Hello @Osman Zakir ,
I can use this same code, except with "CA" as the store name
Your code works for me to open the "CA" store. You can use CertEnumSystemStore to list the names of existing system stores to see if there is a "CA" store in your system.
But how do I only get the one I just installed, instead of getting all of them? Is there a way to do this?
You can find a specific certificate via CertFindCertificateInStore through specifying a dwFindType
like CERT_FIND_EXISTING
etc. In the certificate store, there seems no installed time property for certificates.
Update: Show an example.
- Use
CERT_FIND_ISSUER_STR
to find certificates have the target issuer name. - Check if the found certificate (
pDesiredCert->pCertInfo
) has the sameSerialNumber
,NotBefore
etc. with the target ones. If yes, you found the specific certificate successfully.
code sample:
// Use CERT_FIND_ISSUER_STR to find certificates has the target issuer name.
if (pDesiredCert = CertFindCertificateInStore(
hSystemStore,
X509_ASN_ENCODING,
0,
CERT_FIND_ISSUER_STR,
L"Target issuer name",
NULL))
{
printf("The desired certificate was found. \n");
// Check if the found certificate has the same SerialNumber, NotBefore etc. with the target ones. If yes, you found the specific certificate successfully.
}
else
{
printf("Could not find the desired certificate. Error: %d\n", GetLastError());
}
Update 2: Decode the issuer name for comparing to check if it is the one we are finding. (Since some member of the CERT_CONTEXT
are encoded, to get the raw data you need to decode at first.)
//Decode issuer name for later comparing to see if it is the one we are finding.
DWORD requiredSize;
BOOL result = CryptDecodeObject(X509_ASN_ENCODING, X509_NAME, pDesiredCert->pCertInfo->Issuer.pbData, pDesiredCert->pCertInfo->Issuer.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL, &requiredSize);
DWORD err = GetLastError();
BYTE* decodedName;
if (!(decodedName = (BYTE*)malloc(requiredSize)))
{
printf("Memory allocation failed.");
}
result = CryptDecodeObject(X509_ASN_ENCODING, X509_NAME, pDesiredCert->pCertInfo->Issuer.pbData, pDesiredCert->pCertInfo->Issuer.cbData, CRYPT_DECODE_NOCOPY_FLAG, decodedName, &requiredSize);
CERT_NAME_INFO *pDecodeName = (CERT_NAME_INFO*)decodedName;
printf("The cRDN is -> %d \n", pDecodeName->cRDN);
for (DWORD i = 0; i < pDecodeName->cRDN; i++)
{
printf("The OID is -> ");
printf("%s\n", pDecodeName->rgRDN[i].rgRDNAttr->pszObjId); szOID_COMMON_NAME;
printf("The dwValueType is -> ");
printf("%d\n", pDecodeName->rgRDN[i].rgRDNAttr->dwValueType);
printf("The string is ->");
if(CERT_RDN_PRINTABLE_STRING == pDecodeName->rgRDN[i].rgRDNAttr->dwValueType)
printf("%s", pDecodeName->rgRDN[i].rgRDNAttr->Value.pbData);
else
wprintf(L"%s", pDecodeName->rgRDN[i].rgRDNAttr->Value.pbData);
// TODO: Compare the value you found with the target value, like common name etc.
printf("\n");
}
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.