範例 C 程式:從憑證刪除憑證Microsoft Store
下列範例會列出系統 憑證存放區中的憑證,其中顯示每個憑證的主體名稱,並允許使用者選擇從存放區中刪除任何憑證。 此範例會從使用者取得憑證存放區的名稱,因此可用來維護任何系統憑證存放區的內容。
此範例說明下列工作和 CryptoAPI 函式:
- 使用 CertOpenSystemStore開啟系統憑證存放區。
- 使用 CertEnumCertificatesInStore列出憑證存放區中的憑證。
- 使用 CertGetNameString取得憑證主體的名稱。
- 比較憑證主體的名稱與使用 CertCompareCertificateName之憑證簽發者的名稱。
- 檢查以判斷目前憑證的公開金鑰是否符合使用 CertComparePublicKeyInfo的先前憑證公開金鑰。
- 使用CertDuplicateCertificateCoNtext複製憑證內容的指標。
- 使用CertCompareCertificate比較每個憑證CERT_INFO成員。
- 使用 CertDeleteCertificateFromStore從存放區中刪除憑證。
- 使用 CertCloseStore關閉憑證存放區。
本範例會從使用者取得系統憑證存放區的名稱、開啟該存放區,然後通過該存放區中的憑證。 針對每個憑證,會顯示憑證主體的名稱,並為使用者提供刪除該憑證的選項。
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
void main(void)
{
//-------------------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// Declare and initialize variables.
HANDLE hStoreHandle;
PCCERT_CONTEXT pCertContext=NULL;
PCCERT_CONTEXT pDupCertContext;
PCERT_PUBLIC_KEY_INFO pOldPubKey = NULL;
PCERT_PUBLIC_KEY_INFO pNewPubKey;
char pszStoreName[256];
char pszNameString[256];
char fResponse ='n';
char x;
//-------------------------------------------------------------------
// Get the name of the certificate store to open.
printf("This program maintains the contents of a certificate\n");
printf("store by allowing you to delete any excess certificates\n");
printf("from a store. \n\n");
printf("Please enter the name of the system store to maintain:");
fgets(pszStoreName, 255, stdin);
if (pszStoreName[strlen(pszStoreName) - 1] =='\n')
pszStoreName[strlen(pszStoreName) - 1] = '\0';
printf("Certificates will be deleted from "
"the %s store.\n",pszStoreName);
//-------------------------------------------------------------------
// Open a system certificate store.
if ( hStoreHandle = CertOpenSystemStore(
NULL,
pszStoreName))
{
printf("The %s store has been opened. \n", pszStoreName);
}
else
{
MyHandleError("The store was not opened.");
}
//-------------------------------------------------------------------
// Find the certificates in the system store.
while(pCertContext= CertEnumCertificatesInStore(
hStoreHandle,
pCertContext)) // on the first call to the function,
// this parameter is NULL
// on all subsequent
// calls, it is the last pointer returned by
// the function
{
//-------------------------------------------------------------------
// Get and display the name of the subject of the certificate.
if(CertGetNameString(
pCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
128))
{
printf("\nCertificate for %s \n",pszNameString);
}
else
{
MyHandleError("CertGetName failed.");
}
//-------------------------------------------------------------------
// Check to determine whether the issuer
// and the subject are the same.
if(CertCompareCertificateName(
MY_ENCODING_TYPE,
&(pCertContext->pCertInfo->Issuer),
&(pCertContext->pCertInfo->Subject)))
{
printf("The certificate subject and issuer are the same.\n");
}
else
{
printf("The certificate subject and issuer "
"are not the same.\n");
}
//--------------------------------------------------------------------
// Determine whether this certificate's public key matches
// the public key of the last certificate.
pNewPubKey = &(pCertContext->pCertInfo->SubjectPublicKeyInfo);
if(pOldPubKey)
if(CertComparePublicKeyInfo(
MY_ENCODING_TYPE,
pOldPubKey,
pNewPubKey))
{
printf("The public keys are the same.\n");
}
else
{
printf("This certificate has a different public key.\n");
}
//-------------------------------------------------------------------
// Reset the old key.
pOldPubKey = pNewPubKey;
//-------------------------------------------------------------------
// Determine whether this certificate is to be deleted.
printf("Would you like to delete this certificate? (y/n) ");
fResponse = getchar();
if(fResponse == 'y')
{
//----------------------------------------------------------------
// Create a duplicate pointer to the certificate to be
// deleted. In this way, the original pointer is not freed
// when the certificate is deleted from the store
// and the enumeration of the certificates in the store can
// continue. If the original pointer is used, after the
// certificate is deleted, the enumeration loop stops.
if(pDupCertContext = CertDuplicateCertificateContext(
pCertContext))
{
printf("A duplicate pointer was created. Continue. \n");
}
else
{
MyHandleError("Duplication of the certificate "
"pointer failed.");
}
//-------------------------------------------------------------------
// Compare the pCertInfo members of the two certificates
// to determine whether they are identical.
if(CertCompareCertificate(
X509_ASN_ENCODING,
pDupCertContext->pCertInfo,
pCertContext->pCertInfo))
{
printf("The two certificates are identical. \n");
}
else
{
printf("The two certificates are not identical. \n");
}
//-------------------------------------------------------------------
// Delete the certificate.
if(CertDeleteCertificateFromStore(
pDupCertContext))
{
printf("The certificate has been deleted. Continue. \n");
}
else
{
printf("The deletion of the certificate failed.\n");
}
} // end if
//-------------------------------------------------------------------
// Clear the input buffer.
x = getchar();
} // end while
//-------------------------------------------------------------------
// Clean up.
CertCloseStore(
hStoreHandle,
0);
printf("The program ran to completion successfully. \n");
} // end main
//-------------------------------------------------------------------
// This example uses the function MyHandleError, a simple error
// handling function to print an error message and exit
// the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // end MyHandleError