archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/admin/certmap/addcert.cpp

426 lines
13 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. // AddCert.cpp : implementation file
  2. //
  4. #include "stdafx.h"
  5. #include "certmap.h"
  7. // persistence and mapping includes
  8. #include "WrapMaps.h"
  9. #include "wrapmb.h"
  11. #include "ListRow.h"
  12. #include "ChkLstCt.h"
  14. // mapping page includes
  15. #include "brwsdlg.h"
  16. #include "EdtOne11.h"
  17. #include "Ed11Maps.h"
  18. #include "Map11Pge.h"
  20. extern "C"
  21. {
  22. #include <wincrypt.h>
  23. #include <sslsp.h>
  24. }
  26. #include <iismap.hxx>
  27. #include <iiscmr.hxx>
  29. #ifdef _DEBUG
  30. #define new DEBUG_NEW
  31. #undef THIS_FILE
  32. static char THIS_FILE[] = __FILE__;
  33. #endif
  36. #define COL_NUM_NAME 0
  37. #define COL_NUM_NTACCOUNT 1
  39. #define CERT_HEADER "-----BEGIN CERTIFICATE-----"
  43. // the code that reads the certificate file is pretty much lifted from the
  44. // keyring application. Which pretty much lifted it from the setkey application
  46. // defines taken from the old KeyGen utility
  47. #define MESSAGE_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----\r\n"
  48. #define MESSAGE_TRAILER "-----END NEW CERTIFICATE REQUEST-----\r\n"
  49. #define MIME_TYPE "Content-Type: application/x-pkcs10\r\n"
  50. #define MIME_ENCODING "Content-Transfer-Encoding: base64\r\n\r\n"
  52. void uudecode_cert(char *bufcoded, DWORD *pcbDecoded );
  55. //---------------------------------------------------------------------------
  56. // originally from keyring - modified to fit
  57. BOOL CMap11Page::FAddCertificateFile( CString szFile )
  58. {
  59. CFile cfile;
  60. PVOID pData = NULL;
  61. BOOL fSuccess =FALSE;;
  63. // open the file
  64. if ( !cfile.Open( szFile, CFile::modeRead | CFile::shareDenyNone ) )
  65. return FALSE;
  67. // how big is the file - add one so we can zero terminate the buffer
  68. DWORD cbCertificate = cfile.GetLength() + 1;
  70. // make sure the file has some size
  71. if ( !cbCertificate )
  72. {
  73. AfxMessageBox( IDS_ERR_INVALID_CERTIFICATE );
  74. return FALSE;
  75. }
  77. // put the rest of the operation in a try/catch
  78. try
  79. {
  80. PCCERT_CONTEXT pCertContext=NULL; //used to determine whether cert file is binary DER encoded
  81. // allocate space for the data
  82. pData = GlobalAlloc( GPTR, cbCertificate );
  83. if ( !pData ) AfxThrowMemoryException();
  85. // copy in the data from the file to the pointer - will throw and exception
  86. DWORD cbRead = cfile.Read( pData, cbCertificate );
  88. // zero terminate for decoding
  89. ((BYTE*)pData)[cbRead] = 0;
  91. // close the file
  92. cfile.Close();
  94. //certificate file may be either be binary DER file or BASE64 encoded file
  96. // try binary DER encoded first
  97. pCertContext= CertCreateCertificateContext(X509_ASN_ENCODING, (const BYTE *)pData, cbRead);
  98. if(pCertContext != NULL)
  99. {
  100. // we created certificate context only to verify that file is binary DER encoded
  101. // free it now
  102. CertFreeCertificateContext(pCertContext);
  103. pCertContext=NULL;
  104. }
  105. else // now try BASE64 encoded
  106. {
  107. // we don't care about header ----BEGIN CERTIFICATE----- or trailer-----END CERTIFICATE-----,
  108. // uudecode will take care of that
  109. uudecode_cert( (PCHAR)pData, &cbRead );
  110. }
  111. // we now have a pointer to a certificate. Lets keep it clean looking
  112. // call another subroutine to finish the job.
  113. fSuccess = FAddCertificate( (PUCHAR)pData, cbRead );
  115. }catch( CException e )
  116. {
  117. // return failure
  118. fSuccess = FALSE;
  120. // if the pointer was allocated, deallocate it
  121. if ( pData )
  122. {
  123. GlobalFree( pData );
  124. pData = NULL;
  125. }
  126. }
  128. // return success
  129. return fSuccess;
  130. }
  132. #define CERT_HEADER_LEN 17
  133. CHAR CertTag[ 13 ] = { 0x04, 0x0b, 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e' };
  135. //---------------------------------------------------------------------------
  136. // we are passed in a complete certificate. We need to parse out the subject
  137. // and the issuer fields so we can add the mapping. Then add the mapping.
  138. BOOL CMap11Page::FAddCertificate( PUCHAR pCertificate, DWORD cbCertificate )
  139. {
  140. BOOL fSuccess = FALSE;
  142. // thankfully, the certificate is already in the correct format.
  143. // this means that, for now at least, we don't have to do anything
  144. // special to it to store it. However, we should crack it once just
  145. // to see that we can to prove that it is a valid cert.
  147. ASSERT( pCertificate );
  148. if ( !pCertificate ) return FALSE;
  150. // crack the certificate to prove that we can
  151. PX509Certificate p509 = NULL;
  152. fSuccess = SslCrackCertificate( pCertificate, cbCertificate, CF_CERT_FROM_FILE, &p509 );
  153. if ( fSuccess )
  154. {
  155. SslFreeCertificate( p509 );
  156. }
  157. else
  158. {
  159. // we were not able to crack the certificate. Alert the user and fail
  160. AfxMessageBox( IDS_ERR_INVALID_CERTIFICATE );
  161. return FALSE;
  162. }
  164. // by this point we know we have a valid certificate, make the new mapping and fill it in
  165. // make the new mapping object
  166. C11Mapping* pMapping = PNewMapping();
  167. ASSERT( pMapping );
  168. if( !pMapping )
  169. {
  170. AfxThrowMemoryException(); // seems fairly appropriate
  171. return FALSE;
  172. }
  175. // one more thing before we add the certificate. Skip the header if it is there
  176. PUCHAR pCert = pCertificate;
  177. DWORD cbCert = cbCertificate;
  178. if ( memcmp( pCert + 4, CertTag, sizeof( CertTag ) ) == 0 )
  179. {
  180. pCert += CERT_HEADER_LEN;
  181. cbCert -= CERT_HEADER_LEN;
  182. }
  185. // install the certificate into the mapping
  186. fSuccess &= pMapping->SetCertificate( pCert, cbCert );
  188. // by default, the mapping is enabled
  189. fSuccess &= pMapping->SetMapEnabled( TRUE );
  191. // install a default name
  192. CString sz;
  194. sz.LoadString( IDS_DEFAULT_11MAP );
  196. fSuccess &= pMapping->SetMapName( sz );
  198. // install a blank mapping
  199. fSuccess &= pMapping->SetNTAccount( "" );
  201. if ( !fSuccess )
  202. AfxThrowMemoryException(); // seems fairly appropriate
  205. // now edit the newly created mapping object. If the user cancels,
  206. // then do not add it to the mapper object nor the list
  207. if ( !EditOneMapping( pMapping) )
  208. {
  209. DeleteMapping( pMapping );
  210. return FALSE;
  211. }
  213. // add the mapping item to the list control
  214. fSuccess = FAddMappingToList( pMapping );
  216. // one more test for success
  217. if ( !fSuccess )
  218. {
  219. DeleteMapping( pMapping );
  220. ASSERT( FALSE );
  221. }
  223. // mark the mapping to be saved
  224. if ( fSuccess )
  225. MarkToSave( pMapping );
  227. // return the answer
  228. return fSuccess;
  229. }
  232. // ==============================================================
  233. // The function 'uudecode_cert' IS THE SAME function that is
  234. // found in file: Addcert.cpp if we make the following code
  235. // have a FALSE for bAddWrapperAroundCert -- surely we can unify
  236. // these 2 functions. Having 2 functions named 'uudecode_cert'
  237. // was causing me LINKING errors. + we have 2 instances of
  238. // the external tables: uudecode_cert and pr2six
  239. //
  240. // Since I am linking both Addcert.cpp and CKey.cpp I choose to
  241. // leave the defintions intact for CKey.cpp [ and have extended
  242. // uudecode_cert by adding conditional code as shown below] Further
  243. // work needs to be done after identification as to why I need both
  244. // Addcert.cpp and CKey.cpp to pass bAddWrapperAroundCert as a
  245. // parameter so that both files can be supported.
  246. // ==============================================================
  247. // BOOL bAddWrapperAroundCert = TRUE;
  248. // if (bAddWrapperAroundCert) {
  249. // //
  250. // // Now we need to add a new wrapper sequence around the certificate
  251. // // indicating this is a certificate
  252. // //
  253. //
  254. // memmove( beginbuf + sizeof(abCertHeader),
  255. // beginbuf,
  256. // nbytesdecoded );
  257. //
  258. // memcpy( beginbuf,
  259. // abCertHeader,
  260. // sizeof(abCertHeader) );
  261. //
  262. // //
  263. // // The beginning record size is the total number of bytes decoded plus
  264. // // the number of bytes in the certificate header
  265. // //
  266. //
  267. // beginbuf[CERT_SIZE_HIBYTE] = (BYTE) (((USHORT)nbytesdecoded+CERT_RECORD) >> 8);
  268. // beginbuf[CERT_SIZE_LOBYTE] = (BYTE) ((USHORT)nbytesdecoded+CERT_RECORD);
  269. //
  270. // nbytesdecoded += sizeof(abCertHeader);
  271. // }
  273. // #ifdef WE_ARE_USING_THE_VERSION_IN__CKey_cpp__NOT_THIS_ONE__ITS_JUST_LIKE_THIS_ONE_WITH_1SMALL_CHANGE
  275. //============================ BASED ON SETKEY
  276. const int pr2six[256]={
  277. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  278. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63,
  279. 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9,
  280. 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27,
  281. 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,
  282. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  283. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  284. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  285. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  286. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  287. 64,64,64,64,64,64,64,64,64,64,64,64,64
  288. };
  290. //
  291. // We have to squirt a record into the decoded stream
  292. //
  294. #define CERT_RECORD 13
  295. #define CERT_SIZE_HIBYTE 2 // Index into record of record size
  296. #define CERT_SIZE_LOBYTE 3
  298. unsigned char abCertHeader[] = {0x30, 0x82, // Record
  299. 0x00, 0x00, // Size of cert + buff
  300. 0x04, 0x0b, 0x63, 0x65,// Cert record data
  301. 0x72, 0x74, 0x69, 0x66,
  302. 0x69, 0x63, 0x61, 0x74,
  303. 0x65 };
  305. void uudecode_cert(char *bufcoded, DWORD *pcbDecoded )
  306. {
  307. int nbytesdecoded;
  308. char *bufin = bufcoded;
  309. unsigned char *bufout = (unsigned char *)bufcoded;
  310. unsigned char *pbuf;
  311. int nprbytes;
  312. char * beginbuf = bufcoded;
  314. ASSERT(bufcoded);
  315. ASSERT(pcbDecoded);
  317. /* Strip leading whitespace. */
  319. while(*bufcoded==' ' ||
  320. *bufcoded == '\t' ||
  321. *bufcoded == '\r' ||
  322. *bufcoded == '\n' )
  323. {
  324. bufcoded++;
  325. }
  327. //
  328. // If there is a beginning '---- ....' then skip the first line
  329. //
  331. if ( bufcoded[0] == '-' && bufcoded[1] == '-' )
  332. {
  333. bufin = strchr( bufcoded, '\n' );
  335. if ( bufin )
  336. {
  337. bufin++;
  338. bufcoded = bufin;
  339. }
  340. else
  341. {
  342. bufin = bufcoded;
  343. }
  344. }
  345. else
  346. {
  347. bufin = bufcoded;
  348. }
  350. //
  351. // Strip all cr/lf from the block
  352. //
  354. pbuf = (unsigned char *)bufin;
  355. while ( *pbuf )
  356. {
  357. if ( (*pbuf == ' ') || (*pbuf == '\r') || (*pbuf == '\n') )
  358. {
  359. memmove( (void*)pbuf, pbuf+1, strlen( (char*)pbuf + 1) + 1 );
  360. }
  361. else
  362. {
  363. pbuf++;
  364. }
  365. }
  367. /* Figure out how many characters are in the input buffer.
  368. * If this would decode into more bytes than would fit into
  369. * the output buffer, adjust the number of input bytes downwards.
  370. */
  372. while(pr2six[*(bufin++)] <= 63);
  373. nprbytes = DIFF(bufin - bufcoded) - 1;
  374. nbytesdecoded = ((nprbytes+3)/4) * 3;
  376. bufin = bufcoded;
  378. while (nprbytes > 0) {
  379. *(bufout++) =
  380. (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
  381. *(bufout++) =
  382. (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
  383. *(bufout++) =
  384. (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
  385. bufin += 4;
  386. nprbytes -= 4;
  387. }
  389. if(nprbytes & 03) {
  390. if(pr2six[bufin[-2]] > 63)
  391. nbytesdecoded -= 2;
  392. else
  393. nbytesdecoded -= 1;
  394. }
  396. /*
  397. //
  398. // Now we need to add a new wrapper sequence around the certificate
  399. // indicating this is a certificate
  400. //
  402. memmove( beginbuf + sizeof(abCertHeader),
  403. beginbuf,
  404. nbytesdecoded );
  406. memcpy( beginbuf,
  407. abCertHeader,
  408. sizeof(abCertHeader) );
  410. //
  411. // The beginning record size is the total number of bytes decoded plus
  412. // the number of bytes in the certificate header
  413. //
  415. beginbuf[CERT_SIZE_HIBYTE] = (BYTE) (((USHORT)nbytesdecoded+CERT_RECORD) >> 8);
  416. beginbuf[CERT_SIZE_LOBYTE] = (BYTE) ((USHORT)nbytesdecoded+CERT_RECORD);
  418. nbytesdecoded += sizeof(abCertHeader);
  419. */
  421. if ( pcbDecoded )
  422. *pcbDecoded = nbytesdecoded;
  423. }
  424. // ============ END BASED ON SETKEY
  426. //#endif /* WE_ARE_USING_THE_VERSION_IN__CKey_cpp__NOT_THIS_ONE__ITS_JUST_LIKE_THIS_ONE_WITH_1SMALL_CHANGE */