(Unicode C++) Import a PFX/P12 into the Windows Certificate Stores

Demonstrates how to import the certificates contained in a .pfx/.p12 to the Windows certificate stores.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <CkCertW.h>
#include <CkCertChainW.h>
#include <CkCertStoreW.h>

void ChilkatSample(void)
    {
    CkCertW primaryCert;

    // Load a PFX file into a certificate object.
    // The cert object will contain the certificate from the PFX that has a private key.
    // The certs in the chain of authentication (if contained in the PFX) are also loaded,
    // and can be accessed by getting the certificate chain (see below).
    // If the PFX did not include the issuer certs in the chain of authentication, then Chilkat will
    // automatically try to construct the issuer chain from the CA and intermedicate CA certs
    // already installed on the Windows system.
    const wchar_t *pfxPassword = L"myPfxPassword";
    bool success = primaryCert.LoadPfxFile(L"qa_data/pfx/somePfx.p12",pfxPassword);
    if (success == false) {
        wprintf(L"%s\n",primaryCert.lastErrorText());
        return;
    }

    CkCertChainW *certChain = primaryCert.GetCertChain();
    if (primaryCert.get_LastMethodSuccess() == false) {
        wprintf(L"%s\n",primaryCert.lastErrorText());
        return;
    }

    // If the certificate chain reaches the root CA cert, then the last cert in the chain
    // is the root CA cert.
    bool chainReachesRoot = certChain->get_ReachesRoot();
    if (chainReachesRoot == true) {
        wprintf(L"The certificate chain reaches the root CA cert.\n");
    }

    CkCertW *cert = 0;
    int i = 0;
    int numCerts = certChain->get_NumCerts();
    while (i < numCerts) {
        cert = certChain->GetCert(i);
        wprintf(L"SubjectDN %d: %s\n",i,cert->subjectDN());
        wprintf(L"IssuerDN %d: %s\n",i,cert->issuerDN());
        wprintf(L"--\n");
        delete cert;
        i = i + 1;
    }

    // The primary cert having the private key will be imported into the Current User "My" certificate store.
    // Any intermediate root certificates will be imported into certificate store for intermediate certificate authorities.
    // The root CA cert will be imported into the Root CA cert store.

    // Let's open each of these 3 certificate stores..
    CkCertStoreW certStoreCU;
    CkCertStoreW certStoreCA;
    CkCertStoreW certStoreRootCA;
    bool readOnlyFlag = false;

    // "CurrentUser" and "My" are the exact keywords to select your user account's certificate store.
    success = certStoreCU.OpenWindowsStore(L"CurrentUser",L"My",readOnlyFlag);
    if (success == false) {
        wprintf(L"Failed to open the CurrentUser/My certificate store for read/write.\n");
        delete certChain;
        return;
    }

    // Certificate store for intermediate certification authorities (CAs). 
    success = certStoreCA.OpenWindowsStore(L"CurrentUser",L"CertificationAuthority",readOnlyFlag);
    if (success == false) {
        wprintf(L"Failed to open the CurrentUser/CertificationAuthority certificate store for read/write.\n");
        delete certChain;
        return;
    }

    // Certificate store for trusted root certification authorities (CAs). 
    success = certStoreRootCA.OpenWindowsStore(L"CurrentUser",L"Root",readOnlyFlag);
    if (success == false) {
        wprintf(L"Failed to open the CurrentUser/Root certificate store for read/write.\n");
        delete certChain;
        return;
    }

    // Iterate over the certs in the chain and import each into the desired certificate store.
    bool allSuccess = true;
    i = 0;
    while (i < numCerts) {
        cert = certChain->GetCert(i);
        if (i == 0) {
            // Import the primary certificate into the CurrentUser/My certificate store.
            success = certStoreCU.AddCertificate(*cert);
            if (success == false) {
                wprintf(L"%s\n",certStoreCU.lastErrorText());
                allSuccess = false;
            }

        }
        else {
            if ((i == (numCerts - 1)) && (chainReachesRoot == true)) {
                // Add the root CA certificate to the CurrentUser/Root certificate store.
                // (Your application can obviously choose whether this should be done or not.  Perhaps you prompt the user.)

                // Note: If the root CA cert is already present in the Windows certificate store, Windows will display
                // a dialog to ask if it should be deleted.  Chilkat does not explicitly display dialogs.
                success = certStoreRootCA.AddCertificate(*cert);
                if (success == false) {
                    wprintf(L"%s\n",certStoreRootCA.lastErrorText());
                    allSuccess = false;
                }

            }
            else {
                // This is an intermediate CA certificate.
                success = certStoreCA.AddCertificate(*cert);
                if (success == false) {
                    wprintf(L"%s\n",certStoreCA.lastErrorText());
                    allSuccess = false;
                }

            }

        }

        if (success == false) {
            wprintf(L"Failed to import certificate.\n");
        }

        delete cert;
        i = i + 1;
    }

    delete certChain;

    wprintf(L"allSuccess = %d\n",allSuccess);
    }