//+------------------------------------------------------------------------- // // Microsoft Windows // // Copyright (C) Microsoft Corporation, 1995 - 1999 // // File: certut.h // //-------------------------------------------------------------------------- #include "resource.h" const DWORD KMS_LOCKBOX_TAG = 1; const DWORD KMS_SIGNING_CERT_TAG = 2; const DWORD KMS_SIGNATURE_TAG = 3; const DWORD KMS_USER_RECORD_TAG = 4; typedef struct _TagHeader { DWORD tag; DWORD cbSize; } TagHeader; typedef DWORD CERTFLAGS; const CERTFLAGS CERTFLAGS_ALL = 0xFFFFFFFF; const CERTFLAGS CERTFLAGS_UNKNOWN = 0x00000000; // nibble reserved for version number V const CERTFLAGS CERTFLAGS_REVOKED = 0x00000001; const CERTFLAGS CERTFLAGS_NOT_EXPIRED = 0x00000002; const CERTFLAGS CERTFLAGS_SIGNING = 0x00000004; const CERTFLAGS CERTFLAGS_SEALING = 0x00000008; const CERTFLAGS CERTFLAGS_CURRENT = 0x00000010; const CERTFLAGS CERTFLAGS_IMPORTED = 0x00000100; // these are broken V1 certs, not standard version 1 const CERTFLAGS CERTFLAGS_VERSION_1 = 0x00001000; // KMServer does not use version 2 certs // const CERTFLAGS CERTFLAGS_VERSION_2 = 0x00002000; // these are proper version 3 certs const CERTFLAGS CERTFLAGS_VERSION_3 = 0x00003000; #define wszKMSCERTSTATUS L"KMS.status" #define cwcAUTOPASSWORDMAX 16 #define wszCUREGDSTEMPLATEFLAGS L"DSTemplateFlags" #define wszCUREGDSCAFLAGS L"DSCAFlags" #define wszCUREGDSOIDFLAGS L"DSOIDFlags" #define wszREQUESTCLIENTID L"RequestClientId" extern WCHAR const g_wszAppName[]; extern WCHAR const *g_pwszProg; extern HINSTANCE g_hInstance; extern WCHAR const g_wszAttrib[]; extern WCHAR const g_wszExt[]; extern WCHAR const g_wszCRL[]; extern BOOL g_fIDispatch; extern BOOL g_fEnterpriseRegistry; extern BOOL g_fUserRegistry; extern BOOL g_fUserTemplates; extern BOOL g_fMachineTemplates; extern BOOL g_fFullUsage; extern BOOL g_fReverse; extern BOOL g_fForce; extern BOOL g_fVerbose; extern BOOL g_fGMT; extern BOOL g_fSeconds; extern BOOL g_fDispatch; extern DWORD g_DispatchFlags; extern BOOL g_fQuiet; extern DWORD g_EncodeFlags; extern DWORD g_CryptEncodeFlags; extern BOOL g_fCryptSilent; extern BOOL g_fV1Interface; extern BOOL g_fSplitASN; extern BOOL g_fAdminInterface; extern BOOL g_fProtect; extern BOOL g_fWeakPFX; extern BOOL g_fURLFetch; extern DWORD g_dwmsTimeout; extern WCHAR *g_pwszConfig; extern WCHAR *g_pwszDC; extern WCHAR *g_pwszOut; extern WCHAR *g_pwszPassword; extern WCHAR *g_pwszCSP; extern WCHAR *g_pwszRestrict; extern WCHAR *g_pwszDnsName; extern WCHAR *g_pwszOldName; extern WCHAR const g_wszEmpty[]; extern WCHAR const g_wszPad2[]; extern WCHAR const g_wszPad4[]; extern WCHAR const g_wszPad6[]; extern WCHAR const g_wszPad8[]; extern WCHAR const wszNewLine[]; extern UINT g_uiExtraErrorInfo; extern WCHAR const g_wszSchema[]; extern WCHAR const g_wszEncode[]; extern WCHAR const g_wszEncodeHex[]; extern WCHAR const g_wszViewDelStore[]; extern WCHAR const g_wszCACert[]; extern WCHAR const g_wszCAChain[]; extern WCHAR const g_wszGetCRL[]; extern WCHAR const g_wszCAInfo[]; extern WCHAR const g_wszCAInfoCRL[]; extern CRITICAL_SECTION g_DBCriticalSection; typedef HRESULT (FNVERB)( IN WCHAR const *pwszOption, IN WCHAR const *pwszArg1, IN WCHAR const *pwszArg2, IN WCHAR const *pwszArg3, IN WCHAR const *pwszArg4); FNVERB verbUsage, verbDump, verbGetConfig, verbGetConfig2, verbGetCACertificate, verbVerifyKeys, verbVerifyCert, verbCheck7f, verbHexTranslate, verbBase64Translate, verbDenyRequest, verbResubmitRequest, verbRevokeCertificate, verbSetAttributes, verbSetExtension, verbPublishCRL, verbGetCRL, verbIsValidCertificate, verbViewDump, verbDBDump, verbPing, verbPingAdmin, verbShutDownServer, verbBackupPFX, verbRestorePFX, verbStore, verbBackupDB, verbRestoreDB, verbCSPList, verbCSPTest, verbBackup, verbRestore, verbAddStore, verbDelStore, verbVerifyStore, verbOIDName, verbImportCertificate, verbDynamicFileList, verbDatabaseLocations, verbGetReg, verbSetReg, verbErrorDump, verbCreateVRoots, verbConvertMDB, verbGetConfig3, verbSetMapiInfo, verbGetMapiInfo, verbInstallCACert, verbRenewCACert, verbKey, verbDelKey, verbExtractMDB, verbDS, verbDSDel, verbDSPublish, verbDSCert, verbDSCRL, verbDSDeltaCRL, verbGetCAInfo, verbGetCAPropInfo, verbGetCertFromUI, verbMACFile, verbGetKey, verbRecoverKey, verbRepairStore, verbDelReg, verbExportPVK, verbExportPFX, verbImportPFX, verbDSTemplate, verbDSAddTemplate, verbTemplate, verbTemplateCAs, verbCATemplates, verbImportKMS, verbURLCache, verbSign, verbDeleteRow, verbPulse, verbMachineInfo, verbDCInfo, verbEntInfo, verbTCAInfo, verbViewOrDeleteStore, verbSCInfo, verbMergePFX, verbURL, verbConvertEPF, verbSetCATemplates; HRESULT cuGetCAInfo( IN WCHAR const *pwszOption, OPTIONAL IN WCHAR const *pwszfnOut, OPTIONAL IN WCHAR const *pwszInfoName, OPTIONAL IN WCHAR const *pwszNumber); HRESULT cuGetLocalCANameFromConfig( OPTIONAL OUT WCHAR **ppwszMachine, OPTIONAL OUT WCHAR **ppwszCA); HRESULT cuSetConfig(); HRESULT cuSanitizeNameWithSuffix( IN WCHAR const *pwszName, OUT WCHAR **ppwszNameOut); HRESULT cuGenerateKeyContainerName( IN CERT_CONTEXT const *pcc, OUT WCHAR **ppwszKeyContainerName); VOID cuPrintError( IN DWORD idmsg, IN HRESULT hr); VOID cuPrintAPIError( IN WCHAR const *pwszAPIName, IN HRESULT hr); VOID cuPrintErrorAndString( OPTIONAL IN WCHAR const *pwszProc, IN DWORD idmsg, IN HRESULT hr, OPTIONAL IN WCHAR const *pwszString); VOID cuPrintErrorMessageText( IN HRESULT hr); BOOL cuParseDecimal( IN OUT WCHAR const **ppwc, IN OUT DWORD *pcwc, OUT DWORD *pdw); HRESULT cuParseStrings( IN WCHAR const *pwszStrings, IN BOOL fMatchPrefix, OPTIONAL IN WCHAR const *pwszPrefix, OPTIONAL IN WCHAR const * const *apwszAllowedPrefixes, OUT WCHAR ***papwszStrings, OPTIONAL OUT BOOL *pfAllFields); VOID cuFreeStringArray( IN OUT WCHAR **apwsz); VOID cuFreeStringArrayA( IN OUT char **apsz); VOID cuConvertEscapeSequences( IN OUT WCHAR *pwsz); HRESULT cuGeneratePassword( IN DWORD cwcMax, OUT WCHAR *pwszPassword, IN DWORD cwcPassword); HRESULT cuGetPassword( OPTIONAL IN UINT idsPrompt, OPTIONAL IN WCHAR const *pwszfn, OPTIONAL IN WCHAR const *pwszPasswordIn, IN BOOL fVerify, OUT WCHAR *pwszPassword, IN DWORD cwcPassword, OUT WCHAR const **ppwszPasswordOut); HRESULT cuDumpFileTimePeriod( IN DWORD idMessage, OPTIONAL IN WCHAR const *pwszQuote, IN FILETIME const *pftGMT); HRESULT cuDumpFileTime( IN DWORD idMessage, OPTIONAL IN WCHAR const *pwszQuote, IN FILETIME const *pftGMT); HRESULT cuDumpFileTimeOrPeriod( IN DWORD idMessage, OPTIONAL IN WCHAR const *pwszQuote, IN FILETIME const *pftGMT); HRESULT cuDumpDate( IN DATE const *pDate); VOID cuDumpSignature( OPTIONAL IN CERT_SIGNED_CONTENT_INFO const *pcsci); HRESULT cuDumpFormattedProperty( IN DWORD dwPropId, OPTIONAL IN char const *pszObjId, IN BYTE const *pb, IN DWORD cb); HRESULT cuDecodeObjId( IN BYTE const *pbData, IN DWORD cbData, char **ppszObjId); HRESULT cuEncodeObjId( IN char const *pszObjId, OUT BYTE **ppbData, OUT DWORD *pcbData); HRESULT cuDecodeSequence( IN BYTE const *pbSeq, IN DWORD cbSeq, IN DWORD cSeq, OUT CRYPT_SEQUENCE_OF_ANY **ppSeq); VOID cuDumpAlgorithm( IN DWORD idMessage, IN CRYPT_ALGORITHM_IDENTIFIER const *pAlg); BOOL cuDumpFormattedExtension( IN WCHAR const *pwszName, IN BYTE const *pbObject, IN DWORD cbObject); HRESULT cuDumpExtensionArray( IN DWORD idMessage, IN DWORD cExtension, IN CERT_EXTENSION const *rgExtension); HRESULT cuDumpSerial( OPTIONAL IN WCHAR const *pwszPrefix, IN DWORD idMessage, IN CRYPT_INTEGER_BLOB const *pSerial); HRESULT cuDumpPrivateKey( IN CERT_CONTEXT const *pCert, OPTIONAL OUT BOOL *pfSigningKey, OPTIONAL OUT BOOL *pfMatchingKey); VOID cuDumpPublicKey( IN CERT_PUBLIC_KEY_INFO const *pKey); VOID cuDumpAlgid( IN DWORD Algid); VOID cuDumpVersion( IN DWORD dwVersion); HRESULT cuDumpPrivateKeyBlob( IN BYTE const *pbKey, IN DWORD cbKey, IN BOOL fQuiet); HRESULT cuDumpCertKeyProviderInfo( IN WCHAR const *pwszPrefix, OPTIONAL IN CERT_CONTEXT const *pCert, OPTIONAL IN CRYPT_KEY_PROV_INFO *pkpi, OPTIONAL OUT CRYPT_KEY_PROV_INFO **ppkpi); HRESULT EPFFileDump( IN WCHAR const *pwszfn, OPTIONAL IN WCHAR const *pwszPassword, OPTIONAL IN OUT HCERTSTORE hStore); #define EPFALG_DEFAULT 0 #define EPFALG_CASTEXPORT 1 #define EPFALG_CAST 2 HRESULT EPFSaveCertStoreToFile( IN HCERTSTORE hStore, IN WCHAR const *pwszPassword, IN WCHAR const *pwszfnOut, OPTIONAL IN WCHAR const *pwszV3CACertId, IN DWORD dwEPFAlg, OPTIONAL IN WCHAR const *pwszSalt); HRESULT myVerifyKMSKey( IN BYTE const *pbCert, IN DWORD cbCert, IN BYTE const *pbKey, IN DWORD cbKey, IN DWORD dwKeySpec, IN BOOL fQuiet); #define BLOB_ROUND(cb) \ (((cb) + sizeof(CRYPT_DATA_BLOB) - 1) / sizeof(CRYPT_DATA_BLOB)) HRESULT myDecodeKMSRSAKey( IN BYTE const *pbKMSRSAKey, IN DWORD cbKMSRSAKey, IN ALG_ID aiKeyAlg, OUT BYTE **ppbKey, OUT DWORD *pcbKey); HRESULT myEncodeKMSRSAKey( IN BYTE const *pbKey, IN DWORD cbKey, OUT BYTE **ppbKMSRSAKey, OUT DWORD *pcbKMSRSAKey); HRESULT cuDumpAsnBinary( IN BYTE const *pbIn, IN DWORD cbIn, IN DWORD iElement); HRESULT cuDumpAsnBinaryQuiet( IN BYTE const *pb, IN DWORD cb, IN DWORD iElement); HRESULT cuSaveAsnToFile( IN BYTE const *pbIn, IN DWORD cbIn, IN int imajor, IN int ilevel, IN DWORD iElement, IN WCHAR const *pwszExtension); #define DVNS_DUMP 0x000000000 #define DVNS_VERIFYCERT 0x000000001 #define DVNS_REPAIRKPI 0x000000002 #define DVNS_CASTORE 0x000000004 #define DVNS_DUMPKEYS 0x000000008 #define DVNS_DUMPPROPERTIES 0x000000010 #define DVNS_SAVECERT 0x000000100 #define DVNS_SAVECRL 0x000000200 #define DVNS_SAVECTL 0x000000400 #define DVNS_SAVEPFX 0x000000800 #define DVNS_SAVEPVK 0x000001000 #define DVNS_WRITESTORE 0x000002000 #define DVNS_DSSTORE 0x000004000 HRESULT cuOpenCertStore( IN WCHAR const *pwszStoreName, IN OUT DWORD *pMode, OPTIONAL OUT WCHAR **ppwszStoreNameOut, OUT HCERTSTORE *phStore); HRESULT cuDumpAndVerifyStore( IN HCERTSTORE hStore, IN DWORD Mode, OPTIONAL IN WCHAR const *pwszCertName, IN DWORD iCertSave, IN DWORD iCRLSave, IN DWORD iCTLSave, OPTIONAL IN WCHAR const *pwszfnOut, OPTIONAL IN WCHAR const *pwszPassword); VOID cuDumpOIDAndDescriptionA( IN char const *pszObjId); VOID cuDumpOIDAndDescription( IN WCHAR const *pwszObjId); WCHAR const * cuwszFromExtFlags( IN DWORD ExtFlags); WCHAR const * cuwszPropType( IN LONG PropType); BOOL cuRegPrintDwordValue( IN BOOL fPrintNameAndValue, IN WCHAR const *pwszLookupName, IN WCHAR const *pwszDisplayName, IN DWORD dwValue); VOID cuRegPrintAwszValue( IN WCHAR const *pwszName, OPTIONAL IN WCHAR const * const *prgpwszValues); VOID cuPrintSchemaEntry( OPTIONAL IN WCHAR const *pwszName, IN WCHAR const *pwszDisplayName, IN LONG Type, IN LONG cbMax); VOID cuUnloadCert( IN OUT CERT_CONTEXT const **ppCertContext); HRESULT cuLoadCert( IN WCHAR const *pwszfnCert, OUT CERT_CONTEXT const **ppCertContext); VOID cuUnloadCRL( IN OUT CRL_CONTEXT const **ppCRLContext); HRESULT cuLoadCRL( IN WCHAR const *pwszfnCRL, OUT CRL_CONTEXT const **ppCRLContext); HRESULT cuVerifySignature( IN BYTE const *pbEncoded, IN DWORD cbEncoded, IN CERT_PUBLIC_KEY_INFO const *pcpki, IN BOOL fSuppressSuccess, IN BOOL fSuppressError); HRESULT cuDumpIssuerSerialAndSubject( IN CERT_NAME_BLOB const *pIssuer, IN CRYPT_INTEGER_BLOB const *pSerialNumber, OPTIONAL IN CERT_NAME_BLOB const *pSubject, OPTIONAL IN HCERTSTORE hStore); HRESULT cuDumpSigners( IN HCRYPTMSG hMsg, IN CHAR const *pszInnerContentObjId, IN HCERTSTORE hStore, IN DWORD cSigner, IN BOOL fContentEmpty, IN BOOL fVerifyOnly, OPTIONAL OUT BYTE *pbHashUserCert, OPTIONAL IN OUT DWORD *pcbHashUserCert); HRESULT cuDumpRecipients( IN HCRYPTMSG hMsg, IN HCERTSTORE hStoreWrapper, IN DWORD cRecipient, IN BOOL fQuiet); HRESULT cuDumpEncryptedAsnBinary( IN HCRYPTMSG hMsg, IN DWORD cRecipient, IN DWORD RecipientIndex, OPTIONAL IN HCERTSTORE hStoreWrapper, IN HCERTSTORE hStorePKCS7, IN BYTE const *pbIn, IN DWORD cbIn, IN BOOL fQuiet, OPTIONAL OUT BYTE **ppbDecrypted, OPTIONAL OUT DWORD *pcbDecrypted); #define VS_OTHERERROR 0x00000001 #define VS_EXPIRED 0x00000002 #define VS_REVOKED 0x00000004 #define VS_UNTRUSTEDROOT 0x00000008 #define VS_INCOMPLETECHAIN 0x00000010 #define VS_NOREVOCATIONCHECK 0x00000020 #define VS_REVOCATIONOFFLINE 0x00000040 #define VS_ROOT 0x40000000 #define VS_ROOTSIGOK 0x80000000 #define VS_ERRORMASK (VS_OTHERERROR | \ VS_EXPIRED | \ VS_REVOKED | \ VS_UNTRUSTEDROOT | \ VS_INCOMPLETECHAIN) HRESULT cuVerifyCertContext( IN CERT_CONTEXT const *pCert, OPTIONAL IN HCERTSTORE hStoreCA, IN DWORD cApplicationPolicies, OPTIONAL IN char const * const *apszApplicationPolicies, IN DWORD cIssuancePolicies, OPTIONAL IN char const * const *apszIssuancePolicies, IN BOOL fNTAuth, OUT DWORD *pVerifyState); VOID cuDisplayCDPUrlsFromCertOrCRL( OPTIONAL IN CERT_CONTEXT const *pCert, OPTIONAL IN CRL_CONTEXT const *pCRL); VOID cuDisplayAIAUrlsFromCert( IN CERT_CONTEXT const *pCert); HRESULT cuDisplayCertName( IN BOOL fMultiLine, OPTIONAL IN WCHAR const *pwszNamePrefix, IN WCHAR const *pwszName, IN WCHAR const *pwszPad, IN CERT_NAME_BLOB const *pNameBlob, OPTIONAL IN CERT_INFO const *pCertInfo); HRESULT cuDisplayCertNames( IN BOOL fMultiLine, OPTIONAL IN WCHAR const *pwszNamePrefix, IN CERT_INFO const *pCertInfo); HRESULT cuDisplayKeyId( IN CERT_PUBLIC_KEY_INFO const *pPublicKeyInfo, IN DWORD cExtension, OPTIONAL IN CERT_EXTENSION const *rgExtension); HRESULT cuDisplayHash( OPTIONAL IN WCHAR const *pwszPrefix, OPTIONAL IN CERT_CONTEXT const *pCertContext, OPTIONAL IN CRL_CONTEXT const *pCRLContext, IN DWORD dwPropId, IN WCHAR const *pwszHashName); VOID cuDisplayCAType( IN LONG CAType); HRESULT cuGetCertType( IN CERT_INFO const *pCertInfo, OPTIONAL OUT WCHAR **ppwszCertTypeNameV1, OPTIONAL OUT WCHAR **ppwszDisplayNameV1, OPTIONAL OUT WCHAR **ppwszCertTypeObjId, OPTIONAL OUT WCHAR **ppwszCertTypeName, OPTIONAL OUT WCHAR **ppwszDisplayName); HRESULT cuGetGroupMembership( IN WCHAR const *pwszSamName); HRESULT cuDumpCertType( OPTIONAL IN WCHAR const *pwszPrefix, IN CERT_INFO const *pCertInfo); HRESULT cuGetTemplateNames( IN WCHAR const *pwszTemplate, OUT WCHAR **ppwszCN, OUT WCHAR **ppwszDisplayName); VOID cuPrintCRLFString( IN WCHAR const *pwszPrefix, IN WCHAR const *pwszIn); int cuidCRLReason( IN LONG Reason); WCHAR const * cuGetOIDNameA( IN char const *pszObjId); WCHAR const * cuGetOIDName( IN WCHAR const *pwszObjId); VOID cuPrintPossibleObjectIdName( IN WCHAR const *pwszObjId); HRESULT cuLoadKeys( OPTIONAL IN WCHAR const *pwszProvName, IN OUT DWORD *pdwProvType, IN WCHAR const *pwszKeyContainerName, IN BOOL fMachineKeyset, IN BOOL fSoftFail, OPTIONAL OUT HCRYPTPROV *phProv, OPTIONAL OUT CERT_PUBLIC_KEY_INFO **ppPubKeyInfo, OPTIONAL OUT CERT_PUBLIC_KEY_INFO **ppPubKeyInfoXchg); VOID cuCAInfoUsage(VOID); DWORD cuFileSize( IN WCHAR const *pwszfn); HRESULT cuPingCertSrv( IN WCHAR const *pwszConfig, OPTIONAL OUT CAINFO **ppCAInfo); DWORD cuGetSystemStoreFlags(); HRESULT cuVerifyKeyAuthority( IN CERT_NAME_BLOB const *pIssuer, IN CERT_INFO const *pCertInfoCA, IN BYTE const *pbData, IN DWORD cbData, IN BOOL fQuiet, OUT BOOL *pfKeyAuthorityMatch); BOOL cuVerifyMinimumBaseCRL( IN CRL_CONTEXT const *pCRLBase, IN CRL_CONTEXT const *pCRLDelta); BOOL cuVerifyIDP( IN CERT_CONTEXT const *pCertSubject, IN CRL_CONTEXT const *pCRL);