Identities

This category covers identities of the user, their security identifiers (SID), and their digital certificates (with just public key or with private key).

Enumerations

enum HSDCCertificateTypes : DWORD { HSDCCertificateMachine = 0, HSDCCertificateUser }

The object to which a certificate is applied.

enum HSDCCertificateStores : DWORD { HSDCCertificateStoresLocal = 0, HSDCCertificateStoresAll }

The type of store to query for certificates.

enum HSDCCertificateAccesses : DWORD { HSDCCertificateAccessPublic = 0, HSDCCertificateAccessPrivate }

Certificate Access Types.

Functions

HSDCError HSDCAPI HSDCGetSecurityIdentities (char **pJstr)

Lists the current SIDs tied to the current token, this includes the current user account and all the groups they belong to. If the token has some restriction owing to UAC, then it is flagged too.

HSDCError HSDCAPI HSDCGetCertificates (DWORD type, DWORD store, DWORD access, const wchar_t *identity, char **pJstr)

Gathers the list of digital certificates from the local store or from all stores (Local and AD) with public access or with full access (including private key) matching selected criteria.

HSDCError HSDCAPI HSDCRequestCertificate (DWORD type, const char *jstr, char **pJstr)

Requests a new certificate from the default Certification Authority.

Enumeration Type Documentation

HSDCCertificateTypes

enum HSDCCertificateTypes : DWORD

The object to which a certificate is applied.

Enumerators

HSDCCertificateMachine	Machine certificates
HSDCCertificateUser	User certificates

HSDCCertificateStores

enum HSDCCertificateStores : DWORD

The type of store to query for certificates.

Enumerators

HSDCCertificateStoresLocal	Local Cert Stores
HSDCCertificateStoresAll	All stores

HSDCCertificateAccesses

enum HSDCCertificateAccesses : DWORD

Certificate Access Types

Enumerators

HSDCCertificateAccessPublic	Public certs
HSDCCertificateAccessPrivate	Private certs

Function Documentation

HSDCGetSecurityIdentities()

HSDCError HSDCAPI HSDCGetSecurityIdentities ( char ** pJstr )

Lists the current SIDs tied to the current token, this includes the current user account and all the groups they belong to. If the token has some restriction owing to UAC, then it is flagged too.

Parameters

pJstr

Returns a JSON string with all details, formatted as below:

Copy

{
    "restricted": false,
    "identities": [
        {
            "domain": "CORP",
            "group": false,
            "name": "hubertb",
            "sid": "S-1-5-21-812910569-3317027032-1161269547-7039",
            "type": "domain"
        },
        {
            "domain": "CORP",
            "group": true,
            "name": "Domain Users",
            "sid": "S-1-5-21-812910569-3317027032-1161269547-513",
            "type": "domain"
        },
        ...
    ]
}

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error

HSDCGetCertificates()

HSDCError HSDCAPI HSDCGetCertificates ( DWORD type, DWORD store, DWORD access, const wchar_t * identity, char ** pJstr )

Gathers the list of digital certificates from the local store or from all stores (Local and AD) with public access or with full access (including private key) matching one of the following criteria:

CERT_KEY_ENCIPHERMENT_KEY_USAGE: Basic key usage flags
CERT_DATA_ENCIPHERMENT_KEY_USAGE: Basic key usage flags
CERT_KEY_AGREEMENT_KEY_USAGE: Basic key usage flags
szOID_KP_EFS ("1.3.6.1.4.1.311.10.3.4"): Extended key usages object identifiers
szOID_PKIX_KP_CLIENT_AUTH ("1.3.6.1.5.5.7.3.2"): Extended key usages object identifiers

Certificates with intended purposes all(that is no specific usage) are also picked up.

Parameters

type	Member of `HSDCCertificateTypes` specifying a filter for machine or user certificate types.
store	Member of `HSDCCertificateStores` specifying whether to filter the returned certs so that only local certs are displayed (or all).
access	Member of `HSDCCertificateAccesses` to filter for public or private certs.
identity	Optional identity of another user when querying public certificates from Active Directory, identified by name or SID.
pJstr	[out] Returns a JSON string with all details, formatted as below: Copy { "certificates": [ { "thumbprint_sha1": "0d0139aa6a95dc5a30ef07876aae74e8f7260842", "thumbprint_sha256": "5c1d697466f5371f340c47ec3113fcf0367bf6afa1a09e462294b7260898a840", "store": "personal", "private": true, "algorithm": { "asymmetric": "RSA", "keylength": "2048", "hash": "SHA1" }, "validity": { "status": "ok", "from": "2013-01-28T15:22:23.863Z", "until": "2018-01-28T15:22:23.863Z" }, "issued": { "to": "[email protected]", "by": "Communications Server" } } ] }

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error

HSDCRequestCertificate()

HSDCError HSDCAPI HSDCRequestCertificate ( DWORD type, const char * jstr, char ** pJstr )

Requests a new certificate from the default Certification Authority.

Parameters

type

Specifies if the requested certificate is for the current user or the current machine (administrative privileges are required for a machine certificate request). Member of /ref HSDCCertificatesType.

jstr

[Optional] Inputs parameters including the certificate template name, key length, and so on. Currently the only supported value is a template name value:

Copy

{
    "template": "name"
}

The value name may be the Common Name (CN) of any template as it appears in Active Directory or the dotted decimal object identifier.

pJstr

[out] Returns a JSON string with hash details of the cert.

Copy

{
    "thumbprints":{
        "sha1": "0d0139aa6a95dc5a30ef07876aae74e8f7260842",
        "sha256: "5c1d697466f5371f340c47ec3113fcf0367bf6afa1a09e462294b7260898a840"
    }
}

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error