-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add code
- Loading branch information
Showing
1 changed file
with
304 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,304 @@ | ||
// IMPORTPFX.EXE | ||
// Version 1.0 | ||
// Joe Klemencic 12/2002 | ||
// This program will import, delete and overwrite PKCS12 certificates in the specified store | ||
|
||
#define _WIN32_WINNT 0x0500 | ||
|
||
#include <windows.h> | ||
#include <wincrypt.h> | ||
#include <stdio.h> | ||
#include <cryptuiapi.h> | ||
#include <string.h> | ||
|
||
|
||
void DelCerts(char *pszIssuer, char *pszCertStore, char *pszNameString); | ||
int Usage(void); | ||
|
||
void main(int argc, char *argv[]) | ||
{ | ||
WCHAR lpszCertStore[256]; | ||
WCHAR pw[256]; | ||
int iArgs, iRemove=0, iRemoveAll=0;; | ||
int iReqFlags=0; | ||
int iGotType=0; | ||
char *pszOUSubject; | ||
char *pszCertStore; | ||
char *pszInFile; | ||
char pszNameString[256]; | ||
DWORD pszStoreType=NULL; | ||
|
||
for(iArgs=1;iArgs<argc;iArgs++){ | ||
|
||
// If -f (pkcs12 filename) | ||
if(!stricmp(argv[iArgs], "-f")){ | ||
pszInFile = argv[++iArgs]; | ||
iReqFlags++; | ||
} // End if "-f" | ||
|
||
// If -p (password) param | ||
if(!stricmp(argv[iArgs], "-p")){ | ||
iArgs++; | ||
// Convert to WIDE | ||
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, argv[iArgs], -1, pw, sizeof(pw)/sizeof(WCHAR) ); | ||
mbstowcs(pw, argv[iArgs], strlen(argv[iArgs])); | ||
iReqFlags++; | ||
} // End if "-p" | ||
|
||
// If -t (Store Type) | ||
if(!stricmp(argv[iArgs], "-t")){ | ||
iArgs++; | ||
if(!stricmp(argv[iArgs], "MACHINE")){ | ||
pszStoreType=CERT_SYSTEM_STORE_LOCAL_MACHINE; | ||
} else { | ||
pszStoreType=CERT_SYSTEM_STORE_CURRENT_USER; | ||
} | ||
iReqFlags++; | ||
iGotType=1; | ||
} // End if "-t" | ||
|
||
|
||
// If -s (Cert Store) | ||
if(!stricmp(argv[iArgs], "-s")){ | ||
iArgs++; | ||
// convert to WCHAR pszOUSubject | ||
// Get the certificate store (normally is MY) | ||
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, argv[iArgs], -1, lpszCertStore, sizeof(lpszCertStore)/sizeof(WCHAR) ); | ||
mbstowcs(lpszCertStore, argv[iArgs], strlen(argv[iArgs])); | ||
pszCertStore=argv[iArgs]; | ||
iReqFlags++; | ||
} // End if "-s" | ||
|
||
// If -r (Remove param), get the Subject OU (argc+1) | ||
if(!stricmp(argv[iArgs], "-r")){ | ||
pszOUSubject = argv[++iArgs]; | ||
if(!stricmp(pszOUSubject,"-all")){ | ||
if(iGotType==1){ | ||
iRemoveAll=1; | ||
} else { | ||
Usage(); | ||
} | ||
} | ||
iRemove=1; | ||
} // End if "-r" | ||
} // End for iArgs | ||
|
||
|
||
|
||
if(iRemove && iRemoveAll){ | ||
DelCerts(pszOUSubject, pszCertStore, NULL); | ||
exit(0); | ||
} | ||
|
||
if(iReqFlags != 4){ | ||
Usage(); | ||
} | ||
|
||
// read cert file | ||
BY_HANDLE_FILE_INFORMATION fileInfo; | ||
HANDLE hFile = CreateFile(pszInFile,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,NULL); | ||
if (hFile == INVALID_HANDLE_VALUE) | ||
{ | ||
printf("Error: Couldn't open file (%s). Please check the PATH.\n", pszInFile); | ||
exit(1); | ||
} | ||
|
||
GetFileInformationByHandle(hFile,&fileInfo); | ||
long fileSize=fileInfo.nFileSizeLow; | ||
|
||
// make buffer for cert data | ||
PBYTE pbBuffer = NULL; | ||
if (!(pbBuffer=(PBYTE)malloc(fileSize))) | ||
{ | ||
printf("Error: Could not allocate enough memory: (%l) bytes\n", fileSize); | ||
exit (1); | ||
} | ||
|
||
unsigned long bytesRead; | ||
ReadFile (hFile,pbBuffer,fileSize,&bytesRead,NULL); | ||
|
||
// create pfx blob | ||
CRYPT_DATA_BLOB cryptBlob; | ||
cryptBlob.cbData=fileSize; | ||
cryptBlob.pbData=pbBuffer; | ||
|
||
// is it actually a pfx blob? | ||
if (FALSE == PFXIsPFXBlob(&cryptBlob) ) | ||
{ | ||
printf("Error: Requested file is not a PKCS12 file.\n"); | ||
exit(1); | ||
} | ||
|
||
HCERTSTORE hImportCertStore; | ||
|
||
hImportCertStore=PFXImportCertStore(&cryptBlob,(LPCWSTR)pw,CRYPT_USER_KEYSET); | ||
//hImportCertStore=PFXImportCertStore(&cryptBlob,(LPCWSTR)pw,CRYPT_MACHINE_KEYSET); | ||
if (hImportCertStore == NULL) | ||
{ | ||
printf("Error: Could not import the PKCS12 file\n"); | ||
exit(1); | ||
} | ||
|
||
|
||
PCCERT_CONTEXT pCertContext = NULL; | ||
pCertContext= CertEnumCertificatesInStore(hImportCertStore,pCertContext); | ||
|
||
HCERTSTORE hMyCertStore; | ||
//if (!(hMyCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER , (LPCSTR) lpszCertStore))) //L"MY"))) | ||
if (!(hMyCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, pszStoreType , (LPCSTR) lpszCertStore))){ | ||
//if (!(hMyCertStore = CertOpenStore(CERT_STORE_PROV_REG, 0, NULL, pszStoreType , (LPCSTR) lpszCertStore))){ | ||
printf("Error: Could not open the local %s certificate store.\n",pszCertStore); | ||
exit(1); | ||
} | ||
|
||
HCERTSTORE thisStore; | ||
|
||
thisStore = hMyCertStore; | ||
CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pszNameString, 128); | ||
printf("Certificate name: %s\n", pszNameString); | ||
|
||
if(iRemove){ | ||
DelCerts(pszOUSubject, pszCertStore, pszNameString); | ||
} | ||
|
||
|
||
CertAddCertificateContextToStore(thisStore, pCertContext, CERT_STORE_ADD_ALWAYS, NULL); | ||
|
||
while (NULL != (pCertContext = CertEnumCertificatesInStore(hImportCertStore, pCertContext))) | ||
{ | ||
CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pszNameString, 128); | ||
printf("Certificate name: %s\n", pszNameString); | ||
|
||
thisStore = hMyCertStore; | ||
|
||
CertAddCertificateContextToStore(thisStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL); | ||
} | ||
|
||
// close stores | ||
CertCloseStore(hMyCertStore,0); | ||
CertCloseStore(hImportCertStore,0); | ||
|
||
printf("Successfully imported certificates in %s store.\n",pszCertStore); | ||
exit(0); | ||
|
||
} | ||
|
||
|
||
|
||
|
||
void DelCerts(char *pszIssuer, char *pszCertStore, char *pszUsername){ | ||
//-------------------------------------------------------------------- | ||
// Declare and initialize variables. | ||
|
||
HANDLE hStoreHandle; | ||
PCCERT_CONTEXT pCertContext=NULL; | ||
PCCERT_CONTEXT pDupCertContext; | ||
|
||
char pszNameString[256]; | ||
char pszIssuerString[256]; | ||
int iOK2Del=0; | ||
|
||
|
||
//-------------------------------------------------------------------- | ||
// Open a system certificate store. | ||
|
||
if ( !(hStoreHandle = CertOpenSystemStore(NULL, pszCertStore))){ | ||
printf("The store was not opened."); | ||
} // End Open system store | ||
|
||
//------------------------------------------------------------------- | ||
// Find the certificates in the system store. | ||
// on the first call to the function, | ||
// this parameter is NULL | ||
// on all subsequent calls, it is the last pointer returned by | ||
// the function | ||
while(pCertContext= CertEnumCertificatesInStore(hStoreHandle, pCertContext)){ | ||
//-------------------------------------------------------------------- | ||
// Get the name of the subject of the certificate. | ||
if(!(CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pszNameString, 128))){ | ||
printf("CertGetName failed."); | ||
} // End get subject name | ||
|
||
// Get the Issuer of the cert | ||
if(!(CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, pszIssuerString, 128))){ | ||
printf("CertGetName failed."); | ||
} // End get issuer name | ||
|
||
//-------------------------------------------------------------------- | ||
// Check to determine whether the Issuer is the same as the subject OU | ||
if(!stricmp(pszIssuer, pszIssuerString)){ | ||
// Check to ensure the Username = Subject CN | ||
if(!stricmp(pszUsername ,pszNameString)){ | ||
iOK2Del=1; | ||
} // End stricmp username, subject CN | ||
} // End stricmp issuer, subject ou | ||
|
||
// If no pszUsername passed to the function, we are deleting ALL certs in the store | ||
if(pszUsername == NULL){ | ||
iOK2Del = 1; | ||
} // End pszUsername == NULL | ||
|
||
if(iOK2Del){ | ||
//----------------------------------------------------------------- | ||
// Create a duplicate pointer to the certificate to be | ||
// deleted. In this way, the original pointer is not freed | ||
// when the certificate is deleted from the store | ||
// and the enumeration of the certificates in the store can | ||
// continue. If the original pointer is used, after the | ||
// certificate is deleted, the enumeration loop stops. | ||
if(!(pDupCertContext = CertDuplicateCertificateContext(pCertContext))){ | ||
printf("Duplication of the certificate pointer failed."); | ||
} // End if !pDupCertContext | ||
|
||
// Delete the certificate. | ||
if(!(CertDeleteCertificateFromStore(pDupCertContext))){ | ||
printf("The deletion of the certificate failed.\n"); | ||
} // End CertDeleteFromStore | ||
printf("Deleting cert from %s\n",pszIssuerString); | ||
} // End if(iOK2Del) | ||
iOK2Del = 0; | ||
} // end while | ||
|
||
//-------------------------------------------------------------------- | ||
// Clean up. | ||
|
||
CertCloseStore(hStoreHandle, 0); | ||
|
||
|
||
} // End DelCerts | ||
|
||
|
||
int Usage(void){ | ||
printf("IMPORTPFX v1.0 Joe Klemencic 2002\n\n"); | ||
|
||
printf("Usage: importpfx.exe -f <filename.p12> -p <export passwd> -t USER|MACHINE -s <certstore> [-r \"Subject OU to remove\" | -all]\n"); | ||
printf("\n"); | ||
printf("This utility will import a PKCS12 certificate file (with a .p12 or .pfx\n"); | ||
printf("extension) into the certificate store specified by the -s parameter.\n"); | ||
printf("The default behavior is to overwrite like certificates (if available).\n"); | ||
printf("The -r \"Subject OU\" will remove all certificates matching the Subject CN\n"); | ||
printf("in from the CN in the PKCS12 file and the Subject OU set to the -r parameter.\n"); | ||
printf("\n"); | ||
printf("PARAMETERS:\n"); | ||
printf(" -f = PKCS12 filename\n"); | ||
printf(" -p = Password to secure the private key with\n"); | ||
printf(" -t = Store type (USER or MACHINE)\n"); | ||
printf(" -s = The certificate store to import into (MY is a common param)\n"); | ||
printf("\n"); | ||
printf(" -r \"Subject OU Text\" = Delete all user certificates in which the\n"); | ||
printf(" Subject OU matches the -r \"Subject OU Text\"\n"); | ||
printf(" and the Subject CN matches the PKCS12 Subject CN\n"); | ||
printf(" -r -all = Delete ALL user certificates in the <certstore>\n"); | ||
printf("\n\n"); | ||
printf("Examples:\n"); | ||
printf("Import a PKCS12 file into the MY store, overwriting if allowed:\n"); | ||
printf(" importpfs.exe -f x509.p12 -p \"password\" -t USER -s MY\n\n"); | ||
printf("Import a PKCS12 file into the local machine Testing store and delete any\n"); | ||
printf("stored certificates with a Subject containing OU=\"Self-Signed CA\":\n"); | ||
printf(" importpfx.exe -f x509.p12 -p \"\" -t MACHINE -s Testing -r \"Self-Signed CA\"\n"); | ||
printf("\n"); | ||
printf("Delete ALL certificates in the USER MY store:\n"); | ||
printf(" importpfx.exe -t USER -s MY -r -all\n"); | ||
printf("\n"); | ||
exit(1); | ||
} |