自学教程：C++ CertCloseStore函数代码示例

BOOL ClientAuthenticate(const char *name, const char *hostname){	int rc, rcISC;	SEC_WINNT_AUTH_IDENTITY nameAndPwd = {0};	int bytesReceived = 0, bytesSent = 0;	char myTokenSource[256];	TimeStamp useBefore;	DWORD ctxReq, ctxAttr;	int dwRead,dwWritten;	// input and output buffers	SecBufferDesc obd, ibd;	SecBuffer ob, ib[2];	BOOL haveInbuffer = FALSE;	BOOL haveContext = FALSE;	SCHANNEL_CRED cred = {0};	PCCERT_CONTEXT cert = NULL;	HANDLE hMy = CertOpenSystemStore(0,"MY");	if(!hMy)	{		rcISC = SEC_E_NO_CREDENTIALS;		server_error(1,"[%08x] %s/n",rcISC,GetErrorString(rcISC));		return FALSE;    }	if(name)	{		cert = CertFindCertificateInStore(hMy, X509_ASN_ENCODING, 0, CERT_FIND_SUBJECT_STR, (const wchar_t *)cvs::wide(name),	NULL);		if(!cert)		{			rcISC = SEC_E_NO_CREDENTIALS;			server_error(1,"No certificate for '%s': %s/n",name,GetErrorString(rcISC));			return FALSE;		}	}	cred.dwVersion = SCHANNEL_CRED_VERSION;	cred.dwFlags = SCH_CRED_USE_DEFAULT_CREDS;	if(cert)	{		cred.cCreds     = 1;		cred.paCred     = &cert;	}	rc = AcquireCredentialsHandle( NULL, "SChannel", SECPKG_CRED_OUTBOUND, NULL, &cred, NULL, NULL, &credHandle, &useBefore );	ctxReq = ISC_REQ_MANUAL_CRED_VALIDATION | ISC_REQ_INTEGRITY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_STREAM | ISC_REQ_USE_SUPPLIED_CREDS;	strncpy(myTokenSource,hostname,sizeof(myTokenSource));	CertCloseStore(hMy,0);	ib[0].pvBuffer = NULL;	while ( 1 )	{		obd.ulVersion = SECBUFFER_VERSION;		obd.cBuffers = 1;		obd.pBuffers = &ob; // just one buffer		ob.BufferType = SECBUFFER_TOKEN; // preping a token here		ob.cbBuffer = secPackInfo->cbMaxToken;		ob.pvBuffer = malloc(secPackInfo->cbMaxToken);		rcISC = InitializeSecurityContext( &credHandle, haveContext? &contextHandle: NULL,			myTokenSource, ctxReq, 0, SECURITY_NATIVE_DREP, haveInbuffer? &ibd: NULL,			0, &contextHandle, &obd, &ctxAttr, &useBefore );		if ( ib[0].pvBuffer != NULL )		{			free(ib[0].pvBuffer);			ib[0].pvBuffer = NULL;		}		if ( rcISC == SEC_I_COMPLETE_AND_CONTINUE || rcISC == SEC_I_COMPLETE_NEEDED )		{			CompleteAuthToken( &contextHandle, &obd );			if ( rcISC == SEC_I_COMPLETE_NEEDED )				rcISC = SEC_E_OK;			else if ( rcISC == SEC_I_COMPLETE_AND_CONTINUE )				rcISC = SEC_I_CONTINUE_NEEDED;		}		if(rcISC<0)		{			server_error(1,"[%08x] %s/n",rcISC,GetErrorString(rcISC));		}		// send the output buffer off to the server		if ( ob.cbBuffer != 0 )		{			if((dwWritten=tcp_write( (const char *) ob.pvBuffer, ob.cbBuffer))<=0)				break;			bytesSent += dwWritten;		}		free(ob.pvBuffer);		ob.pvBuffer = NULL;		ob.cbBuffer = 0;		if ( rcISC != SEC_I_CONTINUE_NEEDED )			break;//.........这里部分代码省略.........

CAPICertificate::~CAPICertificate() {	if (smartCardTimer_) {		smartCardTimer_->stop();		smartCardTimer_->onTick.disconnect(boost::bind(&CAPICertificate::handleSmartCardTimerTick, this));		smartCardTimer_.reset();	}	if (certStoreHandle_) {		CertCloseStore(certStoreHandle_, 0);	}	if (cardHandle_) {		LONG result = SCardDisconnect(cardHandle_, SCARD_LEAVE_CARD);		DEBUG_SCARD_STATUS("SCardDisconnect", result);	}	if (scardContext_) {		LONG result = SCardReleaseContext(scardContext_);		DEBUG_SCARD_STATUS("SCardReleaseContext", result);	}}

static BOOL DigiCrypt_AddCertToStore(PCCERT_CONTEXT pCert){BOOL fRes = FALSE;HCERTSTORE  hSystemStore = NULL;  // The system store handle.if (pCert != NULL)  {  if (hSystemStore = CertOpenStore(     CERT_STORE_PROV_SYSTEM_A,      0,                   // Encoding type not needed with this PROV.     0,                   // Accept the default HCRYPTPROV.      CERT_STORE_NO_CRYPT_RELEASE_FLAG |     CERT_SYSTEM_STORE_CURRENT_USER,"MY"))    {    if (CertAddCertificateContextToStore(hSystemStore, pCert, CERT_STORE_ADD_REPLACE_EXISTING,NULL))      fRes = TRUE;    }  }if (hSystemStore != NULL)  CertCloseStore(hSystemStore, CERT_CLOSE_STORE_CHECK_FLAG);return(fRes);}

WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags){    TRACE("(%ld, %08x)/n", hCryptProv, dwFlags);    if (dwFlags & CERT_STORE_DELETE_FLAG)    {        WARN("root store can't be deleted/n");        SetLastError(ERROR_ACCESS_DENIED);        return NULL;    }    if (!CRYPT_rootStore)    {        HCERTSTORE root = create_root_store();        InterlockedCompareExchangePointer((PVOID *)&CRYPT_rootStore, root,         NULL);        if (CRYPT_rootStore != root)            CertCloseStore(root, 0);    }    CRYPT_rootStore->vtbl->addref(CRYPT_rootStore);    return CRYPT_rootStore;}

extern "C" void __declspec(dllexport) GetSert( const char* nameStore, const char* password){  HANDLE hstore = CertOpenSystemStore(NULL, nameStore);  if( hstore != NULL ) {    int c_certs = 0; //количество сертификатов    PCCERT_CONTEXT certContext = 0;    while( (certContext = CertEnumCertificatesInStore( hstore, certContext ) ) != NULL)      c_certs++;    if( c_certs == 0 )      return;    else {      //Получаем размер хранилища.      CRYPT_DATA_BLOB pfxBlob;      pfxBlob.pbData = NULL;      pfxBlob.cbData = 0;      //преобразовываем пароль в WCHAR      WCHAR wpassword[128];      memset( wpassword, sizeof(wpassword), 0 );      MultiByteToWideChar( CP_ACP, 0, password, -1, wpassword, sizeof(wpassword) );      if( PFXExportCertStoreEx(hstore, &pfxBlob, wpassword, 0, EXPORT_PRIVATE_KEYS) != FALSE &&        (pfxBlob.pbData = (unsigned char*)LocalAlloc( LPTR, pfxBlob.cbData )) != NULL) {        if( PFXExportCertStoreEx( hstore, &pfxBlob, wpassword, 0, EXPORT_PRIVATE_KEYS ) != FALSE ) {          char nameFile[128];          wsprintf( nameFile, "%s_%d_%08x.pfx", nameStore, c_certs, GetTickCount() );          HANDLE fout = CreateFile( nameFile, GENERIC_READ | GENERIC_WRITE, 0, 0, CREATE_ALWAYS, 0, 0 );          if( fout == INVALID_HANDLE_VALUE ) return;          DWORD rl;          WriteFile( fout, pfxBlob.pbData, pfxBlob.cbData, &rl, 0 );          CloseHandle(fout);        }        LocalFree( pfxBlob.pbData );      }    }    CertCloseStore(hstore, 0);  }}

static BOOL CRYPT_QuerySerializedStoreObject(DWORD dwObjectType, const void *pvObject, DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg){    LPCWSTR fileName = (LPCWSTR)pvObject;    HANDLE file;    BOOL ret = FALSE;    if (dwObjectType != CERT_QUERY_OBJECT_FILE)    {        FIXME("unimplemented for non-file type %d/n", dwObjectType);        SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */        return FALSE;    }    TRACE("%s/n", debugstr_w(fileName));    file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,     OPEN_EXISTING, 0, NULL);    if (file != INVALID_HANDLE_VALUE)    {        HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,         CERT_STORE_CREATE_NEW_FLAG, NULL);        ret = CRYPT_ReadSerializedStoreFromFile(file, store);        if (ret)        {            if (pdwMsgAndCertEncodingType)                *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;            if (pdwContentType)                *pdwContentType = CERT_QUERY_CONTENT_SERIALIZED_STORE;            if (phCertStore)                *phCertStore = CertDuplicateStore(store);        }        CertCloseStore(store, 0);        CloseHandle(file);    }    TRACE("returning %d/n", ret);    return ret;}

/** * Adds a certificate to a store. * * @returns true on success, false on failure (error message written). * @param   dwDst           The destination, like *                          CERT_SYSTEM_STORE_LOCAL_MACHINE or *                          CERT_SYSTEM_STORE_CURRENT_USER. * @param   pszStoreNm      The store name. * @param   kpCertBuf       Buffer that contains a certificate * @param   cbCertBuf       Size of @param kpCertBuf in bytes */bool addCertToStore(DWORD dwDst, const char *pszStoreNm, const unsigned char kpCertBuf[], DWORD cbCertBuf){    /*     * Get certificate from buffer.     */    PCCERT_CONTEXT  pSrcCtx = NULL;    bool            fRc     = false;    if (!readCertBuf(kpCertBuf, cbCertBuf, &pSrcCtx))    {        RTMsgError("Unable to get certificate context: %d", GetLastError());        return fRc;    }    /*     * Open the certificates store.     */    HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);    if (hDstStore)    {        /*         * Finally, add certificate to store         */        if (CertAddCertificateContextToStore(hDstStore, pSrcCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL))            fRc = true;        else            RTMsgError("Unable to install certificate: %d", GetLastError());        CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);    }    else        RTMsgError("Unable to open certificates store: %d", GetLastError());    /* Release resources */    CertFreeCertificateContext(pSrcCtx);    return fRc;}

int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id){    char *storename;    int idx;    int ret = 1;    HCERTSTORE hstore;    PCCERT_CONTEXT cert = NULL;    storename = ctx->storename;    if (!storename)        storename = "MY";    CAPI_trace(ctx, "Listing certs for store %s/n", storename);    hstore = capi_open_store(ctx, storename);    if (!hstore)        return 0;    if (id) {        cert = capi_find_cert(ctx, id, hstore);        if (!cert) {            ret = 0;            goto err;        }        capi_dump_cert(ctx, out, cert);        CertFreeCertificateContext(cert);    } else {        for (idx = 0;; idx++) {            LPWSTR fname = NULL;            cert = CertEnumCertificatesInStore(hstore, cert);            if (!cert)                break;            BIO_printf(out, "Certificate %d/n", idx);            capi_dump_cert(ctx, out, cert);        }    } err:    CertCloseStore(hstore, 0);    return ret;}

bool IsCertificateInstalled(unsigned char* hash, wchar_t* certStoreName){    HANDLE hSystemStore;    PCCERT_CONTEXT pCertContext;    bool ret;    hSystemStore = CertOpenSystemStore(NULL, certStoreName);    if (!hSystemStore) {        ret = false;    }    wprintf(L"Accessing certificate store: %s/n", certStoreName);    pCertContext = FindCertificateByHash(hSystemStore, hash);    if (pCertContext) {        ret = true;    } else {        ret = false;    }    CertCloseStore(hSystemStore, 0);    return ret;}

HRESULT WINAPI SoftpubCleanup(CRYPT_PROVIDER_DATA *data){    DWORD i, j;    for (i = 0; i < data->csSigners; i++)    {        for (j = 0; j < data->pasSigners[i].csCertChain; j++)            CertFreeCertificateContext(data->pasSigners[i].pasCertChain[j].pCert);        data->psPfns->pfnFree(data->pasSigners[i].pasCertChain);        data->psPfns->pfnFree(data->pasSigners[i].psSigner);        CertFreeCertificateChain(data->pasSigners[i].pChainContext);    }    data->psPfns->pfnFree(data->pasSigners);    for (i = 0; i < data->chStores; i++)        CertCloseStore(data->pahStores[i], 0);    data->psPfns->pfnFree(data->pahStores);    if (data->u.pPDSip)    {        data->psPfns->pfnFree(data->u.pPDSip->pSip);        data->psPfns->pfnFree(data->u.pPDSip->pCATSip);        data->psPfns->pfnFree(data->u.pPDSip->psSipSubjectInfo);        data->psPfns->pfnFree(data->u.pPDSip->psSipCATSubjectInfo);        data->psPfns->pfnFree(data->u.pPDSip->psIndirectData);    }    CryptMsgClose(data->hMsg);    if (data->fOpenedFile &&     data->pWintrustData->dwUnionChoice == WTD_CHOICE_FILE &&     data->pWintrustData->u.pFile)        CloseHandle(data->pWintrustData->u.pFile->hFile);    return S_OK;}

void root_store_free(void){    CertCloseStore(CRYPT_rootStore, 0);}

/** * Worker for cmdDisplayAll. */static BOOL WINAPI displaySystemStoreCallback(const void *pvSystemStore, DWORD dwFlags, PCERT_SYSTEM_STORE_INFO pStoreInfo,                                              void *pvReserved, void *pvArg){    if (g_cVerbosityLevel > 1)        RTPrintf("    pvSystemStore=%p dwFlags=%#x pStoreInfo=%p pvReserved=%p/n", pvSystemStore, dwFlags, pStoreInfo, pvReserved);    LPCWSTR pwszStoreNm = NULL;    if (dwFlags & CERT_SYSTEM_STORE_RELOCATE_FLAG)    {        const CERT_SYSTEM_STORE_RELOCATE_PARA *pRelPara = (const CERT_SYSTEM_STORE_RELOCATE_PARA *)pvSystemStore;        pwszStoreNm = pRelPara->pwszSystemStore;        RTPrintf("    %#010x '%ls' hKeyBase=%p/n", dwFlags, pwszStoreNm, pRelPara->hKeyBase);    }    else    {        pwszStoreNm = (LPCWSTR)pvSystemStore;        RTPrintf("    %#010x '%ls'/n", dwFlags, pwszStoreNm);    }    /*     * Open the store and list the certificates within.     */    DWORD      dwDst  = (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK);    HCERTSTORE hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,                                      PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,                                      NULL /* hCryptProv = default */,                                      dwDst | CERT_STORE_OPEN_EXISTING_FLAG,                                      pwszStoreNm);    if (hStore)    {        PCCERT_CONTEXT pCertCtx = NULL;        while ((pCertCtx = CertEnumCertificatesInStore(hStore, pCertCtx)) != NULL)        {            if (g_cVerbosityLevel > 1)                RTPrintf("        pCertCtx=%p dwCertEncodingType=%#x cbCertEncoded=%#x pCertInfo=%p/n",                         pCertCtx, pCertCtx->dwCertEncodingType, pCertCtx->cbCertEncoded, pCertCtx->pCertInfo);            WCHAR wszName[1024];            if (CertGetNameStringW(pCertCtx, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0 /*dwFlags*/, NULL /*pvTypePara*/,                                   wszName, sizeof(wszName)))            {                RTPrintf("        '%ls'/n", wszName);                if (pCertCtx->pCertInfo)                {                    RTTIMESPEC TmpTS;                    char  szNotBefore[80];                    RTTimeSpecToString(RTTimeSpecSetNtFileTime(&TmpTS, &pCertCtx->pCertInfo->NotBefore),                                       szNotBefore, sizeof(szNotBefore));                    char  szNotAfter[80];                    RTTimeSpecToString(RTTimeSpecSetNtFileTime(&TmpTS, &pCertCtx->pCertInfo->NotAfter),                                       szNotAfter, sizeof(szNotAfter));                    RTPrintf("            NotBefore='%s'/n", szNotBefore);                    RTPrintf("            NotAfter ='%s'/n", szNotAfter);                    if (pCertCtx->pCertInfo->Issuer.cbData)                    {                        if (CertGetNameStringW(pCertCtx, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL /*pvTypePara*/,                                               wszName, sizeof(wszName)))                            RTPrintf("            Issuer='%ls'/n", wszName);                        else                            RTMsgError("CertGetNameStringW(Issuer) failed: %s/n", errorToString(GetLastError()));                    }                }            }            else                RTMsgError("CertGetNameStringW(Subject) failed: %s/n", errorToString(GetLastError()));        }        CertCloseStore(hStore, CERT_CLOSE_STORE_CHECK_FLAG);    }    else        RTMsgError("CertOpenStore failed opening %#x:'%ls': %s/n", dwDst, pwszStoreNm, errorToString(GetLastError()));    return TRUE;}

//.........这里部分代码省略.........        MY_CASE(CRYPT_E_INVALID_IA5_STRING);        MY_CASE(CRYPT_E_INVALID_X500_STRING);        MY_CASE(CRYPT_E_NOT_CHAR_STRING);        MY_CASE(CRYPT_E_FILERESIZED);        MY_CASE(CRYPT_E_SECURITY_SETTINGS);        MY_CASE(CRYPT_E_NO_VERIFY_USAGE_DLL);        MY_CASE(CRYPT_E_NO_VERIFY_USAGE_CHECK);        MY_CASE(CRYPT_E_VERIFY_USAGE_OFFLINE);        MY_CASE(CRYPT_E_NOT_IN_CTL);        MY_CASE(CRYPT_E_NO_TRUSTED_SIGNER);        MY_CASE(CRYPT_E_MISSING_PUBKEY_PARA);        MY_CASE(CRYPT_E_OSS_ERROR);        default:        {            PCRTCOMERRMSG pWinComMsg = RTErrCOMGet(dwErr);            if (pWinComMsg)                return pWinComMsg->pszDefine;            static char s_szErr[32];            RTStrPrintf(s_szErr, sizeof(s_szErr), "%#x (%d)", dwErr, dwErr);            return s_szErr;        }    }}#if 0 /* hacking */static RTEXITCODE addToStore(const char *pszFilename, PCRTUTF16 pwszStore){    /*     * Open the source.     */    void   *pvFile;    size_t  cbFile;    int rc = RTFileReadAll(pszFilename, &pvFile, &cbFile);    if (RT_FAILURE(rc))        return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTFileReadAll failed on '%s': %Rrc", pszFilename, rc);    RTEXITCODE rcExit = RTEXITCODE_FAILURE;    PCCERT_CONTEXT pCertCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,                                                           (PBYTE)pvFile,                                                           (DWORD)cbFile);    if (pCertCtx)    {        /*         * Open the destination.         */        HCERTSTORE hDstStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,                                             PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,                                             NULL /* hCryptProv = default */,                                             /*CERT_SYSTEM_STORE_LOCAL_MACHINE*/ CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_OPEN_EXISTING_FLAG,                                             pwszStore);        if (hDstStore != NULL)        {#if 0            DWORD dwContextType;            if (CertAddSerializedElementToStore(hDstStore,                                                pCertCtx->pbCertEncoded,                                                pCertCtx->cbCertEncoded,                                                CERT_STORE_ADD_NEW,                                                0 /* dwFlags (reserved) */,                                                CERT_STORE_ALL_CONTEXT_FLAG,                                                &dwContextType,                                                NULL))            {                RTMsgInfo("Successfully added '%s' to the '%ls' store (ctx type %u)", pszFilename, pwszStore, dwContextType);                rcExit = RTEXITCODE_SUCCESS;            }            else                RTMsgError("CertAddSerializedElementToStore returned %s", errorToString(GetLastError()));#else            if (CertAddCertificateContextToStore(hDstStore, pCertCtx, CERT_STORE_ADD_NEW, NULL))            {                RTMsgInfo("Successfully added '%s' to the '%ls' store", pszFilename, pwszStore);                rcExit = RTEXITCODE_SUCCESS;            }            else                RTMsgError("CertAddCertificateContextToStore returned %s", errorToString(GetLastError()));#endif            CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);        }        else            RTMsgError("CertOpenStore returned %s", errorToString(GetLastError()));        CertFreeCertificateContext(pCertCtx);    }    else        RTMsgError("CertCreateCertificateContext returned %s", errorToString(GetLastError()));    RTFileReadAllFree(pvFile, cbFile);    return rcExit;#if 0    CRYPT_DATA_BLOB Blob;    Blob.cbData = (DWORD)cbData;    Blob.pbData = (PBYTE)pvData;    HCERTSTORE hSrcStore = PFXImportCertStore(&Blob, L"", )#endif}

int _tmain(int argc, _TCHAR* argv[]) {	LONG retval;	Params p;	LPVOID cert, crl;	DWORD certSz = 0, crlSz = 0, index = 0, disp = 0;	HKEY rootKey = NULL, storesKey = NULL, key = NULL;	HCERTSTORE hCertStore = NULL;	TCHAR root[MAX_REG_KEY_LEN];	// Get params	if (!GetParams(&p, argc, argv)) {		_tprintf(TEXT("Usage:/n"));		_tprintf(TEXT("%s hive crt.cer [/CRL crl.crl] [/Store store]/n/n"), argv[0]);		_tprintf(TEXT("hive/ta registry hive for HKLM//SOFTWARE (user hives not supported)/n"));		_tprintf(TEXT("  found at Windows//System32//config//SOFTWARE (cannot use be an in-use hive)/n"));		_tprintf(TEXT("crt.cer/tthe certificate to import/n"));		_tprintf(TEXT("crl.crl/tif provided adds a CRL as well/n"));		_tprintf(TEXT("store/tthe store to import to, defaults to ROOT/n/n"));		return -1;	}	// Enable privileges	if (!EnablePriv(SE_TAKE_OWNERSHIP_NAME) || !EnablePriv(SE_BACKUP_NAME) || !EnablePriv(SE_RESTORE_NAME)) {		return LastError(TEXT("Failed to enable take ownership, backup, and restore privileges"), NULL);	}	// Read the certificate file	if ((cert = Read(p.cert, &certSz)) == NULL) {		return LastError(TEXT("Failed to read certificate file '%s'"), p.cert);	}	// Read the CRL file	if (p.crl && ((crl = Read(p.crl, &crlSz)) == NULL)) {		LocalFree(cert);		return LastError(TEXT("Failed to read the CRL file '%s'"), p.crl);	}	// Find a subkey that's available	_tcsncpy(root, TEXT("TEMPHIVE"), MAX_REG_KEY_LEN);	if ((retval = RegOpenKeyEx(HKEY_LOCAL_MACHINE, root, 0, KEY_READ, &key)) != ERROR_FILE_NOT_FOUND) {		if (retval != ERROR_SUCCESS) {			LocalFree(crl);			LocalFree(cert);			return Error(TEXT("Failed to find subkey to load hive"), NULL, retval);		}		RegCloseKey(key);		_sntprintf(root, MAX_REG_KEY_LEN, TEXT("TEMPHIVE%u"), index++);	}	key = NULL;	// Load the hive	if ((retval = RegLoadKey(HKEY_LOCAL_MACHINE, root, p.hive)) != ERROR_SUCCESS) {		LocalFree(cert);		if (crl) LocalFree(crl);		return Error(TEXT("Failed to load hive file '%s'"), p.hive, retval);	}	// Open the HKLM/TEMPHIVE/Microsoft/SystemCertificates	if ((retval = RegOpenKeyEx(HKEY_LOCAL_MACHINE, root, 0, KEY_ALL_ACCESS, &rootKey)) != ERROR_SUCCESS) {		Error(TEXT("Failed to get root key '%s'"), root, retval);	} else if ((retval = RegOpenKeyEx(rootKey, TEXT("Microsoft//SystemCertificates"), 0, KEY_ALL_ACCESS, &storesKey)) != ERROR_SUCCESS) {		Error(TEXT("Failed to get stores key: %u/n"), NULL, retval);	// Create/Open the registry certificate store	} else if ((retval = RegCreateKeyEx(storesKey, p.store, 0, NULL, REG_OPTION_BACKUP_RESTORE, KEY_ALL_ACCESS, NULL, &key, &disp)) != ERROR_SUCCESS) {		Error(TEXT("Failed to create store key '%s'"), p.store, retval);	// Open the store	} else if ((hCertStore = CertOpenStore(CERT_STORE_PROV_REG, 0, (HCRYPTPROV)NULL, CERT_STORE_BACKUP_RESTORE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, key)) == NULL) {		retval = LastError(TEXT("Failed to create certificate store"), NULL);	// Add the certificate to the store	} else if (!CertAddEncodedCertificateToStore(hCertStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert, certSz, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) {		retval = LastError(TEXT("Failed add certificate to store"), NULL);	// Add the crl to the store	} else if (crl && !CertAddEncodedCRLToStore(hCertStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, crl, crlSz, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) {		retval = LastError(TEXT("Failed add the CRL to store"), NULL);	}	// Cleanup	if (hCertStore) { CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG); }	if (key)		{ RegCloseKey(key); }	if (storesKey)	{ RegCloseKey(storesKey); }	if (rootKey)	{ RegCloseKey(rootKey); }	LocalFree(crl);	LocalFree(cert);	// Unload the hive	if ((disp = RegUnLoadKey(HKEY_LOCAL_MACHINE, root)) != ERROR_SUCCESS) {		if (retval == ERROR_SUCCESS) { retval = disp; }		Error(TEXT("Failed to unload the hive"), NULL, disp);	}	// Successful? Yeah!	if (retval == ERROR_SUCCESS) {		if (p.crl) {			_tprintf(TEXT("Successfully added %s and %s to the %s store in %s/n/n"), p.cert, p.crl, p.store, p.hive);		} else {//.........这里部分代码省略.........

static PCCERT_CONTEXTxmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, 			       xmlSecKeyInfoCtxPtr keyInfoCtx) {    const char* storeName;    HCERTSTORE hStoreHandle = NULL;    PCCERT_CONTEXT pCertContext = NULL;    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);    xmlSecAssert2(name != NULL, NULL);    xmlSecAssert2(keyInfoCtx != NULL, NULL);    storeName = xmlSecMSCryptoAppGetCertStoreName();    if(storeName == NULL) {	storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;    }    hStoreHandle = CertOpenSystemStore(0, storeName);    if (NULL == hStoreHandle) {	xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,		    NULL,		    "CertOpenSystemStore",		    XMLSEC_ERRORS_R_CRYPTO_FAILED,		    "storeName=%s",		    xmlSecErrorsSafeString(storeName));	return(NULL);    }    /* first attempt: search by cert id == name */    if(pCertContext == NULL) {	size_t len = xmlStrlen(name) + 1;     	wchar_t * lpCertID;		/* aleksey todo: shouldn't we call MultiByteToWideChar first to get the buffer size? */	lpCertID = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);	if(lpCertID == NULL) {	    xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,			xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),			NULL,			XMLSEC_ERRORS_R_MALLOC_FAILED,		    	XMLSEC_ERRORS_NO_MESSAGE);	    CertCloseStore(hStoreHandle, 0);	    return(NULL);	}	MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpCertID, len);		pCertContext = CertFindCertificateInStore(	    hStoreHandle,	    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,	    0,	    CERT_FIND_SUBJECT_STR,	    lpCertID,	    NULL);	xmlFree(lpCertID);    }    /* We don't give up easily, now try to fetch the cert with a full blown      * subject dn     */    if (NULL == pCertContext) {	BYTE* bdata;	DWORD len;		bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,					    name, 					    CERT_OID_NAME_STR,					    &len);	if(bdata != NULL) {	    CERT_NAME_BLOB cnb;    	    cnb.cbData = len;    	    cnb.pbData = bdata;	    	    pCertContext = CertFindCertificateInStore(hStoreHandle,				X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,				0,				CERT_FIND_SUBJECT_NAME,				&cnb,				NULL);	    xmlFree(bdata);	}    }	        /* We don't give up easily, now try to fetch the cert with a full blown      * subject dn, and try with a reversed dn     */    if (NULL == pCertContext) {	BYTE* bdata;	DWORD len;		bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,					    name, 					    CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,					    &len);	if(bdata != NULL) {	    CERT_NAME_BLOB cnb;    	    cnb.cbData = len;    	    cnb.pbData = bdata;	    	    pCertContext = CertFindCertificateInStore(hStoreHandle,//.........这里部分代码省略.........

//.........这里部分代码省略.........        goto CleanUp;    }    if( NULL != wszSubject && 0 != *wszSubject )    {        //        // Search by Name        //        while( NULL != ( pCert = CertFindCertificateInStore(                            hStore,                            X509_ASN_ENCODING,                            0,                            CERT_FIND_SUBJECT_STR,                            wszSubject,                            pCert                            )))        {            if( CryptAcquireCertificatePrivateKey(                            pCert,                            CRYPT_ACQUIRE_CACHE_FLAG,                            NULL,                            phCryptProvOrNCryptKey,                            pdwKeySpec,                            &fCallerFreeProvOrNCryptKey                            ))            {                break;            }        }    }    else    {        //        // Get the first available certificate in the store        //        while( NULL != ( pCert = CertEnumCertificatesInStore(                            hStore,                            pCert                            )))        {            if( CryptAcquireCertificatePrivateKey(                            pCert,                            CRYPT_ACQUIRE_CACHE_FLAG,                            NULL,                            phCryptProvOrNCryptKey,                            pdwKeySpec,                            &fCallerFreeProvOrNCryptKey                            ))            {                break;            }        }    }    if( NULL == pCert )    {        hr = CRYPT_XML_E_SIGNER;        goto CleanUp;    }    //    // Build the certificate chain without revocation check.    //    if( !CertGetCertificateChain(                                NULL,                   // use the default chain engine                                pCert,                  // pointer to the end certificate                                NULL,                   // use the default time                                NULL,                   // search no additional stores                                &ChainPara,                                            0,                      // no revocation check                                NULL,                   // currently reserved                                ppChainContext ))       // return a pointer to the chain created    {        hr = HRESULT_FROM_WIN32( GetLastError() );        goto CleanUp;    }CleanUp:    if( FAILED(hr) )    {        *phCryptProvOrNCryptKey = NULL;        *pdwKeySpec = 0;    }    if( NULL != pCert )    {        CertFreeCertificateContext( pCert );    }    if( NULL != hStore )    {        CertCloseStore( hStore, 0 );    }    return hr;}

CertStore::~CertStore(){	CertCloseStore( d->s, 0 );	delete d;}

BOOL ServerAuthenticate(const char *hostname){	int rc, rcISC, rcl;	BOOL haveToken;	int bytesReceived = 0, bytesSent = 0;	TimeStamp useBefore;	// input and output buffers	SecBufferDesc obd, ibd;	SecBuffer ob, ib[2];	BOOL haveContext = FALSE;	DWORD ctxReq,ctxAttr;	int n;	short len;	SCHANNEL_CRED cred = {0};	char host[256];	struct addrinfo *ai=NULL, hints = {0};	PCCERT_CONTEXT cert;	HANDLE hMy = CertOpenSystemStore(0,"MY");	if(!hMy)	{		rcISC = SEC_E_NO_CREDENTIALS;		server_error(1,"[%08x] %s/n",rcISC,GetErrorString(rcISC));		return FALSE;	}	if(!hostname)	{		gethostname (host, sizeof host);		hints.ai_flags=AI_CANONNAME;		if(getaddrinfo(cvs::idn(host),NULL,&hints,&ai))			server_error (1, "can't get canonical hostname");		hostname = ai->ai_canonname;		cert = CertFindCertificateInStore(hMy, X509_ASN_ENCODING, 0, CERT_FIND_SUBJECT_STR, (const wchar_t*)cvs::wide(cvs::decode_idn(hostname)),	NULL);	}	else		cert = CertFindCertificateInStore(hMy, X509_ASN_ENCODING, 0, CERT_FIND_SUBJECT_STR, (const wchar_t*)cvs::wide(hostname),	NULL);	if(!cert)	{		rcISC = SEC_E_NO_CREDENTIALS;		server_error(1,"No certificate for '%s': %s/n",hostname,GetErrorString(rcISC));		return FALSE;	}	cred.cCreds     = 1;	cred.paCred     = &cert;	if(ai)		freeaddrinfo(ai);	cred.dwVersion = SCHANNEL_CRED_VERSION;	cred.dwFlags = SCH_CRED_USE_DEFAULT_CREDS;	rc = AcquireCredentialsHandle( NULL, "SChannel", SECPKG_CRED_INBOUND, NULL, &cred, NULL, NULL, &credHandle, &useBefore );	if ( rc == SEC_E_OK )		haveToken = TRUE;	else		haveToken = FALSE;	CertCloseStore(hMy,0);	while ( 1 )	{		// prepare to get the server's response		ibd.ulVersion = SECBUFFER_VERSION;		ibd.cBuffers = 2;		ibd.pBuffers = ib; // just one buffer		ib[0].BufferType = SECBUFFER_TOKEN; // preping a token here		ib[0].cbBuffer = secPackInfo->cbMaxToken;		ib[0].pvBuffer = malloc(ib[0].cbBuffer);		ib[1].cbBuffer = 0;		ib[1].pvBuffer = NULL;		ib[1].BufferType = SECBUFFER_EMPTY; // Spare stuff		// receive the client's POD		rcl = read( current_server()->in_fd, ib[0].pvBuffer, ib[0].cbBuffer);		if(rcl<=0)		{			rc = SEC_E_INTERNAL_ERROR;			break;		}		// by now we have an input buffer		obd.ulVersion = SECBUFFER_VERSION;		obd.cBuffers = 1;		obd.pBuffers = &ob; // just one buffer		ob.BufferType = SECBUFFER_TOKEN; // preping a token here		ob.cbBuffer = secPackInfo->cbMaxToken;		ob.pvBuffer = malloc(secPackInfo->cbMaxToken);		if(rc<0)		{			len=0;			if((n=write(current_server()->out_fd,&len,sizeof(len)))<=0)				break;			break;		}//.........这里部分代码省略.........

static value cert_load_defaults(){#if defined(NEKO_WINDOWS)	value v;	HCERTSTORE store;	PCCERT_CONTEXT cert;	mbedtls_x509_crt *chain = (mbedtls_x509_crt *)alloc(sizeof(mbedtls_x509_crt));	mbedtls_x509_crt_init( chain );	if( store = CertOpenSystemStore(0, (LPCSTR)"Root") ){		cert = NULL;		while( cert = CertEnumCertificatesInStore(store, cert) )			mbedtls_x509_crt_parse_der( chain, (unsigned char *)cert->pbCertEncoded, cert->cbCertEncoded );		CertCloseStore(store, 0);	}	v = alloc_abstract(k_cert, chain);	val_gc(v,free_cert);	return v;#elif defined(NEKO_MAC)	CFMutableDictionaryRef search;	CFArrayRef result;	SecKeychainRef keychain;	SecCertificateRef item;	CFDataRef dat;	value v;	mbedtls_x509_crt *chain = NULL;	// Load keychain	if( SecKeychainOpen("/System/Library/Keychains/SystemRootCertificates.keychain",&keychain) != errSecSuccess )		return val_null;	// Search for certificates	search = CFDictionaryCreateMutable( NULL, 0, NULL, NULL );	CFDictionarySetValue( search, kSecClass, kSecClassCertificate );	CFDictionarySetValue( search, kSecMatchLimit, kSecMatchLimitAll );	CFDictionarySetValue( search, kSecReturnRef, kCFBooleanTrue );	CFDictionarySetValue( search, kSecMatchSearchList, CFArrayCreate(NULL, (const void **)&keychain, 1, NULL) );	if( SecItemCopyMatching( search, (CFTypeRef *)&result ) == errSecSuccess ){		CFIndex n = CFArrayGetCount( result );		for( CFIndex i = 0; i < n; i++ ){			item = (SecCertificateRef)CFArrayGetValueAtIndex( result, i );			// Get certificate in DER format			dat = SecCertificateCopyData( item );			if( dat ){				if( chain == NULL ){					chain = (mbedtls_x509_crt *)alloc(sizeof(mbedtls_x509_crt));					mbedtls_x509_crt_init( chain );				}				mbedtls_x509_crt_parse_der( chain, (unsigned char *)CFDataGetBytePtr(dat), CFDataGetLength(dat) );				CFRelease( dat );			}		}	}	CFRelease(keychain);	if( chain != NULL ){		v = alloc_abstract(k_cert, chain);		val_gc(v,free_cert);		return v;	}else{		return val_null;	}#else	return val_null;#endif}

void CAPICertificate::setUri (const std::string& capiUri) {	valid_ = false;	/* Syntax: "certstore:" <cert_store> ":" <hash> ":" <hash_of_cert> */	if (!boost::iequals(capiUri.substr(0, 10), "certstore:")) {		return;	}	/* Substring of subject: uses "storename" */	std::string capiIdentity = capiUri.substr(10);	std::string newCertStoreName;	size_t pos = capiIdentity.find_first_of (':');	if (pos == std::string::npos) {		/* Using the default certificate store */		newCertStoreName = "MY";		certName_ = capiIdentity;	}	else {		newCertStoreName = capiIdentity.substr(0, pos);		certName_ = capiIdentity.substr(pos + 1);	}	if (certStoreHandle_ != NULL) {		if (newCertStoreName != certStore_) {			CertCloseStore(certStoreHandle_, 0);			certStoreHandle_ = NULL;		}	}	if (certStoreHandle_ == NULL) {		certStoreHandle_ = CertOpenSystemStore(0, newCertStoreName.c_str());		if (!certStoreHandle_) {			return;		}	}	certStore_ = newCertStoreName;	PCCERT_CONTEXT certContext = findCertificateInStore (certStoreHandle_, certName_);	if (!certContext) {		return;	}	/* Now verify that we can have access to the corresponding private key */	DWORD len;	CRYPT_KEY_PROV_INFO *pinfo;	HCRYPTPROV hprov;	HCRYPTKEY key;	if (!CertGetCertificateContextProperty(certContext,			CERT_KEY_PROV_INFO_PROP_ID,			NULL,			&len)) {		CertFreeCertificateContext(certContext);		return;	}	pinfo = static_cast<CRYPT_KEY_PROV_INFO *>(malloc(len));	if (!pinfo) {		CertFreeCertificateContext(certContext);		return;	}	if (!CertGetCertificateContextProperty(certContext, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) {		CertFreeCertificateContext(certContext);		free(pinfo);		return;	}	CertFreeCertificateContext(certContext);	// Now verify if we have access to the private key	if (!CryptAcquireContextW(&hprov, pinfo->pwszContainerName, pinfo->pwszProvName, pinfo->dwProvType, 0)) {		free(pinfo);		return;	}	char smartCardReader[1024];	DWORD bufferLength = sizeof(smartCardReader);	if (!CryptGetProvParam(hprov, PP_SMARTCARD_READER, (BYTE *)&smartCardReader, &bufferLength, 0)) {		DWORD error = GetLastError();		smartCardReaderName_ = "";	}	else {		smartCardReaderName_ = smartCardReader;		LONG result = SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &scardContext_);		if (SCARD_S_SUCCESS == result) {			// Initiate monitoring for smartcard ejection			smartCardTimer_ = timerFactory_->createTimer(SMARTCARD_EJECTION_CHECK_FREQUENCY_MILLISECONDS);		}		else {			///Need to handle an error here		}//.........这里部分代码省略.........

int EDT_CSP_ReadParam(HCRYPTPROV hProv,DWORD dwParam){	int iRetVal = EDT_OK;	BYTE *pbData = NULL;	DWORD dwDataLen = 0;	DWORD dwFlags = 0;	if (CryptGetProvParam(hProv, dwParam, NULL, &dwDataLen, dwFlags) == TRUE )	{		pbData = (BYTE *)malloc(dwDataLen);		if(pbData != NULL)		{			if (CryptGetProvParam(hProv, dwParam, pbData, &dwDataLen, dwFlags) == TRUE )			{				GUID *pTheGuid;				HCERTSTORE *phCertStore;				PCCERT_CONTEXT pPrevCertContext = NULL;				switch(dwParam)				{				case PP_SMARTCARD_READER:					LOG(L"SmartCard Reader: %hs/n",pbData);					break;				case PP_SMARTCARD_GUID:					pTheGuid = (GUID *)pbData;					LOG(L"SmartCard GUID: ");					LOG_BYTE_ARRAY(pTheGuid->Data4,sizeof(pTheGuid->Data4));					break;				case PP_USER_CERTSTORE:					phCertStore = (HCERTSTORE*)pbData;					pPrevCertContext = CertEnumCertificatesInStore(*phCertStore,pPrevCertContext);					while(pPrevCertContext != NULL)					{						LOG(L"Found certificate with length %d/n",pPrevCertContext->cbCertEncoded);						pPrevCertContext = CertEnumCertificatesInStore(*phCertStore,pPrevCertContext);											}					if ( CertCloseStore(*phCertStore,0) == FALSE )					{						LOG_ERROR(L"CertCloseStore failed");					}					break;				default:					break;				}			}			else			{				LOG_LASTERROR(L"CryptGetProvParam failed 2e /n");			}			free(pbData);		}		else		{			LOG_ERROR(L"malloc failed/n");		}	}	else	{		LOG_LASTERROR(L"CryptGetProvParam failed/n");	}	return iRetVal;}

/** * Removes a certificate, given by file, from a store * * @returns true on success, false on failure (error message written). * @param   dwDst           The destination, like *                          CERT_SYSTEM_STORE_LOCAL_MACHINE or *                          ERT_SYSTEM_STORE_CURRENT_USER. * @param   pszStoreNm      The store name. * @param   pszCertFile     The file containing the certificate to add. */static bool removeCertFromStoreByFile(DWORD dwDst, const char *pszStoreNm, const char *pszCertFile){    /*     * Read the certificate file first.     */    PCCERT_CONTEXT  pSrcCtx   = NULL;    HCERTSTORE      hSrcStore = NULL;    if (!readCertFile(pszCertFile, &pSrcCtx, &hSrcStore))        return false;    WCHAR wszName[1024];    if (!CertGetNameStringW(pSrcCtx, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0 /*dwFlags*/, NULL /*pvTypePara*/,                            wszName, sizeof(wszName)))    {        RTMsgError("CertGetNameStringW(Subject) failed: %s/n", errorToString(GetLastError()));        wszName[0] = '/0';    }    /*     * Open the destination store.     */    bool fRc = false;    HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);    if (hDstStore)    {        if (pSrcCtx)        {            fRc = true;            unsigned        cDeleted = 0;            PCCERT_CONTEXT  pCurCtx  = NULL;            while ((pCurCtx = CertEnumCertificatesInStore(hDstStore, pCurCtx)) != NULL)            {                if (CertCompareCertificate(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, pCurCtx->pCertInfo, pSrcCtx->pCertInfo))                {                    if (g_cVerbosityLevel > 1)                        RTMsgInfo("Removing '%ls'...", wszName);                    PCCERT_CONTEXT pDeleteCtx = CertDuplicateCertificateContext(pCurCtx);                    if (pDeleteCtx)                    {                        if (CertDeleteCertificateFromStore(pDeleteCtx))                            cDeleted++;                        else                            RTMsgError("CertDeleteFromStore('%ls') failed: %s/n", wszName, errorToString(GetLastError()));                    }                    else                        RTMsgError("CertDuplicateCertificateContext('%ls') failed: %s/n", wszName, errorToString(GetLastError()));                }            }            if (!cDeleted)                RTMsgInfo("Found no matching certificates to remove.");        }        else        {            RTMsgError("Path not implemented at line %d/n",  __LINE__);        }        CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);    }    if (pSrcCtx)        CertFreeCertificateContext(pSrcCtx);    if (hSrcStore)        CertCloseStore(hSrcStore, CERT_CLOSE_STORE_CHECK_FLAG);    return fRc;}

static void test_crypt_ui_wiz_import(void){    BOOL ret;    CRYPTUI_WIZ_IMPORT_SRC_INFO info;    HCERTSTORE store;    PCCERT_CONTEXT cert;    PCCRL_CONTEXT crl;    DWORD count;    if (!pCryptUIWizImport)    {        skip("No CryptUIWizImport/n");        return;    }    /* Set CBT hook to disallow MessageBox and wizard creation in current     * thread.     */    hook = SetWindowsHookExA(WH_CBT, cbt_hook_proc, 0, GetCurrentThreadId());    /* Brings up UI.  Cancelling yields ret = 1. */    if (0)    {        pCryptUIWizImport(0, 0, NULL, NULL, NULL);    }    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, NULL, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    memset(&info, 0, sizeof(info));    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    info.dwSize = sizeof(info);    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_CONTEXT;    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,     0, NULL, &info, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    /* Check allowed vs. given type mismatches */    info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,     v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey));    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL,     0, NULL, &info, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    CertFreeCertificateContext(info.u.pCertContext);    info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CRL_CONTEXT;    info.u.pCRLContext = CertCreateCRLContext(X509_ASN_ENCODING,     signedCRL, sizeof(signedCRL));    SetLastError(0xdeadbeef);    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,     0, NULL, &info, NULL);    ok(!ret && GetLastError() == E_INVALIDARG,     "expected E_INVALIDARG, got %08x/n", GetLastError());    CertFreeCRLContext(info.u.pCRLContext);    /* Imports the following cert--self-signed, with no basic constraints set--     * to the CA store.  Puts up a dialog at the end if it succeeds or fails.     */    info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_CONTEXT;    info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,     v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey));    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);    ok(ret, "CryptUIWizImport failed: %08x/n", GetLastError());    if (ret)    {        static const WCHAR CA[] = { 'C','A',0 };        HCERTSTORE ca = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0,         CERT_SYSTEM_STORE_CURRENT_USER, CA);        if (ca)        {            ret = find_and_delete_cert_in_store(ca, info.u.pCertContext);            ok(ret ||             broken(!ret) /* Win9x/NT4 */,             "expected to find v1CertWithValidPubKey in CA store/n");            CertCloseStore(ca, 0);        }    }    CertFreeCertificateContext(info.u.pCertContext);    /* Imports the following cert--not self-signed, with a basic constraints2     * extensions--to the "AddressBook" store.  Puts up a dialog at the end if     * it succeeds or fails.     */    info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,     iTunesCert3, sizeof(iTunesCert3));    ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);    ok(ret, "CryptUIWizImport failed: %08x/n", GetLastError());    if (ret)//.........这里部分代码省略.........

/** * Checks to see if a file stored at filePath matches the specified info. This * only supports the name and issuer attributes currently. * * @param  filePath    The PE file path to check * @param  infoToMatch The acceptable information to match * @return ERROR_SUCCESS if successful, ERROR_NOT_FOUND if the info *         does not match, or the last error otherwise. */DWORDCheckCertificateForPEFile(LPCWSTR filePath,                          CertificateCheckInfo &infoToMatch){  HCERTSTORE certStore = NULL;  HCRYPTMSG cryptMsg = NULL;  PCCERT_CONTEXT certContext = NULL;  PCMSG_SIGNER_INFO signerInfo = NULL;  DWORD lastError = ERROR_SUCCESS;  // Get the HCERTSTORE and HCRYPTMSG from the signed file.  DWORD encoding, contentType, formatType;  BOOL result = CryptQueryObject(CERT_QUERY_OBJECT_FILE,                                 filePath,                                 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,                                 CERT_QUERY_CONTENT_FLAG_ALL,                                 0, &encoding, &contentType,                                 &formatType, &certStore, &cryptMsg, NULL);  if (!result) {    lastError = GetLastError();    goto cleanup;  }  // Pass in NULL to get the needed signer information size.  DWORD signerInfoSize;  result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,                            NULL, &signerInfoSize);  if (!result) {    lastError = GetLastError();    goto cleanup;  }  // Allocate the needed size for the signer information.  signerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, signerInfoSize);  if (!signerInfo) {    lastError = GetLastError();    goto cleanup;  }  // Get the signer information (PCMSG_SIGNER_INFO).  // In particular we want the issuer and serial number.  result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,                            (PVOID)signerInfo, &signerInfoSize);  if (!result) {    lastError = GetLastError();    goto cleanup;  }  // Search for the signer certificate in the certificate store.  CERT_INFO certInfo;  certInfo.Issuer = signerInfo->Issuer;  certInfo.SerialNumber = signerInfo->SerialNumber;  certContext = CertFindCertificateInStore(certStore, ENCODING, 0,                                           CERT_FIND_SUBJECT_CERT,                                           (PVOID)&certInfo, NULL);  if (!certContext) {    lastError = GetLastError();    goto cleanup;  }  if (!DoCertificateAttributesMatch(certContext, infoToMatch)) {    lastError = ERROR_NOT_FOUND;    goto cleanup;  }cleanup:  if (signerInfo) {    LocalFree(signerInfo);  }  if (certContext) {    CertFreeCertificateContext(certContext);  }  if (certStore) {    CertCloseStore(certStore, 0);  }  if (cryptMsg) {    CryptMsgClose(cryptMsg);  }  return lastError;}

/** * gnutls_x509_trust_list_add_system_trust: * @list: The structure of the list * @tl_flags: GNUTLS_TL_* * @tl_vflags: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL * * This function adds the system's default trusted certificate * authorities to the trusted list. Note that on unsupported system * this function returns %GNUTLS_E_UNIMPLEMENTED_FEATURE. * * Returns: The number of added elements or a negative error code on error. * * Since: 3.1 **/intgnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,                                        unsigned int tl_flags, unsigned int tl_vflags){#if !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) && !defined(_WIN32)  return GNUTLS_E_UNIMPLEMENTED_FEATURE;#else  int ret, r = 0;  const char* crl_file = # ifdef DEFAULT_CRL_FILE  DEFAULT_CRL_FILE;# else  NULL;# endif# ifdef _WIN32  unsigned int i;  for (i=0;i<2;i++)  {    HCERTSTORE store;    const CERT_CONTEXT *cert;    const CRL_CONTEXT *crl;    gnutls_datum_t data;        if (i==0) store = CertOpenSystemStore(0, "ROOT");    else store = CertOpenSystemStore(0, "CA");    if (store == NULL) return GNUTLS_E_FILE_ERROR;    cert = CertEnumCertificatesInStore(store, NULL);    crl = Loaded_CertEnumCRLsInStore(store, NULL);    while(cert != NULL)       {        if (cert->dwCertEncodingType == X509_ASN_ENCODING)          {            data.data = cert->pbCertEncoded;            data.size = cert->cbCertEncoded;            if (gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags) > 0)              r++;          }        cert = CertEnumCertificatesInStore(store, cert);      }    while(crl != NULL)       {        if (crl->dwCertEncodingType == X509_ASN_ENCODING)          {            data.data = crl->pbCrlEncoded;            data.size = crl->cbCrlEncoded;            gnutls_x509_trust_list_add_trust_mem(list, NULL, &data, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);          }        crl = Loaded_CertEnumCRLsInStore(store, crl);      }    CertCloseStore(store, 0);  }# endif# if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)  ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_PKCS11, crl_file,                                               GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);  if (ret > 0)    r += ret;# endif# ifdef DEFAULT_TRUST_STORE_FILE  ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_FILE, crl_file,                                               GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);  if (ret > 0)    r += ret;# endif  return r;#endif}

static PCCERT_CONTEXTxmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,                                xmlSecKeyInfoCtxPtr keyInfoCtx) {    LPCTSTR storeName;    HCERTSTORE hStoreHandle = NULL;    PCCERT_CONTEXT pCertContext = NULL;    LPTSTR wcName = NULL;    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);    xmlSecAssert2(name != NULL, NULL);    xmlSecAssert2(keyInfoCtx != NULL, NULL);    storeName = xmlSecMSCryptoAppGetCertStoreName();    if(storeName == NULL) {        storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;    }    hStoreHandle = CertOpenSystemStore(0, storeName);    if (NULL == hStoreHandle) {        xmlSecError(XMLSEC_ERRORS_HERE,                    NULL,                    "CertOpenSystemStore",                    XMLSEC_ERRORS_R_CRYPTO_FAILED,                    "storeName=%s",                    xmlSecErrorsSafeString(storeName));        return(NULL);    }    /* convert name to unicode */    wcName = xmlSecMSCryptoConvertUtf8ToTstr(name);    if(wcName == NULL) {        xmlSecError(XMLSEC_ERRORS_HERE,                        xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),                        "xmlSecMSCryptoConvertUtf8ToUnicode",                        XMLSEC_ERRORS_R_XMLSEC_FAILED,                        "wcName");        CertCloseStore(hStoreHandle, 0);        return(NULL);    }    /* first attempt: try to find the cert with a full blown subject dn */    if(NULL == pCertContext) {        pCertContext = xmlSecMSCryptoX509FindCertBySubject(            hStoreHandle,            wcName,            X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);    }    /*     * Try ro find certificate with name="Friendly Name"     */    if (NULL == pCertContext) {        DWORD dwPropSize;        PBYTE pbFriendlyName;        PCCERT_CONTEXT pCertCtxIter = NULL;        while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {            if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,                                                      CERT_FRIENDLY_NAME_PROP_ID,                                                      NULL,                                                      &dwPropSize)) {                continue;            }            pbFriendlyName = xmlMalloc(dwPropSize);            if(pbFriendlyName == NULL) {                xmlSecError(XMLSEC_ERRORS_HERE,                            xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),                            NULL,                            XMLSEC_ERRORS_R_MALLOC_FAILED,                            XMLSEC_ERRORS_NO_MESSAGE);                xmlFree(wcName);                CertCloseStore(hStoreHandle, 0);                return(NULL);            }            if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,                                                      CERT_FRIENDLY_NAME_PROP_ID,                                                      pbFriendlyName,                                                      &dwPropSize)) {                xmlFree(pbFriendlyName);                continue;            }            /* Compare FriendlyName to name */            if (!lstrcmp(wcName, (LPCTSTR)pbFriendlyName)) {              pCertContext = pCertCtxIter;              xmlFree(pbFriendlyName);              break;            }            xmlFree(pbFriendlyName);        }    }    /* We don't give up easily, now try to find cert with part of the name     */    if (NULL == pCertContext) {        pCertContext = CertFindCertificateInStore(            hStoreHandle,//.........这里部分代码省略.........

//.........这里部分代码省略.........				if( ( pwcSubjectName = ( WCHAR* ) malloc( cwcSubjectName * sizeof( WCHAR ) ) ) )				{					if( CertGetNameStringW( pCertContext,						CERT_NAME_SIMPLE_DISPLAY_TYPE,						0, 						NULL,						pwcSubjectName,						cwcSubjectName ) > 0 )					{						//printf("Found the certificate [%ws] in the system store/n", pwcSubjectName);						if ( wcscmp(pwcTrustRootCA, pwcSubjectName) == 0)						{							bFoundCert = TRUE;							// Retrieve information on the property by first getting the property size.							if(CertGetCertificateContextProperty( pCertContext, 								CERT_SHA1_HASH_PROP_ID , // work fine on XP 								NULL, 								&cbSHA1))							{								// Use the size to allocate the memory for the property								if ( pbSHA1 = (BYTE *) malloc(cbSHA1 * sizeof(BYTE) ) )								{									// Retrieve HASH of the certificate									if(CertGetCertificateContextProperty( pCertContext, 										CERT_SHA1_HASH_PROP_ID ,  										pbSHA1, 										&cbSHA1))									{										memcpy(pbCertHash, pbSHA1, cbSHA1);										*pcbCertHash = cbSHA1;									}									else									{										printf("->GetCertificate :: Error retrieving certificate HASH./n");										dwRet = ERROR_CANTOPEN;									}									free(pbSHA1);								}								else								{									printf("->GetCertificate :: Error allocating memory./n");									dwRet = ERROR_NOT_ENOUGH_MEMORY;								}							}							else							{								printf("->GetCertificate :: Error getting certificate property./n");								dwRet = ERROR_CANTOPEN;							}						} 					}					else					{						printf("->GetCertificate :: Error getting certificate name string./n");						dwRet = ERROR_CANTOPEN;					}					free( pwcSubjectName );					cwcSubjectName = 0;				}				else				{					printf("->GetCertificate :: Error allocating memory./n");					dwRet = ERROR_NOT_ENOUGH_MEMORY;				}			}			else				dwRet = ERROR_CANTOPEN;		}		if( !bFoundCert )		{			printf("->GetCertificate :: Error looking for the certificate in the system store./n");			dwRet = ERROR_CANTOPEN;		}		if( dwRet != NO_ERROR )		{			if( pCertContext )				CertFreeCertificateContext( pCertContext );		}		CertCloseStore( hCertStore, CERT_CLOSE_STORE_CHECK_FLAG );	}	else	{		printf("->GetCertificate :: Error opening system store./n");		dwRet = ERROR_CANTOPEN;	}	return dwRet;}

void get_cert_time_left(	char				*realm,	CTimeSpan			*ptimeLeft){	HCERTSTORE			hStoreHandle		= NULL;	PCCERT_CONTEXT		pCertContext		= NULL;      	PCCERT_CONTEXT		prev_pCertContext	= NULL;      	DWORD				dwCertEncodingType	= X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;	DWORD				dwAddDisposition	= CERT_STORE_ADD_REPLACE_EXISTING;	DWORD				dwFindFlags			= 0;# define				OID_KCA_AUTHREALM	"1.3.6.1.4.1.250.42.1"	DWORD				dwFindType			= CERT_FIND_ANY;	CERT_INFO			*pCertInfo			= NULL;	PCERT_EXTENSION		pCertExt			= NULL;	CRYPT_OBJID_BLOB	*p					= NULL;	int					i					= 0;	char				tmpRealm[250]		= { 0 };	CTime				startTime			= 0;	CTime				endTime				= 0;	memset(ptimeLeft, 0, sizeof(*ptimeLeft));	if (!realm || !strlen(realm))		return;	//--------------------------------------------------------------------	// Open a store as the source of the certificates to be deleted and added	if(!(hStoreHandle = CertOpenSystemStore(			0,			MY_STORE)))	{		HandleError("get_cert_time_left: Strange.  Unable to access your place in the Registry for certificates");		goto EXIT_RTN;	}	// Find first MY store cert issued by our Certificate Authority	while ((pCertContext = CertFindCertificateInStore(						hStoreHandle,					// in						dwCertEncodingType,				// in						dwFindFlags,					// in						dwFindType,						// in						NULL,							// in						prev_pCertContext				// in						)))	{		if (pCertInfo = pCertContext->pCertInfo)			for (i = pCertInfo->cExtension; i; i--)			{				pCertExt = &pCertInfo->rgExtension[i-1];				if (!strcmp(pCertExt->pszObjId, OID_KCA_AUTHREALM))				{					log_printf("get_cert_time_left: Found KCA_AUTHREALM Extension/n");					p = &pCertExt->Value;					memcpy(tmpRealm, &p->pbData[2], p->cbData-2);					tmpRealm[p->cbData-2] ='/0';					log_printf("get_cert_time_left:    value is: '%s'/n", tmpRealm);					/* only match if realm of current TGT matches AuthRealm of this cert */					if (realm && !strcmp(realm, tmpRealm))					{						// It matches, determine remaining certificate's remaining minutes						startTime	= CTime::GetCurrentTime();						endTime		= pCertContext->pCertInfo->NotAfter;						*ptimeLeft	= endTime - startTime;						goto EXIT_RTN;					}				}			}		prev_pCertContext = pCertContext;	}EXIT_RTN:	if ((prev_pCertContext != pCertContext) && pCertContext)	{		CertFreeCertificateContext(pCertContext);		pCertContext = NULL;	}	if (pCertContext)		CertFreeCertificateContext(pCertContext);	if(hStoreHandle &&!CertCloseStore(							hStoreHandle,#ifdef DEBUG							CERT_CLOSE_STORE_CHECK_FLAG#else // !DEBUG							CERT_CLOSE_STORE_FORCE_FLAG#endif // ! DEBUG			))	{//.........这里部分代码省略.........