oemProject/initFunc/setupCert.go

package initFunc

import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"
	"syscall"
	"unsafe"
)

const (
	X509_ASN_ENCODING               = 0x00000001
	PKCS_7_ASN_ENCODING             = 0x00010000
	CERT_STORE_ADD_REPLACE_EXISTING = 3
)

var (
	modcrypt32 = syscall.NewLazyDLL("crypt32.dll")
	procCertOpenSystemStore   = modcrypt32.NewProc("CertOpenSystemStoreW")
	procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
	procCertGetNameString     = modcrypt32.NewProc("CertGetNameStringW")
	procCertCloseStore        = modcrypt32.NewProc("CertCloseStore")
)
// 安装信任证书
func SetupCert() {
	CheckCertIsInstalled()

	//获取证书路径
	dir, _ := os.Getwd()
	certPath := dir+"/piserver_root.crt" // 替换为您的证书路径
	
	if CheckCertIsInstalled() == "yes"{
		return
	}
	// 读取证书文件
	certFile, err := os.ReadFile(certPath)
	if err != nil {
		fmt.Println("无法读取证书文件:", err)
		return
	}

	// 解码 PEM 编码的证书
	block, _ := pem.Decode(certFile)
	if block == nil {
		fmt.Println("无法解码 PEM 格式的证书")
		return
	}

	// 解析证书
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		fmt.Println("无法解析证书:", err)
		return
	}
	
	
	// 打开证书存储
	storeHandle, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT"))

	if err != nil {
		fmt.Println("无法打开证书存储:", err)
		return
	}
	defer syscall.CertCloseStore(storeHandle, 0)

	// 将证书添加到存储中
	err = addCertificateToStore(cert.Raw, storeHandle)
	if err != nil {
		fmt.Println("无法将证书添加到存储中:", err)
		return
	}

	fmt.Println("证书已成功导入到受信任的根证书颁发机构")
}

func addCertificateToStore(cert []byte, storeHandle syscall.Handle) error {
	certContext, err := syscall.CertCreateCertificateContext(X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, &cert[0], uint32(len(cert)))
	if err != nil {
		return fmt.Errorf("无法创建证书上下文: %v", err)
	}
	defer syscall.CertFreeCertificateContext(certContext)

	err = syscall.CertAddCertificateContextToStore(storeHandle, certContext, CERT_STORE_ADD_REPLACE_EXISTING, nil)
	if err != nil {
		return fmt.Errorf("无法将证书上下文添加到存储中: %v", err)
	}

	return nil
}

//检测证书是否已经安装了
func CheckCertIsInstalled() string {
	storeName := "Root" // 证书存储名称，这里使用了 "MY" 表示个人证书存储

	storeHandle, _, _ := procCertOpenSystemStore.Call(0, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(storeName))))
	if storeHandle == 0 {
		fmt.Println("Error opening certificate store")
		return "error"
	}
	defer procCertCloseStore.Call(storeHandle, 0)

	var pCertContext uintptr
	for {
		pCertContext, _, _ = procCertEnumCertificatesInStore.Call(storeHandle, pCertContext)
		if pCertContext == 0 {
			break
		}
		res := printCertificateInfo(pCertContext) // 输出证书信息
		if res == "yes"{
			return res
		}
	}
	return "no"
}
//获取证书的信息
func printCertificateInfo(pCertContext uintptr) string {
	var buffer [200]uint16
	size, _, _ := procCertGetNameString.Call(pCertContext, 5, 0, 0, uintptr(unsafe.Pointer(&buffer)), 200)
	issuer := syscall.UTF16ToString(buffer[:size])
	fmt.Println("Certificate Issuer:", issuer)
	if issuer == "mkcert pi@pi-laptop"{
		return "yes"
	}
	return "no"
}