1. if the cert has an associated private key (KEY_PROV_INFO exists), put it
into the MY store; otherwise
2. if the cert is self-signed, put it into the ROOT store; otherwise
3. if the cert is a CA cert, put it into the CA store; otherwise
4. put it in "AddressBook" store.
- hao
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Kiran Thandra" <Kiran....@gedas.com> wrote in message
news:uKhN$wpjEH...@TK2MSFTNGP11.phx.gbl...
Thanks for your reply. Just wondering how do i check the following
Whether KEY_PROV_INFO exists
Whether a Cert is Self Signed
Whether it's CA.
Do i need to decode the PCCERT_INFO from Cert context for this. Because we
only have API for getting the subject
name---CertGetNameString(pctx,CERT_NAME_SIMPLE_DISPLAY_TYPE,0,NULL,pszNameSt
ring,128);
Do you have any sample code for this ..
Appreciate your time.
Regards,
Kiran Thandra
"Hao Zhuang [MSFT]" <hzh...@online.microsoft.com> wrote in message
news:uouoAXwj...@tk2msftngp13.phx.gbl...
2. to verify if its self-signed, the following can be used:
if (!(CertCompareCertificateName(encoding, &pCtx->pCertInfo->Issuer,
&pCtx->pCertInfo->Subject)))
return not_self_signed;
dwFlag = CERT_STORE_SIGNATURE_FLAG;
if (!(CertVerifySubjectCertificateContext(pCtx, pCtx, &dwFlag)))
return not_self_signed;
if (dwFlags != 0)
return not_self_signed;
return self_signed;
3. to check if it is a CA cert:
pBC = CertFindExtension(szOID_BASIC_CONSTRAINTS2,
pCtx->pCertInfo->cExtension, pCtx->pCertInfo->rgExtension);
PCERT_BASIC_CONSTRAINTS2_INFO pInfo = LocalAlloc(LPTR, cbInfo);
CryptDecodeObject(X509_ASN_ENCODING, X509_BASIC_CONSTRAINTS2,
pBC->Value.pbData, pBC->Value.cbData, 0, pInfo, cbInfo);
BOOL fCA = pInfo->fCA;
LocalFree(pInfo);
return fCA;
hope this helps !
- hao
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Kiran Thandra" <Kiran....@gedas.com> wrote in message
news:#ziXic2j...@TK2MSFTNGP15.phx.gbl...
Great .Thanks a lot. The advised approach helps me .
Regards,
Kiran Thandra
"Hao Zhuang [MSFT]" <hzh...@online.microsoft.com> wrote in message
news:uc2u5M4j...@TK2MSFTNGP10.phx.gbl...