stackoom
  简体   繁体   中英

Silently deleting a certificate from Windows Root Store

 原文  2014-08-22 10:37:33       c++/ windows/ windows-services/ certificate

Question

I'm trying to delete a certificate from the Root store using WinCrypt API functions like this : 

HANDLE hStoreHandle = INVALID_HANDLE_VALUE;
PCCERT_CONTEXT pCertContext = NULL;
char * pszStoreName = "ROOT";
char pszNameString[256];

//hStoreHandle = CertOpenSystemStoreA(NULL, pszStoreName);

hStoreHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM,
        X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
        0,
        CERT_SYSTEM_STORE_CURRENT_USER,
        (LPVOID) L"Root");

if(hStoreHandle == INVALID_HANDLE_VALUE)
        //Fail

while(pCertContext = CertEnumCertificatesInStore(hStoreHandle, pCertContext))
{
    if(CertGetNameStringA(   
        pCertContext,   
        CERT_NAME_SIMPLE_DISPLAY_TYPE,   
        0,
        NULL,   
        pszNameString,   
        256))
    {
        if(strcmp(pszNameString, "DummyCertificate") == 0)
        {
            if(!CertDeleteCertificateFromStore(
                CertDuplicateCertificateContext(pCertContext))
                )   
            {
                //Fail
            }
        }
    }
    else
    {
        //Fail
    }
}

This happens in a function that is called when my application, a Windows Service , is registered with MyService.exe /Service . So, in theory, it should have all the necessary access it needs to delete a certificate. However, when the CertDeleteCertificateFromStore function is called, a popup window appears that asks the user if he really wants to delete the certificate.

I'm trying to prevent this window from appearing and delete the certificate silently if found. Any suggestions?

I've looked into the command line utilities certutil and certmgr . As I understand it from the Internet, certutil is somewhat limited on client machines and certmgr doesn't allow deletion of Root cetificates. I would like a programmatic solution but I'm fine with using a tool if it gets the job done.

2 answers

solution1
 -1  2014-08-22 11:54:02

You can do a hack by auto-answering the dialog through your program. Try finding the button window associated with the dialog in another thread & post message to generate BN_CLICKED event on the "yes" button.

solution2
 -1  2017-05-23 00:13:35

CERT_SYSTEM_STORE_CURRENT_USER->CERT_SYSTEM_STORE_LOCAL_MACHINE

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can OpenSSL on Windows use the system certificate store? C++ adding certificate to Trust Root storage in Windows Windows, UDP packets silently dropped Copy certificate from website and add it to trusted root authority using script Certificate context from system store always has an invalid pbCertEncoded pointer Use mbedTLS to pull public certificate chain from a server and store as a string Exceptions silently caught by Windows, how to handle manually? How to add certificate in store? Getting certificate chain to a private root How can I install a certificate into the user's Trusted Publishers store programmatically using raw windows API?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM