readmedottxt Posted June 17, 2010 Posted June 17, 2010 (edited) I can't find anything in the help file and I'm unsure if anything other than the certutil.exe command is available. Are there any programmatic ways of obtaining the following data: ? certutil.exe -store my I can write something to parse the result using StdOutRead however I'd rather a proper way of getting a list. Can anyone help? Edited June 17, 2010 by readmedottxt
PsaltyDS Posted June 17, 2010 Posted June 17, 2010 Method depends on the store you want to see. This should work for IE: Global Const $wbemFlagReturnImmediately = 0x10 Global Const $wbemFlagForwardOnly = 0x20 Global $wbemFlags = $wbemFlagReturnImmediately + $wbemFlagForwardOnly Global $oWMI = ObjGet("winmgmts:\\" & @ComputerName & "CIMV2\Applications\MicrosoftIE") $colCerts = $oWMI.ExecQuery("SELECT * FROM MicrosoftIE_Certificate", "WQL", $wbemFlags) For $oCert In $colCerts ConsoleWrite("Caption: " & $oCert.Caption & @LF) ConsoleWrite("Description: " & $oCert.Description & @LF) ConsoleWrite("IssuedBy: " & $oCert.IssuedBy & @LF) ConsoleWrite("IssuedTo: " & $oCert.IssuedTo & @LF) ConsoleWrite("SettingID: " & $oCert.SettingID & @LF) ConsoleWrite("SignatureAlgorithm: " & $oCert.SignatureAlgorithm & @LF) ConsoleWrite("Type: " & $oCert.Type & @LF) ConsoleWrite("Validity: " & $oCert.Validity & @LF) Next Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
PsaltyDS Posted June 18, 2010 Posted June 18, 2010 (edited) Googling around, I found some references to the automation interface for MMC and tried this: expandcollapse popup; List personal certificates via MMC application object model ; See MSDN: MMC 2.0 Automation Object Model (http://msdn.microsoft.com/en-us/library/aa815049%28VS.85%29.aspx) Global $oMMC_App, $sMMC_Ver, $sMsg Global $oCerts_Doc, $oCerts_ScopeNS Global $oCerts_Root, $oCerts_Child Global $oCurrentUser ; COM Error handler $oAutoItError = ObjEvent("AutoIt.Error", "_AutoItError") ; MMC Application object $oMMC_App = ObjCreate("MMC20.Application") If IsObj($oMMC_App) Then $sMMC_Ver = $oMMC_App.VersionMajor & "." & $oMMC_App.VersionMinor ConsoleWrite("MMC version = " & $sMMC_Ver & @LF) ; Load document (Certificates SnapIn) $oMMC_App.Load("certmgr.msc") ; MMC document $oCerts_Doc = $oMMC_App.Document If IsObj($oCerts_Doc) Then $sMsg = "$oCerts_Doc.Location = " & $oCerts_Doc.Location & "; $oCerts_Doc.Name = " & $oCerts_Doc.Name ConsoleWrite("Certificates document loaded: " & $sMsg & @LF) ; ScopeNamespace object $oCerts_ScopeNS = $oCerts_Doc.ScopeNamespace If IsObj($oCerts_ScopeNS) Then ConsoleWrite("Certificates document scope namespace retrieved." & @LF) ; Console root node (the root node is the top scope (tree) node) $oCerts_Root = $oCerts_Doc.RootNode If IsObj($oCerts_Root) Then $sMsg = @TAB & "$oCerts_Root.IsScopeNode() = " & $oCerts_Root.IsScopeNode() & @LF & _ @TAB & "$oCerts_Root.Name = " & $oCerts_Root.Name & @LF & _ @TAB & "$oCerts_Root.NodeType = " & $oCerts_Root.NodeType ConsoleWrite("Certificates console root node retrieved:" & @LF & $sMsg & @LF) ; First child of root node $oCerts_Child = $oCerts_ScopeNS.GetChild($oCerts_Root) If IsObj($oCerts_Child) Then $sMsg = @TAB & "$oCerts_Child.IsScopeNode() = " & $oCerts_Child.IsScopeNode() & @LF & _ @TAB & "$oCerts_Child.Name = " & $oCerts_Child.Name & @LF & _ @TAB & "$oCerts_Child.NodeType = " & $oCerts_Child.NodeType ConsoleWrite("First child of root node retrieved:" & @LF & $sMsg & @LF) ; First child should be Current User If StringInStr($oCerts_Child.Name, "Current User") Then $oCurrentUser = $oCerts_Child ConsoleWrite("Certificates - Current User node found." & @LF) _MMCRecurseView($oCurrentUser) Else ConsoleWrite("Error retrieving next child of root node." & @LF) EndIf Else ConsoleWrite("Error first child of root node." & @LF) EndIf Else ConsoleWrite("Error retrieving Certificates console root node." & @LF) EndIf Else ConsoleWrite("Error retrieving Certificates document scope namespace." & @LF) EndIf Else ConsoleWrite("Error loading Certificates document." & @LF) EndIf Else ConsoleWrite("Error creating MMC application object." & @LF) EndIf ; Clean up objects $oCurrentUser = "" $oCerts_Child = "" $oCerts_Root = "" $oCerts_ScopeNS = "" $oCerts_Doc.Close $oMMC_App.Quit() ; console write a recursive listing of nodes Func _MMCRecurseView($oNode) ; Check first child Local $oChild = $oCerts_ScopeNS.GetChild($oNode) If IsObj($oChild) Then ConsoleWrite(@LF & "Node found: name = " & $oChild.Name & "; Type GUID = " & $oChild.NodeType & @LF) If $oChild.IsScopeNode() Then ConsoleWrite("This is a scope node." & @LF) $oCerts_ScopeNS.Expand($oChild) ConsoleWrite("Expanded node." & @LF) _MMCRecurseView($oChild) EndIf ; Check siblings While 1 $oChild = $oCerts_ScopeNS.GetNext($oChild) If IsObj($oChild) Then ConsoleWrite(@LF & "Node found: name = " & $oChild.Name & "; Type GUID = " & $oChild.NodeType & @LF) If $oChild.IsScopeNode() Then ConsoleWrite("This is a scope node." & @LF) $oCerts_ScopeNS.Expand($oChild) ConsoleWrite("Expanded node." & @LF) _MMCRecurseView($oChild) EndIf Else ConsoleWrite("Sibling is not an object." & @LF) ExitLoop EndIf WEnd Else ConsoleWrite("First child not an object." & @LF) EndIf EndFunc ;==>_MMCRecurseView Func _AutoItError() Local $HexNumber = Hex($oAutoItError.number, 8) ConsoleWrite(@LF & "-------------------------------------------------" & @LF & _ "AutoIt COM Error (may be expected):" & @LF & _ "Number is: " & $HexNumber & @LF & _ "-------------------------------------------------" & @LF & @LF) EndFunc ;==>_AutoItError It doesn't quite work because once you get down to a 'Certificates' node, you have to change APIs from the MMC to the SnapIn's (certmgr.msc in this case). The DOM for MMC and the COM interface for it are well documented, but I haven't been able to find anything documenting an automation interface to the CertMgr objects under the MMC. I don't know that it is worth the effort to chase that down either, since CertUtil.exe or CAPICOM probably provide more functionality. Edited June 18, 2010 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
readmedottxt Posted June 20, 2010 Author Posted June 20, 2010 I found it! I experimented with the code snippets posted but couldn't get what I need. I eventually found some vbs examples, converted them to au3 and presto! Thanks very much for the assistance $CertStore = ObjCreate("CAPICOM.Store") $CertStore.Open (1, "My" , 0) ; local machine store, "my", read only $Certificates = $CertStore.Certificates Now I have an array ($Certificates) to parse and perform tasks. Having never played with CAPICOM before, I didn't know what to do or where to begin. Everything appeared like you couldn't use it by script, I did plenty of reading of CryptoAPI and other stuff but it turned out nice and easy. Cheers
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now