The following examples provide the code to open common certificate stores.
//********************************************************************
// 1. Open the system store, "MY"
HCERTSTORE hSysStore;
hSysStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // The store provider type.
0, // The encoding type is not needed.
NULL, // Use the default HCRYPTPROV.
CERT_SYSTEM_STORE_CURRENT_USER,
// Set store location in a registry
// location.
L"MY" // The store name as a unicode string.
);
// Substitute in other common system store names for "MY"
// including "root", "trust", or "CA".
//********************************************************************
// 2. Open a memory store.
HCERTSTORE hMemStore;
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type.
0, // The encoding type is not needed.
NULL, // Use the default HCRYPTPROV.
0, // Accept the default dwFlags.
NULL // pvPara not used.
);
//********************************************************************
// 3. Open a store from disk.
// In this example, the read only flag is set.
HANDLE hFile;
HCERTSTORE hFileStore;
LPCSTR pszFileName = "TestStor2.sto"
// First, obtain a file handle.
if( !(hFile = CreateFile(
pszFileName, // The file name
GENERIC_READ|GENERIC_WRITE, // Access mode:
// read from and write to this file
0, // Share Mode
NULL, // Security
OPEN_ALWAYS, // How to create
FILE_ATTRIBUTE_NORMAL, // File Attributes
NULL))) // Template
{
printf("Could not open %s On Disk\n", pszFileName);
goto error_routine;
}
// At this point, and data in the open file that precedes the
// serialized cert store data may be used. The file pointer must
// be placed at the beginning of the cert store data before
// CertOpenStore with the CERT_STORE_PROV_FILE provider is called.
// Open the store
if ( ! (hFileStore = CertOpenStore(
CERT_STORE_PROV_FILE, // Load certificates from a file.
0, // Encoding type not used.
NULL, // Use the default HCRYPTPROV.
CERT_STORE_READONLY_FLAG // See the LOWORD of dwFlags to make
// the store read only.
hFile // The handle for the open file
// that is the source of the
// certificates.
)))
{
printf("Could not open the file store. \n");
goto error_routine;
}
// Include code to work with the certificates
// The data file from which the certificate store information has been
// read is still open. Any data in that file that follows the
// serialized store can be read from the file and used at this point.
// Close the file store and the file.
CertCloseStore(
file_store,
CERT_CLOSE_STORE_CHECK_FLAG);
CloseHandle(hFile);
error_routine:
// Here include any code to be done if the disk file
// could not be opened
//********************************************************************
// 4. Open a file based store using CERT_STORE_PROV_FILENAME
// The pvPara parameter here is the name of an existing file.
// The function fails if the file does not exist.
// The file is not opened using CreateFile before the call to
// CertOpenStore.
// CERT_STORE_PROV_FILENAME_A is used if the filename is in ASCII,
// CERT_STORE_PROV_FILENAME would be used if the filename was a
// unicode string.
#define ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
HCERTSTORE hFileStoreHandle;
if ( ! (hFileStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // The store provider type.
ENCODING_TYPE, // If needed, use the usual
// encoding types.
NULL, // Use the default HCRYPTPROV.
0, // Accept the default for all
// dwFlags.
L"FileStore.sto" // The name of an existing file
// as a unicode string.
)))
printf("Error opening file store. \n");
else
printf("The file store is open. \n");
//********************************************************************
// 5. Open a collection store.
// Note that the collection store is empty.
// Certificates, CRLs, and CTLs can be added to and found in
// stores that are added as sibling stores to the collection store.
HCERTSTORE hCollectionStoreHandle;
HCERTSTORE hSiblingStoreHandle;
if( !(hCollectionStoreHandle = CertOpenStore(
CERT_STORE_PROV_COLLECTION,
0, // For CERT_STORE_PROV_COLLECTION,
// the rest of the parameters
// should be 0 or NULL.
NULL,
0,
NULL)))
printf("Error opening Store from disk. \n");
else
printf("Opened the COLLECTION Store \n");
// Open the sibling store as a file based store.
if ( !( hSiblingStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // The store provider type.
ENCODING_TYPE, // If needed, use the usual
// encoding type.
NULL, // Use the default HCRYPTPROV.
0, // Accept the default for all
// dwFlags.
L"siblstore.sto" // The name of an existing file
// as a unicode string.
)))
printf("Error opening sibling file store. \n");
else
printf("The sibling file store is open. \n");
// The open sibling store can now be added to the collection
// using CertAddStoreToCollection and processing of certificates can
// begin.
if(CertAddStoreToCollection(
hCollectionStoreHandle,
hSiblingStoreHandle,
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
1))
printf("A sibling store has been added to the collection. \n");
// All processing of the certificates in the
// collection store will also involve the certificates in the sibling
// store.
//********************************************************************
// 6. Open a register store
HKEY hkResult;
HCERTSTORE hRegStore = NULL;
// A register subkey must have been opened with RegOpenKeyEx or
// RegCreateKeyEx. A handle to the open register subkey, hkResult, is
// returned in one of parameters of RegOpenKeyEx or RegCreateKeyEx.
if( ! (hRegStore = CertOpenStore(
CERT_STORE_PROV_REG,
0, // No encoding type is needed.
NULL, // Accept the default HCRYPTPROV.
0, // Accept the default dwFlags.
hkResult // hkResult is the handle of a
// register subkey opened by RegOpenKeyEX
// or created/opened by RegCreateKeyEX.
)))
printf("The register store was not opened. \n");
else
printf("The register store opened. \n");
// Begin processing certificates in the register based store.
//********************************************************************
// 7. Open a certificate store based on a PKCS7 message
HCERTSTORE hSystemStore;
HCERTSTORE hLastStore;
CRYPT_DATA_BLOB message_blob;
// Initialize the message blob.
HCERTSTORE hSystemStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // The store provider type.
0, // The encoding type is not needed.
NULL, // Use the default HCRYPTPROV.
CERT_SYSTEM_STORE_CURRENT_USER,
// Set store location in a registry
// location.
L"CA" // The store name as a unicode string.
);
message_blob.cbData = 0;
message_blob.pbData = NULL;
// Get the cbData length
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_blob,
0))
printf("The length is %d \n",message_blob.cbData);
else
printf("Save store failed.\n");
// Allocate the memory or pbData
if( ! (message_blob.pbData = (BYTE *)malloc(message_blob.cbData)))
printf("memory allocation failed.\n");
else
printf("memory allocated.\n");
// Get the contents of pbData
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_blob,
0))
printf("Saved the store to a memory blob\n");
else
printf("Save store failed.\n");
if( ! (hLastStore = CertOpenStore(
CERT_STORE_PROV_PKCS7,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
NULL,
0,
&message_blob)))
printf("Did not open message store.\n");
else
printf("The message store is open. \n");
// Clean up memory.
handle_error:
CertCloseStore(hLastStore, CERT_CLOSE_STORE_CHECK_FLAG);
CertCloseStore(hSystemStoreHandle, CERT_CLOSE_STORE_CHECK_FLAG);