The following examples provide code to open a variety of common certificate stores. This is a series of code fragments and is not a stand-alone program.
// 1. Open the MY system store.
HCERTSTORE hSysStore;
hSysStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // The store provider type.
0, // The encoding type is not needed.
NULL, // Use the default HCRYPTPROV.
CERT_SYSTEM_STORE_CURRENT_USER,
// Set the store location in a
// registry location.
L"MY" // The store name as a Unicode string.
);
// Substitute other common system store names for "MY"
// including "root", "trust", or "CA".
//--------------------------------------------------------------------
// 2. Open a memory store.
HCERTSTORE hMemStore;
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type.
0, // The encoding type is not needed.
NULL, // Use the default HCRYPTPROV.
0, // Accept the default dwFlags.
NULL // pvPara is not used.
);
//--------------------------------------------------------------------
// 3. Open a store from disk.
// In this example, the read-only flag is set.
HANDLE hFile;
HCERTSTORE hFileStore;
LPCSTR pszFileName = "TestStor2.sto"
// Obtain a file handle.
hFile = CreateFile(
pszFileName, // The file name
GENERIC_READ│GENERIC_WRITE, // Access mode:
// Read from and write to this file
0, // Share mode
NULL, // Security
OPEN_ALWAYS, // How to create
FILE_ATTRIBUTE_NORMAL, // File attributes
NULL); // Template
//--------------------------------------------------------------------
// At this point, read and use data in the open file that precedes
// the serialized certificate store data. The file pointer must
// be placed at the beginning of the certificate store data before
// CertOpenStore is called with the CERT_STORE_PROV_FILE provider.
// Open the store.
hFileStore = CertOpenStore(
CERT_STORE_PROV_FILE, // Load certificates from a file.
0, // Encoding type not used.
NULL, // Use the default HCRYPTPROV.
CERT_STORE_READONLY_FLAG // See the LOWORD of dwFlags to make
// the store read-only.
hFile // The handle for the open file
// that is the source of the
// certificates.
);
//--------------------------------------------------------------------
// Include code to work with the certificates.
// The data file from which the certificate store information has been
// read is still open. Any data in that file that follows the
// serialized store can be read from the file and used at this point.
//--------------------------------------------------------------------
// Close the file store and the file.
CertCloseStore(
file_store,
CERT_CLOSE_STORE_CHECK_FLAG);
CloseHandle(hFile);
//--------------------------------------------------------------------
// 4. Open a file-based store using CERT_STORE_PROV_FILENAME.
// The pvPara parameter here is the name of an existing file.
// The function fails if the file does not exist.
// The file is not opened using CreateFile before the call to
// CertOpenStore.
// CERT_STORE_PROV_FILENAME_A is used if the file name is in ASCII,
// CERT_STORE_PROV_FILENAME would be used if the file name was a
// Unicode string.
#define ENCODING_TYPE (PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING)
HCERTSTORE hFileStoreHandle;
hFileStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // The store provider type.
ENCODING_TYPE, // If needed, use the usual
// encoding types.
NULL, // Use the default HCRYPTPROV.
0, // Accept the default for all
// dwFlags.
L"FileStore.sto" ); // The name of an existing file
// as a Unicode string.
//--------------------------------------------------------------------
// 5. Open a collection store.
// Note that the collection store is empty.
// Certificates, CRLs, and CTLs can be added to and found in
// stores that are added as sibling stores to the collection store.
HCERTSTORE hCollectionStoreHandle;
HCERTSTORE hSiblingStoreHandle;
hCollectionStoreHandle = CertOpenStore(
CERT_STORE_PROV_COLLECTION,
0, // For CERT_STORE_PROV_COLLECTION,
// the rest of the parameters
// are 0 or NULL.
NULL,
0,
NULL);
//--------------------------------------------------------------------
// Open the sibling store as a file-based store.
hSiblingStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // The store provider type.
ENCODING_TYPE, // If needed, use the usual
// encoding type.
NULL, // Use the default HCRYPTPROV.
0, // Accept the default for all
// dwFlags.
L"siblstore.sto"); // The name of an existing file
// as a Unicode string.
//--------------------------------------------------------------------
// The open sibling store can now be added to the collection
// using CertAddStoreToCollection and processing of certificates can
// begin.
CertAddStoreToCollection(
hCollectionStoreHandle,
hSiblingStoreHandle,
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
1);
//--------------------------------------------------------------------
// All processing of the certificates in the
// collection store will also involve the certificates in the sibling
// store.
//--------------------------------------------------------------------
// 6. Open a register store
HKEY hkResult;
HCERTSTORE hRegStore = NULL;
//--------------------------------------------------------------------
// A register subkey be opened with RegOpenKeyEx or
// RegCreateKeyEx. A handle to the open register subkey, hkResult, is
// returned in one of parameters of RegOpenKeyEx or RegCreateKeyEx.
hRegStore = CertOpenStore(
CERT_STORE_PROV_REG,
0, // No encoding type is needed.
NULL, // Accept the default HCRYPTPROV.
0, // Accept the default dwFlags.
hkResult); // hkResult is the handle of a
// register subkey opened by RegOpenKeyEX
// or created and opened by
// RegCreateKeyEX.
//--------------------------------------------------------------------
// 7. Open a certificate store based on a PKCS7 message.
HCERTSTORE hSystemStore;
HCERTSTORE hLastStore;
CRYPT_DATA_BLOB message_BLOB;
//--------------------------------------------------------------------
// Initialize the message BLOB.
HCERTSTORE hSystemStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // The store provider type.
0, // The encoding type is not needed.
NULL, // Use the default HCRYPTPROV.
CERT_SYSTEM_STORE_CURRENT_USER,
// Set the store location in a registry
// location.
L"CA"); // The store name as a Unicode string.
message_BLOB.cbData = 0;
message_BLOB.pbData = NULL;
//--------------------------------------------------------------------
// Get the cbData length.
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_BLOB,
0))
{
printf("The length is %d \n",message_BLOB.cbData);
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
HandleError("Error saving a file store.");
}
//--------------------------------------------------------------------
// Allocate the memory or pbData.
if( message_BLOB.pbData = (BYTE *)malloc(message_BLOB.cbData))
{
printf("The function succeeded. \n");
}
else
{
// An error has occurred in memory allocation. Print an error
// message and exit.
HandleError("Error in memory allocation.");
}
//--------------------------------------------------------------------
// Get the contents of pbData.
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_BLOB,
0))
{
printf("Saved the store to a memory BLOB. \n");
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
HandleError("Error saving file store.");
}
if( hLastStore = CertOpenStore(
CERT_STORE_PROV_PKCS7,
PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING,
NULL,
0,
&message_BLOB))
{
printf("The function succeeded. \n");
}
else
{
// An error has occurred in opening the store. Print an error
// message and exit.
HandleError("Error opening file store.");