archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/activex/capicom/pfxhlpr.cpp

449 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  3. Microsoft Windows, Copyright (C) Microsoft Corporation, 2000
  5. File: PFXHlpr.cpp
  7. Content: PFX helper routines.
  9. History: 09-15-2001 dsie created
  11. ------------------------------------------------------------------------------*/
  13. #include "StdAfx.h"
  14. #include "CAPICOM.h"
  15. #include "PFXHlpr.h"
  16. #include "Common.h"
  18. ////////////////////////////////////////////////////////////////////////////////
  19. //
  20. // Local functions.
  21. //
  23. ////////////////////////////////////////////////////////////////////////////////
  24. //
  25. // Exported functions.
  26. //
  28. /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  30. Function : PFXExportStore
  32. Synopsis : Export cert store to PFX blob.
  34. Parameter: HCERTSTORE hCertStore - Store handle.
  36. LPWSTR pwszPassword - Password to encrypt the PFX file.
  38. DWPRD dwFlags - PFX export flags.
  40. DATA_BLOB * pPFXBlob - Pointer to DATA_BLOB to receive PFX blob.
  42. Remark :
  44. ------------------------------------------------------------------------------*/
  46. HRESULT PFXExportStore (HCERTSTORE hCertStore,
  47. LPWSTR pwszPassword,
  48. DWORD dwFlags,
  49. DATA_BLOB * pPFXBlob)
  50. {
  51. HRESULT hr = S_OK;
  52. DATA_BLOB DataBlob = {0, NULL};
  54. DebugTrace("Entering PFXExportStore().\n");
  56. //
  57. // Sanity check.
  58. //
  59. ATLASSERT(hCertStore);
  60. ATLASSERT(pPFXBlob);
  62. //
  63. // Export to blob.
  64. //
  65. if (!::PFXExportCertStoreEx(hCertStore,
  66. &DataBlob,
  67. pwszPassword,
  68. NULL,
  69. dwFlags))
  70. {
  71. hr = HRESULT_FROM_WIN32(::GetLastError());
  73. DebugTrace("Error [%#x]: PFXExportCertStoreEx() failed.\n", hr);
  74. goto ErrorExit;
  75. }
  77. if (!(DataBlob.pbData = (LPBYTE) ::CoTaskMemAlloc(DataBlob.cbData)))
  78. {
  79. hr = E_OUTOFMEMORY;
  81. DebugTrace("Error: out of memory.\n");
  82. goto ErrorExit;
  83. }
  85. if (!::PFXExportCertStoreEx(hCertStore,
  86. &DataBlob,
  87. pwszPassword,
  88. NULL,
  89. dwFlags))
  90. {
  91. hr = HRESULT_FROM_WIN32(::GetLastError());
  93. DebugTrace("Error [%#x]: PFXExportCertStoreEx() failed.\n", hr);
  94. goto ErrorExit;
  95. }
  97. //
  98. // Return the blob to caller.
  99. //
  100. *pPFXBlob = DataBlob;
  102. CommonExit:
  104. DebugTrace("Leaving PFXExportStore().\n");
  106. return hr;
  108. ErrorExit:
  109. //
  110. // Sanity check.
  111. //
  112. ATLASSERT(FAILED(hr));
  114. //
  115. // Remap private key not exportable errors to a common error code.
  116. //
  117. if (HRESULT_FROM_WIN32(NTE_BAD_KEY) == hr ||
  118. HRESULT_FROM_WIN32(NTE_BAD_KEY_STATE) == hr ||
  119. HRESULT_FROM_WIN32(NTE_BAD_TYPE) == hr)
  120. {
  121. DebugTrace("Info: Win32 error %#x is remapped to %#x.\n",
  122. hr, CAPICOM_E_PRIVATE_KEY_NOT_EXPORTABLE);
  124. hr = CAPICOM_E_PRIVATE_KEY_NOT_EXPORTABLE;
  126. }
  128. //
  129. // Free resources.
  130. //
  131. if (DataBlob.pbData)
  132. {
  133. ::CoTaskMemFree((LPVOID) DataBlob.pbData);
  134. }
  136. goto CommonExit;
  137. }
  139. /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  141. Function : PFXSaveStore
  143. Synopsis : Save a PFX file and return all the certs in a HCERTSTORE.
  145. Parameter: HCERTSTORE hCertStore - Store handle.
  147. LPWSTR pwszFileName - PFX filename.
  149. LPWSTR pwszPassword - Password to encrypt the PFX file.
  151. DWPRD dwFlags - PFX export flags.
  153. Remark :
  155. ------------------------------------------------------------------------------*/
  157. HRESULT PFXSaveStore (HCERTSTORE hCertStore,
  158. LPWSTR pwszFileName,
  159. LPWSTR pwszPassword,
  160. DWORD dwFlags)
  161. {
  162. HRESULT hr = S_OK;
  163. DATA_BLOB DataBlob = {0, NULL};
  165. DebugTrace("Entering PFXSaveStore().\n");
  167. //
  168. // Sanity check.
  169. //
  170. ATLASSERT(hCertStore);
  171. ATLASSERT(pwszFileName);
  173. //
  174. // Export to blob.
  175. //
  176. if (FAILED(hr = ::PFXExportStore(hCertStore,
  177. pwszPassword,
  178. dwFlags,
  179. &DataBlob)))
  180. {
  181. DebugTrace("Error [%#x]: PFXExportStore() failed.\n", hr);
  182. goto ErrorExit;
  183. }
  185. //
  186. // Now write to file.
  187. //
  188. if (FAILED(hr = ::WriteFileContent(pwszFileName, DataBlob)))
  189. {
  190. DebugTrace("Error [%#x]: WriteFileContent() failed.\n", hr);
  191. goto ErrorExit;
  192. }
  194. CommonExit:
  195. //
  196. // Free resources.
  197. //
  198. if (DataBlob.pbData)
  199. {
  200. ::CoTaskMemFree(DataBlob.pbData);
  201. }
  203. DebugTrace("Leaving PFXSaveStore().\n");
  205. return hr;
  207. ErrorExit:
  208. //
  209. // Sanity check.
  210. //
  211. ATLASSERT(FAILED(hr));
  213. goto CommonExit;
  214. }
  216. /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  218. Function : PFXLoadStore
  220. Synopsis : Load a PFX file and return all the certs in a HCERTSTORE.
  222. Parameter: LPWSTR pwszFileName - PFX filename.
  224. LPWSTR pwszPassword - Password to decrypt the PFX file.
  226. DWPRD dwFlags - PFX import flags.
  228. HCERTSTORE * phCertStore - Pointer to HCERSTORE to receive the
  229. handle.
  230. Remark :
  232. ------------------------------------------------------------------------------*/
  234. HRESULT PFXLoadStore (LPWSTR pwszFileName,
  235. LPWSTR pwszPassword,
  236. DWORD dwFlags,
  237. HCERTSTORE * phCertStore)
  238. {
  239. HRESULT hr = S_OK;
  240. DATA_BLOB DataBlob = {0, NULL};
  241. HCERTSTORE hCertStore = NULL;
  243. DebugTrace("Entering PFXLoadStore().\n");
  245. //
  246. // Sanity check.
  247. //
  248. ATLASSERT(pwszFileName);
  249. ATLASSERT(phCertStore);
  251. //
  252. // Read content into memory.
  253. //
  254. if (FAILED(hr = ::ReadFileContent(pwszFileName, &DataBlob)))
  255. {
  256. DebugTrace("Error [%#x]: ReadFileContent() failed.\n", hr);
  257. goto ErrorExit;
  258. }
  260. //
  261. // Now import the blob to store.
  262. //
  263. if (!(hCertStore = ::PFXImportCertStore((CRYPT_DATA_BLOB *) &DataBlob,
  264. pwszPassword,
  265. dwFlags)))
  266. {
  267. hr = HRESULT_FROM_WIN32(::GetLastError());
  269. DebugTrace("Error [%#x]: PFXImportCertStore() failed.\n", hr);
  270. goto ErrorExit;
  271. }
  273. //
  274. // Return HCERSTORE to caller.
  275. //
  276. *phCertStore = hCertStore;
  278. CommonExit:
  279. //
  280. // Free resources.
  281. //
  282. if (DataBlob.pbData)
  283. {
  284. ::UnmapViewOfFile(DataBlob.pbData);
  285. }
  287. DebugTrace("Leaving PFXLoadStore().\n");
  289. return hr;
  291. ErrorExit:
  292. //
  293. // Sanity check.
  294. //
  295. ATLASSERT(FAILED(hr));
  297. //
  298. // Free resources.
  299. //
  300. if (hCertStore)
  301. {
  302. ::CertCloseStore(hCertStore, 0);
  303. }
  305. goto CommonExit;
  306. }
  308. /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  310. Function : PFXFreeStore
  312. Synopsis : Free resources by deleting key containers loaded by PFXLoadStore,
  313. and then close the store.
  315. Parameter: HCERTSTORE hCertStore - Store handle returned by PFXLoadStore.
  317. Remark : hCertStore is always closed even if error occurred.
  319. ------------------------------------------------------------------------------*/
  321. HRESULT PFXFreeStore (HCERTSTORE hCertStore)
  322. {
  323. HRESULT hr = S_OK;
  324. HCRYPTPROV hCryptProv = NULL;
  325. PCCERT_CONTEXT pCertContext = NULL;
  326. PCRYPT_KEY_PROV_INFO pKeyProvInfo = NULL;
  328. DebugTrace("Entering PFXFreeStore().\n");
  330. //
  331. // Sanity check.
  332. //
  333. ATLASSERT(hCertStore);
  335. //
  336. // Now delete all key containers.
  337. //
  338. while (pCertContext = ::CertEnumCertificatesInStore(hCertStore, pCertContext))
  339. {
  340. DWORD cbData = 0;
  342. //
  343. // Retrieve key container info.
  344. //
  345. if (!::CertGetCertificateContextProperty(pCertContext,
  346. CERT_KEY_PROV_INFO_PROP_ID,
  347. NULL,
  348. &cbData))
  349. {
  350. continue;
  351. }
  353. if (!(pKeyProvInfo = (CRYPT_KEY_PROV_INFO *) ::CoTaskMemAlloc(cbData)))
  354. {
  355. hr = E_OUTOFMEMORY;
  357. DebugTrace("Error: out of memory.\n");
  358. goto ErrorExit;
  359. }
  361. if (!::CertGetCertificateContextProperty(pCertContext,
  362. CERT_KEY_PROV_INFO_PROP_ID,
  363. pKeyProvInfo,
  364. &cbData))
  365. {
  366. hr = HRESULT_FROM_WIN32(::GetLastError());
  368. DebugTrace("Error [%#x]: CertGetCertificateContextProperty() failed.\n", hr);
  369. goto ErrorExit;
  370. }
  372. //
  373. // First disassociate the key from the cert.
  374. //
  375. if (!::CertSetCertificateContextProperty(pCertContext,
  376. CERT_KEY_PROV_INFO_PROP_ID,
  377. 0,
  378. NULL))
  379. {
  380. hr = HRESULT_FROM_WIN32(::GetLastError());
  382. DebugTrace("Error [%#x]: CertSetCertificateContextProperty() failed to disassociate key container.\n", hr);
  383. goto ErrorExit;
  384. }
  386. //
  387. // Then delete the key container.
  388. //
  389. if (FAILED (hr = ::AcquireContext(pKeyProvInfo->pwszProvName,
  390. pKeyProvInfo->pwszContainerName,
  391. pKeyProvInfo->dwProvType,
  392. CRYPT_DELETEKEYSET | (pKeyProvInfo->dwFlags & CRYPT_MACHINE_KEYSET),
  393. FALSE,
  394. &hCryptProv)))
  395. {
  396. DebugTrace("Error [%#x]: AcquireContext(CRYPT_DELETEKEYSET) failed .\n", hr);
  397. goto ErrorExit;
  398. }
  400. ::CoTaskMemFree((LPVOID) pKeyProvInfo), pKeyProvInfo = NULL;
  402. //
  403. // Don'f free cert context here, as CertEnumCertificatesInStore()
  404. // will do that automatically!!!
  405. //
  406. }
  408. //
  409. // Above loop can exit either because there is no more certificate in
  410. // the store or an error. Need to check last error to be certain.
  411. //
  412. if (CRYPT_E_NOT_FOUND != ::GetLastError())
  413. {
  414. hr = HRESULT_FROM_WIN32(::GetLastError());
  416. DebugTrace("Error [%#x]: CertEnumCertificatesInStore() failed.\n", hr);
  417. goto ErrorExit;
  418. }
  420. CommonExit:
  421. //
  422. // Free resources.
  423. //
  424. if (pKeyProvInfo)
  425. {
  426. ::CoTaskMemFree((LPVOID) pKeyProvInfo);
  427. }
  428. if (pCertContext)
  429. {
  430. ::CertFreeCertificateContext(pCertContext);
  431. }
  432. if (hCertStore)
  433. {
  434. ::CertCloseStore(hCertStore, 0);
  435. }
  437. DebugTrace("Leaving PFXFreeStore().\n");
  439. return hr;
  441. ErrorExit:
  442. //
  443. // Sanity check.
  444. //
  445. ATLASSERT(FAILED(hr));
  447. goto CommonExit;
  448. }