【发布时间】:2021-08-19 14:14:38
【问题描述】:
最近我在 Windows 系统上安装 mkcert 时开始遇到问题。我已经使用管理员权限完成了这项工作。
PS C:\WINDOWS\system32> mkcert -install 错误:添加证书:添加证书失败:访问被拒绝。
请帮我解决这个问题。
【问题讨论】:
【发布时间】:2021-08-19 14:14:38
【问题描述】:
var (
modcrypt32 = syscall.NewLazyDLL("crypt32.dll")
procCertAddEncodedCertificateToStore = modcrypt32.NewProc("CertAddEncodedCertificateToStore")
procCertCloseStore = modcrypt32.NewProc("CertCloseStore")
procCertDeleteCertificateFromStore = modcrypt32.NewProc("CertDeleteCertificateFromStore")
procCertDuplicateCertificateContext = modcrypt32.NewProc("CertDuplicateCertificateContext")
procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
// procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW") // ERROR: add cert: failed adding cert: Access is denied
// procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenStore")
)
我将用“syscall.CertOpenStore”替换“CertOpenSystemStoreW”
func (w windowsRootStore) addCert(cert []byte) error {
store, err := syscall.CertOpenStore(10, 0, 0,
0x4000|0x20000|0x00000004, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("root"))))
if err != nil {
return err
}
defer syscall.CertCloseStore(store, 0)
_, _, err = procCertAddEncodedCertificateToStore.Call(uintptr(store), 1, uintptr(unsafe.Pointer(&cert[0])), uintptr(uint(len(cert))), 4, 0)
if err.(syscall.Errno) != 0 {
return err
}
return nil
}
参考c语言:
static int crypto_import_pawdroot()
{
HCERTSTORE hCertStore;
BOOL bRet;
hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A,
0, 0L, CERT_SYSTEM_STORE_LOCAL_MACHINE, "ROOT");
if (hCertStore == NULL) {
return -1;
}
bRet = CertAddEncodedCertificateToStore(hCertStore, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
kPawdRootCert, kPawdRootCertLen, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
return bRet ? 0 : -2;
}
【讨论】: