2017-07-18 127 views
0

我發現這個問題Converting .PFX to .PEM programmatically? 和我有同樣的問題,從Windows密鑰存儲區以pfx格式編程導出證書和私鑰,並將它們轉換成PEM格式文件/內存。pfx證書轉換爲PEM格式

上面的鏈接似乎做,但沒有真正的信息是怎麼做的,內部鏈接到github上似乎被打破

,因爲它包含證書鏈和OpenSSL庫API用於加載我們不能用PFX格式這種證書鏈只適用於PEM文件。

將pfx文件導入到Windows密鑰存儲區時,將私鑰檢查爲可導出。

我成功導出證書,將其複製到新的內存存儲中,將其導出到內存bolb並以不同格式(base64和binary)保存到文件中 - 請參閱下面的代碼 - 但我不確定它是否正確這樣做,如果所有鏈是出口,我也不知道如何將它轉換爲PEM格式

預先感謝任何幫助的

#pragma comment(lib, "crypt32.lib") 

#include <stdio.h> 
#include <windows.h> 
#include <Wincrypt.h> 
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING) 
void MyHandleError(char *s); 

char *base64_encode(const unsigned char *data, 
        size_t input_length, 
        size_t *output_length); 

void main(void) 
{ 
//------------------------------------------------------------------- 
// Declare and initialize variables. 
HCERTSTORE   hSystemStore; 
HCERTSTORE   hTempStore; 
PCCERT_CONTEXT  pCertContext = NULL; 
char pszStoreName[256] = "root"; 
char    pszNameString[256] = "xyzabcfkjvfkvnrg"; 

//------------------------------------------------------------------- 
// Open a system certificate store. 
if(hSystemStore = CertOpenSystemStore(
    0, 
    pszStoreName)) 
{ 
    printf("The %s system store is open. Continue.\n", pszStoreName); 
} 
else 
{ 
    MyHandleError("The first system store did not open."); 
} 

//------------------------------------------------------------------- 
// Open a temporary certificate store. 
if(hTempStore = CertOpenStore(
    CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0)) 
{ 
    printf("Temp certificate store was created. Continue.\n"); 
} 
else 
{ 
    MyHandleError("The temp store wasn't not created."); 
} 
//------------------------------------------------------------------- 
// Get a certificate that has the desired friendly name. 
if(pCertContext=CertFindCertificateInStore(
     hSystemStore, 
     MY_ENCODING_TYPE,    // Use X509_ASN_ENCODING 
     0,       // No dwFlags needed 
     CERT_NAME_FRIENDLY_DISPLAY_TYPE,  // Find a certificate 
     pszNameString, // The Unicode string to be found 
            // in a certificate's subject 
     NULL))      // NULL for the first call 
{ 
    printf("The %s certificate was found. \n", pszNameString); 
} 
else 
{ 
    MyHandleError("Could not find the %s certificate."); 
} 

//------------------------------------------------------------------ 
// add selected certificate into temporary store in memory 

if(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0)) 
{ 
    printf("The %s certificate was added. \n", pszNameString); 
} 
else 
{ 
    MyHandleError("Could not add %s ce 


#pragma comment(lib, "crypt32.lib") 

#include <stdio.h> 
#include <windows.h> 
#include <Wincrypt.h> 
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING) 
void MyHandleError(char *s); 

char *base64_encode(const unsigned char *data, 
        size_t input_length, 
        size_t *output_length); 

void main(void) 
{ 
//------------------------------------------------------------------- 
// Declare and initialize variables. 
HCERTSTORE   hSystemStore; 
HCERTSTORE   hTempStore; 
PCCERT_CONTEXT  pCertContext = NULL; 
char pszStoreName[256] = "root"; 
char    pszNameString[256] = "xyzabcfkjvfkvnrg"; 

//------------------------------------------------------------------- 
// Open a system certificate store. 
if(hSystemStore = CertOpenSystemStore(
    0, 
    pszStoreName)) 
{ 
    printf("The %s system store is open. Continue.\n", pszStoreName); 
} 
else 
{ 
    MyHandleError("The first system store did not open."); 
} 

//------------------------------------------------------------------- 
// Open a temporary certificate store. 
if(hTempStore = CertOpenStore(
    CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0)) 
{ 
    printf("Temp certificate store was created. Continue.\n"); 
} 
else 
{ 
    MyHandleError("The temp store wasn't not created."); 
} 
//------------------------------------------------------------------- 
// Get a certificate that has the desired friendly name. 
if(pCertContext=CertFindCertificateInStore(
     hSystemStore, 
     MY_ENCODING_TYPE,    // Use X509_ASN_ENCODING 
     0,       // No dwFlags needed 
     CERT_NAME_FRIENDLY_DISPLAY_TYPE,  // Find a certificate 
     pszNameString, // The Unicode string to be found 
            // in a certificate's subject 
     NULL))      // NULL for the first call 
{ 
    printf("The %s certificate was found. \n", pszNameString); 
} 
else 
{ 
    MyHandleError("Could not find the %s certificate."); 
} 

//------------------------------------------------------------------ 
// add selected certificate into temporary store in memory 

if(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0)) 
{ 
    printf("The %s certificate was added. \n", pszNameString); 
} 
else 
{ 
    MyHandleError("Could not add %s certificate."); 
} 

//------------------------------------------------------------------------------ 


CRYPT_DATA_BLOB* db= new (CRYPT_DATA_BLOB); 
LPCWSTR szPassword = NULL; 
db->cbData = 0; 

if((!PFXExportCertStoreEx(
         hTempStore, 
         db, 
         szPassword, 
         0, 
         EXPORT_PRIVATE_KEYS|REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY))&&(GetLastError()==0)) 
{ 
    printf("The %s certificate blob size is %d. \n", pszNameString, db->cbData); 
} 
else 
{ 
    MyHandleError("Could not calculate size of certificate."); 
} 

//------------------------------------------------------- 
// Allocate memory 
if(db->pbData = (BYTE*)malloc(db->cbData+1)) 
{ 
    printf("Memory has been allocated. Continue.\n"); 
} 
else 
{ 
    MyHandleError("The allocation of memory failed."); 
} 

// Export certificate from temporary store to blob 

if(PFXExportCertStoreEx(
         hTempStore, 
         db, 
         szPassword, 
         0, 
         EXPORT_PRIVATE_KEYS|REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY)) 
{ 
    printf("The %s certificate blob was exported %d. \n", pszNameString); 
} 
else 
{ 
    MyHandleError("Could not export certificate."); 
} 


//------------------------------------------------------------------- 
//Write blob to files 

FILE *fp; 
errno_t err; 
if ((err = fopen_s(&fp, "cert_bin.p12", "wb")) != 0) 
    printf("File was not opened\n"); 
else 
    for (int i=0; i<db->cbData; i++) 
    fprintf(fp,"%c", db->pbData + i); 
fclose(fp); 

size_t t; 
char* c = base64_encode(db->pbData, db->cbData, &t); 

if ((err = fopen_s(&fp, "cert_base64.p12", "w")) != 0) 
    printf("File was not opened\n"); 
else 
    fprintf(fp, "%s", c); 
fclose(fp); 

//------------------------------------------------------------------- 
// Free memory. 

//free(pbElement); 
CertCloseStore(hSystemStore,0); 
printf("The program ran without error to the end.\n"); 
} // End of main 

//------------------------------------------------------------------- 
void MyHandleError(char *s) 
{ 
    fprintf(stderr,"An error occurred in running the program. \n"); 
    fprintf(stderr,"%s\n",s); 
    fprintf(stderr, "Error number %x.\n", GetLastError()); 
    fprintf(stderr, "Program terminating. \n"); 
    exit(1); 
} // End of MyHandleError 

回答

0

從WCS這個片斷出口證書鏈,以PFX文件

{ 
    CString errorS = NULL; 
    CString pkcs12File = pszNameString; 
    CString szPassword = L"XXXXXXXXX"; 
    do { 
     //------------------------------------------------------------------- 
     // Declare and initialize variables. 
     HCERTSTORE   hSystemStore = NULL; 
     HCERTSTORE   hTempStore = NULL; 
     PCCERT_CONTEXT  pCertContext = NULL; 

     //------------------------------------------------------------------- 
     // Open a system certificate store. 
     if (!(hSystemStore = CertOpenSystemStore(
      0, 
      (LPCWSTR)pszStoreName))) 
     { 
      errorS = ("system store did not open."); 
      break; 
     } 

     //------------------------------------------------------------------- 
     // Open a temporary certificate store. 
     if (!(hTempStore = CertOpenStore(
      CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0))) 
     { 
      errorS = ("The temp store wasn't created."); 
      break; 
     } 

     //------------------------------------------------------------------- 
     // Get a certificate that has the desired friendly name. 
     if (!(pCertContext = CertFindCertificateInStore(
      hSystemStore, 
      MY_ENCODING_TYPE,    // Use X509_ASN_ENCODING 
      0,       // No dwFlags needed 
      CERT_FIND_SUBJECT_STR,  // Find a certificate 
      pszNameString, // The Unicode string to be found 
      // in a certificate's subject 
      NULL)))      // NULL for the first call 
     { 
      errorS = ("Could not find the certificate . " + pszNameString); 
      break; 
     } 

      //------------------------------------------------------------------- 
      PCCERT_CHAIN_CONTEXT  pChainContext = NULL; 
      CERT_CHAIN_PARA   ChainPara; 
      DWORD     dwFlags = 0; 
      CERT_ENHKEY_USAGE  EnhkeyUsage; 
      CERT_USAGE_MATCH   CertUsage; 

      EnhkeyUsage.cUsageIdentifier = 0; 
      EnhkeyUsage.rgpszUsageIdentifier = NULL; 
      CertUsage.dwType = USAGE_MATCH_TYPE_AND; 
      CertUsage.Usage = EnhkeyUsage; 
      ChainPara.cbSize = sizeof(CERT_CHAIN_PARA); 
      ChainPara.RequestedUsage = CertUsage; 

      if (!CertGetCertificateChain(
       NULL,     // use the default chain engine 
       pCertContext,   // pointer to the end certificate 
       NULL,     // use the default time 
       NULL,     // search no additional stores 
       &ChainPara,   // use AND logic and enhanced key usage 
       // as indicated in the ChainPara 
       // data structure 
       dwFlags, 
       NULL,     // currently reserved 
       &pChainContext))  // return a pointer to the chain created 
      { 
       errorS = ("Could not get certificate chain."); 
       break; 
      } 

     //------------------------------------------------------------------ 
     // add selected certificate into temporary store in memory 
      for (int l_chain = 0; l_chain < (int)(pChainContext->cChain); l_chain++) 
       for (int l_cert = 0; l_cert < (int)(pChainContext->rgpChain[l_chain]->cElement); l_cert++) 
       {   
        pCertContext = (PCCERT_CONTEXT)pChainContext->rgpChain[l_chain]->rgpElement[l_cert]->pCertContext; 
     if (!(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0))) 
     { 
      errorS = ("Could not add certificate."); 
      break; 
     } 
       } 

      CertFreeCertificateChain(pChainContext); 

     //------------------------------------------------------------------------------ 
      // Export certificates chain to memory bolb 

     CRYPT_DATA_BLOB* db = new (CRYPT_DATA_BLOB); 
      LPCWSTR szPassword = L"XXXXXXXXX"; 
     db->cbData = 0; 

      // calculating required memory space 

     if ((PFXExportCertStoreEx(
      hTempStore, 
      db, 
      szPassword, 
      0, 
      EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY)) && (GetLastError() == 0)) 
     { 
      errorS = ("Could not calculate size of certificate."); 
      break; 
     } 

     // Allocate memory 
     if (!(db->pbData = (BYTE*)malloc(db->cbData))) 
     { 
      errorS = ("The allocation of memory failed."); 
      break; 
     } 

     // Export certificate from temporary store to blob 

     if (!PFXExportCertStoreEx(
      hTempStore, 
      db, 
      szPassword, 
      0, 
      EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY)) 
     { 
      errorS = ("Could not export certificate."); 
      break; 
     } 

     //------------------------------------------------------------------- 
     //Write blob to files 

     FILE *fp = NULL; 
     errno_t err; 
     if ((err = fopen_s(&fp, CT2A(pkcs12File), "wb")) != 0) 
     { 
      errorS = ("File was not opened\n"); 
      break; 
     } 
     else 
      fwrite(db->pbData, 1, db->cbData, fp); 
     fclose(fp); 
     //------------------------------------------------------------------- 
     // Free memory. 

     CertCloseStore(hSystemStore, 0); 

     //-------------------------------------------------------------------------- 

    } while (0);