CertStore C Reference Documentation

CertStore

Represents a collection of certificates. The certificates may be loaded from a PFX (PKCS#12) or from a Windows-based certificate store.

Many of the methods of this class are only applicable when running on a MS Windows operating system. The methods for opening, creating, and modifying Windows-based certificate stores (registry-based, file-based, and memory-based) are (of course) Windows-only. However, the methods for loading certs from PFX (PKCS#12), are valid on all supported operating systems, including Linux, MAC OS X, Windows, etc.

Create/Dispose

HCkCertStore CkCertStore_Create(void);

Creates an instance of the HCkCertStore object and returns a handle (i.e. a "void *" pointer). The handle is passed in the 1st argument for the functions listed on this page.

void CkCertStore_Dispose(HCkCertStore handle);

Objects created by calling CkCertStore_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function. Also, any handle returned by a Chilkat "C" function must also be freed by the application by calling the appropriate Dispose method, such as CkCertStore_Dispose.

Properties

BOOL CkCertStore_getAvoidWindowsPkAccess(HCkCertStore cHandle);

void CkCertStore_putAvoidWindowsPkAccess(HCkCertStore cHandle, BOOL newVal);

Applies only when running on a Microsoft Windows operating system. If TRUE, then any method that returns a certificate will not try to also access the associated private key, assuming one exists. This is useful if the certificate was installed with high-security such that a private key access would trigger the Windows OS to display a security warning dialog. The default value of this property is FALSE.

void CkCertStore_getDebugLogFilePath(HCkCertStore cHandle, HCkString retval);

void CkCertStore_putDebugLogFilePath(HCkCertStore cHandle, const char *newVal);

const char *CkCertStore_debugLogFilePath(HCkCertStore cHandle);

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

void CkCertStore_getLastErrorHtml(HCkCertStore cHandle, HCkString retval);

const char *CkCertStore_lastErrorHtml(HCkCertStore cHandle);

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

void CkCertStore_getLastErrorText(HCkCertStore cHandle, HCkString retval);

const char *CkCertStore_lastErrorText(HCkCertStore cHandle);

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Concept of LastErrorText

LastErrorText Standard Information

void CkCertStore_getLastErrorXml(HCkCertStore cHandle, HCkString retval);

const char *CkCertStore_lastErrorXml(HCkCertStore cHandle);

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

BOOL CkCertStore_getLastMethodSuccess(HCkCertStore cHandle);

void CkCertStore_putLastMethodSuccess(HCkCertStore cHandle, BOOL newVal);

Introduced in version 9.5.0.52

Indicate whether the last method call succeeded or failed. A value of TRUE indicates success, a value of FALSE indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = TRUE and failure = FALSE.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to TRUE. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

int CkCertStore_getNumCertificates(HCkCertStore cHandle);

The number of certificates held in the certificate store.

int CkCertStore_getNumEmailCerts(HCkCertStore cHandle);

(This property only available on Microsoft Windows operating systems.)
The number of certificates that can be used for sending secure email within this store.

BOOL CkCertStore_getUtf8(HCkCertStore cHandle);

void CkCertStore_putUtf8(HCkCertStore cHandle, BOOL newVal);

When set to TRUE, all "const char *" arguments are interpreted as utf-8 strings. If set to FALSE (the default), then "const char *" arguments are interpreted as ANSI strings. Also, when set to TRUE, and Chilkat method returning a "const char *" is returning the utf-8 representation. If set to FALSE, all "const char *" return values are ANSI strings.

BOOL CkCertStore_getVerboseLogging(HCkCertStore cHandle);

void CkCertStore_putVerboseLogging(HCkCertStore cHandle, BOOL newVal);

If set to TRUE, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is FALSE. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

void CkCertStore_getVersion(HCkCertStore cHandle, HCkString retval);

const char *CkCertStore_version(HCkCertStore cHandle);

Version of the component/library, such as "9.5.0.63"

Methods

BOOL CkCertStore_AddCertificate(HCkCertStore cHandle, HCkCert cert);

(This method only available on Microsoft Windows operating systems.)
Adds a certificate to the store. If the certificate is already in the store, it is updated with the new information.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_CreateFileStore(HCkCertStore cHandle, const char *filename);

(This method only available on Microsoft Windows operating systems.)
Creates a new file-based certificate store. Certificates may be saved to this store by calling AddCertificate.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_CreateMemoryStore(HCkCertStore cHandle);

(This method only available on Microsoft Windows operating systems.)
Creates an in-memory certificate store. Certificates may be added by calling AddCertificate.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_CreateRegistryStore(HCkCertStore cHandle, const char *regRoot, const char *regPath);

(This method only available on Microsoft Windows operating systems.)
Creates a registry-based certificate store. regRoot must be "CurrentUser" or "LocalMachine". regPath is a registry path such as "Software/MyApplication/Certificates".

Returns TRUE for success, FALSE for failure.

HCkCert CkCertStore_FindCertByRfc822Name(HCkCertStore cHandle, const char *name);

Locates and returns a certificate by its RFC 822 name.

If multiple certificates match, then non-expired certificates will take precedence over expired certificates. In other words, Chilkat will aways return the non-expired certificate over the expired certificate.

Returns NULL on failure

HCkCert CkCertStore_FindCertBySerial(HCkCertStore cHandle, const char *str);

Finds and returns the certificate that has the matching serial number.

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_FindCertBySha1Thumbprint(HCkCertStore cHandle, const char *str);

Finds a certificate by it's SHA-1 thumbprint. The thumbprint is a hexidecimal string.

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_FindCertBySubject(HCkCertStore cHandle, const char *str);

Finds a certificate where one of the Subject properties (SubjectCN, SubjectE, SubjectO, SubjectOU, SubjectL, SubjectST, SubjectC) matches exactly (but case insensitive) with the passed string. A match in SubjectCN will be tried first, followed by SubjectE, and SubjectO. After that, the first match found in SubjectOU, SubjectL, SubjectST, or SubjectC, but in no guaranteed order, is returned. All matches are case insensitive.

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_FindCertBySubjectCN(HCkCertStore cHandle, const char *str);

Finds a certificate where the SubjectCN property (common name) matches exactly (but case insensitive) with the passed string

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_FindCertBySubjectE(HCkCertStore cHandle, const char *str);

Finds a certificate where the SubjectE property (email address) matches exactly (but case insensitive) with the passed string. This function differs from FindCertForEmail in that the certificate does not need to match the ForSecureEmail property.

Returns NULL on failure.

Returns NULL on failure

Find Certificate for Email Address in Current-User Certificate Store (Windows-Only)

HCkCert CkCertStore_FindCertBySubjectO(HCkCertStore cHandle, const char *str);

Finds a certificate where the SubjectO property (organization) matches exactly (but case insensitive) with the passed string.

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_FindCertForEmail(HCkCertStore cHandle, const char *emailAddress);

(This method only available on Microsoft Windows operating systems.)
Finds a certificate that can be used to send secure email to the passed email address. A certificate matches only if the ForSecureEmail property is TRUE, and the email address matches exactly (but case insensitive) with the SubjectE property. Returns NULL if no matches are found.

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_GetCertificate(HCkCertStore cHandle, int index);

Returns the Nth certificate in the store. The first certificate is at index 0.

Returns NULL on failure.

Returns NULL on failure

HCkCert CkCertStore_GetEmailCert(HCkCertStore cHandle, int index);

(This method only available on Microsoft Windows operating systems.)
Returns the Nth email certificate in the store. The first certificate is at index 0. Use the NumEmailCertificates property to get the number of email certificates.

Returns NULL on failure.

Returns NULL on failure

BOOL CkCertStore_LoadPemFile(HCkCertStore cHandle, const char *pemPath);

Loads the certificates contained within a PEM formatted file.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_LoadPemStr(HCkCertStore cHandle, const char *pemString);

Loads the certificates contained within an in-memory PEM formatted string.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_LoadPfxData(HCkCertStore cHandle, HCkByteData pfxData, const char *password);

Loads a PFX from an in-memory image of a PFX file. Once loaded, the certificates within the PFX may be searched via the Find* methods. It is also possible to iterate from 0 to NumCertficates-1, calling GetCertificate for each index, to retrieve each certificate within the PFX.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_LoadPfxData2(HCkCertStore cHandle, const unsigned char *pByteData, unsigned long szByteData, const char *password);

Loads a PFX from an in-memory image of a PFX file. Once loaded, the certificates within the PFX may be searched via the Find* methods. It is also possible to iterate from 0 to NumCertficates-1, calling GetCertificate for each index, to retrieve each certificate within the PFX.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_LoadPfxFile(HCkCertStore cHandle, const char *pfxFilename, const char *password);

Loads a PFX file. Once loaded, the certificates within the PFX may be searched via the Find* methods. It is also possible to iterate from 0 to NumCertficates-1, calling GetCertificate for each index, to retrieve each certificate within the PFX.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_OpenCurrentUserStore(HCkCertStore cHandle, BOOL readOnly);

(This method is only available on Microsoft Windows operating systems.)
Opens the registry-based Current-User\Personal certificate store. Set readOnly = TRUE if only fetching certificates and not updating the certificate store (i.e. certificates will not be added or removed). Setting readOnly = TRUE causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns TRUE for success, FALSE for failure.

List Certificates in the Current User Certificate Store (Windows Only)

BOOL CkCertStore_OpenFileStore(HCkCertStore cHandle, const char *filename, BOOL readOnly);

(This method only available on Microsoft Windows operating systems.)
Opens a file-based certificate store.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_OpenLocalSystemStore(HCkCertStore cHandle, BOOL readOnly);

(This method is only available on Microsoft Windows operating systems.)
Opens the registry-based Local-Computer\Personal certificate store. Set readOnly = TRUE if only fetching certificates and not updating the certificate store (i.e. certificates will not be added or removed). Setting readOnly = TRUE causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_OpenRegistryStore(HCkCertStore cHandle, const char *regRoot, const char *regPath, BOOL readOnly);

(This method only available on Microsoft Windows operating systems.)
Opens an arbitrary registry-based certificate store. regRoot must be "CurrentUser" or "LocalMachine". regPath is a registry path such as "Software/MyApplication/Certificates".

Setting readOnly = TRUE causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_OpenWindowsStore(HCkCertStore cHandle, const char *storeLocation, const char *storeName, BOOL readOnly);

Introduced in version 9.5.0.49

(This method only available on Microsoft Windows operating systems.)
Opens a Microsoft Windows certificate store. storeLocation must be "CurrentUser" or "LocalMachine". storeName is the name of the certificate store to open. It may be any of the following:

  • AddressBook: Certificate store for other users.
  • AuthRoot: Certificate store for third-party certification authorities (CAs).
  • CertificationAuthority: Certificate store for intermediate certification authorities (CAs).
  • Disallowed: Certificate store for revoked certificates.
  • My: Certificate store for personal certificates.
  • Root: Certificate store for trusted root certification authorities (CAs).
  • TrustedPeople: Certificate store for directly trusted people and resources.
  • TrustedPublisher: Certificate store for directly trusted publishers.

Setting readOnly = TRUE causes the certificate store to be opened read-only, and will prevent "permission denied" errors caused by the need for read-write permission.

Once loaded, the certificates within the store may be searched via the Find* methods. An application may also iterate from 0 to NumCertficates-1 and call GetCertificate to access each certificate by index.

Returns TRUE for success, FALSE for failure.

Find a Certificate in the "Other People" Windows Certificate Store

BOOL CkCertStore_RemoveCertificate(HCkCertStore cHandle, HCkCert cert);

(This method only available on Microsoft Windows operating systems.)
Removes the passed certificate from the store. The certificate object passed as the argument can no longer be used once removed.

Returns TRUE for success, FALSE for failure.

BOOL CkCertStore_SaveLastError(HCkCertStore cHandle, const char *path);

Saves the last-error information (the contents of LastErrorXml) to an XML formatted file.

Returns TRUE for success, FALSE for failure.