archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/ctl.cpp

599 lines
19 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1997-2002.
  5. //
  6. // File: CTL.cpp
  7. //
  8. // Contents: implementation of the CCTL class.
  9. //
  10. //----------------------------------------------------------------------------
  12. #include "stdafx.h"
  13. #include "CTL.h"
  14. #include "certifct.h"
  17. USE_HANDLE_MACROS("CERTMGR(ctl.cpp)")
  19. ////////////////////////////////////////////////////////////
  20. // Construction/Destruction
  21. //////////////////////////////////////////////////////////////////////
  23. CCTL::CCTL (const PCCTL_CONTEXT pCTLContext,
  24. CCertStore& rCertStore,
  25. CertificateManagerObjectType objectType,
  26. CTypedPtrList<CPtrList, CCertStore*>* pStoreList) :
  27. CCertMgrCookie (objectType),
  28. m_pCTLContext (::CertDuplicateCTLContext (pCTLContext)),
  29. m_rCertStore (rCertStore),
  30. m_pStoreCollection (0),
  31. m_hExtraStore (0)
  32. {
  33. _TRACE (1, L"Entering CCTL::CCTL\n");
  34. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  35. CERTMGR_CTL == m_objecttype);
  36. m_rCertStore.AddRef ();
  37. ASSERT (m_pCTLContext);
  38. if ( m_pCTLContext )
  39. m_pCTLInfo = m_pCTLContext->pCtlInfo;
  41. m_pStoreCollection = new CCertStore (CERTMGR_LOG_STORE, CERT_STORE_PROV_COLLECTION, 0,
  42. L"", L"", L"", L"", NO_SPECIAL_TYPE, 0, rCertStore.m_pConsole);
  43. if ( m_pStoreCollection )
  44. {
  45. m_pStoreCollection->AddStoreToCollection (m_rCertStore);
  47. m_hExtraStore = CertOpenStore(
  48. CERT_STORE_PROV_MSG,
  49. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  50. NULL,
  51. NULL,
  52. (const void *) pCTLContext->hCryptMsg);
  53. if ( m_hExtraStore )
  54. m_pStoreCollection->AddStoreToCollection (m_hExtraStore);
  55. else
  56. {
  57. _TRACE (0, L"CertOpenStore (CERT_STORE_PROV_MSG) failed: 0x%x\n",
  58. GetLastError ());
  59. }
  60. if ( pStoreList )
  61. {
  62. for (POSITION pos = pStoreList->GetHeadPosition (); pos; )
  63. {
  64. CCertStore* pStore = pStoreList->GetNext (pos);
  65. ASSERT (pStore);
  66. if ( pStore )
  67. {
  68. m_pStoreCollection->AddStoreToCollection (*pStore);
  69. pStore->AddRef ();
  70. m_storeList.AddTail (pStore);
  71. }
  72. }
  73. }
  74. }
  75. _TRACE (-1, L"Leaving CCTL::CCTL\n");
  76. }
  78. CCTL::~CCTL()
  79. {
  80. _TRACE (1, L"Entering CCTL::~CCTL\n");
  81. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  82. CERTMGR_CTL == m_objecttype);
  85. if ( m_pStoreCollection )
  86. {
  87. delete m_pStoreCollection;
  88. m_pStoreCollection = 0;
  89. }
  91. CCertStore* pStore = 0;
  93. // Clean up store list
  94. while (!m_storeList.IsEmpty () )
  95. {
  96. pStore = m_storeList.RemoveHead ();
  97. ASSERT (pStore);
  98. if ( pStore )
  99. pStore->Release ();
  100. }
  102. if ( m_hExtraStore )
  103. {
  104. CertCloseStore (m_hExtraStore, 0);
  105. m_hExtraStore = 0;
  106. }
  108. m_rCertStore.Release ();
  109. if ( m_pCTLContext )
  110. ::CertFreeCTLContext (m_pCTLContext);
  111. _TRACE (-1, L"Leaving CCTL::~CCTL\n");
  112. }
  115. PCCTL_CONTEXT CCTL::GetCTLContext() const
  116. {
  117. _TRACE (1, L"Entering CCTL::GetCTLContext\n");
  118. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  119. CERTMGR_CTL == m_objecttype);
  120. _TRACE (-1, L"Leaving CCTL::GetCTLContext\n");
  121. return m_pCTLContext;
  122. }
  124. CCertStore& CCTL::GetCertStore() const
  125. {
  126. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  127. CERTMGR_CTL == m_objecttype);
  128. return m_rCertStore;
  129. }
  131. CString CCTL::GetIssuerName ()
  132. {
  133. _TRACE (1, L"Entering CCTL::GetIssuerName\n");
  134. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  135. CERTMGR_CTL == m_objecttype);
  136. ASSERT (m_pCTLInfo);
  137. if ( m_pCTLInfo )
  138. {
  139. // Decode issuer name if not already present
  140. if ( m_szIssuerName.IsEmpty () )
  141. {
  142. HRESULT hResult = GetSignerInfo (m_szIssuerName);
  143. if ( !SUCCEEDED (hResult) )
  144. VERIFY (m_szIssuerName.LoadString (IDS_NOT_AVAILABLE));
  145. }
  146. }
  148. _TRACE (-1, L"Leaving CCTL::GetIssuerName\n");
  149. return m_szIssuerName;
  150. }
  152. CString CCTL::GetEffectiveDate()
  153. {
  154. _TRACE (1, L"Entering CCTL::GetEffectiveDate\n");
  155. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  156. CERTMGR_CTL == m_objecttype);
  157. ASSERT (m_pCTLInfo);
  158. if ( m_pCTLInfo )
  159. {
  160. // Format date/time string if not already present
  161. if ( m_szEffectiveDate.IsEmpty () )
  162. {
  163. HRESULT hResult = FormatDate (m_pCTLInfo->ThisUpdate, m_szEffectiveDate);
  164. if ( !SUCCEEDED (hResult) )
  165. m_szEffectiveDate = _T("");
  166. }
  167. }
  168. else
  169. m_szEffectiveDate = _T("");
  171. _TRACE (-1, L"Leaving CCTL::GetEffectiveDate\n");
  172. return m_szEffectiveDate;
  173. }
  175. CString CCTL::GetNextUpdate()
  176. {
  177. _TRACE (1, L"Entering CCTL::GetNextUpdate\n");
  178. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  179. CERTMGR_CTL == m_objecttype);
  180. ASSERT (m_pCTLInfo);
  181. if ( m_pCTLInfo )
  182. {
  183. // Format date/time string if not already present
  184. if ( m_szNextUpdate.IsEmpty () )
  185. {
  186. HRESULT hResult = FormatDate (m_pCTLInfo->NextUpdate, m_szNextUpdate);
  187. if ( !SUCCEEDED (hResult) )
  188. m_szNextUpdate = _T("");
  189. }
  190. }
  191. else
  192. m_szNextUpdate = _T("");
  194. _TRACE (-1, L"Leaving CCTL::GetNextUpdate\n");
  195. return m_szNextUpdate;
  196. }
  198. CString CCTL::GetPurpose()
  199. {
  200. _TRACE (1, L"Entering CCTL::GetPurpose\n");
  201. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  202. CERTMGR_CTL == m_objecttype);
  203. ASSERT (m_pCTLInfo);
  204. if ( m_pCTLInfo )
  205. {
  206. // Format date/time string if not already present
  207. if ( m_szPurpose.IsEmpty () )
  208. FormatEnhancedKeyUsagePropertyString (m_szPurpose);
  209. }
  210. _TRACE (-1, L"Leaving CCTL::GetPurpose\n");
  211. return m_szPurpose;
  212. }
  215. void CCTL::FormatEnhancedKeyUsagePropertyString (CString& string)
  216. {
  217. _TRACE (1, L"Entering CCTL::FormatEnhancedKeyUsagePropertyString\n");
  218. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  219. CERTMGR_CTL == m_objecttype);
  220. ASSERT (m_pCTLInfo);
  221. if ( m_pCTLInfo )
  222. {
  223. CString usageName;
  224. CTL_USAGE& usage = m_pCTLInfo->SubjectUsage;
  227. for (DWORD dwIndex = 0; dwIndex < usage.cUsageIdentifier; dwIndex++)
  228. {
  229. if ( MyGetOIDInfo (usageName, usage.rgpszUsageIdentifier[dwIndex]) )
  230. {
  231. // add delimeter if not first iteration
  232. if ( dwIndex )
  233. string += _T(", ");
  234. string += usageName;
  235. }
  236. }
  237. }
  238. _TRACE (-1, L"Leaving CCTL::FormatEnhancedKeyUsagePropertyString\n");
  239. }
  242. HRESULT CCTL::GetSignerInfo (CString & signerName)
  243. {
  244. _TRACE (1, L"Entering CCTL::GetSignerInfo\n");
  245. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  246. CERTMGR_CTL == m_objecttype);
  247. HRESULT hResult = S_OK;
  249. //
  250. // Use CryptMsg to crack the encoded PKCS7 Signed Message
  251. //
  252. HCRYPTMSG hMsg = ::CryptMsgOpenToDecode (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  253. 0,
  254. 0,
  255. 0,
  256. NULL,
  257. NULL);
  258. ASSERT (hMsg);
  259. if ( hMsg )
  260. {
  261. BOOL bResult = ::CryptMsgUpdate (hMsg, m_pCTLContext->pbCtlEncoded,
  262. m_pCTLContext->cbCtlEncoded, TRUE);
  263. ASSERT (bResult);
  264. if ( bResult )
  265. {
  266. //
  267. // get the encoded signer BLOB
  268. //
  269. DWORD cbEncodedSigner = 0;
  270. bResult = ::CryptMsgGetParam (hMsg, CMSG_ENCODED_SIGNER, 0, NULL,
  271. &cbEncodedSigner);
  272. if ( bResult && cbEncodedSigner )
  273. {
  274. BYTE* pbEncodedSigner = (PBYTE) ::LocalAlloc (LPTR, cbEncodedSigner);
  275. if ( pbEncodedSigner )
  276. {
  277. bResult = ::CryptMsgGetParam (hMsg, CMSG_ENCODED_SIGNER, 0,
  278. pbEncodedSigner, &cbEncodedSigner);
  279. ASSERT (bResult);
  280. if ( bResult )
  281. {
  282. DWORD cbSignerInfo = 0;
  283. //
  284. // decode the EncodedSigner info
  285. //
  286. bResult = ::CryptDecodeObject (
  287. PKCS_7_ASN_ENCODING | CRYPT_ASN_ENCODING,
  288. PKCS7_SIGNER_INFO,
  289. pbEncodedSigner,
  290. cbEncodedSigner,
  291. 0,
  292. NULL,
  293. &cbSignerInfo);
  294. ASSERT (bResult);
  295. if ( bResult )
  296. {
  297. PCMSG_SIGNER_INFO pbSignerInfo = (PCMSG_SIGNER_INFO) ::LocalAlloc (LPTR, cbSignerInfo);
  298. if ( pbSignerInfo )
  299. {
  300. bResult = ::CryptDecodeObject (
  301. PKCS_7_ASN_ENCODING|CRYPT_ASN_ENCODING,
  302. PKCS7_SIGNER_INFO,
  303. pbEncodedSigner,
  304. cbEncodedSigner,
  305. 0,
  306. pbSignerInfo,
  307. &cbSignerInfo);
  308. ASSERT (bResult);
  309. if ( bResult )
  310. {
  311. DWORD cbCertInfo = 0;
  312. //
  313. // get the signers cert context
  314. //
  315. bResult = ::CryptMsgGetParam (hMsg,
  316. CMSG_SIGNER_CERT_INFO_PARAM,
  317. 0,
  318. NULL,
  319. &cbCertInfo);
  320. ASSERT (bResult);
  321. if ( bResult && cbEncodedSigner )
  322. {
  323. CERT_INFO* pCertInfo = (CERT_INFO *) ::LocalAlloc (LPTR, cbCertInfo);
  324. if ( pCertInfo )
  325. {
  326. bResult = ::CryptMsgGetParam (hMsg,
  327. CMSG_SIGNER_CERT_INFO_PARAM,
  328. 0,
  329. pCertInfo,
  330. &cbCertInfo);
  331. ASSERT (bResult);
  332. if ( bResult )
  333. {
  334. CCertificate* pCert =
  335. m_pStoreCollection->GetSubjectCertificate (pCertInfo);
  336. if ( pCert )
  337. {
  338. signerName = pCert->GetSubjectName ();
  339. pCert->Release ();
  340. }
  341. else
  342. hResult = E_FAIL;
  343. }
  345. ::LocalFree (pCertInfo);
  346. }
  347. else
  348. {
  349. hResult = E_OUTOFMEMORY;
  350. }
  351. }
  352. }
  353. ::LocalFree (pbSignerInfo);
  354. }
  355. else
  356. {
  357. hResult = E_OUTOFMEMORY;
  358. }
  359. }
  360. }
  361. ::LocalFree (pbEncodedSigner);
  362. }
  363. else
  364. {
  365. hResult = E_OUTOFMEMORY;
  366. }
  367. }
  368. else
  369. hResult = E_FAIL;
  370. }
  371. bResult = ::CryptMsgClose (hMsg);
  372. ASSERT (bResult);
  373. }
  374. else
  375. hResult = E_UNEXPECTED;
  377. _TRACE (-1, L"Leaving CCTL::GetSignerInfo\n");
  378. return hResult;
  379. }
  382. int CCTL::CompareEffectiveDate (const CCTL& ctl) const
  383. {
  384. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  385. CERTMGR_CTL == m_objecttype);
  386. int compVal = 0;
  388. ASSERT (m_pCTLInfo && ctl.m_pCTLInfo);
  389. if ( m_pCTLInfo && ctl.m_pCTLInfo )
  390. {
  391. compVal = ::CompareFileTime (&m_pCTLInfo->ThisUpdate,
  392. &ctl.m_pCTLInfo->ThisUpdate);
  393. }
  395. return compVal;
  396. }
  398. int CCTL::CompareNextUpdate (const CCTL& ctl) const
  399. {
  400. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  401. CERTMGR_CTL == m_objecttype);
  402. int compVal = 0;
  404. ASSERT (m_pCTLInfo && ctl.m_pCTLInfo);
  405. if ( m_pCTLInfo && ctl.m_pCTLInfo )
  406. {
  407. compVal = ::CompareFileTime (&m_pCTLInfo->NextUpdate,
  408. &ctl.m_pCTLInfo->NextUpdate);
  409. }
  411. return compVal;
  412. }
  414. CString CCTL::GetFriendlyName()
  415. {
  416. _TRACE (1, L"Entering CCTL::GetFriendlyName\n");
  417. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  418. CERTMGR_CTL == m_objecttype);
  419. ASSERT (m_pCTLContext);
  420. if ( m_pCTLContext && m_szFriendlyName.IsEmpty () )
  421. {
  422. DWORD cbData = 0;
  423. BOOL bResult = ::CertGetCTLContextProperty (
  424. m_pCTLContext,
  425. CERT_FRIENDLY_NAME_PROP_ID,
  426. NULL,
  427. &cbData);
  428. if ( bResult )
  429. {
  430. LPWSTR pszName = new WCHAR[cbData];
  431. if ( pszName )
  432. {
  433. // security review 2/22/2002 BryanWal ok
  434. ::ZeroMemory (pszName, cbData * sizeof (WCHAR));
  435. bResult = ::CertGetCTLContextProperty (
  436. m_pCTLContext,
  437. CERT_FRIENDLY_NAME_PROP_ID,
  438. pszName,
  439. &cbData);
  440. ASSERT (bResult);
  441. if ( bResult )
  442. {
  443. m_szFriendlyName = pszName;
  444. }
  445. else
  446. {
  447. VERIFY (m_szFriendlyName.LoadString (IDS_NOT_AVAILABLE));
  448. }
  449. delete [] pszName;
  450. }
  451. }
  452. else
  453. {
  454. if ( GetLastError () == CRYPT_E_NOT_FOUND )
  455. {
  456. VERIFY (m_szFriendlyName.LoadString (IDS_NONE));
  457. }
  458. else
  459. {
  460. ASSERT (0);
  461. VERIFY (m_szFriendlyName.LoadString (IDS_NOT_AVAILABLE));
  462. }
  463. }
  464. }
  465. _TRACE (-1, L"Leaving CCTL::GetFriendlyName\n");
  466. return m_szFriendlyName;
  467. }
  469. SPECIAL_STORE_TYPE CCTL::GetStoreType() const
  470. {
  471. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype ||
  472. CERTMGR_CTL == m_objecttype);
  473. return m_rCertStore.GetStoreType ();
  474. }
  476. void CCTL::Refresh()
  477. {
  478. m_szEffectiveDate = L"";
  479. m_szFriendlyName = L"";
  480. m_szIssuerName = L"";
  481. m_szNextUpdate = L"";
  482. m_szPurpose = L"";
  483. }
  486. BOOL CCTL::DeleteFromStore()
  487. {
  488. _TRACE (1, L"Entering CCTL::DeleteFromStore\n");
  489. BOOL bResult = FALSE;
  491. PCCTL_CONTEXT pCTLContext = GetNewCTLContext ();
  492. if ( pCTLContext )
  493. {
  494. bResult = ::CertDeleteCTLFromStore (pCTLContext);
  495. if ( bResult )
  496. {
  497. m_rCertStore.InvalidateCertCount ();
  498. m_rCertStore.SetDirty ();
  499. m_rCertStore.SetDeleting ();
  500. HRESULT hr = m_rCertStore.Commit ();
  501. m_rCertStore.SetAdding ();
  502. if ( SUCCEEDED (hr) )
  503. m_rCertStore.Resync ();
  504. else
  505. bResult = FALSE;
  506. }
  507. m_rCertStore.Close ();
  508. }
  510. _TRACE (-1, L"Leaving CCTL::DeleteFromStore\n");
  511. return bResult;
  512. }
  514. PCCTL_CONTEXT CCTL::GetNewCTLContext()
  515. {
  516. _TRACE (1, L"Entering CCTL::GetNewCTLContext\n");
  517. PCCTL_CONTEXT pCTLContext = 0;
  518. HCERTSTORE hCertStore = m_rCertStore.GetStoreHandle ();
  519. if ( hCertStore )
  520. {
  521. DWORD cbData = 20;
  522. BYTE certHash[20];
  523. BOOL bReturn = ::CertGetCTLContextProperty (
  524. m_pCTLContext,
  525. CERT_SHA1_HASH_PROP_ID,
  526. certHash,
  527. &cbData);
  528. ASSERT (bReturn);
  529. if ( bReturn )
  530. {
  531. CRYPT_DATA_BLOB blob = {sizeof (certHash), certHash};
  532. pCTLContext = CertFindCTLInStore(
  533. hCertStore,
  534. 0,
  535. 0,
  536. CTL_FIND_SHA1_HASH,
  537. &blob,
  538. 0);
  539. if ( pCTLContext )
  540. {
  541. ::CertFreeCTLContext (m_pCTLContext);
  542. m_pCTLContext = ::CertDuplicateCTLContext (pCTLContext);
  543. }
  544. }
  545. }
  547. _TRACE (-1, L"Leaving CCTL::GetNewCTLContext\n");
  548. return pCTLContext;
  549. }
  551. CString CCTL::GetSHAHash()
  552. {
  553. // _TRACE (1, L"Entering CCTL::GetSHAHash\n");
  554. ASSERT (m_pCTLContext);
  555. if ( m_pCTLContext && m_szSHAHash.IsEmpty ())
  556. {
  557. m_szSHAHash = GetGenericHash (CERT_SHA1_HASH_PROP_ID);
  558. }
  559. // _TRACE (-1, L"Leaving CCTL::GetSHAHash\n");
  560. return m_szSHAHash;
  561. }
  564. CString CCTL::GetGenericHash(DWORD dwPropId)
  565. {
  566. // _TRACE (1, L"Entering CCTL::GetGenericHash\n");
  567. CString szHash;
  570. DWORD cbData = 0;
  571. BOOL bReturn = ::CertGetCTLContextProperty (
  572. m_pCTLContext,
  573. dwPropId,
  574. NULL,
  575. &cbData);
  576. if ( bReturn )
  577. {
  578. cbData += 2; // for null terminator
  579. BYTE* pCTLHash = new BYTE[cbData];
  580. if ( pCTLHash )
  581. {
  582. // security review 2/22/2002 BryanWal ok
  583. ::ZeroMemory (pCTLHash, cbData);
  584. bReturn = CertGetCTLContextProperty (
  585. m_pCTLContext,
  586. dwPropId,
  587. pCTLHash,
  588. &cbData);
  589. ASSERT (bReturn);
  590. if ( bReturn )
  591. {
  592. DataToHex (pCTLHash, szHash, cbData, false);
  593. }
  594. delete [] pCTLHash;
  595. }
  596. }
  597. // _TRACE (-1, L"Leaving CCTL::GetGenericHash\n");
  598. return szHash;
  599. }