Example C Code for Opening Certificate Stores
The following examples provide code to open a variety of common certificate stores. These examples are a series of code fragments and are not stand-alone programs.
The following example opens the My system store.
HCERTSTORE hSysStore; hSysStore = CertOpenStore( CERT_STORE_PROV_SYSTEM, // the store provider type 0, // the encoding type is not needed NULL, // use the default HCRYPTPROV CERT_SYSTEM_STORE_CURRENT_USER, // set the store location in a // registry location L"My" // the store name as a Unicode string ); // If call was successful, close hSystStore; otherwise, // call print an error message. if(hSysStore) { if (!(CertCloseStore(hSysStore, 0))) { printf("Error closing system store."); } } else printf("Error opening system store."); // Substitute other common system store names // for "My" // including "root", "trust", or "CA".
The following example opens a memory store.
HCERTSTORE hMemStore; hMemStore = CertOpenStore( CERT_STORE_PROV_MEMORY, // the memory provider type 0, // the encoding type is not needed NULL, // use the default HCRYPTPROV 0, // accept the default dwFlags NULL // pvPara is not used ); // If call was successful, close hMemStore; otherwise, // call print an error message. if(hMemStore) { if (!(CertCloseStore(hMemStore, 0))) { printf("Error closing memory store."); } } else printf("Error opening memory store.");
The following example opens a store from disk. The example uses the CreateMyDACL function, defined in the Creating a DACL topic, to ensure the open file is created with a proper DACL.
// In this example, the read-only flag is set. HANDLE hFile; HCERTSTORE hFileStore; LPCWSTR pszFileName = L"TestStor2.sto"; SECURITY_ATTRIBUTES sa; // for DACL // Create a DACL for the file. sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.bInheritHandle = FALSE; // Call function to set the DACL. The DACL // is set in the SECURITY_ATTRIBUTES // lpSecurityDescriptor member. // if CreateMyDACL(&sa) fails, exit(1) // Obtain a file handle. hFile = CreateFile( pszFileName, // the file name GENERIC_READ|GENERIC_WRITE, // access mode: // read from and write to // this file 0, // share mode &sa, // security OPEN_ALWAYS, // how to create FILE_ATTRIBUTE_NORMAL, // file attributes NULL); // template if (!(hFile)) { fprintf(stderr, "Could not create file.\n"); exit(1); } //------------------------------------------------------------------- // At this point, read and use data in the open file that precedes // the serialized certificate store data. The file pointer must // be placed at the beginning of the certificate store data before // CertOpenStore is called with the CERT_STORE_PROV_FILE provider. // Open the store. hFileStore = CertOpenStore( CERT_STORE_PROV_FILE, // load certificates from a file 0, // encoding type not used NULL, // use the default HCRYPTPROV CERT_STORE_READONLY_FLAG, // see the LOWORD of dwFlags to make // the store read-only hFile // the handle for the open file // that is the source of the // certificates ); //------------------------------------------------------------------- // Include code to work with the certificates. // The data file from which the certificate store information has // been read is still open. Any data in that file that follows the // serialized store can be read from the file and used at this point. //------------------------------------------------------------------- // Close the file store and the file. if(hFileStore) { if(!(CertCloseStore( hFileStore, CERT_CLOSE_STORE_CHECK_FLAG))) { fprintf(stderr, "Error closing store.\n"); } } else { fprintf(stderr, "Error opening store.\n"); } if(!(CloseHandle(hFile))) { fprintf(stderr, "Error closing hFile.\n"); }
The following example opens a file-based store using CERT_STORE_PROV_FILENAME.
#include <windows.h> #include <stdio.h> #include "Wincrypt.h" #define ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING) void main() { // The pvPara parameter here is the name of an existing file. // The function fails if the file does not exist. // The file is not opened using CreateFile before the call to // CertOpenStore. // CERT_STORE_PROV_FILENAME_A is used if the file name is in ASCII; // CERT_STORE_PROV_FILENAME is used if the file name is a // Unicode string. //#define moved HCERTSTORE hFileStoreHandle; hFileStoreHandle = CertOpenStore( CERT_STORE_PROV_FILENAME, // the store provider type ENCODING_TYPE, // if needed, use the usual // encoding types NULL, // use the default HCRYPTPROV 0, // accept the default for all // dwFlags L"FileStore.sto" ); // the name of an existing file // as a Unicode string if(hFileStoreHandle) { if(!(CertCloseStore(hFileStoreHandle, 0))) { fprintf(stderr, "Failed to close hFileStoreHandle\n"); } } else { fprintf(stderr, "Failed to open store.\n"); }
The following example opens a collection store.
// Note that the collection store is empty. // Certificates, CRLs, and CTLs can be added to and found in // stores that are added as sibling stores to the collection store. HCERTSTORE hCollectionStoreHandle; HCERTSTORE hSiblingStoreHandle; hCollectionStoreHandle = CertOpenStore( CERT_STORE_PROV_COLLECTION, 0, // for CERT_STORE_PROV_COLLECTION, // the rest of the parameters // are zero or NULL NULL, 0, NULL); // Check that call to CertOpenStore succeeded. if(!(hCollectionStoreHandle)) { fprintf(stderr, "Could not open collection store.\n"); exit(1); } //------------------------------------------------------------------- // Open the sibling store as a file-based store. hSiblingStoreHandle = CertOpenStore( CERT_STORE_PROV_FILENAME, // the store provider type ENCODING_TYPE, // if needed, use the usual // encoding type NULL, // use the default HCRYPTPROV 0, // accept the default for all // dwFlags L"siblstore.sto"); // the name of an existing file // as a Unicode string // Check that call to CertOpenStore succeeded. if(!(hSiblingStoreHandle)) { fprintf(stderr, "Could not open sibling store.\n"); exit(1); } //------------------------------------------------------------------- // The open sibling store can now be added to the collection // using CertAddStoreToCollection and processing of certificates can // begin. if(!(CertAddStoreToCollection( hCollectionStoreHandle, hSiblingStoreHandle, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1))) { fprintf(stderr, "Could not add sibling store to collection.\n"); } //------------------------------------------------------------------- // All processing of the certificates in the // collection store will also involve the certificates in the sibling // store. // Close the stores. if(!(CertCloseStore(hCollectionStoreHandle, 0))) { fprintf(stderr, "Failed to close hCollectionStoreHandle\n"); } if(!(CertCloseStore(hCollectionStoreHandle, 0))) { fprintf(stderr, "Failed to close hCollectionStoreHandle\n"); }
The following example opens a register store.
HCERTSTORE hRegStore = NULL; //-------------------------------------------------------------------- // A register subkey be opened with RegOpenKeyEx or // RegCreateKeyEx. A handle to the open register subkey, hkResult, is // returned in one of parameters of RegOpenKeyEx or RegCreateKeyEx. hRegStore = CertOpenStore( CERT_STORE_PROV_REG, 0, // no encoding type is needed NULL, // accept the default HCRYPTPROV 0, // accept the default dwFlags hkResult); // hkResult is the handle of a // register subkey opened by RegOpenKeyEx // or created and opened by // RegCreateKeyEx // Close hRegStore. if(!(CertCloseStore(hRegStore, 0))) { fprintf(stderr, "Could not close hRegStore.\n"); }
The following example opens a certificate store based on a PKCS #7 message.
HCERTSTORE hLastStore; CRYPT_DATA_BLOB message_BLOB; //------------------------------------------------------------------- // Initialize the message BLOB. HCERTSTORE hSystemStore = CertOpenStore( CERT_STORE_PROV_SYSTEM, // the store provider type 0, // the encoding type is not needed NULL, // use the default HCRYPTPROV CERT_SYSTEM_STORE_CURRENT_USER, // the store location in a registry // location L"CA"); // the store name as a Unicode string message_BLOB.cbData = 0; message_BLOB.pbData = NULL; //------------------------------------------------------------------- // Get the cbData length. if(CertSaveStore( hSystemStore, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, CERT_STORE_SAVE_AS_PKCS7, CERT_STORE_SAVE_TO_MEMORY, &message_BLOB, 0)) { printf("The length is %d \n",message_BLOB.cbData); } else { // An error has occurred in saving the store. Print an error // message and exit. fprintf(stderr, "Error saving a file store."); exit(1); } //------------------------------------------------------------------- // Allocate the memory or pbData. if( message_BLOB.pbData = (BYTE *)malloc(message_BLOB.cbData)) { printf("The function succeeded. \n"); } else { // An error has occurred in memory allocation. Print an error // message and exit. fprintf(stderr, "Error in memory allocation.\n"); exit(1); } //------------------------------------------------------------------- // Get the contents of pbData. if(CertSaveStore( hSystemStore, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, CERT_STORE_SAVE_AS_PKCS7, CERT_STORE_SAVE_TO_MEMORY, &message_BLOB, 0)) { printf("Saved the store to a memory BLOB. \n"); } else { // An error has occurred in saving the store. Print an error // message and exit. fprintf(stderr, "Error saving file store.\n"); exit(1); } if( hLastStore = CertOpenStore( CERT_STORE_PROV_PKCS7, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, NULL, 0, &message_BLOB)) { printf("The function succeeded. \n"); } else { // An error has occurred in opening the store. Print an error // message and exit. fprintf(stderr, "Error opening file store.\n"); exit(1); } // Clean up memory. if(!(CertCloseStore(hSystemStore, 0))) { fprintf(stderr, "Could not close hSystemStore\n"); } if(!(CertCloseStore(hLastStore, 0))) { fprintf(stderr, "Could not close hLastStore\n"); } free(message_BLOB.pbData);
Show: