李sir_Blog

博客园 首页 联系 订阅 管理

The following examples provide code to open a variety of common certificate stores. This is a series of code fragments and is not a stand-alone program.

// 1. Open the MY system store.

HCERTSTORE hSysStore;
hSysStore = CertOpenStore(
   CERT_STORE_PROV_SYSTEM,    // The store provider type.
   0,                  // The encoding type is not needed.
   NULL,                // Use the default HCRYPTPROV.
   CERT_SYSTEM_STORE_CURRENT_USER,
                   // Set the store location in a
                   // registry location.
   L"MY"                // The store name as a Unicode string.
   );

// Substitute other common system store names for "MY"
// including "root", "trust", or "CA".


//--------------------------------------------------------------------
// 2. Open a memory store.

HCERTSTORE hMemStore;
hMemStore = CertOpenStore(
   CERT_STORE_PROV_MEMORY,    // The memory provider type.
   0,                  // The encoding type is not needed.
   NULL,                // Use the default HCRYPTPROV.
   0,                  // Accept the default dwFlags.
   NULL                // pvPara is not used.
   );

//--------------------------------------------------------------------
// 3. Open a store from disk.

// In this example, the read-only flag is set.
HANDLE      hFile;
HCERTSTORE    hFileStore;
LPCSTR      pszFileName = "TestStor2.sto"
// Obtain a file handle.
hFile = CreateFile(
   pszFileName,              // The file name
   GENERIC_READ│GENERIC_WRITE,    // Access mode:
                       // Read from and write to this file
   0,                    // Share mode
   NULL,                  // Security
   OPEN_ALWAYS,              // How to create
   FILE_ATTRIBUTE_NORMAL,      // File attributes
   NULL);                  // Template

//--------------------------------------------------------------------
//    At this point, read and use data in the open file that precedes
//    the serialized certificate store data. The file pointer must
//    be placed at the beginning of the certificate store data before
//    CertOpenStore is called with the CERT_STORE_PROV_FILE provider.
//    Open the store.

hFileStore = CertOpenStore(
   CERT_STORE_PROV_FILE,    // Load certificates from a file.
   0,                  // Encoding type not used.
   NULL,                // Use the default HCRYPTPROV.
   CERT_STORE_READONLY_FLAG // See the LOWORD of dwFlags to make
                     // the store read-only.
   hFile                // The handle for the open file
                     // that is the source of the
                     // certificates.
   );

//--------------------------------------------------------------------
// Include code to work with the certificates.
// The data file from which the certificate store information has been
// read is still open. Any data in that file that follows the
// serialized store can be read from the file and used at this point.

//--------------------------------------------------------------------
// Close the file store and the file.

CertCloseStore(
     file_store,
     CERT_CLOSE_STORE_CHECK_FLAG);

CloseHandle(hFile);

//--------------------------------------------------------------------
// 4. Open a file-based store using CERT_STORE_PROV_FILENAME.


// The pvPara parameter here is the name of an existing file.
// The function fails if the file does not exist.
// The file is not opened using CreateFile before the call to
// CertOpenStore.
// CERT_STORE_PROV_FILENAME_A is used if the file name is in ASCII,
// CERT_STORE_PROV_FILENAME would be used if the file name was a
// Unicode string.

#define ENCODING_TYPE (PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING)
HCERTSTORE    hFileStoreHandle;

hFileStoreHandle = CertOpenStore(
     CERT_STORE_PROV_FILENAME,    // The store provider type.
     ENCODING_TYPE,            // If needed, use the usual
                         // encoding types.
     NULL,                  // Use the default HCRYPTPROV.
     0,                    // Accept the default for all
                         // dwFlags.
     L"FileStore.sto" );        // The name of an existing file
                         // as a Unicode string.

//--------------------------------------------------------------------
// 5. Open a collection store.

// Note that the collection store is empty.
// Certificates, CRLs, and CTLs can be added to and found in
// stores that are added as sibling stores to the collection store.

HCERTSTORE hCollectionStoreHandle;
HCERTSTORE hSiblingStoreHandle;
hCollectionStoreHandle = CertOpenStore(
   CERT_STORE_PROV_COLLECTION,
   0,      // For CERT_STORE_PROV_COLLECTION,
           // the rest of the parameters
           // are 0 or NULL.
   NULL,
   0,
   NULL);

//--------------------------------------------------------------------
// Open the sibling store as a file-based store.

hSiblingStoreHandle = CertOpenStore(
     CERT_STORE_PROV_FILENAME,    // The store provider type.
     ENCODING_TYPE,            // If needed, use the usual
                         // encoding type.
     NULL,                  // Use the default HCRYPTPROV.
     0,                    // Accept the default for all
                         // dwFlags.
     L"siblstore.sto");        // The name of an existing file
                         // as a Unicode string.

//--------------------------------------------------------------------
// The open sibling store can now be added to the collection
// using CertAddStoreToCollection and processing of certificates can
// begin.

CertAddStoreToCollection(
       hCollectionStoreHandle,
       hSiblingStoreHandle,
       CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
       1);

//--------------------------------------------------------------------
// All processing of the certificates in the
// collection store will also involve the certificates in the sibling
// store.


//--------------------------------------------------------------------
// 6. Open a register store

HKEY hkResult;
HCERTSTORE hRegStore = NULL;

//--------------------------------------------------------------------
// A register subkey be opened with RegOpenKeyEx or
// RegCreateKeyEx. A handle to the open register subkey, hkResult, is
// returned in one of parameters of RegOpenKeyEx or RegCreateKeyEx.
hRegStore = CertOpenStore(
     CERT_STORE_PROV_REG,
     0,              // No encoding type is needed.
     NULL,            // Accept the default HCRYPTPROV.
     0,              // Accept the default dwFlags.
     hkResult);          // hkResult is the handle of a
                   // register subkey opened by RegOpenKeyEX
                   // or created and opened by
                   // RegCreateKeyEX.

//--------------------------------------------------------------------
// 7. Open a certificate store based on a PKCS7 message.
HCERTSTORE      hSystemStore;
HCERTSTORE      hLastStore;
CRYPT_DATA_BLOB    message_BLOB;

//--------------------------------------------------------------------
// Initialize the message BLOB.

HCERTSTORE hSystemStore = CertOpenStore(
   CERT_STORE_PROV_SYSTEM,    // The store provider type.
   0,                  // The encoding type is not needed.
   NULL,                // Use the default HCRYPTPROV.
   CERT_SYSTEM_STORE_CURRENT_USER,
                   // Set the store location in a registry
                   // location.
   L"CA");              // The store name as a Unicode string.

message_BLOB.cbData = 0;
message_BLOB.pbData = NULL;

//--------------------------------------------------------------------
// Get the cbData length.

if(CertSaveStore(
     hSystemStore,
     PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING,
     CERT_STORE_SAVE_AS_PKCS7,
     CERT_STORE_SAVE_TO_MEMORY,
     &message_BLOB,
     0))
{
   printf("The length is %d \n",message_BLOB.cbData);
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
   HandleError("Error saving a file store.");
}

//--------------------------------------------------------------------
// Allocate the memory or pbData.

if( message_BLOB.pbData = (BYTE *)malloc(message_BLOB.cbData))
{
     printf("The function succeeded. \n");
}
else
{
// An error has occurred in memory allocation. Print an error
// message and exit.
   HandleError("Error in memory allocation.");
}

//--------------------------------------------------------------------
// Get the contents of pbData.

if(CertSaveStore(
     hSystemStore,
     PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING,
     CERT_STORE_SAVE_AS_PKCS7,
     CERT_STORE_SAVE_TO_MEMORY,
     &message_BLOB,
     0))
{
   printf("Saved the store to a memory BLOB. \n");
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
   HandleError("Error saving file store.");
}

if( hLastStore = CertOpenStore(
   CERT_STORE_PROV_PKCS7,
   PKCS_7_ASN_ENCODING │ X509_ASN_ENCODING,
   NULL,
   0,
   &message_BLOB))
{
     printf("The function succeeded. \n");
}
else
{
// An error has occurred in opening the store. Print an error
// message and exit.
   HandleError("Error opening file store.");

posted on 2010-09-21 09:27  李sir  阅读(1400)  评论(0编辑  收藏  举报