How can I fetch this SCT list from PCCERT_CONTEXT? Is there any straightforward win API?
Asked
Active
Viewed 161 times
0
-
Straightforward? Not exactly. Been a while since I used these APIs but I think you'll have to use [`CryptDecodeObject`](https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecodeobject) (or perhaps `CryptQueryObject`) in combination with `CERT_INFO` and then `CTL_INFO`. – Luke Feb 16 '22 at 13:15
-
3if you need in text form - can use `CertFindExtension(szOID_CT_CERT_SCTLIST,..)` and than `CryptFormatObject` for `szOID_CT_CERT_SCTLIST`. if need in binary - probably look for https://www.rfc-editor.org/rfc/inline-errata/rfc6962.html – RbMm Feb 16 '22 at 14:03
-
Thanks, @Luke and @RbMm. `CertFindExtension(szOID_CT_CERT_SCTLIST,..)` this helps – azhahes.s Feb 17 '22 at 03:31
1 Answers
0
With the following code snippet, I could able to fetch the SCT list as a string from X509 certificate
std::wstring GetSCTString(PCCERT_CONTEXT certInfo)
{
PCERT_EXTENSION ext;
ext = CertFindExtension(szOID_CT_CERT_SCTLIST, certInfo->pCertInfo->cExtension, certInfo->pCertInfo->rgExtension);
if (NULL != ext)
{
DWORD strSz(0);
if (CryptFormatObject(X509_ASN_ENCODING, 0, 0, NULL, szOID_CT_CERT_SCTLIST, ext->Value.pbData, ext->Value.cbData, NULL, &strSz))
{
std::wstring Buff;
Buff.resize((strSz / sizeof(wchar_t)) + 1);
if (CryptFormatObject(X509_ASN_ENCODING, 0, 0, NULL, szOID_CT_CERT_SCTLIST, ext->Value.pbData, ext->Value.cbData, (void*)Buff.data(), &strSz))
{
return Buff;
}
}
}
return std::wstring();
}
azhahes.s
- 35
- 1
- 5