3.10.4.6 ImportFromBlobGetHash (Opnum 23)
The ImportFromBlobGetHash method imports a previously exported certificate blob on the target machine. In addition to data returned by method ImportFromBlob, this method returns certificate hash and certificate hash buffer size in client-provided parameters pcbCertHashSize and pCertHash. The server MUST allocate memory for the hash buffer and assign this memory block to pCertHash. Size of required buffer is assigned to pcbCertHashSize. If client will pass pCertHash equal to NULL, hash data will not be returned.
-
[id(17)] HRESULT ImportFromBlobGetHash( [in] BSTR InstanceName, [in] BSTR Password, [in] VARIANT_BOOL bInstallToMetabase, [in] VARIANT_BOOL bAllowExport, [in] VARIANT_BOOL bOverWriteExisting, [in] DWORD cbSize, [in,string,size_is(cbSize)] CHAR *pBlobBinary, [out] DWORD *pcbCertHashSize, [out] CHAR **pCertHash );
InstanceName: A string that specifies a web server instance.
Password: A password used to decrypt the imported certificate data.
bInstallToMetabase: If set to VARIANT_TRUE, indicates that the imported certificate is associated with the web server instance specified by InstanceName.
bAllowExport: If set to VARIANT_TRUE, indicates that the newly imported certificate is to be made exportable.
bOverWriteExisting: If set to VARIANT_TRUE, indicates that importing a duplicate certificate will not generate an error.
cbSize: Contains the number of bytes in the pBlobBinary buffer including the terminating null character.
pBlobBinary: A buffer containing an exported, base64-encoded certificate to be imported on the target machine. This buffer is a null-terminated array of bytes.
pcbCertHashSize: If the method succeeds, returns the number of bytes returned in the pCertHash buffer.
pCertHash: If the method succeeds, returns a pointer to a memory buffer containing the certificate signature hash. The client MUST free the pointer returned in pCertHash using the appropriate memory allocator as specified by the DCOM implementation.<39>
Return Values: A signed 32-bit value that indicates return status. If the method returns a negative value, it failed. If the 12-bit facility code (bits 16–27) is set to 0x007, the value contains a Win32 error code in the lower 16 bits. Zero or positive values indicate success, with the lower 16 bits in positive nonzero values containing warnings or flags defined in the method implementation. For more information about Win32 error codes and HRESULT values, see [MS-ERREF].
-
Return value/code
Description
0x00000000
S_OK
The call was successful.
0x80070057
E_INVALIDARG
One or more arguments are invalid.
0x000006cf
RPC_S_STRING_TOO_LONG
The string is too long.
0x80092005
CRYPT_E_EXISTS
The object or property already exists.
The opnum field value for this method is 23.
When processing this call, the server MUST do the following:
If InstanceName or Password are empty strings, return E_INVALIDARG.
If InstanceName or Password contains more than 260 characters, return RPC_STRING_TOO_LONG.
Attempt to use base64 to decode the pBlobBinary blob.
Attempt to decrypt and import the decoded data with the password specified by Password. If bAllowExport is set to 1 or VARIANT_TRUE, attempt to flag the imported certificate as exportable.<40>
If the import fails because the password does not match the one used to export and encrypt the certificate data, return E_INVALIDARG.<41>
If bOverWriteExisting is not set to 1 or VARIANT_TRUE and the imported certificate already exists in the certificate store, return CRYPT_E_EXISTS; otherwise, continue processing the import.
If bInstallToMetabase is set to 1 or VARIANT_TRUE, the imported certificate is associated with the web server instance specified by InstanceName.
If the certificate data was imported successfully, retrieve the certificate signature hash as defined in [RFC3280] section 4.1.2.3 from the imported certificate. Allocate a buffer to contain the hash bytes; copy the hash to the allocated buffer; return the number of bytes in the hash in pcbCertHashSize; and set pCertHash to the address of the allocated buffer.<42>