C语言操作WINDOWS系统存储区数字证书相关函数详解及实例
以下代码使用C++实现遍历存储区证书及使用UI选择一个证书
--使用 CertOpenSystemStore打开证书存储区.
--在循环中,使用CertEnumCertificatesInStore. 枚举所有存储区中的证书.
--使用CryptUIDlgViewContext显示一个证书 .
--使用CertGetNameString取得证书主题名称.
--在循环中,使用 CertEnumCertificateContextProperties 获取与证书关联的所有属性标识.
--使用CertGetCertificateContextProperty 获取每一个标识值.
--使用CryptUIDlgSelectCertificateFromStore以UI的方式列出存储区所有证书并提示用户选择其中一个.
--使用 CertCloseStore关闭存储区.
函数详解
1.CertOpenSystemStore
HCERTSTORE WINAPI CertOpenSystemStore(
__in HCRYPTPROV_LEGACY hprov,//CSP句柄,一般设置为NULL
__in LPTCSTR szSubsystemProtocol//有四种类型,CA:认证机构证书;MY:关联私钥的证书存储区;ROOT:根证书;SPC:Software Publisher Certificate.
);
如果成功此函数函数一个证书存储区的句柄,否则返回NULL,证书存储区被打开后所有标准证书存储函数均可使用,使用完毕后请用CertCloseStore关闭存储区
2.CertEnumCertificatesInStore
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(
__in HCERTSTORE hCertStore,
__in PCCERT_CONTEXT pPrevCertContext
);
hCertStore:存储区句柄
pPrevCertContext:指向先前创立的证书上下文CERT_CONTEXT 结构体,这个参数必须先置为NULL才能获取第一个证书
3.CryptUIDlgViewContext
列出一个证书,CTL或CRL上下文
BOOL WINAPI CryptUIDlgViewContext(
__in DWORD dwContextType,
__in const void pvContext,
__in HWND hwnd,
__in LPCWSTR pwszTitle,
__in DWORD dwFlags,
__in void pvReserved
);
dwContextType :上下文的类型,如下表
Value/Meaning
CERT_STORE_CERTIFICATE_CONTEXT/PCCERT_CONTEXT
CERT_STORE_CRL_CONTEXT/PCCRL_CONTEXT
CERT_STORE_CTL_CONTEXT/PCCTL_CONTEXT
pvContext :指向列出的证书,CTL或CRL上下文的指针
hwnd :窗口显示句柄
pwszTitle :显示标题字符串
dwFlags :一般设置为0
pvReserved :保留
4.CertGetNameString
从一个证书的CERT_CONTEXT 结构体中取得主题或颁发者名称
DWORD WINAPI CertGetNameString(
__in PCCERT_CONTEXT pCertContext,
__in DWORD dwType,
__in DWORD dwFlags,
__in void pvTypePara,
__out LPTSTR pszNameString,
__in DWORD cchNameString
);
dwType :名称的输出格式
CERT_NAME_EMAIL_TYPE:如果证书有主题可选名称扩展或颁发者名称,使用rfc822Name 选项. 如果在扩展里没有发现 rfc822Name 选项,使用该Email OID的主题名
称域 . 如果rfc822Name或the Email OID 均没发现, 使用string. 否则返回空值 (returned character count is 1). pvTypePara 不使用,设置为 NULL.
CERT_NAME_RDN_TYPE:调用CertNameToStr转换主题名称BLOB . pvTypePara points to a DWORD containing the dwStrType passed to CertNameToStr. 如果主
题名称域为空且证书拥有一个主题可选扩展使用来自CertNameToStr的第一个目录名称
CERT_NAME_ATTR_TYPE:例如,如果pvTypePara 值为szOID_COMMON_NAME,使用主题名称成员,如果主题名称成员为空且证书拥有一个可选名称扩展,使用第一个目录名称选项
CERT_NAME_SIMPLE_DISPLAY_TYPE:使用下列顺序szOID_COMMON_NAME, szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, or szOID_RSA_emailAddr如果其中一个属性没有找到,使用主题可选名称扩展,如果这些都不匹配则使用第一个属性
CERT_NAME_FRIENDLY_DISPLAY_TYPE
CERT_NAME_DNS_TYPE
CERT_NAME_URL_TYPE
CERT_NAME_UPN_TYPE
5.CertEnumCertificateContextProperties
DWORD WINAPI CertEnumCertificateContextProperties(
__in PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId//取得第一个属性该值设为0,取得接下来的属性该值为此函数所返回
);
6.CertGetCertificateContextProperty
BOOL WINAPI CertGetCertificateContextProperty(
__in PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId,
__out void pvData,
__inout DWORD pcbData
);
该获取证书属性信息,详细请参考http://msdn.microsoft.com/en-us/library/aa376079(VS.85).aspx
7.CryptUIDlgSelectCertificateFromStore
PCCERT_CONTEXT WINAPI CryptUIDlgSelectCertificateFromStore(
__in HCERTSTORE hCertStore,
__in HWND hwnd,
__in_opt LPCWSTR pwszTitle,
__in_opt LPCWSTR pwszDisplayString,
__in DWORD dwDontUseColumn,
__in DWORD dwFlags,
__in void pvReserved
);
弹出一个对话框,允许用户从指定存储目录中选择一个证书
代码[综合]:VC++6下面调试成功
#i nclude <stdio.h>
#i nclude <windows.h>
#i nclude <wincrypt.h>
#i nclude <cryptuiapi.h>//需要装PLATFORM SDK
#i nclude <tchar.h>
#pragma comment (lib, "crypt32.lib")
#pragma comment (lib, "cryptui.lib")
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char s);
void main(void)
{
HCERTSTORE hCertStore;
PCCERT_CONTEXT pCertContext=NULL;
char pszNameString[256] ;
char pszStoreName[256] = "MY";
DWORD dwPropId = 0;
char thumb[100]="";
char temstring[10];
pCertContext = NULL;
if ( hCertStore = CertOpenSystemStore(
NULL,
pszStoreName))
{
fprintf(stderr,"The s store has been opened. \n", pszStoreName);
}
else
{
MyHandleError("The store was not opened.");
}
//使用CertEnumCertificatesInStore从存储区获取证书,pCertContext必须置为NULL才能找到第一个证书
while(pCertContext= CertEnumCertificatesInStore(
hCertStore,
pCertContext))
{
//打印证书名称
if(CertGetNameString(
pCertContext,
CERT_NAME_RDN_TYPE,
0,
NULL,
pszNameString,
128))
printf("\nCertificate for s \n",pszNameString);
//遍历指定证书所有属性标识
while(dwPropId = CertEnumCertificateContextProperties(
pCertContext, // 所列出的证书属性的上下文
dwPropId)) // dwPropId值必须先置为0
{
//循环开始执行,属性值被找到
printf("Property # d found->", dwPropId);
//-------------------------------------------------------------------
// Indicate the kind of property found.
switch(dwPropId)
{
case CERT_FRIENDLY_NAME_PROP_ID:
{
printf("Display name: ");
break;
}
case CERT_SIGNATURE_HASH_PROP_ID:
{
printf("Signature hash identifier ");
break;
}
case CERT_KEY_PROV_HANDLE_PROP_ID:
{
printf("KEY PROVE HANDLE");
break;
}
case CERT_KEY_PROV_INFO_PROP_ID:
{
printf("KEY PROV INFO PROP ID ");
break;
}
case CERT_SHA1_HASH_PROP_ID:
{
printf("SHA1 HASH identifier");
break;
}
case CERT_MD5_HASH_PROP_ID:
{
printf("md5 hash identifier ");
break;
}
case CERT_KEY_CONTEXT_PROP_ID:
{
printf("KEY CONTEXT PROP identifier");
break;
}
case CERT_KEY_SPEC_PROP_ID:
{
printf("KEY SPEC PROP identifier");
break;
}
case CERT_ENHKEY_USAGE_PROP_ID:
{
printf("ENHKEY USAGE PROP identifier");
break;
}
case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
{
printf("NEXT UPDATE LOCATION PROP identifier");
break;
}
case CERT_PVK_FILE_PROP_ID:
{
printf("PVK FILE PROP identifier ");
break;
}
case CERT_DESCRIPTION_PROP_ID:
{
printf("DESCRIPTION PROP identifier ");
break;
}
case CERT_ACCESS_STATE_PROP_ID:
{
printf("ACCESS STATE PROP identifier ");
break;
}
case CERT_SMART_CARD_DATA_PROP_ID:
{
printf("SMART_CARD DATA PROP identifier ");
break;
}
case CERT_EFS_PROP_ID:
{
printf("EFS PROP identifier ");
break;
}
case CERT_FORTEZZA_DATA_PROP_ID:
{
printf("FORTEZZA DATA PROP identifier ");
break;
}
case CERT_ARCHIVED_PROP_ID:
{
printf("ARCHIVED PROP identifier ");
break;
}
case CERT_KEY_IDENTIFIER_PROP_ID:
{
printf("KEY IDENTIFIER PROP identifier ");
break;
}
case CERT_AUTO_ENROLL_PROP_ID:
{
printf("AUTO ENROLL identifier. ");
break;
}
} // End switch.
printf("\n");
} // End inner while.
} // End outer while.
//-------------------------------------------------------------------
// Select a new certificate by using the user interface.
//使用UI选择一个新证书
if(!(pCertContext = CryptUIDlgSelectCertificateFromStore(
hCertStore,
NULL,
NULL,
NULL,
CRYPTUI_SELECT_LOCATION_COLUMN,
0,
NULL)))
{
MyHandleError("Select UI failed." );
}
else
{
//显示名称
if(CertGetNameString(
pCertContext,
CERT_NAME_RDN_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("\nCertificate for s \n",pszNameString);
LPBYTE pEncodedBytes = NULL;
LPBYTE pHash;
DWORD cbData, i;
pHash = NULL;
cbData = 0;
CertGetCertificateContextProperty(pCertContext, CERT_HASH_PROP_ID, NULL, &cbData);
if (cbData == 0)
{
MyHandleError("CertGetCertificateContextProperty 1 failed");
}
pHash = (LPBYTE)HeapAlloc(GetProcessHeap(), 0, cbData);
if (pHash == NULL)
{
MyHandleError("HeapAlloc failed");
}
if (!CertGetCertificateContextProperty(pCertContext, CERT_HASH_PROP_ID, pHash, &cbData))
{
MyHandleError("CertGetCertificateContextProperty 2 failed");
}
printf("CERT_HASH_PROP_ID Length is d\n", cbData);
for (i = 0; i < cbData; i++)
{
sprintf( temstring,"02x", pHash);
strcat(thumb,temstring);
}
printf("The thumb is s", thumb);
}
else
fprintf(stderr,"CertGetName failed. \n");
}
//-------------------------------------------------------------------
// Clean up.
CertFreeCertificateContext(pCertContext);
CertCloseStore(hCertStore,0);
} // End of main.
void MyHandleError(LPTSTR psz)
{
_ftprintf(stderr, TEXT("An error occurred in the program. \n"));
_ftprintf(stderr, TEXT("s\n"), psz);
_ftprintf(stderr, TEXT("Error number x.\n"), GetLastError());
_ftprintf(stderr, TEXT("Program terminating. \n"));
exit(1);
} // End of MyHandleError.
