Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

577 lines
12 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows NT Security
  4. // Copyright (C) Microsoft Corporation, 1997 - 1999
  5. //
  6. // File: ssctl.h
  7. //
  8. // Contents: Self Signed Certificate Trust List Subsystem used by the
  9. // Certificate Chaining Infrastructure for building complex
  10. // chains
  11. //
  12. // History: 02-Feb-98 kirtd Created
  13. //
  14. //----------------------------------------------------------------------------
  15. #if !defined(__SSCTL_H__)
  16. #define __SSCTL_H__
  17. #include <chain.h>
  18. //
  19. // CSSCtlObject. This is the main object for caching trust information about
  20. // a self signed certificate trust list
  21. //
  22. typedef struct _SSCTL_SIGNER_INFO {
  23. PCERT_INFO pMessageSignerCertInfo;
  24. BOOL fSignerHashAvailable;
  25. BYTE rgbSignerCertHash[ CHAINHASHLEN ];
  26. } SSCTL_SIGNER_INFO, *PSSCTL_SIGNER_INFO;
  27. class CSSCtlObject
  28. {
  29. public:
  30. //
  31. // Construction
  32. //
  33. CSSCtlObject (
  34. IN PCCERTCHAINENGINE pChainEngine,
  35. IN PCCTL_CONTEXT pCtlContext,
  36. IN BOOL fAdditionalStore,
  37. OUT BOOL& rfResult
  38. );
  39. ~CSSCtlObject ();
  40. //
  41. // Reference counting
  42. //
  43. inline VOID AddRef ();
  44. inline VOID Release ();
  45. //
  46. // Trust information access
  47. //
  48. inline PCCTL_CONTEXT CtlContext ();
  49. BOOL GetSigner (
  50. IN PCCHAINPATHOBJECT pSubject,
  51. IN PCCHAINCALLCONTEXT pCallContext,
  52. IN HCERTSTORE hAdditionalStore,
  53. OUT PCCHAINPATHOBJECT* ppSigner,
  54. OUT BOOL* pfCtlSignatureValid
  55. );
  56. BOOL GetTrustListInfo (
  57. IN PCCERT_CONTEXT pCertContext,
  58. OUT PCERT_TRUST_LIST_INFO* ppTrustListInfo
  59. );
  60. VOID CalculateStatus (
  61. IN LPFILETIME pTime,
  62. IN PCERT_USAGE_MATCH pRequestedUsage,
  63. IN OUT PCERT_TRUST_STATUS pStatus
  64. );
  65. //
  66. // Hash access
  67. //
  68. inline LPBYTE CtlHash ();
  69. //
  70. // Index entry handles
  71. //
  72. inline HLRUENTRY HashIndexEntry ();
  73. //
  74. // Returns pointer to the Ctl's NextUpdate location url array
  75. //
  76. inline PCRYPT_URL_ARRAY NextUpdateUrlArray ();
  77. //
  78. // Returns TRUE if the Ctl has a NextUpdate time and location Url
  79. //
  80. BOOL HasNextUpdateUrl (
  81. OUT LPFILETIME pUpdateTime
  82. );
  83. //
  84. // Called for successful online Url retrieval
  85. //
  86. inline void SetOnline ();
  87. //
  88. // Called for unsuccessful online Url retrieval
  89. //
  90. void SetOffline (
  91. IN LPFILETIME pCurrentTime,
  92. OUT LPFILETIME pUpdateTime
  93. );
  94. //
  95. // Chain engine access
  96. //
  97. inline PCCERTCHAINENGINE ChainEngine ();
  98. //
  99. // Message store access
  100. //
  101. inline HCERTSTORE MessageStore ();
  102. private:
  103. //
  104. // Reference count
  105. //
  106. LONG m_cRefs;
  107. //
  108. // Self Signed Certificate Trust List Context
  109. //
  110. PCCTL_CONTEXT m_pCtlContext;
  111. //
  112. // MD5 Hash of CTL
  113. //
  114. BYTE m_rgbCtlHash[ CHAINHASHLEN ];
  115. //
  116. // Signer information
  117. //
  118. SSCTL_SIGNER_INFO m_SignerInfo;
  119. BOOL m_fHasSignatureBeenVerified;
  120. BOOL m_fSignatureValid;
  121. //
  122. // Message Store
  123. //
  124. HCERTSTORE m_hMessageStore;
  125. //
  126. // Hash Index Entry
  127. //
  128. HLRUENTRY m_hHashEntry;
  129. //
  130. // Chain engine
  131. //
  132. PCCERTCHAINENGINE m_pChainEngine;
  133. //
  134. // The following is only set if the CTL has a NextUpdate time and location
  135. //
  136. PCRYPT_URL_ARRAY m_pNextUpdateUrlArray;
  137. //
  138. // The following is incremented for each SetOffline() call
  139. //
  140. DWORD m_dwOfflineCnt;
  141. //
  142. // The next update time when offline
  143. //
  144. FILETIME m_OfflineUpdateTime;
  145. };
  146. //
  147. // CSSCtlObjectCache. Cache of self signed certificate trust list objects
  148. // indexed by hash. Note that this cache is NOT LRU maintained. We expect
  149. // the number of these objects to be small
  150. //
  151. typedef BOOL (WINAPI *PFN_ENUM_SSCTLOBJECTS) (
  152. IN LPVOID pvParameter,
  153. IN PCSSCTLOBJECT pSSCtlObject
  154. );
  155. class CSSCtlObjectCache
  156. {
  157. public:
  158. //
  159. // Construction
  160. //
  161. CSSCtlObjectCache (
  162. OUT BOOL& rfResult
  163. );
  164. ~CSSCtlObjectCache ();
  165. //
  166. // Object Management
  167. //
  168. BOOL PopulateCache (
  169. IN PCCERTCHAINENGINE pChainEngine
  170. );
  171. BOOL AddObject (
  172. IN PCSSCTLOBJECT pSSCtlObject,
  173. IN BOOL fCheckForDuplicate
  174. );
  175. VOID RemoveObject (
  176. IN PCSSCTLOBJECT pSSCtlObject
  177. );
  178. //
  179. // Access the indexes
  180. //
  181. inline HLRUCACHE HashIndex ();
  182. //
  183. // Searching and Enumeration
  184. //
  185. PCSSCTLOBJECT FindObjectByHash (
  186. IN BYTE rgbHash [ CHAINHASHLEN ]
  187. );
  188. VOID EnumObjects (
  189. IN PFN_ENUM_SSCTLOBJECTS pfnEnum,
  190. IN LPVOID pvParameter
  191. );
  192. //
  193. // Resync
  194. //
  195. BOOL Resync (IN PCCERTCHAINENGINE pChainEngine);
  196. //
  197. // Update the cache by retrieving any expired CTLs having a
  198. // NextUpdate time and location.
  199. //
  200. BOOL UpdateCache (
  201. IN PCCERTCHAINENGINE pChainEngine,
  202. IN PCCHAINCALLCONTEXT pCallContext
  203. );
  204. private:
  205. //
  206. // Hash Index
  207. //
  208. HLRUCACHE m_hHashIndex;
  209. //
  210. // The following is nonzero, if any CTL has a NextUpdate time and location
  211. //
  212. FILETIME m_UpdateTime;
  213. //
  214. // The following is TRUE, for the first update of any CTL with a
  215. // NextUpdate time and location
  216. //
  217. BOOL m_fFirstUpdate;
  218. };
  219. //
  220. // Object removal notification function
  221. //
  222. VOID WINAPI
  223. SSCtlOnRemovalFromCache (
  224. IN LPVOID pv,
  225. IN OPTIONAL LPVOID pvRemovalContext
  226. );
  227. //
  228. // SSCtl Subsystem Utility Function Prototypes
  229. //
  230. BOOL WINAPI
  231. SSCtlGetSignerInfo (
  232. IN PCCTL_CONTEXT pCtlContext,
  233. OUT PSSCTL_SIGNER_INFO pSignerInfo
  234. );
  235. VOID WINAPI
  236. SSCtlFreeSignerInfo (
  237. IN PSSCTL_SIGNER_INFO pSignerInfo
  238. );
  239. BOOL WINAPI
  240. SSCtlGetSignerChainPathObject (
  241. IN PCCHAINPATHOBJECT pSubject,
  242. IN PCCHAINCALLCONTEXT pCallContext,
  243. IN PSSCTL_SIGNER_INFO pSignerInfo,
  244. IN HCERTSTORE hAdditionalStore,
  245. OUT PCCHAINPATHOBJECT* ppSigner,
  246. OUT BOOL *pfNewSigner
  247. );
  248. PCCERT_CONTEXT WINAPI
  249. SSCtlFindCertificateInStoreByHash (
  250. IN HCERTSTORE hStore,
  251. IN BYTE rgbHash [ CHAINHASHLEN]
  252. );
  253. VOID WINAPI
  254. SSCtlGetCtlTrustStatus (
  255. IN PCCTL_CONTEXT pCtlContext,
  256. IN BOOL fSignatureValid,
  257. IN LPFILETIME pTime,
  258. IN PCERT_USAGE_MATCH pRequestedUsage,
  259. IN OUT PCERT_TRUST_STATUS pStatus
  260. );
  261. BOOL WINAPI
  262. SSCtlPopulateCacheFromCertStore (
  263. IN PCCERTCHAINENGINE pChainEngine,
  264. IN OPTIONAL HCERTSTORE hStore
  265. );
  266. BOOL WINAPI
  267. SSCtlCreateCtlObject (
  268. IN PCCERTCHAINENGINE pChainEngine,
  269. IN PCCTL_CONTEXT pCtlContext,
  270. IN BOOL fAdditionalStore,
  271. OUT PCSSCTLOBJECT* ppSSCtlObject
  272. );
  273. typedef struct _SSCTL_ENUM_OBJECTS_DATA {
  274. PFN_ENUM_SSCTLOBJECTS pfnEnumObjects;
  275. LPVOID pvEnumParameter;
  276. } SSCTL_ENUM_OBJECTS_DATA, *PSSCTL_ENUM_OBJECTS_DATA;
  277. BOOL WINAPI
  278. SSCtlEnumObjectsWalkFn (
  279. IN LPVOID pvParameter,
  280. IN HLRUENTRY hEntry
  281. );
  282. BOOL WINAPI
  283. SSCtlCreateObjectCache (
  284. OUT PCSSCTLOBJECTCACHE* ppSSCtlObjectCache
  285. );
  286. VOID WINAPI
  287. SSCtlFreeObjectCache (
  288. IN PCSSCTLOBJECTCACHE pSSCtlObjectCache
  289. );
  290. VOID WINAPI
  291. SSCtlFreeTrustListInfo (
  292. IN PCERT_TRUST_LIST_INFO pTrustListInfo
  293. );
  294. BOOL WINAPI
  295. SSCtlAllocAndCopyTrustListInfo (
  296. IN PCERT_TRUST_LIST_INFO pTrustListInfo,
  297. OUT PCERT_TRUST_LIST_INFO* ppTrustListInfo
  298. );
  299. //
  300. // Retrieve a newer and time valid CTL at one of the NextUpdate Urls
  301. //
  302. BOOL
  303. WINAPI
  304. SSCtlRetrieveCtlUrl(
  305. IN PCCERTCHAINENGINE pChainEngine,
  306. IN PCCHAINCALLCONTEXT pCallContext,
  307. IN OUT PCRYPT_URL_ARRAY pNextUpdateUrlArray,
  308. IN DWORD dwRetrievalFlags,
  309. IN OUT PCCTL_CONTEXT *ppCtl,
  310. IN OUT BOOL *pfNewerCtl,
  311. IN OUT BOOL *pfTimeValid
  312. );
  313. //
  314. // Update Ctl Object Enum Function
  315. //
  316. typedef struct _SSCTL_UPDATE_CTL_OBJ_ENTRY SSCTL_UPDATE_CTL_OBJ_ENTRY,
  317. *PSSCTL_UPDATE_CTL_OBJ_ENTRY;
  318. struct _SSCTL_UPDATE_CTL_OBJ_ENTRY {
  319. PCSSCTLOBJECT pSSCtlObjectAdd;
  320. PCSSCTLOBJECT pSSCtlObjectRemove;
  321. PSSCTL_UPDATE_CTL_OBJ_ENTRY pNext;
  322. };
  323. typedef struct _SSCTL_UPDATE_CTL_OBJ_PARA {
  324. PCCERTCHAINENGINE pChainEngine;
  325. PCCHAINCALLCONTEXT pCallContext;
  326. FILETIME UpdateTime;
  327. PSSCTL_UPDATE_CTL_OBJ_ENTRY pEntry;
  328. } SSCTL_UPDATE_CTL_OBJ_PARA, *PSSCTL_UPDATE_CTL_OBJ_PARA;
  329. BOOL
  330. WINAPI
  331. SSCtlUpdateCtlObjectEnumFn(
  332. IN LPVOID pvPara,
  333. IN PCSSCTLOBJECT pSSCtlObject
  334. );
  335. //
  336. // Inline methods
  337. //
  338. //+---------------------------------------------------------------------------
  339. //
  340. // Member: CSSCtlObject::AddRef, public
  341. //
  342. // Synopsis: add a reference
  343. //
  344. //----------------------------------------------------------------------------
  345. inline VOID
  346. CSSCtlObject::AddRef ()
  347. {
  348. InterlockedIncrement( &m_cRefs );
  349. }
  350. //+---------------------------------------------------------------------------
  351. //
  352. // Member: CSSCtlObject::Release, public
  353. //
  354. // Synopsis: release a reference
  355. //
  356. //----------------------------------------------------------------------------
  357. inline VOID
  358. CSSCtlObject::Release ()
  359. {
  360. if ( InterlockedDecrement( &m_cRefs ) == 0 )
  361. {
  362. delete this;
  363. }
  364. }
  365. //+---------------------------------------------------------------------------
  366. //
  367. // Member: CSSCtlObject::CtlContext, public
  368. //
  369. // Synopsis: return the CTL context
  370. //
  371. //----------------------------------------------------------------------------
  372. inline PCCTL_CONTEXT
  373. CSSCtlObject::CtlContext ()
  374. {
  375. return( m_pCtlContext );
  376. }
  377. //+---------------------------------------------------------------------------
  378. //
  379. // Member: CSSCtlObject::CtlHash, public
  380. //
  381. // Synopsis: return the hash
  382. //
  383. //----------------------------------------------------------------------------
  384. inline LPBYTE
  385. CSSCtlObject::CtlHash ()
  386. {
  387. return( m_rgbCtlHash );
  388. }
  389. //+---------------------------------------------------------------------------
  390. //
  391. // Member: CSSCtlObject::HashIndexEntry, public
  392. //
  393. // Synopsis: return the hash index entry
  394. //
  395. //----------------------------------------------------------------------------
  396. inline HLRUENTRY
  397. CSSCtlObject::HashIndexEntry ()
  398. {
  399. return( m_hHashEntry );
  400. }
  401. //+---------------------------------------------------------------------------
  402. //
  403. // Member: CSSCtlObject::NextUpdateUrlArray, public
  404. //
  405. // Synopsis: return pointer to the Ctl's NextUpdate location url array
  406. //
  407. //----------------------------------------------------------------------------
  408. inline PCRYPT_URL_ARRAY CSSCtlObject::NextUpdateUrlArray ()
  409. {
  410. return m_pNextUpdateUrlArray;
  411. }
  412. //+---------------------------------------------------------------------------
  413. //
  414. // Member: CSSCtlObject::SetOnlineUpdate, public
  415. //
  416. // Synopsis: called for successful online Url retrieval
  417. //
  418. //----------------------------------------------------------------------------
  419. inline void CSSCtlObject::SetOnline ()
  420. {
  421. m_dwOfflineCnt = 0;
  422. }
  423. //+---------------------------------------------------------------------------
  424. //
  425. // Member: CSSCtlObject::ChainEngine, public
  426. //
  427. // Synopsis: return the chain engine object
  428. //
  429. //----------------------------------------------------------------------------
  430. inline PCCERTCHAINENGINE
  431. CSSCtlObject::ChainEngine ()
  432. {
  433. return( m_pChainEngine );
  434. }
  435. //+---------------------------------------------------------------------------
  436. //
  437. // Member: CSSCtlObject::MessageStore, public
  438. //
  439. // Synopsis: return the object's message store
  440. //
  441. //----------------------------------------------------------------------------
  442. inline HCERTSTORE
  443. CSSCtlObject::MessageStore ()
  444. {
  445. return( m_hMessageStore );
  446. }
  447. //+---------------------------------------------------------------------------
  448. //
  449. // Member: CSSCtlObjectCache::HashIndex, public
  450. //
  451. // Synopsis: return the hash index
  452. //
  453. //----------------------------------------------------------------------------
  454. inline HLRUCACHE
  455. CSSCtlObjectCache::HashIndex ()
  456. {
  457. return( m_hHashIndex );
  458. }
  459. #endif