Milan, your absolutely right...
That post made no sense whatsoever... Sorry (looks like I wrote it
whilst under the influence).
What I was trying to explain was that; i have a windows service running
under the NT_AUTHORITY\Network Service account and i want to get a valid
certContext for it.
I have tried passing in "servicename\trusted root certification
authorities" instead of "ROOT" or "MY" inside CertOpenStore() but no
luck !
*) If i run the service as Administrator, and set; signerName ="STEVE"
and
storeName = "ROOT"; everything works as expected.
*) If i run the service under the more restrictive "NT_AUTHORITY\Network
Service" and set; signerName ="STEVE" and storeName = "ROOT";
CertFindCertificateInStore() fails ...
*) I have installed the certificate inside the Service Account keystore
via
MMC->Add/Remove SnapIn->Certificates->Service Account-> [browse
list to find the service]
This brings up the certificate store and names it
servicename\Personal
servicename\trusted root certification authorities
right click on "servicename\trusted root certification authorities"
and import ..
Unfortunately .. armed with this information i still can not get the
code to work ..
i have tried setting signerName ="STEVE" and storeName =
"servicename\trusted root certification authorities";
But no luck.. it always fails in CertFindCertificateInStore() -
presumably i opened the wrong store!
Thankyou very much for reading this far.
Steve
My current code is :-
HCERTSTORE certStore = NULL;
PCCERT_CONTEXT certContext = NULL;
certStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL,
CERT_SYSTEM_STORE_CURRENT_USER
| CERT_STORE_READONLY_FLAG , storeName);
if(certStore == NULL)
{
return GetLastError()
}
certContext = CertFindCertificateInStore(certStore,
(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING), 0,
CERT_FIND_SUBJECT_STR, signerName, NULL);
CertCloseStore(certStore, 0); // close the store regardless
if(certContext == NULL)
{
return GetLastError()
}
prov = WinCAPICryptoProv(NULL, NULL, 0);
X509 = new WinCAPICryptoX509(certContext, prov ->getProviderRSA(),
prov ->getProviderDSS());
-----Original Message-----
From: Milan Tomic [mailto:[EMAIL PROTECTED]
Sent: 28 July 2005 08:39
To: security-dev@xml.apache.org
Subject: RE: WinCAPICryptoProvider(NULL, NULL, CRYPT_MACHINE_KEYSET) -
CryptAquireContext() fails when I run a process as a restriced user
> On another note, if I have a service and I install a certificate into
> that service acct via mmc add certificates, service acct. Would I
> need to change parameters passed to the CertFindContext() Fn()? I
> presume yes...
I don't understand your question and there is no CertFindContext()
function. :(
Best regards,
Milan
