pywin32 icon indicating copy to clipboard operation
pywin32 copied to clipboard
verified publisher icon mhammond

win32crypt.CryptQueryObject not populating CertContext correctly when using AKV .cer file

Open bgklein opened this issue 3 years ago • 3 comments

(custom2.cer) When calling this function with a locally generated .cer file, it properly fully populates the dictionary as such {'MsgAndCertEncodingType': 1, 'ContentType': 1, 'FormatType': 1, 'CertStore': <PyCERTSTORE object at 0x000002860D6F9E00>, 'Msg': None, 'Context': <PyCERT_CONTEXT object at 0x000002860D6F9DD0>}

(PEM_67ae84c1718440f4a89ace79a22e262d.cer) When a certificate is generated from Azure Key Vault and then downloaded as a .cer, the given output does not populate its context instead just having what is likely the pointer. {'MsgAndCertEncodingType': 1, 'ContentType': 1, 'FormatType': 2, 'CertStore': <PyCERTSTORE object at 0x0000020ABC8C3A90>, 'Msg': None, 'Context': 2245136194336}

I have provided cert.py and the two certificates mentioned at https://teststoragebrklein.blob.core.windows.net/pywin32crypto?sp=r&st=2022-04-13T21:29:17Z&se=2022-05-01T05:29:17Z&spr=https&sv=2020-08-04&sr=c&sig=ySVJ82Fr0oE48wV8y0JyeQDeb52yWmWIYHdUkAueFDc%3D Additionally wrote a simple C# solution also utilizing C interop which works fine which makes me think this is either a pywin32 or python issue.

  • Version of Python and pywin32 Python 3.8.6 python -m pip freeze pypiwin32==223 pywin32==303

bgklein avatar Apr 13 '22 21:04 bgklein

This is due to the commented code at https://github.com/mhammond/pywin32/blob/3ac6ddc7c748ba35d3ba247cc45f89cceddac10f/win32/src/win32crypt/win32cryptmodule.cpp#L1097-L1111. It looks like support for those structs do exist, but I'm not sure why they aren't wired up.

I have provided cert.py and the two certificates

I'm getting an auth error trying to get them, but if I can get access and verify they work I can probably fix at least one of the cases commented out. It would be ideal if you know how to get a cert to test the other commented case too!

mhammond avatar Apr 14 '22 06:04 mhammond

(oh, and ideally permission to check the certs into the repo so I can add a test)

mhammond avatar Apr 14 '22 06:04 mhammond

Ah yea didn't realize that link didn't work but good catch on the commented-out bits. You should be able to download them from: https://www.dropbox.com/sh/3fvsnh026ae1qgx/AAAuxk3MM3J--OF-gEIGmdVja?dl=0

You should be good to check them in for testing as they were solely made for this repro.

bgklein avatar Apr 14 '22 14:04 bgklein