archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/infocomm/common/iiscert.cxx

670 lines
19 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  7. Copyright (c) 1997 Microsoft Corporation
  9. Module Name:
  11. iiscert.cxx
  13. Abstract:
  15. Code to handle retrieving/storing/using CAPI2 certificate contexts for IIS server
  16. certificates.
  18. Author:
  20. Alex Mallet (amallet) 02-Dec-1997
  22. --*/
  24. #include "tcpdllp.hxx"
  25. #pragma hdrstop
  27. #include <dbgutil.h>
  28. #include <buffer.hxx>
  29. #include <ole2.h>
  30. #include <imd.h>
  31. #include <mb.hxx>
  34. //
  35. // Local includes
  36. //
  37. #include "iiscert.hxx"
  38. #include "capiutil.hxx"
  41. #define SHA1_HASH_SIZE 20 //size of SHA1 hash
  43. HCRYPTPROV IIS_SERVER_CERT::m_hFortezzaCSP = NULL;
  44. HCRYPTDEFAULTCONTEXT IIS_SERVER_CERT::m_hFortezzaCtxt = NULL;
  46. IIS_SERVER_CERT::IIS_SERVER_CERT( IN IMDCOM *pMDObject,
  47. IN LPTSTR pszMBPath ) :
  48. m_strMBPath( pszMBPath ),
  49. m_pStoreInfo( NULL ),
  50. m_hCryptProv( NULL ),
  51. m_pCertContext( NULL ),
  52. m_fIsFortezzaCert( FALSE )
  53. /*++
  55. Routine Description:
  57. Constructor for server cert that reads all necessary info out of metabase
  59. Arguments:
  61. pMDObject - pointer to metabase object
  62. pszMBPath - full path in metabase to information for this virtual server instance
  64. Returns:
  66. Nothing
  68. --*/
  69. {
  70. DBG_ASSERT( pMDObject );
  71. DBG_ASSERT( pszMBPath );
  73. DWORD dwSize = 0;
  74. METADATA_HANDLE hInstanceInfoHandle = NULL;
  75. int iLengthNeeded = 0;
  76. PBYTE pbCertHash = NULL;
  77. DWORD dwHashSize = 0;
  78. DWORD dwPathLength = 0;
  79. MB mb( pMDObject );
  80. LPTSTR pszCSPString = NULL;
  81. LPTSTR pszCSPStringCopy = NULL;
  82. BOOL fProgPINEntry = FALSE;
  84. m_dwStatus = CERT_ERR_NONE;
  86. if ( !m_strMBPath.IsValid() )
  87. {
  88. SetLastError( ERROR_OUTOFMEMORY );
  89. goto EndRetrieveCertContext;
  90. }
  92. if ( mb.Open( m_strMBPath.QueryStr(),
  93. METADATA_PERMISSION_READ ))
  94. {
  95. DWORD dwReqDataLen = 0;
  96. METADATA_RECORD mdr;
  97. DWORD dwFortezza = 0;
  99. //
  100. // Retrieve cert hash
  101. //
  102. MD_SET_DATA_RECORD(&mdr, MD_SSL_CERT_HASH, METADATA_NO_ATTRIBUTES,
  103. IIS_MD_UT_SERVER, BINARY_METADATA, NULL,
  104. 0);
  107. if ( !RetrieveBlobFromMetabase(&mb,
  108. NULL,
  109. &mdr,
  110. SHA1_HASH_SIZE ) )
  112. {
  113. m_dwStatus = CERT_ERR_MB;
  114. goto EndRetrieveCertContext;
  115. }
  116. else
  117. {
  118. DBG_ASSERT( mdr.dwMDDataLen == SHA1_HASH_SIZE );
  120. pbCertHash = mdr.pbMDData;
  121. dwHashSize = mdr.dwMDDataLen;
  122. }
  124. //
  125. // Retrieve flag indicating whether it's a Fortezza cert or not
  126. //
  127. if ( !mb.GetDword( NULL,
  128. MD_SSL_CERT_IS_FORTEZZA,
  129. IIS_MD_UT_SERVER,
  130. &(dwFortezza),
  131. METADATA_NO_ATTRIBUTES ) )
  132. {
  133. if ( GetLastError() != MD_ERROR_DATA_NOT_FOUND )
  134. {
  135. m_dwStatus = CERT_ERR_MB;
  136. goto EndRetrieveCertContext;
  137. }
  138. else
  139. {
  140. m_fIsFortezzaCert = FALSE;
  141. }
  142. }
  143. else
  144. {
  145. m_fIsFortezzaCert = (BOOL) dwFortezza;
  146. }
  148. //
  149. // If it's a Fortezza cert and we're supposed to do programmatic PIN entry,
  150. // we need to get a handle to the CSP ourselves by providing the
  151. // PIN in the call to CryptAcquireContext(), to avoid the "Enter PIN" dialog
  152. //
  153. if ( m_fIsFortezzaCert && ( fProgPINEntry = UseProgrammaticPINEntry( &mb ) ) )
  154. {
  155. LPTSTR pszPIN = NULL;
  156. LPTSTR pszSerialNumber = NULL;
  157. LPTSTR pszPersonality = NULL;
  158. DWORD cbPIN = 0;
  159. DWORD cbSerialNumber = 0;
  160. DWORD cbPersonality = 0;
  161. DWORD cbLen = 0;
  162. DWORD iPos = 0;
  164. if ( !RetrievePINInfo( &mb,
  165. &pszPIN,
  166. &pszSerialNumber,
  167. &pszPersonality ) )
  168. {
  169. DBGPRINTF((DBG_CONTEXT,
  170. "Couldn't retrieve PIN info for Fortezza card\n"));
  171. m_dwStatus = CERT_ERR_MB;
  172. goto EndRetrieveCertContext;
  173. }
  174. DBG_ASSERT( pszPIN && pszSerialNumber && pszPersonality );
  176. //
  177. // Construct string to be passed to CryptAcquireContext - it's
  178. // <card serial #>\n<personality>\n<PIN>.
  179. //
  180. cbPIN = strlen( pszPIN );
  181. cbSerialNumber = strlen( pszSerialNumber );
  182. cbPersonality = strlen( pszPersonality );
  183. cbLen = cbPIN + cbSerialNumber + cbPersonality + 10; //add a few bytes for CR
  184. //and null terminating char
  186. pszCSPString = new CHAR[cbLen];
  187. pszCSPStringCopy = new CHAR[cbLen];
  189. if ( !pszCSPString || !pszCSPStringCopy )
  190. {
  191. DBGPRINTF((DBG_CONTEXT,
  192. "Couldn't allocate memory for CSP string\n"));
  194. //
  195. // Clean out the PIN info - the less time we leave it lying around,
  196. // the better
  197. //
  198. memset( pszPIN, 0, cbPIN );
  199. delete [] pszPIN;
  201. memset( pszSerialNumber, 0, cbSerialNumber );
  202. delete [] pszSerialNumber;
  204. memset( pszPersonality, 0, cbPersonality );
  205. delete [] pszPersonality;
  207. m_dwStatus = CERT_ERR_INTERNAL;
  209. goto EndRetrieveCertContext;
  210. }
  212. //
  213. // Build the magic string that will unlock the Fortezza secret ...
  214. //
  215. strcpy( pszCSPString, pszSerialNumber );
  216. strcat( pszCSPString, "\n" );
  217. strcat( pszCSPString, pszPersonality );
  218. strcat( pszCSPString, "\n" );
  219. strcat( pszCSPString, pszPIN );
  221. //
  222. // Make a copy we can reuse later
  223. //
  224. strcpy( pszCSPStringCopy, pszCSPString );
  226. //
  227. // Clean out the PIN & serial number - the less time we leave it lying around,
  228. // the better
  229. //
  230. memset( pszPIN, 0, cbPIN );
  231. delete [] pszPIN;
  233. memset( pszSerialNumber, 0, cbSerialNumber );
  234. delete [] pszSerialNumber;
  236. memset( pszPersonality, 0, cbPersonality );
  237. delete [] pszPersonality;
  239. //
  240. // Get a handle to the CSP, passing in the serial # etc and the
  241. // CRYPT_SILENT flag to avoid any UI
  242. //
  243. if ( !CryptAcquireContext( &m_hCryptProv,
  244. pszCSPString,
  245. NULL,
  246. PROV_FORTEZZA,
  247. CRYPT_SILENT | CRYPT_MACHINE_KEYSET ) )
  248. {
  249. DBGPRINTF((DBG_CONTEXT,
  250. "Couldn't get handle to Fortezza CSP : 0x%d\n",
  251. GetLastError()));
  253. m_dwStatus = CERT_ERR_CAPI;
  254. goto EndRetrieveCertContext;
  255. }
  257. if ( !IIS_SERVER_CERT::m_hFortezzaCSP )
  258. {
  259. //
  260. // There's apparently no way to duplicate an HCRYPTPROV handle,
  261. // so we have to call CryptAcquireContext again. Also, rumour
  262. // has it that the Fortezza CSP nulls out the string passed to it,
  263. // so we have to use a copy of it
  264. //
  265. if ( !CryptAcquireContext( &IIS_SERVER_CERT::m_hFortezzaCSP,
  266. pszCSPStringCopy,
  267. NULL,
  268. PROV_FORTEZZA,
  269. CRYPT_SILENT | CRYPT_MACHINE_KEYSET ) )
  270. {
  271. DBGPRINTF((DBG_CONTEXT,
  272. "Couldn't get handle to Fortezza CSP : 0x%d\n",
  273. GetLastError()));
  275. m_dwStatus = CERT_ERR_CAPI;
  276. goto EndRetrieveCertContext;
  277. }
  279. //
  280. // Install the handler used to verify Fortezza signatures.
  281. //
  282. CRYPT_DEFAULT_CONTEXT_MULTI_OID_PARA CDCMOP;
  283. LPSTR rgszOID[2];
  285. CDCMOP.cOID = 2;
  286. CDCMOP.rgpszOID = rgszOID;
  287. CDCMOP.rgpszOID[0] = szOID_INFOSEC_mosaicUpdatedSig;
  288. CDCMOP.rgpszOID[1] = szOID_INFOSEC_mosaicKMandUpdSig;
  290. if (!CryptInstallDefaultContext( IIS_SERVER_CERT::m_hFortezzaCSP,
  291. CRYPT_DEFAULT_CONTEXT_MULTI_CERT_SIGN_OID,
  292. &CDCMOP,
  293. CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG,
  294. NULL,
  295. &IIS_SERVER_CERT::m_hFortezzaCtxt ) )
  296. {
  297. DBGPRINTF((DBG_CONTEXT,
  298. "Failed to install Fortezza context : 0x%d\n",
  299. GetLastError()));
  300. m_dwStatus = CERT_ERR_CAPI;
  301. goto EndRetrieveCertContext;
  302. }
  303. }
  304. }
  305. }
  306. mb.Close();
  308. //
  309. // Read store name etc out of MB
  310. //
  311. m_pStoreInfo = ReadCertStoreInfoFromMB( pMDObject,
  312. m_strMBPath.QueryStr(),
  313. FALSE );
  315. if ( !m_pStoreInfo )
  316. {
  317. m_dwStatus = CERT_ERR_MB;
  318. goto EndRetrieveCertContext;
  319. }
  321. //
  322. // Open store in which to look for the cert
  323. //
  324. if ( !(m_pStoreInfo->hCertStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A,
  325. 0,
  326. (fProgPINEntry ? m_hCryptProv : NULL ),
  327. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  328. m_pStoreInfo->pszStoreName ) ) )
  330. {
  331. m_dwStatus = CERT_ERR_CAPI;
  332. goto EndRetrieveCertContext;
  333. }
  335. //
  336. // Try to find the cert in the store
  337. //
  338. CRYPT_HASH_BLOB HashBlob;
  339. HashBlob.cbData = dwHashSize;
  340. HashBlob.pbData = pbCertHash;
  342. m_pCertContext = CertFindCertificateInStore( m_pStoreInfo->hCertStore,
  343. X509_ASN_ENCODING,
  344. 0,
  345. CERT_FIND_SHA1_HASH,
  346. (VOID *) &HashBlob,
  347. NULL );
  349. if ( !m_pCertContext )
  350. {
  351. m_dwStatus = CERT_ERR_CERT_NOT_FOUND;
  352. goto EndRetrieveCertContext;
  353. }
  354. else
  355. {
  356. #if DBG
  357. CHAR szSubjectName[1024];
  358. if ( CertGetNameString( m_pCertContext,
  359. CERT_NAME_SIMPLE_DISPLAY_TYPE,
  360. 0,
  361. NULL,
  362. szSubjectName,
  363. 1024 ) )
  364. {
  365. DBGPRINTF((DBG_CONTEXT,
  366. "Retrieved cert for %s \n",
  367. szSubjectName));
  368. }
  369. #endif
  370. }
  372. if ( fProgPINEntry )
  373. {
  374. //
  375. // If this is a Fortezza cert, then we should set the
  376. // CERT_KEY_PROV_HANDLE_PROP_ID property of the context to point to
  377. // the HCRYPTPROV retrieved by CryptAcquireContext(). Why? Because
  378. // if we don't set this property, Schannel will try to acquire the
  379. // provider handle itself, and will NOT set the CRYPT_MACHINE_KEY
  380. // flag when doing the call to CryptAcquireContext() and thus we
  381. // will not be able to acquire the credential handle in SSPIFILT.
  382. //
  383. // Fortezza rocks
  384. //
  386. if ( !CertSetCertificateContextProperty( m_pCertContext,
  387. CERT_KEY_PROV_HANDLE_PROP_ID,
  388. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  389. (VOID*) m_hCryptProv ) )
  390. {
  391. m_dwStatus = CERT_ERR_CAPI;
  392. goto EndRetrieveCertContext;
  393. }
  394. }
  396. //
  397. // If we got this far, everything is happy
  398. //
  399. m_dwStatus = CERT_ERR_NONE;
  401. EndRetrieveCertContext:
  403. //
  404. // This is where all the cleanup that takes place only if we fail needs to
  405. // happen
  406. //
  408. DBG_ASSERT( m_dwStatus < CERT_ERR_END );
  410. if ( m_dwStatus != CERT_ERR_NONE )
  411. {
  412. DBGPRINTF((DBG_CONTEXT,
  413. "IIS_SERVER cert constructor, Error occurred : 0x%x\n",
  414. GetLastError()));
  416. if ( m_pCertContext != NULL )
  417. {
  418. CertFreeCertificateContext( m_pCertContext );
  419. m_pCertContext = NULL;
  420. }
  422. if ( m_pStoreInfo )
  423. {
  424. DeallocateCertStoreInfo( m_pStoreInfo );
  425. m_pStoreInfo = NULL;
  426. }
  429. if ( m_hCryptProv != NULL )
  430. {
  431. CryptReleaseContext( m_hCryptProv,
  432. 0 );
  433. m_hCryptProv = NULL;
  434. }
  435. }
  437. //
  438. // Cleanup we do regardless of success/failure
  439. //
  440. //
  441. // clean out memory holding PIN
  442. //
  443. if ( pszCSPString )
  444. {
  445. memset( pszCSPString, 0, strlen( pszCSPString ) );
  446. delete [] pszCSPString;
  447. }
  449. if ( pszCSPStringCopy )
  450. {
  451. memset( pszCSPStringCopy, 0, strlen( pszCSPStringCopy ) );
  452. delete [] pszCSPStringCopy;
  453. }
  455. mb.Close();
  457. } //IIS_SERVER_CERT::IIS_SERVER_CERT
  459. IIS_SERVER_CERT::~IIS_SERVER_CERT()
  460. /*++
  462. Routine Description:
  464. Destructor
  466. Arguments :
  468. None
  470. Returns :
  472. Nothing
  473. --*/
  474. {
  475. if ( m_pCertContext )
  476. {
  477. CertFreeCertificateContext( m_pCertContext );
  478. m_pCertContext = NULL;
  479. }
  481. if ( m_pStoreInfo )
  482. {
  483. DeallocateCertStoreInfo( m_pStoreInfo );
  484. m_pStoreInfo = NULL;
  485. }
  487. if ( m_hCryptProv )
  488. {
  489. CryptReleaseContext( m_hCryptProv,
  490. 0 );
  491. m_hCryptProv = NULL;
  492. }
  493. } //~IIS_SERVER_CERT::IIS_SERVER_CERT
  495. BOOL IIS_SERVER_CERT::RetrievePINInfo( IN MB *pMB,
  496. OUT LPTSTR *ppszPIN,
  497. OUT LPTSTR *ppszSerialNumber,
  498. OUT LPTSTR *ppszPersonality )
  499. /*++
  501. Routine Description:
  503. Retrieve PIN information for Fortezza certificates
  505. Arguments:
  507. pMB - pointer to MB object, open for reading
  508. ppszPIN - pointer to pointer to PIN for Fortezza card, updated on success
  509. ppszSerialNumber - pointer to pointer to card serial number, updated on success
  510. ppszPersonality - pointer to pointer to Fortezza "personality", updated on sucess
  512. Returns:
  514. BOOL indicating success/failure
  516. --*/
  517. {
  518. DBG_ASSERT( pMB &&
  519. ppszPIN &&
  520. ppszSerialNumber &&
  521. ppszPersonality );
  523. DWORD cbLen = 0;
  524. BOOL fSuccess = FALSE;
  525. DWORD dwReqDataLen = 0;
  526. METADATA_RECORD mdr;
  528. //
  529. // Retrieve PIN
  530. //
  531. cbLen = 0;
  532. if ( ( !pMB->GetString( NULL,
  533. MD_SSL_CERT_FORTEZZA_PIN,
  534. IIS_MD_UT_SERVER,
  535. NULL,
  536. &cbLen,
  537. METADATA_SECURE ) &&
  538. GetLastError() != ERROR_INSUFFICIENT_BUFFER ) ||
  539. !cbLen )
  540. {
  541. goto end_pin_info;
  542. }
  544. *ppszPIN = new CHAR[cbLen + 1];
  546. if ( !*ppszPIN ||
  547. !pMB->GetString( NULL,
  548. MD_SSL_CERT_FORTEZZA_PIN,
  549. IIS_MD_UT_SERVER,
  550. *ppszPIN,
  551. &cbLen,
  552. METADATA_SECURE ) )
  553. {
  554. goto end_pin_info;
  555. }
  558. //
  559. // Retrieve serial #
  560. //
  561. cbLen = 0;
  562. if ( ( !pMB->GetString( NULL,
  563. MD_SSL_CERT_FORTEZZA_SERIAL_NUMBER,
  564. IIS_MD_UT_SERVER,
  565. NULL,
  566. &cbLen,
  567. METADATA_SECURE ) &&
  568. GetLastError() != ERROR_INSUFFICIENT_BUFFER ) ||
  569. !cbLen )
  570. {
  571. goto end_pin_info;
  572. }
  574. *ppszSerialNumber = new CHAR[cbLen + 1];
  576. if ( !*ppszSerialNumber ||
  577. !pMB->GetString( NULL,
  578. MD_SSL_CERT_FORTEZZA_SERIAL_NUMBER,
  579. IIS_MD_UT_SERVER,
  580. *ppszSerialNumber,
  581. &cbLen,
  582. METADATA_SECURE ) )
  583. {
  584. goto end_pin_info;
  585. }
  588. //
  589. // Retrieve personality
  590. //
  591. cbLen = 0;
  592. if ( ( !pMB->GetString( NULL,
  593. MD_SSL_CERT_FORTEZZA_PERSONALITY,
  594. IIS_MD_UT_SERVER,
  595. NULL,
  596. &cbLen,
  597. METADATA_SECURE ) &&
  598. GetLastError() != ERROR_INSUFFICIENT_BUFFER ) ||
  599. !cbLen )
  600. {
  601. goto end_pin_info;
  602. }
  604. *ppszPersonality = new CHAR[cbLen + 1];
  606. if ( !*ppszPersonality ||
  607. !pMB->GetString( NULL,
  608. MD_SSL_CERT_FORTEZZA_PERSONALITY,
  609. IIS_MD_UT_SERVER,
  610. *ppszPersonality,
  611. &cbLen,
  612. METADATA_SECURE ) )
  613. {
  614. goto end_pin_info;
  615. }
  617. fSuccess = TRUE;
  619. end_pin_info:
  621. if ( !fSuccess )
  622. {
  623. DBGPRINTF((DBG_CONTEXT,
  624. "RetrievePINInfo failed : 0x%x\n",
  625. GetLastError()));
  627. //
  628. // Clean out all the PIN info, making sure to erase the memory
  629. //
  630. if ( *ppszPIN )
  631. {
  632. /* INTRINSA suppress = uninitialized */
  633. memset( *ppszPIN, 0, strlen(*ppszPIN) );
  634. delete [] *ppszPIN;
  635. }
  637. if ( *ppszSerialNumber )
  638. {
  639. memset( *ppszSerialNumber, 0, strlen(*ppszSerialNumber) );
  640. delete [] *ppszSerialNumber;
  641. }
  643. if ( *ppszPersonality )
  644. {
  645. memset( *ppszPersonality, 0, strlen(*ppszPersonality) );
  646. delete [] *ppszPersonality;
  647. }
  648. }
  650. return fSuccess;
  651. }
  654. inline
  655. BOOL IIS_SERVER_CERT::IsValid()
  656. {
  657. return ( m_dwStatus == CERT_ERR_NONE ? TRUE : FALSE ) ;
  658. }