CertGetSubjectCertificateFromStore() problem....



Hi,
I want to search for a specific certificate in my certificate store
by using this api CertGetSubjectCertificateFromStore(). It uses
the Issuer and serial number for defining the cert in question.\

I always get the cert not found error!
If I get a list of all the certificates in the store and watch to the
certinfo structure (SerialNumber and Issuer)
I get exactly the same values as these that I define for the search...

Here is a part of the code




CERT_INFO tCertInfo;
PCCERT_CONTEXT pSignerCertContext=NULL;
LPSTR pszName;
DWORD cbName = 8192;
DWORD dwStrType =
CERT_OID_NAME_STR|CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG;
PCERT_BLOB pCert_Blob=NULL;

char a_cDN [1024];

strcpy(a_cDN, "c=nl,cn=CA");

if(!(pszName = (char *)malloc(cbName)))
{
printf ("Memory allocation failed.");
}


//--------------------------------------------------------------------
// Get the length needed to convert the string back
// back into the name as it was in the certificate.

if(!(CertStrToName(
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
a_cDN,
dwStrType,
NULL,
NULL, // NULL to get the number of bytes
// needed for the buffer.
&cbName, // Pointer to a DWORD to hold the
// number of bytes needed for the
// buffer
NULL ))) // Optional address of a pointer to
// old the location for an error in the
// input string.
{
printf("Could not get the lenth of the BLOB.");
}

if ( (pCert_Blob=(CERT_BLOB *)malloc(cbName)) == NULL )
{
printf ("Memory Allocation for the BLOB failed.");
}

if(CertStrToName(
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
a_cDN,
dwStrType,
NULL,
(BYTE *)pCert_Blob,
&cbName,
NULL))
{
printf("CertStrToName created the BLOB.\n");
}
else
{
printf("Could not create the BLOB.");
}

memset(&tCertInfo, '\0', sizeof(tCertInfo));

tCertInfo.Issuer.cbData = cbName;
tCertInfo.Issuer.pbData = (unsigned char *) pCert_Blob;

tCertInfo.SerialNumber.cbData=2;
tCertInfo.SerialNumber.pbData=(unsigned char
*)malloc(tCertInfo.SerialNumber.cbData);
tCertInfo.SerialNumber.pbData[0]=0x2a;
tCertInfo.SerialNumber.pbData[1]=0x01;


if ( pSignerCertContext =
CertGetSubjectCertificateFromStore(hSysStore,

PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,

&tCertInfo))
{
printf ("Cert Found\n");
}
else
{
printf ("Cert NOT Found:[%d]\n", GetLastError());
}



.



Relevant Pages

  • Re: Retrieving certificate from its issuer and serial number
    ... You can retrieve Certificate Serial Number and Issuer Name from ... SerialNumber and IssuerName property of CAPICOM.Certificate object. ... Use API CertStrToName to convert IssuerName to API compatible format. ... CertFindCertificateInStore // to finally find the certificate in store ...
    (microsoft.public.platformsdk.security)
  • Re: X509Certificate vs HttpClientCertificate
    ... This stresses the importance of the certificate issuer identity being ... >> as the combination of SerialNumber and full IsserName fields. ... The client ...
    (microsoft.public.dotnet.security)
  • Re: X509Certificate vs HttpClientCertificate
    ... So comparison based on issuer SerialNumber field only is not really ... good security practise (unless you check the issuer and the issuer signature also). ... Checking the hash of the binary-der cert is a simple and unique way to ... The SerialNumber certificate field is stored in the cert in exactly the ...
    (microsoft.public.dotnet.security)
  • Re: Win2K certificate chain validity problem
    ... the issuer name and serial number." ... serial number of the subject certificate". ... Our interpretation is that this means "the issuer name and serial number ... Number fields of the Authority Key Identifier extension are populated, ...
    (microsoft.public.win2000.security)
  • Re: Verifying Issuer Certificate
    ... Cert chain validation, as Hao has mentioned below, can be done with the ... You can then check if the issuer certificate ... you have is in the certificate chain returned. ...
    (microsoft.public.platformsdk.security)