|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1995 - 1999
//
// File: certgen.cpp
//
//--------------------------------------------------------------------------
#include <pch.cpp>
#pragma hdrstop
#include <conio.h>
#include "encode.h"
#include "rsa.h"
#include "md5.h"
#include <wincrypt.h>
#include <certsrv.h>
#include <certca.h>
#include <csdisp.h>
#include "csprop.h"
#define MSTOSEC(ms) (((ms) + 1000 - 1)/1000)
DWORD g_crdnMax;
HCRYPTPROV g_hMe = NULL;
WCHAR g_wszTestKey[] = L"CertGen_TestKey";
static unsigned char MD5_PRELUDE[] = { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10};
BYTE g_CAPIPrivateKey[1000];DWORD g_cbPrivateKey;//LPBSAFE_PRV_KEY g_pRSAPrivateKey;
DWORD g_cbRSAPrivateKey;LPBSAFE_PUB_KEY g_pRSAPublicKey;DWORD g_cbRSAPublicKey;
WCHAR *g_pwszConfig = NULL;
typedef struct { DWORD magic; // Should always be RSA2
DWORD bitlen; // bit size of key
DWORD pubexp; // public exponent
} EXPORT_PRV_KEY;
BOOL g_fRPC = FALSE;BOOL g_fRenewal = FALSE;BOOL g_fSave = FALSE;BOOL g_fPrintProperties = FALSE;BOOL g_fDebug = FALSE;BOOL g_fIgnoreAccessDenied = FALSE;BOOL g_fTime = FALSE;BOOL g_fIgnoreError = FALSE;BOOL g_fAllowDups = FALSE;BOOL g_fShowTime = FALSE;BOOL g_fEnterpriseCA = FALSE;
LONG g_IntervalCount;DWORD g_MaximumCount = MAXDWORD;DWORD g_DispatchFlags = DISPSETUP_COMFIRST;
BOOL IsCharPrintableString(TCHAR chChar);
WCHAR wszUsage[] = TEXT("Usage: CertGen [options]\n") TEXT("Options are:\n") TEXT(" -a - ignore denied requests\n") TEXT(" -c # - generate # certs\n") TEXT(" -config server\\CAName - specify CA config string\n") TEXT(" -d - debug\n") TEXT(" -e - Enterprise CA\n") TEXT(" -i - don't stop on request errors\n") TEXT(" -m - print start/end time\n") TEXT(" -p - print properties from cert created\n") TEXT(" -r - put request/cert/chain info into test.req/test.crt/testchain.crt\n") TEXT(" -renewal - generate renewal requests\n") TEXT(" -rpc - use RPC to connect to server\n") TEXT(" -t # - print time statistics every # certs\n") TEXT(" -z - allow duplicate subject name components\n");
HRESULTSeedRNG(void){ HRESULT hr; unsigned int seed;
if (!CryptGenRandom(g_hMe, sizeof(seed), (BYTE *) &seed)) { hr = myHLastError(); _JumpError(hr, error, "CryptGenRandom"); } srand(seed); hr = S_OK;
error: return(hr);
}
HRESULTGenerateString( DWORD cnt, BYTE *pbStr){ HRESULT hr; DWORD i; BYTE *pb;
hr = SeedRNG(); _JumpIfError(hr, error, "SeedRNG");
pb = pbStr; for (i = 0; i < cnt; i++) { do { *pb = rand() % 0x7f; } while (!IsCharPrintableString(*pb)); pb++; } *pb = '\0';
// Turn leading and trailing Blanks into '.' characters?
if (g_fAllowDups && 0 < cnt) { if (' ' == *pbStr) { *pbStr = '.'; } pb--; if (' ' == *pb) { *pb = '.'; } }
error: return(hr);
}
voidFreeLocalMemory( NAMETABLE *pNameTable){ NAMEENTRY *pNameEntry = NULL; DWORD i;
pNameEntry = pNameTable->pNameEntry; for (i = 0; i < pNameTable->cnt; i++) { if (NULL != pNameEntry->pbData) { LocalFree(pNameEntry->pbData); } pNameEntry++; } LocalFree(pNameTable->pNameEntry);}
HRESULTGenerateNameTable( NAMETABLE *pNameTable){ HRESULT hr; NAMEENTRY *pNameEntryAlloc = NULL; NAMEENTRY *pNameEntry; DWORD cbString; BYTE *pbString; DWORD i; DWORD j; DWORD cRetry;
hr = SeedRNG(); _JumpIfError(hr, error, "SeedRNG");
pNameTable->cnt = rand() % g_crdnMax; // 0 is Ok
if (1 < g_fPrintProperties) { wprintf(L"NumEntries = %u\n", pNameTable->cnt); } for (i = 0; i < g_crdnSubject; i++) { g_ardnSubject[i].cbRemain = g_ardnSubject[i].cbMaxConcatenated; }
pNameEntryAlloc = (NAMEENTRY *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, pNameTable->cnt * sizeof(NAMEENTRY));
if (NULL == pNameEntryAlloc) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
pNameTable->pNameEntry = pNameEntryAlloc;
for (i = 0; i < pNameTable->cnt; i++) { RDNENTRY *prdne = NULL;
pNameEntry = &pNameTable->pNameEntry[i];
for (cRetry = 0; !g_fAllowDups || cRetry < 2 * pNameTable->cnt; cRetry++) { pNameEntry->iRDN = rand() % g_crdnSubject; prdne = &g_ardnSubject[pNameEntry->iRDN];
if (g_fAllowDups) { if (2 > prdne->cbRemain) { continue; // Skip if less than 2 characters left
} } else { for (j = 0; j < i; j++) { if (pNameEntry->iRDN == pNameTable->pNameEntry[j].iRDN) { break; } } if (j < i) { continue; // Skip if a disallowed duplicate
} } break; } if (g_fAllowDups && cRetry >= 2 * pNameTable->cnt) { if (1 < g_fPrintProperties) { wprintf(L"Reducing NumEntries = %u --> %i\n", pNameTable->cnt, i); } pNameTable->cnt = i; // too many retries -- reduce count & quit
break; } if (NULL == prdne) { hr = E_UNEXPECTED; _JumpError(hr, error, "prdne NULL"); }
pNameEntry->pszObjId = prdne->pszObjId; pNameEntry->BerTag = prdne->BerTag;
assert(2 <= prdne->cbRemain); do { cbString = rand() % min(prdne->cbMaxString, prdne->cbRemain); } while (0 == cbString);
// Reduce remaining count by length of string plus separator: "\n"
if (1 < g_fPrintProperties) { wprintf( L" RDN(%u): %hs=%u/%u/%u/", i, prdne->pszShortName, cbString, prdne->cbMaxString, prdne->cbRemain); } prdne->cbRemain -= cbString; if (0 < prdne->cbRemain) { prdne->cbRemain--; }
// Limit each string to (prdne->cbMaxString + 1) chars, including
// trailing '\0':
assert(cbString <= prdne->cbMaxString); // leave room for '\0' in DB
pbString = (BYTE *) LocalAlloc(LMEM_FIXED, cbString + 1); if (NULL == pbString) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } hr = GenerateString(cbString, pbString); _JumpIfError(hr, error, "GenerateString");
if (1 < g_fPrintProperties) { wprintf(L"%u: \"%hs\"\n", prdne->cbRemain, pbString); } pNameEntry->cbData = cbString; pNameEntry->pbData = pbString; } pNameEntryAlloc = NULL;
error: if (NULL != pNameEntryAlloc) { FreeLocalMemory(pNameTable); } return(hr);}
HRESULTGenerateTestNameTable( NAMETABLE *pNameTable){ HRESULT hr; NAMEENTRY *pNameEntryAlloc = NULL; NAMEENTRY *pNameEntry; DWORD cbString; BYTE *pbString; DWORD i; DWORD j; char szTest[2];
pNameEntryAlloc = (NAMEENTRY *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, sizeof(NAMEENTRY) * g_crdnSubject);
if (NULL == pNameEntryAlloc) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
pNameTable->cnt = g_crdnSubject; pNameTable->pNameEntry = pNameEntryAlloc;
szTest[0] = 'a'; szTest[1] = '\0';
for (i = 0; i < g_crdnSubject; i++) { pNameEntry = &pNameTable->pNameEntry[i]; pNameEntry->pszObjId = g_ardnSubject[i].pszObjId; pNameEntry->BerTag = g_ardnSubject[i].BerTag;
pbString = (BYTE *) LocalAlloc(LMEM_FIXED, sizeof(szTest)); if (NULL == pbString) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(pbString, szTest, sizeof(szTest)); pNameEntry->cbData = sizeof(szTest) - 1; pNameEntry->pbData = pbString; if ('z' == szTest[0]) { szTest[0] = 'a'; } else { szTest[0]++; } } pNameEntryAlloc = NULL; hr = S_OK;
error: if (NULL != pNameEntryAlloc) { FreeLocalMemory(pNameTable); } return(hr);}
BOOLPreparePrivateKeyForImport( IN BYTE *pbBlob, IN DWORD cbBlob, OUT BSAFE_PRV_KEY *pPriKey, IN OUT DWORD *pcbPriKey, OUT BSAFE_PUB_KEY *pPubKey, IN OUT DWORD *pcbPubKey){ EXPORT_PRV_KEY *pExportKey = (EXPORT_PRV_KEY *) pbBlob; DWORD cbHalfModLen; DWORD cbPub; DWORD cbPri; BYTE *pbIn; BYTE *pbOut;
if (RSA2 != pExportKey->magic) { return(FALSE); } cbHalfModLen = pExportKey->bitlen / 16;
cbPub = sizeof(BSAFE_PUB_KEY) + (cbHalfModLen + sizeof(DWORD)) * 2; cbPri = sizeof(BSAFE_PRV_KEY) + (cbHalfModLen + sizeof(DWORD)) * 10; if (NULL == pPriKey || NULL == pPubKey) { *pcbPubKey = cbPub; *pcbPriKey = cbPri; return(TRUE); }
if (*pcbPubKey < cbPub || *pcbPriKey < cbPri) { *pcbPubKey = cbPub; *pcbPriKey = cbPri; return(FALSE); } else { // form the public key
ZeroMemory(pPubKey, *pcbPubKey); pPubKey->magic = RSA1; pPubKey->keylen = (cbHalfModLen + sizeof(DWORD)) * 2; pPubKey->bitlen = pExportKey->bitlen; pPubKey->datalen = cbHalfModLen * 2 - 1; pPubKey->pubexp = pExportKey->pubexp;
pbIn = pbBlob + sizeof(EXPORT_PRV_KEY); pbOut = (BYTE *) pPubKey + sizeof(BSAFE_PUB_KEY);
CopyMemory(pbOut, pbIn, cbHalfModLen * 2);
// form the private key
ZeroMemory(pPriKey, *pcbPriKey); pPriKey->magic = pExportKey->magic; pPriKey->keylen = (cbHalfModLen + sizeof(DWORD)) * 2; pPriKey->bitlen = pExportKey->bitlen; pPriKey->datalen = cbHalfModLen * 2 - 1; pPriKey->pubexp = pExportKey->pubexp;
pbOut = (BYTE *) pPriKey + sizeof(BSAFE_PRV_KEY);
CopyMemory(pbOut, pbIn, cbHalfModLen * 2);
pbOut += (cbHalfModLen + sizeof(DWORD)) * 2; pbIn += cbHalfModLen * 2; CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD); pbIn += cbHalfModLen; CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD); pbIn += cbHalfModLen; CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD); pbIn += cbHalfModLen; CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD); pbIn += cbHalfModLen; CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD); pbIn += cbHalfModLen; CopyMemory(pbOut, pbIn, cbHalfModLen * 2); } *pcbPubKey = cbPub; *pcbPriKey = cbPri; return(TRUE);}
HRESULTGetPrivateKeyStuff( PctPrivateKey **ppKey){ HRESULT hr; BYTE *pbData; PctPrivateKey *pKey = NULL; HCRYPTKEY hKey = NULL;
if (!CryptAcquireContext( &g_hMe, g_wszTestKey, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_DELETEKEYSET)) { hr = myHLastError(); _PrintError(hr, "CryptAcquireContext"); }
if (!CryptAcquireContext( &g_hMe, g_wszTestKey, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { hr = myHLastError(); _JumpError(hr, error, "CryptAcquireContext"); }
if (!CryptGetUserKey(g_hMe, AT_SIGNATURE, &hKey)) { hr = myHLastError(); _PrintError2(hr, "CryptGetUserKey", hr);
if (!CryptGenKey(g_hMe, AT_SIGNATURE, CRYPT_EXPORTABLE, &hKey)) { hr = myHLastError(); _JumpError(hr, error, "CryptGenKey"); } }
g_cbPrivateKey = sizeof(g_CAPIPrivateKey);
if (!CryptExportKey( hKey, 0, PRIVATEKEYBLOB, 0L, &g_CAPIPrivateKey[0], &g_cbPrivateKey)) { hr = myHLastError(); _JumpError(hr, error, "CryptExportKey"); }
pbData = &g_CAPIPrivateKey[sizeof(BLOBHEADER)];
if (!PreparePrivateKeyForImport( pbData, g_cbPrivateKey - sizeof(BLOBHEADER), NULL, &g_cbRSAPrivateKey, NULL, &g_cbRSAPublicKey)) { hr = NTE_BAD_KEY; _JumpError(hr, error, "PreparePrivateKeyForImport"); }
pKey = (PctPrivateKey *) LocalAlloc( LMEM_FIXED, g_cbRSAPrivateKey + sizeof(PctPrivateKey));
g_pRSAPublicKey = (BSAFE_PUB_KEY *) LocalAlloc( LMEM_FIXED, g_cbRSAPublicKey);
if (pKey == NULL || g_pRSAPublicKey == NULL) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
pKey->cbKey = g_cbRSAPrivateKey; if (!PreparePrivateKeyForImport( pbData, g_cbPrivateKey - sizeof(BLOBHEADER), (BSAFE_PRV_KEY *) pKey->pKey, &g_cbRSAPrivateKey, g_pRSAPublicKey, &g_cbRSAPublicKey)) { hr = NTE_BAD_KEY; _JumpError(hr, error, "PreparePrivateKeyForImport"); } hr = S_OK;
error: if (NULL != hKey) { CryptDestroyKey(hKey); } *ppKey = pKey; return(hr);}
VOIDReverseMemCopy( OUT BYTE *pbDest, IN BYTE const *pbSource, IN DWORD cb){ BYTE *pb;
pb = pbDest + cb - 1; do { *pb-- = *pbSource++; } while (pb >= pbDest);}
BOOL WINAPISigRSAMD5Sign( IN BYTE *pbData, IN DWORD cbData, OUT BYTE *pbSigned, OUT DWORD *pcbSigned, IN PctPrivateKey const *pKey){ MD5_CTX DigCtx; BSAFE_PRV_KEY *pk = (BSAFE_PRV_KEY *) pKey->pKey; BYTE LocalBuffer[300]; BYTE LocalOutput[300]; DWORD cb;
//DumpHex(pbData, cbData);
if (pk->datalen > sizeof(LocalBuffer)) { return(FALSE); }
// Generate the checksum
MD5Init(&DigCtx); MD5Update(&DigCtx, pbData, cbData); MD5Final(&DigCtx);
FillMemory(LocalBuffer, pk->keylen, 0);
ReverseMemCopy(LocalBuffer, DigCtx.digest, 16); ReverseMemCopy(LocalBuffer + 16, MD5_PRELUDE, sizeof(MD5_PRELUDE)); cb = sizeof(MD5_PRELUDE) + 16; LocalBuffer[cb++] = 0; while (cb < pk->datalen - 1) { LocalBuffer[cb++] = 0xff; }
// Make into pkcs block type 1
LocalBuffer[pk->datalen - 1] = 1;
*pcbSigned = pk->datalen + 1;
if (!BSafeDecPrivate(pk, LocalBuffer, LocalOutput)) { return(FALSE); } ReverseMemCopy(pbSigned, LocalOutput, *pcbSigned); //DumpHex(pbSigned, *pcbSigned);
return(TRUE);}
longEncodeSubjectPubKeyInfo( IN PctPrivateKey const *pKey, OUT BYTE *pbBuffer){ BYTE *pbEncoded; LONG cbResult; LONG cbResultHeader; LONG PkResult; LONG PkResultHeader; BYTE *pbSave; BYTE *pbBitString; BYTE *pbBitStringBase; BYTE *pbTop; DWORD EstimatedLength; BSAFE_PRV_KEY *pk = (BSAFE_PRV_KEY *) pKey->pKey;
// Encode public key now...
EstimatedLength = pk->datalen + 32;
pbEncoded = pbBuffer;
cbResultHeader = EncodeHeader(pbEncoded, EstimatedLength); pbEncoded += cbResultHeader;
pbTop = pbEncoded;
cbResult = EncodeAlgorithm(pbEncoded, ALGTYPE_KEYEXCH_RSA_MD5); if (0 > cbResult) { return(-1); } pbEncoded += cbResult;
// now, serialize the rsa key data:
pbBitString = (BYTE *) LocalAlloc(LMEM_FIXED, EstimatedLength); if (NULL == pbBitString) { return(-1); } pbBitStringBase = pbBitString;
// Encode the Sequence header, public key base and exponent as integers
PkResultHeader = EncodeHeader(pbBitString, EstimatedLength); pbBitString += PkResultHeader;
pbSave = pbBitString;
PkResult = EncodeInteger(pbBitString, (BYTE *) (pk + 1), pk->keylen); pbBitString += PkResult;
PkResult = EncodeInteger(pbBitString, (BYTE *) &pk->pubexp, sizeof(DWORD)); pbBitString += PkResult;
// Rewrite the bitstring header with an accurate length.
PkResult = EncodeHeader( pbBitStringBase, SAFE_SUBTRACT_POINTERS(pbBitString, pbSave));
// Encode the public key sequence as a raw bitstring, and free the memory.
cbResult = EncodeBitString( pbEncoded, pbBitStringBase, SAFE_SUBTRACT_POINTERS(pbBitString, pbBitStringBase)); pbEncoded += cbResult;
LocalFree(pbBitStringBase);
// Rewrite the header with an accurate length.
cbResult = EncodeHeader(pbBuffer, SAFE_SUBTRACT_POINTERS(pbEncoded, pbTop));
return(cbResult + SAFE_SUBTRACT_POINTERS(pbEncoded, pbTop));}
#if 0
a0 <len> BER_OPTIONAL | 0 -- Request Attributes 30 <len> BER_SEQUENCE 06 <len> BER_OBJECT_ID -- szOID_CERT_EXTENSIONS 31 <len> BER_SET 30 <len> BER_SEQUENCE 30 <len> BER_SEQUENCE (extension[0]) 06 <len> BER_OBJECT_ID 01 <len> BER_BOOL (Optional) 04 <len> BER_OCTET_STRING
30 <len> BER_SEQUENCE (extension[1]) 06 <len> BER_OBJECT_ID 04 <len> BER_OCTET_STRING
30 <len> BER_SEQUENCE (extension[2]) 06 <len> BER_OBJECT_ID 04 <len> BER_OCTET_STRING#endif
longAllocEncodeUnicodeString( IN WCHAR const *pwszCertType, OUT BYTE **ppbOut){ BYTE *pb = NULL; LONG cb;
cb = EncodeUnicodeString(NULL, pwszCertType); pb = (BYTE *) LocalAlloc(LMEM_FIXED, cb); if (NULL == pb) { cb = -1; goto error; } *ppbOut = pb; EncodeUnicodeString(pb, pwszCertType);
error: return(cb);}
longAllocEncodeExtensionArray( IN DWORD cExt, IN CERT_EXTENSION const *aExt, OUT BYTE **ppbExtensions){ BYTE *pb; DWORD i; LONG cb; LONG cbExtTotal; LONG acbLen[3]; LONG *acbExt = NULL;
*ppbExtensions = NULL;
acbExt = (LONG *) LocalAlloc(LMEM_FIXED, cExt * sizeof(acbExt[0])); if (NULL == acbExt) { cbExtTotal = -1; _JumpError(-1, error, "LocalAlloc"); }
// Construct size from the bottom up.
cbExtTotal = 0; for (i = 0; i < cExt; i++) { // BER_OBJECT_ID: Extension OID
cb = EncodeObjId(NULL, aExt[i].pszObjId); if (-1 == cb) { _JumpError(-1, error, "EncodeObjId"); } acbExt[i] = cb;
if (aExt[i].fCritical) { // BER_BOOL: fCritical
acbExt[i] += 1 + EncodeLength(NULL, 1); acbExt[i]++; // boolean value
}
// BER_OCTET_STRING: Extension octet string value
acbExt[i] += 1 + EncodeLength(NULL, aExt[i].Value.cbData); acbExt[i] += aExt[i].Value.cbData; // octet string
// BER_SEQUENCE: Extension Sequence
cbExtTotal += 1 + EncodeLength(NULL, acbExt[i]); cbExtTotal += acbExt[i]; }
// BER_SEQUENCE: Extension Array Sequence
acbLen[2] = cbExtTotal; cbExtTotal += 1 + EncodeLength(NULL, cbExtTotal);
// BER_SET: Attribute Value
acbLen[1] = cbExtTotal; cbExtTotal += 1 + EncodeLength(NULL, cbExtTotal);
// BER_OBJECT_ID: Attribute OID
cb = EncodeObjId(NULL, szOID_CERT_EXTENSIONS); if (-1 == cb) { _JumpError(-1, error, "EncodeObjId"); } cbExtTotal += cb;
// BER_SEQUENCE: Attribute Array Sequence
acbLen[0] = cbExtTotal; cbExtTotal += 1 + EncodeLength(NULL, cbExtTotal);
// Allocate memory and encode the extensions
pb = (BYTE *) LocalAlloc(LMEM_FIXED, cbExtTotal); if (NULL == pb) { cbExtTotal = -1; _JumpError(-1, error, "LocalAlloc"); } *ppbExtensions = pb;
*pb++ = BER_SEQUENCE; // Attribute Array Sequence
pb += EncodeLength(pb, acbLen[0]);
pb += EncodeObjId(pb, szOID_CERT_EXTENSIONS);
*pb++ = BER_SET; // Attribute Value
pb += EncodeLength(pb, acbLen[1]);
*pb++ = BER_SEQUENCE; // Extension Array Sequence
pb += EncodeLength(pb, acbLen[2]);
CSASSERT(*ppbExtensions + cbExtTotal >= pb);
for (i = 0; i < cExt; i++) { CSASSERT(*ppbExtensions + cbExtTotal > pb);
*pb++ = BER_SEQUENCE; // Extension Sequence
pb += EncodeLength(pb, acbExt[i]);
// BER_OBJECT_ID: Extension OID
pb += EncodeObjId(pb, aExt[i].pszObjId);
if (aExt[i].fCritical) { *pb++ = BER_BOOL; // fCritical
pb += EncodeLength(pb, 1); *pb++ = 0xff; }
*pb++ = BER_OCTET_STRING; // Extension octet string value
pb += EncodeLength(pb, aExt[i].Value.cbData);
CopyMemory(pb, aExt[i].Value.pbData, aExt[i].Value.cbData); pb += aExt[i].Value.cbData; } CSASSERT(*ppbExtensions + cbExtTotal == pb);
error: if (NULL != acbExt) { LocalFree(acbExt); } return(cbExtTotal);}
longEncodeExtensions( IN WCHAR const *pwszCertType, OUT BYTE **ppbExtensions){ LONG cbExt; BYTE *pbExt = NULL; CERT_EXTENSION aExt[1]; DWORD cExt = 0; DWORD i;
// Allocate memory and construct the CertType extension:
aExt[cExt].pszObjId = szOID_ENROLL_CERTTYPE_EXTENSION; aExt[cExt].fCritical = FALSE; aExt[cExt].Value.cbData = AllocEncodeUnicodeString( pwszCertType, &aExt[cExt].Value.pbData); //DumpHex(aExt[cExt].Value.pbData, aExt[cExt].Value.cbData);
cExt++;
cbExt = AllocEncodeExtensionArray(cExt, aExt, ppbExtensions); if (-1 == cbExt) { _JumpError(-1, error, "AllocEncodeExtensionArray"); }
error: for (i = 0; i < cExt; i++) { if (NULL != aExt[i].Value.pbData) { LocalFree(aExt[i].Value.pbData); } } return(cbExt);}
HRESULTEncodeRequest( IN PctPrivateKey const *pKey, IN NAMETABLE const *pNameTable, OUT BYTE **ppbRequest, OUT DWORD *pcbRequest){ HRESULT hr; BYTE *pbRequest0Alloc = NULL; BYTE *pbRequest1Alloc = NULL; BYTE *pbSigAlloc = NULL;
BYTE *pbRequest0;
BYTE *pbSave; BYTE *pbEncoded;
BYTE *pbExt; LONG cbExt;
LONG cbResult; LONG cbEncoded; BYTE bZero; LONG cbDN; DWORD cbRequest0; DWORD cbRequest1; LONG cbLenRequest; BSAFE_PRV_KEY *pk = (BSAFE_PRV_KEY *) pKey->pKey;
cbExt = EncodeExtensions(L"User", &pbExt); if (-1 == cbExt) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpError(hr, error, "EncodeExtensions"); } //DumpHex(pbExt, cbExt);
cbDN = EncodeDN(NULL, pNameTable); if (-1 == cbDN) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpError(hr, error, "EncodeDN"); } cbRequest0 = pk->datalen + 32 + cbDN + 16 + cbExt + 3; pbRequest0Alloc = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest0); if (NULL == pbRequest0Alloc) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } pbRequest0 = pbRequest0Alloc; pbEncoded = pbRequest0;
// Encode BER_SEQUENCE: Version+Subject+Key+Attributes Sequence
cbLenRequest = EncodeHeader(pbEncoded, cbRequest0); pbEncoded += cbLenRequest;
pbSave = pbEncoded; // Save pointer past sequence length
// Encode integer 0: Version 1 PKCS10
bZero = (BYTE) CERT_REQUEST_V1; pbEncoded += EncodeInteger(pbEncoded, &bZero, sizeof(bZero));
// Encode sequence of names
cbResult = EncodeDN(pbEncoded, pNameTable); if (0 > cbResult) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpError(hr, error, "EncodeDN"); } pbEncoded += cbResult;
cbResult = EncodeSubjectPubKeyInfo(pKey, pbEncoded); if (0 > cbResult) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpError(hr, error, "EncodeSubjectPubKeyInfo"); } pbEncoded += cbResult;
// Encode attributes:
// BER_OPTIONAL | 0: Attribute Field
cbResult = EncodeAttributeHeader(pbEncoded, cbExt); pbEncoded += cbResult; CopyMemory(pbEncoded, pbExt, cbExt); pbEncoded += cbExt;
// Encode BER_SEQUENCE: Version+Subject+Key+Attributes Sequence (again)
cbEncoded = SAFE_SUBTRACT_POINTERS(pbEncoded, pbSave); cbResult = EncodeHeader(pbRequest0, cbEncoded);
// If the header sequence length takes up less space than we anticipated,
// add the difference to the base pointer and encode the header again,
// right before the encoded data.
if (cbResult != cbLenRequest) { CSASSERT(cbResult < cbLenRequest); pbRequest0 += cbLenRequest - cbResult;
// Encode BER_SEQUENCE: Version+Subject+Key+Attributes Sequence (again)
cbResult = EncodeHeader(pbRequest0, cbEncoded); }
cbRequest0 = cbResult + SAFE_SUBTRACT_POINTERS(pbEncoded, pbSave); //DumpHex(pbRequest0, cbRequest0);
// How much space do we need?
cbRequest1 = cbRequest0 + pk->datalen + 32; pbRequest1Alloc = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest1); if (NULL == pbRequest1Alloc) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } pbEncoded = pbRequest1Alloc;
// Encode BER_SEQUENCE: outer Request Sequence
cbLenRequest = EncodeHeader(pbEncoded, cbRequest1); pbEncoded += cbLenRequest;
pbSave = pbEncoded; // Save pointer past outer sequence length
CopyMemory(pbEncoded, pbRequest0, cbRequest0);
pbEncoded += cbRequest0;
cbResult = EncodeAlgorithm(pbEncoded, ALGTYPE_SIG_RSA_MD5); pbEncoded += cbResult;
//DumpHex(pbRequest1Alloc, cbRequest1);
cbResult = pk->datalen + 16; pbSigAlloc = (BYTE *) LocalAlloc(LMEM_FIXED, cbResult); if (NULL == pbSigAlloc) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
if (!SigRSAMD5Sign( pbRequest0, cbRequest0, pbSigAlloc, (DWORD *) &cbResult, pKey)) { hr = E_FAIL; _JumpError(hr, error, "SigRSAMD5Sign"); }
pbEncoded += EncodeBitString(pbEncoded, pbSigAlloc, cbResult);
cbEncoded = SAFE_SUBTRACT_POINTERS(pbEncoded, pbSave); cbResult = EncodeHeader(pbRequest1Alloc, cbEncoded); cbRequest1 = cbResult + cbEncoded;
if (cbResult != cbLenRequest) { if (cbResult > cbLenRequest) { // The chunk has actually grown from the estimate.
BYTE *pbT; pbT = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest1); if (NULL == pbT) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
EncodeHeader(pbT, cbEncoded); CopyMemory( pbT + cbResult, pbSave, cbEncoded);
LocalFree(pbRequest1Alloc); pbRequest1Alloc = pbT; } else { cbResult = EncodeHeader(pbRequest1Alloc, cbEncoded); MoveMemory( pbRequest1Alloc + cbResult, pbRequest1Alloc + cbLenRequest, cbEncoded); } } *ppbRequest = pbRequest1Alloc; *pcbRequest = cbRequest1; pbRequest1Alloc = NULL; //DumpHex(*ppbRequest, *pcbRequest);
hr = S_OK;
error: if (NULL != pbSigAlloc) { LocalFree(pbSigAlloc); } if (NULL != pbRequest1Alloc) { LocalFree(pbRequest1Alloc); } if (NULL != pbRequest0Alloc) { LocalFree(pbRequest0Alloc); } if (NULL != pbExt) { LocalFree(pbExt); } return(hr);}
HRESULTGetAndCompareProperty( CERT_NAME_INFO *pNameInfo, char const *pszObjId, char const *pszValue, BYTE **pbProp, DWORD *pcbProp, BOOL *pfMatch){ HRESULT hr; CERT_RDN_ATTR *prdnaT; CERT_RDN *prdn; CERT_RDN *prdnEnd;
*pfMatch = FALSE; prdnaT = NULL; for ( prdn = pNameInfo->rgRDN, prdnEnd = &prdn[pNameInfo->cRDN]; prdn < prdnEnd; prdn++) { CERT_RDN_ATTR *prdna; CERT_RDN_ATTR *prdnaEnd;
for ( prdna = prdn->rgRDNAttr, prdnaEnd = &prdna[prdn->cRDNAttr]; prdna < prdnaEnd; prdna++) { if (0 == strcmp(prdna->pszObjId, pszObjId)) { prdnaT = prdna;
if (prdnaT->Value.cbData == strlen(pszValue) && 0 == memcmp(pszValue, prdnaT->Value.pbData, prdnaT->Value.cbData)) { *pfMatch = TRUE; } else if (g_fAllowDups) { continue; } prdn = prdnEnd; // exit outer for loop, too.
break; } } } if (NULL == prdnaT) { hr = CERTSRV_E_PROPERTY_EMPTY; _JumpError2(hr, error, "Missing Property", CERTSRV_E_PROPERTY_EMPTY); } *pbProp = prdnaT->Value.pbData; *pcbProp = prdnaT->Value.cbData; hr = S_OK;
error: return(hr);
}
HRESULTCheckProperties( DWORD ReqId, NAMETABLE *pNameTable, DWORD CertNumber, CERT_NAME_INFO *pNameInfo){ HRESULT hr; BYTE *pbProp; DWORD cbProp; DWORD i; DWORD dwCount = 0; BOOL fMatch;
if (g_fPrintProperties) { wprintf( L"Properties for Certificate %u, RequestId %u:\n", CertNumber, ReqId); }
for (i = 0; i < pNameTable->cnt; i++) { NAMEENTRY *pNameEntry; RDNENTRY *prdn;
pNameEntry = &pNameTable->pNameEntry[i]; prdn = &g_ardnSubject[pNameEntry->iRDN];
hr = GetAndCompareProperty( pNameInfo, prdn->pszObjId, (char const *) pNameEntry->pbData, &pbProp, &cbProp, &fMatch);
if (CERTSRV_E_PROPERTY_EMPTY == hr) { //_PrintError(hr, "GetAndCompareProperty");
pbProp = NULL; hr = S_OK; } _JumpIfError(hr, error, "GetAndCompareProperty");
if (NULL != pbProp && !fMatch && !g_fEnterpriseCA) { wprintf( L"Property doesn't match: Expected %hs=\"%hs\", pbProp = \"%hs\"\n", prdn->pszShortName, pNameEntry->pbData, pbProp);
hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpError(hr, error, "GetAndCompareProperty: no match"); }
if (g_fPrintProperties) { DWORD ccol;
#define CCOL_OID 10
ccol = strlen(prdn->pszObjId) + 1; if (ccol < CCOL_OID) { ccol = CCOL_OID - ccol; } else { ccol = 0; } wprintf( L" %u: %hs: %*s%hs=%hs%hs%hs\n", i, prdn->pszObjId, ccol, "", prdn->pszShortName, NULL == pbProp? "" : "\"", NULL == pbProp? " -- MISSING --" : (char const *) pbProp, NULL == pbProp? "" : "\""); } } if (g_fPrintProperties) { wprintf(L"\n"); } hr = S_OK;
error: return(hr);
}
HRESULTEncodeRenewal( IN BYTE const *pbRequest, IN DWORD cbRequest, OUT BYTE **ppbRenewal, OUT DWORD *pcbRenewal){ HRESULT hr;
*ppbRenewal = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest); if (NULL == *ppbRenewal) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(*ppbRenewal, pbRequest, cbRequest); *pcbRenewal = cbRequest; hr = S_OK;
error: return(hr);}
HRESULTSubmitRequest( OPTIONAL IN DISPATCHINTERFACE *pdiRequest, IN DWORD Flags, IN BYTE const *pbRequest, IN DWORD cbRequest, IN WCHAR const *pwszAttributes, IN WCHAR const *pwszConfig, OUT DWORD *pRequestIdOut, OUT DWORD *pDisposition, OUT HRESULT *phrLastStatus, OUT WCHAR **ppwszDisposition, OUT BYTE **ppbCert, OUT DWORD *pcbCert){ HRESULT hr; WCHAR *pwszRequest = NULL; BSTR strCert = NULL; BSTR strCertChain = NULL; BSTR strDisposition = NULL; BYTE *pbCert = NULL; DWORD cbCert; BYTE const *pbChain; DWORD cbChain; CERTSERVERENROLL *pcsEnroll = NULL; WCHAR *pwszServer = NULL; WCHAR *pwszAuthority = NULL; WCHAR *pwszDisposition;
*phrLastStatus = S_OK; *ppwszDisposition = NULL; *ppbCert = NULL; *pRequestIdOut = 0;
if (NULL == pdiRequest) { hr = mySplitConfigString(pwszConfig, &pwszServer, &pwszAuthority); _JumpIfError(hr, error, "mySplitConfigString");
// CertServerSubmitRequest can only handle binary requests;
// pass the request in binary form, and pass Flags to so indicate.
hr = CertServerSubmitRequest( CR_IN_BINARY | Flags, pbRequest, cbRequest, pwszAttributes, pwszServer, pwszAuthority, &pcsEnroll); _JumpIfError(hr, error, "CertServerSubmitRequest");
*phrLastStatus = pcsEnroll->hrLastStatus; _PrintIfError2( *phrLastStatus, "pcsEnroll->hrLastStatus Real Status", HRESULT_FROM_WIN32(ERROR_INVALID_DATA));
pwszDisposition = pcsEnroll->pwszDispositionMessage; *pDisposition = pcsEnroll->Disposition; *pRequestIdOut = pcsEnroll->RequestId; } else { hr = myCryptBinaryToString( pbRequest, cbRequest, CRYPT_STRING_BASE64REQUESTHEADER, &pwszRequest); _JumpIfError(hr, error, "myCryptBinaryToString");
if (g_fRPC) { Flags |= CR_IN_RPC; } hr = Request_Submit( pdiRequest, CR_IN_BASE64HEADER | Flags, pwszRequest, sizeof(WCHAR) * wcslen(pwszRequest), pwszAttributes, pwszConfig, (LONG *) pDisposition); if (S_OK != hr) { _PrintError2( hr, "Request_Submit", HRESULT_FROM_WIN32(ERROR_INVALID_DATA));
// Collect the RequestId for potential error reporting:
Request_GetRequestId(pdiRequest, (LONG *) pRequestIdOut);
hr = Request_GetLastStatus(pdiRequest, phrLastStatus); _JumpIfError(hr, error, "Request_GetLastStatus");
if (FAILED(*phrLastStatus)) { hr = *phrLastStatus; } _JumpError2( hr, error, "Request_GetLastStatus Real Status", HRESULT_FROM_WIN32(ERROR_INVALID_DATA)); } hr = Request_GetLastStatus(pdiRequest, phrLastStatus); _JumpIfError(hr, error, "Request_GetLastStatus");
_PrintIfError(*phrLastStatus, "Request_GetLastStatus Real Status");
hr = Request_GetDispositionMessage(pdiRequest, &strDisposition); _JumpIfError(hr, error, "Request_GetDispositionMessage");
hr = Request_GetRequestId(pdiRequest, (LONG *) pRequestIdOut); _JumpIfError(hr, error, "Request_GetrequestId");
pwszDisposition = strDisposition; }
if (CR_DISP_ISSUED == *pDisposition) { if (NULL == pdiRequest) { cbCert = pcsEnroll->cbCert; pbCert = (BYTE *) LocalAlloc(LMEM_FIXED, cbCert); if (NULL == pbCert) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(pbCert, pcsEnroll->pbCert, cbCert); } else { hr = Request_GetCertificate( pdiRequest, CR_OUT_BASE64HEADER, &strCert); _JumpIfError(hr, error, "Request_GetCertificate");
hr = myCryptStringToBinary( strCert, wcslen(strCert), CRYPT_STRING_BASE64HEADER, &pbCert, &cbCert, NULL, NULL); _JumpIfError(hr, error, "myCryptStringToBinary"); }
if (g_fSave) { hr = EncodeToFileW( L"test.crt", pbCert, cbCert, DECF_FORCEOVERWRITE | CRYPT_STRING_BINARY); _JumpIfError(hr, error, "EncodeToFileW");
if (NULL == pdiRequest) { pbChain = pcsEnroll->pbCertChain; cbChain = pcsEnroll->cbCertChain; } else { hr = Request_GetCertificate( pdiRequest, CR_OUT_BINARY | CR_OUT_CHAIN, &strCertChain); _JumpIfError(hr, error, "Request_GetCertificate");
pbChain = (BYTE const *) strCertChain; cbChain = SysStringByteLen(strCertChain); } hr = EncodeToFileW( L"testchain.crt", pbChain, cbChain, DECF_FORCEOVERWRITE | CRYPT_STRING_BINARY); _JumpIfError(hr, error, "EncodeToFileW"); } }
if (NULL != pwszDisposition) { *ppwszDisposition = (WCHAR *) LocalAlloc( LMEM_FIXED, (wcslen(pwszDisposition) + 1) * sizeof(WCHAR)); if (NULL == *ppwszDisposition) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } wcscpy(*ppwszDisposition, pwszDisposition); } *pcbCert = cbCert; *ppbCert = pbCert; pbCert = NULL; hr = S_OK;
error: if (NULL != pwszServer) { LocalFree(pwszServer); } if (NULL != pwszAuthority) { LocalFree(pwszAuthority); } if (NULL != pbCert) { LocalFree(pbCert); } if (NULL != pcsEnroll) { CertServerFreeMemory(pcsEnroll); } if (NULL != strCertChain) { SysFreeString(strCertChain); } if (NULL != strCert) { SysFreeString(strCert); } if (NULL != strDisposition) { SysFreeString(strDisposition); } if (NULL != pwszRequest) { LocalFree(pwszRequest); } return(hr);}
HRESULTTestOneRequest( IN PctPrivateKey const *pKey, OPTIONAL IN DISPATCHINTERFACE *pdiRequest, IN WCHAR const *pwszConfig, IN DWORD CertNumber, OUT DWORD *pRequestId, OUT DWORD *pTimeOneRequest){ HRESULT hr; HRESULT hrLastStatus; NAMETABLE NameTable; BOOL fTableAllocated; BYTE *pbRequest; DWORD cbRequest; BYTE *pbCert; DWORD cbCert; CERT_CONTEXT const *pCertContext; DWORD RequestIdOut = 0; DWORD Disposition; WCHAR *pwszDisposition = NULL; CERT_NAME_INFO *pNameInfo; DWORD cbNameInfo; CERT_INFO const *pCertInfo; LONG Flags; WCHAR wszAttributes[MAX_PATH];
fTableAllocated = FALSE; pbRequest = NULL; pbCert = NULL; pCertContext = NULL; pNameInfo = NULL;
if (g_fDebug) { hr = GenerateTestNameTable(&NameTable); _JumpIfError(hr, error, "GenerateTestNameTable"); } else { hr = GenerateNameTable(&NameTable); _JumpIfError(hr, error, "GenerateNameTable"); }
fTableAllocated = TRUE;
hr = EncodeRequest(pKey, &NameTable, &pbRequest, &cbRequest); _JumpIfError(hr, error, "EncodeRequest");
Flags = CR_IN_PKCS10;
if (g_fRenewal) { BYTE *pbTmp;
hr = EncodeRenewal(pbRequest, cbRequest, &pbTmp, &cbRequest); _JumpIfError(hr, error, "EncodeRenewal");
LocalFree(pbRequest); pbRequest = pbTmp; Flags = CR_IN_PKCS7; }
if (g_fSave) { hr = EncodeToFileW( L"test.req", pbRequest, cbRequest, DECF_FORCEOVERWRITE | CRYPT_STRING_BINARY); _JumpIfError(hr, error, "EncodeToFileW"); }
*pTimeOneRequest = 0 - GetTickCount();
wsprintf( wszAttributes, L"\n" L" attrib 1 end : value 1 end \t\r\n" L"\tattrib 2 end:value_2_end\n" L" \tattrib3:value-3-end\r\n" L"Version:3\n" L"RequestType:CertGen\n" L"CertGenSequence:%u\n", CertNumber);
hr = SubmitRequest( pdiRequest, Flags, pbRequest, cbRequest, wszAttributes, pwszConfig, &RequestIdOut, &Disposition, &hrLastStatus, &pwszDisposition, &pbCert, &cbCert);
*pTimeOneRequest += GetTickCount();
if (S_OK != hr) { _JumpError2( hr, error, "SubmitRequest", HRESULT_FROM_WIN32(ERROR_INVALID_DATA)); } if (CR_DISP_ISSUED != Disposition) { hr = hrLastStatus; if (S_OK == hr) { hr = E_FAIL; } wprintf( L"SubmitRequest disposition=%x (%ws)\n", Disposition, NULL == pwszDisposition? L"???" : pwszDisposition); { WCHAR const *pwszMsg = myGetErrorMessageText(hr, TRUE);
if (NULL != pwszMsg) { wprintf(L"%ws\n", pwszMsg); LocalFree(const_cast<WCHAR *>(pwszMsg)); } } if (g_fIgnoreError) { hr = S_OK; } if (CR_DISP_DENIED == Disposition && g_fIgnoreAccessDenied) { hr = S_OK; } _JumpError(hr, error, "Cert not issued!"); }
pCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, pbCert, cbCert); if (NULL == pCertContext) { hr = myHLastError(); _JumpError(hr, error, "CertCreateCertificateContext"); }
pCertInfo = pCertContext->pCertInfo;
if (!myDecodeName( X509_ASN_ENCODING, X509_NAME, pCertInfo->Subject.pbData, pCertInfo->Subject.cbData, CERTLIB_USE_LOCALALLOC, &pNameInfo, &cbNameInfo)) { hr = myHLastError(); _JumpError(hr, error, "myDecodeName"); }
hr = CheckProperties(RequestIdOut, &NameTable, CertNumber, pNameInfo); _JumpIfError(hr, error, "CheckProperties");
error: *pRequestId = RequestIdOut; if (NULL != pwszDisposition) { LocalFree(pwszDisposition); } if (NULL != pNameInfo) { LocalFree(pNameInfo); } if (NULL != pCertContext) { CertFreeCertificateContext(pCertContext); } if (NULL != pbCert) { LocalFree(pbCert); } if (NULL != pbRequest) { LocalFree(pbRequest); } if (fTableAllocated) { FreeLocalMemory(&NameTable); } return(hr);}
HRESULTTestMain(){ HRESULT hr; PctPrivateKey *pKey = NULL; DWORD TimeStartTest; DWORD TimeStartLastN; DWORD TimeRequestTotal = 0; DWORD TimeRequestLastN = 0; DWORD TimeElapsedTotal; DWORD TotalCount = 0; DISPATCHINTERFACE diRequest; DISPATCHINTERFACE *pdiRequest = NULL; BOOL fCoInit = FALSE; DWORD RequestId = 0; WCHAR const *pwszConfig; BSTR strConfig = NULL;
g_crdnMax = g_crdnSubject; hr = GetPrivateKeyStuff(&pKey); _JumpIfError(hr, error, "GetPrivateKeyStuff");
hr = CoInitialize(NULL); if (S_OK != hr && S_FALSE != hr) { _JumpError(hr, error, "CoInitialize"); } fCoInit = TRUE;
if (1 >= g_fRPC) { hr = Request_Init(g_DispatchFlags, &diRequest); _JumpIfError(hr, error, "Request_Init");
pdiRequest = &diRequest; } pwszConfig = g_pwszConfig; if (NULL == pwszConfig) { hr = ConfigGetConfig(g_DispatchFlags, CC_LOCALACTIVECONFIG, &strConfig); _JumpIfError(hr, error, "ConfigGetConfig");
pwszConfig = strConfig; } if (NULL != pdiRequest) { ENUM_CATYPES CAType; hr = Request2_GetCAProperty( pdiRequest, pwszConfig, CR_PROP_CATYPE, 0, // Index
PROPTYPE_LONG, CV_OUT_BINARY, (VOID *) &CAType); _JumpIfError(hr, error, "Request2_GetCAProperty");
if (IsEnterpriseCA(CAType)) { g_fEnterpriseCA = TRUE; } }
TimeStartLastN = TimeStartTest = GetTickCount(); while (TotalCount < g_MaximumCount) { DWORD TimeOneRequest; DWORD TimeRequestEnd; DWORD TimeElapsedLastN;
hr = TestOneRequest( pKey, pdiRequest, pwszConfig, TotalCount + 1, &RequestId, &TimeOneRequest); if (S_OK != hr) { WCHAR const *pwszMsg;
pwszMsg = myGetErrorMessageText(hr, TRUE);
CONSOLEPRINT3(( DBG_SS_CERTREQ, "RequestId %u: %hs%ws\n", RequestId, HRESULT_FROM_WIN32(ERROR_INVALID_DATA) == hr && g_fIgnoreError? "Ignoring error: " : "", NULL != pwszMsg? pwszMsg : L"Message retrieval Error")); if (NULL != pwszMsg) { LocalFree(const_cast<WCHAR *>(pwszMsg)); } } if (HRESULT_FROM_WIN32(ERROR_INVALID_DATA) != hr || !g_fIgnoreError) { _JumpIfError(hr, error, "TestOneRequest"); }
TimeRequestEnd = GetTickCount();
TimeRequestTotal += TimeOneRequest; TimeRequestLastN += TimeOneRequest; TimeElapsedTotal = TimeRequestEnd - TimeStartTest; TimeElapsedLastN = TimeRequestEnd - TimeStartLastN;
TotalCount++;
if (g_fTime) { if (0 == g_IntervalCount || 0 == (TotalCount % g_IntervalCount)) { DWORD count; count = g_IntervalCount; if (0 == count) { count = TotalCount; }
TimeElapsedLastN = TimeRequestEnd - TimeStartLastN;
wprintf( L"RequestId %u: %u/%u Certs in %u/%u seconds (ave=%u/%u ms)\n", RequestId, count, TotalCount, MSTOSEC(TimeElapsedLastN), MSTOSEC(TimeElapsedTotal), TimeElapsedLastN/count, TimeElapsedTotal/TotalCount); if (0 != g_IntervalCount) { TimeRequestLastN = 0; TimeStartLastN = GetTickCount(); } } } }
error: if (NULL != pKey) { LocalFree(pKey); } if (NULL != g_pRSAPublicKey) { LocalFree(g_pRSAPublicKey); } if (NULL != pdiRequest) { Request_Release(pdiRequest); } if (NULL != strConfig) { SysFreeString(strConfig); } if (fCoInit) { CoUninitialize(); }
if (0 != TotalCount) { wprintf( L"\n%u Total Certificates in %u/%u seconds (request/elapsed time)\n", TotalCount, MSTOSEC(TimeRequestTotal), MSTOSEC(TimeElapsedTotal)); wprintf( L"Certificates required average of %u/%u milliseconds " L"(request/elapsed time)\n", TimeRequestTotal/TotalCount, TimeElapsedTotal/TotalCount); } return(hr);}
voidUsage(TCHAR *pwszError){ wprintf(L"%ws\n", pwszError); wprintf(L"%ws\n", wszUsage); exit(1);}
extern "C" int __cdeclwmain(int argc, WCHAR *argv[]){ HRESULT hr;
while (1 < argc && myIsSwitchChar(argv[1][0])) { WCHAR *pwsz = argv[1];
while (NULL != pwsz && *++pwsz != '\0') { switch (*pwsz) { case 'a': case 'A': g_fIgnoreAccessDenied++; break;
case 'c': case 'C': if (0 == LSTRCMPIS(pwsz, L"config")) { if (1 >= argc) { Usage(TEXT("Missing -config argument")); } g_pwszConfig = argv[2]; } else { if (2 >= argc || !iswdigit(argv[2][0]) || '\0' != pwsz[1]) { Usage(TEXT("Missing numeric -c argument")); } g_MaximumCount = _wtoi(argv[2]); } argc--; argv++; pwsz = NULL; break;
case 'd': case 'D': g_fDebug++; break;
case 'e': case 'E': g_fEnterpriseCA++; break;
case 'i': case 'I': g_fIgnoreError++; break;
case 'm': case 'M': g_fShowTime++; break;
case 'p': case 'P': g_fPrintProperties++; break;
case 'r': case 'R': if (0 == LSTRCMPIS(pwsz, L"renewal")) { g_fRenewal++; pwsz = NULL; } else if (0 == LSTRCMPIS(pwsz, L"rpc")) { g_fRPC++; if (0 == lstrcmp(pwsz, L"RPC")) { g_fRPC++; } pwsz = NULL; } else { g_fSave++; } break;
case 't': case 'T': g_fTime++; g_IntervalCount = 10; if (2 < argc && iswdigit(argv[2][0])) { if ('\0' != pwsz[1]) { Usage(TEXT("Missing numeric -t argument")); } g_IntervalCount = _wtoi(argv[2]); argc--; argv++; pwsz = NULL; } break;
case 'z': case 'Z': g_fAllowDups++; g_crdnMax *= 5; break;
case 'h': case 'H': default: Usage(TEXT("CertGen Usage")); } } argc--; argv++; } if (argc != 1) { Usage(TEXT("Extra arguments")); }
if (g_fShowTime) { SYSTEMTIME st; GetSystemTime(&st); wprintf(L"Start time: %2i:%2i:%2i:%i\n", st.wHour, st.wMinute, st.wSecond, st.wMilliseconds); }
hr = TestMain();
if (g_fShowTime) { SYSTEMTIME st;
GetSystemTime(&st); wprintf(L"End time: %2i:%2i:%2i:%i\n", st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
wprintf(L"type any key to finish->"); _getch(); wprintf(L"\n"); } myRegisterMemDump(); return((int) hr);}
// We need this to include RSA library
extern "C" BOOLGenRandom(ULONG huid, BYTE *pbBuffer, size_t dwLength){ wprintf(L"Error GenRandom called\n"); ExitProcess(0); return(TRUE);}
|
