Example C Code for Opening Certificate Stores
The following examples provide code to open a variety of common certificate stores. These examples are a series of code fragments and are not stand-alone programs.
The following example opens the My system store.
HCERTSTORE hSysStore;
hSysStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // the store provider type
0, // the encoding type is not needed
NULL, // use the default HCRYPTPROV
CERT_SYSTEM_STORE_CURRENT_USER,
// set the store location in a
// registry location
L"My" // the store name as a Unicode string
);
// If call was successful, close hSystStore; otherwise,
// call print an error message.
if(hSysStore)
{
if (!(CertCloseStore(hSysStore, 0)))
{
printf("Error closing system store.");
}
}
else
printf("Error opening system store.");
// Substitute other common system store names
// for "My"
// including "root", "trust", or "CA".
The following example opens a memory store.
HCERTSTORE hMemStore;
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // the memory provider type
0, // the encoding type is not needed
NULL, // use the default HCRYPTPROV
0, // accept the default dwFlags
NULL // pvPara is not used
);
// If call was successful, close hMemStore; otherwise,
// call print an error message.
if(hMemStore)
{
if (!(CertCloseStore(hMemStore, 0)))
{
printf("Error closing memory store.");
}
}
else
printf("Error opening memory store.");
The following example opens a store from disk. The example uses the CreateMyDACL function, defined in the Creating a DACL topic, to ensure the open file is created with a proper DACL.
// In this example, the read-only flag is set.
HANDLE hFile;
HCERTSTORE hFileStore;
LPCWSTR pszFileName = L"TestStor2.sto";
SECURITY_ATTRIBUTES sa; // for DACL
// Create a DACL for the file.
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
// Call function to set the DACL. The DACL
// is set in the SECURITY_ATTRIBUTES
// lpSecurityDescriptor member.
// if CreateMyDACL(&sa) fails, exit(1)
// Obtain a file handle.
hFile = CreateFile(
pszFileName, // the file name
GENERIC_READ|GENERIC_WRITE, // access mode:
// read from and write to
// this file
0, // share mode
&sa, // security
OPEN_ALWAYS, // how to create
FILE_ATTRIBUTE_NORMAL, // file attributes
NULL); // template
if (!(hFile))
{
fprintf(stderr, "Could not create file.\n");
exit(1);
}
//-------------------------------------------------------------------
// At this point, read and use data in the open file that precedes
// the serialized certificate store data. The file pointer must
// be placed at the beginning of the certificate store data before
// CertOpenStore is called with the CERT_STORE_PROV_FILE provider.
// Open the store.
hFileStore = CertOpenStore(
CERT_STORE_PROV_FILE, // load certificates from a file
0, // encoding type not used
NULL, // use the default HCRYPTPROV
CERT_STORE_READONLY_FLAG, // see the LOWORD of dwFlags to make
// the store read-only
hFile // the handle for the open file
// that is the source of the
// certificates
);
//-------------------------------------------------------------------
// Include code to work with the certificates.
// The data file from which the certificate store information has
// been read is still open. Any data in that file that follows the
// serialized store can be read from the file and used at this point.
//-------------------------------------------------------------------
// Close the file store and the file.
if(hFileStore)
{
if(!(CertCloseStore(
hFileStore,
CERT_CLOSE_STORE_CHECK_FLAG)))
{
fprintf(stderr, "Error closing store.\n");
}
}
else
{
fprintf(stderr, "Error opening store.\n");
}
if(!(CloseHandle(hFile)))
{
fprintf(stderr, "Error closing hFile.\n");
}
The following example opens a file-based store using CERT_STORE_PROV_FILENAME.
#include <windows.h>
#include <stdio.h>
#include "Wincrypt.h"
#define ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void main()
{
// The pvPara parameter here is the name of an existing file.
// The function fails if the file does not exist.
// The file is not opened using CreateFile before the call to
// CertOpenStore.
// CERT_STORE_PROV_FILENAME_A is used if the file name is in ASCII;
// CERT_STORE_PROV_FILENAME is used if the file name is a
// Unicode string.
//#define moved
HCERTSTORE hFileStoreHandle;
hFileStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // the store provider type
ENCODING_TYPE, // if needed, use the usual
// encoding types
NULL, // use the default HCRYPTPROV
0, // accept the default for all
// dwFlags
L"FileStore.sto" ); // the name of an existing file
// as a Unicode string
if(hFileStoreHandle)
{
if(!(CertCloseStore(hFileStoreHandle, 0)))
{
fprintf(stderr, "Failed to close hFileStoreHandle\n");
}
}
else
{
fprintf(stderr, "Failed to open store.\n");
}
The following example opens a collection store.
// Note that the collection store is empty.
// Certificates, CRLs, and CTLs can be added to and found in
// stores that are added as sibling stores to the collection store.
HCERTSTORE hCollectionStoreHandle;
HCERTSTORE hSiblingStoreHandle;
hCollectionStoreHandle = CertOpenStore(
CERT_STORE_PROV_COLLECTION,
0, // for CERT_STORE_PROV_COLLECTION,
// the rest of the parameters
// are zero or NULL
NULL,
0,
NULL);
// Check that call to CertOpenStore succeeded.
if(!(hCollectionStoreHandle))
{
fprintf(stderr, "Could not open collection store.\n");
exit(1);
}
//-------------------------------------------------------------------
// Open the sibling store as a file-based store.
hSiblingStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // the store provider type
ENCODING_TYPE, // if needed, use the usual
// encoding type
NULL, // use the default HCRYPTPROV
0, // accept the default for all
// dwFlags
L"siblstore.sto"); // the name of an existing file
// as a Unicode string
// Check that call to CertOpenStore succeeded.
if(!(hSiblingStoreHandle))
{
fprintf(stderr, "Could not open sibling store.\n");
exit(1);
}
//-------------------------------------------------------------------
// The open sibling store can now be added to the collection
// using CertAddStoreToCollection and processing of certificates can
// begin.
if(!(CertAddStoreToCollection(
hCollectionStoreHandle,
hSiblingStoreHandle,
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
1)))
{
fprintf(stderr, "Could not add sibling store to collection.\n");
}
//-------------------------------------------------------------------
// All processing of the certificates in the
// collection store will also involve the certificates in the sibling
// store.
// Close the stores.
if(!(CertCloseStore(hCollectionStoreHandle, 0)))
{
fprintf(stderr, "Failed to close hCollectionStoreHandle\n");
}
if(!(CertCloseStore(hCollectionStoreHandle, 0)))
{
fprintf(stderr, "Failed to close hCollectionStoreHandle\n");
}
The following example opens a register store.
HCERTSTORE hRegStore = NULL;
//--------------------------------------------------------------------
// A register subkey be opened with RegOpenKeyEx or
// RegCreateKeyEx. A handle to the open register subkey, hkResult, is
// returned in one of parameters of RegOpenKeyEx or RegCreateKeyEx.
hRegStore = CertOpenStore(
CERT_STORE_PROV_REG,
0, // no encoding type is needed
NULL, // accept the default HCRYPTPROV
0, // accept the default dwFlags
hkResult); // hkResult is the handle of a
// register subkey opened by RegOpenKeyEx
// or created and opened by
// RegCreateKeyEx
// Close hRegStore.
if(!(CertCloseStore(hRegStore, 0)))
{
fprintf(stderr, "Could not close hRegStore.\n");
}
The following example opens a certificate store based on a PKCS #7 message.
HCERTSTORE hLastStore;
CRYPT_DATA_BLOB message_BLOB;
//-------------------------------------------------------------------
// Initialize the message BLOB.
HCERTSTORE hSystemStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // the store provider type
0, // the encoding type is not needed
NULL, // use the default HCRYPTPROV
CERT_SYSTEM_STORE_CURRENT_USER,
// the store location in a registry
// location
L"CA"); // the store name as a Unicode string
message_BLOB.cbData = 0;
message_BLOB.pbData = NULL;
//-------------------------------------------------------------------
// Get the cbData length.
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_BLOB,
0))
{
printf("The length is %d \n",message_BLOB.cbData);
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
fprintf(stderr, "Error saving a file store.");
exit(1);
}
//-------------------------------------------------------------------
// Allocate the memory or pbData.
if( message_BLOB.pbData = (BYTE *)malloc(message_BLOB.cbData))
{
printf("The function succeeded. \n");
}
else
{
// An error has occurred in memory allocation. Print an error
// message and exit.
fprintf(stderr, "Error in memory allocation.\n");
exit(1);
}
//-------------------------------------------------------------------
// Get the contents of pbData.
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_BLOB,
0))
{
printf("Saved the store to a memory BLOB. \n");
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
fprintf(stderr, "Error saving file store.\n");
exit(1);
}
if( hLastStore = CertOpenStore(
CERT_STORE_PROV_PKCS7,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
NULL,
0,
&message_BLOB))
{
printf("The function succeeded. \n");
}
else
{
// An error has occurred in opening the store. Print an error
// message and exit.
fprintf(stderr, "Error opening file store.\n");
exit(1);
}
// Clean up memory.
if(!(CertCloseStore(hSystemStore, 0)))
{
fprintf(stderr, "Could not close hSystemStore\n");
}
if(!(CertCloseStore(hLastStore, 0)))
{
fprintf(stderr, "Could not close hLastStore\n");
}
free(message_BLOB.pbData);