|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 2000-2002.
//
// File: CertTemplate.cpp
//
// Contents: CCertTemplate
//
//----------------------------------------------------------------------------
/// CertTemplate.cpp: implementation of the CCertTemplate class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "CertTemplate.h"
#define _SECOND ((ULONGLONG) 10000000)
#define _MINUTE (60 * _SECOND)
#define _HOUR (60 * _MINUTE)
#define _DAY (24 * _HOUR)
CERT_EXTENSION g_EKUCertExtension = {szOID_ENHANCED_KEY_USAGE, 0, {0, 0}};CERT_EXTENSION g_certPolCertExtension = {szOID_CERT_POLICIES, 0, {0, 0}};
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CCertTemplate::CCertTemplate( PCWSTR pszObjectName, PCWSTR pszTemplateName, const CString& szLDAPPath, bool fIsReadOnly, const bool fUseCache) : CCertTmplCookie (CERTTMPL_CERT_TEMPLATE, pszObjectName), m_strTemplateName (pszTemplateName), m_hCertType (0), m_dwVersion (0), m_dwEnrollmentFlags (0), m_dwSubjectNameFlags (0), m_dwPrivateKeyFlags (0), m_dwGeneralFlags (0), m_dwKeySpec (0), m_bIsClone (false), m_bCanBeDeletedOnCancel (false), m_bGoodForAutoenrollmentFlagPendingSave (false), m_szLDAPPath (szLDAPPath), m_fIsReadOnly (fIsReadOnly), m_nOriginalValidityDays (-1), m_nNewValidityDays (-1), m_nOriginalRenewalDays (-1), m_nNewRenewalDays (-1), m_pCertExtensions (0), m_fUseCache (fUseCache), m_bIssuancePoliciesRequired (false), m_fFailedToSetSecurity (false){// _TRACE (1, L"Entering CCertTemplate::CCertTemplate\n");
m_strOriginalTemplateName = pszTemplateName;
Initialize ();// _TRACE (-1, L"Leaving CCertTemplate::CCertTemplate\n");
}
CCertTemplate::CCertTemplate( const CCertTemplate &rTemplate, bool bIsClone, bool fIsReadOnly, const bool fUseCache) : CCertTmplCookie (CERTTMPL_CERT_TEMPLATE), m_hCertType (0), m_dwVersion (0), m_dwEnrollmentFlags (0), m_dwSubjectNameFlags (0), m_dwPrivateKeyFlags (0), m_dwGeneralFlags (0), m_dwKeySpec (0), m_bIsClone (bIsClone), m_bCanBeDeletedOnCancel (true), m_bGoodForAutoenrollmentFlagPendingSave (false), m_fIsReadOnly (fIsReadOnly), m_szLDAPPath (rTemplate.GetLDAPPath ()), m_nOriginalValidityDays (-1), m_nNewValidityDays (-1), m_nOriginalRenewalDays (-1), m_nNewRenewalDays (-1), m_pCertExtensions (0), m_fUseCache (fUseCache), m_bIssuancePoliciesRequired (false), m_fFailedToSetSecurity (false){// _TRACE (1, L"Entering CCertTemplate::CCertTemplate (copy constructor)\n");
// _TRACE (-1, L"Leaving CCertTemplate::CCertTemplate (copy constructor)\n");
}
CCertTemplate::~CCertTemplate(){// _TRACE (1, L"Entering CCertTemplate::~CCertTemplate - m_hCertType = 0x%x\n", m_hCertType);
if ( m_hCertType ) { FreeCertExtensions ();
HRESULT hr = CACloseCertType (m_hCertType); _ASSERT (SUCCEEDED (hr)); if ( !SUCCEEDED (hr) ) { _TRACE (0, L"CACloseCertType (%s) failed: 0x%x\n", hr); } }// _TRACE (-1, L"Leaving CCertTemplate::~CCertTemplate\n");
}
HRESULT CCertTemplate::Initialize(){// _TRACE (1, L"Entering CCertTemplate::Initialize - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK; if ( !m_hCertType ) { DWORD dwFlags = CT_ENUM_MACHINE_TYPES | CT_ENUM_USER_TYPES;
if ( !m_fUseCache ) { dwFlags |= CT_FLAG_NO_CACHE_LOOKUP; }
hr = CAFindCertTypeByName (m_strTemplateName, NULL, dwFlags, &m_hCertType); _ASSERT (SUCCEEDED (hr)); } if ( SUCCEEDED (hr) ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_SCHEMA_VERSION, &m_dwVersion); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_SCHEMA_VERSION) failed: 0x%x\n", hr); }
// Get enrollment flags
if ( SUCCEEDED (hr) ) { hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_ENROLLMENT_FLAG, &m_dwEnrollmentFlags); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_ENROLLMENT_FLAG) failed: 0x%x\n", hr); } }
// Get subject name flags
if ( SUCCEEDED (hr) ) { hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_SUBJECT_NAME_FLAG, &m_dwSubjectNameFlags); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_SUBJECT_NAME_FLAG) failed: 0x%x\n", hr); } }
// Get private key flags
if ( SUCCEEDED (hr) ) { hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_PRIVATE_KEY_FLAG, &m_dwPrivateKeyFlags); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_PRIVATE_KEY_FLAG) failed: 0x%x\n", hr); } }
// Get general flags
if ( SUCCEEDED (hr) ) { hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_GENERAL_FLAG, &m_dwGeneralFlags); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_GENERAL_FLAG) failed: 0x%x\n", hr); } }
if ( SUCCEEDED (hr) ) { hr = CAGetCertTypeKeySpec (m_hCertType, &m_dwKeySpec); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypeKeySpec () failed: 0x%x\n", hr); } } } else { _TRACE (0, L"CAFindCertTypeByName (%s) failed: 0x%x\n", (PCWSTR) m_strTemplateName, hr); }
// _TRACE (-1, L"Leaving CCertTemplate::Initialize: 0x%x\n", hr);
return hr;}
DWORD CCertTemplate::GetType() const{ return m_dwVersion;}
CString CCertTemplate::GetDisplayName (){// _TRACE (1, L"Entering CCertTemplate::GetDisplayName - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK; if ( m_szDisplayName.IsEmpty () ) { if ( m_hCertType ) { PWSTR* rgwszProp = 0;
hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_FRIENDLY_NAME, &rgwszProp); if ( SUCCEEDED (hr) && rgwszProp ) { m_szDisplayName = *rgwszProp; CAFreeCertTypeProperty (m_hCertType, rgwszProp); } else { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_FRIENDLY_NAME) failed: 0x%x\n", hr); m_szDisplayName = GetObjectName (); } } else m_szDisplayName = GetObjectName (); }
// _TRACE (-1, L"Leaving CCertTemplate::GetDisplayName: %s, 0x%x\n", (PCWSTR) m_szDisplayName, hr);
return m_szDisplayName;}
CString CCertTemplate::GetTemplateName() const{ return m_strTemplateName;}
bool CCertTemplate::SubjectIsCA() const{ return (m_dwGeneralFlags & CT_FLAG_IS_CA) ? true : false;}
bool CCertTemplate::SubjectIsCrossCA() const{ return (m_dwGeneralFlags & CT_FLAG_IS_CROSS_CA) ? true : false;}
bool CCertTemplate::IsMachineType() const{ return (m_dwGeneralFlags & CT_FLAG_MACHINE_TYPE) ? true : false;}
bool CCertTemplate::PublishToDS() const{ return (m_dwEnrollmentFlags & CT_FLAG_PUBLISH_TO_DS) ? true : false;}
DWORD CCertTemplate::GetCertExtensionCount(){ DWORD dwCnt = 0; PCERT_EXTENSIONS pCertExtensions = 0; HRESULT hr = CAGetCertTypeExtensions (m_hCertType, &pCertExtensions); if ( SUCCEEDED (hr) ) { if ( pCertExtensions ) { dwCnt = pCertExtensions->cExtension; CAFreeCertTypeExtensions (m_hCertType, pCertExtensions); } } else { _TRACE (0, L"CAGetCertTypeExtensions () failed: 0x%x\n", hr); }
return dwCnt;}
///////////////////////////////////////////////////////////////////////////////
//
// Method: GetCertExtension
//
// Note: The pointer returned through ppCertExtension must not be freed. The
// caller must call FreeCertExtensions () when done with it.
///////////////////////////////////////////////////////////////////////////////
HRESULT CCertTemplate::GetCertExtension (PSTR pszOID, PCERT_EXTENSION* ppCertExtension){ HRESULT hr = S_OK; if ( ppCertExtension ) { hr = CAGetCertTypeExtensions (m_hCertType, &m_pCertExtensions); if ( SUCCEEDED (hr) ) { if ( m_pCertExtensions ) { *ppCertExtension = CertFindExtension(pszOID, m_pCertExtensions->cExtension, m_pCertExtensions->rgExtension); if ( ! (*ppCertExtension) ) { if ( SubjectIsCA () ) { if ( !_stricmp (szOID_ENHANCED_KEY_USAGE, pszOID) ) *ppCertExtension = &g_EKUCertExtension; else if ( !_stricmp (szOID_CERT_POLICIES, pszOID) ) *ppCertExtension = &g_certPolCertExtension; } } } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeExtensions () failed: 0x%x\n", hr); } } else return E_POINTER;
return hr;}
HRESULT CCertTemplate::GetCertExtension(DWORD dwIndex, PSTR* ppszObjId, BOOL& fCritical){ if ( !ppszObjId ) return E_POINTER;
PCERT_EXTENSIONS pCertExtensions = 0; HRESULT hr = CAGetCertTypeExtensions (m_hCertType, &pCertExtensions); if ( SUCCEEDED (hr) ) { if ( pCertExtensions ) { if ( dwIndex >= pCertExtensions->cExtension ) hr = E_INVALIDARG; else { PCERT_EXTENSION pExtension = &pCertExtensions->rgExtension[dwIndex]; ASSERT (pExtension->pszObjId); if ( pExtension->pszObjId ) { // security review 2/21/2002 BryanWal ok
PSTR pszOID = new char[strlen (pExtension->pszObjId)+1]; if ( pszOID ) { // security review 2/21/2002 BryanWal ok
strcpy (pszOID, pExtension->pszObjId); *ppszObjId = pszOID; fCritical = pExtension->fCritical; } else hr = E_OUTOFMEMORY; } else hr = E_FAIL; } CAFreeCertTypeExtensions (m_hCertType, pCertExtensions); } } else { _TRACE (0, L"CAGetCertTypeExtensions () failed: 0x%x\n", hr); }
return hr;}
bool CCertTemplate::HasKeySpecSignature() const{ return m_dwKeySpec & AT_SIGNATURE ? true : false;}
bool CCertTemplate::HasEncryptionSignature() const{ return m_dwKeySpec & AT_KEYEXCHANGE ? true : false;}
bool CCertTemplate::RequireSubjectInRequest() const{ return m_dwSubjectNameFlags & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT ? true : false;}
#define CVT_BASE (1000 * 1000 * 10)
HRESULT CCertTemplate::ConvertCertTypeFileTimeToDays (FILETIME const *pftCertType, int& nDays){ HRESULT hr = S_OK; if ( !pftCertType ) return E_POINTER;
LONGLONG ll = *(LONGLONG *) pftCertType; // Signed 64 bit scalar!
if (0 > ll) { ll = -ll; ll /= CVT_BASE; // now in seconds
nDays = (int) (ll / (60 * 60 * 24)); } else nDays = 0;
return hr;}
HRESULT CCertTemplate::GetValidityPeriod(int& nValidityDays){ HRESULT hr = S_OK;
FILETIME ftValidity; hr = CAGetCertTypeExpiration (m_hCertType, &ftValidity, 0); if ( SUCCEEDED (hr) ) { hr = ConvertCertTypeFileTimeToDays (&ftValidity, nValidityDays); if ( SUCCEEDED (hr) ) m_nOriginalValidityDays = nValidityDays; }
return hr;}
HRESULT CCertTemplate::GetRenewalPeriod(int& nRenewalDays){ HRESULT hr = S_OK;
FILETIME ftRenewal; hr = CAGetCertTypeExpiration (m_hCertType, 0, &ftRenewal); if ( SUCCEEDED (hr) ) { hr = ConvertCertTypeFileTimeToDays (&ftRenewal, nRenewalDays); if ( SUCCEEDED (hr) ) m_nOriginalRenewalDays = nRenewalDays; }
return hr;}
// NEW CLONE
HRESULT CCertTemplate::Clone ( const CCertTemplate& rTemplate, const CString& strTemplateName, const CString& strDisplayName){ _TRACE (1, L"Entering CCertTemplate::Clone (%s, %s)\n", (PCWSTR) strTemplateName, (PCWSTR) strDisplayName); HRESULT hr = S_OK;
_ASSERT (m_bIsClone); if ( m_bIsClone ) { m_strTemplateName = strTemplateName;
// Set the originalTemplateName so that we can tell later if the
// user has renamed the template. This is important because renaming
// a template creates a brand new template and the old one must then
// be deleted.
m_strOriginalTemplateName = strTemplateName;
SetObjectName (strDisplayName);
if ( SUCCEEDED (hr) ) { hr = CAFindCertTypeByName (rTemplate.GetTemplateName (), NULL, CT_ENUM_MACHINE_TYPES | CT_ENUM_USER_TYPES | CT_FLAG_NO_CACHE_LOOKUP, &m_hCertType); if ( SUCCEEDED (hr) ) { HCERTTYPE hNewCertType = 0; hr = CACloneCertType ( m_hCertType, strTemplateName, strDisplayName, 0, (GetType () > 1 ) ? (CT_CLONE_KEEP_SUBJECT_NAME_SETTING | CT_CLONE_KEEP_AUTOENROLLMENT_SETTING): 0, &hNewCertType); if ( SUCCEEDED (hr) ) { CACloseCertType (m_hCertType); m_hCertType = hNewCertType;
m_szLDAPPath = GetDN (); hr = Initialize (); } else { _TRACE (0, L"CACloneCertType (%s, %s) failed: 0x%d\n", (PCWSTR) strTemplateName, (PCWSTR) strDisplayName, hr); } } else { _TRACE (0, L"CAFindCertTypeByName (%s) failed: 0x%x", (PCWSTR) rTemplate.GetTemplateName (), hr); } } } else hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::Clone: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::Delete(){ _TRACE (1, L"Entering CCertTemplate::Delete - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK;
if ( !(m_dwGeneralFlags & CT_FLAG_IS_DEFAULT) ) { if ( m_hCertType ) { hr = CADeleteCertType (m_hCertType); if ( FAILED (hr) ) { _TRACE (0, L"CADeleteCertType failed: 0x%x\n", hr); } } else { _TRACE (0, L"m_hCertType was unexpectedly NULL\n"); hr = E_UNEXPECTED; } } else hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::Delete: 0x%x\n", hr); return hr;}
bool CCertTemplate::IsDefault() const{ return m_dwGeneralFlags & CT_FLAG_IS_DEFAULT ? true : false;}
bool CCertTemplate::IsClone() const{ return m_bIsClone;}
HRESULT CCertTemplate::SetTemplateName(const CString &strTemplateName){ _TRACE (1, L"Entering CCertTemplate::SetTemplateName (%s) - m_hCertType = 0x%x\n", strTemplateName, m_hCertType); HRESULT hr = S_OK;
if ( LocaleStrCmp (m_strTemplateName, strTemplateName) ) { PWSTR rgwszProp[2]; rgwszProp[0] = (PWSTR)(PCWSTR) strTemplateName; rgwszProp[1] = 0;;
hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_CN, rgwszProp); if ( SUCCEEDED (hr) ) { m_strTemplateName = strTemplateName; } else { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_CN, %s) failed: 0x%x", rgwszProp[0], hr); } } _TRACE (-1, L"Leaving CCertTemplate::SetTemplateName: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetDisplayName(const CString &strDisplayName, bool bForce){ _TRACE (1, L"Entering CCertTemplate::SetDisplayName (%s) - m_hCertType = 0x%x\n", strDisplayName, m_hCertType); HRESULT hr = S_OK;
if ( bForce || LocaleStrCmp (GetDisplayName (), strDisplayName) ) { PWSTR rgwszProp[2]; rgwszProp[0] = (PWSTR)(PCWSTR) strDisplayName; rgwszProp[1] = 0;
hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_FRIENDLY_NAME, rgwszProp); if ( SUCCEEDED (hr) ) { m_szDisplayName = L""; m_szDisplayName = GetDisplayName (); SetObjectName (m_szDisplayName); } else { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_FRIENDLY_NAME, %s) failed: 0x%x", rgwszProp[0], hr); } }
_TRACE (-1, L"Leaving CCertTemplate::SetDisplayName: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SaveChanges(bool bIncrementMinorVersion /*=true*/){ _TRACE (1, L"Entering CCertTemplate::SaveChanges - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK;
m_bCanBeDeletedOnCancel = false;
if ( m_hCertType ) { // Save validity period
if ( -1 != m_nNewValidityDays && m_nOriginalValidityDays != m_nNewValidityDays ) { LONGLONG ll = (LONGLONG) m_nNewValidityDays * (60 * 60 * 24); // seconds
ll *= CVT_BASE; ll = -ll;
FILETIME ftValidity; ftValidity.dwLowDateTime = (DWORD) (ll & 0xFFFFFFFF); ftValidity.dwHighDateTime = (DWORD) (ll >> 32);
// save the new value back to the cert template
hr = CASetCertTypeExpiration (m_hCertType, &ftValidity, 0); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypeExpiration (validity) failed: 0x%x\n", hr); } }
// Save renewal period
if ( -1 != m_nNewRenewalDays && m_nOriginalRenewalDays != m_nNewRenewalDays ) { LONGLONG ll = (LONGLONG) m_nNewRenewalDays * (60 * 60 * 24); // seconds
ll *= CVT_BASE; ll = -ll;
// get the original value
FILETIME ftRenewal; ftRenewal.dwLowDateTime = (DWORD) (ll & 0xFFFFFFFF); ftRenewal.dwHighDateTime = (DWORD) (ll >> 32);
// save the new value back to the cert template
hr = CASetCertTypeExpiration (m_hCertType, 0, &ftRenewal); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypeExpiration (renewal) failed: 0x%x\n", hr); } }
if ( SUCCEEDED (hr) ) { if ( bIncrementMinorVersion ) hr = IncrementMinorVersion (); if ( SUCCEEDED (hr) ) { hr = CAUpdateCertType (m_hCertType); if ( SUCCEEDED (hr) ) { // If the name was changed a new template was created and the old one needs to be deleted
if ( LocaleStrCmp (m_strOriginalTemplateName, m_strTemplateName) ) { HCERTTYPE hCertType = 0; HRESULT hr1 = CAFindCertTypeByName (m_strOriginalTemplateName, NULL, CT_ENUM_MACHINE_TYPES | CT_ENUM_USER_TYPES | CT_FLAG_NO_CACHE_LOOKUP, &hCertType); if ( SUCCEEDED (hr1) ) { hr1 = CADeleteCertType (hCertType); if (FAILED (hr1) ) { _TRACE (0, L"Cert Template was renamed. Original cert template %s was found but could not be deleted: 0x%x\n", m_strOriginalTemplateName, hr); }
m_strOriginalTemplateName = m_strTemplateName;
hr1 = CACloseCertType (hCertType); if ( FAILED (hr1) ) { _TRACE (0, L"CACloseCertType () failed: 0x%x", hr); } } else { _TRACE (0, L"Cert Template was renamed. Unable to find original cert template %s. 0x%x\n", m_strOriginalTemplateName, hr); } } else { m_bIsClone = false; Cancel (); // cause all settings to be refreshed
} } else { _TRACE (0, L"CAUpdateCertType () failed: 0x%x", hr); } } } } else hr = E_FAIL;
if ( SUCCEEDED (hr) ) m_bIsClone = false;
_TRACE (-1, L"Leaving CCertTemplate::SaveChanges: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetSubjectIsCA(bool bSubjectIsCA){ _TRACE (1, L"Entering CCertTemplate::SetSubjectIsCA - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = SetFlag (CERTTYPE_GENERAL_FLAG, CT_FLAG_IS_CA, bSubjectIsCA);
_TRACE (-1, L"Leaving CCertTemplate::SetSubjectIsCA: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetKeySpecSignature(bool bHasKeySpecSignature){ _TRACE (1, L"Entering CCertTemplate::SetKeySpecSignature - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK;
if ( m_hCertType ) { if ( bHasKeySpecSignature ) m_dwKeySpec |= AT_SIGNATURE; else m_dwKeySpec &= ~AT_SIGNATURE;
hr = CASetCertTypeKeySpec (m_hCertType, m_dwKeySpec); if ( SUCCEEDED (hr) ) { PCERT_EXTENSION pCertExtension = 0; hr = GetCertExtension (szOID_KEY_USAGE, &pCertExtension); if ( SUCCEEDED (hr) && pCertExtension ) { DWORD cbKeyUsage = 0; if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE, pCertExtension->Value.pbData, pCertExtension->Value.cbData, 0, NULL, &cbKeyUsage) ) { CRYPT_BIT_BLOB* pKeyUsage = (CRYPT_BIT_BLOB*) ::LocalAlloc (LPTR, cbKeyUsage); if ( pKeyUsage ) { if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING, szOID_KEY_USAGE, pCertExtension->Value.pbData, pCertExtension->Value.cbData, 0, pKeyUsage, &cbKeyUsage) ) { if (pKeyUsage->cbData >= 1) { if ( bHasKeySpecSignature ) { pKeyUsage->pbData[0] |= CERT_DIGITAL_SIGNATURE_KEY_USAGE;
// NTRAID# 312946 Cert Template Snap-in:
// Should clear up the Key Encipherment
// bit for signature certificate
pKeyUsage->pbData[0] &= ~CERT_KEY_AGREEMENT_KEY_USAGE; pKeyUsage->pbData[0] &= ~CERT_KEY_ENCIPHERMENT_KEY_USAGE; pKeyUsage->pbData[0] &= ~CERT_DATA_ENCIPHERMENT_KEY_USAGE; } else { // is encryption only - clear the digital
// signature and non-repudiation key usages
pKeyUsage->pbData[0] &= ~CERT_DIGITAL_SIGNATURE_KEY_USAGE; pKeyUsage->pbData[0] &= ~CERT_NON_REPUDIATION_KEY_USAGE; if ( !(CERT_KEY_AGREEMENT_KEY_USAGE & pKeyUsage->pbData[0]) ) pKeyUsage->pbData[0] |= CERT_KEY_ENCIPHERMENT_KEY_USAGE; }
pKeyUsage->cUnusedBits = 0; SetKeyUsage (pKeyUsage, pCertExtension->fCritical ? true : false); FreeCertExtensions (); } } else { DWORD dwErr = GetLastError (); _TRACE (0, L"CryptDecodeObject (szOID_KEY_USAGE) failed: 0x%x\n", dwErr); DisplaySystemError (NULL, dwErr); }
::LocalFree (pKeyUsage); } } else { DWORD dwErr = GetLastError (); _TRACE (0, L"CryptDecodeObject (szOID_KEY_USAGE) failed: 0x%x\n", dwErr); DisplaySystemError (NULL, dwErr); } } } else { _TRACE (0, L"CASetCertTypeKeySpec() failed: 0x%x\n", hr); } } else hr = E_UNEXPECTED;
_TRACE (-1, L"Leaving CCertTemplate::SetKeySpecSignature: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetFlag (DWORD dwFlagType, DWORD dwFlag, bool bValue){ _TRACE (1, L"Entering CCertTemplate::SetFlag - m_hCertType = 0x%x\n", m_hCertType);; HRESULT hr = S_OK; DWORD* pdwFlags = 0;
switch (dwFlagType) { case CERTTYPE_ENROLLMENT_FLAG: pdwFlags = &m_dwEnrollmentFlags; break;
case CERTTYPE_SUBJECT_NAME_FLAG: pdwFlags = &m_dwSubjectNameFlags; break;
case CERTTYPE_PRIVATE_KEY_FLAG: pdwFlags = &m_dwPrivateKeyFlags; break;
case CERTTYPE_GENERAL_FLAG: pdwFlags = &m_dwGeneralFlags; break;
default: _ASSERT (0); hr = E_FAIL; break; }
if ( pdwFlags ) { if ( bValue ) *pdwFlags |= dwFlag; else *pdwFlags &= ~dwFlag;
hr = CASetCertTypeFlagsEx (m_hCertType, dwFlagType, *pdwFlags); _ASSERT (SUCCEEDED (hr)); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypeFlagsEx () failed: 0x%x\n", hr); } }
_TRACE (-1, L"Leaving CCertTemplate::SetFlag: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetEncryptionSignature(bool bHasEncryptionSignature){ _TRACE (1, L"Entering CCertTemplate::SetEncryptionSignature - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK;
if ( m_hCertType ) { if ( bHasEncryptionSignature ) m_dwKeySpec |= AT_KEYEXCHANGE; else m_dwKeySpec &= ~AT_KEYEXCHANGE;
hr = CASetCertTypeKeySpec (m_hCertType, m_dwKeySpec); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypeKeySpec() failed: 0x%x\n", hr); } } else hr = E_UNEXPECTED;
_TRACE (-1, L"Leaving CCertTemplate::SetEncryptionSignature: 0x%x\n", hr); return hr;}
bool CCertTemplate::CanBeDeletedOnCancel() const{ return m_bCanBeDeletedOnCancel;}
HRESULT CCertTemplate::SetAutoEnrollment(bool bSuitableForAutoEnrollment){ HRESULT hr = S_OK;
if ( IsClone () ) { // If this is a clone, the autoenrollment flag has already been turned
// off. Here we wish only to keep track of what the user's
// preferences are so that we can turn it on, if desired, at the
// final save.
m_bGoodForAutoenrollmentFlagPendingSave = bSuitableForAutoEnrollment; } else hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_AUTO_ENROLLMENT, bSuitableForAutoEnrollment);
return hr;}
HRESULT CCertTemplate::GetMinimumKeySize(DWORD &dwMinKeySize) const{ _TRACE (1, L"Entering CCertTemplate::GetMinimumKeySize - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK; if ( m_hCertType ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_MIN_KEY_SIZE, &dwMinKeySize); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_MIN_KEY_SIZE) failed: 0x%x\n", hr); } }
_TRACE (-1, L"Leaving CCertTemplate::GetMinimumKeySize (%d): 0x%x\n", dwMinKeySize, hr); return hr;}
bool CCertTemplate::PrivateKeyIsExportable() const{ return (m_dwPrivateKeyFlags & CT_FLAG_EXPORTABLE_KEY) ? true : false;}
HRESULT CCertTemplate::MakePrivateKeyExportable(bool bMakeExportable){ return SetFlag (CERTTYPE_PRIVATE_KEY_FLAG, CT_FLAG_EXPORTABLE_KEY, bMakeExportable);}
bool CCertTemplate::AllowPrivateKeyArchival() const{ return (m_dwPrivateKeyFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL) ? true : false;}
HRESULT CCertTemplate::AllowPrivateKeyArchival(bool bAllowArchival){ return SetFlag (CERTTYPE_PRIVATE_KEY_FLAG, CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL, bAllowArchival);}
bool CCertTemplate::IncludeSymmetricAlgorithms() const{ return (m_dwEnrollmentFlags & CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS) ? true : false;}
HRESULT CCertTemplate::IncludeSymmetricAlgorithms(bool bInclude){ return SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS, bInclude);}
HRESULT CCertTemplate::DoAutoEnrollmentPendingSave(){ HRESULT hr = S_OK;
if ( m_hCertType ) { if ( IsClone () && m_bGoodForAutoenrollmentFlagPendingSave ) { // Set the flag for real
hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_AUTO_ENROLLMENT, true); // Save changes
if ( SUCCEEDED (hr) ) hr = SaveChanges (); } } else hr = E_FAIL;
return hr;}
bool CCertTemplate::AltNameIncludesDNS() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_DNS) ? true : false;}
HRESULT CCertTemplate::AltNameIncludesDNS(bool fIncludeDNS){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_ALT_REQUIRE_DNS, fIncludeDNS);}
bool CCertTemplate::AltNameIncludesEMail() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL) ? true : false;}
HRESULT CCertTemplate::AltNameIncludesEMail(bool bIncludesEMail){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL, bIncludesEMail);}
bool CCertTemplate::AltNameIncludesUPN() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_UPN) ? true : false;}
HRESULT CCertTemplate::AltNameIncludesUPN(bool bIncludesUPN){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_ALT_REQUIRE_UPN, bIncludesUPN);}
bool CCertTemplate::SubjectNameIncludesEMail() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_REQUIRE_EMAIL) ? true : false;}
HRESULT CCertTemplate::SubjectNameIncludesEMail(bool bIncludesEMail){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_REQUIRE_EMAIL, bIncludesEMail);}
bool CCertTemplate::SubjectNameMustBeFullDN() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH) ? true : false;}
HRESULT CCertTemplate::SubjectNameMustBeFullDN(bool bMustBeDN){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH, bMustBeDN);}
bool CCertTemplate::SubjectNameMustBeCN() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME) ? true : false;}
HRESULT CCertTemplate::SubjectNameMustBeCN(bool bMustBeCN){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME, bMustBeCN);}
HRESULT CCertTemplate::RequireSubjectInRequest(bool bRequire){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT, bRequire);}
bool CCertTemplate::AltNameIncludesSPN() const{ return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_SPN) ? true : false;}
HRESULT CCertTemplate::AltNameIncludesSPN(bool bIncludesSPN){ return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG, CT_FLAG_SUBJECT_ALT_REQUIRE_SPN, bIncludesSPN);}
HRESULT CCertTemplate::SetMinimumKeySizeValue(DWORD dwMinKeySize){ _TRACE (1, L"Entering CCertTemplate::SetMinimumKeySizeValue (%d)- m_hCertType = 0x%x\n", dwMinKeySize, m_hCertType); HRESULT hr = S_OK; if ( m_hCertType ) { hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_MIN_KEY_SIZE, &dwMinKeySize); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_MIN_KEY_SIZE) failed: 0x%x\n", hr); } }
_TRACE (-1, L"Leaving CCertTemplate::SetMinimumKeySizeValue (%d): 0x%x\n", dwMinKeySize, hr); return hr;
}
HRESULT CCertTemplate::ModifyCriticalExtensions (const CString &szExtension, bool bAdd){ _TRACE (1, L"Entering CCertTemplate::ModifyCriticalExtensions (%s, bAdd=%s)\n", (PCWSTR) szExtension, bAdd ? L"true" : L"false"); PWSTR* pawszCriticalExtensions = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_CRITICAL_EXTENSIONS, &pawszCriticalExtensions); if ( SUCCEEDED (hr) ) { if ( !pawszCriticalExtensions ) pawszCriticalExtensions = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR)); if ( pawszCriticalExtensions ) { hr = ModifyStringList (CERTTYPE_PROP_CRITICAL_EXTENSIONS, &pawszCriticalExtensions, szExtension, bAdd); LocalFree (pawszCriticalExtensions); } else hr = E_OUTOFMEMORY; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CRITICAL_EXTENSIONS) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::ModifyCriticalExtensions: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::ModifyCSPList(const CString &szCSPName, bool bAdd){ _TRACE (1, L"Entering CCertTemplate::ModifyCSPList (%s, bAdd=%s)\n", (PCWSTR) szCSPName, bAdd ? L"true" : L"false"); PWSTR* pawszCSPList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_CSP_LIST, &pawszCSPList); if ( SUCCEEDED (hr) ) { if ( !pawszCSPList ) pawszCSPList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*)); if ( pawszCSPList ) { hr = ModifyStringList (CERTTYPE_PROP_CSP_LIST, &pawszCSPList, szCSPName, bAdd); LocalFree (pawszCSPList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CSP_LIST) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::ModifyCSPList: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::ModifyRAIssuancePolicyList(const CString &szRAPolicyOID, bool bAdd){ _TRACE (1, L"Entering CCertTemplate::ModifyRAIssuancePolicyList (%s, bAdd=%s)\n", (PCWSTR) szRAPolicyOID, bAdd ? L"true" : L"false"); PWSTR* pawszRAPolicyList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_RA_POLICY, &pawszRAPolicyList); if ( SUCCEEDED (hr) ) { if ( !pawszRAPolicyList ) pawszRAPolicyList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*)); if ( pawszRAPolicyList ) { hr = ModifyStringList (CERTTYPE_PROP_RA_POLICY, &pawszRAPolicyList, szRAPolicyOID, bAdd); LocalFree (pawszRAPolicyList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::ModifyRAIssuancePolicyList: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::ModifyRAApplicationPolicyList(const CString &szRAPolicyOID, bool bAdd){ _TRACE (1, L"Entering CCertTemplate::ModifyRAApplicationPolicyList (%s, bAdd=%s)\n", (PCWSTR) szRAPolicyOID, bAdd ? L"true" : L"false"); PWSTR* pawszRAPolicyList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_RA_APPLICATION_POLICY, &pawszRAPolicyList); if ( SUCCEEDED (hr) ) { if ( !pawszRAPolicyList ) pawszRAPolicyList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*)); if ( pawszRAPolicyList ) { hr = ModifyStringList (CERTTYPE_PROP_RA_APPLICATION_POLICY, &pawszRAPolicyList, szRAPolicyOID, bAdd); LocalFree (pawszRAPolicyList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_APPLICATION_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::ModifyRAApplicationPolicyList: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::ModifySupercededTemplateList( const CString &szSupercededTemplateName, bool bAdd){ _TRACE (1, L"Entering CCertTemplate::ModifySupercededTemplateList (%s, bAdd=%s)\n", (PCWSTR) szSupercededTemplateName, bAdd ? L"true" : L"false");
PWSTR* pawszSupercededTemplateList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_SUPERSEDE, &pawszSupercededTemplateList); if ( SUCCEEDED (hr) ) { if ( !pawszSupercededTemplateList ) pawszSupercededTemplateList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*)); if ( pawszSupercededTemplateList ) { hr = ModifyStringList (CERTTYPE_PROP_SUPERSEDE, &pawszSupercededTemplateList, szSupercededTemplateName, bAdd); LocalFree (pawszSupercededTemplateList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_SUPERSEDE) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::ModifySupercededTemplateList: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::ModifyStringList(const CString& szPropertyName, PWSTR** ppStringList, const CString &szValue, bool bAdd){ _TRACE (1, L"Entering CCertTemplate::ModifyStringList (%s, bAdd=%s)\n", (PCWSTR) szValue, bAdd ? L"true" : L"false"); HRESULT hr = S_OK; if ( !szValue.IsEmpty () ) { bool bFound = false; int nCnt = 0; size_t cbNameBytes = 0; int nDeleteIndex = -1;
// count the number of items we already have and get the string lengths
for (int nIndex = 0; (*ppStringList)[nIndex]; nIndex++) { nCnt++; // security review 2/21/2002 BryanWal ok
cbNameBytes += (wcslen ((*ppStringList)[nIndex]) + 1) * sizeof (WCHAR); if ( !LocaleStrCmp (szValue, (*ppStringList)[nIndex]) ) { bFound = true; if ( !bAdd ) nDeleteIndex = nIndex; } }
// Adding a name: If the name was found, nothing needs to be done,
// otherwise, increment the count and rebuild the list.
// Removing a name: If the name was not found, nothing needs to be
// done, otherwise, decrement the count and rebuild the list.
if ( (bAdd && !bFound) || (!bAdd && bFound) ) { // awszResult is an array of pointers to different offsets of
// null-terminated strings stored in a contiguous array
PWSTR *awszResult = 0; if ( bAdd ) nCnt++; else nCnt--;
if ( bAdd ) { // security review 2/21/2002 BryanWal ok
cbNameBytes += (wcslen (szValue) + 1 ) * sizeof (WCHAR); } size_t cbBuf = sizeof (WCHAR*) * (nCnt + 1) + // the WCHAR pointers
cbNameBytes; // the strings themselves
awszResult = (WCHAR**) LocalAlloc (LPTR, cbBuf); if ( awszResult ) { // set the ptr to the space after the last valid index (
// including the NULL terminator
PWSTR ptr = (WCHAR*) &awszResult[nCnt+1]; int nTgtIndex = 0; for (int nSrcIndex = 0; (*ppStringList)[nSrcIndex]; nSrcIndex++) { // If we are removing the name, and this is the item to be
// removed, then skip this name and go to the next
if ( !bAdd && nSrcIndex == nDeleteIndex ) continue;
awszResult[nTgtIndex] = ptr; // security review 2/21/2002 BryanWal ok
ptr += wcslen ((*ppStringList)[nSrcIndex]) + 1; // ptr arithmetic - increments by sizeof (WCHAR)
// security review 2/21/2002 BryanWal ok
wcscpy (awszResult[nTgtIndex], (*ppStringList)[nSrcIndex]); nTgtIndex++; }
// If we are adding, append the name here
if ( bAdd ) { awszResult[nTgtIndex] = ptr; // security review 2/21/2002 BryanWal ok
ptr += wcslen (szValue) + 1; // ptr arithmetic - increments by sizeof (WCHAR)
// security review 2/21/2002 BryanWal ok
wcscpy (awszResult[nTgtIndex], szValue); nTgtIndex++; }
_ASSERT (nTgtIndex == nCnt); awszResult[nTgtIndex] = 0;
LocalFree (*ppStringList); (*ppStringList) = awszResult; hr = CASetCertTypePropertyEx (m_hCertType, szPropertyName, (*ppStringList)); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypePropertyEx (%s) failed: 0x%x\n", szPropertyName, hr); } } else hr = E_OUTOFMEMORY; } } else hr = E_INVALIDARG;
_TRACE (-1, L"Leaving CCertTemplate::ModifyStringList: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::IsExtensionCritical (PCWSTR szExtension, bool& bCritical){ _TRACE (1, L"Entering CCertTemplate::IsExtensionCritical (szExtension=%s\n", szExtension);
// Get Cryptographic Service Providers
PWSTR* pawszCriticalExtensionList = 0; bCritical = false; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_CRITICAL_EXTENSIONS, &pawszCriticalExtensionList); if ( SUCCEEDED (hr) ) { if ( pawszCriticalExtensionList ) { for (int nIndex = 0; pawszCriticalExtensionList[nIndex]; nIndex++) { if ( !wcscmp (szExtension, pawszCriticalExtensionList[nIndex]) ) { bCritical = true; break; } }
LocalFree (pawszCriticalExtensionList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CRITICAL_EXTENSIONS) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GeIsExtensionCriticaltCSP (szCSP=%s, bCritical=%s): 0x%x\n", szExtension, bCritical ? L"true" : L"false", hr); return hr;}
HRESULT CCertTemplate::GetCSP(int nIndex, CString &szCSP){ _TRACE (1, L"Entering CCertTemplate::GetCSP (nIndex=%d\n", nIndex);
// Get Cryptographic Service Providers
PWSTR* pawszCSPList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_CSP_LIST, &pawszCSPList); if ( SUCCEEDED (hr) ) { if ( pawszCSPList ) { int nCnt = 0; while ( pawszCSPList[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szCSP = pawszCSPList[nIndex]; else hr = E_INVALIDARG;
LocalFree (pawszCSPList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CSP_LIST) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetCSP (szCSP=%s): 0x%x\n", (PCWSTR) szCSP, hr); return hr;}
HRESULT CCertTemplate::GetCertPolicy (int nIndex, CString &szCertPolicy){ _TRACE (1, L"Entering CCertTemplate::GetCertPolicy (nIndex=%d\n", nIndex); HRESULT hr = S_OK; PWSTR* pawszCertPolicyList = 0;
hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_POLICY, &pawszCertPolicyList); if ( SUCCEEDED (hr) ) { if ( pawszCertPolicyList ) { int nCnt = 0; while ( pawszCertPolicyList[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szCertPolicy = pawszCertPolicyList[nIndex]; else hr = E_FAIL;
LocalFree (pawszCertPolicyList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetCertPolicy (szCSP=%s): 0x%x\n", (PCWSTR) szCertPolicy, hr); return hr;}
HRESULT CCertTemplate::GetRAIssuancePolicy (int nIndex, CString &szRAPolicyOID){ _TRACE (1, L"Entering CCertTemplate::GetRAIssuancePolicy (nIndex=%d\n", nIndex); PWSTR* pawszRAPolicyList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_RA_POLICY, &pawszRAPolicyList); if ( SUCCEEDED (hr) ) { if ( pawszRAPolicyList ) { int nCnt = 0;
while ( pawszRAPolicyList[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szRAPolicyOID = pawszRAPolicyList[nIndex]; else hr = E_FAIL; LocalFree (pawszRAPolicyList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetRAIssuancePolicy (szRAPolicyOID=%s): 0x%x\n", (PCWSTR) szRAPolicyOID, hr); return hr;}
HRESULT CCertTemplate::GetRAApplicationPolicy (int nIndex, CString &szRAPolicyOID){ _TRACE (1, L"Entering CCertTemplate::GetRAApplicationPolicy (nIndex=%d\n", nIndex); PWSTR* pawszRAPolicyList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_RA_APPLICATION_POLICY, &pawszRAPolicyList); if ( SUCCEEDED (hr) ) { if ( pawszRAPolicyList ) { int nCnt = 0;
while ( pawszRAPolicyList[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szRAPolicyOID = pawszRAPolicyList[nIndex]; else hr = E_FAIL; LocalFree (pawszRAPolicyList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_APPLICATION_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetRAApplicationPolicy (szRAPolicyOID=%s): 0x%x\n", (PCWSTR) szRAPolicyOID, hr); return hr;}HRESULT CCertTemplate::GetSupercededTemplate(int nIndex, CString &szSupercededTemplate){ _TRACE (1, L"Entering CCertTemplate::GetSupercededTemplate (nIndex=%d\n", nIndex); PWSTR* pawszSupercededTemplateList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_SUPERSEDE, &pawszSupercededTemplateList); if ( SUCCEEDED (hr) ) { if ( pawszSupercededTemplateList ) { int nCnt = 0; while ( pawszSupercededTemplateList[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szSupercededTemplate = pawszSupercededTemplateList[nIndex]; else hr = E_FAIL; LocalFree (pawszSupercededTemplateList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_SUPERSEDE) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetSupercededTemplate (szSupercededTemplate=%s): 0x%x\n", (PCWSTR) szSupercededTemplate, hr); return hr;}
bool CCertTemplate::ReadOnly() const{ return m_fIsReadOnly;}
HRESULT CCertTemplate::SetSecurity(PSECURITY_DESCRIPTOR pSD){ HRESULT hr = CACertTypeSetSecurity (m_hCertType, pSD); if (S_OK != hr) return hr;
for (int nTry = 0; nTry < 20; nTry++) { hr = CAUpdateCertType(m_hCertType); if ( FAILED (hr) && HRESULT_FROM_WIN32 (ERROR_DS_OBJ_NOT_FOUND) == hr ) { // pause and retry up to 20 times - object was renamed and needs a
// little time to propagate
// NTRAID# 643744 Certtmpl: Cannot save security settings on newly
// cloned template from member in non Root Domain -- object not found
Sleep (1000); continue; } else break; }
if ( FAILED (hr) ) Cancel ();
return hr;}
HRESULT CCertTemplate::GetSecurity(PSECURITY_DESCRIPTOR *ppSD) const{ return CACertTypeGetSecurity (m_hCertType, ppSD);}
CString CCertTemplate::GetLDAPPath() const{ return m_szLDAPPath;}
HRESULT CCertTemplate::SetValidityPeriod(int nDays){ HRESULT hr = S_OK;
if ( nDays >= 0 ) this->m_nNewValidityDays = nDays; else hr = E_INVALIDARG;
return hr;}
HRESULT CCertTemplate::SetRenewalPeriod(int nDays){ HRESULT hr = S_OK;
if ( nDays >= 0 ) this->m_nNewRenewalDays = nDays; else hr = E_INVALIDARG;
return hr;}
HRESULT CCertTemplate::SetPublishToDS(bool bPublish){ _TRACE (1, L"Entering CCertTemplate::SetPublishToDS - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_PUBLISH_TO_DS, bPublish);
_TRACE (-1, L"Leaving CCertTemplate::SetPublishToDS: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::GetRANumSignaturesRequired(DWORD &dwNumSignatures){ _TRACE (1, L"Entering CCertTemplate::GetRANumSignaturesRequired - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK; if ( m_hCertType ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_RA_SIGNATURE, &dwNumSignatures); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_RA_SIGNATURE) failed: 0x%x\n", hr); } } else hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::GetRANumSignaturesRequired: 0x%x\n", hr);
return hr;}
HRESULT CCertTemplate::SetRANumSignaturesRequired(DWORD dwNumSignaturesRequired){ _TRACE (1, L"Entering CCertTemplate::SetRANumSignaturesRequired (%d)- m_hCertType = 0x%x\n", dwNumSignaturesRequired, m_hCertType); HRESULT hr = S_OK; if ( m_hCertType ) { hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_RA_SIGNATURE, &dwNumSignaturesRequired); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_RA_SIGNATURE) failed: 0x%x\n", hr); } } else hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::SetRANumSignaturesRequired (): 0x%x\n", hr);
return hr;}
bool CCertTemplate::ReenrollmentValidWithPreviousApproval() const{ return m_dwEnrollmentFlags & CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT ? true : false;}
HRESULT CCertTemplate::SetReenrollmentValidWithPreviousApproval(bool bValid){ _TRACE (1, L"Entering CCertTemplate::SetReenrollmentValidWithPreviousApproval - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT, bValid);
_TRACE (-1, L"Leaving CCertTemplate::SetReenrollmentValidWithPreviousApproval: 0x%x\n", hr); return hr;}
bool CCertTemplate::PendAllRequests() const{ return m_dwEnrollmentFlags & CT_FLAG_PEND_ALL_REQUESTS ? true : false;}
HRESULT CCertTemplate::SetPendAllRequests(bool bPend){ _TRACE (1, L"Entering CCertTemplate::SetPendAllRequests - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_PEND_ALL_REQUESTS, bPend);
_TRACE (-1, L"Leaving CCertTemplate::SetPendAllRequests: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::GetMajorVersion(DWORD &dwMajorVersion) const{// _TRACE (1, L"Entering CCertTemplate::GetMajorVersion\n");
HRESULT hr = S_OK;
if ( m_hCertType ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_REVISION, &dwMajorVersion); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_REVISION) failed: 0x%x\n", hr); } } else hr = E_FAIL;
// _TRACE (-1, L"Leaving CCertTemplate::GetMajorVersion (dwMajorVersion = %d) : 0x%x\n",
// dwMajorVersion, hr);
return hr;}
HRESULT CCertTemplate::GetMinorVersion(DWORD &dwMinorVersion) const{// _TRACE (1, L"Entering CCertTemplate::GetMinorVersion\n");
HRESULT hr = S_OK;
if ( m_hCertType ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_MINOR_REVISION, &dwMinorVersion); if ( FAILED (hr) ) { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION) failed: 0x%x\n", hr); } } else hr = E_FAIL;
// _TRACE (-1, L"Leaving CCertTemplate::GetMinorVersion (dwMinorVersion = %d) : 0x%x\n",
// dwMinorVersion, hr);
return hr;}
HRESULT CCertTemplate::IncrementMajorVersion(){ _TRACE (1, L"Entering CCertTemplate::IncrementMajorVersion\n"); HRESULT hr = S_OK; DWORD dwMajorVersion = 0;
if ( m_hCertType ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_REVISION, &dwMajorVersion); if ( SUCCEEDED (hr) ) { dwMajorVersion++; hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_REVISION, &dwMajorVersion); if ( SUCCEEDED (hr) ) { DWORD dwMinorVersion = 0; hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_MINOR_REVISION, &dwMinorVersion); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION, %d) failed: 0x%x\n", dwMinorVersion, hr); } } else { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_REVISION, %d) failed: 0x%x\n", dwMajorVersion, hr); } } else { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_REVISION) failed: 0x%x\n", hr); } } else hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::IncrementMajorVersion (dwMajorVersion = %d) : 0x%x\n", dwMajorVersion, hr); return hr;}
HRESULT CCertTemplate::IncrementMinorVersion(){ _TRACE (1, L"Entering CCertTemplate::IncrementMinorVersion\n"); HRESULT hr = S_OK; DWORD dwMinorVersion = 0;
if ( m_hCertType ) { hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_MINOR_REVISION, &dwMinorVersion); if ( SUCCEEDED (hr) ) { dwMinorVersion++; hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_MINOR_REVISION, &dwMinorVersion); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION, %d) failed: 0x%x\n", dwMinorVersion, hr); } } else { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION) failed: 0x%x\n", hr); } } else hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::IncrementMinorVersion (dwMinorVersion = %d) : 0x%x\n", dwMinorVersion, hr); return hr;}
bool CCertTemplate::GoodForAutoEnrollment() const{ bool bGoodForAutoEnrollment = false;
// Bug 175912 Version 1 type templates not good for autoenrollment
if ( (GetType () > 1) && (m_dwEnrollmentFlags & CT_FLAG_AUTO_ENROLLMENT) ) bGoodForAutoEnrollment = true;
return bGoodForAutoEnrollment;}
HRESULT CCertTemplate::SetKeyUsage(CRYPT_BIT_BLOB* pKeyUsage, bool bCritical){ _TRACE (1, L"Entering CCertTemplate::SetKeyUsage\n"); HRESULT hr = S_OK; if ( pKeyUsage ) { hr = CASetCertTypeExtension( m_hCertType, TEXT (szOID_KEY_USAGE), bCritical ? CA_EXT_FLAG_CRITICAL : 0, pKeyUsage); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypeExtension (szOID_KEY_USAGE) failed: 0x%x\n", hr); } } else hr = E_POINTER;
_TRACE (-1, L"Leaving CCertTemplate::SetKeyUsage: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetBasicConstraints(PCERT_BASIC_CONSTRAINTS2_INFO pBCInfo, bool bCritical){ _TRACE (1, L"Entering CCertTemplate::SetBasicConstraints\n"); HRESULT hr = S_OK; if ( pBCInfo ) { hr = CASetCertTypeExtension( m_hCertType, TEXT (szOID_BASIC_CONSTRAINTS2), bCritical ? CA_EXT_FLAG_CRITICAL : 0, pBCInfo); if ( FAILED (hr) ) { _TRACE (0, L"CASetCertTypeExtension (X509_BASIC_CONSTRAINTS2) failed: 0x%x\n", hr); } } else hr = E_POINTER;
_TRACE (-1, L"Leaving CCertTemplate::SetBasicConstraints: 0x%x\n", hr); return hr;}
bool CCertTemplate::CheckDSCert() const{ return (m_dwEnrollmentFlags & CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE) ? true : false;}
HRESULT CCertTemplate::SetCheckDSCert(bool bCheck){ return SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE, bCheck);}
bool CCertTemplate::RemoveInvalidCertFromPersonalStore () const{ return (m_dwEnrollmentFlags & CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE) ? true : false;}
HRESULT CCertTemplate::SetRemoveInvalidCertFromPersonalStore(bool bRemove){ return SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE, bRemove);}
bool CCertTemplate::UserInteractionRequired () const{ return (m_dwEnrollmentFlags & CT_FLAG_USER_INTERACTION_REQUIRED) ? true : false;}
HRESULT CCertTemplate::SetUserInteractionRequired(bool bSet){ return SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_USER_INTERACTION_REQUIRED, bSet);}
bool CCertTemplate::StrongKeyProtectionRequired () const{ return (m_dwPrivateKeyFlags & CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED) ? true : false;}
HRESULT CCertTemplate::SetStrongKeyProtectionRequired(bool bSet){ return SetFlag (CERTTYPE_PRIVATE_KEY_FLAG, CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED, bSet);}
HRESULT CCertTemplate::GetEnhancedKeyUsage (int nIndex, CString &szEKU){ _TRACE (1, L"Entering CCertTemplate::GetEnhancedKeyUsage (nIndex=%d\n", nIndex); HRESULT hr = S_OK; PWSTR* pawszEKU = 0;
hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_EXTENDED_KEY_USAGE, &pawszEKU); if ( SUCCEEDED (hr) ) { if ( pawszEKU ) { int nCnt = 0;
while ( pawszEKU[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szEKU = pawszEKU[nIndex]; else hr = E_FAIL; } else hr = E_FAIL;
LocalFree (pawszEKU); } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_EXTENDED_KEY_USAGE) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetEnhancedKeyUsage (szEKU=%s): 0x%x\n", (PCWSTR) szEKU, hr); return hr;}
HRESULT CCertTemplate::GetApplicationPolicy (int nIndex, CString &szAppPolicy){ _TRACE (1, L"Entering CCertTemplate::GetApplicationPolicy (nIndex=%d\n", nIndex); HRESULT hr = S_OK; PWSTR* pawszAppPolicy = 0;
hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_APPLICATION_POLICY, &pawszAppPolicy); if ( SUCCEEDED (hr) ) { if ( pawszAppPolicy ) { int nCnt = 0;
while ( pawszAppPolicy[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szAppPolicy = pawszAppPolicy[nIndex]; else hr = E_FAIL; } else hr = E_FAIL;
LocalFree (pawszAppPolicy); } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_APPLICATION_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetApplicationPolicy (szAppPolicy=%s): 0x%x\n", (PCWSTR) szAppPolicy, hr); return hr;}
HRESULT CCertTemplate::SetEnhancedKeyUsage (const PWSTR* pawszEKU, bool bCritical){ _TRACE (1, L"Entering CCertTemplate::SetEnhancedKeyUsage ()\n"); HRESULT hr = S_OK;
hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_EXTENDED_KEY_USAGE, (PVOID) pawszEKU); if ( SUCCEEDED (hr) ) { hr = ModifyCriticalExtensions (szOID_ENHANCED_KEY_USAGE, bCritical); } else { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_EXTENDED_KEY_USAGE) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::SetEnhancedKeyUsage: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetApplicationPolicy (const PWSTR* pawszAppPolicy, bool bCritical){ _TRACE (1, L"Entering CCertTemplate::SetApplicationPolicy ()\n"); HRESULT hr = S_OK;
hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_APPLICATION_POLICY, (PVOID) pawszAppPolicy); if ( SUCCEEDED (hr) ) { hr = ModifyCriticalExtensions (szOID_APPLICATION_CERT_POLICIES, bCritical); } else { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_APPLICATION_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::SetApplicationPolicy: 0x%x\n", hr); return hr;}
HRESULT CCertTemplate::SetCertPolicy (const PWSTR* pawszCertPolicy, bool bCritical){ _TRACE (1, L"Entering CCertTemplate::SetCertPolicy ()\n"); HRESULT hr = S_OK;
hr = CASetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_POLICY, (PVOID) pawszCertPolicy); if ( SUCCEEDED (hr) ) { hr = ModifyCriticalExtensions (szOID_CERT_POLICIES, bCritical); } else { _TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_POLICY) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::SetCertPolicy: 0x%x\n", hr); return hr;}void CCertTemplate::FreeCertExtensions(){ if ( m_pCertExtensions ) { CAFreeCertTypeExtensions (m_hCertType, m_pCertExtensions); m_pCertExtensions = 0; }}
HRESULT CCertTemplate::Cancel(){ _TRACE (1, L"Entering CCertTemplate::Cancel\n"); HRESULT hr = S_OK;
// Close and re-open cert template without saving.
if ( m_hCertType ) { FreeCertExtensions ();
hr = CACloseCertType (m_hCertType); _ASSERT (SUCCEEDED (hr)); if ( SUCCEEDED (hr) ) { m_hCertType = 0;
// Reinitialize the cert template
if ( !m_bIsClone ) hr = Initialize (); } else { _TRACE (0, L"CACloseCertType (%s) failed: 0x%x\n", hr); } } else hr = E_FAIL;
_TRACE (-1, L":Leaving CCertTemplate::Cancel: 0x%x\n", hr); return hr;}
/* NO LONGER NEEDED NTRAID# 321742
bool CCertTemplate::AllowAutoenrollment(){ // Bug 251388 "There are templates that should never be allowed to set
// autoenrollment flag (CT_FLAG_AUTO_ENROLLMENT). The "Allow
// Autoenrollment" task for those templates should be disabled if one of
// the following three conditions is true:
//
// templates whose subject name flag has CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT
// set;
// templates whose subject name flag has
// CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME set;
// templates whose CERTTYPE_PROP_RA_SIGNATURE is greater than 1 and
// CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT is not set in the
// enrollment flag."
bool bResult = true; DWORD dwNumSignatures = 0; GetRANumSignaturesRequired (dwNumSignatures);
// NTRAID# 175912 Version 1 type templates not good for autoenrollment
if ( 1 == GetType () || (m_dwSubjectNameFlags & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT) || (m_dwSubjectNameFlags & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME) || ( dwNumSignatures > 1 && !(m_dwEnrollmentFlags & CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT)) ) { bResult = false; }
// NTRAID# 276180 Certificate Template Snap-in: Grey out "Allow
// Autoenrollment" context menu based on properties of the template
if ( RequireSubjectInRequest () || dwNumSignatures >= 2 && !ReenrollmentValidWithPreviousApproval () ) { bResult = false; }
return bResult;}*/
HRESULT CCertTemplate::GetSubjectTypeDescription (int nIndex, CString &szSubjectTypeDescription){ _TRACE (1, L"Entering CCertTemplate::GetSubjectTypeDescription (nIndex=%d\n", nIndex); PWSTR* pawszSubjectTypeDescriptionList = 0; HRESULT hr = CAGetCertTypeProperty (m_hCertType, CERTTYPE_PROP_DESCRIPTION, &pawszSubjectTypeDescriptionList); if ( SUCCEEDED (hr) ) { if ( pawszSubjectTypeDescriptionList ) { int nCnt = 0;
while ( pawszSubjectTypeDescriptionList[nCnt] ) nCnt++;
if ( nIndex < nCnt ) szSubjectTypeDescription = pawszSubjectTypeDescriptionList[nIndex]; else hr = E_FAIL; LocalFree (pawszSubjectTypeDescriptionList); } else hr = E_FAIL; } else { _TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_DESCRIPTION) failed: 0x%x\n", hr); }
_TRACE (-1, L"Leaving CCertTemplate::GetSubjectTypeDescription (szRAPolicyOID=%s): 0x%x\n", (PCWSTR) szSubjectTypeDescription, hr); return hr;}
// NTRAID# 278356 CertSRV: No CSPs in mmc certificate snapin advanced
// option list with v2 templates that have ENC and SIG as purpose.
HRESULT CCertTemplate::SetDigitalSignature( bool bSet, bool bSetOnlyDigitalSignature /* = false */){ _TRACE (1, L"Entering CCertTemplate::SetDigitalSignature (bSet = %s)\n", bSet ? L"true" : L"false"); PCERT_EXTENSION pCertExtension = 0; HRESULT hr = GetCertExtension (szOID_KEY_USAGE, &pCertExtension); if ( SUCCEEDED (hr) ) { ASSERT (pCertExtension); if ( pCertExtension ) { DWORD cbKeyUsage = 0; if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE, pCertExtension->Value.pbData, pCertExtension->Value.cbData, 0, NULL, &cbKeyUsage) ) { CRYPT_BIT_BLOB* pKeyUsage = (CRYPT_BIT_BLOB*) ::LocalAlloc (LPTR, cbKeyUsage); if ( pKeyUsage ) { if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING, szOID_KEY_USAGE, pCertExtension->Value.pbData, pCertExtension->Value.cbData, 0, pKeyUsage, &cbKeyUsage) ) { if (pKeyUsage->cbData >= 1) { pKeyUsage->cUnusedBits = 0;
if ( bSetOnlyDigitalSignature ) { pKeyUsage->pbData[0] = CERT_DIGITAL_SIGNATURE_KEY_USAGE; } else if ( bSet ) pKeyUsage->pbData[0] |= CERT_DIGITAL_SIGNATURE_KEY_USAGE; else pKeyUsage->pbData[0] &= ~CERT_DIGITAL_SIGNATURE_KEY_USAGE;
hr = SetKeyUsage (pKeyUsage, pCertExtension->fCritical ? true : false); } else hr = E_FAIL; } else { DWORD dwErr = GetLastError (); hr = HRESULT_FROM_WIN32 (dwErr); _TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr); } LocalFree (pKeyUsage); } else hr = E_OUTOFMEMORY; } else { DWORD dwErr = GetLastError (); hr = HRESULT_FROM_WIN32 (dwErr); _TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr); } }
FreeCertExtensions (); }
_TRACE (-1, L"Leaving CCertTemplate::SetDigitalSignature (bSet = %s): 0x%x\n", bSet ? L"true" : L"false", hr); return hr;}
HRESULT CCertTemplate::GetDigitalSignature( bool &bHasDigitalSignature, bool* pbHasOnlyDigitalSignature /* = 0 */){ _TRACE (1, L"Entering CCertTemplate::GetDigitalSignature ()\n"); PCERT_EXTENSION pCertExtension = 0; HRESULT hr = GetCertExtension (szOID_KEY_USAGE, &pCertExtension); if ( SUCCEEDED (hr) ) { ASSERT (pCertExtension); if ( pCertExtension ) { DWORD cbKeyUsage = 0; if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE, pCertExtension->Value.pbData, pCertExtension->Value.cbData, 0, NULL, &cbKeyUsage) ) { CRYPT_BIT_BLOB* pKeyUsage = (CRYPT_BIT_BLOB*) ::LocalAlloc (LPTR, cbKeyUsage); if ( pKeyUsage ) { if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING, szOID_KEY_USAGE, pCertExtension->Value.pbData, pCertExtension->Value.cbData, 0, pKeyUsage, &cbKeyUsage) ) { if (pKeyUsage->cbData >= 1) { pKeyUsage->cUnusedBits = 0;
if ( pKeyUsage->pbData[0] & CERT_DIGITAL_SIGNATURE_KEY_USAGE ) bHasDigitalSignature = true; else bHasDigitalSignature = false;
if ( pbHasOnlyDigitalSignature ) { if ( pKeyUsage->pbData[0] == CERT_DIGITAL_SIGNATURE_KEY_USAGE ) *pbHasOnlyDigitalSignature = true; else *pbHasOnlyDigitalSignature = false; } } else hr = E_FAIL; } else { DWORD dwErr = GetLastError (); hr = HRESULT_FROM_WIN32 (dwErr); _TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr); } LocalFree (pKeyUsage); } else hr = E_OUTOFMEMORY; } else { DWORD dwErr = GetLastError (); hr = HRESULT_FROM_WIN32 (dwErr); _TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr); } }
FreeCertExtensions (); }
_TRACE (-1, L"Leaving CCertTemplate::GetDigitalSignature (bHasDigitalSignature = %s): 0x%x\n", bHasDigitalSignature ? L"true" : L"false", hr); return hr;}
void CCertTemplate::IssuancePoliciesRequired(bool bRequired){ m_bIssuancePoliciesRequired = bRequired;}
bool CCertTemplate::IssuancePoliciesRequired() const{ return m_bIssuancePoliciesRequired;}
CString CCertTemplate::GetDN () const{ _TRACE (1, L"Entering CCertTemplate::GetDN - m_hCertType = 0x%x\n", m_hCertType); HRESULT hr = S_OK; CString szDN;
if ( m_hCertType ) { PWSTR* rgwszProp = 0;
hr = CAGetCertTypePropertyEx (m_hCertType, CERTTYPE_PROP_DN, &rgwszProp); if ( SUCCEEDED (hr) && rgwszProp ) { szDN = *rgwszProp; CAFreeCertTypeProperty (m_hCertType, rgwszProp); } else { _TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_DN) failed: 0x%x\n", hr); szDN = GetObjectName (); } } else szDN = GetObjectName ();
_TRACE (-1, L"Leaving CCertTemplate::GetDN: %s, 0x%x\n", (PCWSTR) szDN, hr); return szDN;}
|
