CertAddEncodedCertificateToStore
The CertAddEncodedCertificateToStore function creates a certificate context from an encoded certificate and adds it to the certificate store. CertAddEncodedCertificateToStore also makes a copy of the encoded certificate before adding it to the store
#include <wincrypt.h>
BOOL WINAPI CertAddEncodedCertificateToStore(
HCERTSTORE hCertStore, // in
DWORD dwCertEncodingType, // in
const BYTE *pbCertEncoded, // in
DWORD cbCertEncoded, // in
DWORD dwAddDisposition, // in
PCCERT_CONTEXT *ppCertContext // out, optional
);
Parameters
-
hCertStore
-
Handle to the certificate store.
-
dwCertEncodingType
-
Type of encoding used on the certificate. The currently defined certificate encoding type is X509_ASN_ENCODING.
-
pbCertEncoded
-
Pointer to the encoded certificate that is to be added to the certificate store.
-
cbCertEncoded
-
Size, in bytes, of the encoded certificate to be added to the certificate store.
-
dwAddDisposition
-
Value that specifies the action to take if a matching certificate or link to a matching certificate exists in the store. Currently defined disposition values are:
-
CERT_STORE_ADD_NEW
-
If a matching certificate or a link to a matching certificate exists in the store, the operation fails and GetLastError returns CRYPT_E_EXISTS.
-
CERT_STORE_ADD_USE_EXISTING
-
If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties from the new certificate are added. The function does not fail, but it does not add a new context. If ppCertContext is not NULL, the existing context is duplicated.
If a matching certificate or link to a matching certificate does not exist, a new certificate is added.
-
CERT_STORE_ADD_REPLACE_EXISTING
-
If a matching certificate or link to a matching certificate exists in the store, the existing certificate or link is deleted and a new certificate is created and added to the store. If a matching certificate or link to a matching certificate does not exist, a new certificate is created and added to the store.
-
CERT_STORE_ADD_ALWAYS
-
Does not check to see whether a matching certificate or a link to a matching certificate already exists. A new certificate is always added to the store. This may lead to duplicates in a store.
-
CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.
-
If a matching certificate exists in the store, that existing context is deleted before creating and adding the new context. The added context inherits properties from the existing certificate
-
CERT_STORE_ADD_NEWER
-
If a matching certificate or a link to a matching certificate exists, compares the NotBefore times on the certificates. If the existing certificate has a NotBefore time less than the NotBefore time on the new certificate, the old certificate or link is replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing certificate has a NotBefore time greater than or equal to the NotBefore time on the certificate to be added, the function fails with GetLastError returning CRYPT_E_EXISTS.
If a matching certificate or a link to a matching certificate is not found in the store, a new certificate is added to the store.
-
CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES
-
The action is the same as for CERT_STORE_ADD_NEWER except that if an older certificate is replaced, the properties of the older certificate are incorporated into the replacement certificate.
-
ppCertContext
-
Pointer to a pointer to the decoded certificate context. This is an optional parameter that can be NULL, indicating that the caller does not want a copy of the new or existing certificate. When a copy is made, its context must be freed by using CertFreeCertificateContext.
Return Values
TRUE if the function succeeded. FALSE if the function failed.
Call GetLastError to see the reason for any failures. This function has the following error codes:
GetLastError returns the reason for any failures using the following error codes:
-
CRYPT_E_EXISTS
-
This error is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store or if CERT_STORE_ADD_NEWER is set and a there is a certificate in the store with a NotBefore date greater than or equal to the NotBefore date on the certificate to be added.
-
CRYPT_E_OSS_ERROR
-
ASN.1 decoding error occurred. To get the OSS error, subtract the value of CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
-
E_INVALIDARG
-
An invalid add disposition was specified by the dwAddDisposition argument or an invalid certificate encoding type was specified. Currently only X509_ASN_ENCODING is supported.
Example
// The function handle_error() is defined in a separate file.
HCERTSTORE hMemoryStoreHandle;
HCERTSTORE hStoreHandle;
PCCERT_CONTEXT DesiredCert = NULL;
// Open a memory store where the certificate will be added.
// See CertOpenStore for details.
if(hMemoryStoreHandle = CertOpenStore(
CERT_STORE_PROV_MEMORY,0,NULL,0,NULL))
printf("Memory store open. \n");
else
handle_error("Store did not open.");
// Open a system store to get a certificate.
if(hStoreHandle = CertOpenSystemStore(0,"CA"))
// The system store opened. Continue.
printf("System store open.\n");
else
handle_error("The system store did not open.");
// Get the first certificate in the system store.
if(DesiredCert= CertEnumCertificatesInStore(
hStoreHandle,DesiredCert))
// A certificate was retrieved. Continue.
printf("A certificate has been retrieved.\n");
else
handle_error("A certificate could not be retrieved. Perhaps the store is empty.");
// Add the encoded certificate to the store()
if(CertAddEncodedCertificateToStore(
hMemoryStoreHandle, // Store where certificate
// is to be added.
X509_ASN_ENCODING, // The encoding type used.
DesiredCert->pbCertEncoded, // The encoded certificate
// from the system store certificate.
DesiredCert->cbCertEncoded, // The length of that encoded cert.
CERT_STORE_ADD_USE_EXISTING,// Flag to indicate that if a
// matching cert already exists in
// the store, it should be used.
NULL // No duplicate cert is to be
// created.
))
// A certificate was added to the memory store. Continue.
printf("The certificate has been added.\n");
else
handle_error("The certificate was not added.");
QuickInfo
Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
Windows: Requires Windows 95 OSR2 or later.
Windows CE: Unsupported.
Header: Declared in wincrypt.h.
Import Library: Use crypt32.lib.
See Also
CertAddCertificateContextToStore