(C++) Import a PFX/P12 into the Windows Certificate Stores

Demonstrates how to import the certificates contained in a .pfx/.p12 to the Windows certificate stores.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <CkCert.h>
#include <CkCertChain.h>
#include <CkCertStore.h>

void ChilkatSample(void)
    {
    CkCert primaryCert;

    // Load a PFX file into a certificate object.
    // The cert object will contain the certificate from the PFX that has a private key.
    // The certs in the chain of authentication (if contained in the PFX) are also loaded,
    // and can be accessed by getting the certificate chain (see below).
    // If the PFX did not include the issuer certs in the chain of authentication, then Chilkat will
    // automatically try to construct the issuer chain from the CA and intermedicate CA certs
    // already installed on the Windows system.
    const char *pfxPassword = "myPfxPassword";
    bool success = primaryCert.LoadPfxFile("qa_data/pfx/somePfx.p12",pfxPassword);
    if (success == false) {
        std::cout << primaryCert.lastErrorText() << "\r\n";
        return;
    }

    CkCertChain *certChain = primaryCert.GetCertChain();
    if (primaryCert.get_LastMethodSuccess() == false) {
        std::cout << primaryCert.lastErrorText() << "\r\n";
        return;
    }

    // If the certificate chain reaches the root CA cert, then the last cert in the chain
    // is the root CA cert.
    bool chainReachesRoot = certChain->get_ReachesRoot();
    if (chainReachesRoot == true) {
        std::cout << "The certificate chain reaches the root CA cert." << "\r\n";
    }

    CkCert *cert = 0;
    int i = 0;
    int numCerts = certChain->get_NumCerts();
    while (i < numCerts) {
        cert = certChain->GetCert(i);
        std::cout << "SubjectDN " << i << ": " << cert->subjectDN() << "\r\n";
        std::cout << "IssuerDN " << i << ": " << cert->issuerDN() << "\r\n";
        std::cout << "--" << "\r\n";
        delete cert;
        i = i + 1;
    }

    // The primary cert having the private key will be imported into the Current User "My" certificate store.
    // Any intermediate root certificates will be imported into certificate store for intermediate certificate authorities.
    // The root CA cert will be imported into the Root CA cert store.

    // Let's open each of these 3 certificate stores..
    CkCertStore certStoreCU;
    CkCertStore certStoreCA;
    CkCertStore certStoreRootCA;
    bool readOnlyFlag = false;

    // "CurrentUser" and "My" are the exact keywords to select your user account's certificate store.
    success = certStoreCU.OpenWindowsStore("CurrentUser","My",readOnlyFlag);
    if (success == false) {
        std::cout << "Failed to open the CurrentUser/My certificate store for read/write." << "\r\n";
        delete certChain;
        return;
    }

    // Certificate store for intermediate certification authorities (CAs). 
    success = certStoreCA.OpenWindowsStore("CurrentUser","CertificationAuthority",readOnlyFlag);
    if (success == false) {
        std::cout << "Failed to open the CurrentUser/CertificationAuthority certificate store for read/write." << "\r\n";
        delete certChain;
        return;
    }

    // Certificate store for trusted root certification authorities (CAs). 
    success = certStoreRootCA.OpenWindowsStore("CurrentUser","Root",readOnlyFlag);
    if (success == false) {
        std::cout << "Failed to open the CurrentUser/Root certificate store for read/write." << "\r\n";
        delete certChain;
        return;
    }

    // Iterate over the certs in the chain and import each into the desired certificate store.
    bool allSuccess = true;
    i = 0;
    while (i < numCerts) {
        cert = certChain->GetCert(i);
        if (i == 0) {
            // Import the primary certificate into the CurrentUser/My certificate store.
            success = certStoreCU.AddCertificate(*cert);
            if (success == false) {
                std::cout << certStoreCU.lastErrorText() << "\r\n";
                allSuccess = false;
            }

        }
        else {
            if ((i == (numCerts - 1)) && (chainReachesRoot == true)) {
                // Add the root CA certificate to the CurrentUser/Root certificate store.
                // (Your application can obviously choose whether this should be done or not.  Perhaps you prompt the user.)

                // Note: If the root CA cert is already present in the Windows certificate store, Windows will display
                // a dialog to ask if it should be deleted.  Chilkat does not explicitly display dialogs.
                success = certStoreRootCA.AddCertificate(*cert);
                if (success == false) {
                    std::cout << certStoreRootCA.lastErrorText() << "\r\n";
                    allSuccess = false;
                }

            }
            else {
                // This is an intermediate CA certificate.
                success = certStoreCA.AddCertificate(*cert);
                if (success == false) {
                    std::cout << certStoreCA.lastErrorText() << "\r\n";
                    allSuccess = false;
                }

            }

        }

        if (success == false) {
            std::cout << "Failed to import certificate." << "\r\n";
        }

        delete cert;
        i = i + 1;
    }

    delete certChain;

    std::cout << "allSuccess = " << allSuccess << "\r\n";
    }