|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// File: initcert.h
//
//--------------------------------------------------------------------------
#ifndef __INITCERT_H__
#define __INITCERT_H__
typedef enum { CS_UPGRADE_UNKNOWN = 0, CS_UPGRADE_NO, // install
//CS_UPGRADE_NT4SP4 =2, // upgrade from NT4 certsrv v10 or SP4 with certsrv // upg unsupported
//CS_UPGRADE_NT5BETA2 =3, // upgrade from NT5 Beta 2 // upg unsupported
//CS_UPGRADE_NT5BETA3 =4, // upgrade from NT5 Beta 3 // upg unsupported
CS_UPGRADE_WIN2000 =5, // upgrade from Win2K
CS_UPGRADE_UNSUPPORTED, // upgrade is not supported
CS_UPGRADE_WHISTLER, // upgrade from build to build
} CS_ENUM_UPGRADE;
typedef enum { ENUM_WIZ_UNKNOWN = 0, ENUM_WIZ_OCM, ENUM_WIZ_CATYPE, ENUM_WIZ_ADVANCE, ENUM_WIZ_IDINFO, ENUM_WIZ_KEYGEN, ENUM_WIZ_STORE, ENUM_WIZ_REQUEST,} ENUM_WIZPAGE;
typedef struct csp_hash_tag{ ALG_ID idAlg; WCHAR *pwszName; struct csp_hash_tag *next; struct csp_hash_tag *last;} CSP_HASH;
typedef struct csp_info_tag { DWORD dwProvType; WCHAR *pwszProvName; BOOL fMachineKeyset; struct csp_info_tag *next; struct csp_info_tag *last; CSP_HASH *pHashList;} CSP_INFO; typedef struct key_list_tag{ WCHAR *pwszName; struct key_list_tag *next; struct key_list_tag *last;} KEY_LIST;
typedef struct tagCAServerSetupInfo{ // setup attributes
// 0x0000
ENUM_CATYPES CAType; WCHAR *pwszCACommonName;
// 0x0020
BOOL fAdvance; CSP_INFO *pCSPInfo; // currently selected CSP
CSP_HASH *pHashInfo; // currently selected hash algorithm
DWORD dwKeyLength; ENUM_PERIOD enumValidityPeriod; DWORD dwValidityPeriodCount; BOOL fUseDS;
// 0x0040
WCHAR *pwszSharedFolder; WCHAR *pwszDBDirectory; WCHAR *pwszLogDirectory; BOOL fSaveRequestAsFile; BOOL fCAsExist; WCHAR *pwszRequestFile; WCHAR *pwszParentCAMachine; WCHAR *pwszParentCAName;
// 0x0060
BOOL fPreserveDB; BOOL fInteractiveService; // allow service to interact
// with the desktop
// setup intermediate attributes
ENUM_WIZPAGE LastWiz; WCHAR *pwszSanitizedName; CSP_INFO *pCSPInfoList; // list of all available CSPs
CSP_INFO *pDefaultCSPInfo; // obj representing default CSP,
// not a CSP in pCSPInfoList
CSP_HASH *pDefaultHashInfo; // object representing default
// hash algorithm, not a hash
// algorighm in the currently
// selected CSP
KEY_LIST *pKeyList; // list of key containers for
// 0x0080
DWORD dwKeyLenMin; // minumum key length for the
// currently selected CSP
DWORD dwKeyLenMax; // maximum key length for the
// currently selected CSP
WCHAR *pwszValidityPeriodCount; LONG lExistingValidity; WCHAR *pwszCACertFile; HCERTSTORE hMyStore; CHAR *pszAlgId; BOOL fCertSrvWasRunning;
// 0x00a0
FILETIME NotBefore; FILETIME NotAfter; DWORD dwRevocationFlags;
// setup intermediate attributes for unattended
WCHAR *pwszCAType; WCHAR *pwszValidityPeriodString; WCHAR *pwszHashAlgorithm;
// 0x00c0
WCHAR *pwszKeyLength; BOOL fValidatedHashAndKey; WCHAR *pwszUseExistingCert; WCHAR *pwszPreserveDB; WCHAR *pwszPFXFile; WCHAR *pwszPFXPassword; WCHAR *pwszInteractiveService;
// upgrade attributes
DWORD dwUpgradeEditFlags;// 0x00e0
DWORD dwUpgradeRevFlags; BOOL fSavedCAInDS; BOOL fCreatedShare; WCHAR *pwszCustomPolicy; WCHAR *pwszzCustomExit;
// * The following 2 variables replace these 5 variables:
// fCreatedKey,
// pwszRevertKey,
// pwszImportKey,
// pwszExistingKey,
// fUseExistingKey
//
// * Invariant: fUseExistingKey == (NULL != pwszKeyContainerName)
//
// * pwszKeyContainerName should always contains the name of an existing
// key container, or be NULL if a new key container needs to be created.
// Once the new container is created, the variable holds the name of the
// container.
//
// * Always use SetKeyContainerName() and ClearKeyContainerName() to modify
// these variables. This makes sure that pwszDesanitizedKeyContainerName
// is always in sync.
WCHAR *pwszKeyContainerName; // exact name of the container
// used by the CSP
WCHAR *pwszDesanitizedKeyContainerName; // name displayed
// to the user
BOOL fDeletableNewKey; // TRUE iff the
// 0x0100
// KeyContainerName points to a
// key container that we should
// delete if we don't use.
BOOL fKeyGenFailed; // TRUE if KeyGen failed
// * The following 1 variable replace these 4 variables:
// fUseExistingCert,
// fFoundMatchedCertInStore,
// fMatchedCertType,
// pSCertContextFromStore
//
// * Invariant: fUseExistingCert==(NULL!=pccExistingCert)
//
// * pccExistingCert should always be a pointer to an existing cert context,
// or be NULL if we are not using an existing cert
//
// * Always use SetExistingCertToUse() and ClearExistingCertToUse() to
// modify these variables. This makes sure that pccExistingCert is
// properly freed.
CERT_CONTEXT const *pccExistingCert; // an open cert context
CERT_CONTEXT const *pccUpgradeCert; // CA Cert context for upgrade
DWORD dwCertNameId; // CA Cert NameId
BOOL fUNCPathNotFound; // flag for default shared folder
// 0x0114
WCHAR *pwszDNSuffix; // CN=%1, DC=x, DC=y, DC=z -- dynamically generated template
WCHAR *pwszFullCADN;
} CASERVERSETUPINFO;
typedef struct tagCAWebClientSetupInfo{ WCHAR *pwszWebCAMachine; WCHAR *pwszWebCAName; WCHAR *pwszSanitizedWebCAName; BOOL fUseDS; WCHAR *pwszSharedFolder; ENUM_CATYPES WebCAType;} CAWEBCLIENTSETUPINFO;
typedef struct tagCASetupInfo{ CASERVERSETUPINFO *pServer; CAWEBCLIENTSETUPINFO *pClient;} CASETUPINFO;
typedef struct _PER_COMPONENT_DATA { // component generic
WCHAR *pwszComponent; // Component name from OCM
HINF MyInfHandle; // Open inf handle to per-component inf
DWORDLONG Flags; // Operation flags from SETUP_DATA structure
OCMANAGER_ROUTINES HelperRoutines;
// setup related
HINSTANCE hInstance; HRESULT hrContinue; // set code if fatal error
WCHAR *pwszCustomMessage; int iErrMsg; // set msg id for fatal error pop up
BOOL fShownErr; // set to TRUE if pop up earlier so avoid double
BOOL fUnattended; BOOL fPostBase; WCHAR *pwszUnattendedFile; WCHAR *pwszServerName; WCHAR *pwszServerNameOld; WCHAR *pwszSystem32;
// CA related
DWORD dwInstallStatus; CASETUPINFO CA; CS_ENUM_UPGRADE UpgradeFlag; BOOL fCreatedVRoot;} PER_COMPONENT_DATA;
//+--------------------------------------------------------------------------
// Prototypes:
HRESULTcsiGetKeyList( IN DWORD dwProvType, IN WCHAR const *pwszProvName, IN BOOL fMachineKeySet, IN BOOL fSilent, OUT KEY_LIST **ppKeyList);
VOIDcsiFreeKeyList( IN OUT KEY_LIST *pKeyList);
HRESULTcsiBuildRequest( OPTIONAL IN HINF hInf, OPTIONAL IN CERT_CONTEXT const *pccPrevious, IN BYTE const *pbSubjectEncoded, IN DWORD cbSubjectEncoded, IN char const *pszAlgId, IN BOOL fNewKey, IN DWORD iCert, IN DWORD iKey, IN HCRYPTPROV hProv, IN HWND hwnd, IN HINSTANCE hInstance, IN BOOL fUnattended, OUT BYTE **ppbEncode, OUT DWORD *pcbEncode);
HRESULTcsiBuildFileName( IN WCHAR const *pwszDirPath, IN WCHAR const *pwszSanitizedName, IN WCHAR const *pwszExt, IN DWORD iCert, OUT WCHAR **ppszOut, HINSTANCE hInstance, BOOL fUnattended, IN HWND hwnd);
HRESULTcsiBuildCACertFileName( IN HINSTANCE hInstance, IN HWND hwnd, IN BOOL fUnattended, OPTIONAL IN WCHAR const *pwszSharedFolder, IN WCHAR const *pwszSanitizedName, IN WCHAR const *pwszExt, IN DWORD iCert, OUT WCHAR **ppwszCACertFile);
HRESULTcsiGetCARequestFileName( IN HINSTANCE hInstance, IN HWND hwnd, IN WCHAR const *pwszSanitizedCAName, IN DWORD iCertNew, IN DWORD iKey, OUT WCHAR **ppwszRequestFile);
BOOLcsiWriteDERToFile( IN WCHAR const *pwszFileName, IN BYTE const *pbDER, IN DWORD cbDER, IN HINSTANCE hInstance, IN BOOL fUnattended, IN HWND hwnd);
HRESULTcsiBuildAndWriteCert( IN HCRYPTPROV hCryptProv, IN CASERVERSETUPINFO const *pServer, OPTIONAL IN WCHAR const *pwszFile, IN WCHAR const *pwszEnrollFile, OPTIONAL IN CERT_CONTEXT const *pCertContextFromStore, OPTIONAL OUT CERT_CONTEXT const **ppCertContextOut, IN WCHAR const *pwszCAType, IN HINSTANCE hInstance, IN BOOL fUnattended, IN HWND hwnd);
VOIDcsiFreeCertNameInfo( IN OUT CERT_NAME_INFO *pNameInfo);
HRESULTcsiGetCRLPublicationURLTemplates( IN BOOL fUseDS, IN WCHAR const *pwszSystem32, OUT WCHAR **ppwszz);
HRESULTcsiGetCACertPublicationURLTemplates( IN BOOL fUseDS, IN WCHAR const *pwszSystem32, OUT WCHAR **ppwszz);
HRESULTcsiSetupCAInDS( IN HWND hwnd, IN WCHAR const *pwszCAServer, IN WCHAR const *pwszSanitizedCAName, IN WCHAR const *pwszCADisplayName, IN WCHAR const *pwszCADescription, IN ENUM_CATYPES caType, IN DWORD iCert, IN DWORD iCRL, IN BOOL fRenew, IN CERT_CONTEXT const *pCert);
HRESULTcsiFillKeyProvInfo( IN WCHAR const *pwszContainerName, IN WCHAR const *pwszProvName, IN DWORD dwProvType, IN BOOL const fMachineKeyset, OUT CRYPT_KEY_PROV_INFO *pKeyProvInfo);
VOIDcsiFreeKeyProvInfo( IN OUT CRYPT_KEY_PROV_INFO *pKeyProvInfo);
BOOLcsiIsAnyDSCAAvailable(VOID);
HRESULTcsiSubmitCARequest( IN HINSTANCE hInstance, IN BOOL fUnattended, IN HWND hwnd, IN BOOL fRenew, IN BOOL fRetrievePending, IN WCHAR const *pwszSanitizedCAName, IN WCHAR const *pwszParentCAMachine, IN WCHAR const *pwszParentCAName, IN BYTE const *pbRequest, IN DWORD cbRequest, OUT BSTR *pbStrChain);
HRESULTcsiFinishInstallationFromPKCS7( IN HINSTANCE hInstance, IN BOOL fUnattended, IN HWND hwnd, IN WCHAR const *pwszSanitizedCAName, IN WCHAR const *pwszCACommonName, IN CRYPT_KEY_PROV_INFO const *pKeyProvInfo, IN ENUM_CATYPES CAType, IN DWORD iCert, IN DWORD iCRL, IN BOOL fUseDS, IN BOOL fRenew, IN WCHAR const *pwszServerName, IN BYTE const *pbChainOrCert, IN DWORD cbChainOrCert, OPTIONAL IN WCHAR const *pwszCACertFile);
HRESULTcsiSaveCertAndKeys( IN CERT_CONTEXT const *pCert, IN HCERTSTORE hAdditionalStore, IN CRYPT_KEY_PROV_INFO const *pkpi, IN ENUM_CATYPES CAType);
HRESULT csiInitializeCertSrvSecurity( IN WCHAR const *pwszSanitizedCAName, IN BOOL fUseEnterpriseACL, // which ACL to use
IN BOOL fSetDsSecurity); // whether to set DS security
HRESULTcsiGenerateCAKeys( IN WCHAR const *pwszContainer, IN WCHAR const *pwszProvName, IN DWORD dwProvType, IN BOOL fMachineKeyset, IN DWORD dwKeyLength, IN HINSTANCE hInstance, IN BOOL fUnattended, IN HWND hwnd, OUT BOOL *pfKeyGenFailed);
HRESULTcsiGenerateKeysOnly( IN WCHAR const *pwszContainer, IN WCHAR const *pwszProvName, IN DWORD dwProvType, IN BOOL fMachineKeyset, IN DWORD dwKeyLength, IN BOOL fUnattended, OUT HCRYPTPROV *phProv, OUT int *piMsg);
HRESULTcsiSetKeyContainerSecurity( IN HCRYPTPROV hProv);
HRESULTcsiSetAdminOnlyFolderSecurity( IN LPCWSTR szFolderPath, IN BOOL fAllowEveryoneRead, IN BOOL fUseDS);
VOIDcsiLogOpen( IN char const *pszFile);
VOIDcsiLogClose();
VOIDcsiLog( IN DWORD dwFile, IN DWORD dwLine, IN HRESULT hrMsg, IN UINT idMsg, OPTIONAL IN WCHAR const *pwsz1, OPTIONAL IN WCHAR const *pwsz2, OPTIONAL IN DWORD const *pdw);
VOIDcsiLogTime( IN DWORD dwFile, IN DWORD dwLine, IN UINT idMsg);
VOIDcsiLogDWord( IN DWORD dwFile, IN DWORD dwLine, IN UINT idMsg, IN DWORD dwVal);
HRESULTcsiGetProviderTypeFromProviderName( IN WCHAR const *pwszName, OUT DWORD *pdwType);
HRESULTcsiUpgradeCertSrvSecurity( IN WCHAR const *pwszSanitizedCAName, BOOL fUseEnterpriseACL, // which ACL to use
BOOL fSetDsSecurity, // whether to set security on DS object
CS_ENUM_UPGRADE UpgradeType);
HRESULTcsiGetCRLPublicationParams( BOOL fBase, WCHAR** ppwszCRLPeriod, DWORD* pdwCRLCount);
HRESULT AddCNAndEncode( LPCWSTR pcwszName, LPCWSTR pcwszDNSuffix, BYTE** ppbEncodedDN, DWORD *pcbEncodedDN);
HRESULTAddCAMachineToCertPublishers(VOID); HRESULT RemoveCAMachineFromCertPublishers(VOID);
#define CSILOG(hr, idMsg, pwsz1, pwsz2, pdw) \
csiLog(__dwFILE__, __LINE__, (hr), (idMsg), (pwsz1), (pwsz2), (pdw))
#define CSILOGTIME(idMsg) \
csiLogTime(__dwFILE__, __LINE__, (idMsg))
#define CSILOGDWORD(idMsg, dw) \
csiLogDWord(__dwFILE__, __LINE__, (idMsg), (dw))
#endif //__INITCERT_H__
|
