ca - MKcert - 错误：添加证书：添加证书失败：访问被拒绝

var (
    modcrypt32                           = syscall.NewLazyDLL("crypt32.dll")
    procCertAddEncodedCertificateToStore = modcrypt32.NewProc("CertAddEncodedCertificateToStore")
    procCertCloseStore                   = modcrypt32.NewProc("CertCloseStore")
    procCertDeleteCertificateFromStore   = modcrypt32.NewProc("CertDeleteCertificateFromStore")
    procCertDuplicateCertificateContext  = modcrypt32.NewProc("CertDuplicateCertificateContext")
    procCertEnumCertificatesInStore      = modcrypt32.NewProc("CertEnumCertificatesInStore")
    // procCertOpenSystemStoreW             = modcrypt32.NewProc("CertOpenSystemStoreW")  // ERROR: add cert: failed adding cert: Access is denied
    // procCertOpenSystemStoreW             = modcrypt32.NewProc("CertOpenStore")
)

我将用“syscall.CertOpenStore”替换“CertOpenSystemStoreW”

func (w windowsRootStore) addCert(cert []byte) error {

    store, err := syscall.CertOpenStore(10, 0, 0,
        0x4000|0x20000|0x00000004, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("root"))))
    if err != nil {
        return err
    }
    defer syscall.CertCloseStore(store, 0)

    _, _, err = procCertAddEncodedCertificateToStore.Call(uintptr(store), 1, uintptr(unsafe.Pointer(&cert[0])), uintptr(uint(len(cert))), 4, 0)
    if err.(syscall.Errno) != 0 {
        return err
    }

    return nil
}

参考c语言：

static int crypto_import_pawdroot()
{
    HCERTSTORE hCertStore;
    BOOL bRet;

    hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A,
        0, 0L, CERT_SYSTEM_STORE_LOCAL_MACHINE, "ROOT");
    if (hCertStore == NULL) {
        return -1;
    }

    bRet = CertAddEncodedCertificateToStore(hCertStore, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
        kPawdRootCert, kPawdRootCertLen, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
    CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);

    return bRet ? 0 : -2;
}