Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

915 lines
25 KiB

  1. //+--------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1996-1996
  5. //
  6. // File: ch.cpp
  7. //
  8. // Contents:
  9. // All Clearing house related function
  10. //
  11. // History:
  12. //
  13. // Note:
  14. //---------------------------------------------------------------------------
  15. #include "pch.cpp"
  16. #include "clrhouse.h"
  17. #include "globals.h"
  18. #include "gencert.h"
  19. /*****************************************************************************
  20. *****************************************************************************/
  21. BOOL
  22. TLSChainIssuerCertificate(
  23. HCRYPTPROV hCryptProv,
  24. HCERTSTORE hChainFromStore,
  25. HCERTSTORE hChainToStore,
  26. PCCERT_CONTEXT pSubjectContext
  27. )
  28. /*
  29. */
  30. {
  31. DWORD dwStatus = ERROR_SUCCESS;
  32. PCCERT_CONTEXT pCertIssuer=NULL;
  33. PCCERT_CONTEXT pCurrentSubject = NULL;
  34. DWORD dwFlags;
  35. //
  36. // Increase reference count on Subject context.
  37. //
  38. // From MSDN: Currently, a copy is not made of the context, and the
  39. // returned pointer to a context has the same value as the pointer to a
  40. // context that was input.
  41. //
  42. pCurrentSubject = CertDuplicateCertificateContext(
  43. pSubjectContext
  44. );
  45. while( TRUE )
  46. {
  47. dwFlags = CERT_STORE_SIGNATURE_FLAG;
  48. pCertIssuer = CertGetIssuerCertificateFromStore(
  49. hChainFromStore,
  50. pCurrentSubject,
  51. NULL,
  52. &dwFlags
  53. );
  54. CertFreeCertificateContext(pCurrentSubject);
  55. if(!pCertIssuer)
  56. {
  57. dwStatus = GetLastError();
  58. break;
  59. }
  60. if(dwFlags & CERT_STORE_SIGNATURE_FLAG)
  61. {
  62. //
  63. // we have invalid signature from certificate
  64. //
  65. dwStatus = TLS_E_INVALID_DATA;
  66. break;
  67. }
  68. if(!CertAddCertificateContextToStore(
  69. hChainToStore,
  70. pCertIssuer,
  71. CERT_STORE_ADD_REPLACE_EXISTING,
  72. NULL
  73. ))
  74. {
  75. dwStatus = GetLastError();
  76. break;
  77. }
  78. pCurrentSubject = pCertIssuer;
  79. }
  80. if(dwStatus == CRYPT_E_SELF_SIGNED)
  81. {
  82. dwStatus = ERROR_SUCCESS;
  83. }
  84. SetLastError(dwStatus);
  85. if(pCertIssuer)
  86. {
  87. CertFreeCertificateContext(pCertIssuer);
  88. }
  89. return dwStatus == ERROR_SUCCESS;
  90. }
  91. /*****************************************************************************
  92. *****************************************************************************/
  93. HCERTSTORE
  94. CertOpenRegistryStore(
  95. HKEY hKeyType,
  96. LPCTSTR szSubKey,
  97. HCRYPTPROV hCryptProv,
  98. HKEY* phKey
  99. )
  100. /*
  101. */
  102. {
  103. DWORD dwStatus;
  104. HCERTSTORE hCertStore;
  105. dwStatus=RegOpenKeyEx(hKeyType, szSubKey, 0, KEY_ALL_ACCESS, phKey);
  106. if(dwStatus != ERROR_SUCCESS)
  107. {
  108. SetLastError(dwStatus);
  109. return NULL;
  110. }
  111. hCertStore = CertOpenStore(
  112. CERT_STORE_PROV_REG,
  113. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  114. hCryptProv,
  115. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  116. (PVOID)*phKey
  117. );
  118. return hCertStore;
  119. }
  120. /*****************************************************************************
  121. TransferCertFromStoreToStore()
  122. *****************************************************************************/
  123. DWORD
  124. TransferCertFromStoreToStore(
  125. HCERTSTORE hSrcStore,
  126. HCERTSTORE hDestStore
  127. )
  128. /*
  129. */
  130. {
  131. PCCERT_CONTEXT pCertContext=NULL;
  132. PCCERT_CONTEXT pPrevCertContext=NULL;
  133. DWORD dwStatus=ERROR_SUCCESS;
  134. do {
  135. pCertContext = CertEnumCertificatesInStore(hSrcStore, pPrevCertContext);
  136. if(pCertContext)
  137. {
  138. if(!CertAddCertificateContextToStore(
  139. hDestStore,
  140. pCertContext,
  141. CERT_STORE_ADD_REPLACE_EXISTING,
  142. NULL
  143. ))
  144. {
  145. dwStatus = GetLastError();
  146. break;
  147. }
  148. }
  149. pPrevCertContext = pCertContext;
  150. } while( pCertContext != NULL );
  151. if(GetLastError() == CRYPT_E_NOT_FOUND)
  152. {
  153. dwStatus = ERROR_SUCCESS;
  154. }
  155. return dwStatus;
  156. }
  157. /*****************************************************************************
  158. LSSaveCertAsPKCS7()
  159. *****************************************************************************/
  160. DWORD
  161. TLSSaveCertAsPKCS7(
  162. PBYTE pbCert,
  163. DWORD cbCert,
  164. PBYTE* ppbEncodedCert,
  165. PDWORD pcbEncodedCert
  166. )
  167. /*
  168. */
  169. {
  170. DWORD dwStatus=ERROR_SUCCESS;
  171. HCRYPTPROV hCryptProv=g_hCryptProv;
  172. HCERTSTORE hStore=NULL;
  173. PCCERT_CONTEXT pCertContext=NULL;
  174. do {
  175. //
  176. // Must have call CryptoInit()
  177. //if(!CryptAcquireContext(&hCryptProv, _TEXT(KEYCONTAINER), MS_DEF_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
  178. //{
  179. // LSLogEvent(EVENTLOG_ERROR_TYPE, TLS_E_CRYPT_ACQUIRE_CONTEXT, dwStatus=GetLastError());
  180. // break;
  181. //}
  182. hStore=CertOpenStore(
  183. CERT_STORE_PROV_MEMORY,
  184. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  185. hCryptProv,
  186. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  187. NULL
  188. );
  189. if(!hStore)
  190. {
  191. TLSLogEvent(
  192. EVENTLOG_ERROR_TYPE,
  193. TLS_E_GENERATECLIENTELICENSE,
  194. TLS_E_OPEN_CERT_STORE,
  195. dwStatus=GetLastError()
  196. );
  197. break;
  198. }
  199. pCertContext = CertCreateCertificateContext(
  200. X509_ASN_ENCODING,
  201. pbCert,
  202. cbCert
  203. );
  204. if(!pCertContext)
  205. {
  206. TLSLogEvent(
  207. EVENTLOG_ERROR_TYPE,
  208. TLS_E_GENERATECLIENTELICENSE,
  209. TLS_E_CREATE_CERTCONTEXT,
  210. dwStatus=GetLastError()
  211. );
  212. break;
  213. }
  214. //
  215. // always start from empty so CERT_STORE_ADD_ALWAYS
  216. if(!CertAddCertificateContextToStore(
  217. hStore,
  218. pCertContext,
  219. CERT_STORE_ADD_ALWAYS,
  220. NULL
  221. ))
  222. {
  223. TLSLogEvent(
  224. EVENTLOG_ERROR_TYPE,
  225. TLS_E_GENERATECLIENTELICENSE,
  226. TLS_E_ADD_CERT_TO_STORE,
  227. dwStatus=GetLastError()
  228. );
  229. break;
  230. }
  231. #ifdef ENFORCE_LICENSING
  232. if(g_bHasHydraCert && g_hCaStore)
  233. {
  234. if(!TLSChainIssuerCertificate(
  235. hCryptProv,
  236. g_hCaStore,
  237. hStore,
  238. pCertContext
  239. ))
  240. {
  241. TLSLogEvent(
  242. EVENTLOG_ERROR_TYPE,
  243. TLS_E_GENERATECLIENTELICENSE,
  244. TLS_E_ADD_CERT_TO_STORE,
  245. dwStatus=GetLastError()
  246. );
  247. break;
  248. }
  249. }
  250. #endif
  251. CRYPT_DATA_BLOB saveBlob;
  252. memset(&saveBlob, 0, sizeof(saveBlob));
  253. // save certificate into memory
  254. if(!CertSaveStore(hStore,
  255. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  256. LICENSE_BLOB_SAVEAS_TYPE,
  257. CERT_STORE_SAVE_TO_MEMORY,
  258. &saveBlob,
  259. 0) && (dwStatus=GetLastError()) != ERROR_MORE_DATA)
  260. {
  261. TLSLogEvent(
  262. EVENTLOG_ERROR_TYPE,
  263. TLS_E_GENERATECLIENTELICENSE,
  264. TLS_E_SAVE_STORE,
  265. dwStatus=GetLastError()
  266. );
  267. break;
  268. }
  269. if(!(saveBlob.pbData = (PBYTE)midl_user_allocate(saveBlob.cbData)))
  270. {
  271. dwStatus=GetLastError();
  272. break;
  273. }
  274. // save certificate into memory
  275. if(!CertSaveStore(hStore,
  276. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  277. LICENSE_BLOB_SAVEAS_TYPE,
  278. CERT_STORE_SAVE_TO_MEMORY,
  279. &saveBlob,
  280. 0))
  281. {
  282. TLSLogEvent(
  283. EVENTLOG_ERROR_TYPE,
  284. TLS_E_GENERATECLIENTELICENSE,
  285. TLS_E_SAVE_STORE,
  286. dwStatus=GetLastError()
  287. );
  288. break;
  289. }
  290. *ppbEncodedCert = saveBlob.pbData;
  291. *pcbEncodedCert = saveBlob.cbData;
  292. } while(FALSE);
  293. if(pCertContext)
  294. {
  295. CertFreeCertificateContext(pCertContext);
  296. }
  297. if(hStore)
  298. {
  299. CertCloseStore(hStore, CERT_CLOSE_STORE_FORCE_FLAG);
  300. }
  301. return (dwStatus == ERROR_SUCCESS) ? ERROR_SUCCESS : TLS_E_SAVE_STORE;
  302. }
  303. //--------------------------------------------------------------------------
  304. //
  305. static LONG
  306. OpenCertRegStore(
  307. LPCTSTR szSubKey,
  308. PHKEY phKey
  309. )
  310. /*
  311. */
  312. {
  313. DWORD dwDisposition;
  314. return RegCreateKeyEx(
  315. HKEY_LOCAL_MACHINE,
  316. szSubKey,
  317. 0,
  318. NULL,
  319. REG_OPTION_NON_VOLATILE,
  320. KEY_ALL_ACCESS,
  321. NULL,
  322. phKey,
  323. &dwDisposition
  324. );
  325. }
  326. //--------------------------------------------------------------------------
  327. //
  328. static DWORD
  329. IsHydraRootOIDInCert(
  330. PCCERT_CONTEXT pCertContext,
  331. DWORD dwKeyType
  332. )
  333. /*
  334. */
  335. {
  336. BOOL bFound=FALSE;
  337. PCERT_INFO pCertInfo = pCertContext->pCertInfo;
  338. PCERT_EXTENSION pCertExtension=pCertInfo->rgExtension;
  339. PCERT_PUBLIC_KEY_INFO pbPublicKey=NULL;
  340. DWORD dwStatus = ERROR_SUCCESS;
  341. DWORD dwSize = 0;
  342. //
  343. // Must have a CH root extension.
  344. //
  345. for(DWORD i=0; i < pCertInfo->cExtension && bFound == FALSE; i++, pCertExtension++)
  346. {
  347. bFound=(strcmp(pCertExtension->pszObjId, szOID_PKIX_HYDRA_CERT_ROOT) == 0);
  348. }
  349. if(bFound == TRUE)
  350. {
  351. //
  352. // Public Key must be the same
  353. //
  354. dwStatus = TLSExportPublicKey(
  355. g_hCryptProv,
  356. dwKeyType,
  357. &dwSize,
  358. &pbPublicKey
  359. );
  360. if(dwStatus == ERROR_SUCCESS)
  361. {
  362. bFound = CertComparePublicKeyInfo(
  363. X509_ASN_ENCODING,
  364. pbPublicKey,
  365. &(pCertContext->pCertInfo->SubjectPublicKeyInfo)
  366. );
  367. if(bFound == FALSE)
  368. {
  369. dwStatus = TLS_E_CH_INSTALL_NON_LSCERTIFICATE;
  370. }
  371. }
  372. }
  373. else
  374. {
  375. dwStatus = TLS_E_CH_LSCERTIFICATE_NOTFOUND;
  376. }
  377. FreeMemory(pbPublicKey);
  378. return dwStatus;
  379. }
  380. //---------------------------------------------------------------------------
  381. // Functions:
  382. // IsCertificateLicenseServerCertificate()
  383. //
  384. // Abstract:
  385. // Find License Server certificate in PKCS 7 certificate blob
  386. //
  387. // Parameters:
  388. // hCryptProv - Cryto. Provider
  389. // cbPKCS7Cert - Size of PKCS7 certificate.
  390. // pbPKCS7Cert - pointer to PKCS7 certificate
  391. // cbLsCert - size of encoded license server certificate.
  392. // pbLsCert - pointer to pointer to receive license server encoded certificate.
  393. //
  394. // Returns:
  395. // ERROR_SUCCESS
  396. // TLS_E_INVALID_DATA
  397. // Crypto. error code.
  398. //---------------------------------------------------------------------------
  399. DWORD
  400. IsCertificateLicenseServerCertificate(
  401. IN HCRYPTPROV hCryptProv,
  402. IN DWORD dwCertType,
  403. IN DWORD cbPKCS7Cert,
  404. IN PBYTE pbPKCS7Cert,
  405. IN OUT DWORD* cbLsCert,
  406. IN OUT PBYTE* pbLsCert
  407. )
  408. /*
  409. */
  410. {
  411. //
  412. // Certificate must be in PCKS 7 format.
  413. //
  414. DWORD dwStatus=ERROR_SUCCESS;
  415. HCERTSTORE hCertStore=NULL;
  416. PCCERT_CONTEXT pPrevCertContext=NULL;
  417. PCCERT_CONTEXT pCertContext=NULL;
  418. CRYPT_DATA_BLOB Serialized;
  419. Serialized.pbData = pbPKCS7Cert;
  420. Serialized.cbData = cbPKCS7Cert;
  421. hCertStore = CertOpenStore(
  422. CERT_STORE_PROV_PKCS7,
  423. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  424. hCryptProv,
  425. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  426. &Serialized
  427. );
  428. if(!hCertStore)
  429. {
  430. return dwStatus=GetLastError();
  431. }
  432. //
  433. // enumerate all certificate and find certificate with our extension.
  434. //
  435. do {
  436. pCertContext = CertEnumCertificatesInStore(
  437. hCertStore,
  438. pPrevCertContext
  439. );
  440. if(pCertContext)
  441. {
  442. dwStatus = IsHydraRootOIDInCert(
  443. pCertContext,
  444. dwCertType
  445. );
  446. if(dwStatus == ERROR_SUCCESS)
  447. {
  448. //
  449. // this is our certificate.
  450. //
  451. *pbLsCert = (PBYTE)AllocateMemory(*cbLsCert = pCertContext->cbCertEncoded);
  452. if(*pbLsCert)
  453. {
  454. memcpy(
  455. *pbLsCert,
  456. pCertContext->pbCertEncoded,
  457. pCertContext->cbCertEncoded
  458. );
  459. }
  460. else
  461. {
  462. dwStatus = GetLastError();
  463. }
  464. break;
  465. }
  466. else if(dwStatus == TLS_E_CH_INSTALL_NON_LSCERTIFICATE)
  467. {
  468. break;
  469. }
  470. //
  471. // reset status code.
  472. //
  473. dwStatus = ERROR_SUCCESS;
  474. }
  475. pPrevCertContext = pCertContext;
  476. } while( pCertContext != NULL );
  477. if(pCertContext != NULL)
  478. {
  479. CertFreeCertificateContext(pPrevCertContext);
  480. }
  481. if(hCertStore)
  482. {
  483. CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
  484. }
  485. return dwStatus;
  486. }
  487. //---------------------------------------------------------------------------
  488. // Functions:
  489. // LSSaveCertificateToReg()
  490. //
  491. // Abstract:
  492. //
  493. //
  494. // Parameters:
  495. // hCryptProv - Cryto. Provider
  496. //
  497. //
  498. //
  499. //
  500. //
  501. // Returns:
  502. //
  503. //
  504. //
  505. //---------------------------------------------------------------------------
  506. DWORD
  507. TLSSaveRootCertificateToReg(
  508. HCRYPTPROV hCryptProv,
  509. HKEY hKey,
  510. DWORD cbEncodedCert,
  511. PBYTE pbEncodedCert
  512. )
  513. /*
  514. */
  515. {
  516. PCCERT_CONTEXT pCertContext=NULL;
  517. HCERTSTORE hCertSaveStore=NULL;
  518. DWORD dwStatus=ERROR_SUCCESS;
  519. do {
  520. hCertSaveStore = CertOpenStore(
  521. CERT_STORE_PROV_REG,
  522. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  523. hCryptProv,
  524. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  525. (PVOID)hKey
  526. );
  527. if(!hCertSaveStore)
  528. {
  529. // dwStatus = GetLastError();
  530. dwStatus = TLS_E_INVALID_DATA;
  531. break;
  532. }
  533. pCertContext = CertCreateCertificateContext(
  534. X509_ASN_ENCODING,
  535. pbEncodedCert,
  536. cbEncodedCert
  537. );
  538. if(!pCertContext)
  539. {
  540. // dwStatus = GetLastError();
  541. dwStatus = TLS_E_INVALID_DATA;
  542. break;
  543. }
  544. if(!CertAddCertificateContextToStore(
  545. hCertSaveStore,
  546. pCertContext,
  547. CERT_STORE_ADD_REPLACE_EXISTING,
  548. NULL
  549. ))
  550. {
  551. dwStatus=GetLastError();
  552. }
  553. } while(FALSE);
  554. if(pCertContext)
  555. {
  556. CertFreeCertificateContext( pCertContext );
  557. }
  558. if(hCertSaveStore)
  559. {
  560. CertCloseStore(
  561. hCertSaveStore,
  562. CERT_CLOSE_STORE_FORCE_FLAG
  563. );
  564. }
  565. return dwStatus;
  566. }
  567. //---------------------------------------------------------------------------
  568. // Functions:
  569. // LSSaveCertificateToReg()
  570. //
  571. // Abstract:
  572. //
  573. //
  574. // Parameters:
  575. // hCryptProv - Cryto. Provider
  576. //
  577. //
  578. //
  579. //
  580. //
  581. // Returns:
  582. //
  583. //
  584. //
  585. //---------------------------------------------------------------------------
  586. DWORD
  587. TLSSaveCertificateToReg(
  588. HCRYPTPROV hCryptProv,
  589. HKEY hKey,
  590. DWORD cbPKCS7Cert,
  591. PBYTE pbPKCS7Cert
  592. )
  593. /*
  594. */
  595. {
  596. //
  597. // Certificate must be in PCKS 7 format.
  598. //
  599. DWORD dwStatus=ERROR_SUCCESS;
  600. HCERTSTORE hCertOpenStore=NULL;
  601. HCERTSTORE hCertSaveStore=NULL;
  602. PCCERT_CONTEXT pPrevCertContext=NULL;
  603. PCCERT_CONTEXT pCertContext=NULL;
  604. CRYPT_DATA_BLOB Serialized;
  605. Serialized.pbData = pbPKCS7Cert;
  606. Serialized.cbData = cbPKCS7Cert;
  607. hCertOpenStore = CertOpenStore(
  608. CERT_STORE_PROV_PKCS7,
  609. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  610. hCryptProv,
  611. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  612. &Serialized
  613. );
  614. if(!hCertOpenStore)
  615. {
  616. // dwStatus = GetLastError();
  617. dwStatus = TLS_E_INVALID_DATA;
  618. goto cleanup;
  619. }
  620. hCertSaveStore = CertOpenStore(
  621. CERT_STORE_PROV_REG,
  622. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  623. hCryptProv,
  624. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  625. (PVOID)hKey
  626. );
  627. if(!hCertSaveStore)
  628. {
  629. dwStatus = TLS_E_INVALID_DATA;
  630. goto cleanup;
  631. }
  632. dwStatus = TransferCertFromStoreToStore(
  633. hCertOpenStore,
  634. hCertSaveStore
  635. );
  636. cleanup:
  637. if(hCertSaveStore)
  638. {
  639. CertCloseStore(
  640. hCertSaveStore,
  641. CERT_CLOSE_STORE_FORCE_FLAG
  642. );
  643. }
  644. if(hCertOpenStore)
  645. {
  646. CertCloseStore(
  647. hCertOpenStore,
  648. CERT_CLOSE_STORE_FORCE_FLAG
  649. );
  650. }
  651. return dwStatus;
  652. }
  653. //---------------------------------------------------------------------------
  654. // Functions:
  655. // LSSaveRootCertificatesToStore()
  656. //
  657. // Abstract:
  658. //
  659. // Save root certificate to license server certificate store.
  660. //
  661. // Parameters:
  662. // hCryptProv - Cryto. Provider
  663. // cbSignatureCert - size of root's signature certificate.
  664. // pbSignatureCert - pointer to root's signature certificate.
  665. // cbExchangeCert - size of root's exchange certficate.
  666. // pbExchangeCert - pointer to root's exchange certificate
  667. //
  668. // Returns:
  669. //
  670. //---------------------------------------------------------------------------
  671. DWORD
  672. TLSSaveRootCertificatesToStore(
  673. IN HCRYPTPROV hCryptProv,
  674. IN DWORD cbSignatureCert,
  675. IN PBYTE pbSignatureCert,
  676. IN DWORD cbExchangeCert,
  677. IN PBYTE pbExchangeCert
  678. )
  679. /*
  680. */
  681. {
  682. HKEY hKey;
  683. LONG status=ERROR_SUCCESS;
  684. if(cbSignatureCert == 0 && cbExchangeCert == 0)
  685. {
  686. return status = TLS_E_INVALID_DATA;
  687. }
  688. if(cbSignatureCert)
  689. {
  690. status = OpenCertRegStore(
  691. LSERVER_CERTIFICATE_REG_ROOT_SIGNATURE,
  692. &hKey
  693. );
  694. if(status != ERROR_SUCCESS)
  695. return status;
  696. status = TLSSaveRootCertificateToReg(
  697. hCryptProv,
  698. hKey,
  699. cbSignatureCert,
  700. pbSignatureCert
  701. );
  702. RegCloseKey(hKey);
  703. if(status != ERROR_SUCCESS)
  704. return status;
  705. }
  706. if(cbExchangeCert)
  707. {
  708. status = OpenCertRegStore(
  709. LSERVER_CERTIFICATE_REG_ROOT_EXCHANGE,
  710. &hKey
  711. );
  712. if(status != ERROR_SUCCESS)
  713. return status;
  714. status=TLSSaveRootCertificateToReg(
  715. hCryptProv,
  716. hKey,
  717. cbExchangeCert,
  718. pbExchangeCert
  719. );
  720. RegCloseKey(hKey);
  721. }
  722. return status;
  723. }
  724. //---------------------------------------------------------------------------
  725. // Functions:
  726. // LSSaveCertificatesToStore()
  727. //
  728. // Abstract:
  729. //
  730. //
  731. // Parameters:
  732. // hCryptProv - Cryto. Provider
  733. //
  734. //
  735. //
  736. //
  737. //
  738. // Returns:
  739. //
  740. //
  741. //
  742. //---------------------------------------------------------------------------
  743. DWORD
  744. TLSSaveCertificatesToStore(
  745. IN HCRYPTPROV hCryptProv,
  746. IN DWORD dwCertType,
  747. IN DWORD dwCertLevel,
  748. IN DWORD cbSignatureCert,
  749. IN PBYTE pbSignatureCert,
  750. IN DWORD cbExchangeCert,
  751. IN PBYTE pbExchangeCert
  752. )
  753. /*
  754. */
  755. {
  756. HKEY hKey;
  757. LONG status = ERROR_SUCCESS;
  758. LPTSTR szRegSignature;
  759. LPTSTR szRegExchange;
  760. switch(dwCertType)
  761. {
  762. case CERTIFICATE_CA_TYPE:
  763. szRegSignature = LSERVER_CERTIFICATE_REG_CA_SIGNATURE;
  764. szRegExchange = LSERVER_CERTIFICATE_REG_CA_EXCHANGE;
  765. break;
  766. case CERTITICATE_MF_TYPE:
  767. szRegSignature = LSERVER_CERTIFICATE_REG_MF_SIGNATURE;
  768. szRegExchange = LSERVER_CERTIFICATE_REG_MF_EXCHANGE;
  769. break;
  770. case CERTIFICATE_CH_TYPE:
  771. szRegSignature = LSERVER_CERTIFICATE_REG_CH_SIGNATURE;
  772. szRegExchange = LSERVER_CERTIFICATE_REG_CH_EXCHANGE;
  773. break;
  774. default:
  775. status = TLS_E_INVALID_DATA;
  776. return status;
  777. }
  778. if(cbSignatureCert)
  779. {
  780. status = OpenCertRegStore(szRegSignature, &hKey);
  781. if(status != ERROR_SUCCESS)
  782. return status;
  783. status=TLSSaveCertificateToReg(
  784. hCryptProv,
  785. hKey,
  786. cbSignatureCert,
  787. pbSignatureCert
  788. );
  789. RegCloseKey(hKey);
  790. if(status != ERROR_SUCCESS)
  791. return status;
  792. }
  793. if(cbExchangeCert)
  794. {
  795. status = OpenCertRegStore(szRegExchange, &hKey);
  796. if(status != ERROR_SUCCESS)
  797. return status;
  798. status=TLSSaveCertificateToReg(
  799. hCryptProv,
  800. hKey,
  801. cbExchangeCert,
  802. pbExchangeCert
  803. );
  804. RegCloseKey(hKey);
  805. }
  806. return status;
  807. }