archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/rpor/tvo.h

436 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows NT Security
  4. // Copyright (C) Microsoft Corporation, 1997 - 1999
  5. //
  6. // File: tvo.h
  7. //
  8. // Contents: Get Time Valid Object Definitions and Prototypes
  9. //
  10. // History: 25-Sep-97 kirtd Created
  11. //
  12. //----------------------------------------------------------------------------
  13. #if !defined(__TVO_H__)
  14. #define __TVO_H__
  16. #include <origin.h>
  17. #include <lrucache.h>
  18. #include <offurl.h>
  20. //
  21. // CryptGetTimeValidObject provider prototypes
  22. //
  24. typedef BOOL (WINAPI *PFN_GET_TIME_VALID_OBJECT_FUNC) (
  25. IN LPCSTR pszTimeValidOid,
  26. IN LPVOID pvPara,
  27. IN PCCERT_CONTEXT pIssuer,
  28. IN LPFILETIME pftValidFor,
  29. IN DWORD dwFlags,
  30. IN DWORD dwTimeout,
  31. OUT OPTIONAL LPVOID* ppvObject,
  32. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  33. IN OPTIONAL LPVOID pvReserved
  34. );
  36. BOOL WINAPI
  37. CtlGetTimeValidObject (
  38. IN LPCSTR pszTimeValidOid,
  39. IN LPVOID pvPara,
  40. IN PCCERT_CONTEXT pIssuer,
  41. IN LPFILETIME pftValidFor,
  42. IN DWORD dwFlags,
  43. IN DWORD dwTimeout,
  44. OUT OPTIONAL LPVOID* ppvObject,
  45. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  46. IN OPTIONAL LPVOID pvReserved
  47. );
  49. BOOL WINAPI
  50. CrlGetTimeValidObject (
  51. IN LPCSTR pszTimeValidOid,
  52. IN LPVOID pvPara,
  53. IN PCCERT_CONTEXT pIssuer,
  54. IN LPFILETIME pftValidFor,
  55. IN DWORD dwFlags,
  56. IN DWORD dwTimeout,
  57. OUT OPTIONAL LPVOID* ppvObject,
  58. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  59. IN OPTIONAL LPVOID pvReserved
  60. );
  62. BOOL WINAPI
  63. CrlFromCertGetTimeValidObject (
  64. IN LPCSTR pszTimeValidOid,
  65. IN LPVOID pvPara,
  66. IN PCCERT_CONTEXT pIssuer,
  67. IN LPFILETIME pftValidFor,
  68. IN DWORD dwFlags,
  69. IN DWORD dwTimeout,
  70. OUT OPTIONAL LPVOID* ppvObject,
  71. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  72. IN OPTIONAL LPVOID pvReserved
  73. );
  75. BOOL WINAPI
  76. FreshestCrlFromCertGetTimeValidObject (
  77. IN LPCSTR pszTimeValidOid,
  78. IN LPVOID pvPara,
  79. IN PCCERT_CONTEXT pIssuer,
  80. IN LPFILETIME pftValidFor,
  81. IN DWORD dwFlags,
  82. IN DWORD dwTimeout,
  83. OUT OPTIONAL LPVOID* ppvObject,
  84. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  85. IN OPTIONAL LPVOID pvReserved
  86. );
  88. BOOL WINAPI
  89. FreshestCrlFromCrlGetTimeValidObject (
  90. IN LPCSTR pszTimeValidOid,
  91. IN LPVOID pvPara,
  92. IN PCCERT_CONTEXT pIssuer,
  93. IN LPFILETIME pftValidFor,
  94. IN DWORD dwFlags,
  95. IN DWORD dwTimeout,
  96. OUT OPTIONAL LPVOID* ppvObject,
  97. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  98. IN OPTIONAL LPVOID pvReserved
  99. );
  101. //
  102. // CryptFlushTimeValidObject provider prototypes
  103. //
  105. typedef BOOL (WINAPI *PFN_FLUSH_TIME_VALID_OBJECT_FUNC) (
  106. IN LPCSTR pszFlushTimeValidOid,
  107. IN LPVOID pvPara,
  108. IN PCCERT_CONTEXT pIssuer,
  109. IN DWORD dwFlags,
  110. IN LPVOID pvReserved
  111. );
  113. BOOL WINAPI
  114. CtlFlushTimeValidObject (
  115. IN LPCSTR pszFlushTimeValidOid,
  116. IN LPVOID pvPara,
  117. IN PCCERT_CONTEXT pIssuer,
  118. IN DWORD dwFlags,
  119. IN LPVOID pvReserved
  120. );
  122. BOOL WINAPI
  123. CrlFlushTimeValidObject (
  124. IN LPCSTR pszFlushTimeValidOid,
  125. IN LPVOID pvPara,
  126. IN PCCERT_CONTEXT pIssuer,
  127. IN DWORD dwFlags,
  128. IN LPVOID pvReserved
  129. );
  131. BOOL WINAPI
  132. CrlFromCertFlushTimeValidObject (
  133. IN LPCSTR pszFlushTimeValidOid,
  134. IN LPVOID pvPara,
  135. IN PCCERT_CONTEXT pIssuer,
  136. IN DWORD dwFlags,
  137. IN LPVOID pvReserved
  138. );
  140. BOOL WINAPI
  141. FreshestCrlFromCertFlushTimeValidObject (
  142. IN LPCSTR pszFlushTimeValidOid,
  143. IN LPVOID pvPara,
  144. IN PCCERT_CONTEXT pIssuer,
  145. IN DWORD dwFlags,
  146. IN LPVOID pvReserved
  147. );
  149. BOOL WINAPI
  150. FreshestCrlFromCrlFlushTimeValidObject (
  151. IN LPCSTR pszFlushTimeValidOid,
  152. IN LPVOID pvPara,
  153. IN PCCERT_CONTEXT pIssuer,
  154. IN DWORD dwFlags,
  155. IN LPVOID pvReserved
  156. );
  158. //
  159. // Provider table externs
  160. //
  162. extern HCRYPTOIDFUNCSET hGetTimeValidObjectFuncSet;
  163. extern HCRYPTOIDFUNCSET hFlushTimeValidObjectFuncSet;
  166. //
  167. // The TVO Cache. This is a cache of time valid objects by origin identifier
  168. // which is used to support the CryptGetTimeValidObject process. It is
  169. // used by a process wide TVO agent with each cache entry consisting of
  170. // the following information:
  171. //
  172. // Object Origin Identifier
  173. // Object Context Oid
  174. // Object Context
  175. // Object Retrieval URL
  176. // Object Expire Time
  177. // Object Offline URL Time Information
  178. //
  180. typedef struct _TVO_CACHE_ENTRY {
  182. CRYPT_ORIGIN_IDENTIFIER OriginIdentifier;
  183. LPCSTR pszContextOid;
  184. LPVOID pvContext;
  185. DWORD cbUrlArrayThis;
  186. PCRYPT_URL_ARRAY pUrlArrayThis;
  187. DWORD UrlIndexThis;
  188. DWORD cbUrlArrayNext;
  189. PCRYPT_URL_ARRAY pUrlArrayNext;
  190. DWORD UrlIndexNext;
  191. FILETIME CreateTime;
  192. FILETIME ExpireTime;
  193. HLRUENTRY hLruEntry;
  194. OFFLINE_URL_TIME_INFO OfflineUrlTimeInfo;
  195. } TVO_CACHE_ENTRY, *PTVO_CACHE_ENTRY;
  197. class CTVOCache
  198. {
  199. public:
  201. //
  202. // Construction
  203. //
  205. CTVOCache (
  206. DWORD cCacheBuckets,
  207. DWORD MaxCacheEntries,
  208. BOOL& rfResult
  209. );
  211. ~CTVOCache ();
  213. //
  214. // Direct cache entry manipulation
  215. //
  217. VOID InsertCacheEntry (PTVO_CACHE_ENTRY pEntry);
  219. VOID RemoveCacheEntry (PTVO_CACHE_ENTRY pEntry, BOOL fSuppressFree = FALSE);
  221. VOID TouchCacheEntry (PTVO_CACHE_ENTRY pEntry);
  223. //
  224. // Origin identifier based cache entry manipulation
  225. //
  226. // For CONTEXT_OID_CRL, pvSubject is the certificate that the CRL is
  227. // valid for. Skips CRL entries that aren't valid for the certificate.
  228. //
  230. PTVO_CACHE_ENTRY FindCacheEntry (
  231. CRYPT_ORIGIN_IDENTIFIER OriginIdentifier,
  232. LPCSTR pszContextOid,
  233. LPVOID pvSubject
  234. );
  236. //
  237. // Remove all cache entries
  238. //
  240. VOID RemoveAllCacheEntries ();
  242. //
  243. // Access to the cache handle
  244. //
  246. inline HLRUCACHE LruCacheHandle ();
  248. private:
  250. //
  251. // Cache handle
  252. //
  254. HLRUCACHE m_hCache;
  255. };
  257. DWORD WINAPI TVOCacheHashOriginIdentifier (PCRYPT_DATA_BLOB pIdentifier);
  259. VOID WINAPI TVOCacheOnRemoval (LPVOID pvData, LPVOID pvRemovalContext);
  262. //
  263. // The TVO Agent. This per process service takes care of the retrieval of
  264. // time valid CAPI2 objects. It allows this to be done on-demand or with
  265. // auto-update
  266. //
  268. class CTVOAgent
  269. {
  270. public:
  272. //
  273. // Construction
  274. //
  276. CTVOAgent (
  277. DWORD cCacheBuckets,
  278. DWORD MaxCacheEntries,
  279. BOOL& rfResult
  280. );
  282. ~CTVOAgent ();
  284. //
  285. // Get Time Valid Object methods
  286. //
  288. BOOL GetTimeValidObject (
  289. IN LPCSTR pszTimeValidOid,
  290. IN LPVOID pvPara,
  291. IN LPCSTR pszContextOid,
  292. IN PCCERT_CONTEXT pIssuer,
  293. IN LPFILETIME pftValidFor,
  294. IN DWORD dwFlags,
  295. IN DWORD dwTimeout,
  296. OUT OPTIONAL LPVOID* ppvObject,
  297. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  298. IN OPTIONAL LPVOID pvReserved
  299. );
  301. BOOL GetTimeValidObjectByUrl (
  302. IN DWORD cbUrlArray,
  303. IN PCRYPT_URL_ARRAY pUrlArray,
  304. IN DWORD PreferredUrlIndex,
  305. IN LPCSTR pszContextOid,
  306. IN PCCERT_CONTEXT pIssuer,
  307. IN LPVOID pvSubject,
  308. IN CRYPT_ORIGIN_IDENTIFIER OriginIdentifier,
  309. IN LPFILETIME pftValidFor,
  310. IN DWORD dwFlags,
  311. IN DWORD dwTimeout,
  312. OUT OPTIONAL LPVOID* ppvObject,
  313. IN OPTIONAL PCRYPT_CREDENTIALS pCredentials,
  314. IN OPTIONAL LPWSTR pwszUrlExtra,
  315. OUT BOOL* pfArrayOwned,
  316. IN OPTIONAL LPVOID pvReserved
  317. );
  319. BOOL FlushTimeValidObject (
  320. IN LPCSTR pszFlushTimeValidOid,
  321. IN LPVOID pvPara,
  322. IN LPCSTR pszFlushContextOid,
  323. IN PCCERT_CONTEXT pIssuer,
  324. IN DWORD dwFlags,
  325. IN LPVOID pvReserved
  326. );
  328. private:
  330. //
  331. // Object lock
  332. //
  334. CRITICAL_SECTION m_Lock;
  336. //
  337. // TVO cache
  338. //
  340. CTVOCache m_Cache;
  341. };
  343. //
  344. // Utility functions
  345. //
  347. BOOL WINAPI
  348. IsValidCreateOrExpireTime (
  349. IN BOOL fCheckFreshnessTime,
  350. IN LPFILETIME pftValidFor,
  351. IN LPFILETIME pftCreateTime,
  352. IN LPFILETIME pftExpireTime
  353. );
  355. BOOL WINAPI
  356. ObjectContextCreateTVOCacheEntry (
  357. IN HLRUCACHE hCache,
  358. IN LPCSTR pszContextOid,
  359. IN LPVOID pvContext,
  360. IN CRYPT_ORIGIN_IDENTIFIER OriginIdentifier,
  361. IN DWORD cbUrlArrayThis,
  362. IN PCRYPT_URL_ARRAY pUrlArrayThis,
  363. IN DWORD UrlIndexThis,
  364. IN PCCERT_CONTEXT pIssuer,
  365. OUT PTVO_CACHE_ENTRY* ppEntry
  366. );
  368. VOID WINAPI
  369. ObjectContextFreeTVOCacheEntry (
  370. IN PTVO_CACHE_ENTRY pEntry
  371. );
  374. BOOL WINAPI
  375. CertificateGetCrlDistPointUrl (
  376. IN LPCSTR pszUrlOid,
  377. IN LPVOID pvPara,
  378. IN LPWSTR pwszUrlHint,
  379. OUT PCRYPT_URL_ARRAY* ppUrlArray,
  380. OUT DWORD* pcbUrlArray,
  381. OUT DWORD* pPreferredUrlIndex,
  382. OUT BOOL* pfHintInArray
  383. );
  385. BOOL WINAPI
  386. RetrieveTimeValidObjectByUrl (
  387. IN LPWSTR pwszUrl,
  388. IN LPCSTR pszContextOid,
  389. IN LPFILETIME pftValidFor,
  390. IN DWORD dwFlags,
  391. IN DWORD dwTimeout,
  392. IN PCRYPT_CREDENTIALS pCredentials,
  393. IN PCCERT_CONTEXT pSigner,
  394. IN LPVOID pvSubject,
  395. IN CRYPT_ORIGIN_IDENTIFIER OriginIdentifier,
  396. OUT LPVOID* ppvObject,
  397. IN OPTIONAL LPVOID pvReserved
  398. );
  400. #define TVO_KEY_NAME "Software\\Microsoft\\Cryptography\\TVO"
  401. #define TVO_CACHE_BUCKETS_VALUE_NAME "DefaultProcessCacheBuckets"
  402. #define TVO_MAX_CACHE_ENTRIES_VALUE_NAME "DefaultProcessMaxCacheEntries"
  404. #define TVO_DEFAULT_CACHE_BUCKETS 32
  405. #define TVO_DEFAULT_MAX_CACHE_ENTRIES 128
  407. BOOL WINAPI
  408. CreateProcessTVOAgent (
  409. OUT CTVOAgent** ppAgent
  410. );
  412. //
  413. // Extern for process global agent
  414. //
  416. extern CTVOAgent* g_pProcessTVOAgent;
  418. //
  419. // Inline functions
  420. //
  422. //+---------------------------------------------------------------------------
  423. //
  424. // Member: CTVOCache::LruCacheHandle, public
  425. //
  426. // Synopsis: return the HLRUCACHE
  427. //
  428. //----------------------------------------------------------------------------
  429. inline HLRUCACHE
  430. CTVOCache::LruCacheHandle ()
  431. {
  432. return( m_hCache );
  433. }
  435. #endif