archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/admin/snapin/certmgr/autocert.cpp

444 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1998-2002.
  5. //
  6. // File: AutoCert.cpp
  7. //
  8. // Contents: implementation of the CAutoCertRequest class.
  9. //
  10. //----------------------------------------------------------------------------
  12. #include "stdafx.h"
  13. #include <gpedit.h>
  14. #include "AutoCert.h"
  15. #include "storegpe.h"
  18. USE_HANDLE_MACROS("CERTMGR(AutoCert.cpp)")
  21. ////////////////////////////////////////////////////////////
  22. // Construction/Destruction
  23. //////////////////////////////////////////////////////////////////////
  25. CAutoCertRequest::CAutoCertRequest (const PCCTL_CONTEXT pCTLContext, CCertStore& rCertStore) :
  26. CCTL (pCTLContext, rCertStore, CERTMGR_AUTO_CERT_REQUEST),
  27. m_pCertTypeExtension (0),
  28. m_pEnhKeyUsageExtension (0),
  29. m_bCANamesEnumerated (false),
  30. m_hCertType (0)
  31. {
  32. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  33. }
  35. CAutoCertRequest::~CAutoCertRequest()
  36. {
  37. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  38. if ( m_hCertType )
  39. {
  40. VERIFY (SUCCEEDED (::CACloseCertType (m_hCertType)));
  41. }
  42. }
  46. HRESULT CAutoCertRequest::GetCertTypeName(CString & certTypeName)
  47. {
  48. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  49. HRESULT hResult = S_OK;
  53. if ( CERTMGR_LOG_STORE_GPE != GetCertStore().m_objecttype &&
  54. CERTMGR_LOG_STORE_RSOP != GetCertStore().m_objecttype )
  55. {
  56. hResult = E_FAIL;
  57. return hResult;
  58. }
  60. CCertStore* pStore = reinterpret_cast <CCertStore*>(&GetCertStore());
  61. if(pStore == NULL)
  62. {
  63. hResult = E_FAIL;
  64. return hResult;
  65. }
  70. if ( m_szCertTypeName.IsEmpty () )
  71. {
  72. bool bFound = false;
  75. hResult = E_FAIL;
  76. PCERT_EXTENSION pCertTypeExtension = GetCertTypeExtension ();
  77. if ( pCertTypeExtension )
  78. {
  79. DWORD cbValue = 0;
  81. if ( ::CryptDecodeObject(
  82. CRYPT_ASN_ENCODING,
  83. X509_UNICODE_ANY_STRING,
  84. pCertTypeExtension->Value.pbData,
  85. pCertTypeExtension->Value.cbData,
  86. 0,
  87. 0,
  88. &cbValue) )
  89. {
  90. CERT_NAME_VALUE* pCNValue = (CERT_NAME_VALUE*)
  91. ::LocalAlloc(LPTR, cbValue);
  92. if ( pCNValue )
  93. {
  94. if ( ::CryptDecodeObject(
  95. CRYPT_ASN_ENCODING,
  96. X509_UNICODE_ANY_STRING,
  97. pCertTypeExtension->Value.pbData,
  98. pCertTypeExtension->Value.cbData,
  99. 0,
  100. pCNValue,
  101. &cbValue) )
  102. {
  103. LPWSTR pszCertTypeName = (LPWSTR) pCNValue->Value.pbData;
  104. CString CAName;
  105. HCERTTYPE hCertType = 0;
  107. hResult = ::CAFindCertTypeByName ( pszCertTypeName,
  108. NULL,
  109. (pStore->IsMachineStore()?CT_ENUM_MACHINE_TYPES:CT_ENUM_USER_TYPES),
  110. &hCertType);
  111. if ( SUCCEEDED (hResult) )
  112. {
  113. WCHAR** pawszPropertyValue = 0;
  115. hResult = ::CAGetCertTypeProperty (hCertType,
  116. CERTTYPE_PROP_FRIENDLY_NAME,
  117. &pawszPropertyValue);
  118. ASSERT (SUCCEEDED (hResult));
  119. if ( SUCCEEDED (hResult) )
  120. {
  121. if ( pawszPropertyValue[0] )
  122. {
  123. m_szCertTypeName = pawszPropertyValue[0];
  124. bFound = true;
  125. m_hCertType = hCertType;
  126. }
  127. else
  128. {
  129. VERIFY (SUCCEEDED (::CAFreeCertTypeProperty (hCertType,
  130. pawszPropertyValue)));
  131. }
  132. }
  133. if ( !bFound )
  134. {
  135. hResult = ::CACloseCertType (hCertType);
  136. ASSERT (SUCCEEDED (hResult));
  137. }
  138. }
  140. }
  141. else
  142. {
  143. DWORD dwErr = GetLastError ();
  144. DisplaySystemError (NULL, dwErr);
  145. hResult = HRESULT_FROM_WIN32 (dwErr);
  146. }
  147. ::LocalFree (pCNValue);
  148. }
  149. else
  150. {
  151. hResult = E_OUTOFMEMORY;
  152. }
  153. }
  154. else
  155. {
  156. DWORD dwErr = GetLastError ();
  157. DisplaySystemError (NULL, dwErr);
  158. hResult = HRESULT_FROM_WIN32 (dwErr);
  159. }
  160. }
  161. // If all calls succeded but it still wasn't found, then fail anyway.
  162. if ( SUCCEEDED (hResult) && !bFound )
  163. hResult = E_FAIL;
  164. }
  166. if ( SUCCEEDED (hResult) )
  167. certTypeName = m_szCertTypeName;
  169. return hResult;
  170. }
  172. PCERT_EXTENSION CAutoCertRequest::GetCertTypeExtension()
  173. {
  174. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  175. if ( !m_pCertTypeExtension )
  176. {
  177. m_pCertTypeExtension = ::CertFindExtension (
  178. szOID_ENROLL_CERTTYPE_EXTENSION,
  179. GetCTLContext ()->pCtlInfo->cExtension,
  180. GetCTLContext ()->pCtlInfo->rgExtension);
  181. ASSERT (m_pCertTypeExtension);
  182. if ( !m_pCertTypeExtension )
  183. {
  184. DisplaySystemError (NULL, GetLastError ());
  185. }
  186. }
  188. return m_pCertTypeExtension;
  189. }
  191. PCERT_EXTENSION CAutoCertRequest::GetEnhancedKeyUsageExtension()
  192. {
  193. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  194. if ( !m_pEnhKeyUsageExtension )
  195. {
  196. m_pEnhKeyUsageExtension = ::CertFindExtension (
  197. szOID_ENHANCED_KEY_USAGE,
  198. GetCTLContext ()->pCtlInfo->cExtension,
  199. GetCTLContext ()->pCtlInfo->rgExtension);
  200. ASSERT (m_pEnhKeyUsageExtension);
  201. if ( !m_pEnhKeyUsageExtension )
  202. {
  203. DWORD dwErr = GetLastError ();
  204. if ( dwErr )
  205. DisplaySystemError (NULL, dwErr);
  206. }
  207. }
  209. return m_pEnhKeyUsageExtension;
  210. }
  212. HRESULT CAutoCertRequest::GetUsages(CString & usages)
  213. {
  214. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  215. HRESULT hResult = S_OK;
  217. if ( m_szUsages.IsEmpty () )
  218. {
  219. hResult = E_FAIL;
  220. PCERT_EXTENSION pEnhKeyUsageExtension = GetEnhancedKeyUsageExtension ();
  221. ASSERT (pEnhKeyUsageExtension);
  222. if ( pEnhKeyUsageExtension )
  223. {
  224. DWORD cbEnhKeyUsage = 0;
  227. if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING,
  228. szOID_ENHANCED_KEY_USAGE,
  229. pEnhKeyUsageExtension->Value.pbData,
  230. pEnhKeyUsageExtension->Value.cbData,
  231. 0, NULL, &cbEnhKeyUsage) )
  232. {
  233. PCERT_ENHKEY_USAGE pEnhKeyUsage = (PCERT_ENHKEY_USAGE)
  234. ::LocalAlloc (LPTR, cbEnhKeyUsage);
  235. if ( pEnhKeyUsage )
  236. {
  237. if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING,
  238. szOID_ENHANCED_KEY_USAGE,
  239. pEnhKeyUsageExtension->Value.pbData,
  240. pEnhKeyUsageExtension->Value.cbData,
  241. 0, pEnhKeyUsage, &cbEnhKeyUsage) )
  242. {
  243. CString usageName;
  245. for (DWORD dwIndex = 0;
  246. dwIndex < pEnhKeyUsage->cUsageIdentifier;
  247. dwIndex++)
  248. {
  249. if ( MyGetOIDInfo (usageName,
  250. pEnhKeyUsage->rgpszUsageIdentifier[dwIndex]) )
  251. {
  252. // add delimeter if not first iteration
  253. if ( dwIndex )
  254. m_szUsages += _T(", ");
  255. m_szUsages += usageName;
  256. }
  257. }
  258. hResult = S_OK;
  259. }
  260. else
  261. DisplaySystemError (NULL, GetLastError());
  262. ::LocalFree (pEnhKeyUsage);
  263. }
  264. else
  265. {
  266. hResult = E_OUTOFMEMORY;
  267. }
  268. }
  269. else
  270. DisplaySystemError (NULL, GetLastError());
  271. }
  272. }
  274. if ( SUCCEEDED (hResult) )
  275. usages = m_szUsages;
  277. return hResult;
  278. }
  281. // To get CAs, enumerate CAs on DS, get certs, get hash, compare with stored hash
  282. // in CTL, if match found, call GetCAInfoFromDS
  285. HRESULT CAutoCertRequest::BuildCANameList()
  286. {
  287. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  288. HRESULT hResult = S_OK;
  290. if ( !m_bCANamesEnumerated )
  291. {
  292. m_bCANamesEnumerated = true;
  294. // To get CAs, enumerate CAs on DS, get certs, get hash, compare with stored hash
  295. // in CTL, if match found, call GetCAInfoFromDS
  296. CWaitCursor waitCursor;
  297. HCAINFO hCAInfo = 0;
  298. DWORD dwCACnt = 0;
  299. HCAINFO* pCAList = 0;
  300. UINT nIndex = 0;
  301. PCCERT_CONTEXT* ppCertContext = NULL;
  302. DWORD cbHash = 20;
  303. hResult = ::CAEnumFirstCA (NULL, 0, &hCAInfo);
  304. if ( SUCCEEDED (hResult) )
  305. dwCACnt = ::CACountCAs (hCAInfo);
  307. if ( dwCACnt > 0 )
  308. {
  310. pCAList = new HCAINFO[dwCACnt];
  311. ppCertContext = new PCCERT_CONTEXT[dwCACnt];
  312. if ( pCAList && ppCertContext )
  313. {
  314. nIndex = 0;
  315. while (SUCCEEDED (hResult) && hCAInfo && nIndex < dwCACnt)
  316. {
  317. pCAList[nIndex] = hCAInfo;
  318. hResult = ::CAGetCACertificate (hCAInfo, &ppCertContext[nIndex]);
  319. ASSERT (SUCCEEDED (hResult));
  320. nIndex++;
  321. hResult = ::CAEnumNextCA (hCAInfo, &hCAInfo);
  322. }
  324. PCCTL_CONTEXT pCTLContext = GetCTLContext ();
  325. if ( pCTLContext )
  326. {
  327. PCTL_INFO pCTLInfo = pCTLContext->pCtlInfo;
  328. DWORD cCTLEntry = pCTLInfo->cCTLEntry;
  329. PCTL_ENTRY rgCTLEntry = pCTLInfo->rgCTLEntry;
  330. const size_t HASH_SIZE = 20;
  331. BYTE pbHash[HASH_SIZE];
  333. for (UINT nCAHash = 0; nCAHash < cCTLEntry; nCAHash++)
  334. {
  335. for (UINT nCertContextIndex = 0; nCertContextIndex < dwCACnt; nCertContextIndex++)
  336. {
  337. cbHash = HASH_SIZE;
  338. if (::CertGetCertificateContextProperty (ppCertContext[nCertContextIndex],
  339. CERT_SHA1_HASH_PROP_ID,
  340. pbHash,
  341. &cbHash) )
  342. {
  344. // Compare pbHash with pCAHash;
  345. // security review 2/26/2002 BryanWal ok
  346. ASSERT (pbHash);
  347. if ( !pbHash )
  348. break;
  350. if ( !memcmp (pbHash,
  351. rgCTLEntry[nCAHash].SubjectIdentifier.pbData,
  352. rgCTLEntry[nCAHash].SubjectIdentifier.cbData) )
  353. {
  354. LPWSTR *awszCAName = NULL;
  355. LPWSTR *awszCADisplayName = NULL;
  356. //
  357. // Add this CA to the list of
  358. // CA's.
  359. //
  361. // get the name of the CA
  362. hResult = ::CAGetCAProperty (pCAList[nCertContextIndex],
  363. CA_PROP_NAME,
  364. &awszCAName);
  367. if (SUCCEEDED (hResult) && awszCAName && awszCAName[0] )
  368. {
  370. // get the display name of the CA
  371. hResult = ::CAGetCAProperty (pCAList[nCertContextIndex],
  372. CA_PROP_DISPLAY_NAME,
  373. &awszCADisplayName);
  375. if ( SUCCEEDED(hResult) && awszCADisplayName && awszCADisplayName[0] )
  376. {
  377. m_CANameList.AddHead (awszCAName[0]);
  379. m_CADisplayNameList.AddHead (awszCADisplayName[0]);
  380. }
  381. }
  383. if ( awszCAName )
  384. {
  385. CAFreeCAProperty(pCAList[nCertContextIndex], awszCAName);
  386. }
  387. if ( awszCADisplayName )
  388. {
  389. CAFreeCAProperty(pCAList[nCertContextIndex], awszCADisplayName);
  390. }
  391. break;
  393. }
  394. }
  395. else
  396. {
  397. DWORD dwErr = GetLastError ();
  398. hResult = HRESULT_FROM_WIN32 (dwErr);
  399. DisplaySystemError (NULL, dwErr);
  400. break;
  401. }
  402. }
  403. }
  404. }
  406. for (UINT nCAListIndex = 0; nCAListIndex < dwCACnt; nCAListIndex++)
  407. {
  408. hResult = ::CACloseCA (pCAList[nCAListIndex]);
  409. ASSERT (SUCCEEDED (hResult));
  411. ::CertFreeCertificateContext (ppCertContext[nCAListIndex]);
  412. }
  413. }
  414. else
  415. {
  416. hResult = E_OUTOFMEMORY;
  417. }
  418. if ( pCAList )
  419. delete [] pCAList;
  420. if ( ppCertContext )
  421. delete [] ppCertContext;
  422. }
  423. }
  425. return hResult;
  426. }
  428. CStringList& CAutoCertRequest::GetCANameList(bool fDisplayName)
  429. {
  430. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  431. BuildCANameList ();
  432. return fDisplayName?m_CADisplayNameList:m_CANameList;
  433. }
  435. HCERTTYPE CAutoCertRequest::GetCertType()
  436. {
  437. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  438. if ( !m_hCertType )
  439. {
  440. CString name;
  441. GetCertTypeName (name); // generates m_hCertType
  442. }
  443. return m_hCertType;
  444. }