2,784 questions
VC++ : x509 certificate & custom extension parsing WinTrust API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 85%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Swanand
101
Reputation points
I am working of certificate parsing, where after issuing some PKI API, I will be getting certificate format in form of hex/hex64 or binary string.
I want to parse that string into certificate into x509 certificate format and get customer specific extension.
I am thinking to use WinTrust API to parse certificate and fetch those extension.
I am able to retrieve data in CERT_BLOP struct but CryQueryObject API fails and thus I am not able to retrieve certificate data
Following are sequence of API I am using
Retrieve length using CrypStringToBinary to retrieve length
pCertData = new byte[dwCertLen];
if (pCertData != NULL)
{
if (!CryptStringToBinaryA(sCertData.c_str(), 0, nEncoding, (byte*)pCertData, &dwCertLen, NULL, NULL))
{
return false;
}
/*
* Decode from DER format to CERT_PUBLIC_KEY_INFO
/
CERT_BLOB oCertData;
DWORD dwCertDataLen;
if(!CryptDecodeObjectEx((X509_ASN_ENCODING | PKCS_7_ASN_ENCODING), X509_ANY_STRING, (byte)pCertData, dwCertLen,
CRYPT_ENCODE_ALLOC_FLAG, NULL, &oCertData.pbData, &oCertData.cbData))
{
fprintf(stderr, "CryptDecodeObjectEx 1 failed. Err: %d\n", GetLastError());
return -1;
}
DWORD dwEncoding, dwContentType, dwFormatType;
// Below API is failing and return error code -2146885623
bResult is false
bool bResult = CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
(void*)&oCertData,
CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD,
CERT_QUERY_FORMAT_FLAG_BINARY,
0,
&dwEncoding,
&dwContentType,
&dwFormatType,
&m_hStore,
&m_hMsg,
NULL);
I want to perform following task.
* Parse certificate from string.
* Retrieve customer specific x509 extension
* Validate certificate base on OID
Can you please suggest is Wintrust lis is good option or any other lib.
I have gone through docs did not find any sample code for it, if you can help me with sample code that will be of great help!
Windows development | Windows API - Win32
Developer technologies | C++
3,974 questions
{count} votes
-
Swanand 101 Reputation points
2022-05-05T12:23:38.783+00:00 Note:
I did try to use following API to create certificate context but those API also fails.
CERT_CONTEXT* pCertContext = (CERT_CONTEXT*)CertCreateCertificateContext((X509_ASN_ENCODING | PKCS_7_ASN_ENCODING), oCertData.pbData, oCertData.cbData);
pCertContext = (CERT_CONTEXT*)CertCreateCRLContext((X509_ASN_ENCODING | PKCS_7_ASN_ENCODING), oCertData.pbData, oCertData.cbData);
pCertContext = (CERT_CONTEXT*)CertCreateCTLContext((X509_ASN_ENCODING | PKCS_7_ASN_ENCODING), oCertData.pbData, oCertData.cbData); -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
Xiaopo Yang - MSFT 12,731 Reputation points Microsoft External Staff2022-05-06T02:15:14.617+00:00 You may try other dwExpectedContentTypeFlags(such as CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED ..) in CryptQueryObject And Why don‘t you CryptQueryObject from file like ExclusiveTrust sample?
Finally, Could you please show a minimal, reproducible sample without private information?
Sign in to comment
Sign in to answer