using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
public static partial class Crypt32
{
///
public const uint CERT_SYSTEM_STORE_LOCATION_MASK = 0x00FF0000;
///
/// Enables CertOpenStore to open a store relative to a user-specified HKEY instead of one of the predefined HKEY constants. For
/// example, HKEY_CURRENT_USER can be replaced with a user-specified HKEY. When CERT_SYSTEM_STORE_RELOCATE_FLAG is set, the pvPara
/// parameter passed to CertOpenStore points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure instead of pointing to the store name as
/// a null-terminated Unicode or ASCII string.
///
public const uint CERT_SYSTEM_STORE_RELOCATE_FLAG = 0x80000000;
private const int CERT_SYSTEM_STORE_LOCATION_SHIFT = 16;
///
/// The CertEnumPhysicalStoreCallback callback function formats and presents information on each physical store found by a
/// call to CertEnumPhysicalStore.
///
///
///
/// Specifies the location of the system store. The following flag values are defined:
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
///
///
/// In addition, CERT_SYSTEM_STORE_RELOCATE_FLAG or CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG can be combined using a bitwise-
/// OR
///
/// operation with any of the high-word location flags. The CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG constant is set if the physical
/// store is predefined rather than registered.
///
///
/// Name of the physical store.
/// A pointer to a CERT_PHYSICAL_STORE_INFO structure containing information about the store.
///
///
/// Returns TRUE if the function succeeds, FALSE if it fails.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pfn_cert_enum_physical_store PFN_CERT_ENUM_PHYSICAL_STORE
// PfnCertEnumPhysicalStore; BOOL PfnCertEnumPhysicalStore( const void *pvSystemStore, DWORD dwFlags, LPCWSTR pwszStoreName,
// PCERT_PHYSICAL_STORE_INFO pStoreInfo, void *pvReserved, void *pvArg ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "0651730a-39f2-4598-a81c-d05e6d282e6c")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool CertEnumPhysicalStoreCallback(IntPtr pvSystemStore, CertSystemStore dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pwszStoreName, in CERT_PHYSICAL_STORE_INFO pStoreInfo, IntPtr pvReserved, IntPtr pvArg);
///
/// The CertEnumSystemStoreCallback callback function formats and presents information on each system store found by a call
/// to CertEnumSystemStore.
///
///
/// A pointer to information on the system store found by a call to CertEnumSystemStore. Where appropriate, this argument will
/// contain a leading computer name or service name prefix.
///
/// Flag used to call for an alteration of the presentation.
/// A pointer to a CERT_SYSTEM_STORE_INFO structure that contains information about the store.
/// Reserved for future use.
/// A pointer to information passed to the callback function in the pvArg passed to CertEnumSystemStore.
/// If the function succeeds, the function returns TRUE. To stop the enumeration, the function must return FALSE.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pfn_cert_enum_system_store PFN_CERT_ENUM_SYSTEM_STORE
// PfnCertEnumSystemStore; BOOL PfnCertEnumSystemStore( const void *pvSystemStore, DWORD dwFlags, PCERT_SYSTEM_STORE_INFO
// pStoreInfo, void *pvReserved, void *pvArg ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "f070a9bd-be0b-49d0-9cab-a5d6f05d4e22")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool CertEnumSystemStoreCallback(IntPtr pvSystemStore, uint dwFlags, in CERT_SYSTEM_STORE_INFO pStoreInfo, [Optional] IntPtr pvReserved, [Optional] IntPtr pvArg);
///
/// The CertEnumSystemStoreLocationCallback callback function formats and presents information on each system store location
/// found by a call to CertEnumSystemStoreLocation.
///
/// String that contains information on the store location found.
/// Flag used to call for an alteration of the presentation.
///
///
///
/// If the function succeeds, the function returns TRUE.
/// If the function fails, it returns FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pfn_cert_enum_system_store_location
// PFN_CERT_ENUM_SYSTEM_STORE_LOCATION PfnCertEnumSystemStoreLocation; BOOL PfnCertEnumSystemStoreLocation( LPCWSTR
// pwszStoreLocation, DWORD dwFlags, void *pvReserved, void *pvArg ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "a5f1badd-3e68-4e0f-9a42-1b1876c9cb56")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool CertEnumSystemStoreLocationCallback([MarshalAs(UnmanagedType.LPWStr)] string pwszStoreLocation, uint dwFlags, IntPtr pvReserved, IntPtr pvArg);
///
/// The PFN_CERT_CREATE_CONTEXT_SORT_FUNC callback function is called for each sorted context entry when a context is
/// created. This function pointer is passed in the pfnSort member of the CERT_CREATE_CONTEXT_PARA structure.
///
/// The total number of bytes of the encoded entries.
/// The number of bytes remaining to be encoded.
/// The current number of sorted entries.
///
///
/// Return TRUE to continue the sort or FALSE to stop the sort. If FALSE is returned, CertCreateContext will
/// fail and set the last error code to ERROR_CANCELLED.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pfn_cert_create_context_sort_func
// PFN_CERT_CREATE_CONTEXT_SORT_FUNC PfnCertCreateContextSortFunc; BOOL PfnCertCreateContextSortFunc( DWORD cbTotalEncoded, DWORD
// cbRemainEncoded, DWORD cEntry, void *pvSort ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "5ad79970-d076-4e97-bf56-d6aad4b46eaa")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool PFN_CERT_CREATE_CONTEXT_SORT_FUNC(uint cbTotalEncoded, uint cbRemainEncoded, uint cEntry, IntPtr pvSort);
/// Delegate to allocate memory.
/// Size of the memory to allocate.
/// A pointer to the allocated memory.
[PInvokeData("wincrypt.h")]
public delegate IntPtr PFN_CRYPT_ALLOC(SizeT cbSize);
/// Delegate to free memory.
/// The pointer to the memory to free.
[PInvokeData("wincrypt.h")]
public delegate void PFN_CRYPT_FREE(IntPtr pv);
/// Flags for .
[Flags]
public enum CertCloseStoreFlags
{
///
/// Forces the freeing of memory for all contexts associated with the store. This flag can be safely used only when the store is
/// opened in a function and neither the store handle nor any of its contexts are passed to any called functions. For details,
/// see Remarks.
///
CERT_CLOSE_STORE_FORCE_FLAG = 0x00000001,
///
/// Checks for nonfreed certificate, CRL, and CTL contexts. A returned error code indicates that one or more store elements is
/// still in use. This flag should only be used as a diagnostic tool in the development of applications.
///
CERT_CLOSE_STORE_CHECK_FLAG = 0x00000002
}
/// Flags for CertCreateContext.
[PInvokeData("wincrypt.h", MSDNShortId = "0911054b-a47a-4046-b121-a236fc4b018b")]
[Flags]
public enum CertCreateContextFlags : uint
{
/// The created context points directly to the content pointed to by pbEncoded instead of an allocated copy.
CERT_CREATE_CONTEXT_NOCOPY_FLAG = 0x1,
///
/// The function creates a context with sorted entries. Currently, this flag only applies to a CTL context.
///
/// For CTLs, the cCTLEntry member of the returned CTL_INFO structure is always zero. CertFindSubjectInSortedCTL and
/// CertEnumSubjectInSortedCTL must be called to find or enumerate the CTL entries.
///
///
CERT_CREATE_CONTEXT_SORTED_FLAG = 0x2,
///
/// By default, when a CTL context is created, a HCRYTPMSG handle to its SignedData message is created. This flag can be set to
/// improve performance by not creating this handle. This flag can only be used when dwContextType is CERT_STORE_CTL_CONTEXT.
///
CERT_CREATE_CONTEXT_NO_HCRYPTMSG_FLAG = 0x4,
///
/// By default, when a CTL context is created, its entries are decoded. When this flag is set, the entries are not decoded and
/// performance is improved. This flag can only be used when dwContextType is CERT_STORE_CTL_CONTEXT.
///
CERT_CREATE_CONTEXT_NO_ENTRY_FLAG = 0x8
}
/// Physical Store Information flags.
[Flags]
public enum CertPhysicalStoreFlags : uint
{
/// Enables addition to a context to the store.
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG = 0x1,
///
/// Set by the CertRegisterPhysicalStore function. By default, all system stores located in the registry have an implicit
/// SystemRegistry physical store that is opened. To disable the opening of this store, the SystemRegistry physical store that
/// corresponds to the System store must be registered by setting CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG or by registering a
/// physical store named ".Default" with CertRegisterPhysicalStore.
///
CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG = 0x2,
/// Disables remote opening of the physical store.
CERT_PHYSICAL_STORE_REMOTE_OPEN_DISABLE_FLAG = 0x4,
/// Places the string \\ComputerName in front of other provider types.
CERT_PHYSICAL_STORE_INSERT_COMPUTER_NAME_ENABLE_FLAG = 0x8,
}
/// Specifies the action to take if the certificate, CRL, or CTL already exists in the store.
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
public enum CertStoreAdd
{
///
/// If the certificate, CRL, or CTL is new, it is created and persisted to the store. The operation fails if an identical
/// certificate, CRL, or CTL already exists in the store. The last error code is set to CRYPT_E_EXISTS.
///
CERT_STORE_ADD_NEW = 1,
///
/// If the certificate, CRL, or CTL is new, it is added to the store. If an identical certificate, CRL, or CTL already exists,
/// the existing element is used. If ppvContext is not NULL, the existing context is duplicated. The function only adds
/// properties that do not already exist. The SHA-1 and MD5 hash properties are not copied.
///
CERT_STORE_ADD_USE_EXISTING = 2,
///
/// If an identical certificate, CRL, or CTL already exists in the store, the existing certificate, CRL, or CTL context is
/// deleted before creating and adding the new context.
///
CERT_STORE_ADD_REPLACE_EXISTING = 3,
///
/// No check is made to determine whether an identical certificate, CRL, or CTL already exists. A new element is always created.
/// This can lead to duplicates in the store. To determine whether the element already exists in the store, call
/// CertGetCRLFromStore or CertGetSubjectCertificateFromStore.
///
CERT_STORE_ADD_ALWAYS = 4,
///
/// If a matching certificate exists in the store, the existing context is deleted before creating and adding the new context.
/// The new added context inherits properties from the existing certificate.
///
CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES = 5,
///
/// If a matching CRL or CTL or a link to a matching CRL or CTL exists, the function compares the NotBefore times on the CRL or
/// CTL. If the existing CRL or CTL has a NotBefore time less than the NotBefore time on the new element, the old element or
/// link is replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing element has a NotBefore time greater than or
/// equal to the NotBefore time on the element to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code.
///
/// If a matching CRL or CTL or a link to a matching CRL or CTL is not found in the store, a new element is added to the store.
///
///
CERT_STORE_ADD_NEWER = 6,
///
/// The action is the same as for CERT_STORE_ADD_NEWER. However, if an older CRL or CTL is replaced, the properties of the older
/// element are incorporated into the replacement.
///
CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES = 7,
}
/// Specifics the contexts that can be added.
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
public enum CertStoreContextFlags : uint
{
/// Adds any context.
CERT_STORE_ALL_CONTEXT_FLAG = 0xFFFFFFFF,
/// Adds only a certificate context.
CERT_STORE_CERTIFICATE_CONTEXT_FLAG = 1 << CertStoreContextType.CERT_STORE_CERTIFICATE_CONTEXT,
/// Adds only a CRL context.
CERT_STORE_CRL_CONTEXT_FLAG = 1 << CertStoreContextType.CERT_STORE_CRL_CONTEXT,
/// Adds only a CTL context.
CERT_STORE_CTL_CONTEXT_FLAG = 1 << CertStoreContextType.CERT_STORE_CTL_CONTEXT,
}
/// The context type of the added serialized element.
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
public enum CertStoreContextType : int
{
/// Certificates
CERT_STORE_CERTIFICATE_CONTEXT = 1,
/// CRLs
CERT_STORE_CRL_CONTEXT = 2,
/// CTLs
CERT_STORE_CTL_CONTEXT = 3
}
/// Flags for CertControlStore.
[PInvokeData("wincrypt.h", MSDNShortId = "04cd9349-50c1-44b4-b080-631a24a80d70")]
[Flags]
public enum CertStoreControlFlags
{
///
/// Forces the contents of the cache memory store to be copied to permanent storage even if the cache has not been changed.
///
CERT_STORE_CTRL_COMMIT_FORCE_FLAG = 0x1,
/// Inhibits the copying of the contents of the cache memory store to permanent storage even when the store is closed.
CERT_STORE_CTRL_COMMIT_CLEAR_FLAG = 0x2,
///
/// Inhibits a duplicate handle of the event HANDLE. If this flag is set, CertControlStore with CERT_STORE_CTRL_CANCEL_NOTIFY
/// passed must be called for this event HANDLE before closing the hCertStore handle.
///
CERT_STORE_CTRL_INHIBIT_DUPLICATE_HANDLE_FLAG = 0x1,
}
/// Control action to be taken by CertControlStore.
[PInvokeData("wincrypt.h", MSDNShortId = "04cd9349-50c1-44b4-b080-631a24a80d70")]
public enum CertStoreControlType
{
/// The cached store is resynchronized and made to match the persisted store.
CERT_STORE_CTRL_RESYNC = 1,
///
/// A signal is returned in the space pointed to by pvCtrlPara to indicate that the current contents of the cached store differ
/// from the store's persisted state.
///
CERT_STORE_CTRL_NOTIFY_CHANGE = 2,
///
/// Any changes made to the cached store are copied to persisted storage. If no changes were made since the cached store was
/// opened or since the last commit, the call is ignored. The call is also ignored if the store provider is a provider that
/// automatically persists changes immediately.
///
CERT_STORE_CTRL_COMMIT = 3,
///
/// At the start of every enumeration or find store call, a check is made to determine whether a change has been made in the
/// store. If the store has changed, a re-synchronization is done. This check is only done on first enumeration or find calls,
/// when the pPrevContext is NULL. The pvCtrPara member is not used and must be set to NULL.
///
CERT_STORE_CTRL_AUTO_RESYNC = 4,
///
/// Cancels notification signaling of the event HANDLE passed in a previous CERT_STORE_CTRL_NOTIFY_CHANGE or
/// CERT_STORE_CTRL_RESYNC. The pvCtrlPara parameter points to the event HANDLE to be canceled.
///
CERT_STORE_CTRL_CANCEL_NOTIFY = 5,
}
/// Controls a variety of general characteristics of the certificate store opened.
[PInvokeData("wincrypt.h", MSDNShortId = "4edccbfe-c0a8-442b-b6b7-51ef598e7c90")]
[Flags]
public enum CertStoreFlags : uint
{
///
/// Use the thread's SE_BACKUP_NAME and SE_RESTORE_NAME privileges to open registry or file-based system stores. If the thread
/// does not have these privileges, this function must fail with an access denied error.
///
CERT_STORE_BACKUP_RESTORE_FLAG = 0x00000800,
///
/// A new store is created if one did not exist. The function fails if the store already exists.
///
/// If neither CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is set, a store is opened if it exists or is created
/// and opened if it did not already exist.
///
///
CERT_STORE_CREATE_NEW_FLAG = 0x00002000,
///
/// Defer closing of the store's provider until all certificates, CRLs, or CTLs obtained from the store are no longer in use.
/// The store is actually closed when the last certificate, CRL, or CTL obtained from the store is freed. Any changes made to
/// properties of these certificates, CRLs, and CTLs, even after the call to CertCloseStore, are persisted.
///
/// If this flag is not set and certificates, CRLs, or CTLs obtained from the store are still in use, any changes to the
/// properties of those certificates, CRLs, and CTLs will not be persisted.
///
/// If this function is called with CERT_CLOSE_STORE_FORCE_FLAG, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG is ignored.
///
/// When this flag is set and a non-NULL hCryptProv parameter value is passed, that provider will continue to be used even after
/// the call to this function.
///
///
CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = 0x00000004,
///
/// The store is deleted instead of being opened. This function returns NULL for both success and failure of the deletion. To
/// determine the success of the deletion, call GetLastError, which returns zero if the store was deleted and a nonzero value if
/// it was not deleted.
///
CERT_STORE_DELETE_FLAG = 0x00000010,
///
/// Normally, an enumeration of all certificates in the store will ignore any certificate with the CERT_ARCHIVED_PROP_ID
/// property set. If this flag is set, an enumeration of the certificates in the store will contain all of the certificates in
/// the store, including those that have the CERT_ARCHIVED_PROP_ID property.
///
CERT_STORE_ENUM_ARCHIVED_FLAG = 0x00000200,
///
CERT_STORE_MANIFOLD_FLAG = 0x00000100,
///
/// Open the store with the maximum set of allowed permissions. If this flag is specified, registry stores are first opened with
/// write access and if that fails, they are reopened with read-only access.
///
CERT_STORE_MAXIMUM_ALLOWED_FLAG = 0x00001000,
///
/// This flag is not used when the hCryptProv parameter is NULL. This flag is only valid when a non-NULL CSP handle is passed as
/// the hCryptProv parameter. Setting this flag prevents the automatic release of a nondefault CSP when the certificate store is closed.
///
CERT_STORE_NO_CRYPT_RELEASE_FLAG = 0x00000001,
/// Only open an existing store. If the store does not exist, the function fails.
CERT_STORE_OPEN_EXISTING_FLAG = 0x00004000,
///
/// Open the store in read-only mode. Any attempt to change the contents of the store will result in an error. When this flag is
/// set and a registry based store provider is being used, the registry subkeys are opened by using RegOpenKey with
/// KEY_READ_ACCESS. Otherwise, the registry subkeys are created by using RegCreateKey with KEY_ALL_ACCESS.
///
CERT_STORE_READONLY_FLAG = 0x00008000,
///
/// If this flag is supported, the provider sets the store's CERT_STORE_LOCALIZED_NAME_PROP_ID property. The localized name can
/// be retrieved by calling the CertGetStoreProperty function with dwPropID set to CERT_STORE_LOCALIZED_NAME_PROP_ID. This flag
/// is supported for providers of types CERT_STORE_PROV_FILENAME, CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL_W.
///
CERT_STORE_SET_LOCALIZED_NAME_FLAG = 0x00000002,
///
/// When opening a store multiple times, you can set this flag to ensure efficient memory usage by reusing the memory for the
/// encoded parts of a certificate, CRL, or CTL context across the opened instances of the stores.
///
CERT_STORE_SHARE_CONTEXT_FLAG = 0x00000080,
///
CERT_STORE_SHARE_STORE_FLAG = 0x00000040,
///
CERT_STORE_UNSAFE_PHYSICAL_FLAG = 0x00000020,
///
/// Lists of key identifiers exist within CurrentUser and LocalMachine. These key identifiers have properties much like the
/// properties of certificates. If the CERT_STORE_UPDATE_KEYID_FLAG is set, then for every key identifier in the store's
/// location that has a CERT_KEY_PROV_INFO_PROP_ID property, that property is automatically updated from the key identifier
/// property CERT_KEY_PROV_INFO_PROP_ID or the CERT_KEY_IDENTIFIER_PROP_ID of the certificate related to that key identifier.
///
CERT_STORE_UPDATE_KEYID_FLAG = 0x00000400,
///
/// When set, pvPara must contain a pointer to a CERT_SYSTEM_STORE_RELOCATE_PARA structure rather than a string. The structure
/// indicates both the name of the store and its location in the registry.
///
CERT_SYSTEM_STORE_RELOCATE_FLAG = 0x80000000,
///
/// By default, when the CurrentUser "Root" store is opened, any SystemRegistry roots not on the protected root list are deleted
/// from the cache before this function returns. When this flag is set, this default is overridden and all of the roots in the
/// SystemRegistry are returned and no check of the protected root list is made.
///
CERT_SYSTEM_STORE_UNPROTECTED_FLAG = 0x40000000,
///
CERT_SYSTEM_STORE_DEFER_READ_FLAG = 0x20000000,
///
/// pvPara contains a handle to a registry key on a remote computer. To access a registry key on a remote computer, security
/// permissions on the remote computer must be set to allow access. For more information, see Remarks.
///
CERT_REGISTRY_STORE_REMOTE_FLAG = 0x10000,
///
/// The CERT_STORE_PROV_REG provider saves certificates, CRLs, and CTLs in a single serialized store subkey instead of
/// performing the default save operation. The default is that each certificate, CRL, or CTL is saved as a separate registry
/// subkey under the appropriate subkey.
///
/// This flag is mainly used for stores downloaded from the group policy template (GPT), such as the CurrentUserGroupPolicy and
/// LocalMachineGroupPolicy stores.
///
///
/// When CERT_REGISTRY_STORE_SERIALIZED_FLAG is set, store additions, deletions, or property changes are not persisted until
/// there is a call to either CertCloseStore or CertControlStore using CERT_STORE_CTRL_COMMIT.
///
///
CERT_REGISTRY_STORE_SERIALIZED_FLAG = 0x20000,
///
/// Setting this flag commits any additions to the store or any changes made to properties of contexts in the store to the file
/// store either when CertCloseStore is called or when CertControlStore is called with CERT_STORE_CONTROL_COMMIT.
///
/// CertOpenStore fails with E_INVALIDARG if both CERT_FILE_STORE_COMMIT_ENABLE and CERT_STORE_READONLY_FLAG are set in dwFlags.
///
///
CERT_FILE_STORE_COMMIT_ENABLE_FLAG = 0x10000,
///
/// To provide integrity required by some applications, digitally sign all LDAP traffic to and from an LDAP server by using the
/// Kerberos authentication protocol.
///
CERT_LDAP_STORE_SIGN_FLAG = 0x10000,
///
/// Performs an A-Record-only DNS lookup on the URL named in the pvPara parameter. This prevents false DNS queries from being
/// generated when resolving URL host names. Use this flag when passing a host name as opposed to a domain name for the pvPara parameter.
///
CERT_LDAP_STORE_AREC_EXCLUSIVE_FLAG = 0x20000,
///
/// Use this flag to use an existing LDAP session. When this flag is specified, the pvPara parameter is the address of a
/// CERT_LDAP_STORE_OPENED_PARA structure that contains information about the LDAP session to use.
///
CERT_LDAP_STORE_OPENED_FLAG = 0x40000,
///
/// Use this flag with the CERT_LDAP_STORE_OPENED_FLAG flag to cause the LDAP session to be unbound when the store is closed.
/// The system will unbind the LDAP session by using the ldap_unbind function when the store is closed.
///
CERT_LDAP_STORE_UNBIND_FLAG = 0x80000,
/// Stores at the registry location HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_USER = CertSystemStore.CERT_SYSTEM_STORE_CURRENT_USER,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_LOCAL_MACHINE = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_SERVICE = CertSystemStore.CERT_SYSTEM_STORE_CURRENT_SERVICE,
///
/// Stores at the registry location
/// HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates and with keys starting
/// with [ServiceName].
///
CERT_SYSTEM_STORE_SERVICES = CertSystemStore.CERT_SYSTEM_STORE_SERVICES,
///
/// Stores at the registry location HKEY_USERS\UserName\Software\Microsoft\SystemCertificates and with keys starting with [userid].
///
CERT_SYSTEM_STORE_USERS = CertSystemStore.CERT_SYSTEM_STORE_USERS,
/// Stores at the registry location HKEY_CURRENT_USER\Software\Policy\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY = CertSystemStore.CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY,
///
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE contains certificates shared across domains in the enterprise and downloaded from
/// the global enterprise directory. To synchronize the client's enterprise store, the enterprise directory is polled every
/// eight hours and certificates are downloaded automatically in the background.
///
CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE,
///
CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS,
}
/// Specifies how to save the certificate store.
[PInvokeData("wincrypt.h", MSDNShortId = "5cc818d7-b079-4962-aabc-fc512d4e92ac")]
public enum CertStoreSaveAs : uint
{
///
/// The certificate store can be saved as a serialized store containing properties in addition to encoded certificates,
/// certificate revocation lists (CRLs), and certificate trust lists (CTLs). The dwEncodingType parameter is ignored. The
/// CERT_KEY_CONTEXT_PROP_ID property and the related CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID values are not
/// saved to a serialized store.
///
CERT_STORE_SAVE_AS_STORE = 1,
///
/// The certificate store can be saved as a PKCS #7 signed message that does not include additional properties. The
/// dwEncodingType parameter specifies the message encoding type.
///
CERT_STORE_SAVE_AS_PKCS7 = 2,
///
/// The certificate store can be saved as a PKCS #12 signed message that does not include additional properties. The
/// dwEncodingType parameter specifies the message encoding type.
///
CERT_STORE_SAVE_AS_PKCS12 = 3,
}
/// Specifies where and how to save the certificate store.
[PInvokeData("wincrypt.h", MSDNShortId = "5cc818d7-b079-4962-aabc-fc512d4e92ac")]
public enum CertStoreSaveTo : uint
{
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a handle to a file previously
/// obtained by using the CreateFile function. The file must be opened with write permission. After a successful save operation,
/// the file pointer is positioned after the last write operation.
///
CERT_STORE_SAVE_TO_FILE = 1,
///
/// The function saves the certificate store to a memory BLOB. The pvSaveToPara parameter contains a pointer to a CERT_BLOB
/// structure. Before use, the CERT_BLOB's pbData and cbData members must be initialized. Upon return, cbData is updated with
/// the actual length. For a length-only calculation, pbData must be set to NULL. If pbData is non-NULL and cbData is not large
/// enough, the function returns zero with a last error code of ERROR_MORE_DATA.
///
CERT_STORE_SAVE_TO_MEMORY = 2,
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a pointer to a null-terminated ANSI
/// string that contains the path and file name of the file to save to. The function opens the file, saves to it, and closes it.
///
CERT_STORE_SAVE_TO_FILENAME_A = 3,
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a pointer to a null-terminated
/// Unicode string that contains the path and file name of the file to save to. The function opens the file, saves to it, and
/// closes it.
///
CERT_STORE_SAVE_TO_FILENAME_W = 4,
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a pointer to a null-terminated
/// Unicode string that contains the path and file name of the file to save to. The function opens the file, saves to it, and
/// closes it.
///
CERT_STORE_SAVE_TO_FILENAME = CERT_STORE_SAVE_TO_FILENAME_W
}
///
/// A system store is a collection that consists of one or more physical sibling stores. For each system store, there are predefined
/// physical sibling stores. After opening a system store such as MY at CERT_SYSTEM_STORE_CURRENT_USER, the store provider calls
/// CertOpenStore to open each of the physical stores in the system store collection. In the open process, each of these physical
/// stores is added to the system store collection using CertAddStoreToCollection. All certificates in those physical stores are
/// available through the logical system store collection.
///
[PInvokeData("wincrypt.h", MSDNShortId = "fd9cb23b-e4a3-41cb-8f0a-30f4e813c6ac")]
public enum CertSystemStore : uint
{
/// Stores at the registry location HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_USER = CertSystemStoreId.CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_LOCAL_MACHINE = CertSystemStoreId.CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_SERVICE = CertSystemStoreId.CERT_SYSTEM_STORE_CURRENT_SERVICE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
///
/// Stores at the registry location
/// HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates and with keys starting
/// with [ServiceName].
///
CERT_SYSTEM_STORE_SERVICES = CertSystemStoreId.CERT_SYSTEM_STORE_SERVICES_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
///
/// Stores at the registry location HKEY_USERS\UserName\Software\Microsoft\SystemCertificates and with keys starting with [userid].
///
CERT_SYSTEM_STORE_USERS = CertSystemStoreId.CERT_SYSTEM_STORE_USERS_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
/// Stores at the registry location HKEY_CURRENT_USER\Software\Policy\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY = CertSystemStoreId.CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = CertSystemStoreId.CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
///
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE contains certificates shared across domains in the enterprise and downloaded from
/// the global enterprise directory. To synchronize the client's enterprise store, the enterprise directory is polled every
/// eight hours and certificates are downloaded automatically in the background.
///
CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE = CertSystemStoreId.CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
///
CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS = CertSystemStoreId.CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT,
}
/// Values used by .
public enum CertSystemStoreId : uint
{
/// Stores at the registry location HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_USER_ID = 1,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_LOCAL_MACHINE_ID = 2,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_SERVICE_ID = 4,
///
/// Stores at the registry location
/// HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates and with keys starting
/// with [ServiceName].
///
CERT_SYSTEM_STORE_SERVICES_ID = 5,
///
/// Stores at the registry location HKEY_USERS\UserName\Software\Microsoft\SystemCertificates and with keys starting with [userid].
///
CERT_SYSTEM_STORE_USERS_ID = 6,
/// Stores at the registry location HKEY_CURRENT_USER\Software\Policy\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID = 7,
/// Stores at the registry location HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates.
CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID = 8,
///
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE contains certificates shared across domains in the enterprise and downloaded from
/// the global enterprise directory. To synchronize the client's enterprise store, the enterprise directory is polled every
/// eight hours and certificates are downloaded automatically in the background.
///
CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID = 9,
///
CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS_ID = 10,
}
/// Specifies the type of subject to be searched for in the CTL.
[PInvokeData("wincrypt.h", MSDNShortId = "e0c81531-e649-45bb-bafe-bced00c7b16a")]
public enum CtlCertSubject
{
/// Default subject type.
CTL_DEFAULT_SUBJECT_TYPE = 0,
///
/// pvSubject data type: Pointer to a CERT_CONTEXT structure. The CTL's SubjectAlgorithm is examined to determine the
/// representation of the subject's identity. Initially, only SHA1 and MD5 hashes are supported as values for SubjectAlgorithm.
/// The appropriate hash property is obtained from the CERT_CONTEXT structure.
///
CTL_ANY_SUBJECT_TYPE = 1,
///
/// pvSubject data type: Pointer to a CTL_ANY_SUBJECT_INFO structure. The SubjectAlgorithm member of this structure must match
/// the algorithm type of the CTL, and the SubjectIdentifier member must match one of the CTL entries.
///
CTL_CERT_SUBJECT_TYPE = 2,
}
///
/// The CertAddSerializedElementToStore function adds a serialized certificate, certificate revocation list (CRL), or
/// certificate trust list (CTL) element to the store. The serialized element contains the encoded certificate, CRL, or CTL and its
/// extended properties. Extended properties are associated with a certificate and are not part of a certificate as issued by a
/// certification authority. Extended properties are not available on a certificate when it is used on a non-Microsoft platform.
///
///
/// The handle of a certificate store where the created certificate will be stored. If hCertStore is NULL, the function
/// creates a copy of a certificate, CRL, or CTL context with its extended properties, but the certificate, CRL, or CTL is not
/// persisted in any store.
///
///
/// A pointer to a buffer that contains the certificate, CRL, or CTL information to be serialized and added to the certificate store.
///
/// The size, in bytes, of the pbElement buffer.
///
///
/// Specifies the action to take if the certificate, CRL, or CTL already exists in the store. Currently defined disposition values
/// are shown in the following table.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_ADD_NEW
///
/// If the certificate, CRL, or CTL is new, it is created and persisted to the store. The operation fails if an identical
/// certificate, CRL, or CTL already exists in the store. The last error code is set to CRYPT_E_EXISTS.
///
///
/// -
/// CERT_STORE_ADD_USE_EXISTING
///
/// If the certificate, CRL, or CTL is new, it is added to the store. If an identical certificate, CRL, or CTL already exists, the
/// existing element is used. If ppvContext is not NULL, the existing context is duplicated. The function only adds properties that
/// do not already exist. The SHA-1 and MD5 hash properties are not copied.
///
///
/// -
/// CERT_STORE_ADD_REPLACE_EXISTING
///
/// If an identical certificate, CRL, or CTL already exists in the store, the existing certificate, CRL, or CTL context is deleted
/// before creating and adding the new context.
///
///
/// -
/// CERT_STORE_ADD_ALWAYS
///
/// No check is made to determine whether an identical certificate, CRL, or CTL already exists. A new element is always created.
/// This can lead to duplicates in the store. To determine whether the element already exists in the store, call CertGetCRLFromStore
/// or CertGetSubjectCertificateFromStore.
///
///
/// -
/// CERT_STORE_ADD_NEWER
///
/// If a matching CRL or CTL or a link to a matching CRL or CTL exists, the function compares the NotBefore times on the CRL or CTL.
/// If the existing CRL or CTL has a NotBefore time less than the NotBefore time on the new element, the old element or link is
/// replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing element has a NotBefore time greater than or equal to the
/// NotBefore time on the element to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code. If a matching
/// CRL or CTL or a link to a matching CRL or CTL is not found in the store, a new element is added to the store.
///
///
/// -
/// CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES
///
/// The action is the same as for CERT_STORE_ADD_NEWER. However, if an older CRL or CTL is replaced, the properties of the older
/// element are incorporated into the replacement.
///
///
/// -
/// CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES
///
/// If a matching certificate exists in the store, the existing context is deleted before creating and adding the new context. The
/// new added context inherits properties from the existing certificate.
///
///
///
///
/// Reserved for future use and must be zero.
///
///
/// Specifics the contexts that can be added. For example, to add either a certificate, CRL, or CTL, set dwContextTypeFlags to
/// CERT_STORE_CERTIFICATE_CONTEXT_FLAG or CERT_STORE_CRL_CONTEXT_FLAG.
///
/// Currently defined context type flags are shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_ALL_CONTEXT_FLAG
/// Adds any context.
///
/// -
/// CERT_STORE_CERTIFICATE_CONTEXT_FLAG
/// Adds only a certificate context.
///
/// -
/// CERT_STORE_CRL_CONTEXT_FLAG
/// Adds only a CRL context.
///
/// -
/// CERT_STORE_CTL_CONTEXT_FLAG
/// Adds only a CTL context.
///
///
///
///
///
/// A pointer to the context type of the added serialized element. This is an optional parameter and can be NULL, which
/// indicates that the calling application does not require the context type.
///
/// Currently defined context types are shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_CERTIFICATE_CONTEXT
/// Certificates
///
/// -
/// CERT_STORE_CRL_CONTEXT
/// CRLs
///
/// -
/// CERT_STORE_CTL_CONTEXT
/// CTLs
///
///
///
///
///
/// A pointer to a pointer to the decoded certificate, CRL, or CTL context. This is an optional parameter and can be NULL,
/// which indicates that the calling application does not require the context of the added or existing certificate, CRL, or CTL.
///
///
/// If ppvContext is not NULL, it must be the address of a pointer to a CERT_CONTEXT, CRL_CONTEXT, or CTL_CONTEXT. When the
/// application is finished with the context, the context must be freed by using CertFreeCertificateContext for a certificate,
/// CertFreeCRLContext for a CRL, or CertFreeCTLContext for a CTL.
///
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError. Some possible error codes follow.
///
///
/// Return code
/// Description
///
/// -
/// CRYPT_E_EXISTS
/// If the dwAddDisposition parameter is set to CERT_STORE_ADD_NEW, the certificate, CRL, or CTL already exists in the store.
///
/// -
/// E_INVALIDARG
/// A disposition value that is not valid was specified in the dwAddDisposition parameter.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddserializedelementtostore BOOL
// CertAddSerializedElementToStore( HCERTSTORE hCertStore, const BYTE *pbElement, DWORD cbElement, DWORD dwAddDisposition, DWORD
// dwFlags, DWORD dwContextTypeFlags, DWORD *pdwContextType, const void **ppvContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddSerializedElementToStore([Optional] HCERTSTORE hCertStore, [In] IntPtr pbElement, uint cbElement, CertStoreAdd dwAddDisposition, [Optional] uint dwFlags, CertStoreContextFlags dwContextTypeFlags, out CertStoreContextType pdwContextType, out IntPtr ppvContext);
///
/// The CertAddSerializedElementToStore function adds a serialized certificate, certificate revocation list (CRL), or
/// certificate trust list (CTL) element to the store. The serialized element contains the encoded certificate, CRL, or CTL and its
/// extended properties. Extended properties are associated with a certificate and are not part of a certificate as issued by a
/// certification authority. Extended properties are not available on a certificate when it is used on a non-Microsoft platform.
///
///
/// The handle of a certificate store where the created certificate will be stored. If hCertStore is NULL, the function
/// creates a copy of a certificate, CRL, or CTL context with its extended properties, but the certificate, CRL, or CTL is not
/// persisted in any store.
///
///
/// A pointer to a buffer that contains the certificate, CRL, or CTL information to be serialized and added to the certificate store.
///
/// The size, in bytes, of the pbElement buffer.
///
///
/// Specifies the action to take if the certificate, CRL, or CTL already exists in the store. Currently defined disposition values
/// are shown in the following table.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_ADD_NEW
///
/// If the certificate, CRL, or CTL is new, it is created and persisted to the store. The operation fails if an identical
/// certificate, CRL, or CTL already exists in the store. The last error code is set to CRYPT_E_EXISTS.
///
///
/// -
/// CERT_STORE_ADD_USE_EXISTING
///
/// If the certificate, CRL, or CTL is new, it is added to the store. If an identical certificate, CRL, or CTL already exists, the
/// existing element is used. If ppvContext is not NULL, the existing context is duplicated. The function only adds properties that
/// do not already exist. The SHA-1 and MD5 hash properties are not copied.
///
///
/// -
/// CERT_STORE_ADD_REPLACE_EXISTING
///
/// If an identical certificate, CRL, or CTL already exists in the store, the existing certificate, CRL, or CTL context is deleted
/// before creating and adding the new context.
///
///
/// -
/// CERT_STORE_ADD_ALWAYS
///
/// No check is made to determine whether an identical certificate, CRL, or CTL already exists. A new element is always created.
/// This can lead to duplicates in the store. To determine whether the element already exists in the store, call CertGetCRLFromStore
/// or CertGetSubjectCertificateFromStore.
///
///
/// -
/// CERT_STORE_ADD_NEWER
///
/// If a matching CRL or CTL or a link to a matching CRL or CTL exists, the function compares the NotBefore times on the CRL or CTL.
/// If the existing CRL or CTL has a NotBefore time less than the NotBefore time on the new element, the old element or link is
/// replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing element has a NotBefore time greater than or equal to the
/// NotBefore time on the element to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code. If a matching
/// CRL or CTL or a link to a matching CRL or CTL is not found in the store, a new element is added to the store.
///
///
/// -
/// CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES
///
/// The action is the same as for CERT_STORE_ADD_NEWER. However, if an older CRL or CTL is replaced, the properties of the older
/// element are incorporated into the replacement.
///
///
/// -
/// CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES
///
/// If a matching certificate exists in the store, the existing context is deleted before creating and adding the new context. The
/// new added context inherits properties from the existing certificate.
///
///
///
///
/// Reserved for future use and must be zero.
///
///
/// Specifics the contexts that can be added. For example, to add either a certificate, CRL, or CTL, set dwContextTypeFlags to
/// CERT_STORE_CERTIFICATE_CONTEXT_FLAG or CERT_STORE_CRL_CONTEXT_FLAG.
///
/// Currently defined context type flags are shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_ALL_CONTEXT_FLAG
/// Adds any context.
///
/// -
/// CERT_STORE_CERTIFICATE_CONTEXT_FLAG
/// Adds only a certificate context.
///
/// -
/// CERT_STORE_CRL_CONTEXT_FLAG
/// Adds only a CRL context.
///
/// -
/// CERT_STORE_CTL_CONTEXT_FLAG
/// Adds only a CTL context.
///
///
///
///
///
/// A pointer to the context type of the added serialized element. This is an optional parameter and can be NULL, which
/// indicates that the calling application does not require the context type.
///
/// Currently defined context types are shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_CERTIFICATE_CONTEXT
/// Certificates
///
/// -
/// CERT_STORE_CRL_CONTEXT
/// CRLs
///
/// -
/// CERT_STORE_CTL_CONTEXT
/// CTLs
///
///
///
///
///
/// A pointer to a pointer to the decoded certificate, CRL, or CTL context. This is an optional parameter and can be NULL,
/// which indicates that the calling application does not require the context of the added or existing certificate, CRL, or CTL.
///
///
/// If ppvContext is not NULL, it must be the address of a pointer to a CERT_CONTEXT, CRL_CONTEXT, or CTL_CONTEXT. When the
/// application is finished with the context, the context must be freed by using CertFreeCertificateContext for a certificate,
/// CertFreeCRLContext for a CRL, or CertFreeCTLContext for a CTL.
///
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError. Some possible error codes follow.
///
///
/// Return code
/// Description
///
/// -
/// CRYPT_E_EXISTS
/// If the dwAddDisposition parameter is set to CERT_STORE_ADD_NEW, the certificate, CRL, or CTL already exists in the store.
///
/// -
/// E_INVALIDARG
/// A disposition value that is not valid was specified in the dwAddDisposition parameter.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddserializedelementtostore BOOL
// CertAddSerializedElementToStore( HCERTSTORE hCertStore, const BYTE *pbElement, DWORD cbElement, DWORD dwAddDisposition, DWORD
// dwFlags, DWORD dwContextTypeFlags, DWORD *pdwContextType, const void **ppvContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddSerializedElementToStore([Optional] HCERTSTORE hCertStore, [In] IntPtr pbElement, uint cbElement, CertStoreAdd dwAddDisposition, [Optional] uint dwFlags, CertStoreContextFlags dwContextTypeFlags, IntPtr pdwContextType = default, IntPtr ppvContext = default);
///
/// The CertAddStoreToCollection function adds a sibling certificate store to a collection certificate store. When a
/// certificate store has been added to a collection store, all of the certificates, certificate revocation lists (CRLs), and
/// certificate trust lists (CTLs) in the store that has been added to the collection store can be retrieved by using find or
/// enumerate function calls that use the collection store.
///
/// Handle of a certificate store.
/// Handle of a sibling store to be added to the collection store. For more information, see Remarks.
///
/// Indicates whether certificates, CRLs, and CTLs can be added to the new sibling store member of the collection store. To enable
/// addition, set dwUpdateFlag to CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG. To disable additions, set dwUpdateFlag to zero.
///
///
/// Sets a priority level of the new store in the collection, with zero being the lowest priority. If zero is passed for this
/// parameter, the specified store is appended as the last store in the collection. The priority levels of the stores in a
/// collection determine the order in which the stores are enumerated, and the search order of the stores when attempting to
/// retrieve a certificate, CRL, or CTL. Priority levels also determine to which store of a collection a new certificate, CRL, or
/// CTL is added. For more information, see Remarks.
///
///
/// If the function succeeds, the function returns nonzero and a new store is added to the collection of stores.
/// If the function fails, it returns zero and the store was not added.
///
///
///
/// A collection store has the same HCERTSTORE handle as a single store; thus, almost all functions that apply to any
/// certificate store also apply to any collection store. Enumeration and search processes span all of the stores in a collection
/// store; however, functions such as CertAddCertificateLinkToStore that add links to stores cannot be used with collection stores.
///
///
/// When a certificate, CRL, or CTL is added to a collection store, the list of sibling stores in the collection is searched in
/// priority order to find the first store that allows adding. Adding is enabled if CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG was set in
/// the CertAddStoreToCollection call. With any function that adds elements to a store, if a store that allows adding does
/// not return success, the addition function continues on to the next store without providing notification.
///
///
/// When a collection store and its sibling stores are closed with CertCloseStore using CERT_CLOSE_STORE_FORCE_FLAG, the collection
/// store must be closed before its sibling stores. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the stores can be closed in any order.
///
/// Examples
///
/// The following example shows adding a sibling certificate store to a collection certificate store. For a full example including
/// the complete context for this example, see Example C Program: Collection and Sibling Certificate Store Operations.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddstoretocollection BOOL CertAddStoreToCollection(
// HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ea848d74-c3ec-4166-90ea-121b33f7f318")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, CertPhysicalStoreFlags dwUpdateFlags, uint dwPriority);
///
/// The CertCloseStore function closes a certificate store handle and reduces the reference count on the store. There needs
/// to be a corresponding call to CertCloseStore for each successful call to the CertOpenStore or CertDuplicateStore functions.
///
/// Handle of the certificate store to be closed.
///
///
/// Typically, this parameter uses the default value zero. The default is to close the store with memory remaining allocated for
/// contexts that have not been freed. In this case, no check is made to determine whether memory for contexts remains allocated.
///
///
/// Set flags can force the freeing of memory for all of a store's certificate, certificate revocation list (CRL), and certificate
/// trust list (CTL) contexts when the store is closed. Flags can also be set that check whether all of the store's certificate,
/// CRL, and CTL contexts have been freed. The following values are defined.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_CLOSE_STORE_CHECK_FLAG
///
/// Checks for nonfreed certificate, CRL, and CTL contexts. A returned error code indicates that one or more store elements is still
/// in use. This flag should only be used as a diagnostic tool in the development of applications.
///
///
/// -
/// CERT_CLOSE_STORE_FORCE_FLAG
///
/// Forces the freeing of memory for all contexts associated with the store. This flag can be safely used only when the store is
/// opened in a function and neither the store handle nor any of its contexts are passed to any called functions. For details, see Remarks.
///
///
///
///
///
/// If the function succeeds, the return value is TRUE.
/// If the function fails, the return value is FALSE. For extended error information, call GetLastError.
///
/// If CERT_CLOSE_STORE_CHECK_FLAG is not set or if it is set and all contexts associated with the store have been freed, the return
/// value is TRUE.
///
///
/// If CERT_CLOSE_STORE_CHECK_FLAG is set and memory for one or more contexts associated with the store remains allocated, the
/// return value is FALSE. The store is always closed even when the function returns FALSE. For details, see Remarks.
///
///
/// GetLastError is set to CRYPT_E_PENDING_CLOSE if memory for contexts associated with the store remains allocated. Any existing
/// value returned by GetLastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set.
///
///
///
///
/// While a certificate store is open, contexts from that store can be retrieved or duplicated. When a context is retrieved or
/// duplicated, its reference count is incremented. When a context is freed by passing it to a search or enumeration function as a
/// previous context or by using CertFreeCertificateContext, CertFreeCRLContext, or CertFreeCTLContext, its reference count is
/// decremented. When a context's reference count reaches zero, memory allocated for that context is automatically freed. When the
/// memory allocated for a context has been freed, any pointers to that context become not valid.
///
///
/// By default, memory used to store contexts with reference count greater than zero is not freed when a certificate store is
/// closed. References to those contexts remain valid; however, this can cause memory leaks. Also, any changes made to the
/// properties of a context after the store has been closed are not persisted.
///
///
/// To force the freeing of memory for all contexts associated with a store, set CERT_CLOSE_STORE_FORCE_FLAG. With this flag set,
/// memory for all contexts associated with the store is freed and all pointers to certificate, CRL, or CTL contexts associated with
/// the store become not valid. This flag should only be set when the store is opened in a function and neither the store handle nor
/// any of its contexts were ever passed to any called functions.
///
///
/// The status of reference counts on contexts associated with a store can be checked when the store is closed by using
/// CERT_CLOSE_STORE_CHECK_FLAG. When this flag is set, and all certificate, CRL, or CTL contexts have not been released, the
/// function returns FALSE and GetLastError returns CRYPT_E_PENDING_CLOSE. Note that the store is still closed when
/// FALSE is returned and the memory for any active contexts is not freed.
///
/// If CERT_STORE_NO_CRYPT_RELEASE_FLAG was not set when the store was opened, closing a store releases its CSP handle.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certclosestore BOOL CertCloseStore( HCERTSTORE
// hCertStore, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a93fdd65-359e-4046-910d-347c3af01280")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertCloseStore(HCERTSTORE hCertStore, CertCloseStoreFlags dwFlags);
///
///
/// The CertControlStore function allows an application to be notified when there is a difference between the contents of a
/// cached store in use and the contents of that store as it is persisted to storage. Differences can occur as another process makes
/// a change that affects the store as it is persisted.
///
///
/// The CertControlStore function can be used to synchronize a cached store, if necessary, and provides a means to commit
/// changes made in the cached store to persisted storage.
///
///
/// Handle of the certificate store.
///
/// If the dwCtrlType parameter is set to CERT_STORE_CTRL_COMMIT, this parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_CTRL_COMMIT_FORCE_FLAG
/// Forces the contents of the cache memory store to be copied to permanent storage even if the cache has not been changed.
///
/// -
/// CERT_STORE_CTRL_COMMIT_CLEAR_FLAG
/// Inhibits the copying of the contents of the cache memory store to permanent storage even when the store is closed.
///
/// -
/// CERT_STORE_CTRL_INHIBIT_DUPLICATE_HANDLE_FLAG
///
/// Inhibits a duplicate handle of the event HANDLE. If this flag is set, CertControlStore with CERT_STORE_CTRL_CANCEL_NOTIFY passed
/// must be called for this event HANDLE before closing the hCertStore handle.
///
///
///
///
/// If dwCtrlType is set to CERT_STORE_CTRL_NOTIFY_CHANGE or CERT_STORE_CTRL_RESYNC, the dwFlags parameter is not used and must be
/// set to zero.
///
///
///
///
/// Control action to be taken by CertControlStore. The interpretations of pvCtrlPara and dwFlags depend on the value of
/// dwCtrlType. Currently, the following actions are defined.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_CTRL_RESYNC
/// The cached store is resynchronized and made to match the persisted store.
///
/// -
/// CERT_STORE_CTRL_NOTIFY_CHANGE
///
/// A signal is returned in the space pointed to by pvCtrlPara to indicate that the current contents of the cached store differ from
/// the store's persisted state.
///
///
/// -
/// CERT_STORE_CTRL_COMMIT
///
/// Any changes made to the cached store are copied to persisted storage. If no changes were made since the cached store was opened
/// or since the last commit, the call is ignored. The call is also ignored if the store provider is a provider that automatically
/// persists changes immediately.
///
///
/// -
/// CERT_STORE_CTRL_AUTO_RESYNC
///
/// At the start of every enumeration or find store call, a check is made to determine whether a change has been made in the store.
/// If the store has changed, a re-synchronization is done. This check is only done on first enumeration or find calls, when the
/// pPrevContext is NULL. The pvCtrPara member is not used and must be set to NULL.
///
///
/// -
/// CERT_STORE_CTRL_CANCEL_NOTIFY
///
/// Cancels notification signaling of the event HANDLE passed in a previous CERT_STORE_CTRL_NOTIFY_CHANGE or CERT_STORE_CTRL_RESYNC.
/// The pvCtrlPara parameter points to the event HANDLE to be canceled.
///
///
///
///
///
///
/// If dwCtrlType is CERT_STORE_NOTIFY_CHANGE, pvCtrlPara is set to the address of a handle where the system signals the
/// notification change event when a change from the persisted state of the store is detected. The handle must be initialized with a
/// call to the function CreateEvent. The pvCtrlPara parameter can be set to NULL for registry-based stores. If pvCtrlPara is
/// NULL, an internal notification change event is created and registered to be signaled. Using the internal notification
/// change event allows resynchronization operations only if the store was changed.
///
///
/// If dwCtrlType is CERT_STORE_CTRL_RESYNC, set pvCtrlPara to the address of the event handle to be signaled on the next change in
/// the persisted store. Typically, this address is the address of the event handle passed with CERT_STORE_CTRL_NOTIFY_CHANGE during
/// initialization. The event handle passed is rearmed. If pvCtrlPara is set to NULL, no event is rearmed.
///
/// If dwCtrlType CERT_STORE_CTRL_COMMIT, pvCtrlPara is not used and must be set to NULL.
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError.
///
/// If dwCtrlType is CERT_STORE_NOTIFY_CHANGE, the function returns nonzero if a handle for the event signal was successfully set
/// up. The function returns zero if the event handle was not set up.
///
///
/// If dwCtrlType is CERT_STORE_CTRL_RESYNC, the function returns nonzero if the resynchronization succeeded. The function returns
/// zero if the resynchronization failed.
///
///
/// If dwCtrlType is CERT_STORE_CTRL_COMMIT, the function returns nonzero to indicate the successful completion of the commit to
/// persisted storage. The function returns zero if the commit failed.
///
///
/// Some providers might not support specific control types. In these cases, CertControlStore returns zero and GetLastError
/// is set to the ERROR_NOT_SUPPORTED code.
///
///
///
/// Resynchronization of a store can be done at any time. It need not follow a signaled notification change event.
/// CERT_STORE_CTRL_NOTIFY_CHANGE is supported on registry-based store providers by using the RegNotifyChangeKeyValue function.
///
/// CertControlStore using CERT_STORE_CTRL_NOTIFY_CHANGE is called once for each event handle to be passed with
/// CERT_STORE_CTRL_RESYNC. These calls using CERT_STORE_CTRL_NOTIFY_CHANGE must be made after each event is created and not after
/// an event has been signaled.
///
/// Examples
///
/// The following example shows allowing an application to be notified when there is a difference between the contents of a cached
/// store in use and the contents of that store as it is persisted to storage. For the full example including the complete context
/// for this example, see Example C Program: Setting and Getting Certificate Store Properties.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcontrolstore BOOL CertControlStore( HCERTSTORE
// hCertStore, DWORD dwFlags, DWORD dwCtrlType, void const *pvCtrlPara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "04cd9349-50c1-44b4-b080-631a24a80d70")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertControlStore(HCERTSTORE hCertStore, CertStoreControlFlags dwFlags, CertStoreControlType dwCtrlType, [In, Optional] IntPtr pvCtrlPara);
///
/// The CertCreateContext function creates the specified context from the encoded bytes. The context created does not include
/// any extended properties.
///
///
/// Specifies the contexts that can be created. For example, to create a certificate context, set dwContextType to CERT_STORE_CERTIFICATE_CONTEXT.
/// Currently defined context type flags are shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_CERTIFICATE_CONTEXT
/// Certificate context.
///
/// -
/// CERT_STORE_CRL_CONTEXT
/// CRL context.
///
/// -
/// CERT_STORE_CTL_CONTEXT
/// CTL context.
///
///
///
///
///
/// Specifies the encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional
/// encoding types may be added in the future. For either current encoding type, use:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.
///
/// A pointer to a buffer that contains the existing encoded context content to be copied.
/// The size, in bytes, of the pbEncoded buffer.
///
/// The following flag values are defined and can be combined by using a bitwise- OR operation.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_CREATE_CONTEXT_NOCOPY_FLAG
/// The created context points directly to the content pointed to by pbEncoded instead of an allocated copy.
///
/// -
/// CERT_CREATE_CONTEXT_SORTED_FLAG
///
/// The function creates a context with sorted entries. Currently, this flag only applies to a CTL context. For CTLs, the cCTLEntry
/// member of the returned CTL_INFO structure is always zero. CertFindSubjectInSortedCTL and CertEnumSubjectInSortedCTL must be
/// called to find or enumerate the CTL entries.
///
///
/// -
/// CERT_CREATE_CONTEXT_NO_HCRYPTMSG_FLAG
///
/// By default, when a CTL context is created, a HCRYTPMSG handle to its SignedData message is created. This flag can be set to
/// improve performance by not creating this handle. This flag can only be used when dwContextType is CERT_STORE_CTL_CONTEXT.
///
///
/// -
/// CERT_CREATE_CONTEXT_NO_ENTRY_FLAG
///
/// By default, when a CTL context is created, its entries are decoded. When this flag is set, the entries are not decoded and
/// performance is improved. This flag can only be used when dwContextType is CERT_STORE_CTL_CONTEXT.
///
///
///
///
///
/// A pointer to a CERT_CREATE_CONTEXT_PARA structure.
///
/// If pCreatePara and its pfnFree member are both non- NULL, the pfnFree member is used to free the memory
/// specified by the pvFree member. If the pvFree member is NULL, the pfnFree member is used to free the
/// pbEncoded pointer.
///
/// If pCreatePara or its pfnFree member is NULL, no attempt is made to free pbEncoded.
///
///
///
/// If the function succeeds, the return value is a pointer to the newly created context. The pvFree member of pCreatePara
/// must be called to free the created context.
///
/// If the function fails, the return value is NULL. For extended error information, call GetLastError.
///
/// If GetLastError returns ERROR_CANCELLED, this means that the PFN_CERT_CREATE_CONTEXT_SORT_FUNC callback function returned
/// FALSE to stop the sort.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreatecontext const void * CertCreateContext( DWORD
// dwContextType, DWORD dwEncodingType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCERT_CREATE_CONTEXT_PARA pCreatePara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "0911054b-a47a-4046-b121-a236fc4b018b")]
public static extern IntPtr CertCreateContext(CertStoreContextType dwContextType, CertEncodingType dwEncodingType, [In] IntPtr pbEncoded, uint cbEncoded, CertCreateContextFlags dwFlags, in CERT_CREATE_CONTEXT_PARA pCreatePara);
/// The CertDuplicateStore function duplicates a store handle by incrementing the store's reference count.
/// A handle of the certificate store for which the reference count is being incremented.
///
/// Currently, a copy is not made of the handle, and the returned handle is the same as the handle that was input. If NULL is
/// passed in, the called function will raise an access violation exception.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certduplicatestore HCERTSTORE CertDuplicateStore(
// HCERTSTORE hCertStore );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "628efd30-6e07-4748-82ac-5cdc723be451")]
public static extern HCERTSTORE CertDuplicateStore(HCERTSTORE hCertStore);
///
/// The CertEnumPhysicalStore function retrieves the physical stores on a computer. The function calls the provided callback
/// function for each physical store found.
///
///
/// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure that
/// indicates both the name and the location of the system store to be enumerated. Otherwise, pvSystemStore is a pointer to a
/// Unicode string that names the system store whose physical stores are to be enumerated. For information about prefixing a
/// ServiceName or ComputerName to the system store name, see CertRegisterSystemStore.
///
///
/// Specifies the location of the system store. The following flag values are defined:
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
///
///
/// In addition, CERT_SYSTEM_STORE_RELOCATE_FLAG or CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG can be combined using a bitwise-
/// OR
/// operation with any of the high-word location flags.
///
///
/// A pointer to a void that allows the application to declare, define, and initialize a structure to hold any information to
/// be passed to the callback enumeration function.
///
///
/// A pointer to the callback function used to show the details for each physical store. This callback function determines the
/// content and format for the presentation of information on each physical store. The application must provide the
/// CertEnumPhysicalStoreCallback callback function.
///
///
/// If the function succeeds and another physical store was found, the return value is TRUE.
///
/// If the system store location only supports system stores and does not support physical stores, the function returns FALSE
/// and GetLastError returns the ERROR_NOT_SUPPORTED code.
///
///
/// If the function fails and another physical store was not found, the return value is FALSE. For extended error
/// information, call GetLastError.
///
///
///
///
/// To use CertEnumPhysicalStore, an application must declare and define the ENUM_ARG structure and an enumeration
/// callback function.
///
/// Examples
/// See Example C Program: Listing System and Physical Stores.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumphysicalstore BOOL CertEnumPhysicalStore( const
// void *pvSystemStore, DWORD dwFlags, void *pvArg, PFN_CERT_ENUM_PHYSICAL_STORE pfnEnum );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "5804d565-5129-4e6d-8b3d-9bd938807740")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertEnumPhysicalStore([MarshalAs(UnmanagedType.LPWStr)] string pvSystemStore, CertSystemStore dwFlags, [In, Optional] IntPtr pvArg, CertEnumPhysicalStoreCallback pfnEnum);
///
/// The CertEnumPhysicalStore function retrieves the physical stores on a computer. The function calls the provided callback
/// function for each physical store found.
///
///
/// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure that
/// indicates both the name and the location of the system store to be enumerated. Otherwise, pvSystemStore is a pointer to a
/// Unicode string that names the system store whose physical stores are to be enumerated. For information about prefixing a
/// ServiceName or ComputerName to the system store name, see CertRegisterSystemStore.
///
///
/// Specifies the location of the system store. The following flag values are defined:
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
///
///
/// In addition, CERT_SYSTEM_STORE_RELOCATE_FLAG or CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG can be combined using a bitwise-
/// OR
/// operation with any of the high-word location flags.
///
///
/// A pointer to a void that allows the application to declare, define, and initialize a structure to hold any information to
/// be passed to the callback enumeration function.
///
///
/// A pointer to the callback function used to show the details for each physical store. This callback function determines the
/// content and format for the presentation of information on each physical store. The application must provide the
/// CertEnumPhysicalStoreCallback callback function.
///
///
/// If the function succeeds and another physical store was found, the return value is TRUE.
///
/// If the system store location only supports system stores and does not support physical stores, the function returns FALSE
/// and GetLastError returns the ERROR_NOT_SUPPORTED code.
///
///
/// If the function fails and another physical store was not found, the return value is FALSE. For extended error
/// information, call GetLastError.
///
///
///
///
/// To use CertEnumPhysicalStore, an application must declare and define the ENUM_ARG structure and an enumeration
/// callback function.
///
/// Examples
/// See Example C Program: Listing System and Physical Stores.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumphysicalstore BOOL CertEnumPhysicalStore( const
// void *pvSystemStore, DWORD dwFlags, void *pvArg, PFN_CERT_ENUM_PHYSICAL_STORE pfnEnum );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "5804d565-5129-4e6d-8b3d-9bd938807740")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertEnumPhysicalStore(in CERT_SYSTEM_STORE_RELOCATE_PARA pvSystemStore, CertSystemStore dwFlags, [In, Optional] IntPtr pvArg, CertEnumPhysicalStoreCallback pfnEnum);
///
/// The CertEnumSubjectInSortedCTL function retrieves the first or next TrustedSubject in a sorted certificate trust list
/// (CTL). A sorted CTL is a CTL created with the CERT_CREATE_CONTEXT_SORTED_FLAG set. Used in a loop, this function can retrieve in
/// sequence all TrustedSubjects in a sorted CTL.
///
/// A pointer to the CTL_CONTEXT structure to be searched.
///
/// A pointer to the address of the last TrustedSubject found. To start the enumeration, ppvNextSubject must point to a pointer set
/// to NULL. Upon return, the pointer addressed by ppvNextSubject is updated to point to the next TrustedSubject in the
/// encoded sequence.
///
///
/// A pointer to a CRYPT_DER_BLOB structure, uniquely identifying a TrustedSubject. The information in this structure can be a hash
/// or any unique byte sequence.
///
///
/// A pointer to a CRYPT_DER_BLOB structure containing a byte count and a pointer to the TrustedSubject's encoded attributes.
///
///
///
/// If the function succeeds, the return value is TRUE, with ppvNextSubject updated to point to the next TrustedSubject in
/// the encoded sequence.
///
///
/// If the function fails, the return value is FALSE. The return value is FALSE if there are no more subjects or there
/// is an argument that is not valid.
///
///
///
///
/// The pbData members of CRYPT_DER_BLOB structures point directly to the encoded bytes. The CRYPT_DER_BLOB
/// structures, themselves, must be allocated and freed by the application, but the memory addressed by the pbData members of
/// these structures is not allocated by the application and must not be freed by the application.
///
/// If the CTL is not sorted with the CERT_CREATE_CONTEXT_SORTED_FLAG flag set, an error results.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumsubjectinsortedctl BOOL
// CertEnumSubjectInSortedCTL( PCCTL_CONTEXT pCtlContext, void **ppvNextSubject, PCRYPT_DER_BLOB pSubjectIdentifier, PCRYPT_DER_BLOB
// pEncodedAttributes );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b37cff03-5e9c-4e6c-b46e-d3f02dbf8783")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertEnumSubjectInSortedCTL([In] PCCTL_CONTEXT pCtlContext, ref IntPtr ppvNextSubject, out CRYPTOAPI_BLOB pSubjectIdentifier, out CRYPTOAPI_BLOB pEncodedAttributes);
///
/// The CertEnumSystemStore function retrieves the system stores available. The function calls the provided callback function
/// for each system store found.
///
///
/// Specifies the location of the system store. This parameter can be one of the following flags:
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
///
///
/// In addition, the CERT_SYSTEM_STORE_RELOCATE_FLAG can be combined, by using a bitwise-
/// OR
/// operation, with any of the high-word location flags.
///
///
///
/// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in the dwFlags parameter, pvSystemStoreLocationPara points to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure that indicates both the name and the location of the system store. Otherwise,
/// pvSystemStoreLocationPara is a pointer to a Unicode string that names the system store.
///
///
/// For CERT_SYSTEM_STORE_LOCAL_MACHINE or CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, pvSystemStoreLocationPara can optionally be
/// set to a Unicode computer name for enumerating local computer stores on a remote computer, for example "\computer_name" or
/// "computer_name". The leading backslashes (\) are optional in the computer_name.
///
///
/// For CERT_SYSTEM_STORE_SERVICES or CERT_SYSTEM_STORE_USERS, if pvSystemStoreLocationPara is NULL, the function enumerates
/// both the service/user names and the stores for each service/user name. Otherwise, pvSystemStoreLocationPara is a Unicode string
/// that contains a remote computer name and, if available, a service/user name, for example, "service_name", "\computer_name", or "computer_name".
///
///
/// If only the computer_name is specified, it must have either the leading backslashes (\) or a trailing backslash (). Otherwise,
/// it is interpreted as the service_name or user_name.
///
///
///
/// A pointer to a void that allows the application to declare, define, and initialize a structure to hold any information to
/// be passed to the callback enumeration function.
///
///
/// A pointer to the callback function used to show the details for each system store. This callback function determines the content
/// and format for the presentation of information on each system store. The application must provide the
/// CertEnumSystemStoreCallback callback function.
///
///
/// If the function succeeds, the function returns TRUE.
/// If the function fails, it returns FALSE.
///
///
///
/// To use CertEnumSystemStore, the application must declare and define the ENUM_ARG structure and the
/// CertEnumSystemStoreCallback callback function.
///
/// Examples
/// For an example that uses this function, see Example C Program: Listing System and Physical Stores.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumsystemstore BOOL CertEnumSystemStore( DWORD
// dwFlags, void *pvSystemStoreLocationPara, void *pvArg, PFN_CERT_ENUM_SYSTEM_STORE pfnEnum );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "fd9cb23b-e4a3-41cb-8f0a-30f4e813c6ac")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertEnumSystemStore(CertSystemStore dwFlags, in CERT_SYSTEM_STORE_RELOCATE_PARA pvSystemStoreLocationPara, [In, Optional] IntPtr pvArg, CertEnumSystemStoreCallback pfnEnum);
///
/// The CertEnumSystemStore function retrieves the system stores available. The function calls the provided callback function
/// for each system store found.
///
///
/// Specifies the location of the system store. This parameter can be one of the following flags:
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
///
///
/// In addition, the CERT_SYSTEM_STORE_RELOCATE_FLAG can be combined, by using a bitwise-
/// OR
/// operation, with any of the high-word location flags.
///
///
///
/// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in the dwFlags parameter, pvSystemStoreLocationPara points to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure that indicates both the name and the location of the system store. Otherwise,
/// pvSystemStoreLocationPara is a pointer to a Unicode string that names the system store.
///
///
/// For CERT_SYSTEM_STORE_LOCAL_MACHINE or CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, pvSystemStoreLocationPara can optionally be
/// set to a Unicode computer name for enumerating local computer stores on a remote computer, for example "\computer_name" or
/// "computer_name". The leading backslashes (\) are optional in the computer_name.
///
///
/// For CERT_SYSTEM_STORE_SERVICES or CERT_SYSTEM_STORE_USERS, if pvSystemStoreLocationPara is NULL, the function enumerates
/// both the service/user names and the stores for each service/user name. Otherwise, pvSystemStoreLocationPara is a Unicode string
/// that contains a remote computer name and, if available, a service/user name, for example, "service_name", "\computer_name", or "computer_name".
///
///
/// If only the computer_name is specified, it must have either the leading backslashes (\) or a trailing backslash (). Otherwise,
/// it is interpreted as the service_name or user_name.
///
///
///
/// A pointer to a void that allows the application to declare, define, and initialize a structure to hold any information to
/// be passed to the callback enumeration function.
///
///
/// A pointer to the callback function used to show the details for each system store. This callback function determines the content
/// and format for the presentation of information on each system store. The application must provide the
/// CertEnumSystemStoreCallback callback function.
///
///
/// If the function succeeds, the function returns TRUE.
/// If the function fails, it returns FALSE.
///
///
///
/// To use CertEnumSystemStore, the application must declare and define the ENUM_ARG structure and the
/// CertEnumSystemStoreCallback callback function.
///
/// Examples
/// For an example that uses this function, see Example C Program: Listing System and Physical Stores.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumsystemstore BOOL CertEnumSystemStore( DWORD
// dwFlags, void *pvSystemStoreLocationPara, void *pvArg, PFN_CERT_ENUM_SYSTEM_STORE pfnEnum );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "fd9cb23b-e4a3-41cb-8f0a-30f4e813c6ac")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertEnumSystemStore(CertSystemStore dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pvSystemStoreLocationPara, [In, Optional] IntPtr pvArg, CertEnumSystemStoreCallback pfnEnum);
///
/// The CertEnumSystemStoreLocation function retrieves all of the system store locations. The function calls the provided
/// callback function for each system store location found.
///
/// Reserved for future use; must be zero.
///
/// A pointer to a void that allows the application to declare, define, and initialize a structure to hold any information to
/// be passed to the callback enumeration function.
///
///
/// A pointer to the callback function used to show the details for each store location. This callback function determines the
/// content and format for the presentation of information on each store location. For the signature and parameters of the callback
/// function, see CertEnumSystemStoreLocationCallback.
///
///
/// If the function succeeds, the function returns TRUE.
/// If the function fails, it returns FALSE.
///
///
///
/// To use CertEnumSystemStoreLocation, an application must declare and define the ENUM_ARG structure and an
/// enumeration callback function.
///
/// Examples
/// For an example that uses this function, see Example C Program: Listing System and Physical Stores.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumsystemstorelocation BOOL
// CertEnumSystemStoreLocation( DWORD dwFlags, void *pvArg, PFN_CERT_ENUM_SYSTEM_STORE_LOCATION pfnEnum );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "86408e6f-0732-4cb4-85cd-840b9d98b973")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertEnumSystemStoreLocation([Optional] uint dwFlags, [In, Optional] IntPtr pvArg, CertEnumSystemStoreLocationCallback pfnEnum);
///
/// The CertFindSubjectInCTL function attempts to find the specified subject in a certificate trust list (CTL). A subject can
/// be identified either by the certificate's whole context or by any unique identifier of the certificate's subject such as the
/// SHA1 hash of the certificate's issuer and serial number.
///
///
///
/// Specifies the encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional
/// encoding types may be added in the future. For either current encoding type, use:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.
///
///
/// Specifies the type of subject to be searched for in the CTL. May be NULL for a default search.
///
///
/// Value
/// Meaning
///
/// -
/// CTL_CERT_SUBJECT_TYPE
///
/// pvSubject data type: Pointer to a CERT_CONTEXT structure. The CTL's SubjectAlgorithm is examined to determine the representation
/// of the subject's identity. Initially, only SHA1 and MD5 hashes are supported as values for SubjectAlgorithm. The appropriate
/// hash property is obtained from the CERT_CONTEXT structure.
///
///
/// -
/// CTL_ANY_SUBJECT_TYPE
///
/// pvSubject data type: Pointer to a CTL_ANY_SUBJECT_INFO structure. The SubjectAlgorithm member of this structure must match the
/// algorithm type of the CTL, and the SubjectIdentifier member must match one of the CTL entries.
///
///
///
///
/// The certificate's hash or the SubjectIdentifier member of the CTL_ANY_SUBJECT_INFO structure is used as the key in
/// searching the subject entries. A binary memory comparison is done between the key and the entry's SubjectIdentifier.
///
/// If dwSubjectType is set to either preceding value, dwEncodingType is not used.
///
/// Pointer used in conjunction with the dwSubjectType parameter.
/// A pointer to the CTL_CONTEXT structure being searched.
/// Reserved for future use and must be zero.
///
/// If the function succeeds, the return value is the entry, if it is found.
///
/// If the function fails, the return value is NULL. For extended error information, call GetLastError. Some possible error
/// codes follow.
///
///
///
/// Return code
/// Description
///
/// -
/// CRYPT_E_NOT_FOUND
/// The subject was not found in the CTL.
///
/// -
/// E_INVALIDARG
/// The dwSubjectType parameter was not either CTL_CERT_SUBJECT_TYPE or CTL_ANY_SUBJECT_TYPE.
///
/// -
/// NTE_BAD_ALGID
/// The CTL's SubjectAlgorithm member did not map to either SHA1 or MD5.
///
///
///
///
/// The certificate's hash or the SubjectIdentifier member of the CTL_ANY_SUBJECT_INFO structure is used as the key in
/// searching the subject entries. A binary memory comparison is done between the key and the entry's SubjectIdentifier.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindsubjectinctl PCTL_ENTRY CertFindSubjectInCTL(
// DWORD dwEncodingType, DWORD dwSubjectType, void *pvSubject, PCCTL_CONTEXT pCtlContext, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e0c81531-e649-45bb-bafe-bced00c7b16a")]
public static extern IntPtr CertFindSubjectInCTL(CertEncodingType dwEncodingType, CtlCertSubject dwSubjectType, [In] IntPtr pvSubject, [In] PCCTL_CONTEXT pCtlContext, uint dwFlags = 0);
///
/// The CertFindSubjectInSortedCTL function attempts to find the specified subject in a sorted certificate trust list (CTL).
/// A subject can be identified either by the certificate's whole context or by any unique identifier of the certificate's subject,
/// such as the SHA1 hash of the certificate's issuer and serial number.
///
///
/// A pointer to a CRYPT_DATA_BLOB structure uniquely identifying the subject. The information in this structure can be a hash or
/// any unique byte sequence.
///
/// A pointer to the CTL_CONTEXT structure to be searched.
/// Reserved for future use and must be NULL.
/// Reserved for future use and must be NULL.
///
/// A pointer to a CRYPT_DER_BLOB structure containing a byte count and a pointer to the subject's encoded attributes.
///
///
/// If the function succeeds and the subject identifier exists in the CTL, the return value is TRUE.
/// If the function fails and does not locate a matching subject identifier, the return value is FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindsubjectinsortedctl BOOL
// CertFindSubjectInSortedCTL( PCRYPT_DATA_BLOB pSubjectIdentifier, PCCTL_CONTEXT pCtlContext, DWORD dwFlags, void *pvReserved,
// PCRYPT_DER_BLOB pEncodedAttributes );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "027e89e6-3de0-440d-be70-2281778f9a1e")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertFindSubjectInSortedCTL(in CRYPTOAPI_BLOB pSubjectIdentifier, [In] PCCTL_CONTEXT pCtlContext, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, out CRYPTOAPI_BLOB pEncodedAttributes);
/// The CertGetStoreProperty function retrieves a store property.
/// A handle of an open certificate store.
///
///
/// Indicates one of a range of store properties. There is one predefined store property, CERT_STORE_LOCALIZED_NAME_PROP_ID, the
/// localized name of the store.
///
///
/// User defined properties must be outside the current range of values for predefined context properties. Currently, user defined
/// dwPropId values begin at 4,096.
///
///
///
///
/// A pointer to a buffer that receives the data as determined by dwPropId. For CERT_STORE_LOCALIZED_NAME_PROP_ID, this is the
/// localized name of the store, and pvData points to a null-terminated Unicode wide-character string. For other dwPropIds, pvData
/// points to an array of bytes.
///
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
/// A pointer to a DWORD value that specifies the size, in bytes, of the pvData buffer. When the function returns, the
/// DWORD value contains the number of bytes stored in the buffer.
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero.
///
/// If the store property is found, the function returns nonzero, pvData points to the property, and pcbData points to the length of
/// the string. If the store property is not found, the function returns zero and GetLastError returns CRYPT_E_NOT_FOUND.
///
///
///
///
/// Store property identifiers are properties applicable to an entire store. They are not properties on an individual certificate,
/// certificate revocation list (CRL), or certificate trust list (CTL) context. Currently, no store properties are persisted.
///
/// To find the localized name of a store, you can also use the CryptFindLocalizedName function.
/// Examples
///
/// The following example shows querying a store for its local name property. Similar code can be used to retrieve other store
/// properties. For a complete example that uses this function, see Example C Program: Setting and Getting Certificate Store Properties.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetstoreproperty BOOL CertGetStoreProperty(
// HCERTSTORE hCertStore, DWORD dwPropId, void *pvData, DWORD *pcbData );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "0df4f18b-3b0f-498e-90a5-74d686af83e0")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertGetStoreProperty(HCERTSTORE hCertStore, uint dwPropId, [Optional] IntPtr pvData, ref uint pcbData);
///
/// The CertOpenStore function opens a certificate store by using a specified store provider type. While this function can
/// open a certificate store for most purposes, CertOpenSystemStore is recommended to open the most common certificate stores.
/// CertOpenStore is required for more complex options and special cases.
///
///
/// A pointer to a null-terminated ANSI string that contains the store provider type.
///
/// The following values represent the predefined store types. The store provider type determines the contents of the pvPara
/// parameter and the use and meaning of the high word of the dwFlags parameter. Additional store providers can be installed or
/// registered by using the CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction function. For more information about adding
/// store providers, see Extending CertOpenStore Functionality.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_PROV_COLLECTION sz_CERT_STORE_PROV_COLLECTION
///
/// Opens a store that will be a collection of other stores. Stores are added to or removed from the collection by using
/// CertAddStoreToCollection and CertRemoveStoreFromCollection. When a store is added to a collection, all certificates, CRLs, and
/// CTLs in that store become available to searches or enumerations of the collection store. The high word of dwFlags is set to
/// zero. pvPara value: The pvPara parameter must be NULL.
///
///
/// -
/// CERT_STORE_PROV_FILE
///
/// Initializes the store with certificates, CRLs, and CTLs read from a specified open file. This provider expects the file to
/// contain only a serialized store and not either PKCS #7 signed messages or a single encoded certificate. The file pointer must be
/// positioned at the beginning of the serialized store information. After the data in the serialized store has been loaded into the
/// certificate store, the file pointer is positioned at the beginning of any data that can follow the serialized store data in the
/// file. If CERT_FILE_STORE_COMMIT_ENABLE is set in dwFlags, the file handle is duplicated and the store is always committed as a
/// serialized store. The file is not closed when the store is closed. pvPara value: The pvPara parameter must contain a pointer to
/// the handle of a file opened by using CreateFile.
///
///
/// -
/// CERT_STORE_PROV_FILENAME_A
///
/// Initializes the store with certificates, CRLs, and CTLs from a file. The provider opens the file and first attempts to read the
/// file as a serialized store, then as a PKCS #7 signed message, and finally as a single encoded certificate. The dwEncodingType
/// parameter must contain the encoding types to be used with both messages and certificates. If the file contains an X.509 encoded
/// certificate, the open operation fails and a call to the GetLastError function will return ERROR_ACCESS_DENIED. If the
/// CERT_FILE_STORE_COMMIT_ENABLE flag is set in dwFlags, the dwCreationDisposition value passed to CreateFile is as follows: If
/// dwFlags includes CERT_FILE_STORE_COMMIT_ENABLE, the file is committed as either a PKCS #7 or a serialized store depending on the
/// file type opened. If the file was empty or if the file name has either a .p7c or .spc extension, the file is committed as a PKCS
/// #7. Otherwise, the file is committed as a serialized store. pvPara value: The pvPara parameter must contain a pointer to
/// null-terminated ANSI string that contains the name of an existing, unopened file.
///
///
/// -
/// CERT_STORE_PROV_FILENAME(_W) sz_CERT_STORE_PROV_FILENAME(_W)
///
/// Same as CERT_STORE_PROV_FILENAME_A. pvPara value: The pvPara parameter must contain a pointer to null-terminated Unicode string
/// that contains the name of an existing, unopened file.
///
///
/// -
/// CERT_STORE_PROV_LDAP(_W) sz_CERT_STORE_PROV_LDAP(_W)
///
/// Initializes the store with certificates, CRLs, and CTLs from the results of an LDAP query. To perform write operations on the
/// store, the query string must specify a BASE query with no filter and a single attribute. pvPara value: If the dwFlags parameter
/// contains CERT_LDAP_STORE_OPENED_FLAG, set pvPara to the address of a CERT_LDAP_STORE_OPENED_PARA structure that specifies the
/// established LDAP session to use. Otherwise, set pvPara to point to a null-terminated Unicode string that contains the LDAP query
/// string. For more information about LDAP query strings, see LDAP Dialect.
///
///
/// -
/// CERT_STORE_PROV_MEMORY sz_CERT_STORE_PROV_MEMORY
///
/// Creates a certificate store in cached memory. No certificates, certificate revocation lists (CRLs), or certificate trust lists
/// (CTLs) are initially loaded into the store. Typically used to create a temporary store. Any addition of certificates, CRLs, or
/// CTLs or changes in properties of certificates, CRLs, or CTLs in a memory store are not automatically saved. They can be saved to
/// a file or to a memory BLOB by using CertSaveStore. pvPara value: The pvPara parameter is not used.
///
///
/// -
/// CERT_STORE_PROV_MSG
///
/// Initializes the store with certificates, CRLs, and CTLs from the specified cryptographic message. The dwEncodingType parameter
/// must contain the encoding types used with both messages and certificates. pvPara value: The pvPara parameter contains an
/// HCRYPTMSG handle of the encoded message, returned by a call to CryptMsgOpenToDecode.
///
///
/// -
/// CERT_STORE_PROV_PHYSICAL(_W) sz_CERT_STORE_PROV_PHYSICAL(_W)
///
/// Initializes the store with certificates, CRLs, and CTLs from a specified physical store that is a member of a logical system
/// store. Two names are separated with an intervening backslash (), for example "Root.Default". Here, "Root" is the name of the
/// system store and ".Default" is the name of the physical store. The system and physical store names cannot contain any
/// backslashes. The high word of dwFlags indicates the system store location, usually CERT_SYSTEM_STORE_CURRENT_USER. For more
/// information, see dwFlags later in this topic and see System Store Locations. Some physical store locations can be opened
/// remotely. pvPara value: The pvPara parameter points to a null-terminated Unicode string that contains both the system store name
/// and physical names.
///
///
/// -
/// CERT_STORE_PROV_PKCS7 sz_CERT_STORE_PROV_PKCS7
///
/// Initializes the store with certificates, CRLs, and CTLs from an encoded PKCS #7 signed message. The dwEncodingType parameter
/// must specify the encoding types to be used with both messages and certificates. pvPara value: The pvPara parameter points to a
/// CRYPT_DATA_BLOB structure that represents the encoded message.
///
///
/// -
/// CERT_STORE_PROV_PKCS12 sz_CERT_STORE_PROV_PKCS12
///
/// Initializes the store with the contents of a PKCS #12 packet. If the PKCS #12 packet is protected with a NULL or empty password,
/// this function will succeed in opening the store. Beginning with Windows 8 and Windows Server 2012, if the password embedded in
/// the PFX packet was protected to an Active Directory (AD) principal and the current user, as a member of that principal, has
/// permission to decrypt the password, this function will succeed in opening the store. For more information, see the pvPara
/// parameter and the PKCS12_PROTECT_TO_DOMAIN_SIDS flag of the PFXExportCertStoreEx function. You can protect PFX passwords to an
/// AD principal beginning in Windows 8 and Windows Server 2012. pvPara value: The pvPara parameter points to a CRYPT_DATA_BLOB
/// structure that represents the PKCS #12 packet.
///
///
/// -
/// CERT_STORE_PROV_REG
///
/// Initializes the store with certificates, CRLs, and CTLs from a registry subkey. This provider opens or creates the registry
/// subkeys Certificates, CRLs, and CTLs under the key passed in pvPara. The input key is not closed by the provider. Before
/// returning, the provider opens its own copy of the key passed in pvPara. If CERT_STORE_READONLY_FLAG is set in the low word of
/// dwFlags, registry subkeys are opened by using the RegOpenKey with KEY_READ_ACCESS. Otherwise, registry subkeys are created by
/// using RegCreateKey with KEY_ALL_ACCESS. Any changes to the contents of the opened store are immediately persisted to the
/// registry. However, if CERT_STORE_READONLY_FLAG is set in the low word of dwFlags, any attempt to add to the contents of the
/// store or to change a context's property results in an error with GetLastError returning the E_ACCESSDENIED code. pvPara value:
/// The pvPara parameter contains the handle of an open registry key.
///
///
/// -
/// CERT_STORE_PROV_SERIALIZED sz_CERT_STORE_PROV_SERIALIZED
///
/// Initializes the store with certificates, CRLs, and CTLs from a memory location that contains a serialized store. pvPara value:
/// The pvPara parameter points to a CRYPT_DATA_BLOB structure that contains the serialized memory BLOB.
///
///
/// -
/// CERT_STORE_PROV_SMART_CARD(_W) sz_CERT_STORE_PROV_SMART_CARD(_W)
/// Not currently used.
///
/// -
/// CERT_STORE_PROV_SYSTEM_A
///
/// Initializes the store with certificates, CRLs, and CTLs from the specified system store. The system store is a logical,
/// collection store that consists of one or more physical stores. A physical store associated with a system store is registered
/// with the CertRegisterPhysicalStore function. After the system store is opened, all of the physical stores that are associated
/// with it are also opened by calls to CertOpenStore and are added to the system store collection by using the
/// CertAddStoreToCollection function. The high word of dwFlags indicates the system store location, usually set to
/// CERT_SYSTEM_STORE_CURRENT_USER. For details about registry locations, see dwFlags later in this topic and System Store
/// Locations. Some system store locations can be opened remotely; for more information, see System Store Locations. pvPara value:
/// The pvPara parameter points to a null-terminated ANSI string that contains a system store name, such as "My" or "Root".
///
///
/// -
/// CERT_STORE_PROV_SYSTEM(_W) sz_CERT_STORE_PROV_SYSTEM(_W)
///
/// Same as CERT_STORE_PROV_SYSTEM_A. pvPara value: The pvPara parameter points to a null-terminated Unicode string that contains a
/// system store name, such as "My" or "Root".
///
///
/// -
/// CERT_STORE_PROV_SYSTEM_REGISTRY_A
///
/// Initializes the store with certificates, CRLs, and CTLs from a physical registry store. The physical store is not opened as a
/// collection store. Enumerations and searches go through only the certificates, CRLs, and CTLs in that one physical store. The
/// high word of dwFlags indicates the system store location, usually set to CERT_SYSTEM_STORE_CURRENT_USER. For more information,
/// see dwFlags later in this topic. Some system store locations can be open remotely; for more information, see System Store
/// Locations. pvPara value: The pvPara parameter points to a null-terminated ANSI string that contains a system store name, such as
/// "My" or "Root".
///
///
/// -
/// CERT_STORE_PROV_SYSTEM_REGISTRY(_W) sz_CERT_STORE_PROV_SYSTEM_REGISTRY(_W)
///
/// Same as CERT_STORE_PROV_SYSTEM_REGISTRY_A. pvPara value: The pvPara parameter points to a null-terminated Unicode string that
/// contains a system store name, such as "My" or "Root".
///
///
///
///
///
///
/// Specifies the certificate encoding type and message encoding type. Encoding is used only when the dwSaveAs parameter of the
/// CertSaveStore function contains CERT_STORE_SAVE_AS_PKCS7. Otherwise, the dwMsgAndCertEncodingType parameter is not used.
///
///
/// This parameter is only applicable when the CERT_STORE_PROV_MSG, CERT_STORE_PROV_PKCS7, or
/// CERT_STORE_PROV_FILENAME provider type is specified in the lpszStoreProvider parameter. For all other provider types,
/// this parameter is unused and should be set to zero.
///
/// This parameter can be a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS #7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle to a cryptographic provider. Passing NULL for this parameter causes
/// an appropriate, default provider to be used. Using the default provider is recommended. The default or specified cryptographic
/// provider is used for all store functions that verify the signature of a subject certificate or CRL.This parameter's data type is HCRYPTPROV.
///
///
///
/// These values consist of high-word and low-word values combined by using a bitwise- OR operation.
///
/// The low-word portion of dwFlags controls a variety of general characteristics of the certificate store opened. This portion can
/// be used with all store provider types. The low-word portion of dwFlags can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_BACKUP_RESTORE_FLAG
///
/// Use the thread's SE_BACKUP_NAME and SE_RESTORE_NAME privileges to open registry or file-based system stores. If the thread does
/// not have these privileges, this function must fail with an access denied error.
///
///
/// -
/// CERT_STORE_CREATE_NEW_FLAG
///
/// A new store is created if one did not exist. The function fails if the store already exists. If neither
/// CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is set, a store is opened if it exists or is created and opened if
/// it did not already exist.
///
///
/// -
/// CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG
///
/// Defer closing of the store's provider until all certificates, CRLs, or CTLs obtained from the store are no longer in use. The
/// store is actually closed when the last certificate, CRL, or CTL obtained from the store is freed. Any changes made to properties
/// of these certificates, CRLs, and CTLs, even after the call to CertCloseStore, are persisted. If this flag is not set and
/// certificates, CRLs, or CTLs obtained from the store are still in use, any changes to the properties of those certificates, CRLs,
/// and CTLs will not be persisted. If this function is called with CERT_CLOSE_STORE_FORCE_FLAG,
/// CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG is ignored. When this flag is set and a non-NULL hCryptProv parameter value is
/// passed, that provider will continue to be used even after the call to this function.
///
///
/// -
/// CERT_STORE_DELETE_FLAG
///
/// The store is deleted instead of being opened. This function returns NULL for both success and failure of the deletion. To
/// determine the success of the deletion, call GetLastError, which returns zero if the store was deleted and a nonzero value if it
/// was not deleted.
///
///
/// -
/// CERT_STORE_ENUM_ARCHIVED_FLAG
///
/// Normally, an enumeration of all certificates in the store will ignore any certificate with the CERT_ARCHIVED_PROP_ID property
/// set. If this flag is set, an enumeration of the certificates in the store will contain all of the certificates in the store,
/// including those that have the CERT_ARCHIVED_PROP_ID property.
///
///
/// -
/// CERT_STORE_MAXIMUM_ALLOWED_FLAG
///
/// Open the store with the maximum set of allowed permissions. If this flag is specified, registry stores are first opened with
/// write access and if that fails, they are reopened with read-only access.
///
///
/// -
/// CERT_STORE_NO_CRYPT_RELEASE_FLAG
///
/// This flag is not used when the hCryptProv parameter is NULL. This flag is only valid when a non-NULL CSP handle is passed as the
/// hCryptProv parameter. Setting this flag prevents the automatic release of a nondefault CSP when the certificate store is closed.
///
///
/// -
/// CERT_STORE_OPEN_EXISTING_FLAG
/// Only open an existing store. If the store does not exist, the function fails.
///
/// -
/// CERT_STORE_READONLY_FLAG
///
/// Open the store in read-only mode. Any attempt to change the contents of the store will result in an error. When this flag is set
/// and a registry based store provider is being used, the registry subkeys are opened by using RegOpenKey with KEY_READ_ACCESS.
/// Otherwise, the registry subkeys are created by using RegCreateKey with KEY_ALL_ACCESS.
///
///
/// -
/// CERT_STORE_SET_LOCALIZED_NAME_FLAG
///
/// If this flag is supported, the provider sets the store's CERT_STORE_LOCALIZED_NAME_PROP_ID property. The localized name can be
/// retrieved by calling the CertGetStoreProperty function with dwPropID set to CERT_STORE_LOCALIZED_NAME_PROP_ID. This flag is
/// supported for providers of types CERT_STORE_PROV_FILENAME, CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL_W.
///
///
/// -
/// CERT_STORE_SHARE_CONTEXT_FLAG
///
/// When opening a store multiple times, you can set this flag to ensure efficient memory usage by reusing the memory for the
/// encoded parts of a certificate, CRL, or CTL context across the opened instances of the stores.
///
///
/// -
/// CERT_STORE_UPDATE_KEYID_FLAG
///
/// Lists of key identifiers exist within CurrentUser and LocalMachine. These key identifiers have properties much like the
/// properties of certificates. If the CERT_STORE_UPDATE_KEYID_FLAG is set, then for every key identifier in the store's location
/// that has a CERT_KEY_PROV_INFO_PROP_ID property, that property is automatically updated from the key identifier property
/// CERT_KEY_PROV_INFO_PROP_ID or the CERT_KEY_IDENTIFIER_PROP_ID of the certificate related to that key identifier.
///
///
///
///
/// The CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL provider types
/// use the following high words of dwFlags to specify system store registry locations:
///
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
/// CERT_SYSTEM_STORE_CURRENT_USER
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
/// CERT_SYSTEM_STORE_SERVICES
/// CERT_SYSTEM_STORE_USERS
///
/// By default, a system store location is opened relative to the HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or
/// HKEY_USERS predefined registry key. For more information, see System Store Locations.
///
/// The following high-word flags override this default behavior.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// When set, pvPara must contain a pointer to a CERT_SYSTEM_STORE_RELOCATE_PARA structure rather than a string. The structure
/// indicates both the name of the store and its location in the registry.
///
///
/// -
/// CERT_SYSTEM_STORE_UNPROTECTED_FLAG
///
/// By default, when the CurrentUser "Root" store is opened, any SystemRegistry roots not on the protected root list are deleted
/// from the cache before this function returns. When this flag is set, this default is overridden and all of the roots in the
/// SystemRegistry are returned and no check of the protected root list is made.
///
///
///
/// The CERT_STORE_PROV_REGISTRY provider uses the following high-word flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_REGISTRY_STORE_REMOTE_FLAG
///
/// pvPara contains a handle to a registry key on a remote computer. To access a registry key on a remote computer, security
/// permissions on the remote computer must be set to allow access. For more information, see Remarks.
///
///
/// -
/// CERT_REGISTRY_STORE_SERIALIZED_FLAG
///
/// The CERT_STORE_PROV_REG provider saves certificates, CRLs, and CTLs in a single serialized store subkey instead of performing
/// the default save operation. The default is that each certificate, CRL, or CTL is saved as a separate registry subkey under the
/// appropriate subkey. This flag is mainly used for stores downloaded from the group policy template (GPT), such as the
/// CurrentUserGroupPolicy and LocalMachineGroupPolicy stores. When CERT_REGISTRY_STORE_SERIALIZED_FLAG is set, store additions,
/// deletions, or property changes are not persisted until there is a call to either CertCloseStore or CertControlStore using CERT_STORE_CTRL_COMMIT.
///
///
///
/// The CERT_STORE_PROV_FILE and CERT_STORE_PROV_FILENAME provider types use the following high-word flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_FILE_STORE_COMMIT_ENABLE
///
/// Setting this flag commits any additions to the store or any changes made to properties of contexts in the store to the file
/// store either when CertCloseStore is called or when CertControlStore is called with CERT_STORE_CONTROL_COMMIT. CertOpenStore
/// fails with E_INVALIDARG if both CERT_FILE_STORE_COMMIT_ENABLE and CERT_STORE_READONLY_FLAG are set in dwFlags.
///
///
///
/// The CERT_STORE_PROV_LDAP provider type uses the following high-word flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_LDAP_STORE_AREC_EXCLUSIVE_FLAG
///
/// Performs an A-Record-only DNS lookup on the URL named in the pvPara parameter. This prevents false DNS queries from being
/// generated when resolving URL host names. Use this flag when passing a host name as opposed to a domain name for the pvPara parameter.
///
///
/// -
/// CERT_LDAP_STORE_OPENED_FLAG
///
/// Use this flag to use an existing LDAP session. When this flag is specified, the pvPara parameter is the address of a
/// CERT_LDAP_STORE_OPENED_PARA structure that contains information about the LDAP session to use.
///
///
/// -
/// CERT_LDAP_STORE_SIGN_FLAG
///
/// To provide integrity required by some applications, digitally sign all LDAP traffic to and from an LDAP server by using the
/// Kerberos authentication protocol.
///
///
/// -
/// CERT_LDAP_STORE_UNBIND_FLAG
///
/// Use this flag with the CERT_LDAP_STORE_OPENED_FLAG flag to cause the LDAP session to be unbound when the store is closed. The
/// system will unbind the LDAP session by using the ldap_unbind function when the store is closed.
///
///
///
///
///
/// A 32-bit value that can contain additional information for this function. The contents of this parameter depends on the value of
/// the lpszStoreProvider and other parameters.
///
///
///
/// If the function succeeds, the function returns a handle to the certificate store. When you have finished using the store,
/// release the handle by calling the CertCloseStore function.
///
/// If the function fails, it returns NULL. For extended error information, call GetLastError.
///
/// Note CreateFile, ReadFile, or registry errors might be propagated and their error codes returned. CertOpenStore
/// has a single error code of its own, the ERROR_FILE_NOT_FOUND code, which indicates that the function was unable to find the
/// provider specified by the lpszStoreProvider parameter.
///
///
///
///
/// A system store is a collection that consists of one or more physical sibling stores. For each system store, there are predefined
/// physical sibling stores. After opening a system store such as "My" at CERT_SYSTEM_STORE_CURRENT_USER, CertOpenStore is
/// called to open all of the physical stores in the system store collection. Each of these physical stores is added to the system
/// store collection by using the CertAddStoreToCollection function. All certificates, CRLs, and CTLs in those physical stores are
/// available through the logical system store collection.
///
///
/// Note The order of the certificate context may not be preserved within the store. To access a specific certificate you
/// must iterate across the certificates in the store.
///
/// The following system store locations can be opened remotely:
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
///
///
/// System store locations are opened remotely by prefixing the store name in the string passed to pvPara with the computer name.
/// Examples of remote system store names are:
///
///
/// -
/// ComputerName\CA
///
/// -
/// \\ComputerName\CA
///
/// -
/// ComputerName\ServiceName\Trust
///
/// -
/// \\ComputerName\ServiceName\Trust
///
///
/// For more information about system stores, see System Store Locations.
/// For more information about the stores that are automatically migrated, see Certificate Store Migration.
/// Examples
///
/// The following example shows opening several certificate stores of different store provider types. The example uses the
/// CreateMyDACL function, defined in the Creating a DACL topic, to ensure the open file is created with a proper DACL. For
/// more examples of opening other store provider types, see Example C Code for Opening Certificate Stores.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore HCERTSTORE CertOpenStore( LPCSTR
// lpszStoreProvider, DWORD dwEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "4edccbfe-c0a8-442b-b6b7-51ef598e7c90")]
public static extern SafeHCERTSTORE CertOpenStore([In] SafeOID lpszStoreProvider, CertEncodingType dwEncodingType, [Optional] HCRYPTPROV hCryptProv, CertStoreFlags dwFlags, [Optional] IntPtr pvPara);
///
/// The CertOpenStore function opens a certificate store by using a specified store provider type. While this function can
/// open a certificate store for most purposes, CertOpenSystemStore is recommended to open the most common certificate stores.
/// CertOpenStore is required for more complex options and special cases.
///
///
/// A pointer to a null-terminated ANSI string that contains the store provider type.
///
/// The following values represent the predefined store types. The store provider type determines the contents of the pvPara
/// parameter and the use and meaning of the high word of the dwFlags parameter. Additional store providers can be installed or
/// registered by using the CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction function. For more information about adding
/// store providers, see Extending CertOpenStore Functionality.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_PROV_COLLECTION sz_CERT_STORE_PROV_COLLECTION
///
/// Opens a store that will be a collection of other stores. Stores are added to or removed from the collection by using
/// CertAddStoreToCollection and CertRemoveStoreFromCollection. When a store is added to a collection, all certificates, CRLs, and
/// CTLs in that store become available to searches or enumerations of the collection store. The high word of dwFlags is set to
/// zero. pvPara value: The pvPara parameter must be NULL.
///
///
/// -
/// CERT_STORE_PROV_FILE
///
/// Initializes the store with certificates, CRLs, and CTLs read from a specified open file. This provider expects the file to
/// contain only a serialized store and not either PKCS #7 signed messages or a single encoded certificate. The file pointer must be
/// positioned at the beginning of the serialized store information. After the data in the serialized store has been loaded into the
/// certificate store, the file pointer is positioned at the beginning of any data that can follow the serialized store data in the
/// file. If CERT_FILE_STORE_COMMIT_ENABLE is set in dwFlags, the file handle is duplicated and the store is always committed as a
/// serialized store. The file is not closed when the store is closed. pvPara value: The pvPara parameter must contain a pointer to
/// the handle of a file opened by using CreateFile.
///
///
/// -
/// CERT_STORE_PROV_FILENAME_A
///
/// Initializes the store with certificates, CRLs, and CTLs from a file. The provider opens the file and first attempts to read the
/// file as a serialized store, then as a PKCS #7 signed message, and finally as a single encoded certificate. The dwEncodingType
/// parameter must contain the encoding types to be used with both messages and certificates. If the file contains an X.509 encoded
/// certificate, the open operation fails and a call to the GetLastError function will return ERROR_ACCESS_DENIED. If the
/// CERT_FILE_STORE_COMMIT_ENABLE flag is set in dwFlags, the dwCreationDisposition value passed to CreateFile is as follows: If
/// dwFlags includes CERT_FILE_STORE_COMMIT_ENABLE, the file is committed as either a PKCS #7 or a serialized store depending on the
/// file type opened. If the file was empty or if the file name has either a .p7c or .spc extension, the file is committed as a PKCS
/// #7. Otherwise, the file is committed as a serialized store. pvPara value: The pvPara parameter must contain a pointer to
/// null-terminated ANSI string that contains the name of an existing, unopened file.
///
///
/// -
/// CERT_STORE_PROV_FILENAME(_W) sz_CERT_STORE_PROV_FILENAME(_W)
///
/// Same as CERT_STORE_PROV_FILENAME_A. pvPara value: The pvPara parameter must contain a pointer to null-terminated Unicode string
/// that contains the name of an existing, unopened file.
///
///
/// -
/// CERT_STORE_PROV_LDAP(_W) sz_CERT_STORE_PROV_LDAP(_W)
///
/// Initializes the store with certificates, CRLs, and CTLs from the results of an LDAP query. To perform write operations on the
/// store, the query string must specify a BASE query with no filter and a single attribute. pvPara value: If the dwFlags parameter
/// contains CERT_LDAP_STORE_OPENED_FLAG, set pvPara to the address of a CERT_LDAP_STORE_OPENED_PARA structure that specifies the
/// established LDAP session to use. Otherwise, set pvPara to point to a null-terminated Unicode string that contains the LDAP query
/// string. For more information about LDAP query strings, see LDAP Dialect.
///
///
/// -
/// CERT_STORE_PROV_MEMORY sz_CERT_STORE_PROV_MEMORY
///
/// Creates a certificate store in cached memory. No certificates, certificate revocation lists (CRLs), or certificate trust lists
/// (CTLs) are initially loaded into the store. Typically used to create a temporary store. Any addition of certificates, CRLs, or
/// CTLs or changes in properties of certificates, CRLs, or CTLs in a memory store are not automatically saved. They can be saved to
/// a file or to a memory BLOB by using CertSaveStore. pvPara value: The pvPara parameter is not used.
///
///
/// -
/// CERT_STORE_PROV_MSG
///
/// Initializes the store with certificates, CRLs, and CTLs from the specified cryptographic message. The dwEncodingType parameter
/// must contain the encoding types used with both messages and certificates. pvPara value: The pvPara parameter contains an
/// HCRYPTMSG handle of the encoded message, returned by a call to CryptMsgOpenToDecode.
///
///
/// -
/// CERT_STORE_PROV_PHYSICAL(_W) sz_CERT_STORE_PROV_PHYSICAL(_W)
///
/// Initializes the store with certificates, CRLs, and CTLs from a specified physical store that is a member of a logical system
/// store. Two names are separated with an intervening backslash (), for example "Root.Default". Here, "Root" is the name of the
/// system store and ".Default" is the name of the physical store. The system and physical store names cannot contain any
/// backslashes. The high word of dwFlags indicates the system store location, usually CERT_SYSTEM_STORE_CURRENT_USER. For more
/// information, see dwFlags later in this topic and see System Store Locations. Some physical store locations can be opened
/// remotely. pvPara value: The pvPara parameter points to a null-terminated Unicode string that contains both the system store name
/// and physical names.
///
///
/// -
/// CERT_STORE_PROV_PKCS7 sz_CERT_STORE_PROV_PKCS7
///
/// Initializes the store with certificates, CRLs, and CTLs from an encoded PKCS #7 signed message. The dwEncodingType parameter
/// must specify the encoding types to be used with both messages and certificates. pvPara value: The pvPara parameter points to a
/// CRYPT_DATA_BLOB structure that represents the encoded message.
///
///
/// -
/// CERT_STORE_PROV_PKCS12 sz_CERT_STORE_PROV_PKCS12
///
/// Initializes the store with the contents of a PKCS #12 packet. If the PKCS #12 packet is protected with a NULL or empty password,
/// this function will succeed in opening the store. Beginning with Windows 8 and Windows Server 2012, if the password embedded in
/// the PFX packet was protected to an Active Directory (AD) principal and the current user, as a member of that principal, has
/// permission to decrypt the password, this function will succeed in opening the store. For more information, see the pvPara
/// parameter and the PKCS12_PROTECT_TO_DOMAIN_SIDS flag of the PFXExportCertStoreEx function. You can protect PFX passwords to an
/// AD principal beginning in Windows 8 and Windows Server 2012. pvPara value: The pvPara parameter points to a CRYPT_DATA_BLOB
/// structure that represents the PKCS #12 packet.
///
///
/// -
/// CERT_STORE_PROV_REG
///
/// Initializes the store with certificates, CRLs, and CTLs from a registry subkey. This provider opens or creates the registry
/// subkeys Certificates, CRLs, and CTLs under the key passed in pvPara. The input key is not closed by the provider. Before
/// returning, the provider opens its own copy of the key passed in pvPara. If CERT_STORE_READONLY_FLAG is set in the low word of
/// dwFlags, registry subkeys are opened by using the RegOpenKey with KEY_READ_ACCESS. Otherwise, registry subkeys are created by
/// using RegCreateKey with KEY_ALL_ACCESS. Any changes to the contents of the opened store are immediately persisted to the
/// registry. However, if CERT_STORE_READONLY_FLAG is set in the low word of dwFlags, any attempt to add to the contents of the
/// store or to change a context's property results in an error with GetLastError returning the E_ACCESSDENIED code. pvPara value:
/// The pvPara parameter contains the handle of an open registry key.
///
///
/// -
/// CERT_STORE_PROV_SERIALIZED sz_CERT_STORE_PROV_SERIALIZED
///
/// Initializes the store with certificates, CRLs, and CTLs from a memory location that contains a serialized store. pvPara value:
/// The pvPara parameter points to a CRYPT_DATA_BLOB structure that contains the serialized memory BLOB.
///
///
/// -
/// CERT_STORE_PROV_SMART_CARD(_W) sz_CERT_STORE_PROV_SMART_CARD(_W)
/// Not currently used.
///
/// -
/// CERT_STORE_PROV_SYSTEM_A
///
/// Initializes the store with certificates, CRLs, and CTLs from the specified system store. The system store is a logical,
/// collection store that consists of one or more physical stores. A physical store associated with a system store is registered
/// with the CertRegisterPhysicalStore function. After the system store is opened, all of the physical stores that are associated
/// with it are also opened by calls to CertOpenStore and are added to the system store collection by using the
/// CertAddStoreToCollection function. The high word of dwFlags indicates the system store location, usually set to
/// CERT_SYSTEM_STORE_CURRENT_USER. For details about registry locations, see dwFlags later in this topic and System Store
/// Locations. Some system store locations can be opened remotely; for more information, see System Store Locations. pvPara value:
/// The pvPara parameter points to a null-terminated ANSI string that contains a system store name, such as "My" or "Root".
///
///
/// -
/// CERT_STORE_PROV_SYSTEM(_W) sz_CERT_STORE_PROV_SYSTEM(_W)
///
/// Same as CERT_STORE_PROV_SYSTEM_A. pvPara value: The pvPara parameter points to a null-terminated Unicode string that contains a
/// system store name, such as "My" or "Root".
///
///
/// -
/// CERT_STORE_PROV_SYSTEM_REGISTRY_A
///
/// Initializes the store with certificates, CRLs, and CTLs from a physical registry store. The physical store is not opened as a
/// collection store. Enumerations and searches go through only the certificates, CRLs, and CTLs in that one physical store. The
/// high word of dwFlags indicates the system store location, usually set to CERT_SYSTEM_STORE_CURRENT_USER. For more information,
/// see dwFlags later in this topic. Some system store locations can be open remotely; for more information, see System Store
/// Locations. pvPara value: The pvPara parameter points to a null-terminated ANSI string that contains a system store name, such as
/// "My" or "Root".
///
///
/// -
/// CERT_STORE_PROV_SYSTEM_REGISTRY(_W) sz_CERT_STORE_PROV_SYSTEM_REGISTRY(_W)
///
/// Same as CERT_STORE_PROV_SYSTEM_REGISTRY_A. pvPara value: The pvPara parameter points to a null-terminated Unicode string that
/// contains a system store name, such as "My" or "Root".
///
///
///
///
///
///
/// Specifies the certificate encoding type and message encoding type. Encoding is used only when the dwSaveAs parameter of the
/// CertSaveStore function contains CERT_STORE_SAVE_AS_PKCS7. Otherwise, the dwMsgAndCertEncodingType parameter is not used.
///
///
/// This parameter is only applicable when the CERT_STORE_PROV_MSG, CERT_STORE_PROV_PKCS7, or
/// CERT_STORE_PROV_FILENAME provider type is specified in the lpszStoreProvider parameter. For all other provider types,
/// this parameter is unused and should be set to zero.
///
/// This parameter can be a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS #7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle to a cryptographic provider. Passing NULL for this parameter causes
/// an appropriate, default provider to be used. Using the default provider is recommended. The default or specified cryptographic
/// provider is used for all store functions that verify the signature of a subject certificate or CRL.This parameter's data type is HCRYPTPROV.
///
///
///
/// These values consist of high-word and low-word values combined by using a bitwise- OR operation.
///
/// The low-word portion of dwFlags controls a variety of general characteristics of the certificate store opened. This portion can
/// be used with all store provider types. The low-word portion of dwFlags can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_BACKUP_RESTORE_FLAG
///
/// Use the thread's SE_BACKUP_NAME and SE_RESTORE_NAME privileges to open registry or file-based system stores. If the thread does
/// not have these privileges, this function must fail with an access denied error.
///
///
/// -
/// CERT_STORE_CREATE_NEW_FLAG
///
/// A new store is created if one did not exist. The function fails if the store already exists. If neither
/// CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is set, a store is opened if it exists or is created and opened if
/// it did not already exist.
///
///
/// -
/// CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG
///
/// Defer closing of the store's provider until all certificates, CRLs, or CTLs obtained from the store are no longer in use. The
/// store is actually closed when the last certificate, CRL, or CTL obtained from the store is freed. Any changes made to properties
/// of these certificates, CRLs, and CTLs, even after the call to CertCloseStore, are persisted. If this flag is not set and
/// certificates, CRLs, or CTLs obtained from the store are still in use, any changes to the properties of those certificates, CRLs,
/// and CTLs will not be persisted. If this function is called with CERT_CLOSE_STORE_FORCE_FLAG,
/// CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG is ignored. When this flag is set and a non-NULL hCryptProv parameter value is
/// passed, that provider will continue to be used even after the call to this function.
///
///
/// -
/// CERT_STORE_DELETE_FLAG
///
/// The store is deleted instead of being opened. This function returns NULL for both success and failure of the deletion. To
/// determine the success of the deletion, call GetLastError, which returns zero if the store was deleted and a nonzero value if it
/// was not deleted.
///
///
/// -
/// CERT_STORE_ENUM_ARCHIVED_FLAG
///
/// Normally, an enumeration of all certificates in the store will ignore any certificate with the CERT_ARCHIVED_PROP_ID property
/// set. If this flag is set, an enumeration of the certificates in the store will contain all of the certificates in the store,
/// including those that have the CERT_ARCHIVED_PROP_ID property.
///
///
/// -
/// CERT_STORE_MAXIMUM_ALLOWED_FLAG
///
/// Open the store with the maximum set of allowed permissions. If this flag is specified, registry stores are first opened with
/// write access and if that fails, they are reopened with read-only access.
///
///
/// -
/// CERT_STORE_NO_CRYPT_RELEASE_FLAG
///
/// This flag is not used when the hCryptProv parameter is NULL. This flag is only valid when a non-NULL CSP handle is passed as the
/// hCryptProv parameter. Setting this flag prevents the automatic release of a nondefault CSP when the certificate store is closed.
///
///
/// -
/// CERT_STORE_OPEN_EXISTING_FLAG
/// Only open an existing store. If the store does not exist, the function fails.
///
/// -
/// CERT_STORE_READONLY_FLAG
///
/// Open the store in read-only mode. Any attempt to change the contents of the store will result in an error. When this flag is set
/// and a registry based store provider is being used, the registry subkeys are opened by using RegOpenKey with KEY_READ_ACCESS.
/// Otherwise, the registry subkeys are created by using RegCreateKey with KEY_ALL_ACCESS.
///
///
/// -
/// CERT_STORE_SET_LOCALIZED_NAME_FLAG
///
/// If this flag is supported, the provider sets the store's CERT_STORE_LOCALIZED_NAME_PROP_ID property. The localized name can be
/// retrieved by calling the CertGetStoreProperty function with dwPropID set to CERT_STORE_LOCALIZED_NAME_PROP_ID. This flag is
/// supported for providers of types CERT_STORE_PROV_FILENAME, CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL_W.
///
///
/// -
/// CERT_STORE_SHARE_CONTEXT_FLAG
///
/// When opening a store multiple times, you can set this flag to ensure efficient memory usage by reusing the memory for the
/// encoded parts of a certificate, CRL, or CTL context across the opened instances of the stores.
///
///
/// -
/// CERT_STORE_UPDATE_KEYID_FLAG
///
/// Lists of key identifiers exist within CurrentUser and LocalMachine. These key identifiers have properties much like the
/// properties of certificates. If the CERT_STORE_UPDATE_KEYID_FLAG is set, then for every key identifier in the store's location
/// that has a CERT_KEY_PROV_INFO_PROP_ID property, that property is automatically updated from the key identifier property
/// CERT_KEY_PROV_INFO_PROP_ID or the CERT_KEY_IDENTIFIER_PROP_ID of the certificate related to that key identifier.
///
///
///
///
/// The CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL provider types
/// use the following high words of dwFlags to specify system store registry locations:
///
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
/// CERT_SYSTEM_STORE_CURRENT_USER
/// CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
/// CERT_SYSTEM_STORE_SERVICES
/// CERT_SYSTEM_STORE_USERS
///
/// By default, a system store location is opened relative to the HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or
/// HKEY_USERS predefined registry key. For more information, see System Store Locations.
///
/// The following high-word flags override this default behavior.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// When set, pvPara must contain a pointer to a CERT_SYSTEM_STORE_RELOCATE_PARA structure rather than a string. The structure
/// indicates both the name of the store and its location in the registry.
///
///
/// -
/// CERT_SYSTEM_STORE_UNPROTECTED_FLAG
///
/// By default, when the CurrentUser "Root" store is opened, any SystemRegistry roots not on the protected root list are deleted
/// from the cache before this function returns. When this flag is set, this default is overridden and all of the roots in the
/// SystemRegistry are returned and no check of the protected root list is made.
///
///
///
/// The CERT_STORE_PROV_REGISTRY provider uses the following high-word flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_REGISTRY_STORE_REMOTE_FLAG
///
/// pvPara contains a handle to a registry key on a remote computer. To access a registry key on a remote computer, security
/// permissions on the remote computer must be set to allow access. For more information, see Remarks.
///
///
/// -
/// CERT_REGISTRY_STORE_SERIALIZED_FLAG
///
/// The CERT_STORE_PROV_REG provider saves certificates, CRLs, and CTLs in a single serialized store subkey instead of performing
/// the default save operation. The default is that each certificate, CRL, or CTL is saved as a separate registry subkey under the
/// appropriate subkey. This flag is mainly used for stores downloaded from the group policy template (GPT), such as the
/// CurrentUserGroupPolicy and LocalMachineGroupPolicy stores. When CERT_REGISTRY_STORE_SERIALIZED_FLAG is set, store additions,
/// deletions, or property changes are not persisted until there is a call to either CertCloseStore or CertControlStore using CERT_STORE_CTRL_COMMIT.
///
///
///
/// The CERT_STORE_PROV_FILE and CERT_STORE_PROV_FILENAME provider types use the following high-word flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_FILE_STORE_COMMIT_ENABLE
///
/// Setting this flag commits any additions to the store or any changes made to properties of contexts in the store to the file
/// store either when CertCloseStore is called or when CertControlStore is called with CERT_STORE_CONTROL_COMMIT. CertOpenStore
/// fails with E_INVALIDARG if both CERT_FILE_STORE_COMMIT_ENABLE and CERT_STORE_READONLY_FLAG are set in dwFlags.
///
///
///
/// The CERT_STORE_PROV_LDAP provider type uses the following high-word flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_LDAP_STORE_AREC_EXCLUSIVE_FLAG
///
/// Performs an A-Record-only DNS lookup on the URL named in the pvPara parameter. This prevents false DNS queries from being
/// generated when resolving URL host names. Use this flag when passing a host name as opposed to a domain name for the pvPara parameter.
///
///
/// -
/// CERT_LDAP_STORE_OPENED_FLAG
///
/// Use this flag to use an existing LDAP session. When this flag is specified, the pvPara parameter is the address of a
/// CERT_LDAP_STORE_OPENED_PARA structure that contains information about the LDAP session to use.
///
///
/// -
/// CERT_LDAP_STORE_SIGN_FLAG
///
/// To provide integrity required by some applications, digitally sign all LDAP traffic to and from an LDAP server by using the
/// Kerberos authentication protocol.
///
///
/// -
/// CERT_LDAP_STORE_UNBIND_FLAG
///
/// Use this flag with the CERT_LDAP_STORE_OPENED_FLAG flag to cause the LDAP session to be unbound when the store is closed. The
/// system will unbind the LDAP session by using the ldap_unbind function when the store is closed.
///
///
///
///
///
/// A 32-bit value that can contain additional information for this function. The contents of this parameter depends on the value of
/// the lpszStoreProvider and other parameters.
///
///
///
/// If the function succeeds, the function returns a handle to the certificate store. When you have finished using the store,
/// release the handle by calling the CertCloseStore function.
///
/// If the function fails, it returns NULL. For extended error information, call GetLastError.
///
/// Note CreateFile, ReadFile, or registry errors might be propagated and their error codes returned. CertOpenStore
/// has a single error code of its own, the ERROR_FILE_NOT_FOUND code, which indicates that the function was unable to find the
/// provider specified by the lpszStoreProvider parameter.
///
///
///
///
/// A system store is a collection that consists of one or more physical sibling stores. For each system store, there are predefined
/// physical sibling stores. After opening a system store such as "My" at CERT_SYSTEM_STORE_CURRENT_USER, CertOpenStore is
/// called to open all of the physical stores in the system store collection. Each of these physical stores is added to the system
/// store collection by using the CertAddStoreToCollection function. All certificates, CRLs, and CTLs in those physical stores are
/// available through the logical system store collection.
///
///
/// Note The order of the certificate context may not be preserved within the store. To access a specific certificate you
/// must iterate across the certificates in the store.
///
/// The following system store locations can be opened remotely:
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
///
/// -
/// CERT_SYSTEM_STORE_USERS
///
///
///
/// System store locations are opened remotely by prefixing the store name in the string passed to pvPara with the computer name.
/// Examples of remote system store names are:
///
///
/// -
/// ComputerName\CA
///
/// -
/// \\ComputerName\CA
///
/// -
/// ComputerName\ServiceName\Trust
///
/// -
/// \\ComputerName\ServiceName\Trust
///
///
/// For more information about system stores, see System Store Locations.
/// For more information about the stores that are automatically migrated, see Certificate Store Migration.
/// Examples
///
/// The following example shows opening several certificate stores of different store provider types. The example uses the
/// CreateMyDACL function, defined in the Creating a DACL topic, to ensure the open file is created with a proper DACL. For
/// more examples of opening other store provider types, see Example C Code for Opening Certificate Stores.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore HCERTSTORE CertOpenStore( LPCSTR
// lpszStoreProvider, DWORD dwEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "4edccbfe-c0a8-442b-b6b7-51ef598e7c90")]
public static extern SafeHCERTSTORE CertOpenStore([In] SafeOID lpszStoreProvider, CertEncodingType dwEncodingType, [Optional] HCRYPTPROV hCryptProv, CertStoreFlags dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pvPara);
///
/// The CertOpenSystemStore function is a simplified function that opens the most common system certificate store. To open
/// certificate stores with more complex requirements, such as file-based or memory-based stores, use CertOpenStore.
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle of a cryptographic service provider (CSP). Set hProv to NULL to use
/// the default CSP. If hProv is not NULL, it must be a CSP handle created by using the CryptAcquireContext function.This
/// parameter's data type is HCRYPTPROV.
///
///
///
///
/// A string that names a system store. If the system store name provided in this parameter is not the name of an existing system
/// store, a new system store will be created and used. CertEnumSystemStore can be used to list the names of existing system stores.
/// Some example system stores are listed in the following table.
///
///
///
/// Value
/// Meaning
///
/// -
/// CA
/// Certification authority certificates.
///
/// -
/// MY
/// A certificate store that holds certificates with associated private keys.
///
/// -
/// ROOT
/// Root certificates.
///
/// -
/// SPC
/// Software Publisher Certificate.
///
///
///
///
/// If the function succeeds, the function returns a handle to the certificate store.
/// If the function fails, it returns NULL. For extended error information, call GetLastError.
/// Note Errors from the called function CertOpenStore are propagated to this function.
///
///
/// Only current user certificates are accessible using this method, not the local machine store.
/// After the system store is opened, all the standard certificate store functions can be used to manipulate the certificates.
/// After use, the store should be closed by using CertCloseStore.
/// For more information about the stores that are automatically migrated, see Certificate Store Migration.
/// Examples
///
/// The following example shows a simplified method for opening the most common system certificate stores. For another example that
/// uses this function, see Example C Program: Certificate Store Operations.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopensystemstorea HCERTSTORE CertOpenSystemStoreA(
// HCRYPTPROV_LEGACY hProv, LPCSTR szSubsystemProtocol );
[DllImport(Lib.Crypt32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "23699439-1a6c-4907-93fa-651024856be7")]
public static extern SafeHCERTSTORE CertOpenSystemStore([Optional] IntPtr hProv, string szSubsystemProtocol);
/// The CertRegisterPhysicalStore function adds a physical store to a registry system store collection.
///
/// The system store collection to which the physical store is added. This parameter points either to a null-terminated
/// Unicode string or to a CERT_SYSTEM_STORE_RELOCATE_PARA structure. For information about using the structure and on adding a
/// ServiceName or ComputerName before the system store name string, see CertRegisterSystemStore.
///
///
///
/// The high word of the dwFlags parameter specifies the location of the system store. For information about defined high-word flags
/// and appending ServiceName, UserNames, and ComputerNames to the end of the system store name, see CertRegisterSystemStore.
///
/// The following low-word flags are also defined and can be combined with high-word flags using a bitwise- OR operation.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default registry location and the pvSystemStore parameter must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_CREATE_NEW_FLAG
/// The function fails if the physical store already exists in the store location.
///
///
///
///
/// A pointer to a Unicode string that names the physical store to be added to the system store collection. To remove a physical
/// store from the system store collection, call the CertUnregisterPhysicalStore function.
///
///
/// A pointer to a CERT_PHYSICAL_STORE_INFO structure that provides basic information about the physical store.
///
/// Reserved for future use and must be set to NULL.
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certregisterphysicalstore BOOL CertRegisterPhysicalStore(
// const void *pvSystemStore, DWORD dwFlags, LPCWSTR pwszStoreName, PCERT_PHYSICAL_STORE_INFO pStoreInfo, void *pvReserved );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e301c76d-cacd-441a-b925-754b07e4bfa9")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRegisterPhysicalStore([MarshalAs(UnmanagedType.LPWStr)] string pvSystemStore, uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pwszStoreName, in CERT_PHYSICAL_STORE_INFO pStoreInfo, IntPtr pvReserved = default);
/// The CertRegisterPhysicalStore function adds a physical store to a registry system store collection.
///
/// The system store collection to which the physical store is added. This parameter points either to a null-terminated
/// Unicode string or to a CERT_SYSTEM_STORE_RELOCATE_PARA structure. For information about using the structure and on adding a
/// ServiceName or ComputerName before the system store name string, see CertRegisterSystemStore.
///
///
///
/// The high word of the dwFlags parameter specifies the location of the system store. For information about defined high-word flags
/// and appending ServiceName, UserNames, and ComputerNames to the end of the system store name, see CertRegisterSystemStore.
///
/// The following low-word flags are also defined and can be combined with high-word flags using a bitwise- OR operation.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default registry location and the pvSystemStore parameter must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_CREATE_NEW_FLAG
/// The function fails if the physical store already exists in the store location.
///
///
///
///
/// A pointer to a Unicode string that names the physical store to be added to the system store collection. To remove a physical
/// store from the system store collection, call the CertUnregisterPhysicalStore function.
///
///
/// A pointer to a CERT_PHYSICAL_STORE_INFO structure that provides basic information about the physical store.
///
/// Reserved for future use and must be set to NULL.
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certregisterphysicalstore BOOL CertRegisterPhysicalStore(
// const void *pvSystemStore, DWORD dwFlags, LPCWSTR pwszStoreName, PCERT_PHYSICAL_STORE_INFO pStoreInfo, void *pvReserved );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e301c76d-cacd-441a-b925-754b07e4bfa9")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRegisterPhysicalStore(in CERT_SYSTEM_STORE_RELOCATE_PARA pvSystemStore, uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pwszStoreName, in CERT_PHYSICAL_STORE_INFO pStoreInfo, IntPtr pvReserved = default);
/// The CertRegisterSystemStore function registers a system store.
///
///
/// Identifies the system store to be registered. If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in the dwFlags parameter, pvSystemStore
/// points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure. Otherwise, it points to a null-terminated Unicode string that
/// names the system store.
///
///
/// With appropriate settings in dwFlags, the identified store can be a system store on a remote local computer. Stores on remote
/// computers can be registered with the computer name as a prefix to the name of the system store. For example, a remote local
/// computer store can be registered with pvSystemStore pointing to the string "\ComputerName\Trust" or "ComputerName\Trust".
///
/// Leading "\" backslashes are optional before a ComputerName.
///
///
/// The high word of the dwFlags parameter is used to specify the location of the system store.
/// The following high-word values are defined.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
/// pvSystemStore can be a system store name that is prefixed with the ServiceName.
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
/// pvSystemStore can be a system store name that is prefixed with the UserName.
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
/// pvSystemStore can be a system store that is on a remote computer.
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
/// pvSystemStore is a group policy store and can be on a remote computer.
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
/// pvSystemStore must be a system store name prefixed with the ServiceName.
///
/// -
/// CERT_SYSTEM_STORE_USERS
/// pvSystemStore must be a system store name that is prefixed with the UserName.
///
///
///
/// Stores on remote computers can be registered for CERT_SYSTEM_STORE_LOCAL_MACHINE, CERT_SYSTEM_STORE_SERVICES,
/// CERT_SYSTEM_STORE_USERS, or CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY.
///
///
/// The following low-word values are also defined and can be combined using a bitwise- OR operation with high-word values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default register location and pvSystemStore must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_CREATE_NEW_FLAG
/// The function fails if the system store already exists in the store location.
///
///
///
/// Reserved for future use and must be set to NULL.
/// Reserved for future use and must be set to NULL.
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero.
///
///
/// To unregister a system store that has been registered by this function, call CertUnregisterSystemStore.
/// Examples
///
/// The following example shows adding a system store to a registry system store collection. For an example that includes the
/// complete context for this example, see Example C Program: Listing System and Physical Stores.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certregistersystemstore BOOL CertRegisterSystemStore(
// const void *pvSystemStore, DWORD dwFlags, PCERT_SYSTEM_STORE_INFO pStoreInfo, void *pvReserved );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b6f72826-92ab-4e21-8db9-eb053663148b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRegisterSystemStore([MarshalAs(UnmanagedType.LPWStr)] string pvSystemStore, uint dwFlags, in CERT_SYSTEM_STORE_INFO pStoreInfo, IntPtr pvReserved = default);
/// The CertRegisterSystemStore function registers a system store.
///
///
/// Identifies the system store to be registered. If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in the dwFlags parameter, pvSystemStore
/// points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure. Otherwise, it points to a null-terminated Unicode string that
/// names the system store.
///
///
/// With appropriate settings in dwFlags, the identified store can be a system store on a remote local computer. Stores on remote
/// computers can be registered with the computer name as a prefix to the name of the system store. For example, a remote local
/// computer store can be registered with pvSystemStore pointing to the string "\ComputerName\Trust" or "ComputerName\Trust".
///
/// Leading "\" backslashes are optional before a ComputerName.
///
///
/// The high word of the dwFlags parameter is used to specify the location of the system store.
/// The following high-word values are defined.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_SERVICE
/// pvSystemStore can be a system store name that is prefixed with the ServiceName.
///
/// -
/// CERT_SYSTEM_STORE_CURRENT_USER
/// pvSystemStore can be a system store name that is prefixed with the UserName.
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE
/// pvSystemStore can be a system store that is on a remote computer.
///
/// -
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
/// pvSystemStore is a group policy store and can be on a remote computer.
///
/// -
/// CERT_SYSTEM_STORE_SERVICES
/// pvSystemStore must be a system store name prefixed with the ServiceName.
///
/// -
/// CERT_SYSTEM_STORE_USERS
/// pvSystemStore must be a system store name that is prefixed with the UserName.
///
///
///
/// Stores on remote computers can be registered for CERT_SYSTEM_STORE_LOCAL_MACHINE, CERT_SYSTEM_STORE_SERVICES,
/// CERT_SYSTEM_STORE_USERS, or CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY.
///
///
/// The following low-word values are also defined and can be combined using a bitwise- OR operation with high-word values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default register location and pvSystemStore must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_CREATE_NEW_FLAG
/// The function fails if the system store already exists in the store location.
///
///
///
/// Reserved for future use and must be set to NULL.
/// Reserved for future use and must be set to NULL.
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero.
///
///
/// To unregister a system store that has been registered by this function, call CertUnregisterSystemStore.
/// Examples
///
/// The following example shows adding a system store to a registry system store collection. For an example that includes the
/// complete context for this example, see Example C Program: Listing System and Physical Stores.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certregistersystemstore BOOL CertRegisterSystemStore(
// const void *pvSystemStore, DWORD dwFlags, PCERT_SYSTEM_STORE_INFO pStoreInfo, void *pvReserved );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b6f72826-92ab-4e21-8db9-eb053663148b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRegisterSystemStore(in CERT_SYSTEM_STORE_RELOCATE_PARA pvSystemStore, uint dwFlags, in CERT_SYSTEM_STORE_INFO pStoreInfo, IntPtr pvReserved = default);
/// The CertRemoveStoreFromCollection function removes a sibling certificate store from a collection store.
/// A handle of the collection certificate store.
/// Handle of the sibling certificate store to be removed from the collection store.
/// This function does not return a value.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certremovestorefromcollection void
// CertRemoveStoreFromCollection( HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e1564848-8b39-4ea9-9148-142ceaaaed15")]
public static extern void CertRemoveStoreFromCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore);
/// The CertSaveStore function saves the certificate store to a file or to a memory BLOB.
/// The handle of the certificate store to be saved.
///
///
/// Specifies the certificate encoding type and message encoding type. Encoding is used only when dwSaveAs contains
/// CERT_STORE_SAVE_AS_PKCS7. Otherwise, the dwMsgAndCertEncodingType parameter is not used.
///
/// This parameter can be a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
/// Specifies how to save the certificate store.
/// This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_SAVE_AS_PKCS7 2
///
/// The certificate store can be saved as a PKCS #7 signed message that does not include additional properties. The dwEncodingType
/// parameter specifies the message encoding type.
///
///
/// -
/// CERT_STORE_SAVE_AS_STORE 1
///
/// The certificate store can be saved as a serialized store containing properties in addition to encoded certificates, certificate
/// revocation lists (CRLs), and certificate trust lists (CTLs). The dwEncodingType parameter is ignored.
///
///
///
///
///
///
/// Specifies where and how to save the certificate store. The contents of this parameter determines the format of the pvSaveToPara parameter.
///
/// This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_STORE_SAVE_TO_FILE 1
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a handle to a file previously obtained
/// by using the CreateFile function. The file must be opened with write permission. After a successful save operation, the file
/// pointer is positioned after the last write operation.
///
///
/// -
/// CERT_STORE_SAVE_TO_FILENAME 4
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a pointer to a null-terminated Unicode
/// string that contains the path and file name of the file to save to. The function opens the file, saves to it, and closes it.
///
///
/// -
/// CERT_STORE_SAVE_TO_FILENAME_A 3
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a pointer to a null-terminated ANSI
/// string that contains the path and file name of the file to save to. The function opens the file, saves to it, and closes it.
///
///
/// -
/// CERT_STORE_SAVE_TO_FILENAME_W 4
///
/// The function saves the certificate store to a file. The pvSaveToPara parameter contains a pointer to a null-terminated Unicode
/// string that contains the path and file name of the file to save to. The function opens the file, saves to it, and closes it.
///
///
/// -
/// CERT_STORE_SAVE_TO_MEMORY 2
///
/// The function saves the certificate store to a memory BLOB. The pvSaveToPara parameter contains a pointer to a CERT_BLOB
/// structure. Before use, the CERT_BLOB's pbData and cbData members must be initialized. Upon return, cbData is updated with the
/// actual length. For a length-only calculation, pbData must be set to NULL. If pbData is non-NULL and cbData is not large enough,
/// the function returns zero with a last error code of ERROR_MORE_DATA.
///
///
///
///
///
/// A pointer that represents where the store should be saved to. The contents of this parameter depends on the value of the
/// dwSaveTo parameter.
///
/// This parameter is reserved for future use and must be set to zero.
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError.
///
/// Note that CreateFile or WriteFile errors can be propagated to this function. One possible error code is
/// CRYPT_E_FILE_ERROR which indicates that an error occurred while writing to the file.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certsavestore BOOL CertSaveStore( HCERTSTORE hCertStore,
// DWORD dwEncodingType, DWORD dwSaveAs, DWORD dwSaveTo, void *pvSaveToPara, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "5cc818d7-b079-4962-aabc-fc512d4e92ac")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertSaveStore(HCERTSTORE hCertStore, CertEncodingType dwEncodingType, CertStoreSaveAs dwSaveAs, CertStoreSaveTo dwSaveTo, IntPtr pvSaveToPara, uint dwFlags = 0);
/// The CertSetStoreProperty function sets a store property.
/// Handle for the certificate store.
///
/// Indicates one of a range of store properties. Values for user-defined properties must be outside the current range of predefined
/// context property values. Currently, user-defined dwPropId values begin at 4,096. There is one predefined store property,
/// CERT_STORE_LOCALIZED_NAME_PROP_ID, the localized name of the store.
///
/// Reserved for future use and must be zero.
///
///
/// The type definition for pvData depends on the dwPropId value. If dwPropId is CERT_STORE_LOCALIZED_NAME_PROP_ID, pvData points to
/// a CRYPT_DATA_BLOB structure. The pbData member of that structure is a pointer to a null-terminated Unicode
/// character string. The cbData member of that structure is a DWORD value holding the length of the string.
///
/// For user-defined dwPropId values, pvData is a pointer to an encoded CRYPT_DATA_BLOB.
/// If a value already exists for the selected property, the old value is replaced.
/// Calling this function with pvData set to NULL deletes a property.
///
///
/// If the function succeeds, the return value is TRUE.
/// If the function fails, the return value is FALSE.
///
///
///
/// Store property identifiers are properties applicable to an entire store. They are not properties for an individual certificate,
/// CRL, or CTL context. Currently, no store properties are persisted.
///
/// Examples
/// The following example shows setting the localized name property of an open certificate store.
/// For another example that uses this function, see Example C Program: Setting and Getting Certificate Store Properties.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certsetstoreproperty BOOL CertSetStoreProperty(
// HCERTSTORE hCertStore, DWORD dwPropId, DWORD dwFlags, const void *pvData );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e043486d-9a6e-46c0-b258-6f8d463bf6fe")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertSetStoreProperty(HCERTSTORE hCertStore, uint dwPropId, [Optional] uint dwFlags, [Optional] IntPtr pvData);
///
/// The CertUnregisterPhysicalStore function removes a physical store from a specified system store collection.
/// CertUnregisterPhysicalStore can also be used to delete the physical store.
///
///
/// A pointer to an identifier of the system store collection from which the physical store is to be removed. It is either to a
/// null-terminated Unicode string or to a CERT_SYSTEM_STORE_RELOCATE_PARA structure. For information about using the structure and
/// on appending a ServiceName or ComputerName to the end of the system store name string, see CertRegisterSystemStore.
///
///
///
/// The high word of the dwFlags parameter specifies the location of the system store. For information about defined high-word flags
/// and on appending ServiceName, UserNames, and ComputerNames to the end of the system store name, see CertRegisterSystemStore.
///
///
/// The following low-word values are also defined. They can be combined using bitwise- OR operations with high-word values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default registry location and pvSystemStore must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_DELETE_FLAG
/// The physical store is first removed from the system store collection and is then deleted.
///
///
///
/// Null-terminated Unicode string that contains the name of the physical store.
///
/// If the function succeeds, the return value is TRUE.
/// If the function fails, the return value is FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certunregisterphysicalstore BOOL
// CertUnregisterPhysicalStore( const void *pvSystemStore, DWORD dwFlags, LPCWSTR pwszStoreName );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "06480a2f-5a94-4cf5-9774-ceb9499e1d44")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertUnregisterPhysicalStore([MarshalAs(UnmanagedType.LPWStr)] string pvSystemStore, CertStoreFlags dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pwszStoreName);
///
/// The CertUnregisterPhysicalStore function removes a physical store from a specified system store collection.
/// CertUnregisterPhysicalStore can also be used to delete the physical store.
///
///
/// A pointer to an identifier of the system store collection from which the physical store is to be removed. It is either to a
/// null-terminated Unicode string or to a CERT_SYSTEM_STORE_RELOCATE_PARA structure. For information about using the structure and
/// on appending a ServiceName or ComputerName to the end of the system store name string, see CertRegisterSystemStore.
///
///
///
/// The high word of the dwFlags parameter specifies the location of the system store. For information about defined high-word flags
/// and on appending ServiceName, UserNames, and ComputerNames to the end of the system store name, see CertRegisterSystemStore.
///
///
/// The following low-word values are also defined. They can be combined using bitwise- OR operations with high-word values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default registry location and pvSystemStore must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_DELETE_FLAG
/// The physical store is first removed from the system store collection and is then deleted.
///
///
///
/// Null-terminated Unicode string that contains the name of the physical store.
///
/// If the function succeeds, the return value is TRUE.
/// If the function fails, the return value is FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certunregisterphysicalstore BOOL
// CertUnregisterPhysicalStore( const void *pvSystemStore, DWORD dwFlags, LPCWSTR pwszStoreName );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "06480a2f-5a94-4cf5-9774-ceb9499e1d44")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertUnregisterPhysicalStore(in CERT_SYSTEM_STORE_RELOCATE_PARA pvSystemStore, CertStoreFlags dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pwszStoreName);
/// The CertUnregisterSystemStore function unregisters a specified system store.
///
/// Identifies the system store to be unregistered. It points either to a null-terminated Unicode string or to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure. For information about using the structure and on appending a ServiceName or
/// ComputerName to the end of the system store name string, see CertRegisterSystemStore.
///
///
///
/// The high word of the dwFlags parameter specifies the location of the system store. For information about defined high-word flags
/// and on appending ServiceName, UserNames, and ComputerNames to the end of the system store name, see CertRegisterSystemStore.
///
/// The following low-word values are also defined and can be combined with high-word values using a bitwise- OR operation.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default registry location and pvSystemStore must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_DELETE_FLAG
/// The system store is deleted after it has been unregistered.
///
///
///
///
/// If the function succeeds, the return value is TRUE.
/// If the function fails, the return value is FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certunregistersystemstore BOOL CertUnregisterSystemStore(
// const void *pvSystemStore, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "958e4185-4c37-450c-abfc-91b95593227e")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertUnregisterSystemStore([MarshalAs(UnmanagedType.LPWStr)] string pvSystemStore, uint dwFlags);
/// The CertUnregisterSystemStore function unregisters a specified system store.
///
/// Identifies the system store to be unregistered. It points either to a null-terminated Unicode string or to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure. For information about using the structure and on appending a ServiceName or
/// ComputerName to the end of the system store name string, see CertRegisterSystemStore.
///
///
///
/// The high word of the dwFlags parameter specifies the location of the system store. For information about defined high-word flags
/// and on appending ServiceName, UserNames, and ComputerNames to the end of the system store name, see CertRegisterSystemStore.
///
/// The following low-word values are also defined and can be combined with high-word values using a bitwise- OR operation.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// The system store is not in its default registry location and pvSystemStore must be a pointer to a
/// CERT_SYSTEM_STORE_RELOCATE_PARA structure.
///
///
/// -
/// CERT_STORE_DELETE_FLAG
/// The system store is deleted after it has been unregistered.
///
///
///
///
/// If the function succeeds, the return value is TRUE.
/// If the function fails, the return value is FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certunregistersystemstore BOOL CertUnregisterSystemStore(
// const void *pvSystemStore, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "958e4185-4c37-450c-abfc-91b95593227e")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertUnregisterSystemStore(in CERT_SYSTEM_STORE_RELOCATE_PARA pvSystemStore, uint dwFlags);
///
/// The CERT_CREATE_CONTEXT_PARA structure defines additional values that can be used when calling the CertCreateContext function.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_create_context_para typedef struct
// _CERT_CREATE_CONTEXT_PARA { DWORD cbSize; PFN_CRYPT_FREE pfnFree; void *pvFree; PFN_CERT_CREATE_CONTEXT_SORT_FUNC pfnSort; void
// *pvSort; } CERT_CREATE_CONTEXT_PARA, *PCERT_CREATE_CONTEXT_PARA;
[PInvokeData("wincrypt.h", MSDNShortId = "1486cb60-56f0-4ce4-b283-6f92dcbbea26")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_CREATE_CONTEXT_PARA
{
/// The size, in bytes, of this structure.
public uint cbSize;
///
/// A pointer to the function that frees the pbEncoded parameter of the CertCreateContext function. The pfnFree function
/// is called when the context created by CertCreateContext is freed. This value can be NULL, in which case the
/// pbEncoded parameter of the CertCreateContext function is not freed.
///
[MarshalAs(UnmanagedType.FunctionPtr)]
public PFN_CRYPT_FREE pfnFree;
///
/// The address of the memory that gets freed by the pfnFree function. If pvFree is NULL, then the
/// pbEncoded parameter of the CertCreateContext function is freed.
///
public IntPtr pvFree;
///
/// A PFN_CERT_CREATE_CONTEXT_SORT_FUNC function pointer that will be called for each sorted context entry.
///
/// This member is only present for a CERT_STORE_CTL_CONTEXT when the CERT_CREATE_CONTEXT_SORTED_FLAG flag is set
/// in the dwFlags parameter of the CertCreateContext function. You must verify that this member is present before trying to
/// access it by examining the cbSize member of this structure.
///
///
[MarshalAs(UnmanagedType.FunctionPtr)]
public PFN_CERT_CREATE_CONTEXT_SORT_FUNC pfnSort;
///
///
/// An application-defined value that will be passed in the pvSort parameter of the PFN_CERT_CREATE_CONTEXT_SORT_FUNC callback function.
///
///
/// This member is only present for a CERT_STORE_CTL_CONTEXT when the CERT_CREATE_CONTEXT_SORTED_FLAG flag is set
/// in the dwFlags parameter of the CertCreateContext function. You must verify that this member is present before trying to
/// access it by examining the cbSize member of this structure.
///
///
public IntPtr pvSort;
}
///
/// The CERT_PHYSICAL_STORE_INFO structure contains information on physical certificate stores. Some members of these
/// structures are passed directly to system calls of CertOpenStore to open the physical store.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_physical_store_info typedef struct
// _CERT_PHYSICAL_STORE_INFO { DWORD cbSize; LPSTR pszOpenStoreProvider; DWORD dwOpenEncodingType; DWORD dwOpenFlags;
// CRYPT_DATA_BLOB OpenParameters; DWORD dwFlags; DWORD dwPriority; } CERT_PHYSICAL_STORE_INFO, *PCERT_PHYSICAL_STORE_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "ad86f388-27af-442a-a76f-f386f66296ac")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_PHYSICAL_STORE_INFO
{
/// The size, in bytes, of this structure.
public uint cbSize;
///
///
/// A pointer to a string that names a certificate store provider type. This string is passed in a system call to CertOpenStore
/// and determines the provider type of a certificate store to be opened. For the names of predefined certificate store types,
/// see CertOpenStore.
///
///
/// In addition to predefined certificate store provider types, new store provider types can be installed and registered with
/// CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction. For more information, see CertOpenStore.
///
///
public StrPtrAnsi pszOpenStoreProvider;
///
///
/// This member is applicable only when CERT_STORE_PROV_MSG, CERT_STORE_PROV_PKCS7, or CERT_STORE_PROV_FILENAME is passed in
/// lpszStoreProvider. Otherwise, this member is not used.
///
///
/// It is always acceptable to specify both the certificate and message encoding types by combining them with a bitwise-
/// OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
public CertEncodingType dwOpenEncodingType;
///
/// If a system store is opened with the SERVICES or USERS store location, the dwOpenFlags store location is set to
/// CERT_SYSTEM_STORE_USERS or CERT_SYSTEM_STORE_SERVICES.
///
public CertSystemStore dwOpenFlags;
///
/// A CRYPT_DATA_BLOB that contains data to be passed to the pvPara parameter of the CertOpenStore function. The data type
/// depends on the provider specified. For detailed information about the type and content to be passed, see descriptions of
/// available providers in CertOpenStore.
///
public CRYPTOAPI_BLOB OpenParameters;
///
/// The following dwFlags values for CERT_PHYSICAL_STORE_INFO are defined.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG
/// Enables addition to a context to the store.
///
/// -
/// CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG
///
/// Set by the CertRegisterPhysicalStore function. By default, all system stores located in the registry have an implicit
/// SystemRegistry physical store that is opened. To disable the opening of this store, the SystemRegistry physical store that
/// corresponds to the System store must be registered by setting CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG or by registering a
/// physical store named ".Default" with CertRegisterPhysicalStore.
///
///
/// -
/// CERT_PHYSICAL_STORE_REMOTE_OPEN_DISABLE_FLAG
/// Disables remote opening of the physical store.
///
/// -
/// CERT_PHYSICAL_STORE_INSERT_COMPUTER_NAME_ENABLE_FLAG
/// Places the string \\ComputerName in front of other provider types.
///
/// -
/// CERT_SYSTEM_STORE_RELOCATE_FLAG
///
/// Enables CertOpenStore to open a store relative to a user-specified HKEY instead of one of the predefined HKEY constants. For
/// example, HKEY_CURRENT_USER can be replaced with a user-specified HKEY. When CERT_SYSTEM_STORE_RELOCATE_FLAG is set, the
/// pvPara parameter passed to CertOpenStore points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure instead of pointing to the
/// store name as a null-terminated Unicode or ASCII string.
///
///
///
///
public CertPhysicalStoreFlags dwFlags;
///
/// When a system store is opened, its physical stores are ordered according to their dwPriority settings. A higher
/// dwPriority indicates higher priority. The dwPriority member is passed to CertAddStoreToCollection.
///
public uint dwPriority;
}
///
/// The CERT_SYSTEM_STORE_INFO structure contains information used by functions that work with system stores. Currently, no
/// essential information is contained in this structure.
///
/// Currently, no system store information is persisted.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_system_store_info typedef struct
// _CERT_SYSTEM_STORE_INFO { DWORD cbSize; } CERT_SYSTEM_STORE_INFO, *PCERT_SYSTEM_STORE_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "9c17ebd9-423b-4063-bdc3-6be70ceb8623")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_SYSTEM_STORE_INFO
{
/// Size of this structure in bytes.
public uint cbSize;
}
///
/// The CERT_SYSTEM_STORE_RELOCATE_PARA structure contains data to be passed to CertOpenStore when that function's dwFlags
/// parameter is set to CERT_SYSTEM_STORE_RELOCATE_FLAG. It allows the application to specify not only the name of the store to be
/// opened, but also registry hKey information indicating a registry location other than the default location.
///
///
/// The relocate capability is used to access system stores persisted in the Group Policy Template (GPT). For example, the Group
/// Policy Editor's MMC snap-in extension for managing group policy trust lists and certificates uses the GPT's base HKEY to call CertOpenStore.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_system_store_relocate_para typedef struct
// _CERT_SYSTEM_STORE_RELOCATE_PARA { union { HKEY hKeyBase; void *pvBase; } DUMMYUNIONNAME; union { void *pvSystemStore; LPCSTR
// pszSystemStore; LPCWSTR pwszSystemStore; } DUMMYUNIONNAME2; } CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA;
[PInvokeData("wincrypt.h", MSDNShortId = "3bcb9b64-b9cf-48b2-bfd1-0836b3d221af")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_SYSTEM_STORE_RELOCATE_PARA
{
/// A pointer to a void to allow the system store location's base to be passed in a number of different forms.
public IntPtr pvBase;
/// A pointer to a void to allow the name of the system store to be passed in various forms.
public IntPtr pvSystemStore;
}
/// Provides a handle to a certificate store.
[StructLayout(LayoutKind.Sequential)]
public struct HCERTSTORE : IHandle
{
private readonly IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public HCERTSTORE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static HCERTSTORE NULL => new HCERTSTORE(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(HCERTSTORE h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator HCERTSTORE(IntPtr h) => new HCERTSTORE(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(HCERTSTORE h1, HCERTSTORE h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(HCERTSTORE h1, HCERTSTORE h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is HCERTSTORE h ? handle == h.handle : false;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
/// Provides a handle to a cryptographic-signed message.
[StructLayout(LayoutKind.Sequential)]
public struct HCRYPTMSG : IHandle
{
private IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public HCRYPTMSG(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static HCRYPTMSG NULL => new HCRYPTMSG(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(HCRYPTMSG h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator HCRYPTMSG(IntPtr h) => new HCRYPTMSG(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(HCRYPTMSG h1, HCRYPTMSG h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(HCRYPTMSG h1, HCRYPTMSG h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is HCRYPTMSG h ? handle == h.handle : false;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
/// Provides a for that is disposed using .
public class SafeHCERTSTORE : SafeHANDLE
{
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafeHCERTSTORE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// Initializes a new instance of the class.
private SafeHCERTSTORE() : base() { }
///
/// Typically, this property uses the default value zero. The default is to close the store with memory remaining allocated for
/// contexts that have not been freed. In this case, no check is made to determine whether memory for contexts remains allocated.
///
/// Set flags can force the freeing of memory for all of a store's certificate, certificate revocation list (CRL), and
/// certificate trust list (CTL) contexts when the store is closed. Flags can also be set that check whether all of the store's
/// certificate, CRL, and CTL contexts have been freed.The following values are defined.
///
///
public CertCloseStoreFlags Flag { get; set; } = 0;
/// Performs an implicit conversion from to .
/// The safe handle instance.
/// The result of the conversion.
public static implicit operator HCERTSTORE(SafeHCERTSTORE h) => h.handle;
///
protected override bool InternalReleaseHandle() => CertCloseStore(handle, Flag);
}
/// Certificate Store Provider constants.
public static class CertStoreProvider
{
///
public const int CERT_STORE_PROV_MSG = 1;
///
public const int CERT_STORE_PROV_MEMORY = 2;
///
public const int CERT_STORE_PROV_FILE = 3;
///
public const int CERT_STORE_PROV_REG = 4;
///
public const int CERT_STORE_PROV_PKCS7 = 5;
///
public const int CERT_STORE_PROV_SERIALIZED = 6;
///
public const int CERT_STORE_PROV_FILENAME = 8;
///
public const int CERT_STORE_PROV_SYSTEM = 10;
///
public const int CERT_STORE_PROV_COLLECTION = 11;
///
public const int CERT_STORE_PROV_SYSTEM_REGISTRY = 13;
///
public const int CERT_STORE_PROV_PHYSICAL = 14;
///
public const int CERT_STORE_PROV_SMART_CARD = 15;
///
public const int CERT_STORE_PROV_LDAP = 16;
///
public const int CERT_STORE_PROV_PKCS12 = 17;
///
public const string sz_CERT_STORE_PROV_MEMORY = "Memory";
///
public const string sz_CERT_STORE_PROV_FILENAME = "File";
///
public const string sz_CERT_STORE_PROV_SYSTEM = "System";
///
public const string sz_CERT_STORE_PROV_PKCS7 = "PKCS7";
///
public const string sz_CERT_STORE_PROV_PKCS12 = "PKCS12";
///
public const string sz_CERT_STORE_PROV_SERIALIZED = "Serialized";
///
public const string sz_CERT_STORE_PROV_COLLECTION = "Collection";
///
public const string sz_CERT_STORE_PROV_SYSTEM_REGISTRY = "SystemRegistry";
///
public const string sz_CERT_STORE_PROV_PHYSICAL = "Physical";
///
public const string sz_CERT_STORE_PROV_SMART_CARD = "SmartCard";
///
public const string sz_CERT_STORE_PROV_LDAP = "Ldap";
}
}
}