//******************************************************************* // // Copyright(c) Microsoft Corporation, 1996 // // FILE: CERT.H // // PURPOSE: Header file for certificate functions in cert.c. // // HISTORY: // 96/09/23 vikramm Created. // 96/11/14 markdu BUG 10132 Updated to post-SDR CAPI. // 96/11/14 markdu BUG 10267 Remove static link to functions in advapi32.dll // //******************************************************************* #ifndef __CERT_H #define __CERT_H #ifndef IN #define IN #endif #ifndef OUT #define OUT #endif #ifndef OPTIONAL #define OPTIONAL #endif // Note: // Some data types are assumed and may need to be changed // // other defines #define MAX_STR 256 // Sting buffer size #define NUM_CHARS_PER_SN_BYTE 3 // Number of characters needed to display // each byte of the serial number // This struct and tags will be published by the exchange group -- this is temporary. #define NUM_CERT_TAGS 4 #define CERT_TAG_DEFAULT 0x20 #define CERT_TAG_THUMBPRINT 0x22 #define CERT_TAG_BINCERT 0x03 #define CERT_TAG_SYMCAPS 0x02 #define CERT_TAG_SIGNING_TIME 0x0D #define CERT_TAG_SMIMECERT 0x30 // SIZE_CERTTAGS is the size of the structure excluding the byte array. #define SIZE_CERTTAGS (2 * sizeof(WORD)) // useless warning, should probably just remove the [] #pragma warning (disable:4200) typedef struct _CertTag { WORD tag; WORD cbData; BYTE rgbData[]; } CERTTAGS, FAR * LPCERTTAGS; #pragma warning (default:4200) /************************************************************************************/ // Bare minimum info needed for each cert in the details certificate pane // typedef struct _CertDisplayInfo { LPTSTR lpszDisplayString; // String to display for this certificate LPTSTR lpszEmailAddress; DWORD dwTrust; // One of above trust flags BOOL bIsDefault; // Is this the default cert BOOL bIsRevoked; // Has this been revoked BOOL bIsExpired; // Is this expired BOOL bIsTrusted; // Is this a trusted certificate PCCERT_CONTEXT pccert; // THis is the actual cert BLOB blobSymCaps; // Symetric Capabilities FILETIME ftSigningTime; // Signing Time struct _CertDisplayInfo * lpNext; struct _CertDisplayInfo * lpPrev; } CERT_DISPLAY_INFO, * LPCERT_DISPLAY_INFO; /************************************************************************************/ /************************************************************************************/ // Details needed to display properties // typedef struct _CertDisplayProps { BOOL bIsRevoked; // Has this been revoked BOOL bIsExpired; // Is this expired DWORD dwTrust; // One of above trust flags BOOL bIsTrusted; // Whether its trusted or not LPTSTR lpszSerialNumber; // Serial Number for the cert LPTSTR lpszValidFromTo; // Valid from XXX to XXX LPTSTR lpszSubjectName; // Subject's name (same as display name in CERT_DISPLAY_INFO) LPTSTR lpszIssuerName; // Issuer's name - NULL if no name (self-issued) CRYPT_DIGEST_BLOB blobIssuerCertThumbPrint; // The actual certificate thumbprint of the issuer cert int nFieldCount; // Number of fields for which data exists (other that what we already have) LPTSTR* lppszFieldCount; // LPTSTR array of field names LPTSTR* lppszDetails; // LPTSTR array of details with one to one correspondence with field names struct _CertDisplayProps * lpIssuer; // Next cert up in the issuer chain. struct _CertDisplayProps * lpPrev; // previous cert in the issuer chain. } CERT_DISPLAY_PROPS, * LPCERT_DISPLAY_PROPS; /************************************************************************************/ /************************************************************************************/ // This is used by Cert UI elements typedef struct _CertItem { LPCERT_DISPLAY_INFO lpCDI; PCCERT_CONTEXT pcCert; TCHAR szDisplayText[MAX_PATH]; //should really be MAX_UI_STR struct _CertItem * lpNext; struct _CertItem * lpPrev; } CERT_ITEM, * LPCERT_ITEM; /************************************************************************************/ // Function prototypes //******************************************************************* // // FUNCTION: HrGetCertsDisplayInfo // // PURPOSE: Takes an input array of certs in a SPropValue structure // and outputs a list of cert data structures by parsing through // the array and looking up the cert data in the store. // // PARAMETERS: hwndParent - any UI is modal to this // lpPropValue - PR_USER_X509_CERTIFICATE property array // lppCDI - recieves an allocated structure containing // the cert data. Must be freed by calling FreeCertdisplayinfo. // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // //******************************************************************* HRESULT HrGetCertsDisplayInfo( IN HWND hwndParent, IN LPSPropValue lpPropValue, OUT LPCERT_DISPLAY_INFO * lppCDI); //******************************************************************* // // FUNCTION: HrSetCertsFromDisplayInfo // // PURPOSE: Takes a linked list of cert data structures and outputs // an SPropValue array of PR_USER_X509_CERTIFICATE properties. // // PARAMETERS: lpCDI - linked list of input structures to convert to // SPropValue array // lpulcPropCount - receives the number of SPropValue's returned // Note that this will always be one. // lppPropValue - receives a MAPI-allocated SPropValue structure // containing an X509_USER_CERTIFICATE property // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // //******************************************************************* HRESULT HrSetCertsFromDisplayInfo( IN LPCERT_ITEM lpCItem, OUT ULONG * lpulcPropCount, OUT LPSPropValue * lppPropValue); //******************************************************************* // // FUNCTION: HrGetCertDisplayProps // // PURPOSE: Get displayable properties and other data for a certificate. // // PARAMETERS: pblobCertThumbPrint - thumb print of certificate to look up // hcsCertStore - the store that holds the cert. Use NULL to // open the WAB store. // hCryptProvider - the provider to use for store access. Use // zero to get the provider. // dwTrust - trust flags for this cert. // bIsTrusted - trusted or not ... // lppCDP - recieves an allocated structure containing // the cert data. Must be freed by calling FreeCertdisplayprops. // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // //******************************************************************* HRESULT HrGetCertDisplayProps( IN PCRYPT_DIGEST_BLOB pblobCertThumbPrint, IN HCERTSTORE hcsCertStore, IN HCRYPTPROV hCryptProvider, IN DWORD dwTrust, IN BOOL bIsTrusted, OUT LPCERT_DISPLAY_PROPS * lppCDP); //******************************************************************* // // FUNCTION: HrImportCertFromFile // // PURPOSE: Import a cert from a file. // // PARAMETERS: lpszFileName - name of file containing the cert. // lppCDI - recieves an allocated structure containing // the cert data. Must be freed by calling FreeCertdisplayinfo. // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // //******************************************************************* HRESULT HrImportCertFromFile( IN LPTSTR lpszFileName, OUT LPCERT_DISPLAY_INFO * lppCDI); //******************************************************************* // // FUNCTION: HrExportCertToFile // // PURPOSE: Export a cert to a file. // // PARAMETERS: lpszFileName - name of file in which to store the cert. // If the file exists, it will be overwritten, so the caller // must verify that this is OK first if so desired. // pblobCertThumbPrint - thumb print of certificate to export. // lpCertDataBuffer - buffer to write cert data to instead of file // fWriteDataToBuffer - flag indicating where cert data should be written // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // 98/07/22 t-jstaj updated to take 3 add'l parameters, a data buffer, its length // and flag which will indicate whether or not to // write data to buffer or file. The memory allocated to // to the buffer needs to be freed by caller. // //******************************************************************* HRESULT HrExportCertToFile( IN LPTSTR lpszFileName, IN PCCERT_CONTEXT pccert, OUT LPBYTE *lpCertDataBuffer, OUT PULONG lpcbBufLen, IN BOOL fWriteDataToBuffer ); //******************************************************************* // // FUNCTION: FreeCertdisplayinfo // // PURPOSE: Release memory allocated for a CERT_DISPLAY_INFO structure. // Assumes all info in the structure was LocalAlloced // // PARAMETERS: lpCDI - structure to free. // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // //******************************************************************* void FreeCertdisplayinfo(LPCERT_DISPLAY_INFO lpCDI); //******************************************************************* // // FUNCTION: FreeCertdisplayprops // // PURPOSE: Release memory allocated for a CERT_DISPLAY_PROPS structure. // THIS INCLUDES the entire linked list below this sturcture, // so an entire list can be free by passing in the head of the list. // Assumes all info in the structure was LocalAlloced // // PARAMETERS: lpCDP - structure (list) to free. // // RETURNS: HRESULT. // // HISTORY: // 96/09/24 markdu Created. // //******************************************************************* void FreeCertdisplayprops(LPCERT_DISPLAY_PROPS lpCDP); //******************************************************************* // // FUNCTION: InitCryptoLib // // PURPOSE: Load the Crypto API libray and get the proc addrs. // // PARAMETERS: None. // // RETURNS: TRUE if successful, FALSE otherwise. // // HISTORY: // 96/10/01 markdu Created. // 96/11/19 markdu No longer keep a ref count, just use the global // library handles. // //******************************************************************* BOOL InitCryptoLib(void); //******************************************************************* // // FUNCTION: DeinitCryptoLib // // PURPOSE: Release the Crypto API libraries. // // PARAMETERS: None. // // RETURNS: None. // // HISTORY: // 96/10/01 markdu Created. // 96/11/19 markdu No longer keep a ref count, just call this in // DLL_PROCESS_DETACH. // //******************************************************************* void DeinitCryptoLib(void); //******************************************************************* // // FUNCTION: HrLDAPCertToMAPICert // // PURPOSE: Convert cert(s) returned from LDAP server to MAPI props. // Two properties are required. The certs are placed in the // WAB store, and all necessary indexing data is placed in // PR_USER_X509_CERTIFICATE property. If this certificate // didn't already exist in the WAB store, it's thumbprint is // added to PR_WAB_TEMP_CERT_HASH so that these certs can // be deleted from the store if the user cancels the add. // // PARAMETERS: lpPropArray - the prop array where the 2 props are stored // ulX509Index - the index to the PR_USER_X509_CERTIFICATE prop // ulTempCertIndex - the index to the PR_WAB_TEMP_CERT_HASH prop // lpCert, cbCert, - cert from LDAP ppberval struct // ulcCerts - the number of certs from the LDAP server // // RETURNS: HRESULT. // // HISTORY: // 96/12/12 markdu Created. // //******************************************************************* HRESULT HrLDAPCertToMAPICert( LPSPropValue lpPropArray, ULONG ulX509Index, ULONG ulTempCertIndex, ULONG cbCert, PBYTE lpCert, ULONG ulcCerts); //******************************************************************* // // FUNCTION: HrRemoveCertsFromWABStore // // PURPOSE: Remove the certs whose thumbprints are in the supplied // PR_WAB_TEMP_CERT_HASH property. // // PARAMETERS: lpPropValue - the PR_WAB_TEMP_CERT_HASH property // // RETURNS: HRESULT. // // HISTORY: // 96/12/13 markdu Created. // //******************************************************************* HRESULT HrRemoveCertsFromWABStore( LPSPropValue lpPropValue); //******************************************************************* // // FUNCTION: DeinitPStore // // PURPOSE: Release the protected store. // // PARAMETERS: None. // // RETURNS: None. // // HISTORY: // 97/02/17 t-erikne Created. // //******************************************************************* void DeinitPStore(void); //******************************************************************* // // FUNCTION: DeleteCertStuff // // PURPOSE: Remove trust from the pstore and (later) certs from // the CAPI store // // PARAMETERS: // LPADRBOOK lpIAB - container to use // LPENTRYID lpEntryID - eid of item to clean up // ULONG cbEntryID - cb of above // // RETURNS: I promise it does. // // HISTORY: // 97/03/19 t-erikne Created. // //******************************************************************* HRESULT DeleteCertStuff(LPADRBOOK lpIAB, LPENTRYID lpEntryID, ULONG cbEntryID); //******************************************************************* // // FUNCTION: WabGetCertFromThumbprint // // PURPOSE: Opens the WAB's cert store and tries to find the cert // the CAPI store // // PARAMETERS: // CRYPT_DIGEST_BLOB thumbprint - the thumbprint to // search on. // // RETURNS: the cert. NULL if not found // // HISTORY: // 97/06/27 t-erikne Created. // //******************************************************************* PCCERT_CONTEXT WabGetCertFromThumbprint(CRYPT_DIGEST_BLOB thumbprint); //************************************************************************************ // Crypto function typedefs // // Updated as of 2/3 // (t-erikne) // // CertAddEncodedCertificateToStore typedef BOOL (WINAPI * LPCERTADDENCODEDCERTIFICATETOSTORE) ( IN HCERTSTORE hCertStore, IN DWORD dwCertEncodingType, IN const BYTE *pbCertEncoded, IN DWORD cbCertEncoded, IN DWORD dwAddDisposition, OUT OPTIONAL PCCERT_CONTEXT *ppCertContext ); // CertCloseStore typedef BOOL (WINAPI * LPCERTCLOSESTORE) ( IN HCERTSTORE hCertStore, DWORD dwFlags ); // CertCreateCertificateContext typedef PCCERT_CONTEXT (WINAPI * LPCERTCREATECERTIFICATECONTEXT) ( IN DWORD dwCertEncodingType, IN const BYTE *pbCertEncoded, IN DWORD cbCertEncoded ); // CertDeleteCertificateFromStore typedef BOOL (WINAPI * LPCERTDELETECERTIFICATEFROMSTORE) ( IN PCCERT_CONTEXT pCertContext ); // CertFindCertificateInStore typedef PCCERT_CONTEXT (WINAPI * LPCERTFINDCERTIFICATEINSTORE) ( IN HCERTSTORE hCertStore, IN DWORD dwCertEncodingType, IN DWORD dwFindFlags, IN DWORD dwFindType, IN const void *pvFindPara, IN PCCERT_CONTEXT pPrevCertContext ); // CertFreeCertificateContext typedef BOOL (WINAPI * LPCERTFREECERTIFICATECONTEXT) ( IN PCCERT_CONTEXT pCertContext ); // CertGetCertificateContextProperty typedef BOOL (WINAPI * LPCERTGETCERTIFICATECONTEXTPROPERTY) ( IN PCCERT_CONTEXT pCertContext, IN DWORD dwPropId, OUT void *pvData, IN OUT DWORD *pcbData ); // CertGetIssuerCertificateFromStore typedef PCCERT_CONTEXT (WINAPI * LPCERTGETISSUERCERTIFICATEFROMSTORE) ( IN HCERTSTORE hCertStore, IN PCCERT_CONTEXT pSubjectContext, IN OPTIONAL PCCERT_CONTEXT pPrevIssuerContext, IN OUT DWORD *pdwFlags ); // CertOpenSystemStore typedef HCERTSTORE (WINAPI * LPCERTOPENSYSTEMSTORE) ( HCRYPTPROV hProv, LPTSTR szSubsystemProtocol ); // CertOpenStore typedef HCERTSTORE (WINAPI * LPCERTOPENSTORE) ( IN DWORD dwStoreProvType, IN DWORD dwCertEncodingType, IN HCRYPTPROV hCryptProv, IN DWORD dwFlags, IN void * pvPara ); // CertEnumCertificatesInStore typedef PCCERT_CONTEXT (WINAPI * LPCERTENUMCERTIFICATESINSTORE) ( IN HCERTSTORE hCertStore, IN PCCERT_CONTEXT pPrevCertContext ); // CertGetSubjectCertificateFromStore typedef PCCERT_CONTEXT (WINAPI * LPCERTGETSUBJECTCERTIFICATEFROMSTORE) ( IN HCERTSTORE hCertStore, IN DWORD dwCertEncodingType, IN PCERT_INFO pCertId ); // CertCompareCertificate typedef BOOL (WINAPI * LPCERTCOMPARECERTIFICATE) ( IN DWORD dwCertEncodingType, IN PCERT_INFO pCertId1, IN PCERT_INFO pCertId2 ); // CertDuplicateCertificateContext typedef PCCERT_CONTEXT (WINAPI * LPCERTDUPLICATECERTIFICATECONTEXT) ( IN PCCERT_CONTEXT pCertContext ); // CertNameToStrA //N the right thing to do is use WINCRYPT32API //N and fixt the import stuff typedef DWORD (WINAPI * LPCERTNAMETOSTR) ( IN DWORD dwCertEncodingType, IN PCERT_NAME_BLOB pName, IN DWORD dwStrType, OUT OPTIONAL LPTSTR psz, IN DWORD csz ); // CryptAcquireContext typedef BOOL (WINAPI * LPCRYPTACQUIRECONTEXT) ( HCRYPTPROV *phProv, LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType, DWORD dwFlags); // CryptDecodeObject typedef BOOL (WINAPI * LPCRYPTDECODEOBJECT) ( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN const BYTE *pbEncoded, IN DWORD cbEncoded, IN DWORD dwFlags, OUT void *pvStructInfo, IN OUT DWORD *pcbStructInfo ); // CryptMsgClose typedef BOOL (WINAPI * LPCRYPTMSGCLOSE) ( IN HCRYPTMSG hCryptMsg ); // CryptMsgGetParam typedef BOOL (WINAPI * LPCRYPTMSGGETPARAM) ( IN HCRYPTMSG hCryptMsg, IN DWORD dwParamType, IN DWORD dwIndex, OUT void *pvData, IN OUT DWORD *pcbData ); // CryptMsgOpenToDecode typedef HCRYPTMSG (WINAPI * LPCRYPTMSGOPENTODECODE) ( IN DWORD dwMsgEncodingType, IN DWORD dwFlags, IN DWORD dwMsgType, IN HCRYPTPROV hCryptProv, IN OPTIONAL PCERT_INFO pRecipientInfo, IN OPTIONAL PCMSG_STREAM_INFO pStreamInfo ); // CryptMsgUpdate typedef BOOL (WINAPI * LPCRYPTMSGUPDATE) ( IN HCRYPTMSG hCryptMsg, IN const BYTE *pbData, IN DWORD cbData, IN BOOL fFinal ); // CryptReleaseContext typedef BOOL (WINAPI * LPCRYPTRELEASECONTEXT) ( HCRYPTPROV hProv, DWORD dwFlags); typedef PCERT_RDN_ATTR (WINAPI * LPCERTFINDRDNATTR) ( IN LPCSTR pszObjId, IN PCERT_NAME_INFO pName ); // CertRDNValueToStr typedef DWORD (WINAPI * LPCERTRDNVALUETOSTR) ( IN DWORD dwValueType, IN PCERT_RDN_VALUE_BLOB pValue, OUT LPTSTR pszValueString, IN DWORD cszValueString); // CertVerifyTimeValidity typedef LONG (WINAPI * LPCERTVERIFYTIMEVALIDITY) ( IN LPFILETIME pTimeToVerify, IN PCERT_INFO pCertInfo); #endif // include once