示例 C 程序:序列化证书
以下示例演示如何将 证书上下文 及其属性序列化为可存储在文件中、使用电子邮件发送或传输到其他用户的表单。 该示例还演示如何将序列化的证书更改回证书,并将其添加到证书存储中。 同一过程也适用于使用 CertSerializeCRLStoreElement 和 CertSerializeCTLStoreElement 的 CRL 和 CTL。
此示例演示了以下任务和 CryptoAPI 函数:
- 使用 CertOpenSystemStore 打开系统证书存储。
- 使用 CertOpenStore 打开证书存储。
- 使用 CertEnumCertificatesInStore 从存储中检索证书。
- 使用 CertGetNameString 获取证书使用者的名称。
- 使用 CertSerializeCertificateStoreElement 创建证书上下文及其属性的序列化形式。
- 使用 CertAddSerializedElementToStore 从序列化字符串创建新证书并将其添加到证书存储中。
- 使用 CertAddEncodedCertificateToStore 从现有证书的编码部分创建新证书。
- 使用 CertCloseStore 关闭证书存储。
//------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// Example that uses CertSerializeCertificateStoreElement to
// serialize the data from a certificate,
// and CertAddSerializedElementToStore to add that data as a new
// certificate to a store.
// CertAddEncodeCertificateToStore is also demonstrated.
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE hSystemStore;
HCERTSTORE hFileStore;
PCCERT_CONTEXT pCertContext = NULL;
char pszNameString[256];
BYTE* pbElement;
DWORD cbElement;
//-------------------------------------------------------------------
// Open a system certificate store.
if(hSystemStore = CertOpenSystemStore(
0,
"CA"))
{
printf("The CA system store is open. Continue.\n");
}
else
{
MyHandleError("The first system store did not open.");
}
//-------------------------------------------------------------------
// Open a second store.
// In order to work, a file-based certificate store named
// teststor.sto must be available in the working directory.
if(hFileStore = CertOpenStore(
CERT_STORE_PROV_FILENAME,
MY_ENCODING_TYPE,
NULL,
0,
L"testStor.sto" ))
{
printf("The file store is open. Continue.\n");
}
else
{
MyHandleError("The file store did not open.");
}
//-------------------------------------------------------------------
// Retrieve the first certificate from the Root store.
// CertFindCertificateInStore could be used here to find
// a certificate with a specific property.
if(pCertContext=CertEnumCertificatesInStore(
hSystemStore,
pCertContext))
{
printf("A certificate is available. Continue.\n");
}
else
{
MyHandleError("No certificate available. "
"The store may be empty.");
}
//-------------------------------------------------------------------
// Find and print the name of the subject of the certificate
// just retrieved.
if(CertGetNameString(
pCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("Certificate for %s has been retrieved.\n",
pszNameString);
}
else
{
printf("CertGetName failed. \n");
}
//-------------------------------------------------------------------
// Find out how much memory to allocate for the serialized element.
if(CertSerializeCertificateStoreElement(
pCertContext, // The existing certificate.
0, // Accept default for dwFlags,
NULL, // NULL for the first function call.
&cbElement)) // Address where the length of the
// serialized element will be placed.
{
printf("The length of the serialized string is %d.\n",
cbElement);
}
else
{
MyHandleError("Finding the length of the serialized "
"element failed.");
}
//-------------------------------------------------------------------
// Allocate memory for the serialized element.
if(pbElement = (BYTE*)malloc(cbElement))
{
printf("Memory has been allocated. Continue.\n");
}
else
{
MyHandleError("The allocation of memory failed.");
}
//-------------------------------------------------------------------
// Create the serialized element from a certificate context.
if(CertSerializeCertificateStoreElement(
pCertContext, // The certificate context source for the
// serialized element.
0, // dwFlags. Accept the default.
pbElement, // A pointer to where the new element will
// be stored.
&cbElement)) // The length of the serialized element,
{
printf("The encoded element has been serialized. \n");
}
else
{
MyHandleError("The element could not be serialized.");
}
//-------------------------------------------------------------------
// pbElement could be written to a file or be sent by email
// to another user.
// The following process uses the serialized
// pbElement and its length, cbElement, to
// add a new certificate to a store.
if(CertAddSerializedElementToStore(
hFileStore, // Store where certificate is to be added.
pbElement, // The serialized element for another
// certificate.
cbElement, // The length of pbElement.
CERT_STORE_ADD_REPLACE_EXISTING,
// Flag to indicate what to do if a matching
// certificate is already in the store.
0, // dwFlags. Accept the default.
CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
NULL,
NULL
))
{
printf("The new certificate is added to the second store.\n");
}
else
{
MyHandleError("The new element was not added to a store.");
}
//-------------------------------------------------------------------
// Next, another certificate will be retrieved from the system store
// and its encoded part, pCertContext->pbCertEncoded, will be
// used to create a new certificate to be added to the file store.
if(pCertContext=CertEnumCertificatesInStore(
hSystemStore,
pCertContext))
{
printf("Another certificate is available. Continue.\n");
}
else
{
MyHandleError("No certificate is available. "
"The store may be empty.");
}
//-------------------------------------------------------------------
// Find and print the name of the subject of the certificate
// just retrieved.
if(CertGetNameString(
pCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("Certificate for %s has been retrieved.\n",
pszNameString);
}
else
{
printf("CertGetName failed. \n");
}
//-------------------------------------------------------------------
// Create a new certificate from the encoded portion of pCertContext
// and add it to the file-based store.
if(CertAddEncodedCertificateToStore(
hFileStore,
MY_ENCODING_TYPE,
pCertContext->pbCertEncoded,
pCertContext->cbCertEncoded,
CERT_STORE_ADD_USE_EXISTING,
NULL))
{
printf("Another certificate is added to the file store.\n");
}
else
{
MyHandleError("The new certificate was not added to the "
"file store.");
}
//-------------------------------------------------------------------
// Free memory.
free(pbElement);
CertCloseStore(hSystemStore,0);
CertCloseStore(hFileStore,0);
printf("The program ran without error to the end.\n");
} // End of main
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function, to print an error message to the standard
// error (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of MyHandleError