFindCertificateInCRL(hCert, hCRL, 0, 0,&pCrlEntry))
{
if(pCrlEntry != NULL)
{
_tprintf(L"Cert has been revoked!\n");
}
else
{
_tprintf(L"Cert not be revoked!\n");
}
}
else
{
_tprintf(L"Find cert in CRL failed!\n");
}
}
else
{
_tprintf(L"Create CRL context failed!\n");
}
if(hCRL != NULL)
{
CertFreeCRLContext(hCRL);
}
}
// ============================ 证书库管理
// 列出证书库证书
void listCerts(HCERTSTORE hCertStore)
{
_tprintf(L"======== L I ST C E RT IN S T O R E========\n");
int nCnt = 0;
PCCERT_CONTEXT hCert = NULL;
while(hCert = CertEnumCertificatesInStore(hCertStore,hCert))
{
viewCertCN(hCert);
viewCertIS(hCert);
viewCertSN(hCert);
viewCertDate(hCert);
verifyCert(hCert);
++ nCnt;
_tprintf(L"-----------------------------\n");
}
_tprintf(L"**** Count: %d \n", nCnt);
// 清理
if(hCert != NULL)
{
CertFreeCertificateContext(hCert);
hCert = NULL;
}
}
// 列出系统证书库证书
void viewSystemCertStore(LPCTSTR storeName)
{
// 打开证书库
HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0,NULL, CERT_SYSTEM_STORE_CURRENT_USER, storeName);
if(hCertStore == NULL)
{
CancelByError(L"Open CertStore failed!\n");
}
listCerts(hCertStore);
// 清理
if(hCertStore != NULL)
{
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
hCertStore = NULL;
}
}
// 文件证书库(CRT/P7B)
void viewCrtCertStore(LPCTSTR crtFileName)
{
// 打开证书库
HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_FILENAME, 0,NULL, 0, crtFileName);
if(hCertStore == NULL)
{
CancelByError(L"Open CertStore failed!\n");
}
listCerts(hCertStore);
// 清理
if(hCertStore != NULL)
{
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
hCertStore = NULL;
}
}
// 证书库文件(PFX)
void viewPfxCertStore(LPCSTR sCertFileName, LPCTSTRsCertPassword)
{
// 读取证书库文件
CRYPT_DATA_BLOB pfxData;
memset(&pfxData, 0, sizeof(pfxData));
readFile(sCertFileName, NULL, pfxData.cbData);
if(pfxData.cbData > 0)
{
pfxData.pbData = (BYTE*) new char[pfxData.cbData];
readFile(sCertFileName, pfxData.pbData, pfxData.cbData);
}
HCERTSTORE hCertStore =PFXImportCertStore(&pfxData, sCertPassword,0);
delete [] pfxData.pbData;
if(hCertStore == NULL)
{
CancelByError(L"Open CertStore failed!\n");
}
// 列出证书
listCerts(hCertStore);
// 清理
if(hCertStore != NULL)
{
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
hCertStore = NULL;
}
}