From steven at manross.net Sun Sep 22 16:13:36 2024 From: steven at manross.net (Steven Manross) Date: Sun, 22 Sep 2024 20:13:36 +0000 Subject: [python-win32] win32crypt.PFXImportCertStore() Message-ID: Howdy, I am trying to import a PFX/P12 certificate to the local machine certificate store and there?s no errors, but it also doesn?t seem to work either. I?ve left a bit of debugging code in the script to show all the things I?ve tried, but again there?s no errors, and it generates the PyStore object like the docs say it will and I enumerate the certificates in the store with a for loop, BUT it doesn?t seem to add the PFX to the store (or at least I can?t see it in the Certificates MMC app for the local machine). I can manually import the PFX by using the CryptoAPI ?Install PFX? option from the windows explorer shell just fine, but the win32crypt.PFXImportCertStore() call doesn?t error, but it also enumerates the machine store certs without the ?newly added? PFX. # this is output from the script in the for loop at the bottom from the attached python script ? these 2 certificates existed prior to the PFX trying to get imported 1 Cert: 2 CertEnumCertificateContextProperties returned: [] 3 cert.Subject: w22test001.manross.net 4 cert Serial Number: redacted 5 Issuer: redacted 6 NotBefore: redacted 7 NotAfter: redacted 1 Cert: 2 CertEnumCertificateContextProperties returned: [2, 11] 3 cert.Subject: w22test001.manross.net 4 cert Serial Number: redacted 5 Issuer: redacted 6 NotBefore: redacted 7 NotAfter: redacted Please and thank you, Steven -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- # ran on Windows Server 2022, and Windows Server 2016 (can test Windows Server 2019 if needed) # Python 3.11.9 (tags/v3.11.9:de54cf5, Apr 2 2024, 10:12:12) [MSC v.1938 64 bit (AMD64)] # pywin32==306 import win32crypt import getpass import datetime CERT_STORE_PROV_SYSTEM = 0x0000000A CERT_SYSTEM_STORE_LOCAL_MACHINE = 0x00020000 CERT_STORE_MAXIMUM_ALLOWED_FLAG = 0x00001000 X509_ASN_ENCODING= 0x00000001 PKCS_7_ASN_ENCODING= 0x00010000 PKCS_7_OR_X509_ASN_ENCODING= PKCS_7_ASN_ENCODING | X509_ASN_ENCODING CERT_STORE_ADD_NEW = 1 CRYPT_STRING_BASE64HEADER = 0x00000000 CERT_STORE_ADD_REPLACE_EXISTING = 3 CRYPT_EXPORTABLE = 0x00000001 CRYPT_MACHINE_KEYSET = 0x00000020 def import_certificate_to_the_windows_certificate_store_for_local_machine(cert_file_name, password): # open and read the cert cert_file = open(cert_file_name, "rb") p12_data = cert_file.read() # this is a P12/PFX file that is secured by a password # crypt the cert to the expected type # Don't need this for PFXs (I think) because its already bytes (from the loaded p12_data -- opened from file) # cert_byte = win32crypt.CryptStringToBinary(p12_data, 0x00000000)[0] # # Add the certificate to the store (wrong kind of import for this -- just a certificate without the P12/PFX encoding/encryption/password) # store.CertAddEncodedCertificateToStore( # X509_ASN_ENCODING, # p12_data, # CERT_STORE_ADD_REPLACE_EXISTING # ) # https://timgolden.me.uk/pywin32-docs/win32crypt__PFXImportCertStore_meth.html # constants: https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfximportcertstore # imports to the store because of CRYPT_MACHINE_KEYSET store = win32crypt.PFXImportCertStore(p12_data, password, CRYPT_EXPORTABLE | CRYPT_MACHINE_KEYSET | PKCS12_INCLUDE_EXTENDED_PROPERTIES) # the previous call creates a store object so this isn?t needed - open the LOCAL_LACHINE "Personal" certificates store # store = win32crypt.CertOpenStore( # CERT_STORE_PROV_SYSTEM, # 0, # None, # CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_MAXIMUM_ALLOWED_FLAG, # "My" # ) # however, even though the store enumerates, it doesn?t show the PFX that was just imported for mscert in store.CertEnumCertificatesInStore(): print( "1 Cert: {0:}".format(mscert)) print( "2 CertEnumCertificateContextProperties returned: {0:}".format(mscert.CertEnumCertificateContextProperties())) print( "3 cert.Subject: {0:}".format(win32crypt.CertNameToStr(mscert.Subject))) print(f"4 cert Serial Number: {mscert.SerialNumber.hex()}") print(f"5 Issuer: {win32crypt.CertNameToStr(mscert.Issuer)}") print(f"6 NotBefore: {datetime.datetime.fromtimestamp(mscert.NotBefore.timestamp()).astimezone(mscert.NotBefore.tzinfo)}") print(f"7 NotAfter: {datetime.datetime.fromtimestamp(mscert.NotAfter.timestamp()).astimezone(mscert.NotAfter.tzinfo)}") print() if __name__ == "__main__": cert_file_name = f"c:\\scripts\\certs\\w22test001.manross.net-winrm.pfx" password = getpass.getpass(prompt="PFX Password:", stream=None) import_certificate_to_the_windows_certificate_store_for_local_machine(cert_file_name, password) From steven at manross.net Tue Sep 24 01:23:50 2024 From: steven at manross.net (Steven Manross) Date: Tue, 24 Sep 2024 05:23:50 +0000 Subject: [python-win32] win32crypt.PFXImportCertStore() In-Reply-To: References: Message-ID: Although I would still like to understand what I?m doing wrong in win32crypt, this seems to get me by for now?. ? ? certutil -f -p "pfxtpassword" -importpfx "c:\scripts\certs\pfxname.pfx? # imports the PFX to the local machine ?Personal? certificates store HTH someone else Steven From: python-win32 On Behalf Of Steven Manross Sent: Sunday, September 22, 2024 1:14 PM To: python-win32 at python.org Subject: [python-win32] win32crypt.PFXImportCertStore() Howdy, I am trying to import a PFX/P12 certificate to the local machine certificate store and there?s no errors, but it also doesn?t seem to work either. I?ve left a bit of debugging code in the script to show all the things I?ve tried, but again there?s no errors, and it generates the PyStore object like the docs say it will and I enumerate the certificates in the store with a for loop, BUT it doesn?t seem to add the PFX to the store (or at least I can?t see it in the Certificates MMC app for the local machine). I can manually import the PFX by using the CryptoAPI ?Install PFX? option from the windows explorer shell just fine, but the win32crypt.PFXImportCertStore() call doesn?t error, but it also enumerates the machine store certs without the ?newly added? PFX. # this is output from the script in the for loop at the bottom from the attached python script ? these 2 certificates existed prior to the PFX trying to get imported 1 Cert: 2 CertEnumCertificateContextProperties returned: [] 3 cert.Subject: w22test001.manross.net 4 cert Serial Number: redacted 5 Issuer: redacted 6 NotBefore: redacted 7 NotAfter: redacted 1 Cert: 2 CertEnumCertificateContextProperties returned: [2, 11] 3 cert.Subject: w22test001.manross.net 4 cert Serial Number: redacted 5 Issuer: redacted 6 NotBefore: redacted 7 NotAfter: redacted Please and thank you, Steven -------------- next part -------------- An HTML attachment was scrubbed... URL: From steven at manross.net Wed Sep 25 00:33:17 2024 From: steven at manross.net (Steven Manross) Date: Wed, 25 Sep 2024 04:33:17 +0000 Subject: [python-win32] win32crypt.PFXImportCertStore() In-Reply-To: References: Message-ID: <0092305b7d2b441183e13371b0853bfb@manross.net> Note to self?. Don?t give up ? I found some c++ code and adapted it. https://www.sysadmins.lv/retired-msft-blogs/alejacma/how-to-import-a-certificate-without-user-interaction-cpp-csharp.aspx This is left here in case anyone else is looking to do what I was trying to. # brief outline new code cryptui = ctypes.WinDLL('CryptUI.dll') def import_pfx(): # Open the cert store you want to import to? in my case ?local_machine\My? hMyCertStore = crypt32.CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, None, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_MAXIMUM_ALLOWED_FLAG, "My") if not hMyCertStore: print("Error: CertOpenStore(MY) failed") return False # create the necessary information for the import_src struct dwImportFlags = CRYPT_MACHINE_KEYSET | CRYPT_EXPORTABLE import_src = CRYPTUI_WIZ_IMPORT_SRC_INFO() import_src.dwSize = ctypes.sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO) import_src.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_FILE import_src.pwszFileName = "c:\\certs\\my.pfx" import_src.pwszPassword = "supersecretpassword" import_src.dwFlags = dwImportFlags # Call the CryptUIWizImport API result = cryptui.CryptUIWizImport( CRYPTUI_WIZ_NO_UI, None, None, ctypes.byref(import_src), hMyCertStore # define the cert store you want to import to ) # check for errors and then return true on success return True From: Steven Manross Sent: Monday, September 23, 2024 10:24 PM To: Steven Manross ; python-win32 at python.org Subject: RE: win32crypt.PFXImportCertStore() Although I would still like to understand what I?m doing wrong in win32crypt, this seems to get me by for now?. ? ? certutil -f -p "pfxtpassword" -importpfx "c:\scripts\certs\pfxname.pfx? # imports the PFX to the local machine ?Personal? certificates store HTH someone else Steven From: python-win32 > On Behalf Of Steven Manross Sent: Sunday, September 22, 2024 1:14 PM To: python-win32 at python.org Subject: [python-win32] win32crypt.PFXImportCertStore() Howdy, I am trying to import a PFX/P12 certificate to the local machine certificate store and there?s no errors, but it also doesn?t seem to work either. I?ve left a bit of debugging code in the script to show all the things I?ve tried, but again there?s no errors, and it generates the PyStore object like the docs say it will and I enumerate the certificates in the store with a for loop, BUT it doesn?t seem to add the PFX to the store (or at least I can?t see it in the Certificates MMC app for the local machine). I can manually import the PFX by using the CryptoAPI ?Install PFX? option from the windows explorer shell just fine, but the win32crypt.PFXImportCertStore() call doesn?t error, but it also enumerates the machine store certs without the ?newly added? PFX. # this is output from the script in the for loop at the bottom from the attached python script ? these 2 certificates existed prior to the PFX trying to get imported 1 Cert: 2 CertEnumCertificateContextProperties returned: [] 3 cert.Subject: w22test001.manross.net 4 cert Serial Number: redacted 5 Issuer: redacted 6 NotBefore: redacted 7 NotAfter: redacted 1 Cert: 2 CertEnumCertificateContextProperties returned: [2, 11] 3 cert.Subject: w22test001.manross.net 4 cert Serial Number: redacted 5 Issuer: redacted 6 NotBefore: redacted 7 NotAfter: redacted Please and thank you, Steven -------------- next part -------------- An HTML attachment was scrubbed... URL: From alessandro.fiorino at digitaldomus.it Wed Sep 25 07:41:43 2024 From: alessandro.fiorino at digitaldomus.it (Alessandro Fiorino) Date: Wed, 25 Sep 2024 13:41:43 +0200 Subject: [python-win32] Calling a method with SAFEARRAY parameter Message-ID: I have to call a method of a COM Object which is defined as GetTableInfo ([in] BSTR bstrTableName,[in, out] SAFEARRAY(BSTR)*bstrColumnTitles,[in, out] SAFEARRAY(long)*lColumnPos) I tried with columnTitles = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_BSTR, [None]) columnPos = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_I4, [None]) object.GetTableInfo("TABLENAME", columnTitles, columnPos) and with columnTitles = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_BSTR, [""]) columnPos = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_I4, [0]) object.GetTableInfo("TABLENAME", columnTitles, columnPos) but I get an error: Object ot type VARIANT has no len() What I am doing wrong ? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From steven at manross.net Thu Sep 26 14:12:51 2024 From: steven at manross.net (Steven Manross) Date: Thu, 26 Sep 2024 18:12:51 +0000 Subject: [python-win32] Calling a method with SAFEARRAY parameter In-Reply-To: References: Message-ID: <4bc10a2292454b9dbbcb8db4d30fa5c2@manross.net> I?m not sure about the context on this one, but shouldn?t you be calling the COM object with data like: columnTitles = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_BSTR, [?something?]) Versus: columnTitles = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_BSTR, [None]) Without context, I can?t actually do much other than this suggestion. HTH Steven From: python-win32 On Behalf Of Alessandro Fiorino Sent: Wednesday, September 25, 2024 4:42 AM To: python-win32 at python.org Subject: [python-win32] Calling a method with SAFEARRAY parameter I have to call a method of a COM Object which is defined as GetTableInfo ([in] BSTR bstrTableName,[in, out] SAFEARRAY(BSTR)*bstrColumnTitles,[in, out] SAFEARRAY(long)*lColumnPos) I tried with columnTitles = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_BSTR, [None]) columnPos = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_I4, [None]) object.GetTableInfo("TABLENAME", columnTitles, columnPos) and with columnTitles = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_BSTR, [""]) columnPos = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_I4, [0]) object.GetTableInfo("TABLENAME", columnTitles, columnPos) but I get an error: Object ot type VARIANT has no len() What I am doing wrong ? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tgeppert at digitx.de Sat Sep 28 03:35:57 2024 From: tgeppert at digitx.de (Thomas Geppert) Date: Sat, 28 Sep 2024 09:35:57 +0200 Subject: [python-win32] Calling a method with SAFEARRAY parameter In-Reply-To: <0c3dddf5-a2e6-4831-a0a0-92dca76fd7c1@digitx.de> References: <0c3dddf5-a2e6-4831-a0a0-92dca76fd7c1@digitx.de> Message-ID: <0ef6110f-c02b-418b-8db8-f4b6b8a74930@digitx.de> You can simply pass a string and two empty lists like: titles, positions = GetTableInfo("TABLENAME", [], []) Am 25.09.2024 um 13:41 schrieb Alessandro Fiorino: > > I have to call a method of a COM Object which is defined as > GetTableInfo ([in] BSTR bstrTableName,[in, out] > SAFEARRAY(BSTR)*bstrColumnTitles,[in, out] SAFEARRAY(long)*lColumnPos) > > I tried with > ? ? ? ? ? ? columnTitles = VARIANT(pythoncom.VT_ARRAY | > pythoncom.VT_BSTR, [None]) > ? ? ? ? ? ? columnPos = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_I4, > [None]) > ? ? ? ? ? ? object.GetTableInfo("TABLENAME", columnTitles, columnPos) > and with > ? ? ? ? ? ? columnTitles = VARIANT(pythoncom.VT_ARRAY | > pythoncom.VT_BSTR, [""]) > ? ? ? ? ? ? columnPos = VARIANT(pythoncom.VT_ARRAY | pythoncom.VT_I4, [0]) > ? ? ? ? ? ? object.GetTableInfo("TABLENAME", columnTitles, columnPos) > > but I get an error: > Object ot type?VARIANT has no len() > > What I am doing wrong ? > > Thanks in advance. > > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 -------------- next part -------------- An HTML attachment was scrubbed... URL: