archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/chain/ssctl.h

577 lines
13 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows NT Security
  4. // Copyright (C) Microsoft Corporation, 1997 - 1999
  5. //
  6. // File: ssctl.h
  7. //
  8. // Contents: Self Signed Certificate Trust List Subsystem used by the
  9. // Certificate Chaining Infrastructure for building complex
  10. // chains
  11. //
  12. // History: 02-Feb-98 kirtd Created
  13. //
  14. //----------------------------------------------------------------------------
  15. #if !defined(__SSCTL_H__)
  16. #define __SSCTL_H__
  18. #include <chain.h>
  20. //
  21. // CSSCtlObject. This is the main object for caching trust information about
  22. // a self signed certificate trust list
  23. //
  25. typedef struct _SSCTL_SIGNER_INFO {
  26. PCERT_INFO pMessageSignerCertInfo;
  27. BOOL fSignerHashAvailable;
  28. BYTE rgbSignerCertHash[ CHAINHASHLEN ];
  29. } SSCTL_SIGNER_INFO, *PSSCTL_SIGNER_INFO;
  31. class CSSCtlObject
  32. {
  33. public:
  35. //
  36. // Construction
  37. //
  39. CSSCtlObject (
  40. IN PCCERTCHAINENGINE pChainEngine,
  41. IN PCCTL_CONTEXT pCtlContext,
  42. IN BOOL fAdditionalStore,
  43. OUT BOOL& rfResult
  44. );
  46. ~CSSCtlObject ();
  48. //
  49. // Reference counting
  50. //
  52. inline VOID AddRef ();
  53. inline VOID Release ();
  55. //
  56. // Trust information access
  57. //
  59. inline PCCTL_CONTEXT CtlContext ();
  61. BOOL GetSigner (
  62. IN PCCHAINPATHOBJECT pSubject,
  63. IN PCCHAINCALLCONTEXT pCallContext,
  64. IN HCERTSTORE hAdditionalStore,
  65. OUT PCCHAINPATHOBJECT* ppSigner,
  66. OUT BOOL* pfCtlSignatureValid
  67. );
  69. BOOL GetTrustListInfo (
  70. IN PCCERT_CONTEXT pCertContext,
  71. OUT PCERT_TRUST_LIST_INFO* ppTrustListInfo
  72. );
  74. VOID CalculateStatus (
  75. IN LPFILETIME pTime,
  76. IN PCERT_USAGE_MATCH pRequestedUsage,
  77. IN OUT PCERT_TRUST_STATUS pStatus
  78. );
  80. //
  81. // Hash access
  82. //
  84. inline LPBYTE CtlHash ();
  86. //
  87. // Index entry handles
  88. //
  90. inline HLRUENTRY HashIndexEntry ();
  92. //
  93. // Returns pointer to the Ctl's NextUpdate location url array
  94. //
  96. inline PCRYPT_URL_ARRAY NextUpdateUrlArray ();
  98. //
  99. // Returns TRUE if the Ctl has a NextUpdate time and location Url
  100. //
  102. BOOL HasNextUpdateUrl (
  103. OUT LPFILETIME pUpdateTime
  104. );
  106. //
  107. // Called for successful online Url retrieval
  108. //
  110. inline void SetOnline ();
  113. //
  114. // Called for unsuccessful online Url retrieval
  115. //
  117. void SetOffline (
  118. IN LPFILETIME pCurrentTime,
  119. OUT LPFILETIME pUpdateTime
  120. );
  123. //
  124. // Chain engine access
  125. //
  127. inline PCCERTCHAINENGINE ChainEngine ();
  129. //
  130. // Message store access
  131. //
  133. inline HCERTSTORE MessageStore ();
  136. private:
  138. //
  139. // Reference count
  140. //
  142. LONG m_cRefs;
  144. //
  145. // Self Signed Certificate Trust List Context
  146. //
  148. PCCTL_CONTEXT m_pCtlContext;
  150. //
  151. // MD5 Hash of CTL
  152. //
  154. BYTE m_rgbCtlHash[ CHAINHASHLEN ];
  156. //
  157. // Signer information
  158. //
  160. SSCTL_SIGNER_INFO m_SignerInfo;
  161. BOOL m_fHasSignatureBeenVerified;
  162. BOOL m_fSignatureValid;
  164. //
  165. // Message Store
  166. //
  168. HCERTSTORE m_hMessageStore;
  170. //
  171. // Hash Index Entry
  172. //
  174. HLRUENTRY m_hHashEntry;
  176. //
  177. // Chain engine
  178. //
  180. PCCERTCHAINENGINE m_pChainEngine;
  182. //
  183. // The following is only set if the CTL has a NextUpdate time and location
  184. //
  186. PCRYPT_URL_ARRAY m_pNextUpdateUrlArray;
  188. //
  189. // The following is incremented for each SetOffline() call
  190. //
  191. DWORD m_dwOfflineCnt;
  193. //
  194. // The next update time when offline
  195. //
  196. FILETIME m_OfflineUpdateTime;
  198. };
  200. //
  201. // CSSCtlObjectCache. Cache of self signed certificate trust list objects
  202. // indexed by hash. Note that this cache is NOT LRU maintained. We expect
  203. // the number of these objects to be small
  204. //
  206. typedef BOOL (WINAPI *PFN_ENUM_SSCTLOBJECTS) (
  207. IN LPVOID pvParameter,
  208. IN PCSSCTLOBJECT pSSCtlObject
  209. );
  211. class CSSCtlObjectCache
  212. {
  213. public:
  215. //
  216. // Construction
  217. //
  219. CSSCtlObjectCache (
  220. OUT BOOL& rfResult
  221. );
  223. ~CSSCtlObjectCache ();
  225. //
  226. // Object Management
  227. //
  229. BOOL PopulateCache (
  230. IN PCCERTCHAINENGINE pChainEngine
  231. );
  233. BOOL AddObject (
  234. IN PCSSCTLOBJECT pSSCtlObject,
  235. IN BOOL fCheckForDuplicate
  236. );
  238. VOID RemoveObject (
  239. IN PCSSCTLOBJECT pSSCtlObject
  240. );
  242. //
  243. // Access the indexes
  244. //
  246. inline HLRUCACHE HashIndex ();
  248. //
  249. // Searching and Enumeration
  250. //
  252. PCSSCTLOBJECT FindObjectByHash (
  253. IN BYTE rgbHash [ CHAINHASHLEN ]
  254. );
  256. VOID EnumObjects (
  257. IN PFN_ENUM_SSCTLOBJECTS pfnEnum,
  258. IN LPVOID pvParameter
  259. );
  261. //
  262. // Resync
  263. //
  265. BOOL Resync (IN PCCERTCHAINENGINE pChainEngine);
  267. //
  268. // Update the cache by retrieving any expired CTLs having a
  269. // NextUpdate time and location.
  270. //
  272. BOOL UpdateCache (
  273. IN PCCERTCHAINENGINE pChainEngine,
  274. IN PCCHAINCALLCONTEXT pCallContext
  275. );
  277. private:
  279. //
  280. // Hash Index
  281. //
  283. HLRUCACHE m_hHashIndex;
  285. //
  286. // The following is nonzero, if any CTL has a NextUpdate time and location
  287. //
  289. FILETIME m_UpdateTime;
  291. //
  292. // The following is TRUE, for the first update of any CTL with a
  293. // NextUpdate time and location
  294. //
  295. BOOL m_fFirstUpdate;
  296. };
  298. //
  299. // Object removal notification function
  300. //
  302. VOID WINAPI
  303. SSCtlOnRemovalFromCache (
  304. IN LPVOID pv,
  305. IN OPTIONAL LPVOID pvRemovalContext
  306. );
  308. //
  309. // SSCtl Subsystem Utility Function Prototypes
  310. //
  312. BOOL WINAPI
  313. SSCtlGetSignerInfo (
  314. IN PCCTL_CONTEXT pCtlContext,
  315. OUT PSSCTL_SIGNER_INFO pSignerInfo
  316. );
  318. VOID WINAPI
  319. SSCtlFreeSignerInfo (
  320. IN PSSCTL_SIGNER_INFO pSignerInfo
  321. );
  323. BOOL WINAPI
  324. SSCtlGetSignerChainPathObject (
  325. IN PCCHAINPATHOBJECT pSubject,
  326. IN PCCHAINCALLCONTEXT pCallContext,
  327. IN PSSCTL_SIGNER_INFO pSignerInfo,
  328. IN HCERTSTORE hAdditionalStore,
  329. OUT PCCHAINPATHOBJECT* ppSigner,
  330. OUT BOOL *pfNewSigner
  331. );
  333. PCCERT_CONTEXT WINAPI
  334. SSCtlFindCertificateInStoreByHash (
  335. IN HCERTSTORE hStore,
  336. IN BYTE rgbHash [ CHAINHASHLEN]
  337. );
  339. VOID WINAPI
  340. SSCtlGetCtlTrustStatus (
  341. IN PCCTL_CONTEXT pCtlContext,
  342. IN BOOL fSignatureValid,
  343. IN LPFILETIME pTime,
  344. IN PCERT_USAGE_MATCH pRequestedUsage,
  345. IN OUT PCERT_TRUST_STATUS pStatus
  346. );
  348. BOOL WINAPI
  349. SSCtlPopulateCacheFromCertStore (
  350. IN PCCERTCHAINENGINE pChainEngine,
  351. IN OPTIONAL HCERTSTORE hStore
  352. );
  354. BOOL WINAPI
  355. SSCtlCreateCtlObject (
  356. IN PCCERTCHAINENGINE pChainEngine,
  357. IN PCCTL_CONTEXT pCtlContext,
  358. IN BOOL fAdditionalStore,
  359. OUT PCSSCTLOBJECT* ppSSCtlObject
  360. );
  362. typedef struct _SSCTL_ENUM_OBJECTS_DATA {
  363. PFN_ENUM_SSCTLOBJECTS pfnEnumObjects;
  364. LPVOID pvEnumParameter;
  365. } SSCTL_ENUM_OBJECTS_DATA, *PSSCTL_ENUM_OBJECTS_DATA;
  367. BOOL WINAPI
  368. SSCtlEnumObjectsWalkFn (
  369. IN LPVOID pvParameter,
  370. IN HLRUENTRY hEntry
  371. );
  373. BOOL WINAPI
  374. SSCtlCreateObjectCache (
  375. OUT PCSSCTLOBJECTCACHE* ppSSCtlObjectCache
  376. );
  378. VOID WINAPI
  379. SSCtlFreeObjectCache (
  380. IN PCSSCTLOBJECTCACHE pSSCtlObjectCache
  381. );
  383. VOID WINAPI
  384. SSCtlFreeTrustListInfo (
  385. IN PCERT_TRUST_LIST_INFO pTrustListInfo
  386. );
  388. BOOL WINAPI
  389. SSCtlAllocAndCopyTrustListInfo (
  390. IN PCERT_TRUST_LIST_INFO pTrustListInfo,
  391. OUT PCERT_TRUST_LIST_INFO* ppTrustListInfo
  392. );
  394. //
  395. // Retrieve a newer and time valid CTL at one of the NextUpdate Urls
  396. //
  398. BOOL
  399. WINAPI
  400. SSCtlRetrieveCtlUrl(
  401. IN PCCERTCHAINENGINE pChainEngine,
  402. IN PCCHAINCALLCONTEXT pCallContext,
  403. IN OUT PCRYPT_URL_ARRAY pNextUpdateUrlArray,
  404. IN DWORD dwRetrievalFlags,
  405. IN OUT PCCTL_CONTEXT *ppCtl,
  406. IN OUT BOOL *pfNewerCtl,
  407. IN OUT BOOL *pfTimeValid
  408. );
  410. //
  411. // Update Ctl Object Enum Function
  412. //
  414. typedef struct _SSCTL_UPDATE_CTL_OBJ_ENTRY SSCTL_UPDATE_CTL_OBJ_ENTRY,
  415. *PSSCTL_UPDATE_CTL_OBJ_ENTRY;
  417. struct _SSCTL_UPDATE_CTL_OBJ_ENTRY {
  418. PCSSCTLOBJECT pSSCtlObjectAdd;
  419. PCSSCTLOBJECT pSSCtlObjectRemove;
  420. PSSCTL_UPDATE_CTL_OBJ_ENTRY pNext;
  421. };
  423. typedef struct _SSCTL_UPDATE_CTL_OBJ_PARA {
  424. PCCERTCHAINENGINE pChainEngine;
  425. PCCHAINCALLCONTEXT pCallContext;
  427. FILETIME UpdateTime;
  428. PSSCTL_UPDATE_CTL_OBJ_ENTRY pEntry;
  429. } SSCTL_UPDATE_CTL_OBJ_PARA, *PSSCTL_UPDATE_CTL_OBJ_PARA;
  431. BOOL
  432. WINAPI
  433. SSCtlUpdateCtlObjectEnumFn(
  434. IN LPVOID pvPara,
  435. IN PCSSCTLOBJECT pSSCtlObject
  436. );
  438. //
  439. // Inline methods
  440. //
  442. //+---------------------------------------------------------------------------
  443. //
  444. // Member: CSSCtlObject::AddRef, public
  445. //
  446. // Synopsis: add a reference
  447. //
  448. //----------------------------------------------------------------------------
  449. inline VOID
  450. CSSCtlObject::AddRef ()
  451. {
  452. InterlockedIncrement( &m_cRefs );
  453. }
  455. //+---------------------------------------------------------------------------
  456. //
  457. // Member: CSSCtlObject::Release, public
  458. //
  459. // Synopsis: release a reference
  460. //
  461. //----------------------------------------------------------------------------
  462. inline VOID
  463. CSSCtlObject::Release ()
  464. {
  465. if ( InterlockedDecrement( &m_cRefs ) == 0 )
  466. {
  467. delete this;
  468. }
  469. }
  471. //+---------------------------------------------------------------------------
  472. //
  473. // Member: CSSCtlObject::CtlContext, public
  474. //
  475. // Synopsis: return the CTL context
  476. //
  477. //----------------------------------------------------------------------------
  478. inline PCCTL_CONTEXT
  479. CSSCtlObject::CtlContext ()
  480. {
  481. return( m_pCtlContext );
  482. }
  484. //+---------------------------------------------------------------------------
  485. //
  486. // Member: CSSCtlObject::CtlHash, public
  487. //
  488. // Synopsis: return the hash
  489. //
  490. //----------------------------------------------------------------------------
  491. inline LPBYTE
  492. CSSCtlObject::CtlHash ()
  493. {
  494. return( m_rgbCtlHash );
  495. }
  497. //+---------------------------------------------------------------------------
  498. //
  499. // Member: CSSCtlObject::HashIndexEntry, public
  500. //
  501. // Synopsis: return the hash index entry
  502. //
  503. //----------------------------------------------------------------------------
  504. inline HLRUENTRY
  505. CSSCtlObject::HashIndexEntry ()
  506. {
  507. return( m_hHashEntry );
  508. }
  511. //+---------------------------------------------------------------------------
  512. //
  513. // Member: CSSCtlObject::NextUpdateUrlArray, public
  514. //
  515. // Synopsis: return pointer to the Ctl's NextUpdate location url array
  516. //
  517. //----------------------------------------------------------------------------
  518. inline PCRYPT_URL_ARRAY CSSCtlObject::NextUpdateUrlArray ()
  519. {
  520. return m_pNextUpdateUrlArray;
  521. }
  524. //+---------------------------------------------------------------------------
  525. //
  526. // Member: CSSCtlObject::SetOnlineUpdate, public
  527. //
  528. // Synopsis: called for successful online Url retrieval
  529. //
  530. //----------------------------------------------------------------------------
  531. inline void CSSCtlObject::SetOnline ()
  532. {
  533. m_dwOfflineCnt = 0;
  534. }
  536. //+---------------------------------------------------------------------------
  537. //
  538. // Member: CSSCtlObject::ChainEngine, public
  539. //
  540. // Synopsis: return the chain engine object
  541. //
  542. //----------------------------------------------------------------------------
  543. inline PCCERTCHAINENGINE
  544. CSSCtlObject::ChainEngine ()
  545. {
  546. return( m_pChainEngine );
  547. }
  550. //+---------------------------------------------------------------------------
  551. //
  552. // Member: CSSCtlObject::MessageStore, public
  553. //
  554. // Synopsis: return the object's message store
  555. //
  556. //----------------------------------------------------------------------------
  557. inline HCERTSTORE
  558. CSSCtlObject::MessageStore ()
  559. {
  560. return( m_hMessageStore );
  561. }
  563. //+---------------------------------------------------------------------------
  564. //
  565. // Member: CSSCtlObjectCache::HashIndex, public
  566. //
  567. // Synopsis: return the hash index
  568. //
  569. //----------------------------------------------------------------------------
  570. inline HLRUCACHE
  571. CSSCtlObjectCache::HashIndex ()
  572. {
  573. return( m_hHashIndex );
  574. }
  576. #endif