Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2157 lines
47 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1995 - 1999
//
// File: certgen.cpp
//
//--------------------------------------------------------------------------
#include <pch.cpp>
#pragma hdrstop
#include <conio.h>
#include "encode.h"
#include "rsa.h"
#include "md5.h"
#include <wincrypt.h>
#include <certsrv.h>
#include <certca.h>
#include <csdisp.h>
#include "csprop.h"
#define MSTOSEC(ms) (((ms) + 1000 - 1)/1000)
DWORD g_crdnMax;
HCRYPTPROV g_hMe = NULL;
WCHAR g_wszTestKey[] = L"CertGen_TestKey";
static unsigned char MD5_PRELUDE[] = {
0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00,
0x04, 0x10
};
BYTE g_CAPIPrivateKey[1000];
DWORD g_cbPrivateKey;
//LPBSAFE_PRV_KEY g_pRSAPrivateKey;
DWORD g_cbRSAPrivateKey;
LPBSAFE_PUB_KEY g_pRSAPublicKey;
DWORD g_cbRSAPublicKey;
WCHAR *g_pwszConfig = NULL;
typedef struct {
DWORD magic; // Should always be RSA2
DWORD bitlen; // bit size of key
DWORD pubexp; // public exponent
} EXPORT_PRV_KEY;
BOOL g_fRPC = FALSE;
BOOL g_fRenewal = FALSE;
BOOL g_fSave = FALSE;
BOOL g_fPrintProperties = FALSE;
BOOL g_fDebug = FALSE;
BOOL g_fIgnoreAccessDenied = FALSE;
BOOL g_fTime = FALSE;
BOOL g_fIgnoreError = FALSE;
BOOL g_fAllowDups = FALSE;
BOOL g_fShowTime = FALSE;
BOOL g_fEnterpriseCA = FALSE;
LONG g_IntervalCount;
DWORD g_MaximumCount = MAXDWORD;
DWORD g_DispatchFlags = DISPSETUP_COMFIRST;
BOOL IsCharPrintableString(TCHAR chChar);
WCHAR wszUsage[] =
TEXT("Usage: CertGen [options]\n")
TEXT("Options are:\n")
TEXT(" -a - ignore denied requests\n")
TEXT(" -c # - generate # certs\n")
TEXT(" -config server\\CAName - specify CA config string\n")
TEXT(" -d - debug\n")
TEXT(" -e - Enterprise CA\n")
TEXT(" -i - don't stop on request errors\n")
TEXT(" -m - print start/end time\n")
TEXT(" -p - print properties from cert created\n")
TEXT(" -r - put request/cert/chain info into test.req/test.crt/testchain.crt\n")
TEXT(" -renewal - generate renewal requests\n")
TEXT(" -rpc - use RPC to connect to server\n")
TEXT(" -t # - print time statistics every # certs\n")
TEXT(" -z - allow duplicate subject name components\n")
;
HRESULT
SeedRNG(void)
{
HRESULT hr;
unsigned int seed;
if (!CryptGenRandom(g_hMe, sizeof(seed), (BYTE *) &seed))
{
hr = myHLastError();
_JumpError(hr, error, "CryptGenRandom");
}
srand(seed);
hr = S_OK;
error:
return(hr);
}
HRESULT
GenerateString(
DWORD cnt,
BYTE *pbStr)
{
HRESULT hr;
DWORD i;
BYTE *pb;
hr = SeedRNG();
_JumpIfError(hr, error, "SeedRNG");
pb = pbStr;
for (i = 0; i < cnt; i++)
{
do
{
*pb = rand() % 0x7f;
} while (!IsCharPrintableString(*pb));
pb++;
}
*pb = '\0';
// Turn leading and trailing Blanks into '.' characters?
if (g_fAllowDups && 0 < cnt)
{
if (' ' == *pbStr)
{
*pbStr = '.';
}
pb--;
if (' ' == *pb)
{
*pb = '.';
}
}
error:
return(hr);
}
void
FreeLocalMemory(
NAMETABLE *pNameTable)
{
NAMEENTRY *pNameEntry = NULL;
DWORD i;
pNameEntry = pNameTable->pNameEntry;
for (i = 0; i < pNameTable->cnt; i++)
{
if (NULL != pNameEntry->pbData)
{
LocalFree(pNameEntry->pbData);
}
pNameEntry++;
}
LocalFree(pNameTable->pNameEntry);
}
HRESULT
GenerateNameTable(
NAMETABLE *pNameTable)
{
HRESULT hr;
NAMEENTRY *pNameEntryAlloc = NULL;
NAMEENTRY *pNameEntry;
DWORD cbString;
BYTE *pbString;
DWORD i;
DWORD j;
DWORD cRetry;
hr = SeedRNG();
_JumpIfError(hr, error, "SeedRNG");
pNameTable->cnt = rand() % g_crdnMax; // 0 is Ok
if (1 < g_fPrintProperties)
{
wprintf(L"NumEntries = %u\n", pNameTable->cnt);
}
for (i = 0; i < g_crdnSubject; i++)
{
g_ardnSubject[i].cbRemain = g_ardnSubject[i].cbMaxConcatenated;
}
pNameEntryAlloc = (NAMEENTRY *) LocalAlloc(
LMEM_FIXED | LMEM_ZEROINIT,
pNameTable->cnt * sizeof(NAMEENTRY));
if (NULL == pNameEntryAlloc)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
pNameTable->pNameEntry = pNameEntryAlloc;
for (i = 0; i < pNameTable->cnt; i++)
{
RDNENTRY *prdne = NULL;
pNameEntry = &pNameTable->pNameEntry[i];
for (cRetry = 0; !g_fAllowDups || cRetry < 2 * pNameTable->cnt; cRetry++)
{
pNameEntry->iRDN = rand() % g_crdnSubject;
prdne = &g_ardnSubject[pNameEntry->iRDN];
if (g_fAllowDups)
{
if (2 > prdne->cbRemain)
{
continue; // Skip if less than 2 characters left
}
}
else
{
for (j = 0; j < i; j++)
{
if (pNameEntry->iRDN == pNameTable->pNameEntry[j].iRDN)
{
break;
}
}
if (j < i)
{
continue; // Skip if a disallowed duplicate
}
}
break;
}
if (g_fAllowDups && cRetry >= 2 * pNameTable->cnt)
{
if (1 < g_fPrintProperties)
{
wprintf(L"Reducing NumEntries = %u --> %i\n", pNameTable->cnt, i);
}
pNameTable->cnt = i; // too many retries -- reduce count & quit
break;
}
if (NULL == prdne)
{
hr = E_UNEXPECTED;
_JumpError(hr, error, "prdne NULL");
}
pNameEntry->pszObjId = prdne->pszObjId;
pNameEntry->BerTag = prdne->BerTag;
assert(2 <= prdne->cbRemain);
do
{
cbString = rand() % min(prdne->cbMaxString, prdne->cbRemain);
} while (0 == cbString);
// Reduce remaining count by length of string plus separator: "\n"
if (1 < g_fPrintProperties)
{
wprintf(
L" RDN(%u): %hs=%u/%u/%u/",
i,
prdne->pszShortName,
cbString,
prdne->cbMaxString,
prdne->cbRemain);
}
prdne->cbRemain -= cbString;
if (0 < prdne->cbRemain)
{
prdne->cbRemain--;
}
// Limit each string to (prdne->cbMaxString + 1) chars, including
// trailing '\0':
assert(cbString <= prdne->cbMaxString); // leave room for '\0' in DB
pbString = (BYTE *) LocalAlloc(LMEM_FIXED, cbString + 1);
if (NULL == pbString)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
hr = GenerateString(cbString, pbString);
_JumpIfError(hr, error, "GenerateString");
if (1 < g_fPrintProperties)
{
wprintf(L"%u: \"%hs\"\n", prdne->cbRemain, pbString);
}
pNameEntry->cbData = cbString;
pNameEntry->pbData = pbString;
}
pNameEntryAlloc = NULL;
error:
if (NULL != pNameEntryAlloc)
{
FreeLocalMemory(pNameTable);
}
return(hr);
}
HRESULT
GenerateTestNameTable(
NAMETABLE *pNameTable)
{
HRESULT hr;
NAMEENTRY *pNameEntryAlloc = NULL;
NAMEENTRY *pNameEntry;
DWORD cbString;
BYTE *pbString;
DWORD i;
DWORD j;
char szTest[2];
pNameEntryAlloc = (NAMEENTRY *) LocalAlloc(
LMEM_FIXED | LMEM_ZEROINIT,
sizeof(NAMEENTRY) * g_crdnSubject);
if (NULL == pNameEntryAlloc)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
pNameTable->cnt = g_crdnSubject;
pNameTable->pNameEntry = pNameEntryAlloc;
szTest[0] = 'a';
szTest[1] = '\0';
for (i = 0; i < g_crdnSubject; i++)
{
pNameEntry = &pNameTable->pNameEntry[i];
pNameEntry->pszObjId = g_ardnSubject[i].pszObjId;
pNameEntry->BerTag = g_ardnSubject[i].BerTag;
pbString = (BYTE *) LocalAlloc(LMEM_FIXED, sizeof(szTest));
if (NULL == pbString)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
CopyMemory(pbString, szTest, sizeof(szTest));
pNameEntry->cbData = sizeof(szTest) - 1;
pNameEntry->pbData = pbString;
if ('z' == szTest[0])
{
szTest[0] = 'a';
}
else
{
szTest[0]++;
}
}
pNameEntryAlloc = NULL;
hr = S_OK;
error:
if (NULL != pNameEntryAlloc)
{
FreeLocalMemory(pNameTable);
}
return(hr);
}
BOOL
PreparePrivateKeyForImport(
IN BYTE *pbBlob,
IN DWORD cbBlob,
OUT BSAFE_PRV_KEY *pPriKey,
IN OUT DWORD *pcbPriKey,
OUT BSAFE_PUB_KEY *pPubKey,
IN OUT DWORD *pcbPubKey)
{
EXPORT_PRV_KEY *pExportKey = (EXPORT_PRV_KEY *) pbBlob;
DWORD cbHalfModLen;
DWORD cbPub;
DWORD cbPri;
BYTE *pbIn;
BYTE *pbOut;
if (RSA2 != pExportKey->magic)
{
return(FALSE);
}
cbHalfModLen = pExportKey->bitlen / 16;
cbPub = sizeof(BSAFE_PUB_KEY) + (cbHalfModLen + sizeof(DWORD)) * 2;
cbPri = sizeof(BSAFE_PRV_KEY) + (cbHalfModLen + sizeof(DWORD)) * 10;
if (NULL == pPriKey || NULL == pPubKey)
{
*pcbPubKey = cbPub;
*pcbPriKey = cbPri;
return(TRUE);
}
if (*pcbPubKey < cbPub || *pcbPriKey < cbPri)
{
*pcbPubKey = cbPub;
*pcbPriKey = cbPri;
return(FALSE);
}
else
{
// form the public key
ZeroMemory(pPubKey, *pcbPubKey);
pPubKey->magic = RSA1;
pPubKey->keylen = (cbHalfModLen + sizeof(DWORD)) * 2;
pPubKey->bitlen = pExportKey->bitlen;
pPubKey->datalen = cbHalfModLen * 2 - 1;
pPubKey->pubexp = pExportKey->pubexp;
pbIn = pbBlob + sizeof(EXPORT_PRV_KEY);
pbOut = (BYTE *) pPubKey + sizeof(BSAFE_PUB_KEY);
CopyMemory(pbOut, pbIn, cbHalfModLen * 2);
// form the private key
ZeroMemory(pPriKey, *pcbPriKey);
pPriKey->magic = pExportKey->magic;
pPriKey->keylen = (cbHalfModLen + sizeof(DWORD)) * 2;
pPriKey->bitlen = pExportKey->bitlen;
pPriKey->datalen = cbHalfModLen * 2 - 1;
pPriKey->pubexp = pExportKey->pubexp;
pbOut = (BYTE *) pPriKey + sizeof(BSAFE_PRV_KEY);
CopyMemory(pbOut, pbIn, cbHalfModLen * 2);
pbOut += (cbHalfModLen + sizeof(DWORD)) * 2;
pbIn += cbHalfModLen * 2;
CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD);
pbIn += cbHalfModLen;
CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD);
pbIn += cbHalfModLen;
CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD);
pbIn += cbHalfModLen;
CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD);
pbIn += cbHalfModLen;
CopyMemory(pbOut, pbIn, cbHalfModLen);
pbOut += cbHalfModLen + sizeof(DWORD);
pbIn += cbHalfModLen;
CopyMemory(pbOut, pbIn, cbHalfModLen * 2);
}
*pcbPubKey = cbPub;
*pcbPriKey = cbPri;
return(TRUE);
}
HRESULT
GetPrivateKeyStuff(
PctPrivateKey **ppKey)
{
HRESULT hr;
BYTE *pbData;
PctPrivateKey *pKey = NULL;
HCRYPTKEY hKey = NULL;
if (!CryptAcquireContext(
&g_hMe,
g_wszTestKey,
MS_DEF_PROV,
PROV_RSA_FULL,
CRYPT_DELETEKEYSET))
{
hr = myHLastError();
_PrintError(hr, "CryptAcquireContext");
}
if (!CryptAcquireContext(
&g_hMe,
g_wszTestKey,
MS_DEF_PROV,
PROV_RSA_FULL,
CRYPT_NEWKEYSET))
{
hr = myHLastError();
_JumpError(hr, error, "CryptAcquireContext");
}
if (!CryptGetUserKey(g_hMe, AT_SIGNATURE, &hKey))
{
hr = myHLastError();
_PrintError2(hr, "CryptGetUserKey", hr);
if (!CryptGenKey(g_hMe, AT_SIGNATURE, CRYPT_EXPORTABLE, &hKey))
{
hr = myHLastError();
_JumpError(hr, error, "CryptGenKey");
}
}
g_cbPrivateKey = sizeof(g_CAPIPrivateKey);
if (!CryptExportKey(
hKey,
0,
PRIVATEKEYBLOB,
0L,
&g_CAPIPrivateKey[0],
&g_cbPrivateKey))
{
hr = myHLastError();
_JumpError(hr, error, "CryptExportKey");
}
pbData = &g_CAPIPrivateKey[sizeof(BLOBHEADER)];
if (!PreparePrivateKeyForImport(
pbData,
g_cbPrivateKey - sizeof(BLOBHEADER),
NULL,
&g_cbRSAPrivateKey,
NULL,
&g_cbRSAPublicKey))
{
hr = NTE_BAD_KEY;
_JumpError(hr, error, "PreparePrivateKeyForImport");
}
pKey = (PctPrivateKey *) LocalAlloc(
LMEM_FIXED,
g_cbRSAPrivateKey + sizeof(PctPrivateKey));
g_pRSAPublicKey = (BSAFE_PUB_KEY *) LocalAlloc(
LMEM_FIXED,
g_cbRSAPublicKey);
if (pKey == NULL || g_pRSAPublicKey == NULL)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
pKey->cbKey = g_cbRSAPrivateKey;
if (!PreparePrivateKeyForImport(
pbData,
g_cbPrivateKey - sizeof(BLOBHEADER),
(BSAFE_PRV_KEY *) pKey->pKey,
&g_cbRSAPrivateKey,
g_pRSAPublicKey,
&g_cbRSAPublicKey))
{
hr = NTE_BAD_KEY;
_JumpError(hr, error, "PreparePrivateKeyForImport");
}
hr = S_OK;
error:
if (NULL != hKey)
{
CryptDestroyKey(hKey);
}
*ppKey = pKey;
return(hr);
}
VOID
ReverseMemCopy(
OUT BYTE *pbDest,
IN BYTE const *pbSource,
IN DWORD cb)
{
BYTE *pb;
pb = pbDest + cb - 1;
do
{
*pb-- = *pbSource++;
} while (pb >= pbDest);
}
BOOL WINAPI
SigRSAMD5Sign(
IN BYTE *pbData,
IN DWORD cbData,
OUT BYTE *pbSigned,
OUT DWORD *pcbSigned,
IN PctPrivateKey const *pKey)
{
MD5_CTX DigCtx;
BSAFE_PRV_KEY *pk = (BSAFE_PRV_KEY *) pKey->pKey;
BYTE LocalBuffer[300];
BYTE LocalOutput[300];
DWORD cb;
//DumpHex(pbData, cbData);
if (pk->datalen > sizeof(LocalBuffer))
{
return(FALSE);
}
// Generate the checksum
MD5Init(&DigCtx);
MD5Update(&DigCtx, pbData, cbData);
MD5Final(&DigCtx);
FillMemory(LocalBuffer, pk->keylen, 0);
ReverseMemCopy(LocalBuffer, DigCtx.digest, 16);
ReverseMemCopy(LocalBuffer + 16, MD5_PRELUDE, sizeof(MD5_PRELUDE));
cb = sizeof(MD5_PRELUDE) + 16;
LocalBuffer[cb++] = 0;
while (cb < pk->datalen - 1)
{
LocalBuffer[cb++] = 0xff;
}
// Make into pkcs block type 1
LocalBuffer[pk->datalen - 1] = 1;
*pcbSigned = pk->datalen + 1;
if (!BSafeDecPrivate(pk, LocalBuffer, LocalOutput))
{
return(FALSE);
}
ReverseMemCopy(pbSigned, LocalOutput, *pcbSigned);
//DumpHex(pbSigned, *pcbSigned);
return(TRUE);
}
long
EncodeSubjectPubKeyInfo(
IN PctPrivateKey const *pKey,
OUT BYTE *pbBuffer)
{
BYTE *pbEncoded;
LONG cbResult;
LONG cbResultHeader;
LONG PkResult;
LONG PkResultHeader;
BYTE *pbSave;
BYTE *pbBitString;
BYTE *pbBitStringBase;
BYTE *pbTop;
DWORD EstimatedLength;
BSAFE_PRV_KEY *pk = (BSAFE_PRV_KEY *) pKey->pKey;
// Encode public key now...
EstimatedLength = pk->datalen + 32;
pbEncoded = pbBuffer;
cbResultHeader = EncodeHeader(pbEncoded, EstimatedLength);
pbEncoded += cbResultHeader;
pbTop = pbEncoded;
cbResult = EncodeAlgorithm(pbEncoded, ALGTYPE_KEYEXCH_RSA_MD5);
if (0 > cbResult)
{
return(-1);
}
pbEncoded += cbResult;
// now, serialize the rsa key data:
pbBitString = (BYTE *) LocalAlloc(LMEM_FIXED, EstimatedLength);
if (NULL == pbBitString)
{
return(-1);
}
pbBitStringBase = pbBitString;
// Encode the Sequence header, public key base and exponent as integers
PkResultHeader = EncodeHeader(pbBitString, EstimatedLength);
pbBitString += PkResultHeader;
pbSave = pbBitString;
PkResult = EncodeInteger(pbBitString, (BYTE *) (pk + 1), pk->keylen);
pbBitString += PkResult;
PkResult = EncodeInteger(pbBitString, (BYTE *) &pk->pubexp, sizeof(DWORD));
pbBitString += PkResult;
// Rewrite the bitstring header with an accurate length.
PkResult = EncodeHeader(
pbBitStringBase,
SAFE_SUBTRACT_POINTERS(pbBitString, pbSave));
// Encode the public key sequence as a raw bitstring, and free the memory.
cbResult = EncodeBitString(
pbEncoded,
pbBitStringBase,
SAFE_SUBTRACT_POINTERS(pbBitString, pbBitStringBase));
pbEncoded += cbResult;
LocalFree(pbBitStringBase);
// Rewrite the header with an accurate length.
cbResult = EncodeHeader(pbBuffer, SAFE_SUBTRACT_POINTERS(pbEncoded, pbTop));
return(cbResult + SAFE_SUBTRACT_POINTERS(pbEncoded, pbTop));
}
#if 0
a0 <len> BER_OPTIONAL | 0 -- Request Attributes
30 <len> BER_SEQUENCE
06 <len> BER_OBJECT_ID -- szOID_CERT_EXTENSIONS
31 <len> BER_SET
30 <len> BER_SEQUENCE
30 <len> BER_SEQUENCE (extension[0])
06 <len> BER_OBJECT_ID
01 <len> BER_BOOL (Optional)
04 <len> BER_OCTET_STRING
30 <len> BER_SEQUENCE (extension[1])
06 <len> BER_OBJECT_ID
04 <len> BER_OCTET_STRING
30 <len> BER_SEQUENCE (extension[2])
06 <len> BER_OBJECT_ID
04 <len> BER_OCTET_STRING
#endif
long
AllocEncodeUnicodeString(
IN WCHAR const *pwszCertType,
OUT BYTE **ppbOut)
{
BYTE *pb = NULL;
LONG cb;
cb = EncodeUnicodeString(NULL, pwszCertType);
pb = (BYTE *) LocalAlloc(LMEM_FIXED, cb);
if (NULL == pb)
{
cb = -1;
goto error;
}
*ppbOut = pb;
EncodeUnicodeString(pb, pwszCertType);
error:
return(cb);
}
long
AllocEncodeExtensionArray(
IN DWORD cExt,
IN CERT_EXTENSION const *aExt,
OUT BYTE **ppbExtensions)
{
BYTE *pb;
DWORD i;
LONG cb;
LONG cbExtTotal;
LONG acbLen[3];
LONG *acbExt = NULL;
*ppbExtensions = NULL;
acbExt = (LONG *) LocalAlloc(LMEM_FIXED, cExt * sizeof(acbExt[0]));
if (NULL == acbExt)
{
cbExtTotal = -1;
_JumpError(-1, error, "LocalAlloc");
}
// Construct size from the bottom up.
cbExtTotal = 0;
for (i = 0; i < cExt; i++)
{
// BER_OBJECT_ID: Extension OID
cb = EncodeObjId(NULL, aExt[i].pszObjId);
if (-1 == cb)
{
_JumpError(-1, error, "EncodeObjId");
}
acbExt[i] = cb;
if (aExt[i].fCritical)
{
// BER_BOOL: fCritical
acbExt[i] += 1 + EncodeLength(NULL, 1);
acbExt[i]++; // boolean value
}
// BER_OCTET_STRING: Extension octet string value
acbExt[i] += 1 + EncodeLength(NULL, aExt[i].Value.cbData);
acbExt[i] += aExt[i].Value.cbData; // octet string
// BER_SEQUENCE: Extension Sequence
cbExtTotal += 1 + EncodeLength(NULL, acbExt[i]);
cbExtTotal += acbExt[i];
}
// BER_SEQUENCE: Extension Array Sequence
acbLen[2] = cbExtTotal;
cbExtTotal += 1 + EncodeLength(NULL, cbExtTotal);
// BER_SET: Attribute Value
acbLen[1] = cbExtTotal;
cbExtTotal += 1 + EncodeLength(NULL, cbExtTotal);
// BER_OBJECT_ID: Attribute OID
cb = EncodeObjId(NULL, szOID_CERT_EXTENSIONS);
if (-1 == cb)
{
_JumpError(-1, error, "EncodeObjId");
}
cbExtTotal += cb;
// BER_SEQUENCE: Attribute Array Sequence
acbLen[0] = cbExtTotal;
cbExtTotal += 1 + EncodeLength(NULL, cbExtTotal);
// Allocate memory and encode the extensions
pb = (BYTE *) LocalAlloc(LMEM_FIXED, cbExtTotal);
if (NULL == pb)
{
cbExtTotal = -1;
_JumpError(-1, error, "LocalAlloc");
}
*ppbExtensions = pb;
*pb++ = BER_SEQUENCE; // Attribute Array Sequence
pb += EncodeLength(pb, acbLen[0]);
pb += EncodeObjId(pb, szOID_CERT_EXTENSIONS);
*pb++ = BER_SET; // Attribute Value
pb += EncodeLength(pb, acbLen[1]);
*pb++ = BER_SEQUENCE; // Extension Array Sequence
pb += EncodeLength(pb, acbLen[2]);
CSASSERT(*ppbExtensions + cbExtTotal >= pb);
for (i = 0; i < cExt; i++)
{
CSASSERT(*ppbExtensions + cbExtTotal > pb);
*pb++ = BER_SEQUENCE; // Extension Sequence
pb += EncodeLength(pb, acbExt[i]);
// BER_OBJECT_ID: Extension OID
pb += EncodeObjId(pb, aExt[i].pszObjId);
if (aExt[i].fCritical)
{
*pb++ = BER_BOOL; // fCritical
pb += EncodeLength(pb, 1);
*pb++ = 0xff;
}
*pb++ = BER_OCTET_STRING; // Extension octet string value
pb += EncodeLength(pb, aExt[i].Value.cbData);
CopyMemory(pb, aExt[i].Value.pbData, aExt[i].Value.cbData);
pb += aExt[i].Value.cbData;
}
CSASSERT(*ppbExtensions + cbExtTotal == pb);
error:
if (NULL != acbExt)
{
LocalFree(acbExt);
}
return(cbExtTotal);
}
long
EncodeExtensions(
IN WCHAR const *pwszCertType,
OUT BYTE **ppbExtensions)
{
LONG cbExt;
BYTE *pbExt = NULL;
CERT_EXTENSION aExt[1];
DWORD cExt = 0;
DWORD i;
// Allocate memory and construct the CertType extension:
aExt[cExt].pszObjId = szOID_ENROLL_CERTTYPE_EXTENSION;
aExt[cExt].fCritical = FALSE;
aExt[cExt].Value.cbData = AllocEncodeUnicodeString(
pwszCertType,
&aExt[cExt].Value.pbData);
//DumpHex(aExt[cExt].Value.pbData, aExt[cExt].Value.cbData);
cExt++;
cbExt = AllocEncodeExtensionArray(cExt, aExt, ppbExtensions);
if (-1 == cbExt)
{
_JumpError(-1, error, "AllocEncodeExtensionArray");
}
error:
for (i = 0; i < cExt; i++)
{
if (NULL != aExt[i].Value.pbData)
{
LocalFree(aExt[i].Value.pbData);
}
}
return(cbExt);
}
HRESULT
EncodeRequest(
IN PctPrivateKey const *pKey,
IN NAMETABLE const *pNameTable,
OUT BYTE **ppbRequest,
OUT DWORD *pcbRequest)
{
HRESULT hr;
BYTE *pbRequest0Alloc = NULL;
BYTE *pbRequest1Alloc = NULL;
BYTE *pbSigAlloc = NULL;
BYTE *pbRequest0;
BYTE *pbSave;
BYTE *pbEncoded;
BYTE *pbExt;
LONG cbExt;
LONG cbResult;
LONG cbEncoded;
BYTE bZero;
LONG cbDN;
DWORD cbRequest0;
DWORD cbRequest1;
LONG cbLenRequest;
BSAFE_PRV_KEY *pk = (BSAFE_PRV_KEY *) pKey->pKey;
cbExt = EncodeExtensions(L"User", &pbExt);
if (-1 == cbExt)
{
hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
_JumpError(hr, error, "EncodeExtensions");
}
//DumpHex(pbExt, cbExt);
cbDN = EncodeDN(NULL, pNameTable);
if (-1 == cbDN)
{
hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
_JumpError(hr, error, "EncodeDN");
}
cbRequest0 = pk->datalen + 32 + cbDN + 16 + cbExt + 3;
pbRequest0Alloc = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest0);
if (NULL == pbRequest0Alloc)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
pbRequest0 = pbRequest0Alloc;
pbEncoded = pbRequest0;
// Encode BER_SEQUENCE: Version+Subject+Key+Attributes Sequence
cbLenRequest = EncodeHeader(pbEncoded, cbRequest0);
pbEncoded += cbLenRequest;
pbSave = pbEncoded; // Save pointer past sequence length
// Encode integer 0: Version 1 PKCS10
bZero = (BYTE) CERT_REQUEST_V1;
pbEncoded += EncodeInteger(pbEncoded, &bZero, sizeof(bZero));
// Encode sequence of names
cbResult = EncodeDN(pbEncoded, pNameTable);
if (0 > cbResult)
{
hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
_JumpError(hr, error, "EncodeDN");
}
pbEncoded += cbResult;
cbResult = EncodeSubjectPubKeyInfo(pKey, pbEncoded);
if (0 > cbResult)
{
hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
_JumpError(hr, error, "EncodeSubjectPubKeyInfo");
}
pbEncoded += cbResult;
// Encode attributes:
// BER_OPTIONAL | 0: Attribute Field
cbResult = EncodeAttributeHeader(pbEncoded, cbExt);
pbEncoded += cbResult;
CopyMemory(pbEncoded, pbExt, cbExt);
pbEncoded += cbExt;
// Encode BER_SEQUENCE: Version+Subject+Key+Attributes Sequence (again)
cbEncoded = SAFE_SUBTRACT_POINTERS(pbEncoded, pbSave);
cbResult = EncodeHeader(pbRequest0, cbEncoded);
// If the header sequence length takes up less space than we anticipated,
// add the difference to the base pointer and encode the header again,
// right before the encoded data.
if (cbResult != cbLenRequest)
{
CSASSERT(cbResult < cbLenRequest);
pbRequest0 += cbLenRequest - cbResult;
// Encode BER_SEQUENCE: Version+Subject+Key+Attributes Sequence (again)
cbResult = EncodeHeader(pbRequest0, cbEncoded);
}
cbRequest0 = cbResult + SAFE_SUBTRACT_POINTERS(pbEncoded, pbSave);
//DumpHex(pbRequest0, cbRequest0);
// How much space do we need?
cbRequest1 = cbRequest0 + pk->datalen + 32;
pbRequest1Alloc = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest1);
if (NULL == pbRequest1Alloc)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
pbEncoded = pbRequest1Alloc;
// Encode BER_SEQUENCE: outer Request Sequence
cbLenRequest = EncodeHeader(pbEncoded, cbRequest1);
pbEncoded += cbLenRequest;
pbSave = pbEncoded; // Save pointer past outer sequence length
CopyMemory(pbEncoded, pbRequest0, cbRequest0);
pbEncoded += cbRequest0;
cbResult = EncodeAlgorithm(pbEncoded, ALGTYPE_SIG_RSA_MD5);
pbEncoded += cbResult;
//DumpHex(pbRequest1Alloc, cbRequest1);
cbResult = pk->datalen + 16;
pbSigAlloc = (BYTE *) LocalAlloc(LMEM_FIXED, cbResult);
if (NULL == pbSigAlloc)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
if (!SigRSAMD5Sign(
pbRequest0,
cbRequest0,
pbSigAlloc,
(DWORD *) &cbResult,
pKey))
{
hr = E_FAIL;
_JumpError(hr, error, "SigRSAMD5Sign");
}
pbEncoded += EncodeBitString(pbEncoded, pbSigAlloc, cbResult);
cbEncoded = SAFE_SUBTRACT_POINTERS(pbEncoded, pbSave);
cbResult = EncodeHeader(pbRequest1Alloc, cbEncoded);
cbRequest1 = cbResult + cbEncoded;
if (cbResult != cbLenRequest)
{
if (cbResult > cbLenRequest)
{
// The chunk has actually grown from the estimate.
BYTE *pbT;
pbT = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest1);
if (NULL == pbT)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
EncodeHeader(pbT, cbEncoded);
CopyMemory(
pbT + cbResult,
pbSave,
cbEncoded);
LocalFree(pbRequest1Alloc);
pbRequest1Alloc = pbT;
}
else
{
cbResult = EncodeHeader(pbRequest1Alloc, cbEncoded);
MoveMemory(
pbRequest1Alloc + cbResult,
pbRequest1Alloc + cbLenRequest,
cbEncoded);
}
}
*ppbRequest = pbRequest1Alloc;
*pcbRequest = cbRequest1;
pbRequest1Alloc = NULL;
//DumpHex(*ppbRequest, *pcbRequest);
hr = S_OK;
error:
if (NULL != pbSigAlloc)
{
LocalFree(pbSigAlloc);
}
if (NULL != pbRequest1Alloc)
{
LocalFree(pbRequest1Alloc);
}
if (NULL != pbRequest0Alloc)
{
LocalFree(pbRequest0Alloc);
}
if (NULL != pbExt)
{
LocalFree(pbExt);
}
return(hr);
}
HRESULT
GetAndCompareProperty(
CERT_NAME_INFO *pNameInfo,
char const *pszObjId,
char const *pszValue,
BYTE **pbProp,
DWORD *pcbProp,
BOOL *pfMatch)
{
HRESULT hr;
CERT_RDN_ATTR *prdnaT;
CERT_RDN *prdn;
CERT_RDN *prdnEnd;
*pfMatch = FALSE;
prdnaT = NULL;
for (
prdn = pNameInfo->rgRDN, prdnEnd = &prdn[pNameInfo->cRDN];
prdn < prdnEnd;
prdn++)
{
CERT_RDN_ATTR *prdna;
CERT_RDN_ATTR *prdnaEnd;
for (
prdna = prdn->rgRDNAttr, prdnaEnd = &prdna[prdn->cRDNAttr];
prdna < prdnaEnd;
prdna++)
{
if (0 == strcmp(prdna->pszObjId, pszObjId))
{
prdnaT = prdna;
if (prdnaT->Value.cbData == strlen(pszValue) &&
0 == memcmp(pszValue, prdnaT->Value.pbData, prdnaT->Value.cbData))
{
*pfMatch = TRUE;
}
else if (g_fAllowDups)
{
continue;
}
prdn = prdnEnd; // exit outer for loop, too.
break;
}
}
}
if (NULL == prdnaT)
{
hr = CERTSRV_E_PROPERTY_EMPTY;
_JumpError2(hr, error, "Missing Property", CERTSRV_E_PROPERTY_EMPTY);
}
*pbProp = prdnaT->Value.pbData;
*pcbProp = prdnaT->Value.cbData;
hr = S_OK;
error:
return(hr);
}
HRESULT
CheckProperties(
DWORD ReqId,
NAMETABLE *pNameTable,
DWORD CertNumber,
CERT_NAME_INFO *pNameInfo)
{
HRESULT hr;
BYTE *pbProp;
DWORD cbProp;
DWORD i;
DWORD dwCount = 0;
BOOL fMatch;
if (g_fPrintProperties)
{
wprintf(
L"Properties for Certificate %u, RequestId %u:\n",
CertNumber,
ReqId);
}
for (i = 0; i < pNameTable->cnt; i++)
{
NAMEENTRY *pNameEntry;
RDNENTRY *prdn;
pNameEntry = &pNameTable->pNameEntry[i];
prdn = &g_ardnSubject[pNameEntry->iRDN];
hr = GetAndCompareProperty(
pNameInfo,
prdn->pszObjId,
(char const *) pNameEntry->pbData,
&pbProp,
&cbProp,
&fMatch);
if (CERTSRV_E_PROPERTY_EMPTY == hr)
{
//_PrintError(hr, "GetAndCompareProperty");
pbProp = NULL;
hr = S_OK;
}
_JumpIfError(hr, error, "GetAndCompareProperty");
if (NULL != pbProp && !fMatch && !g_fEnterpriseCA)
{
wprintf(
L"Property doesn't match: Expected %hs=\"%hs\", pbProp = \"%hs\"\n",
prdn->pszShortName,
pNameEntry->pbData,
pbProp);
hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
_JumpError(hr, error, "GetAndCompareProperty: no match");
}
if (g_fPrintProperties)
{
DWORD ccol;
#define CCOL_OID 10
ccol = strlen(prdn->pszObjId) + 1;
if (ccol < CCOL_OID)
{
ccol = CCOL_OID - ccol;
}
else
{
ccol = 0;
}
wprintf(
L" %u: %hs: %*s%hs=%hs%hs%hs\n",
i,
prdn->pszObjId,
ccol,
"",
prdn->pszShortName,
NULL == pbProp? "" : "\"",
NULL == pbProp? " -- MISSING --" : (char const *) pbProp,
NULL == pbProp? "" : "\"");
}
}
if (g_fPrintProperties)
{
wprintf(L"\n");
}
hr = S_OK;
error:
return(hr);
}
HRESULT
EncodeRenewal(
IN BYTE const *pbRequest,
IN DWORD cbRequest,
OUT BYTE **ppbRenewal,
OUT DWORD *pcbRenewal)
{
HRESULT hr;
*ppbRenewal = (BYTE *) LocalAlloc(LMEM_FIXED, cbRequest);
if (NULL == *ppbRenewal)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
CopyMemory(*ppbRenewal, pbRequest, cbRequest);
*pcbRenewal = cbRequest;
hr = S_OK;
error:
return(hr);
}
HRESULT
SubmitRequest(
OPTIONAL IN DISPATCHINTERFACE *pdiRequest,
IN DWORD Flags,
IN BYTE const *pbRequest,
IN DWORD cbRequest,
IN WCHAR const *pwszAttributes,
IN WCHAR const *pwszConfig,
OUT DWORD *pRequestIdOut,
OUT DWORD *pDisposition,
OUT HRESULT *phrLastStatus,
OUT WCHAR **ppwszDisposition,
OUT BYTE **ppbCert,
OUT DWORD *pcbCert)
{
HRESULT hr;
WCHAR *pwszRequest = NULL;
BSTR strCert = NULL;
BSTR strCertChain = NULL;
BSTR strDisposition = NULL;
BYTE *pbCert = NULL;
DWORD cbCert;
BYTE const *pbChain;
DWORD cbChain;
CERTSERVERENROLL *pcsEnroll = NULL;
WCHAR *pwszServer = NULL;
WCHAR *pwszAuthority = NULL;
WCHAR *pwszDisposition;
*phrLastStatus = S_OK;
*ppwszDisposition = NULL;
*ppbCert = NULL;
*pRequestIdOut = 0;
if (NULL == pdiRequest)
{
hr = mySplitConfigString(pwszConfig, &pwszServer, &pwszAuthority);
_JumpIfError(hr, error, "mySplitConfigString");
// CertServerSubmitRequest can only handle binary requests;
// pass the request in binary form, and pass Flags to so indicate.
hr = CertServerSubmitRequest(
CR_IN_BINARY | Flags,
pbRequest,
cbRequest,
pwszAttributes,
pwszServer,
pwszAuthority,
&pcsEnroll);
_JumpIfError(hr, error, "CertServerSubmitRequest");
*phrLastStatus = pcsEnroll->hrLastStatus;
_PrintIfError2(
*phrLastStatus,
"pcsEnroll->hrLastStatus Real Status",
HRESULT_FROM_WIN32(ERROR_INVALID_DATA));
pwszDisposition = pcsEnroll->pwszDispositionMessage;
*pDisposition = pcsEnroll->Disposition;
*pRequestIdOut = pcsEnroll->RequestId;
}
else
{
hr = myCryptBinaryToString(
pbRequest,
cbRequest,
CRYPT_STRING_BASE64REQUESTHEADER,
&pwszRequest);
_JumpIfError(hr, error, "myCryptBinaryToString");
if (g_fRPC)
{
Flags |= CR_IN_RPC;
}
hr = Request_Submit(
pdiRequest,
CR_IN_BASE64HEADER | Flags,
pwszRequest,
sizeof(WCHAR) * wcslen(pwszRequest),
pwszAttributes,
pwszConfig,
(LONG *) pDisposition);
if (S_OK != hr)
{
_PrintError2(
hr,
"Request_Submit",
HRESULT_FROM_WIN32(ERROR_INVALID_DATA));
// Collect the RequestId for potential error reporting:
Request_GetRequestId(pdiRequest, (LONG *) pRequestIdOut);
hr = Request_GetLastStatus(pdiRequest, phrLastStatus);
_JumpIfError(hr, error, "Request_GetLastStatus");
if (FAILED(*phrLastStatus))
{
hr = *phrLastStatus;
}
_JumpError2(
hr,
error,
"Request_GetLastStatus Real Status",
HRESULT_FROM_WIN32(ERROR_INVALID_DATA));
}
hr = Request_GetLastStatus(pdiRequest, phrLastStatus);
_JumpIfError(hr, error, "Request_GetLastStatus");
_PrintIfError(*phrLastStatus, "Request_GetLastStatus Real Status");
hr = Request_GetDispositionMessage(pdiRequest, &strDisposition);
_JumpIfError(hr, error, "Request_GetDispositionMessage");
hr = Request_GetRequestId(pdiRequest, (LONG *) pRequestIdOut);
_JumpIfError(hr, error, "Request_GetrequestId");
pwszDisposition = strDisposition;
}
if (CR_DISP_ISSUED == *pDisposition)
{
if (NULL == pdiRequest)
{
cbCert = pcsEnroll->cbCert;
pbCert = (BYTE *) LocalAlloc(LMEM_FIXED, cbCert);
if (NULL == pbCert)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
CopyMemory(pbCert, pcsEnroll->pbCert, cbCert);
}
else
{
hr = Request_GetCertificate(
pdiRequest,
CR_OUT_BASE64HEADER,
&strCert);
_JumpIfError(hr, error, "Request_GetCertificate");
hr = myCryptStringToBinary(
strCert,
wcslen(strCert),
CRYPT_STRING_BASE64HEADER,
&pbCert,
&cbCert,
NULL,
NULL);
_JumpIfError(hr, error, "myCryptStringToBinary");
}
if (g_fSave)
{
hr = EncodeToFileW(
L"test.crt",
pbCert,
cbCert,
DECF_FORCEOVERWRITE | CRYPT_STRING_BINARY);
_JumpIfError(hr, error, "EncodeToFileW");
if (NULL == pdiRequest)
{
pbChain = pcsEnroll->pbCertChain;
cbChain = pcsEnroll->cbCertChain;
}
else
{
hr = Request_GetCertificate(
pdiRequest,
CR_OUT_BINARY | CR_OUT_CHAIN,
&strCertChain);
_JumpIfError(hr, error, "Request_GetCertificate");
pbChain = (BYTE const *) strCertChain;
cbChain = SysStringByteLen(strCertChain);
}
hr = EncodeToFileW(
L"testchain.crt",
pbChain,
cbChain,
DECF_FORCEOVERWRITE | CRYPT_STRING_BINARY);
_JumpIfError(hr, error, "EncodeToFileW");
}
}
if (NULL != pwszDisposition)
{
*ppwszDisposition = (WCHAR *) LocalAlloc(
LMEM_FIXED,
(wcslen(pwszDisposition) + 1) * sizeof(WCHAR));
if (NULL == *ppwszDisposition)
{
hr = E_OUTOFMEMORY;
_JumpError(hr, error, "LocalAlloc");
}
wcscpy(*ppwszDisposition, pwszDisposition);
}
*pcbCert = cbCert;
*ppbCert = pbCert;
pbCert = NULL;
hr = S_OK;
error:
if (NULL != pwszServer)
{
LocalFree(pwszServer);
}
if (NULL != pwszAuthority)
{
LocalFree(pwszAuthority);
}
if (NULL != pbCert)
{
LocalFree(pbCert);
}
if (NULL != pcsEnroll)
{
CertServerFreeMemory(pcsEnroll);
}
if (NULL != strCertChain)
{
SysFreeString(strCertChain);
}
if (NULL != strCert)
{
SysFreeString(strCert);
}
if (NULL != strDisposition)
{
SysFreeString(strDisposition);
}
if (NULL != pwszRequest)
{
LocalFree(pwszRequest);
}
return(hr);
}
HRESULT
TestOneRequest(
IN PctPrivateKey const *pKey,
OPTIONAL IN DISPATCHINTERFACE *pdiRequest,
IN WCHAR const *pwszConfig,
IN DWORD CertNumber,
OUT DWORD *pRequestId,
OUT DWORD *pTimeOneRequest)
{
HRESULT hr;
HRESULT hrLastStatus;
NAMETABLE NameTable;
BOOL fTableAllocated;
BYTE *pbRequest;
DWORD cbRequest;
BYTE *pbCert;
DWORD cbCert;
CERT_CONTEXT const *pCertContext;
DWORD RequestIdOut = 0;
DWORD Disposition;
WCHAR *pwszDisposition = NULL;
CERT_NAME_INFO *pNameInfo;
DWORD cbNameInfo;
CERT_INFO const *pCertInfo;
LONG Flags;
WCHAR wszAttributes[MAX_PATH];
fTableAllocated = FALSE;
pbRequest = NULL;
pbCert = NULL;
pCertContext = NULL;
pNameInfo = NULL;
if (g_fDebug)
{
hr = GenerateTestNameTable(&NameTable);
_JumpIfError(hr, error, "GenerateTestNameTable");
}
else
{
hr = GenerateNameTable(&NameTable);
_JumpIfError(hr, error, "GenerateNameTable");
}
fTableAllocated = TRUE;
hr = EncodeRequest(pKey, &NameTable, &pbRequest, &cbRequest);
_JumpIfError(hr, error, "EncodeRequest");
Flags = CR_IN_PKCS10;
if (g_fRenewal)
{
BYTE *pbTmp;
hr = EncodeRenewal(pbRequest, cbRequest, &pbTmp, &cbRequest);
_JumpIfError(hr, error, "EncodeRenewal");
LocalFree(pbRequest);
pbRequest = pbTmp;
Flags = CR_IN_PKCS7;
}
if (g_fSave)
{
hr = EncodeToFileW(
L"test.req",
pbRequest,
cbRequest,
DECF_FORCEOVERWRITE | CRYPT_STRING_BINARY);
_JumpIfError(hr, error, "EncodeToFileW");
}
*pTimeOneRequest = 0 - GetTickCount();
wsprintf(
wszAttributes,
L"\n"
L" attrib 1 end : value 1 end \t\r\n"
L"\tattrib 2 end:value_2_end\n"
L" \tattrib3:value-3-end\r\n"
L"Version:3\n"
L"RequestType:CertGen\n"
L"CertGenSequence:%u\n",
CertNumber);
hr = SubmitRequest(
pdiRequest,
Flags,
pbRequest,
cbRequest,
wszAttributes,
pwszConfig,
&RequestIdOut,
&Disposition,
&hrLastStatus,
&pwszDisposition,
&pbCert,
&cbCert);
*pTimeOneRequest += GetTickCount();
if (S_OK != hr)
{
_JumpError2(
hr,
error,
"SubmitRequest",
HRESULT_FROM_WIN32(ERROR_INVALID_DATA));
}
if (CR_DISP_ISSUED != Disposition)
{
hr = hrLastStatus;
if (S_OK == hr)
{
hr = E_FAIL;
}
wprintf(
L"SubmitRequest disposition=%x (%ws)\n",
Disposition,
NULL == pwszDisposition? L"???" : pwszDisposition);
{
WCHAR const *pwszMsg = myGetErrorMessageText(hr, TRUE);
if (NULL != pwszMsg)
{
wprintf(L"%ws\n", pwszMsg);
LocalFree(const_cast<WCHAR *>(pwszMsg));
}
}
if (g_fIgnoreError)
{
hr = S_OK;
}
if (CR_DISP_DENIED == Disposition && g_fIgnoreAccessDenied)
{
hr = S_OK;
}
_JumpError(hr, error, "Cert not issued!");
}
pCertContext = CertCreateCertificateContext(
X509_ASN_ENCODING,
pbCert,
cbCert);
if (NULL == pCertContext)
{
hr = myHLastError();
_JumpError(hr, error, "CertCreateCertificateContext");
}
pCertInfo = pCertContext->pCertInfo;
if (!myDecodeName(
X509_ASN_ENCODING,
X509_NAME,
pCertInfo->Subject.pbData,
pCertInfo->Subject.cbData,
CERTLIB_USE_LOCALALLOC,
&pNameInfo,
&cbNameInfo))
{
hr = myHLastError();
_JumpError(hr, error, "myDecodeName");
}
hr = CheckProperties(RequestIdOut, &NameTable, CertNumber, pNameInfo);
_JumpIfError(hr, error, "CheckProperties");
error:
*pRequestId = RequestIdOut;
if (NULL != pwszDisposition)
{
LocalFree(pwszDisposition);
}
if (NULL != pNameInfo)
{
LocalFree(pNameInfo);
}
if (NULL != pCertContext)
{
CertFreeCertificateContext(pCertContext);
}
if (NULL != pbCert)
{
LocalFree(pbCert);
}
if (NULL != pbRequest)
{
LocalFree(pbRequest);
}
if (fTableAllocated)
{
FreeLocalMemory(&NameTable);
}
return(hr);
}
HRESULT
TestMain()
{
HRESULT hr;
PctPrivateKey *pKey = NULL;
DWORD TimeStartTest;
DWORD TimeStartLastN;
DWORD TimeRequestTotal = 0;
DWORD TimeRequestLastN = 0;
DWORD TimeElapsedTotal;
DWORD TotalCount = 0;
DISPATCHINTERFACE diRequest;
DISPATCHINTERFACE *pdiRequest = NULL;
BOOL fCoInit = FALSE;
DWORD RequestId = 0;
WCHAR const *pwszConfig;
BSTR strConfig = NULL;
g_crdnMax = g_crdnSubject;
hr = GetPrivateKeyStuff(&pKey);
_JumpIfError(hr, error, "GetPrivateKeyStuff");
hr = CoInitialize(NULL);
if (S_OK != hr && S_FALSE != hr)
{
_JumpError(hr, error, "CoInitialize");
}
fCoInit = TRUE;
if (1 >= g_fRPC)
{
hr = Request_Init(g_DispatchFlags, &diRequest);
_JumpIfError(hr, error, "Request_Init");
pdiRequest = &diRequest;
}
pwszConfig = g_pwszConfig;
if (NULL == pwszConfig)
{
hr = ConfigGetConfig(g_DispatchFlags, CC_LOCALACTIVECONFIG, &strConfig);
_JumpIfError(hr, error, "ConfigGetConfig");
pwszConfig = strConfig;
}
if (NULL != pdiRequest)
{
ENUM_CATYPES CAType;
hr = Request2_GetCAProperty(
pdiRequest,
pwszConfig,
CR_PROP_CATYPE,
0, // Index
PROPTYPE_LONG,
CV_OUT_BINARY,
(VOID *) &CAType);
_JumpIfError(hr, error, "Request2_GetCAProperty");
if (IsEnterpriseCA(CAType))
{
g_fEnterpriseCA = TRUE;
}
}
TimeStartLastN = TimeStartTest = GetTickCount();
while (TotalCount < g_MaximumCount)
{
DWORD TimeOneRequest;
DWORD TimeRequestEnd;
DWORD TimeElapsedLastN;
hr = TestOneRequest(
pKey,
pdiRequest,
pwszConfig,
TotalCount + 1,
&RequestId,
&TimeOneRequest);
if (S_OK != hr)
{
WCHAR const *pwszMsg;
pwszMsg = myGetErrorMessageText(hr, TRUE);
CONSOLEPRINT3((
DBG_SS_CERTREQ,
"RequestId %u: %hs%ws\n",
RequestId,
HRESULT_FROM_WIN32(ERROR_INVALID_DATA) == hr && g_fIgnoreError?
"Ignoring error: " : "",
NULL != pwszMsg? pwszMsg : L"Message retrieval Error"));
if (NULL != pwszMsg)
{
LocalFree(const_cast<WCHAR *>(pwszMsg));
}
}
if (HRESULT_FROM_WIN32(ERROR_INVALID_DATA) != hr || !g_fIgnoreError)
{
_JumpIfError(hr, error, "TestOneRequest");
}
TimeRequestEnd = GetTickCount();
TimeRequestTotal += TimeOneRequest;
TimeRequestLastN += TimeOneRequest;
TimeElapsedTotal = TimeRequestEnd - TimeStartTest;
TimeElapsedLastN = TimeRequestEnd - TimeStartLastN;
TotalCount++;
if (g_fTime)
{
if (0 == g_IntervalCount || 0 == (TotalCount % g_IntervalCount))
{
DWORD count;
count = g_IntervalCount;
if (0 == count)
{
count = TotalCount;
}
TimeElapsedLastN = TimeRequestEnd - TimeStartLastN;
wprintf(
L"RequestId %u: %u/%u Certs in %u/%u seconds (ave=%u/%u ms)\n",
RequestId,
count,
TotalCount,
MSTOSEC(TimeElapsedLastN),
MSTOSEC(TimeElapsedTotal),
TimeElapsedLastN/count,
TimeElapsedTotal/TotalCount);
if (0 != g_IntervalCount)
{
TimeRequestLastN = 0;
TimeStartLastN = GetTickCount();
}
}
}
}
error:
if (NULL != pKey)
{
LocalFree(pKey);
}
if (NULL != g_pRSAPublicKey)
{
LocalFree(g_pRSAPublicKey);
}
if (NULL != pdiRequest)
{
Request_Release(pdiRequest);
}
if (NULL != strConfig)
{
SysFreeString(strConfig);
}
if (fCoInit)
{
CoUninitialize();
}
if (0 != TotalCount)
{
wprintf(
L"\n%u Total Certificates in %u/%u seconds (request/elapsed time)\n",
TotalCount,
MSTOSEC(TimeRequestTotal),
MSTOSEC(TimeElapsedTotal));
wprintf(
L"Certificates required average of %u/%u milliseconds "
L"(request/elapsed time)\n",
TimeRequestTotal/TotalCount,
TimeElapsedTotal/TotalCount);
}
return(hr);
}
void
Usage(TCHAR *pwszError)
{
wprintf(L"%ws\n", pwszError);
wprintf(L"%ws\n", wszUsage);
exit(1);
}
extern "C" int __cdecl
wmain(int argc, WCHAR *argv[])
{
HRESULT hr;
while (1 < argc && myIsSwitchChar(argv[1][0]))
{
WCHAR *pwsz = argv[1];
while (NULL != pwsz && *++pwsz != '\0')
{
switch (*pwsz)
{
case 'a':
case 'A':
g_fIgnoreAccessDenied++;
break;
case 'c':
case 'C':
if (0 == LSTRCMPIS(pwsz, L"config"))
{
if (1 >= argc)
{
Usage(TEXT("Missing -config argument"));
}
g_pwszConfig = argv[2];
}
else
{
if (2 >= argc || !iswdigit(argv[2][0]) || '\0' != pwsz[1])
{
Usage(TEXT("Missing numeric -c argument"));
}
g_MaximumCount = _wtoi(argv[2]);
}
argc--;
argv++;
pwsz = NULL;
break;
case 'd':
case 'D':
g_fDebug++;
break;
case 'e':
case 'E':
g_fEnterpriseCA++;
break;
case 'i':
case 'I':
g_fIgnoreError++;
break;
case 'm':
case 'M':
g_fShowTime++;
break;
case 'p':
case 'P':
g_fPrintProperties++;
break;
case 'r':
case 'R':
if (0 == LSTRCMPIS(pwsz, L"renewal"))
{
g_fRenewal++;
pwsz = NULL;
}
else
if (0 == LSTRCMPIS(pwsz, L"rpc"))
{
g_fRPC++;
if (0 == lstrcmp(pwsz, L"RPC"))
{
g_fRPC++;
}
pwsz = NULL;
}
else
{
g_fSave++;
}
break;
case 't':
case 'T':
g_fTime++;
g_IntervalCount = 10;
if (2 < argc && iswdigit(argv[2][0]))
{
if ('\0' != pwsz[1])
{
Usage(TEXT("Missing numeric -t argument"));
}
g_IntervalCount = _wtoi(argv[2]);
argc--;
argv++;
pwsz = NULL;
}
break;
case 'z':
case 'Z':
g_fAllowDups++;
g_crdnMax *= 5;
break;
case 'h':
case 'H':
default:
Usage(TEXT("CertGen Usage"));
}
}
argc--;
argv++;
}
if (argc != 1)
{
Usage(TEXT("Extra arguments"));
}
if (g_fShowTime)
{
SYSTEMTIME st;
GetSystemTime(&st);
wprintf(L"Start time: %2i:%2i:%2i:%i\n", st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
}
hr = TestMain();
if (g_fShowTime)
{
SYSTEMTIME st;
GetSystemTime(&st);
wprintf(L"End time: %2i:%2i:%2i:%i\n", st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
wprintf(L"type any key to finish->");
_getch();
wprintf(L"\n");
}
myRegisterMemDump();
return((int) hr);
}
// We need this to include RSA library
extern "C" BOOL
GenRandom(ULONG huid, BYTE *pbBuffer, size_t dwLength)
{
wprintf(L"Error GenRandom called\n");
ExitProcess(0);
return(TRUE);
}