archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/ulw3/certcontext.cxx

567 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name :
  6. certcontext.cxx
  8. Abstract:
  9. Simple wrapper of a certificate blob
  10. Used co conveniently access client certificate
  11. information passed to worker process from http.sys
  13. Author:
  14. Bilal Alam (balam) 5-Sept-2000
  16. Environment:
  17. Win32 - User Mode
  19. Project:
  20. ULW3.DLL
  21. --*/
  23. #include "precomp.hxx"
  25. HCRYPTPROV CERTIFICATE_CONTEXT::sm_CryptProvider;
  26. ALLOC_CACHE_HANDLER * CERTIFICATE_CONTEXT::sm_pachCertContexts;
  28. CERTIFICATE_CONTEXT::CERTIFICATE_CONTEXT(
  29. HTTP_SSL_CLIENT_CERT_INFO * pClientCertInfo
  30. ) : _fCertDecoded( FALSE ),
  31. _pClientCertInfo( pClientCertInfo ),
  32. _buffCertInfo( (PBYTE) &_CertInfo, sizeof( _CertInfo ) )
  33. {
  34. DBG_ASSERT( _pClientCertInfo != NULL );
  35. }
  37. CERTIFICATE_CONTEXT::~CERTIFICATE_CONTEXT(
  38. VOID
  39. )
  40. {
  41. _pClientCertInfo = NULL;
  42. }
  44. HRESULT
  45. CERTIFICATE_CONTEXT::GetIssuer(
  46. STRA * pstrIssuer
  47. )
  48. /*++
  50. Routine Description:
  52. Get the issuer of the client certificate
  54. Arguments:
  56. pstrIssuer - Filled with issuer string
  58. Return Value:
  60. HRESULT
  62. --*/
  63. {
  64. STACK_BUFFER ( buffIssuer, 256 );
  65. HRESULT hr;
  66. DWORD cchIssuer = 0;
  68. if ( pstrIssuer == NULL )
  69. {
  70. DBG_ASSERT( FALSE );
  71. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  72. }
  74. //
  75. // Decoding deferred until needed
  76. //
  78. if ( !_fCertDecoded )
  79. {
  80. hr = DecodeCert();
  81. if ( FAILED( hr ) )
  82. {
  83. return hr;
  84. }
  86. DBG_ASSERT( _fCertDecoded );
  87. }
  89. cchIssuer = CertNameToStrA( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  90. &(QueryCertInfo()->Issuer),
  91. CERT_X500_NAME_STR,
  92. NULL,
  93. 0 );
  95. if ( !buffIssuer.Resize( cchIssuer * sizeof (CHAR) ) )
  96. {
  97. return HRESULT_FROM_WIN32( ERROR_OUTOFMEMORY );
  98. }
  100. cchIssuer = CertNameToStrA( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  101. &(QueryCertInfo()->Issuer),
  102. CERT_X500_NAME_STR,
  103. (CHAR *) buffIssuer.QueryPtr(),
  104. buffIssuer.QuerySize());
  105. DBG_ASSERT( cchIssuer > 0 );
  107. return pstrIssuer->Copy( (CHAR *) buffIssuer.QueryPtr() );
  108. }
  110. HRESULT
  111. CERTIFICATE_CONTEXT::GetSerialNumber(
  112. STRA * pstrSerialNumber
  113. )
  114. /*++
  116. Routine Description:
  118. Stringize the certificate's serial number for filling in the
  119. CERT_SERIAL_NUMBER
  121. Arguments:
  123. pstrSerialNumber - Filled with serial number string
  125. Return Value:
  127. HRESULT
  129. --*/
  130. {
  131. HRESULT hr = NO_ERROR;
  132. INT i;
  133. DWORD cbSerialNumber;
  134. PBYTE pbSerialNumber;
  135. CHAR achDigit[ 2 ] = { '\0', '\0' };
  137. if ( pstrSerialNumber == NULL )
  138. {
  139. DBG_ASSERT( FALSE );
  140. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  141. }
  143. //
  144. // Decoding deferred until needed
  145. //
  147. if ( !_fCertDecoded )
  148. {
  149. hr = DecodeCert();
  150. if ( FAILED( hr ) )
  151. {
  152. return hr;
  153. }
  155. DBG_ASSERT( _fCertDecoded );
  156. }
  158. cbSerialNumber = QueryCertInfo()->SerialNumber.cbData;
  159. pbSerialNumber = QueryCertInfo()->SerialNumber.pbData;
  161. for ( i = cbSerialNumber-1; i >=0; i-- )
  162. {
  163. //
  164. // Just like IIS 5.0, we make the serial number in reverse byte order
  165. //
  167. achDigit[ 0 ] = HEX_DIGIT( ( pbSerialNumber[ i ] >> 4 ) );
  168. hr = pstrSerialNumber->Append( achDigit, 1 );
  169. if ( FAILED( hr ) )
  170. {
  171. return hr;
  172. }
  174. achDigit[ 0 ] = HEX_DIGIT( ( pbSerialNumber[ i ] & 0xF ) );
  175. hr = pstrSerialNumber->Append( achDigit, 1 );
  176. if ( FAILED( hr ) )
  177. {
  178. return hr;
  179. }
  181. //
  182. // Do not append "-" after last digit of Serial Number
  183. //
  185. if( i != 0 )
  186. {
  188. hr = pstrSerialNumber->Append( "-", 1 );
  189. if ( FAILED( hr ) )
  190. {
  191. return hr;
  192. }
  193. }
  194. }
  196. return NO_ERROR;
  197. }
  199. HRESULT
  200. CERTIFICATE_CONTEXT::DecodeCert(
  201. VOID
  202. )
  203. /*++
  205. Routine Description:
  207. Decode client certificate into stuff needed to fill in some server
  208. variables
  210. Arguments:
  212. None
  214. Return Value:
  216. HRESULT
  218. --*/
  219. {
  220. DWORD cbBuffer;
  222. cbBuffer = _buffCertInfo.QuerySize();
  224. if ( !CryptDecodeObjectEx( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  225. X509_CERT_TO_BE_SIGNED,
  226. _pClientCertInfo->pCertEncoded,
  227. _pClientCertInfo->CertEncodedSize,
  228. CRYPT_DECODE_NOCOPY_FLAG, //internal optimization flag
  229. NULL,
  230. _buffCertInfo.QueryPtr(),
  231. &cbBuffer ) )
  232. {
  233. if ( GetLastError() == ERROR_MORE_DATA )
  234. {
  235. DBG_ASSERT( cbBuffer > _buffCertInfo.QuerySize() );
  237. if ( !_buffCertInfo.Resize( cbBuffer ) )
  238. {
  239. return HRESULT_FROM_WIN32( GetLastError() );
  240. }
  242. if ( !CryptDecodeObjectEx( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  243. X509_CERT_TO_BE_SIGNED,
  244. _pClientCertInfo->pCertEncoded,
  245. _pClientCertInfo->CertEncodedSize,
  246. CRYPT_DECODE_NOCOPY_FLAG,
  247. NULL,
  248. _buffCertInfo.QueryPtr(),
  249. &cbBuffer ) )
  250. {
  251. DBG_ASSERT( GetLastError() != ERROR_MORE_DATA );
  253. return HRESULT_FROM_WIN32( GetLastError() );
  254. }
  255. }
  256. else
  257. {
  258. return HRESULT_FROM_WIN32( GetLastError() );
  259. }
  260. }
  262. _fCertDecoded = TRUE;
  264. return NO_ERROR;
  265. }
  267. HRESULT
  268. CERTIFICATE_CONTEXT::GetSubject(
  269. STRA * pstrSubject
  270. )
  271. /*++
  273. Routine Description:
  275. Get subject string for cert
  277. Arguments:
  279. pstrSubject - Filled with subject string
  281. Return Value:
  283. HRESULT
  285. --*/
  286. {
  287. STACK_BUFFER ( buffSubject, 256);
  288. HRESULT hr;
  289. DWORD cchSubject = 0;
  291. if ( pstrSubject == NULL )
  292. {
  293. DBG_ASSERT( FALSE );
  294. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  295. }
  297. //
  298. // Decoding deferred until needed
  299. //
  301. if ( !_fCertDecoded )
  302. {
  303. hr = DecodeCert();
  304. if ( FAILED( hr ) )
  305. {
  306. return hr;
  307. }
  309. DBG_ASSERT( _fCertDecoded );
  310. }
  312. cchSubject = CertNameToStrA( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  313. &(QueryCertInfo()->Subject),
  314. CERT_X500_NAME_STR,
  315. NULL,
  316. 0 );
  317. if ( !buffSubject.Resize( cchSubject * sizeof (CHAR) ) )
  318. {
  319. return HRESULT_FROM_WIN32( ERROR_OUTOFMEMORY );
  320. }
  322. cchSubject = CertNameToStrA( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  323. &(QueryCertInfo()->Subject),
  324. CERT_X500_NAME_STR,
  325. (CHAR *) buffSubject.QueryPtr(),
  326. buffSubject.QuerySize());
  328. DBG_ASSERT( cchSubject > 0 );
  329. return pstrSubject->Copy( (CHAR *) buffSubject.QueryPtr() );
  330. }
  332. HRESULT
  333. CERTIFICATE_CONTEXT::GetCookie(
  334. STRA * pstrCookie
  335. )
  336. /*++
  338. Routine Description:
  340. CERT_COOKIE server variable
  341. Cert cookie is legacy velue from IIS3 times
  342. Cookie = MD5(<issuer string> <serial number in binary>)
  344. Arguments:
  346. pstrCookie - Filled with CERT_COOKIE
  348. Return Value:
  350. HRESULT
  352. --*/
  353. {
  354. HRESULT hr;
  355. HCRYPTHASH cryptHash;
  356. STACK_STRA( strIssuer, 256 );
  357. STACK_BUFFER( buffFinal, 256);
  358. BYTE * pbFinal;
  359. DWORD cbFinal;
  360. CHAR achDigit[ 2 ] = { '\0', '\0' };
  362. if ( pstrCookie == NULL )
  363. {
  364. DBG_ASSERT( FALSE );
  365. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  366. }
  368. //
  369. // Decoding deferred until needed
  370. //
  372. if ( !_fCertDecoded )
  373. {
  374. hr = DecodeCert();
  375. if ( FAILED( hr ) )
  376. {
  377. return hr;
  378. }
  380. DBG_ASSERT( _fCertDecoded );
  381. }
  383. //
  384. // Cookie is MD5(<issuer string> <serial number in binary>)
  385. //
  387. hr = GetIssuer( &strIssuer );
  388. if ( FAILED( hr ) )
  389. {
  390. return hr;
  391. }
  393. //
  394. // Begin the hashing
  395. //
  397. if ( !CryptCreateHash( sm_CryptProvider,
  398. CALG_MD5,
  399. 0,
  400. 0,
  401. &cryptHash ) )
  402. {
  403. return HRESULT_FROM_WIN32( GetLastError() );
  404. }
  406. if ( !CryptHashData( cryptHash,
  407. (BYTE*) strIssuer.QueryStr(),
  408. strIssuer.QueryCCH(),
  409. 0 ) )
  410. {
  411. hr = HRESULT_FROM_WIN32( GetLastError() );
  412. CryptDestroyHash( cryptHash );
  413. return hr;
  414. }
  416. if ( !CryptHashData( cryptHash,
  417. QueryCertInfo()->SerialNumber.pbData,
  418. QueryCertInfo()->SerialNumber.cbData,
  419. 0 ) )
  420. {
  421. hr = HRESULT_FROM_WIN32( GetLastError() );
  422. CryptDestroyHash( cryptHash );
  423. return hr;
  424. }
  426. //
  427. // Get the final hash value
  428. //
  430. cbFinal = buffFinal.QuerySize();
  432. if ( !CryptGetHashParam( cryptHash,
  433. HP_HASHVAL,
  434. (BYTE*) buffFinal.QueryPtr(),
  435. &cbFinal,
  436. 0 ) )
  437. {
  438. hr = HRESULT_FROM_WIN32( GetLastError() );
  439. CryptDestroyHash( cryptHash );
  440. return hr;
  441. }
  443. CryptDestroyHash( cryptHash );
  445. //
  446. // Now ascii'ize the final hex string
  447. //
  449. pbFinal = (BYTE*) buffFinal.QueryPtr();
  451. for ( DWORD i = 0; i < cbFinal; i++ )
  452. {
  453. achDigit[ 0 ] = HEX_DIGIT( ( pbFinal[ i ] & 0xF0 ) >> 4 );
  454. hr = pstrCookie->Append( achDigit, 1 );
  455. if ( FAILED( hr ) )
  456. {
  457. return hr;
  458. }
  460. achDigit[ 0 ] = HEX_DIGIT( ( pbFinal[ i ] & 0xF ) );
  461. hr = pstrCookie->Append( achDigit, 1 );
  462. if ( FAILED( hr ) )
  463. {
  464. return hr;
  465. }
  466. }
  468. return NO_ERROR;
  469. }
  471. //static
  472. HRESULT
  473. CERTIFICATE_CONTEXT::Initialize(
  474. VOID
  475. )
  476. /*++
  478. Routine Description:
  480. Do one time initialization of CRYPTO provider for doing MD5 hashes
  482. Arguments:
  484. None
  486. Return Value:
  488. HRESULT
  490. --*/
  491. {
  492. ALLOC_CACHE_CONFIGURATION acConfig;
  494. if ( !CryptAcquireContext( &sm_CryptProvider,
  495. NULL,
  496. NULL,
  497. PROV_RSA_FULL,
  498. CRYPT_VERIFYCONTEXT ) )
  499. {
  500. return HRESULT_FROM_WIN32( GetLastError() );
  501. }
  503. DBG_ASSERT( sm_CryptProvider != NULL );
  505. //
  506. // Setup allocation lookaside
  507. //
  509. acConfig.nConcurrency = 1;
  510. acConfig.nThreshold = 100;
  511. acConfig.cbSize = sizeof( CERTIFICATE_CONTEXT );
  513. DBG_ASSERT( sm_pachCertContexts == NULL );
  515. sm_pachCertContexts = new ALLOC_CACHE_HANDLER( "CERTIFICATE_CONTEXT",
  516. &acConfig );
  518. if ( sm_pachCertContexts == NULL || !sm_pachCertContexts->IsValid() )
  519. {
  520. if ( sm_pachCertContexts != NULL )
  521. {
  522. delete sm_pachCertContexts;
  523. sm_pachCertContexts = NULL;
  524. }
  526. CryptReleaseContext( sm_CryptProvider, 0 );
  527. sm_CryptProvider = NULL;
  529. return HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY );
  530. }
  532. return NO_ERROR;
  533. }
  535. //static
  536. VOID
  537. CERTIFICATE_CONTEXT::Terminate(
  538. VOID
  539. )
  540. /*++
  542. Routine Description:
  544. Global cleanup
  546. Arguments:
  548. None
  550. Return Value:
  552. None
  554. --*/
  555. {
  556. if ( sm_pachCertContexts != NULL )
  557. {
  558. delete sm_pachCertContexts;
  559. sm_pachCertContexts = NULL;
  560. }
  562. if ( sm_CryptProvider != NULL )
  563. {
  564. CryptReleaseContext( sm_CryptProvider, 0 );
  565. sm_CryptProvider = NULL;
  566. }
  567. }