|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: CCert.cpp
//
// Contents: Microsoft Internet Security Certificate Class
//
// History: 14-Aug-1997 pberkman created
//
//--------------------------------------------------------------------------
#include "global.hxx"
#include "signer.h"
extern "C"{extern BOOL WINAPI GetCryptProvFromCert(HWND hwnd, PCCERT_CONTEXT pCert, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec, BOOL *pfDidCryptAcquire, LPWSTR *ppwszTmpContainer, LPWSTR *ppwszProviderName, DWORD *pdwProviderType);
extern void WINAPI FreeCryptProvFromCert(BOOL fAcquired, HCRYPTPROV hProv, LPWSTR pwszCapiProvider, DWORD dwProviderType, LPWSTR pwszTmpContainer);};
#include "ccert.hxx"
CCert_::CCert_(PCCERT_CONTEXT pCertContext){ m_pCertContext = CertDuplicateCertificateContext(pCertContext); m_pCCert_Issuer = NULL; m_pwszPublisherName = NULL; m_pwszAgencyName = NULL; m_pwszProvider = NULL; m_pwszKeyContainer = NULL; m_dwProviderType = 0; m_chStores = 0; m_fTriedPrivateKey = FALSE; memset(m_pahStores, 0x00, sizeof(HCERTSTORE) * CCERT_MAXSTORES);}
CCert_::~CCert_(void){ CertFreeCertificateContext(m_pCertContext);
DELETE_OBJECT(m_pCCert_Issuer); DELETE_OBJECT(m_pwszPublisherName); DELETE_OBJECT(m_pwszAgencyName); DELETE_OBJECT(m_pwszProvider); DELETE_OBJECT(m_pwszKeyContainer);
for (int i = 0; i < (int)m_chStores; i++) { if (m_pahStores[i]) { CertCloseStore(m_pahStores[i], 0); } }}
WCHAR *CCert_::PublisherName(void){ if (m_pwszPublisherName) { return(m_pwszPublisherName); }
if (!(this->ExtractCommonNameExt(&m_pwszPublisherName))) { if (!(this->ExtractCommonNameAttr(&m_pwszPublisherName))) { m_pwszPublisherName = this->GetRDNAttr(szOID_COMMON_NAME, &m_pCertContext->pCertInfo->Subject); } }
return(m_pwszPublisherName);}
WCHAR *CCert_::AgencyName(void){ if (m_pwszAgencyName) { return(m_pwszAgencyName); }
if (!(m_pCertContext)) { return(NULL); }
m_pwszAgencyName = this->GetRDNAttr(szOID_ORGANIZATIONAL_UNIT_NAME, &m_pCertContext->pCertInfo->Subject); if (!(m_pwszAgencyName)) { m_pwszAgencyName = this->GetRDNAttr(szOID_ORGANIZATION_NAME, &m_pCertContext->pCertInfo->Subject);
if (!(m_pwszAgencyName)) { m_pwszAgencyName = this->GetRDNAttr(szOID_COMMON_NAME, &m_pCertContext->pCertInfo->Subject); } }
return(m_pwszAgencyName);}
WCHAR *CCert_::ProviderName(void){ if (m_pwszProvider) { return(m_pwszProvider); }
if (!(m_pCertContext)) { return(NULL); }
this->FindPrivateKey();
return(m_pwszProvider);}
DWORD CCert_::ProviderType(void){ if (m_pwszProvider) { return(m_dwProviderType); }
this->FindPrivateKey();
return(m_dwProviderType);}
WCHAR *CCert_::PrivateKeyContainer(void){ if (m_pwszKeyContainer) { return(m_pwszKeyContainer); }
this->FindPrivateKey();
return(m_pwszKeyContainer);}
BOOL CCert_::BuildChain(FILETIME *psftVerifyAsOf){ FILETIME sft;
if (!(m_pCertContext)) { return(FALSE); }
if (m_pCCert_Issuer) { return(TRUE); }
if (!(psftVerifyAsOf)) { GetSystemTimeAsFileTime(&sft);
psftVerifyAsOf = &sft; }
this->OpenStores();
return(this->BuildChainPrivate(m_chStores, m_pahStores, psftVerifyAsOf));}
//////////////////////////////////////////////////////////////////////////
////
//// protected
////
BOOL CCert_::ExtractCommonNameExt(WCHAR **ppwszRet){ *ppwszRet = NULL;
if (!(m_pCertContext)) { return(FALSE); }
PCERT_NAME_VALUE pNameValue; PCERT_EXTENSION pExt;
pNameValue = NULL;
pExt = CertFindExtension(SPC_COMMON_NAME_OBJID, m_pCertContext->pCertInfo->cExtension, m_pCertContext->pCertInfo->rgExtension); if (pExt) { DWORD cbInfo; PCERT_RDN_VALUE_BLOB pValue; DWORD dwValueType; DWORD cwsz;
cbInfo = 0;
CryptDecodeObject( X509_ASN_ENCODING, X509_NAME_VALUE, pExt->Value.pbData, pExt->Value.cbData, 0, NULL, &cbInfo);
if (cbInfo == 0) { return(FALSE); }
if (!(pNameValue = (PCERT_NAME_VALUE)new BYTE[cbInfo])) { return(FALSE); }
if (!(CryptDecodeObject(X509_ASN_ENCODING, X509_NAME_VALUE, pExt->Value.pbData, pExt->Value.cbData, 0, pNameValue, &cbInfo))) { delete pNameValue; return(FALSE); }
dwValueType = pNameValue->dwValueType; pValue = &pNameValue->Value;
cwsz = CertRDNValueToStrW(dwValueType, pValue, NULL, 0);
if (cwsz > 1) { if (!(*ppwszRet = new WCHAR[cwsz])) { delete pNameValue;
SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(FALSE); }
CertRDNValueToStrW(dwValueType, pValue, *ppwszRet, cwsz);
delete pNameValue; return(TRUE); } }
DELETE_OBJECT(pNameValue);
return(FALSE);}
BOOL CCert_::ExtractCommonNameAttr(WCHAR **ppwszRet){ *ppwszRet = GetRDNAttr(szOID_COMMON_NAME, &m_pCertContext->pCertInfo->Subject);
if (*ppwszRet) { return(TRUE); }
return(FALSE);}
WCHAR *CCert_::GetRDNAttr(char *pszObjId, PCERT_NAME_BLOB pNameBlob){ LPWSTR pwsz; PCERT_NAME_INFO pNameInfo; PCERT_RDN_ATTR pRDNAttr; DWORD cbInfo;
pwsz = NULL; pNameInfo = NULL;
cbInfo = 0;
CryptDecodeObject( X509_ASN_ENCODING, X509_NAME, pNameBlob->pbData, pNameBlob->cbData, 0, NULL, &cbInfo); if (cbInfo == 0) { return(NULL); }
if (!(pNameInfo = (PCERT_NAME_INFO)new BYTE[cbInfo])) { return(NULL); }
if (!(CryptDecodeObject(X509_ASN_ENCODING, X509_NAME, pNameBlob->pbData, pNameBlob->cbData, 0, pNameInfo, &cbInfo))) { delete pNameInfo; return(NULL); }
pRDNAttr = CertFindRDNAttr(pszObjId, pNameInfo);
if (pRDNAttr) { PCERT_RDN_VALUE_BLOB pValue = &pRDNAttr->Value; DWORD dwValueType = pRDNAttr->dwValueType; DWORD cwsz;
pValue = &pRDNAttr->Value; dwValueType = pRDNAttr->dwValueType;
cwsz = CertRDNValueToStrW(dwValueType, pValue, NULL, 0);
if (cwsz > 1) { if (!(pwsz = new WCHAR[cwsz])) { delete pNameInfo;
SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(NULL); }
CertRDNValueToStrW(dwValueType, pValue, pwsz, cwsz); } }
DELETE_OBJECT(pNameInfo);
return(pwsz);}
//////////////////////////////////////////////////////////////////////////
////
//// private
////
BOOL CCert_::BuildChainPrivate(DWORD chStores, HCERTSTORE *pahStores, FILETIME *psftVerifyAsOf){ DWORD dwError; PCCERT_CONTEXT pIssuerCertContext;
DELETE_OBJECT(m_pCCert_Issuer);
if (TrustIsCertificateSelfSigned(m_pCertContext, m_pCertContext->dwCertEncodingType, 0)) { return(TRUE); }
pIssuerCertContext = TrustFindIssuerCertificate(m_pCertContext, m_pCertContext->dwCertEncodingType, chStores, pahStores, psftVerifyAsOf, &m_dwConfidence, &dwError, 0);
if (!(pIssuerCertContext)) { SetLastError(dwError); return(FALSE); }
m_pCCert_Issuer = new CCert_(pIssuerCertContext);
CertFreeCertificateContext(pIssuerCertContext);
if (!(m_pCCert_Issuer)) { return(FALSE); }
return(m_pCCert_Issuer->BuildChainPrivate(chStores, pahStores, psftVerifyAsOf));}
//
// warning: if you add a store, make sure to add one to the CCERT_MAXSTORES in ccert.hxx!!!
//
void CCert_::OpenStores(void){ HCERTSTORE hStore;
m_chStores = 0;
if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "ROOT")) { m_pahStores[m_chStores] = hStore; m_chStores++; } else { return; // if we can't find the root, FAIL!
}
//
// open the Trust List store
//
if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "TRUST")) { m_pahStores[m_chStores] = hStore; m_chStores++; }
//
// CA Store
//
if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "CA")) { m_pahStores[m_chStores] = hStore; m_chStores++; } //
// MY Store
//
if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "MY")) { m_pahStores[m_chStores] = hStore; m_chStores++; } //
// SPC Store (historic reasons!)
//
if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "SPC")) { m_pahStores[m_chStores] = hStore; m_chStores++; }}
BOOL CCert_::FindPrivateKey(void){ if ((m_pwszProvider) || (m_pwszKeyContainer)) { return(TRUE); }
if (m_fTriedPrivateKey) { return(FALSE); }
m_fTriedPrivateKey = TRUE;
DELETE_OBJECT(m_pwszProvider); DELETE_OBJECT(m_pwszKeyContainer);
//
// try mssign32.dll first
//
HCRYPTPROV signer_hProv; WCHAR *signer_pwszTmpContainer; WCHAR *signer_pwszProviderName; DWORD signer_dwKeySpec; DWORD signer_dwProviderType; BOOL signer_fDidCryptAcquire;
signer_hProv = NULL; signer_pwszTmpContainer = NULL; signer_pwszProviderName = NULL;
if (GetCryptProvFromCert(NULL, m_pCertContext, &signer_hProv, &signer_dwKeySpec, &signer_fDidCryptAcquire, &signer_pwszTmpContainer, &signer_pwszProviderName, &signer_dwProviderType)) { if (signer_pwszProviderName) { if (!(m_pwszProvider = new WCHAR[wcslen(signer_pwszProviderName) + 1])) { return(FALSE); }
wcscpy(m_pwszProvider, signer_pwszProviderName);
if (signer_pwszTmpContainer) { if (!(m_pwszKeyContainer = new WCHAR[wcslen(signer_pwszTmpContainer) + 1])) { return(FALSE); }
wcscpy(m_pwszKeyContainer, signer_pwszTmpContainer); }
m_dwProviderType = signer_dwProviderType;
FreeCryptProvFromCert(signer_fDidCryptAcquire, signer_hProv, signer_pwszProviderName, signer_dwProviderType, signer_pwszTmpContainer); return(TRUE); } FreeCryptProvFromCert(signer_fDidCryptAcquire, signer_hProv, signer_pwszProviderName, signer_dwProviderType, signer_pwszTmpContainer); }
DWORD dwIndexProv; DWORD dwIndexContainer; DWORD dwProvType; DWORD cbSize; WCHAR wszProv[MAX_PATH + 1]; WCHAR *pwszContainer;
HCRYPTPROV hProvEnum;
pwszContainer = NULL; dwIndexProv = 0;
for EVER { cbSize = MAX_PATH;
if (!(CryptEnumProvidersU(dwIndexProv, NULL, 0, &dwProvType, &wszProv[0], &cbSize))) { break; }
wszProv[cbSize] = NULL;
dwIndexContainer = 0; hProvEnum = NULL;
for EVER { if (!(this->EnumContainer(&hProvEnum, dwIndexContainer, dwProvType, &wszProv[0], &pwszContainer))) { break; } if (this->CheckContainerForKey(&wszProv[0], dwProvType, pwszContainer)) { m_dwProviderType = dwProvType; m_pwszKeyContainer = pwszContainer;
if (m_pwszProvider = new WCHAR[wcslen(&wszProv[0]) + 1]) { wcscpy(m_pwszProvider, &wszProv[0]); }
CryptReleaseContext(hProvEnum, 0); return(TRUE); }
DELETE_OBJECT(pwszContainer);
dwIndexContainer++; }
if (hProvEnum) { CryptReleaseContext(hProvEnum, 0); }
dwIndexProv++; // for our enum at the top!
}
return(FALSE);}
BOOL CCert_::EnumContainer(HCRYPTPROV *phProv, DWORD dwIndex, DWORD dwProvType, WCHAR *pwszProv, WCHAR **ppwszContainer){ DWORD i; DWORD cbSize; char *psz;
*ppwszContainer = NULL;
if (!(*phProv)) { if (!(CryptAcquireContextU(phProv, NULL, pwszProv, dwProvType, CRYPT_VERIFYCONTEXT))) { return(FALSE); } } cbSize = 0; CryptGetProvParam(*phProv, PP_ENUMCONTAINERS, NULL, &cbSize, CRYPT_FIRST);
if (cbSize > 0) { if (!(psz = new char[cbSize])) { return(FALSE); }
memset(psz, 0x00, cbSize);
CryptGetProvParam(*phProv, PP_ENUMCONTAINERS, (BYTE *)psz, &cbSize, CRYPT_FIRST);
for (i = 1; i <= dwIndex; i++) { if (!(CryptGetProvParam(*phProv, PP_ENUMCONTAINERS, (BYTE *)psz, &cbSize, 0))) { delete psz; return(FALSE); } }
if (!(*ppwszContainer = new WCHAR[strlen(psz) + 1])) { delete psz;
SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(FALSE); } MultiByteToWideChar(0, 0, psz, -1, *ppwszContainer, (strlen(psz) + 1) * sizeof(WCHAR));
delete psz; return(TRUE);
}
return(FALSE);}
BOOL CCert_::CheckContainerForKey(WCHAR *pwszProv, DWORD dwProvType, WCHAR *pwszContainer){ HCRYPTPROV hProv; DWORD cbSize; PCERT_PUBLIC_KEY_INFO pContInfo;
if (CryptAcquireContextU(&hProv, pwszContainer, pwszProv, dwProvType, 0)) { if (!(CryptExportPublicKeyInfo(hProv, AT_SIGNATURE, X509_ASN_ENCODING, NULL, &cbSize))) { CryptReleaseContext(hProv, 0); return(FALSE); }
if (!(pContInfo = (PCERT_PUBLIC_KEY_INFO)new BYTE[cbSize])) { CryptReleaseContext(hProv, 0); SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(FALSE); }
if (!(CryptExportPublicKeyInfo(hProv, AT_SIGNATURE, X509_ASN_ENCODING, pContInfo, &cbSize))) { delete pContInfo;
CryptReleaseContext(hProv, 0);
return(FALSE); }
CryptReleaseContext(hProv, 0);
if (CertComparePublicKeyInfo(X509_ASN_ENCODING, &m_pCertContext->pCertInfo->SubjectPublicKeyInfo, pContInfo)) { delete pContInfo;
return(TRUE); }
delete pContInfo; }
return(FALSE);}
|
