Geek asks and answers

Need help finding a certificate by subject name (X500 format, CERT_X500_NAME_STR) using CertFindCertificateInStore ()?

The client application must access the certificate from the Windows certificate store. Search input is the subject name in the X500 string format, as shown below.

"C=CH, S=Aargau, L=Baden, O=Test, OU=FF, CN= Test Root"

Exact matching is required (non-subscript matching using CERT_FIND_SUBJECT_STR). For this I do the following

CERT_NAME_BLOB subjectname = {0};

/*convert the input X500 string to encoded subject name*/
bRet = CertStrToNameA(X509_ASN_ENCODING, "C=CH, S=Aargau, L=Baden, O=Test, OU=S1, CN= Test Root", CERT_X500_NAME_STR, NULL, NULL, &size, NULL);
  if(TRUE == bRet)
  {
     subjectname.pbData  = (BYTE*)malloc(size);
     subjectname.cbData = size;

     bRet = CertStrToNameA(X509_ASN_ENCODING , "C=CH, S=Aargau, L=Baden, O=Test, OU=S1, CN=Test Root", CERT_X500_NAME_STR, NULL, subjectname.pbData, &subjectname.cbData, NULL);
     if(TRUE == bRet)
     {
          capiCertificate = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &subjectname, NULL);
         if (NULL == capiCertificate)
         {
            errorcode = GetLastError();
            ret = CA_CERT_NOT_FOUND;
         }
     }
  }

The problem is that CertFindCertificateInStore always returns a NULL pointer. I debugged, but could not find out what was going on here.

Any suggestions would be very helpful.

+5
source share
1 answer

If someone is looking for an answer to this question, I publish how I could do it, if it is useful

static PCCERT_CONTEXT
FindCertificate(
    const HCERTSTORE hStore,
    const char* CertSearchString)
{
    PCCERT_CONTEXT capiCertificate = NULL;
    DWORD dType = CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG;
    char certname [MAX_SIZE_CERT_NAME] = {0};

    for(;;)
    {
        capiCertificate = CertEnumCertificatesInStore(hStore, capiCertificate);
        if (NULL == capiCertificate)
        {
            break;
        }

        if (FALSE == 
            CertGetNameStringA(capiCertificate, CERT_NAME_RDN_TYPE,
                0, &dType, certname, MAX_SIZE_CERT_NAME))
        {
            CertFreeCertificateContext(capiCertificate);
            capiCertificate = NULL;
            break;
        }

        if ((0 == strncmp(certname, CertSearchString, MAX_SIZE_CERT_NAME)) &&
            (capiCertificate->dwCertEncodingType == X509_ASN_ENCODING))
        {
            break;
        }
    }
    return capiCertificate;
}
+5
source

More articles:


All Articles