Find certificate from Windows store using its thumbprint (replaces PR #2125) (#5023)

* Find certificate from Windows store using its thumbprint * Address review comments --------- Co-authored-by: Hussein Ismail <hussein.ismail@m-files.com>
2025-12-09 00:07:35 +01:00 · 2025-09-12 11:30:28 +02:00
parent dbc800083e
commit e2920f36da
4 changed files with 78 additions and 26 deletions
--- a/NetSSL_Win/include/Poco/Net/Context.h
+++ b/NetSSL_Win/include/Poco/Net/Context.h
@@ -127,11 +127,13 @@ public:
 		OPT_LOAD_CERT_FROM_FILE         = 0x10,
 			/// Load certificate and private key from a PKCS #12 (.pfx) file,
 			/// and not from the certificate store.
+		OPT_USE_CERT_HASH               = 0x20,
+			/// Find the certificate using thumbprint.
 		OPT_DEFAULTS                    = OPT_PERFORM_REVOCATION_CHECK | OPT_TRUST_ROOTS_WIN_CERT_STORE | OPT_USE_STRONG_CRYPTO
 	};

 	Context(Usage usage,
-		const std::string& certificateNameOrPath,
+		const std::string& certificateInfoOrPath,
 		VerificationMode verMode = VERIFY_RELAXED,
 		int options = OPT_DEFAULTS,
 		const std::string& certificateStoreName = CERT_STORE_MY);
@@ -139,7 +141,7 @@ public:
 			///
 			///   * usage specifies whether the context is used by a client or server,
 			///     as well as which protocol to use.
-			///   * certificateNameOrPath specifies either the subject name of the certificate to use,
+			///   * certificateInfoOrPath specifies either the subject name or thumbprint of the certificate to use,
 			///     or the path of a PKCS #12 file containing the certificate and corresponding private key.
 			///     If a subject name is specified, the certificate must be located in the certificate
 			///     store specified by certificateStoreName. If a path is given, the OPT_LOAD_CERT_FROM_FILE
@@ -240,7 +242,7 @@ private:
 	int                        _options;
 	int                        _disabledProtocols;
 	bool                       _extendedCertificateVerification;
-	std::string                _certNameOrPath;
+	std::string                _certInfoOrPath;
 	std::string                _certStoreName;
 	HCERTSTORE                 _hMemCertStore;
 	HCERTSTORE                 _hCollectionCertStore;
--- a/NetSSL_Win/include/Poco/Net/SSLManager.h
+++ b/NetSSL_Win/include/Poco/Net/SSLManager.h
@@ -73,6 +73,8 @@ class NetSSL_Win_API SSLManager
 	///       <schannel>
 	///          <server|client>
 	///            <certificateName>cert Id</certificateName>
+	///            <certificateHash>cert thumbprint</certificateHash>
+	///            <certificatePath>path of a certificate</certificatePath>
 	///            <certificateStore>MY</certificateStore>
 	///            <verificationMode>none|relaxed|strict</verificationMode>
 	///            <revocationCheck>true|false</revocationCheck>
@@ -102,7 +104,9 @@ class NetSSL_Win_API SSLManager
 	/// for servers.
 	///
 	///    - certificateName (string): The subject name of the certificate to use. The certificate must
-	///      be available in the Windows user or machine certificate store.
+	///      be available in the Windows user or machine certificate store.  
+	///    - certificateHash (string): The thumbprint of the certificate to use. Alternative for certificateName.
+	///      The certificate must be available in the Windows user or machine certificate store.
 	///    - certificatePath (string): The path of a certificate and private key file in PKCS #12 format.
 	///    - certificateStore (string): The certificate store location to use.
 	///      Valid values are "MY", "Root", "Trust" or "CA". Defaults to "MY".
@@ -269,6 +273,8 @@ private:

 	static const std::string CFG_CERT_NAME;
 	static const std::string VAL_CERT_NAME;
+	static const std::string CFG_CERT_HASH;
+	static const std::string VAL_CERT_HASH;
 	static const std::string CFG_CERT_PATH;
 	static const std::string VAL_CERT_PATH;
 	static const std::string CFG_CERT_STORE;