Obtaining list of local computer personal certificates

[readmedottxt]

I can't find anything in the help file and I'm unsure if anything other than the certutil.exe command is available.

Are there any programmatic ways of obtaining the following data: ?

certutil.exe -store my

I can write something to parse the result using StdOutRead however I'd rather a proper way of getting a list.

Can anyone help?

Edited June 17, 2010 by readmedottxt

[PsaltyDS]

Method depends on the store you want to see. This should work for IE:

Global Const $wbemFlagReturnImmediately = 0x10
Global Const $wbemFlagForwardOnly = 0x20
Global $wbemFlags = $wbemFlagReturnImmediately + $wbemFlagForwardOnly

Global $oWMI = ObjGet("winmgmts:\\" & @ComputerName & "CIMV2\Applications\MicrosoftIE")
$colCerts = $oWMI.ExecQuery("SELECT * FROM MicrosoftIE_Certificate", "WQL", $wbemFlags)
For $oCert In $colCerts
    ConsoleWrite("Caption: " & $oCert.Caption & @LF)
    ConsoleWrite("Description: " & $oCert.Description & @LF)
    ConsoleWrite("IssuedBy: " & $oCert.IssuedBy & @LF)
    ConsoleWrite("IssuedTo: " & $oCert.IssuedTo & @LF)
    ConsoleWrite("SettingID: " & $oCert.SettingID & @LF)
    ConsoleWrite("SignatureAlgorithm: " & $oCert.SignatureAlgorithm & @LF)
    ConsoleWrite("Type: " & $oCert.Type & @LF)
    ConsoleWrite("Validity: " & $oCert.Validity & @LF)
Next

[PsaltyDS]

Googling around, I found some references to the automation interface for MMC and tried this:

expandcollapse popup

; List personal certificates via MMC application object model
; See MSDN:  MMC 2.0 Automation Object Model  (http://msdn.microsoft.com/en-us/library/aa815049%28VS.85%29.aspx)

Global $oMMC_App, $sMMC_Ver, $sMsg
Global $oCerts_Doc, $oCerts_ScopeNS
Global $oCerts_Root, $oCerts_Child
Global $oCurrentUser

; COM Error handler
$oAutoItError = ObjEvent("AutoIt.Error", "_AutoItError")

; MMC Application object
$oMMC_App = ObjCreate("MMC20.Application")
If IsObj($oMMC_App) Then
    $sMMC_Ver = $oMMC_App.VersionMajor & "." & $oMMC_App.VersionMinor
    ConsoleWrite("MMC version = " & $sMMC_Ver & @LF)

    ; Load document (Certificates SnapIn)
    $oMMC_App.Load("certmgr.msc")

    ; MMC document
    $oCerts_Doc = $oMMC_App.Document
    If IsObj($oCerts_Doc) Then
        $sMsg = "$oCerts_Doc.Location = " & $oCerts_Doc.Location & "; $oCerts_Doc.Name = " & $oCerts_Doc.Name
        ConsoleWrite("Certificates document loaded:  " & $sMsg & @LF)

        ; ScopeNamespace object
        $oCerts_ScopeNS = $oCerts_Doc.ScopeNamespace
        If IsObj($oCerts_ScopeNS) Then
            ConsoleWrite("Certificates document scope namespace retrieved." & @LF)

            ; Console root node (the root node is the top scope (tree) node)
            $oCerts_Root = $oCerts_Doc.RootNode
            If IsObj($oCerts_Root) Then
                $sMsg = @TAB & "$oCerts_Root.IsScopeNode() = " & $oCerts_Root.IsScopeNode() & @LF & _
                        @TAB & "$oCerts_Root.Name = " & $oCerts_Root.Name & @LF & _
                        @TAB & "$oCerts_Root.NodeType = " & $oCerts_Root.NodeType
                ConsoleWrite("Certificates console root node retrieved:" & @LF & $sMsg & @LF)

                ; First child of root node
                $oCerts_Child = $oCerts_ScopeNS.GetChild($oCerts_Root)
                If IsObj($oCerts_Child) Then
                    $sMsg = @TAB & "$oCerts_Child.IsScopeNode() = " & $oCerts_Child.IsScopeNode() & @LF & _
                            @TAB & "$oCerts_Child.Name = " & $oCerts_Child.Name & @LF & _
                            @TAB & "$oCerts_Child.NodeType = " & $oCerts_Child.NodeType
                    ConsoleWrite("First child of root node retrieved:" & @LF & $sMsg & @LF)

                    ; First child should be Current User
                    If StringInStr($oCerts_Child.Name, "Current User") Then
                        $oCurrentUser = $oCerts_Child
                        ConsoleWrite("Certificates - Current User node found." & @LF)

                        _MMCRecurseView($oCurrentUser)
                    Else
                        ConsoleWrite("Error retrieving next child of root node." & @LF)
                    EndIf
                Else
                    ConsoleWrite("Error first child of root node." & @LF)
                EndIf
            Else
                ConsoleWrite("Error retrieving Certificates console root node." & @LF)
            EndIf
        Else
            ConsoleWrite("Error retrieving Certificates document scope namespace." & @LF)
        EndIf
    Else
        ConsoleWrite("Error loading Certificates document." & @LF)
    EndIf
Else
    ConsoleWrite("Error creating MMC application object." & @LF)
EndIf


; Clean up objects
$oCurrentUser = ""
$oCerts_Child = ""
$oCerts_Root = ""
$oCerts_ScopeNS = ""
$oCerts_Doc.Close
$oMMC_App.Quit()


; console write a recursive listing of nodes
Func _MMCRecurseView($oNode)
    ; Check first child
    Local $oChild = $oCerts_ScopeNS.GetChild($oNode)
    If IsObj($oChild) Then
        ConsoleWrite(@LF & "Node found: name = " & $oChild.Name & "; Type GUID = " & $oChild.NodeType & @LF)
        If $oChild.IsScopeNode() Then
            ConsoleWrite("This is a scope node." & @LF)
            $oCerts_ScopeNS.Expand($oChild)
            ConsoleWrite("Expanded node." & @LF)
            _MMCRecurseView($oChild)
        EndIf

        ; Check siblings
        While 1
            $oChild = $oCerts_ScopeNS.GetNext($oChild)
            If IsObj($oChild) Then
                ConsoleWrite(@LF & "Node found: name = " & $oChild.Name & "; Type GUID = " & $oChild.NodeType & @LF)
                If $oChild.IsScopeNode() Then
                    ConsoleWrite("This is a scope node." & @LF)
                    $oCerts_ScopeNS.Expand($oChild)
                    ConsoleWrite("Expanded node." & @LF)
                    _MMCRecurseView($oChild)
                EndIf
            Else
                ConsoleWrite("Sibling is not an object." & @LF)
                ExitLoop
            EndIf
        WEnd
    Else
        ConsoleWrite("First child not an object." & @LF)
    EndIf
EndFunc   ;==>_MMCRecurseView

Func _AutoItError()
    Local $HexNumber = Hex($oAutoItError.number, 8)
    ConsoleWrite(@LF & "-------------------------------------------------" & @LF & _
            "AutoIt COM Error (may be expected):" & @LF & _
            "Number is: " & $HexNumber & @LF & _
            "-------------------------------------------------" & @LF & @LF)
EndFunc   ;==>_AutoItError

It doesn't quite work because once you get down to a 'Certificates' node, you have to change APIs from the MMC to the SnapIn's (certmgr.msc in this case). The DOM for MMC and the COM interface for it are well documented, but I haven't been able to find anything documenting an automation interface to the CertMgr objects under the MMC.

I don't know that it is worth the effort to chase that down either, since CertUtil.exe or CAPICOM probably provide more functionality.

Edited June 18, 2010 by PsaltyDS

[readmedottxt]

I found it!

I experimented with the code snippets posted but couldn't get what I need. I eventually found some vbs examples, converted them to au3 and presto!

Thanks very much for the assistance

$CertStore = ObjCreate("CAPICOM.Store")
$CertStore.Open (1, "My" , 0) ; local machine store, "my", read only
$Certificates = $CertStore.Certificates

Now I have an array ($Certificates) to parse and perform tasks.

Having never played with CAPICOM before, I didn't know what to do or where to begin. Everything appeared like you couldn't use it by script, I did plenty of reading of CryptoAPI and other stuff but it turned out nice and easy.

Cheers