Problem programatically opening certificate in local machine store

[Thomas Nielsen [AM Production A/S]]

Hi there,

I'm having problems programatically opening certificates from my local
machine store. Im a certificates newbie, so please bare with me :). My code
is based on an SSL example (c++) on GotDotNet, but from what i can tell, the
example opens a "current user" certificate - i need to open a certificate
stored in local machine.

The code i'm working from looks like this:

void SSLConnection::LoadNewClientCredentials(Byte certhash[])
{
CredHandle hCreds;
SecPkgContext_IssuerListInfoEx IssuerListInfo;
PCCERT_CHAIN_CONTEXT pChainContext;
CERT_CHAIN_FIND_BY_ISSUER_PARA FindByIssuerPara;
PCCERT_CONTEXT pCertContext;
TimeStamp tsExpiry;
SECURITY_STATUS Status;
HCERTSTORE hCertStore;
//
// Read list of trusted issuers from schannel.
//
Status = m_pSecurityFunc->QueryContextAttributesA(m_phContext,
SECPKG_ATTR_ISSUER_LIST_EX,(PVOID)&IssuerListInfo);
if(Status != SEC_E_OK)
{
throw new Common::Exceptions::SSLException(S"Acquiring new
credentials failed. Error: ", Status);
}
//
// Enumerate the client certificates.
//
ZeroMemory(&FindByIssuerPara, sizeof(FindByIssuerPara));
FindByIssuerPara.cbSize = sizeof(FindByIssuerPara);
FindByIssuerPara.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH;
FindByIssuerPara.dwKeySpec = 0;
FindByIssuerPara.cIssuer = IssuerListInfo.cIssuers;
FindByIssuerPara.rgIssuer = IssuerListInfo.aIssuers;
pChainContext = NULL;

hCertStore = CertOpenSystemStore(NULL, _T("MY"));

if(hCertStore == NULL)
{
throw new
Common::Exceptions::SSLException(String::Concat(S"Failed to open MY
Certificate store. Error: ", Convert::ToString((unsigned
int)GetLastError())));
}
while(TRUE)
{
// Find a certificate chain.
pChainContext = CertFindChainInStore(hCertStore,
X509_ASN_ENCODING,
0,
CERT_CHAIN_FIND_BY_ISSUER,
&FindByIssuerPara,
pChainContext);
if(pChainContext == NULL)
{
throw new Common::Exceptions::SSLException(String::Concat(S"Failed to
retrieve certificate", ""));
}

// Get pointer to leaf certificate context.
pCertContext =
pChainContext->rgpChain[0]->rgpElement[0]->pCertContext;

( .. more code to examine certificate chain follows).

I (believe) i understand that "CertOpenSystemStore(NULL, _T("MY"))" opens
the current user store - However, even though i have placed a certificate in
local user, the above code doesnt seem to be able to find a certificate
chain (the "Failed to retrieve certificate" exception is thrown). The code
is run from an .net forms application, so I would assume it looks for
certificates for the user im logged in as.

I also need this code running from a web service, so i figured it would be
wiser to get the certificate from local machine. In order to do so, I tried:
hCertStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_LOCAL_MACHINE,
L"MY"))

..instead of hCertStore = CertOpenSystemStore(NULL, _T("MY"));

This, however, leaves me with the same problem; No certificate chain is
found. I have a certificate stored in both "Certificates (Local
Computer)\Personal\Certificates" and "Certificates (Current
user)\Personal\Certificates".

Any advice would be appreciated :)

Thanks,

/Thomas

[Sergio Dutra [MS]]

Instead of using CertOpenSystemStore, use CertOpenStore as follows:

CertOpenStore(
CERT_STORE_PROV_SYSTEM_A,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_SYSTEM_STORE_LOCAL_MACHINE,
(const void*)"MY");

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Thomas Nielsen [AM Production A/S]" <jack_...@h0tmail.com> wrote in
message news:eM8WoeB...@TK2MSFTNGP12.phx.gbl...