Re: get self signed certicate stored in .p7b file using Certificate Store (CertOpenstore)

From: sunit (sunit05_at_gmail.com)
Date: 09/29/05 

Date: 29 Sep 2005 03:38:43 -0700

Hi
Rhett Gong
//thanx for considering my problem.i m using Windows 2000 server
//in refernce to my problem to obtain credentials the above code
showed, //how i m opening the certificate store. The following code how
to get the //certificate from the store and to obtain credentials for
schannel.I am getting problem in obtaning credentials.i

/*this code is the continuation of the above code*/

TimeStamp tsExpiry;
SECURITY_STATUS Status;
CERT_RDN cert_rdn;// structure to obtain certificate using RDN
attributes
//containing structure CERT_RDN_ATTR

CERT_RDN_ATTR cert_rdn_attr;// structure for one attribute of RDN ie
//Common Name

//only one attribute of RDN is used to find certificate
cert_rdn.cRDNAttr = 1;//only one CERT_RDN_ATTR
cert_rdn.rgRDNAttr =&cert_rdn_attr;//pointer to CERT_RDN_ATTR the
//structure contains 1 attribute

const TCHAR * pszUserName=_T("SNS");//Common Name

cert_rdn_attr.pszObjId = szOID_COMMON_NAME;//go for Common Name
//attribte in RDN
cert_rdn_attr.dwValueType = CERT_RDN_ANY_TYPE;
cert_rdn_attr.Value.cbData = _tcslen(pszUserName);//length of Common
//Name

#ifdef _UNICODE
char *pszUn = new char[wcslen(pszUserName)+1];

WideCharToMultiByte(CP_ACP,0,pszUserName,-1,pszUn,wcslen(pszUserName)+1,NULL,NULL);
cert_rdn_attr.Value.pbData = (BYTE *)pszUn;
#else
cert_rdn_attr.Value.pbData = (BYTE *)pszUserName;
#endif

//search for the certificate in the certificate store

PCCERT_CONTEXT m_pCertContext;
m_pCertContext =
CertFindCertificateInStore(m_hMyCertStore,//handletocertificate store

                                 ENCODING_TYPE,//encoding for
certificate and message
0,//use default values

                                CERT_FIND_SUBJECT_ATTR,//searching the
certificate using
RDN //attributes
&cert_rdn,
NULL);

#ifdef _UNICODE
delete [] pszUn;
#endif

//If the function fails and a certificate that matches the search
criteria is not //found,the return value is NULL

if(m_pCertContext == NULL &&::GetLastError()==CRYPT_E_NOT_FOUND)
{
::OutputDebugString(_T("error:"));

}

::OutputDebugString(_T("pointer to the certificate context is
available"));

SCHANNEL_CRED m_SchannelCred;

SecurityFunctionTable m_SecurityFunc;

CredHandle m_hCreds;
 PCredHandle phCreds=&m_hCreds

ZeroMemory(&m_SchannelCred, sizeof(m_SchannelCred));

//Credentials are required by the Schannel authentication
m_SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;

m_SchannelCred.cCreds = 1;//only one certificate store

m_SchannelCred.paCred = &m_pCertContext;//pointer to the pointer of
//CERT_CONTEXT structure this how the certificate enters the credential
//which is used for security context in schannel authentication

m_SchannelCred.hRootStore = m_hMyCertStore;//handle to certificate
store
m_SchannelCred.dwMinimumCipherStrength = 80;//strength of cipher

m_SchannelCred.grbitEnabledProtocols = m_dwProtocol;//use any protocol

m_SchannelCred.dwFlags |= SCH_CRED_NO_SYSTEM_MAPPER ;

//function, which returns a handle to the requested credentials
Status = m_SecurityFunc.AcquireCredentialsHandle(
                                                        NULL, // Name
of principal

UNISP_NAME,//schannel package

SECPKG_CRED_INBOUND,
                                                        NULL,

&m_SchannelCred,//structure contains the //data required for SChannel
                                                        NULL,
                                                        NULL,

phCreds,//pointer to CreHandle which //receives the handle to
credentials
                                                        &tsExpiry);

//here i refered MSDN for returned Status and put different values of
Status //check the exact cause for error and i found the returned value
of Status is
//SEC_E_INTERNAL_ERROR
if(Status != SEC_E_OK &&Status==SEC_E_INTERNAL_ERROR)
{
        ::OutputDebugString(_T("error channel credentials"));
}

::OutputDebugString(_T("handle to channel credential is available"));

Relevant Pages