archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/snapin/certmgr/autocert.cpp

439 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1998-2001.
  5. //
  6. // File: AutoCert.cpp
  7. //
  8. // Contents: implementation of the CAutoCertRequest class.
  9. //
  10. //----------------------------------------------------------------------------
  12. #include "stdafx.h"
  13. #include <gpedit.h>
  14. #include "AutoCert.h"
  15. #include "storegpe.h"
  18. USE_HANDLE_MACROS("CERTMGR(AutoCert.cpp)")
  21. ////////////////////////////////////////////////////////////
  22. // Construction/Destruction
  23. //////////////////////////////////////////////////////////////////////
  25. CAutoCertRequest::CAutoCertRequest (const PCCTL_CONTEXT pCTLContext, CCertStore& rCertStore) :
  26. CCTL (pCTLContext, rCertStore, CERTMGR_AUTO_CERT_REQUEST),
  27. m_pCertTypeExtension (0),
  28. m_pEnhKeyUsageExtension (0),
  29. m_bCANamesEnumerated (false),
  30. m_hCertType (0)
  31. {
  32. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  33. }
  35. CAutoCertRequest::~CAutoCertRequest()
  36. {
  37. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  38. if ( m_hCertType )
  39. {
  40. VERIFY (SUCCEEDED (::CACloseCertType (m_hCertType)));
  41. }
  42. }
  46. HRESULT CAutoCertRequest::GetCertTypeName(CString & certTypeName)
  47. {
  48. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  49. HRESULT hResult = S_OK;
  53. if ( CERTMGR_LOG_STORE_GPE != GetCertStore().m_objecttype &&
  54. CERTMGR_LOG_STORE_RSOP != GetCertStore().m_objecttype )
  55. {
  56. hResult = E_FAIL;
  57. return hResult;
  58. }
  60. CCertStore* pStore = reinterpret_cast <CCertStore*>(&GetCertStore());
  61. if(pStore == NULL)
  62. {
  63. hResult = E_FAIL;
  64. return hResult;
  65. }
  70. if ( m_szCertTypeName.IsEmpty () )
  71. {
  72. bool bFound = false;
  75. hResult = E_FAIL;
  76. PCERT_EXTENSION pCertTypeExtension = GetCertTypeExtension ();
  77. if ( pCertTypeExtension )
  78. {
  79. DWORD cbValue = 0;
  81. if ( ::CryptDecodeObject(
  82. CRYPT_ASN_ENCODING,
  83. X509_UNICODE_ANY_STRING,
  84. pCertTypeExtension->Value.pbData,
  85. pCertTypeExtension->Value.cbData,
  86. 0,
  87. 0,
  88. &cbValue) )
  89. {
  90. CERT_NAME_VALUE* pCNValue = (CERT_NAME_VALUE*)
  91. ::LocalAlloc(LPTR, cbValue);
  92. if ( pCNValue )
  93. {
  94. if ( ::CryptDecodeObject(
  95. CRYPT_ASN_ENCODING,
  96. X509_UNICODE_ANY_STRING,
  97. pCertTypeExtension->Value.pbData,
  98. pCertTypeExtension->Value.cbData,
  99. 0,
  100. pCNValue,
  101. &cbValue) )
  102. {
  103. LPWSTR pszCertTypeName = (LPWSTR) pCNValue->Value.pbData;
  104. CString CAName;
  105. HCERTTYPE hCertType = 0;
  107. hResult = ::CAFindCertTypeByName ( pszCertTypeName,
  108. NULL,
  109. (pStore->IsMachineStore()?CT_ENUM_MACHINE_TYPES:CT_ENUM_USER_TYPES),
  110. &hCertType);
  111. if ( SUCCEEDED (hResult) )
  112. {
  113. WCHAR** pawszPropertyValue = 0;
  115. hResult = ::CAGetCertTypeProperty (hCertType,
  116. CERTTYPE_PROP_FRIENDLY_NAME,
  117. &pawszPropertyValue);
  118. ASSERT (SUCCEEDED (hResult));
  119. if ( SUCCEEDED (hResult) )
  120. {
  121. if ( pawszPropertyValue[0] )
  122. {
  123. m_szCertTypeName = pawszPropertyValue[0];
  124. bFound = true;
  125. m_hCertType = hCertType;
  126. }
  127. else
  128. {
  129. VERIFY (SUCCEEDED (::CAFreeCertTypeProperty (hCertType,
  130. pawszPropertyValue)));
  131. }
  132. }
  133. if ( !bFound )
  134. {
  135. hResult = ::CACloseCertType (hCertType);
  136. ASSERT (SUCCEEDED (hResult));
  137. }
  138. }
  140. }
  141. else
  142. {
  143. DWORD dwErr = GetLastError ();
  144. DisplaySystemError (NULL, dwErr);
  145. hResult = HRESULT_FROM_WIN32 (dwErr);
  146. }
  147. ::LocalFree (pCNValue);
  148. }
  149. else
  150. {
  151. hResult = E_OUTOFMEMORY;
  152. }
  153. }
  154. else
  155. {
  156. DWORD dwErr = GetLastError ();
  157. DisplaySystemError (NULL, dwErr);
  158. hResult = HRESULT_FROM_WIN32 (dwErr);
  159. }
  160. }
  161. // If all calls succeded but it still wasn't found, then fail anyway.
  162. if ( SUCCEEDED (hResult) && !bFound )
  163. hResult = E_FAIL;
  164. }
  166. if ( SUCCEEDED (hResult) )
  167. certTypeName = m_szCertTypeName;
  169. return hResult;
  170. }
  172. PCERT_EXTENSION CAutoCertRequest::GetCertTypeExtension()
  173. {
  174. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  175. if ( !m_pCertTypeExtension )
  176. {
  177. m_pCertTypeExtension = ::CertFindExtension (
  178. szOID_ENROLL_CERTTYPE_EXTENSION,
  179. GetCTLContext ()->pCtlInfo->cExtension,
  180. GetCTLContext ()->pCtlInfo->rgExtension);
  181. ASSERT (m_pCertTypeExtension);
  182. if ( !m_pCertTypeExtension )
  183. {
  184. DisplaySystemError (NULL, GetLastError ());
  185. }
  186. }
  188. return m_pCertTypeExtension;
  189. }
  191. PCERT_EXTENSION CAutoCertRequest::GetEnhancedKeyUsageExtension()
  192. {
  193. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  194. if ( !m_pEnhKeyUsageExtension )
  195. {
  196. m_pEnhKeyUsageExtension = ::CertFindExtension (
  197. szOID_ENHANCED_KEY_USAGE,
  198. GetCTLContext ()->pCtlInfo->cExtension,
  199. GetCTLContext ()->pCtlInfo->rgExtension);
  200. ASSERT (m_pEnhKeyUsageExtension);
  201. if ( !m_pEnhKeyUsageExtension )
  202. {
  203. DWORD dwErr = GetLastError ();
  204. if ( dwErr )
  205. DisplaySystemError (NULL, dwErr);
  206. }
  207. }
  209. return m_pEnhKeyUsageExtension;
  210. }
  212. HRESULT CAutoCertRequest::GetUsages(CString & usages)
  213. {
  214. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  215. HRESULT hResult = S_OK;
  217. if ( m_szUsages.IsEmpty () )
  218. {
  219. hResult = E_FAIL;
  220. PCERT_EXTENSION pEnhKeyUsageExtension = GetEnhancedKeyUsageExtension ();
  221. ASSERT (pEnhKeyUsageExtension);
  222. if ( pEnhKeyUsageExtension )
  223. {
  224. DWORD cbEnhKeyUsage = 0;
  227. if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING,
  228. szOID_ENHANCED_KEY_USAGE,
  229. pEnhKeyUsageExtension->Value.pbData,
  230. pEnhKeyUsageExtension->Value.cbData,
  231. 0, NULL, &cbEnhKeyUsage) )
  232. {
  233. PCERT_ENHKEY_USAGE pEnhKeyUsage = (PCERT_ENHKEY_USAGE)
  234. ::LocalAlloc (LPTR, cbEnhKeyUsage);
  235. if ( pEnhKeyUsage )
  236. {
  237. if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING,
  238. szOID_ENHANCED_KEY_USAGE,
  239. pEnhKeyUsageExtension->Value.pbData,
  240. pEnhKeyUsageExtension->Value.cbData,
  241. 0, pEnhKeyUsage, &cbEnhKeyUsage) )
  242. {
  243. CString usageName;
  245. for (DWORD dwIndex = 0;
  246. dwIndex < pEnhKeyUsage->cUsageIdentifier;
  247. dwIndex++)
  248. {
  249. if ( MyGetOIDInfo (usageName,
  250. pEnhKeyUsage->rgpszUsageIdentifier[dwIndex]) )
  251. {
  252. // add delimeter if not first iteration
  253. if ( dwIndex )
  254. m_szUsages += _T(", ");
  255. m_szUsages += usageName;
  256. }
  257. }
  258. hResult = S_OK;
  259. }
  260. else
  261. DisplaySystemError (NULL, GetLastError());
  262. ::LocalFree (pEnhKeyUsage);
  263. }
  264. else
  265. {
  266. hResult = E_OUTOFMEMORY;
  267. }
  268. }
  269. else
  270. DisplaySystemError (NULL, GetLastError());
  271. }
  272. }
  274. if ( SUCCEEDED (hResult) )
  275. usages = m_szUsages;
  277. return hResult;
  278. }
  281. // To get CAs, enumerate CAs on DS, get certs, get hash, compare with stored hash
  282. // in CTL, if match found, call GetCAInfoFromDS
  285. HRESULT CAutoCertRequest::BuildCANameList()
  286. {
  287. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  288. HRESULT hResult = S_OK;
  290. if ( !m_bCANamesEnumerated )
  291. {
  292. m_bCANamesEnumerated = true;
  294. // To get CAs, enumerate CAs on DS, get certs, get hash, compare with stored hash
  295. // in CTL, if match found, call GetCAInfoFromDS
  296. CWaitCursor waitCursor;
  297. HCAINFO hCAInfo = 0;
  298. DWORD dwCACnt = 0;
  299. HCAINFO* pCAList = 0;
  300. UINT nIndex = 0;
  301. PCCERT_CONTEXT* ppCertContext = NULL;
  302. DWORD cbHash = 20;
  303. hResult = ::CAEnumFirstCA (NULL, 0, &hCAInfo);
  304. if ( SUCCEEDED (hResult) )
  305. dwCACnt = ::CACountCAs (hCAInfo);
  307. if ( dwCACnt > 0 )
  308. {
  310. pCAList = new HCAINFO[dwCACnt];
  311. ppCertContext = new PCCERT_CONTEXT[dwCACnt];
  312. if ( pCAList && ppCertContext )
  313. {
  314. nIndex = 0;
  315. while (SUCCEEDED (hResult) && hCAInfo && nIndex < dwCACnt)
  316. {
  317. pCAList[nIndex] = hCAInfo;
  318. hResult = ::CAGetCACertificate (hCAInfo, &ppCertContext[nIndex]);
  319. ASSERT (SUCCEEDED (hResult));
  320. nIndex++;
  321. hResult = ::CAEnumNextCA (hCAInfo, &hCAInfo);
  322. }
  324. PCCTL_CONTEXT pCTLContext = GetCTLContext ();
  325. if ( pCTLContext )
  326. {
  327. PCTL_INFO pCTLInfo = pCTLContext->pCtlInfo;
  328. DWORD cCTLEntry = pCTLInfo->cCTLEntry;
  329. PCTL_ENTRY rgCTLEntry = pCTLInfo->rgCTLEntry;
  330. const size_t HASH_SIZE = 20;
  331. BYTE pbHash[HASH_SIZE];
  333. for (UINT nCAHash = 0; nCAHash < cCTLEntry; nCAHash++)
  334. {
  335. for (UINT nCertContextIndex = 0; nCertContextIndex < dwCACnt; nCertContextIndex++)
  336. {
  337. cbHash = HASH_SIZE;
  338. if (::CertGetCertificateContextProperty (ppCertContext[nCertContextIndex],
  339. CERT_SHA1_HASH_PROP_ID,
  340. pbHash,
  341. &cbHash) )
  342. {
  344. // Compare pbHash with pCAHash;
  345. if ( !memcmp (pbHash,
  346. rgCTLEntry[nCAHash].SubjectIdentifier.pbData,
  347. rgCTLEntry[nCAHash].SubjectIdentifier.cbData) )
  348. {
  349. LPWSTR *awszCAName = NULL;
  350. LPWSTR *awszCADisplayName = NULL;
  351. //
  352. // Add this CA to the list of
  353. // CA's.
  354. //
  356. // get the name of the CA
  357. hResult = ::CAGetCAProperty (pCAList[nCertContextIndex],
  358. CA_PROP_NAME,
  359. &awszCAName);
  362. if (SUCCEEDED (hResult) && awszCAName && awszCAName[0] )
  363. {
  365. // get the display name of the CA
  366. hResult = ::CAGetCAProperty (pCAList[nCertContextIndex],
  367. CA_PROP_DISPLAY_NAME,
  368. &awszCADisplayName);
  370. if ( SUCCEEDED(hResult) && awszCADisplayName && awszCADisplayName[0] )
  371. {
  372. m_CANameList.AddHead (awszCAName[0]);
  374. m_CADisplayNameList.AddHead (awszCADisplayName[0]);
  375. }
  376. }
  378. if ( awszCAName )
  379. {
  380. CAFreeCAProperty(pCAList[nCertContextIndex], awszCAName);
  381. }
  382. if ( awszCADisplayName )
  383. {
  384. CAFreeCAProperty(pCAList[nCertContextIndex], awszCADisplayName);
  385. }
  386. break;
  388. }
  389. }
  390. else
  391. {
  392. DWORD dwErr = GetLastError ();
  393. hResult = HRESULT_FROM_WIN32 (dwErr);
  394. DisplaySystemError (NULL, dwErr);
  395. break;
  396. }
  397. }
  398. }
  399. }
  401. for (UINT nCAListIndex = 0; nCAListIndex < dwCACnt; nCAListIndex++)
  402. {
  403. hResult = ::CACloseCA (pCAList[nCAListIndex]);
  404. ASSERT (SUCCEEDED (hResult));
  406. ::CertFreeCertificateContext (ppCertContext[nCAListIndex]);
  407. }
  408. }
  409. else
  410. {
  411. hResult = E_OUTOFMEMORY;
  412. }
  413. if ( pCAList )
  414. delete [] pCAList;
  415. if ( ppCertContext )
  416. delete [] ppCertContext;
  417. }
  418. }
  420. return hResult;
  421. }
  423. CStringList& CAutoCertRequest::GetCANameList(bool fDisplayName)
  424. {
  425. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  426. BuildCANameList ();
  427. return fDisplayName?m_CADisplayNameList:m_CANameList;
  428. }
  430. HCERTTYPE CAutoCertRequest::GetCertType()
  431. {
  432. ASSERT (CERTMGR_AUTO_CERT_REQUEST == m_objecttype);
  433. if ( !m_hCertType )
  434. {
  435. CString name;
  436. GetCertTypeName (name); // generates m_hCertType
  437. }
  438. return m_hCertType;
  439. }