Cryptography Functions


CertGetCertificateContextProperty Function

The CertGetCertificateContextProperty function retrieves the information contained in an extended property of a certificate context.

Syntax

C++ 
BOOL WINAPI CertGetCertificateContextProperty(
  __in     PCCERT_CONTEXT pCertContext,
  __in     DWORD dwPropId,
  __out    void *pvData,
  __inout  DWORD *pcbData
);

Parameters

pCertContext [in]

A pointer to the CERT_CONTEXT structure of the certificate that contains the property to be retrieved.

dwPropId [in]

The property to be retrieved. Currently defined identifiers and the data type to be returned in pvData are listed in the following table.

CERT_ACCESS_STATE_PROP_ID

Data type of pvData: A pointer to a DWORD value.

Returns a DWORD value that indicates whether write operations to the certificate are persisted. The DWORD value is not set if the certificate is in a memory store or in a registry-based store that is opened as read-only.

CERT_AIA_URL_RETRIEVED_PROP_ID

This identifier is reserved.

CERT_ARCHIVED_KEY_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a previously saved encrypted key hash for the certificate context.

CERT_ARCHIVED_PROP_ID

Data type of pvData: NULL.

Indicates the certificate is skipped during enumerations. A certificate with this property set is found with explicit search operations, such as those used to find a certificate with a specific hash or a serial number. No data in pvData is associated with this property.

CERT_AUTHORITY_INFO_ACCESS_PROP_ID

This identifier is reserved.

CERT_AUTO_ENROLL_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a null-terminated Unicode string that names the certificate type for which the certificate has been auto enrolled.

CERT_AUTO_ENROLL_RETRY_PROP_ID

This identifier is reserved.

CERT_BACKED_UP_PROP_ID

This identifier is reserved.

CERT_CA_DISABLE_CRL_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Disables certificate revocation list (CRL) retrieval for certificates used by the certification authority (CA). If the CA certificate contains this property, it must also include the CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID property.

CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Contains the list of online certificate status protocol (OCSP) URLs to use for certificates issued by the CA certificate. The array contents are the Abstract Syntax Notation One (ASN.1)-encoded bytes of an X509_AUTHORITY_INFO_ACCESS structure where pszAccessMethod is set to szOID_PKIX_OCSP.

CERT_CROSS_CERT_DIST_POINTS_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Location of the cross certificates. Currently, this identifier is only applicable to certificates and not to CRLs or certificate trust lists (CTLs). The BYTE array contains an ASN.1-encoded CROSS_CERT_DIST_POINTS_INFO structure decoded by using the CryptDecodeObject function with a X509_CROSS_CERT_DIST_POINTS value for the lpszStuctType parameter.

Windows 2000:  This identifier is not supported.

CERT_CTL_USAGE_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns an array of bytes that contain an ASN.1-encoded CTL_USAGE structure.

CERT_DATE_STAMP_PROP_ID

Data type of pvData: A pointer to a FILETIME structure.

Time when the certificate was added to the store.

Windows 2000:  This identifier is not supported.

CERT_DESCRIPTION_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the property displayed by the certificate UI. This property allows the user to describe the certificate's use.

CERT_EFS_PROP_ID

This identifier is reserved.

CERT_ENHKEY_USAGE_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns an array of bytes that contain an ASN.1-encoded CERT_ENHKEY_USAGE structure. This structure contains an array of Enhanced Key Usage object identifiers (OIDs), each of which specifies a valid use of the certificate.

CERT_ENROLLMENT_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Enrollment information of the pending request that contains RequestID, CADNSName, CAName, and DisplayName. The data format is defined as follows.

BytesContents

First 4 bytes

Pending request ID

Next 4 bytes

CADNSName size, in characters, including the terminating null character, followed by CADNSName string with terminating null character

Next 4 bytes

CAName size, in characters, including the terminating null character, followed by CAName string with terminating null character

Next 4 bytes

DisplayName size, in characters, including the terminating null character, followed by DisplayName string with terminating null character

 

Windows 2000:  This identifier is not supported.

CERT_EXTENDED_ERROR_INFO_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a null-terminated Unicode character string that contains extended error information for the certificate context.

CERT_FORTEZZA_DATA_PROP_ID

This identifier is reserved.

CERT_FRIENDLY_NAME_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a null-terminated Unicode character string that contains the display name for the certificate.

CERT_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the SHA1 hash. If the hash does not exist, it is computed by using the CryptHashCertificate function.

CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID

Data type of pvData: A pointer to an HCRYPTPROV_OR_NCRYPT_KEY_HANDLE data type.

Returns either the HCRYPTPROV or NCRYPT_KEY_HANDLE choice.

CERT_IE30_RESERVED_PROP_ID

This identifier is reserved.

CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

MD5 hash of the public key associated with the private key used to sign this certificate.

CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

MD5 hash of the issuer name and serial number from this certificate.

CERT_KEY_CONTEXT_PROP_ID

Data type of pvData: A pointer to a CERT_KEY_CONTEXT structure.

Returns a CERT_KEY_CONTEXT structure.

CERT_KEY_IDENTIFIER_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

If nonexistent, searches for the szOID_SUBJECT_KEY_IDENTIFIER extension. If that fails, a SHA1 hash is done on the certificate's SubjectPublicKeyInfo member to produce the identifier values.

CERT_KEY_PROV_HANDLE_PROP_ID

Data type of pvData: A pointer to an HCRYPTPROV value.

Returns the provider handle obtained from CERT_KEY_CONTEXT_PROP_ID.

CERT_KEY_PROV_INFO_PROP_ID

Data type of pvData: A pointer to a CRYPT_KEY_PROV_INFO structure.

Returns a pointer to a CRYPT_KEY_PROV_INFO structure.

CERT_KEY_SPEC_PROP_ID

Data type of pvData: A pointer to a DWORD value.

Returns a DWORD value that specifies the private key obtained from CERT_KEY_CONTEXT_PROP_ID if it exists. Otherwise, if CERT_KEY_PROV_INFO_PROP_ID exists, it is the source of the dwKeySpec.

CERT_MD5_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the MD5 hash. If the hash does not exist, it is computed by using the CryptHashCertificate function.

CERT_NCRYPT_KEY_HANDLE_PROP_ID

Data type of pvData: A pointer to an NCRYPT_KEY_HANDLE data type.

Returns a CERT_NCRYPT_KEY_SPEC choice where applicable.

CERT_NEW_KEY_PROP_ID

This identifier is reserved.

CERT_NEXT_UPDATE_LOCATION_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the ASN.1-encoded CERT_ALT_NAME_INFO structure.

CERT_NEXT_UPDATE_LOCATION_PROP_ID is currently used only with CTLs.

CERT_NO_AUTO_EXPIRE_CHECK_PROP_ID

This identifier is reserved.

CERT_OCSP_CACHE_PREFIX_PROP_ID

This identifier is reserved.

CERT_OCSP_RESPONSE_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns an encoded OCSP response for this certificate.

CERT_PUBKEY_ALG_PARA_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

For public keys that support algorithm parameter inheritance, returns the ASN.1-encoded PublicKey Algorithm parameters. For Digital Signature Standard (DSS), returns the parameters encoded by using the CryptEncodeObject function. This property is used only if CMS_PKCS7 is defined.

CERT_PUBKEY_HASH_RESERVED_PROP_ID

This identifier is reserved.

CERT_PVK_FILE_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a null-terminated Unicode wide character string that contains the file name that contains the private key associated with the certificate's public key.

CERT_RENEWAL_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the hash of the renewed certificate.

Windows 2000:  This identifier is not supported.

CERT_REQUEST_ORIGINATOR_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a null-terminated Unicode string that contains the DNS computer name for the origination of the certificate context request.

CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a pointer to an encoded CERT_POLICIES_INFO structure that contains the application policies of the root certificate for the context. This property can be decoded by using the CryptDecodeObject function with the lpszStructType parameter set to X509_CERT_POLICIES and the dwCertEncodingType parameter set to a combination of X509_ASN_ENCODING bitwise OR PKCS_7_ASN_ENCODING.

CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID

This identifier is reserved.

CERT_SHA1_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the SHA1 hash. If the hash does not exist, it is computed by using the CryptHashCertificate function.

CERT_SIGNATURE_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the signature hash. If the hash does not exist, it is computed by using the CryptHashToBeSigned function. The length of the hash is 20 bytes for SHA and 16 for MD5.

CERT_SMART_CARD_DATA_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a pointer to encoded smart card data. Prior to calling CertGetCertificateContextProperty, you can use this constant to retrieve a smart card certificate by using the CertFindCertificateInStore function with the pvFindPara parameter set to CERT_SMART_CARD_DATA_PROP_ID and the dwFindType parameter set to CERT_FIND_PROPERTY.

CERT_SMART_CARD_ROOT_INFO_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns a pointer to an encoded CRYPT_SMART_CARD_ROOT_INFO structure.

CERT_SOURCE_LOCATION_PROP_ID

This identifier is reserved.

CERT_SOURCE_URL_PROP_ID

This identifier is reserved.

CERT_SUBJECT_DISABLE_CRL_PROP_ID

This identifier is reserved.

CERT_SUBJECT_INFO_ACCESS_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the subject information access extension of the certificate context as an encoded CERT_SUBJECT_INFO_ACCESS structure.

CERT_SUBJECT_NAME_MD5_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns an MD5 hash of the encoded subject name of the certificate context.

CERT_SUBJECT_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID

This identifier is reserved.

CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID

Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter.

Returns the MD5 hash of this certificate's public key.

For all user-defined property identifiers, pvData points to an array of BYTE values.

For more information about each property identifier, see the documentation on the dwPropId parameter in CertSetCertificateContextProperty.

pvData [out]

A pointer to a buffer to receive the data as determined by dwPropId. Structures pointed to by members of a structure returned are also returned following the base structure. Therefore, the size contained in pcbData often exceeds the size of the base structure.

This parameter can be NULL to set the size of the information for memory allocation purposes. For more information, see Retrieving Data of Unknown Length.

pcbData [in, out]

A pointer to a DWORD value that specifies the size, in bytes, of the buffer pointed to by the pvData parameter. When the function returns, the DWORD value contains the number of bytes to be stored in the buffer.

To obtain the required size of a buffer at run time, pass NULL for the pvData parameter, and set the value pointed to by this parameter to zero. If the pvData parameter is not NULL and the size specified in pcbData is less than the number of bytes required to contain the data, the function fails, GetLastError returns ERROR_MORE_DATA, and the required size is placed in the variable pointed to by the pcbData parameter.

Note  When processing the data returned in the buffer, applications must use the actual size of the data returned. The actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Value

If the function succeeds, the function returns TRUE.

If the function fails, it returns FALSE. For extended error information, call GetLastError.

Some possible error codes follow.

Return codeDescription
CRYPT_E_NOT_FOUND

The certificate does not have the specified property.

ERROR_MORE_DATA

If the buffer specified by the pvData parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbData.

 

Errors from the called function CryptHashCertificate can be propagated to this function.

Remarks

Properties are not stored inside a certificate. Typically, they are associated with a certificate after the certificate response is received and then saved with the certificate in the store. For security reasons, we recommend that you validate property values before saving them and that you save only informational properties such as the CERT_FRIENDLY_NAME_PROP_ID value in user stores. All other property types should be saved in local computer stores.

Your code can use a macro to evaluate the class of hash for a certificate context. For more information, see CertSetCertificateContextProperty.

Examples

For examples that use this function, see Example C Program: Getting and Setting Certificate Properties and Example C Program: Listing the Certificates in a Store.

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWincrypt.h
LibraryCrypt32.lib
DLLCrypt32.dll

See Also

Extended Property Functions
CERT_KEY_CONTEXT
CertCreateCertificateContext
CertSetCertificateContextProperty
CryptHashCertificate
CryptHashToBeSigned

Send comments about this topic to Microsoft

Build date: 11/16/2009

Tags :


Community Content

dmex
vb.net syntax
<DllImport("crypt32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
Public Shared Function CertGetCertificateContextProperty(<[In]> ByVal pCertContext As IntPtr, <[In]> ByVal dwPropId As UInt32, <[In], Out> ByVal pvData As IntPtr, <[In], Out> ByRef pcbData As UInt32) As Boolean
End Function
Tags : vb.net syntax

dmex
C# syntax
[DllImport("crypt32.dll", CharSet=CharSet.Auto, SetLastError=true)]
internal static extern bool CertGetCertificateContextProperty([In] SafeCertContextHandle pCertContext, [In] uint dwPropId, [In, Out] IntPtr pvData, [In, Out] ref uint pcbData);
Tags : c# syntax

Page view tracker