EnumCertificates

Security and signatures

Description

Enumerates every certificate in a Windows system certificate store and returns its metadata. Each entry carries the Subject and Issuer simple-display names, the serial number (uppercase hex, MSB first), the NotBefore/NotAfter validity window, a HasPrivateKey flag (required for signing), a Qualified flag (true when the cert carries the eIDAS QCStatements extension, OID 0.4.0.1862.1.7, detected via a built-in DER decoder), and a CertHandle (the raw PCCERT_CONTEXT).

The CertHandle is valid only for the duration of the call; callers that want to keep a handle for later signing must duplicate it via CertDuplicateCertificateContext and then pass it to SetSignProcessCertFromStoreByHandle.

Syntax

Delphi

Function TPDFlib.EnumCertificates(Const StoreName: WideString; UseMachineStore: Boolean; Out Certs: Array Of TPDFlibCertificateInfo): Integer;

Parameters

StoreNameThe Windows system store name ("MY", "Root", "CA", ...)
UseMachineStoreTrue for CERT_SYSTEM_STORE_LOCAL_MACHINE, False for CERT_SYSTEM_STORE_CURRENT_USER
CertsCaller-allocated array filled with certificate metadata up to its length

Return values

>= 0The number of certificates written into Certs (may be less than the store size if the array is too small)