Beispielcode zum Öffnen von Zertifikatspeichern
Die folgenden Beispiele stellen Code bereit, um eine Vielzahl allgemeiner Zertifikatspeicher zu öffnen. Diese Beispiele sind eine Reihe von Codefragmenten und sind keine eigenständigen Programme.
Im folgenden Beispiel wird der Systemspeicher "Mein Systemspeicher" geöffnet.
HCERTSTORE hSysStore;
hSysStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // the store provider type
0, // the encoding type is not needed
NULL, // use the default HCRYPTPROV
CERT_SYSTEM_STORE_CURRENT_USER,
// set the store location in a
// registry location
L"My" // the store name as a Unicode string
);
// If call was successful, close hSystStore; otherwise,
// call print an error message.
if(hSysStore)
{
if (!(CertCloseStore(hSysStore, 0)))
{
printf("Error closing system store.");
}
}
else
printf("Error opening system store.");
// Substitute other common system store names
// for "My"
// including "root", "trust", or "CA".
Im folgenden Beispiel wird ein Speicherspeicher geöffnet.
HCERTSTORE hMemStore;
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // the memory provider type
0, // the encoding type is not needed
NULL, // use the default HCRYPTPROV
0, // accept the default dwFlags
NULL // pvPara is not used
);
// If call was successful, close hMemStore; otherwise,
// call print an error message.
if(hMemStore)
{
if (!(CertCloseStore(hMemStore, 0)))
{
printf("Error closing memory store.");
}
}
else
printf("Error opening memory store.");
Im folgenden Beispiel wird ein Speicher auf dem Datenträger geöffnet. Im Beispiel wird die CreateMyDACL-Funktion verwendet, die im Thema "Erstellen eines DACL " definiert ist, um sicherzustellen, dass die geöffnete Datei mit einem richtigen DACL erstellt wird.
// In this example, the read-only flag is set.
HANDLE hFile;
HCERTSTORE hFileStore;
LPCWSTR pszFileName = L"TestStor2.sto";
SECURITY_ATTRIBUTES sa; // for DACL
// Create a DACL for the file.
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
// Call function to set the DACL. The DACL
// is set in the SECURITY_ATTRIBUTES
// lpSecurityDescriptor member.
// if CreateMyDACL(&sa) fails, exit(1)
// Obtain a file handle.
hFile = CreateFile(
pszFileName, // the file name
GENERIC_READ|GENERIC_WRITE, // access mode:
// read from and write to
// this file
0, // share mode
&sa, // security
OPEN_ALWAYS, // how to create
FILE_ATTRIBUTE_NORMAL, // file attributes
NULL); // template
if (!(hFile))
{
fprintf(stderr, "Could not create file.\n");
exit(1);
}
//-------------------------------------------------------------------
// At this point, read and use data in the open file that precedes
// the serialized certificate store data. The file pointer must
// be placed at the beginning of the certificate store data before
// CertOpenStore is called with the CERT_STORE_PROV_FILE provider.
// Open the store.
hFileStore = CertOpenStore(
CERT_STORE_PROV_FILE, // load certificates from a file
0, // encoding type not used
NULL, // use the default HCRYPTPROV
CERT_STORE_READONLY_FLAG, // see the LOWORD of dwFlags to make
// the store read-only
hFile // the handle for the open file
// that is the source of the
// certificates
);
//-------------------------------------------------------------------
// Include code to work with the certificates.
// The data file from which the certificate store information has
// been read is still open. Any data in that file that follows the
// serialized store can be read from the file and used at this point.
//-------------------------------------------------------------------
// Close the file store and the file.
if(hFileStore)
{
if(!(CertCloseStore(
hFileStore,
CERT_CLOSE_STORE_CHECK_FLAG)))
{
fprintf(stderr, "Error closing store.\n");
}
}
else
{
fprintf(stderr, "Error opening store.\n");
}
if(!(CloseHandle(hFile)))
{
fprintf(stderr, "Error closing hFile.\n");
}
Im folgenden Beispiel wird ein dateibasierter Speicher mit CERT_STORE_PROV_FILENAME geöffnet.
#include <windows.h>
#include <stdio.h>
#include "Wincrypt.h"
#define ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void main()
{
// The pvPara parameter here is the name of an existing file.
// The function fails if the file does not exist.
// The file is not opened using CreateFile before the call to
// CertOpenStore.
// CERT_STORE_PROV_FILENAME_A is used if the file name is in ASCII;
// CERT_STORE_PROV_FILENAME is used if the file name is a
// Unicode string.
//#define moved
HCERTSTORE hFileStoreHandle;
hFileStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // the store provider type
ENCODING_TYPE, // if needed, use the usual
// encoding types
NULL, // use the default HCRYPTPROV
0, // accept the default for all
// dwFlags
L"FileStore.sto" ); // the name of an existing file
// as a Unicode string
if(hFileStoreHandle)
{
if(!(CertCloseStore(hFileStoreHandle, 0)))
{
fprintf(stderr, "Failed to close hFileStoreHandle\n");
}
}
else
{
fprintf(stderr, "Failed to open store.\n");
}
Im folgenden Beispiel wird ein Auflistungsspeicher geöffnet.
// Note that the collection store is empty.
// Certificates, CRLs, and CTLs can be added to and found in
// stores that are added as sibling stores to the collection store.
HCERTSTORE hCollectionStoreHandle;
HCERTSTORE hSiblingStoreHandle;
hCollectionStoreHandle = CertOpenStore(
CERT_STORE_PROV_COLLECTION,
0, // for CERT_STORE_PROV_COLLECTION,
// the rest of the parameters
// are zero or NULL
NULL,
0,
NULL);
// Check that call to CertOpenStore succeeded.
if(!(hCollectionStoreHandle))
{
fprintf(stderr, "Could not open collection store.\n");
exit(1);
}
//-------------------------------------------------------------------
// Open the sibling store as a file-based store.
hSiblingStoreHandle = CertOpenStore(
CERT_STORE_PROV_FILENAME, // the store provider type
ENCODING_TYPE, // if needed, use the usual
// encoding type
NULL, // use the default HCRYPTPROV
0, // accept the default for all
// dwFlags
L"siblstore.sto"); // the name of an existing file
// as a Unicode string
// Check that call to CertOpenStore succeeded.
if(!(hSiblingStoreHandle))
{
fprintf(stderr, "Could not open sibling store.\n");
exit(1);
}
//-------------------------------------------------------------------
// The open sibling store can now be added to the collection
// using CertAddStoreToCollection and processing of certificates can
// begin.
if(!(CertAddStoreToCollection(
hCollectionStoreHandle,
hSiblingStoreHandle,
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
1)))
{
fprintf(stderr, "Could not add sibling store to collection.\n");
}
//-------------------------------------------------------------------
// All processing of the certificates in the
// collection store will also involve the certificates in the sibling
// store.
// Close the stores.
if(!(CertCloseStore(hCollectionStoreHandle, 0)))
{
fprintf(stderr, "Failed to close hCollectionStoreHandle\n");
}
if(!(CertCloseStore(hCollectionStoreHandle, 0)))
{
fprintf(stderr, "Failed to close hCollectionStoreHandle\n");
}
Im folgenden Beispiel wird ein Registerspeicher geöffnet.
HCERTSTORE hRegStore = NULL;
//--------------------------------------------------------------------
// A register subkey be opened with RegOpenKeyEx or
// RegCreateKeyEx. A handle to the open register subkey, hkResult, is
// returned in one of parameters of RegOpenKeyEx or RegCreateKeyEx.
hRegStore = CertOpenStore(
CERT_STORE_PROV_REG,
0, // no encoding type is needed
NULL, // accept the default HCRYPTPROV
0, // accept the default dwFlags
hkResult); // hkResult is the handle of a
// register subkey opened by RegOpenKeyEx
// or created and opened by
// RegCreateKeyEx
// Close hRegStore.
if(!(CertCloseStore(hRegStore, 0)))
{
fprintf(stderr, "Could not close hRegStore.\n");
}
Im folgenden Beispiel wird ein Zertifikatspeicher basierend auf einer PKCS #7-Nachricht geöffnet.
HCERTSTORE hLastStore;
CRYPT_DATA_BLOB message_BLOB;
//-------------------------------------------------------------------
// Initialize the message BLOB.
HCERTSTORE hSystemStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM, // the store provider type
0, // the encoding type is not needed
NULL, // use the default HCRYPTPROV
CERT_SYSTEM_STORE_CURRENT_USER,
// the store location in a registry
// location
L"CA"); // the store name as a Unicode string
message_BLOB.cbData = 0;
message_BLOB.pbData = NULL;
//-------------------------------------------------------------------
// Get the cbData length.
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_BLOB,
0))
{
printf("The length is %d \n",message_BLOB.cbData);
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
fprintf(stderr, "Error saving a file store.");
exit(1);
}
//-------------------------------------------------------------------
// Allocate the memory or pbData.
if( message_BLOB.pbData = (BYTE *)malloc(message_BLOB.cbData))
{
printf("The function succeeded. \n");
}
else
{
// An error has occurred in memory allocation. Print an error
// message and exit.
fprintf(stderr, "Error in memory allocation.\n");
exit(1);
}
//-------------------------------------------------------------------
// Get the contents of pbData.
if(CertSaveStore(
hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
CERT_STORE_SAVE_AS_PKCS7,
CERT_STORE_SAVE_TO_MEMORY,
&message_BLOB,
0))
{
printf("Saved the store to a memory BLOB. \n");
}
else
{
// An error has occurred in saving the store. Print an error
// message and exit.
fprintf(stderr, "Error saving file store.\n");
exit(1);
}
if( hLastStore = CertOpenStore(
CERT_STORE_PROV_PKCS7,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
NULL,
0,
&message_BLOB))
{
printf("The function succeeded. \n");
}
else
{
// An error has occurred in opening the store. Print an error
// message and exit.
fprintf(stderr, "Error opening file store.\n");
exit(1);
}
// Clean up memory.
if(!(CertCloseStore(hSystemStore, 0)))
{
fprintf(stderr, "Could not close hSystemStore\n");
}
if(!(CertCloseStore(hLastStore, 0)))
{
fprintf(stderr, "Could not close hLastStore\n");
}
free(message_BLOB.pbData);
Feedback
Bald verfügbar: Im Laufe des Jahres 2024 werden wir GitHub-Issues stufenweise als Feedbackmechanismus für Inhalte abbauen und durch ein neues Feedbacksystem ersetzen. Weitere Informationen finden Sie unter https://aka.ms/ContentUserFeedback.
Feedback senden und anzeigen für