示例 C 程序:从证书存储中删除证书
以下示例列出了系统 证书存储中的证书,其中显示了每个证书的使用者的名称,并允许用户选择从存储中删除任何证书。 该示例从用户获取证书存储的名称,因此可用于维护任何系统证书存储的内容。
此示例演示了以下任务和 CryptoAPI 函数:
- 使用 CertOpenSystemStore 打开系统证书存储。
- 使用 CertEnumCertificatesInStore 列出证书存储中的证书。
- 使用 CertGetNameString 获取证书的使用者名称。
- 使用 CertCompareCertificateName 将证书的使用者名称与证书颁发者的名称进行比较。
- 使用 CertComparePublicKeyInfo 检查当前证书的公钥是否与以前证书的公钥匹配。
- 使用 CertDuplicateCertificateContext 复制指向证书上下文的指针。
- 使用 CertCompareCertificate 比较每个证书的CERT_INFO成员。
- 使用 CertDeleteCertificateFromStore 从存储中删除证书。
- 使用 CertCloseStore 关闭证书存储。
此示例从用户获取系统证书存储的名称,打开该存储区,并浏览该存储中的证书。 对于每个证书,将显示证书使用者的名称,并向用户提供删除该证书的选项。
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
void main(void)
{
//-------------------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// Declare and initialize variables.
HANDLE hStoreHandle;
PCCERT_CONTEXT pCertContext=NULL;
PCCERT_CONTEXT pDupCertContext;
PCERT_PUBLIC_KEY_INFO pOldPubKey = NULL;
PCERT_PUBLIC_KEY_INFO pNewPubKey;
char pszStoreName[256];
char pszNameString[256];
char fResponse ='n';
char x;
//-------------------------------------------------------------------
// Get the name of the certificate store to open.
printf("This program maintains the contents of a certificate\n");
printf("store by allowing you to delete any excess certificates\n");
printf("from a store. \n\n");
printf("Please enter the name of the system store to maintain:");
fgets(pszStoreName, 255, stdin);
if (pszStoreName[strlen(pszStoreName) - 1] =='\n')
pszStoreName[strlen(pszStoreName) - 1] = '\0';
printf("Certificates will be deleted from "
"the %s store.\n",pszStoreName);
//-------------------------------------------------------------------
// Open a system certificate store.
if ( hStoreHandle = CertOpenSystemStore(
NULL,
pszStoreName))
{
printf("The %s store has been opened. \n", pszStoreName);
}
else
{
MyHandleError("The store was not opened.");
}
//-------------------------------------------------------------------
// Find the certificates in the system store.
while(pCertContext= CertEnumCertificatesInStore(
hStoreHandle,
pCertContext)) // on the first call to the function,
// this parameter is NULL
// on all subsequent
// calls, it is the last pointer returned by
// the function
{
//-------------------------------------------------------------------
// Get and display the name of the subject of the certificate.
if(CertGetNameString(
pCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("\nCertificate for %s \n",pszNameString);
}
else
{
MyHandleError("CertGetName failed.");
}
//-------------------------------------------------------------------
// Check to determine whether the issuer
// and the subject are the same.
if(CertCompareCertificateName(
MY_ENCODING_TYPE,
&(pCertContext->pCertInfo->Issuer),
&(pCertContext->pCertInfo->Subject)))
{
printf("The certificate subject and issuer are the same.\n");
}
else
{
printf("The certificate subject and issuer "
"are not the same.\n");
}
//--------------------------------------------------------------------
// Determine whether this certificate's public key matches
// the public key of the last certificate.
pNewPubKey = &(pCertContext->pCertInfo->SubjectPublicKeyInfo);
if(pOldPubKey)
if(CertComparePublicKeyInfo(
MY_ENCODING_TYPE,
pOldPubKey,
pNewPubKey))
{
printf("The public keys are the same.\n");
}
else
{
printf("This certificate has a different public key.\n");
}
//-------------------------------------------------------------------
// Reset the old key.
pOldPubKey = pNewPubKey;
//-------------------------------------------------------------------
// Determine whether this certificate is to be deleted.
printf("Would you like to delete this certificate? (y/n) ");
fResponse = getchar();
if(fResponse == 'y')
{
//----------------------------------------------------------------
// Create a duplicate pointer to the certificate to be
// deleted. In this way, the original pointer is not freed
// when the certificate is deleted from the store
// and the enumeration of the certificates in the store can
// continue. If the original pointer is used, after the
// certificate is deleted, the enumeration loop stops.
if(pDupCertContext = CertDuplicateCertificateContext(
pCertContext))
{
printf("A duplicate pointer was created. Continue. \n");
}
else
{
MyHandleError("Duplication of the certificate "
"pointer failed.");
}
//-------------------------------------------------------------------
// Compare the pCertInfo members of the two certificates
// to determine whether they are identical.
if(CertCompareCertificate(
X509_ASN_ENCODING,
pDupCertContext->pCertInfo,
pCertContext->pCertInfo))
{
printf("The two certificates are identical. \n");
}
else
{
printf("The two certificates are not identical. \n");
}
//-------------------------------------------------------------------
// Delete the certificate.
if(CertDeleteCertificateFromStore(
pDupCertContext))
{
printf("The certificate has been deleted. Continue. \n");
}
else
{
printf("The deletion of the certificate failed.\n");
}
} // end if
//-------------------------------------------------------------------
// Clear the input buffer.
x = getchar();
} // end while
//-------------------------------------------------------------------
// Clean up.
CertCloseStore(
hStoreHandle,
0);
printf("The program ran to completion successfully. \n");
} // end main
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function to print an error message and exit
// the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // end MyHandleError