New to golang and I'm neck deep in go's source code

<p>I would like to use Go for my next project which involves reading the Windows certificate store and auditing it. At first it didn&#39;t seem like anyone had done this. Then I figured that Go probably has a way to pull the certificate store so I started digging through the Go source code. It looks like it wraps the windows crypto API <a href="https://github.com/golang/go/blob/master/src/syscall/zsyscall_windows.go#L14">here</a>. This in turn has <a href="https://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CertOpenSystemStoreW">wrapped</a> the Windows API calls such as <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa376560(v=vs.85).aspx">CertOpenSystemStore</a>. It looks like there are several useful <a href="https://github.com/golang/go/blob/master/src/syscall/zsyscall_windows.go#L1074-L1189">functions here</a>. I also noticed that there was an <a href="https://github.com/golang/go/issues/13335">issue</a> opened on GitHub that seems to be in the same ballpark, opened just a few days ago. I suppose my question is, am I headed in the right direction? Or is there a simpler way to do this? Should I be trying to do this at the <a href="https://github.com/golang/go/tree/master/src/crypto/x509">crypto/x509</a> layer or as a <a href="https://github.com/golang/go/tree/master/src/syscall">syscall</a>?</p> <hr/>**评论：**<br/><br/>ponyoink: <pre><p>Microsoft has <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa382363.aspx">very good documentation</a> for accessing cert store using C. Making C calls from Go is pretty trivial. If you plan to use your code exclusively on windows, then just call out to C.</p> <p>Unless this is just some exercise in making everything in pure Go...</p></pre>pseudomind: <pre><p>Congrats on dipping your toes into the golang world! Let me see if I can help just a bit...</p> <p>While I&#39;m not exactly sure what you are trying to do, I have to agree with ponyoink that C -&gt; go bindings work very well and are relatively simple to manage. I&#39;m just going to drop a couple of helpful links for you to look at:</p> <p><a href="http://blog.golang.org/c-go-cgo">http://blog.golang.org/c-go-cgo</a></p> <p><a href="https://golang.org/cmd/cgo/">https://golang.org/cmd/cgo/</a></p> <p>Should you decide to go this way, I&#39;ll also provide you with another simple example. Here is a simple cross-platform color terminal library I wrote in go:</p> <p><a href="https://bitbucket.org/pseudomind/cterm">https://bitbucket.org/pseudomind/cterm</a></p> <p>If you take a look at the source code for the library (particularly the file <code>show_windows.go</code>) you&#39;ll see some pretty simple usage C -&gt; go language binding. </p> <p>Which reminds me... Something I find really wonderful about the go build system is how you are able to specify build constraints on a source file just by naming it appropriately (i.e. a source file named <code>*_windows.go</code>, will only be used if compiling for a windows system). There is more documentation on this here:</p> <p><a href="https://golang.org/pkg/go/build/">https://golang.org/pkg/go/build/</a></p> <p>Anyhow, I hope this helps you out a bit.</p></pre>Sphax: <pre><p>You don&#39;t need to use C to call win32 functions, it&#39;s easily done using syscall. Take a look at this <a href="https://github.com/lxn/win" rel="nofollow">https://github.com/lxn/win</a>.</p> <p>Slightly overkill if you just want to call one function, personally I&#39;d just write the wrapper function.</p></pre>bkeroack: <pre><p>If you use syscall you&#39;re pretty much throwing portability away anyway, so it&#39;s not too different from interfacing with C.</p></pre>Sphax: <pre><p>of course, I just think it&#39;s easier using this than using cgo. </p></pre>nhooyr: <pre><p>Check how the TLS package verifies certificates. I&#39;m certain you&#39;ll find your answer there.</p></pre>egonelbre: <pre><p>You can take a look at <a href="https://github.com/golang/go/blob/master/src/crypto/x509/root_windows.go" rel="nofollow">root_windows.go</a>, it contains how x509 uses it. Based on that you should be able to query all the certs from Windows.</p></pre>smantziaris: <pre><p>I would not even use golang for this. This is a program that will run only in windows, so naturally i would use something with a more tight integration with the windows ecosystem like .net! Don&#39;t get me wrong i like golang very much but we should use the best language for the task. This is my personal opinion, don&#39;t hang me!</p></pre>