ASN1 Bad tag value met when using CertCreateCertificateContext with WinCrypt

2

What am I doing wrong here? I keep getting error 0x8009310b (ASN1 bad tag value met) when creating a certificate context. I know the certificate I'm testing with is good. I exported it from the intermediate store using DER, Base-64 and P7B formats. All three scenarios fail.

int _tmain(int argc, _TCHAR* argv[])
{
    const int       MAX_CERT_FILE_SIZE=81920;
    HANDLE          certFileHandle;
    DWORD           certEncodedRead = 0L;
    BYTE            certData[MAX_CERT_FILE_SIZE] = {0};
    PCCERT_CONTEXT  pCertContext = NULL;
    HCERTSTORE      hSystemStore = NULL;
    int             exitCode = 0;

    fprintf(stdout, "Importing X509 certificate file to root store: %s \n\n", argv[0]);

    try {

        // Create a handle to the certificate given in the command line argument
        BeginTask("Creating certificate handle...");
        certFileHandle = CreateFile(argv[0],
            GENERIC_READ,
            0,
            NULL,
            OPEN_EXISTING,
            FILE_ATTRIBUTE_NORMAL,
            NULL);

        if (INVALID_HANDLE_VALUE == certFileHandle){
            throw "Could not create a handle to the specified certificate file.";
        } 

        // Read the certificate file
        NextTask("Reading certificate file into buffer...");
        memset(certData, 0, MAX_CERT_FILE_SIZE);
        BOOL result = ReadFile(certFileHandle,
                certData,
                MAX_CERT_FILE_SIZE,
                &certEncodedRead,
                NULL);
        fprintf(stdout, "Read %d bytes from certificate file...", certEncodedRead);

        if (!result) {
            throw "Could not read the certificate file.";
        } 

        // Create a certificate context from the buffer
        NextTask("Creating certificate context...");
        pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, certData, certEncodedRead);

        if (!pCertContext){
            throw "Could not create a certificate context.";    
        }

        // Open the system certificate store
        NextTask("Opening local machine certificate store...");
        hSystemStore = CertOpenSystemStore(NULL, L"CA"); 
        if (!hSystemStore){
            throw "Could not open the local machine certificate store.";        
        }

        // Add certificate context to store
        NextTask("Adding certificate context to store...");     
        //CertAddCertificateContextToStore(hSystemStore, 
        //  pCertContext, 
        //  CERT_STORE_ADD_REPLACE_EXISTING, 
        //  NULL);

    } catch (ERRMSG msg) {
        Result(false);
        HandleError(msg);
        exitCode = 1;
    } 

    // Clean-up all resources
    if (hSystemStore) {
        NextTask("Closing certificate store...");
        Result(CertCloseStore(hSystemStore, 0));
    }
    if (pCertContext) {
        NextTask("Freeing certificate store...");
        Result(CertFreeCertificateContext(pCertContext));
    }
    if (certFileHandle) {
        NextTask("Closing certificate file...");
        Result(CloseHandle(certFileHandle));
    }

    fprintf(stdout, "\n\nProgram complete-exiting with code %x", exitCode);
    return exitCode;
}

[Edited to add console output]

Importing X509 certificate file to root store: DOD-CA-12.cer

Creating certificate handle...Success.
Reading certificate file into buffer...Read 41472 bytes from certificate file...Success.
Creating certificate context...Failed.
An error occurred while importing the X509 certificate.
Narrative: Could not create a certificate context.
GetLastError reported: 8009310b.
Success.
Closing certificate file...Success.


Program complete-exiting with code 1
winapi
certificate
public-key-encryption
asked on Stack Overflow Oct 15, 2013 by danny-v • edited Feb 23, 2014 by tshepang

1 Answer

2

Thanks to WhozCraig who noticed the file size.

The problem here is basic C++ 101, where the file as a command line argument is args[1] and not args[0]. The exe was basically loading itself.

answered on Stack Overflow Oct 15, 2013 by danny-v • edited May 23, 2017 by Community

User contributions licensed under CC BY-SA 3.0