将pfx证书转换为PEM格式-Java 学习之路

我发现这个问题Converting .PFX to .PEM programmatically?，我有同样的问题，从Windows密钥存储区以编程方式导出pfx格式的证书和私钥，并将它们转换为PEM格式文件/内存 .

上面的链接似乎是这样做但没有真正的信息它是如何完成的，并且github的内部链接似乎被打破了

我们不能使用pfx格式，因为它包含证书链和用于加载此类证书链的openSSL库API仅适用于PEM文件 .

将pfx文件导入Windows密钥存储区时，私钥被检查为可导出 .

我成功通过将证书复制到新的内存存储器导出证书，将其导出到内存bolb并以不同的格式（base64和二进制）保存到文件中 - 请参阅下面的代码 - 但我不确定这是正确的方法，如果所有链都被导出，我也不知道如何将其转换为PEM格式

在此先感谢您的帮助

#pragma comment(lib, "crypt32.lib")

#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);

char *base64_encode(const unsigned char *data,
                    size_t input_length,
                    size_t *output_length);

void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE         hSystemStore;
HCERTSTORE         hTempStore;
PCCERT_CONTEXT     pCertContext = NULL;
char pszStoreName[256] = "root";
char               pszNameString[256] = "xyzabcfkjvfkvnrg"; 

//-------------------------------------------------------------------
// Open a system certificate store.
if(hSystemStore = CertOpenSystemStore(
    0,
    pszStoreName))
{
  printf("The %s system store is open. Continue.\n", pszStoreName );
}
else
{
  MyHandleError("The first system store did not open.");
}

//-------------------------------------------------------------------
// Open a temporary certificate store.
if(hTempStore = CertOpenStore(
    CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0 ))
{
  printf("Temp certificate store was created. Continue.\n");
}
else
{
  MyHandleError("The temp store wasn't not created.");
}
//-------------------------------------------------------------------
// Get a certificate that has the desired friendly name. 
if(pCertContext=CertFindCertificateInStore(
      hSystemStore,
      MY_ENCODING_TYPE,             // Use X509_ASN_ENCODING
      0,                            // No dwFlags needed 
      CERT_NAME_FRIENDLY_DISPLAY_TYPE,        // Find a certificate
      pszNameString, // The Unicode string to be found
                                    // in a certificate's subject
      NULL))                        // NULL for the first call 
{
  printf("The %s certificate was found. \n", pszNameString);
}
else
{
   MyHandleError("Could not find the %s certificate.");
}

//------------------------------------------------------------------
// add selected certificate into temporary store in memory

if(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0))
{
  printf("The %s certificate was added. \n", pszNameString);
}
else
{
   MyHandleError("Could not add %s ce


#pragma comment(lib, "crypt32.lib")

#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);

char *base64_encode(const unsigned char *data,
                    size_t input_length,
                    size_t *output_length);

void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE         hSystemStore;
HCERTSTORE         hTempStore;
PCCERT_CONTEXT     pCertContext = NULL;
char pszStoreName[256] = "root";
char               pszNameString[256] = "xyzabcfkjvfkvnrg"; 

//-------------------------------------------------------------------
// Open a system certificate store.
if(hSystemStore = CertOpenSystemStore(
    0,
    pszStoreName))
{
  printf("The %s system store is open. Continue.\n", pszStoreName );
}
else
{
  MyHandleError("The first system store did not open.");
}

//-------------------------------------------------------------------
// Open a temporary certificate store.
if(hTempStore = CertOpenStore(
    CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0 ))
{
  printf("Temp certificate store was created. Continue.\n");
}
else
{
  MyHandleError("The temp store wasn't not created.");
}
//-------------------------------------------------------------------
// Get a certificate that has the desired friendly name. 
if(pCertContext=CertFindCertificateInStore(
      hSystemStore,
      MY_ENCODING_TYPE,             // Use X509_ASN_ENCODING
      0,                            // No dwFlags needed 
      CERT_NAME_FRIENDLY_DISPLAY_TYPE,        // Find a certificate
      pszNameString, // The Unicode string to be found
                                    // in a certificate's subject
      NULL))                        // NULL for the first call 
{
  printf("The %s certificate was found. \n", pszNameString);
}
else
{
   MyHandleError("Could not find the %s certificate.");
}

//------------------------------------------------------------------
// add selected certificate into temporary store in memory

if(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0))
{
  printf("The %s certificate was added. \n", pszNameString);
}
else
{
   MyHandleError("Could not add %s certificate.");
}

//------------------------------------------------------------------------------


CRYPT_DATA_BLOB* db= new (CRYPT_DATA_BLOB);
LPCWSTR szPassword = NULL;
db->cbData = 0;

if((!PFXExportCertStoreEx(
                        hTempStore, 
                        db, 
                        szPassword, 
                        0, 
                        EXPORT_PRIVATE_KEYS|REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY))&&(GetLastError()==0))
{
  printf("The %s certificate blob size is %d. \n", pszNameString, db->cbData);
}
else
{
   MyHandleError("Could not calculate size of certificate.");
}

//-------------------------------------------------------
// Allocate memory 
if(db->pbData = (BYTE*)malloc(db->cbData+1))
{
     printf("Memory has been allocated. Continue.\n");
}
else
{
     MyHandleError("The allocation of memory failed.");
}

// Export certificate from temporary store to blob

if(PFXExportCertStoreEx(
                        hTempStore, 
                        db, 
                        szPassword, 
                        0, 
                        EXPORT_PRIVATE_KEYS|REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY))
{
  printf("The %s certificate blob was exported %d. \n", pszNameString);
}
else
{
   MyHandleError("Could not export certificate.");
}


//-------------------------------------------------------------------
//Write blob to files

FILE *fp;
errno_t err;
if ((err = fopen_s(&fp, "cert_bin.p12", "wb")) != 0)
    printf("File was not opened\n");
else
    for (int i=0; i<db->cbData; i++)
    fprintf(fp,"%c", db->pbData + i);
fclose(fp);

size_t t;
char* c = base64_encode(db->pbData, db->cbData, &t);

if ((err = fopen_s(&fp, "cert_base64.p12", "w")) != 0)
    printf("File was not opened\n");
else
    fprintf(fp, "%s", c);
fclose(fp);

//-------------------------------------------------------------------
// Free memory.

//free(pbElement);
CertCloseStore(hSystemStore,0);
printf("The program ran without error to the end.\n");
} // End of main

//-------------------------------------------------------------------
void MyHandleError(char *s)
{
    fprintf(stderr,"An error occurred in running the program. \n");
    fprintf(stderr,"%s\n",s);
    fprintf(stderr, "Error number %x.\n", GetLastError());
    fprintf(stderr, "Program terminating. \n");
    exit(1);
} // End of MyHandleError

1 回答

此代码段导出从WCS到pfx文件的证书链

{
    CString errorS = NULL;
    CString  pkcs12File = pszNameString;
    CString szPassword = L"XXXXXXXXX";
    do {
        //-------------------------------------------------------------------
        // Declare and initialize variables.
        HCERTSTORE         hSystemStore = NULL;
        HCERTSTORE         hTempStore = NULL;
        PCCERT_CONTEXT     pCertContext = NULL;

        //-------------------------------------------------------------------
        // Open a system certificate store.
        if (!(hSystemStore = CertOpenSystemStore(
            0,
            (LPCWSTR)pszStoreName)))
        {
            errorS = ("system store did not open.");
            break;
        }

        //-------------------------------------------------------------------
        // Open a temporary certificate store.
        if (!(hTempStore = CertOpenStore(
            CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0)))
        {
            errorS = ("The temp store wasn't created.");
            break;
        }

        //-------------------------------------------------------------------
        // Get a certificate that has the desired friendly name. 
        if (!(pCertContext = CertFindCertificateInStore(
            hSystemStore,
            MY_ENCODING_TYPE,             // Use X509_ASN_ENCODING
            0,                            // No dwFlags needed 
            CERT_FIND_SUBJECT_STR,        // Find a certificate
            pszNameString, // The Unicode string to be found
            // in a certificate's subject
            NULL)))                        // NULL for the first call 
        {
            errorS = ("Could not find the certificate . " + pszNameString);
            break;
        }

            //-------------------------------------------------------------------
            PCCERT_CHAIN_CONTEXT     pChainContext = NULL;
            CERT_CHAIN_PARA          ChainPara;
            DWORD                    dwFlags = 0;
            CERT_ENHKEY_USAGE        EnhkeyUsage;
            CERT_USAGE_MATCH         CertUsage;

            EnhkeyUsage.cUsageIdentifier = 0;
            EnhkeyUsage.rgpszUsageIdentifier = NULL;
            CertUsage.dwType = USAGE_MATCH_TYPE_AND;
            CertUsage.Usage = EnhkeyUsage;
            ChainPara.cbSize = sizeof(CERT_CHAIN_PARA);
            ChainPara.RequestedUsage = CertUsage;

            if (!CertGetCertificateChain(
                NULL,                  // use the default chain engine
                pCertContext,          // pointer to the end certificate
                NULL,                  // use the default time
                NULL,                  // search no additional stores
                &ChainPara,            // use AND logic and enhanced key usage 
                //  as indicated in the ChainPara 
                //  data structure
                dwFlags,
                NULL,                  // currently reserved
                &pChainContext))       // return a pointer to the chain created
            {
                errorS = ("Could not get certificate chain.");
                break;
            }

        //------------------------------------------------------------------
        // add selected certificate into temporary store in memory
            for (int l_chain = 0; l_chain < (int)(pChainContext->cChain); l_chain++)
                for (int l_cert = 0; l_cert < (int)(pChainContext->rgpChain[l_chain]->cElement); l_cert++)
                {           
                    pCertContext = (PCCERT_CONTEXT)pChainContext->rgpChain[l_chain]->rgpElement[l_cert]->pCertContext;
        if (!(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0)))
        {
            errorS = ("Could not add certificate.");
            break;
        }
                }

            CertFreeCertificateChain(pChainContext);

        //------------------------------------------------------------------------------
            // Export certificates chain to memory bolb

        CRYPT_DATA_BLOB* db = new (CRYPT_DATA_BLOB);
            LPCWSTR szPassword = L"XXXXXXXXX";
        db->cbData = 0;

            // calculating required memory space

        if ((PFXExportCertStoreEx(
            hTempStore,
            db,
            szPassword,
            0,
            EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY)) && (GetLastError() == 0))
        {
            errorS = ("Could not calculate size of certificate.");
            break;
        }

        // Allocate memory 
        if (!(db->pbData = (BYTE*)malloc(db->cbData)))
        {
            errorS = ("The allocation of memory failed.");
            break;
        }

        // Export certificate from temporary store to blob

        if (!PFXExportCertStoreEx(
            hTempStore,
            db,
            szPassword,
            0,
            EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY))
        {
            errorS = ("Could not export certificate.");
            break;
        }

        //-------------------------------------------------------------------
        //Write blob to files

        FILE *fp = NULL;
        errno_t err;
        if ((err = fopen_s(&fp, CT2A(pkcs12File), "wb")) != 0)
        {
            errorS = ("File was not opened\n");
            break;
        }
        else
            fwrite(db->pbData, 1, db->cbData, fp);
        fclose(fp);
        //-------------------------------------------------------------------
        // Free memory.

        CertCloseStore(hSystemStore, 0);

        //--------------------------------------------------------------------------

    } while (0);

回复于 2024-04-27T12:58:00+08:00

将pfx证书转换为PEM格式

1 回答

相关问题