|
|
#ifndef __CERT_REQUESTER_CONTEXT_H__
#define __CERT_REQUESTER_CONTEXT_H__ 1
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//
// CLASS CertRequesterContext.
//
// The CertRequesterContext class is used to encapsulate any details of the certificate enrollment
// implementation which are dependent upon the context in which the program is running.
// Currently, there are two supported contexts:
//
// 1) LocalContext. This is used when the program runs under the current user's context,
// on the local machine.
//
// 2) KeySvcContext. This is used when some other context must be specified through
// keysvc.
//
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
class CertRequesterContext { public: //-------------------------------------------------------------------------
// Builds a list of the CSPs supported in this context.
// (Different machines may have different CSP lists).
//
// Requires:
// * This CertRequesterContext was created with a valid CERT_WIZARD_INFO pointer.
//
// Modifies:
// * The following fields of the internal CERT_WIZARD_INFO pointer:
// dwCSPCount : contains the number of valid CSPs.
// rgdwProviderType : contains a dwCSPCount-element array of the provider types available.
// This field should be freed with WizardFree().
// rgwszProvider : contains a dwCSPCount-element array of the provider names available.
// This field, and each array element should be freed with WizardFree().
//
// Use GetWizardInfo() to retrieve a pointer to the updated CERT_WIZARD_INFO.
//
// Returns:
// * S_OK if successful, failure code otherwise.
//
//--------------------------------------------------------------------------
virtual HRESULT BuildCSPList() = 0;
//---------------------------------------------------------------------------
// Checks if this context has sufficient access to use the specified cert type
// in enrollment.
//
// Requires:
// * This CertRequesterContext was created with a valid CERT_WIZARD_INFO pointer.
//
// Modifies:
// Nothing
//
// Returns:
// * Returns TRUE if this context has the permission to access the specified cert type.
// Returns FALSE if not, or if an error occurs.
//
//--------------------------------------------------------------------------
virtual BOOL CheckAccessPermission(IN HCERTTYPE hCertType) = 0;
//---------------------------------------------------------------------------
// Checks if this context has sufficient access to use the specified CA in enrollment.
//
// Requires:
// * This CertRequesterContext was created with a valid CERT_WIZARD_INFO pointer.
//
// Modifies:
// Nothing
//
// Returns:
// * Returns TRUE if this context has the permission to access the specified CA.
// Returns FALSE if not, or if an error occurs.
//
//--------------------------------------------------------------------------
virtual BOOL CheckCAPermission(IN HCAINFO hCAInfo) = 0;
//-----------------------------------------------------------------------
// Gets the name of the default CSP on the local machine, based on the provider
// type specified by the internal CERT_WIZARD_INFO pointer.
//
// Requires:
// * This CertRequesterContext was created with a valid CERT_WIZARD_INFO pointer.
//
// Modifies:
// * The following fields of the internal CERT_WIZARD_INFO pointer:
// pwszProvider : contains the name of the default provider, for the specified
// provider type, on this machine. Use WizardFree to free the memory
// associated with this field. HOWEVER, check the out parameter to
// ensure that memory for this field was actually allocated.
//
// Use GetWizardInfo() to retrieve a pointer to the updated CERT_WIZARD_INFO.
//
// Returns:
// S_OK if successful, an error code otherwise.
// If memory was allocated to store the default CSP's name, returns TRUE into
// the OUT parameter, FALSE otherwise.
//
// If the dwProviderType field of the interal wizard pointer is not set, OR
// both the dwProviderType and pwszProvider fields are set, then the function
// does not attempt to find a default CSP, and returns successfully without allocating
// any memory.
//
//------------------------------------------------------------------------
virtual HRESULT GetDefaultCSP(OUT BOOL *pfAllocateCSP) = 0;
//----------------------------------------------------------------------
//
// Enrolls for a certificate, or renews a certificate, based on the
// supplied parameters.
//
// Parameters:
// * pdwStatus : Status of the request. One of the CRYPTUI_WIZ_CERT_REQUEST_STATUS_*
// defines in cryptui.h.
// * pResult : For certificate request creation, returns a pointer to an opaque
// data blob which can be used as a parameter to SubmitRequest().
// Otherwise, returns a PCCERT_CONTEXT representing the
// enrolled/renewed certificate.
//
// Requires:
// Modifies:
// Returns:
// S_OK if the operation completed without an error, returns a standard error
// code otherwise. Note that a return value of S_OK does not
// guarantee that a certificate was issued: check that the pdwStatus parameter.
//
//----------------------------------------------------------------------
virtual HRESULT Enroll(OUT DWORD *pdwStatus, OUT HANDLE *pResult) = 0; //----------------------------------------------------------------------
// Performs context-specific initialization. This should always be called after
// the context is created.
//
// Requires:
// * This CertRequesterContext was created with a valid CERT_WIZARD_INFO pointer.
//
// Modifies:
// Implementation-specific (see implementation documentation).
//
// Returns:
// S_OK if the initialization succeeded.
//
//----------------------------------------------------------------------
virtual HRESULT Initialize() = 0;
virtual HRESULT QueryRequestStatus(IN HANDLE hRequest, OUT CRYPTUI_WIZ_QUERY_CERT_REQUEST_INFO *pQueryInfo) = 0; virtual ~CertRequesterContext();
static HRESULT MakeDefaultCertRequesterContext(OUT CertRequesterContext **ppRequesterContext);
static HRESULT MakeCertRequesterContext(IN LPCWSTR pwszAccountName, IN LPCWSTR pwszMachineName, IN DWORD dwCertOpenStoreFlags, IN CERT_WIZARD_INFO *pCertWizardInfo, OUT CertRequesterContext **ppRequesterContext, OUT UINT *pIDSText);
UINT GetErrorString() { return m_idsText; } CERT_WIZARD_INFO * GetWizardInfo() { return m_pCertWizardInfo; } protected: CertRequesterContext(CERT_WIZARD_INFO * pCertWizardInfo) : m_pCertWizardInfo(pCertWizardInfo) { }
CERT_WIZARD_INFO * m_pCertWizardInfo; UINT m_idsText;
private: CertRequesterContext(); };
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//
// LocalContext.
//
// This class provides an implementation of the CertRequestContext interface
// which runs under the current user's context on the local machine.
//
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
class LocalContext : public CertRequesterContext { friend class CertRequesterContext;
public: //----------------------------------------------------------------------
// See CertRequesterContext::BuildCSPList().
//----------------------------------------------------------------------
virtual HRESULT BuildCSPList();
//----------------------------------------------------------------------
// See CertRequesterContext::CheckAccessPermission(HCERTTYPE).
//----------------------------------------------------------------------
virtual BOOL CheckAccessPermission(HCERTTYPE hCertType);
//----------------------------------------------------------------------
// See CertRequesterContext::BuildCSPList(BOOL *).
//----------------------------------------------------------------------
virtual HRESULT GetDefaultCSP(BOOL *pfAllocateCSP);
//----------------------------------------------------------------------
// See CertRequesterContext::BuildCSPList(HCAINFO).
//----------------------------------------------------------------------
virtual BOOL CheckCAPermission(HCAINFO hCAInfo);
virtual HRESULT Enroll(OUT DWORD *pdwStatus, OUT HANDLE *pResult); virtual HRESULT QueryRequestStatus(IN HANDLE hRequest, OUT CRYPTUI_WIZ_QUERY_CERT_REQUEST_INFO *pQueryInfo);
//----------------------------------------------------------------------
// Always returns S_OK.
//----------------------------------------------------------------------
virtual HRESULT Initialize();
private: HANDLE GetClientIdentity();
LocalContext(); LocalContext(CERT_WIZARD_INFO * pCertWizardInfo) : CertRequesterContext(pCertWizardInfo) { if (NULL != m_pCertWizardInfo) { m_pCertWizardInfo->fLocal = TRUE; } } };
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//
// KeySvcContext.
//
// This class provides an implementation of the CertRequestContext interface
// using key svc.
//
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
class KeySvcContext : public CertRequesterContext { friend class CertRequesterContext; public: //----------------------------------------------------------------------
// See CertRequesterContext::BuildCSPList().
//----------------------------------------------------------------------
virtual HRESULT BuildCSPList();
//----------------------------------------------------------------------
// See CertRequesterContext::CheckAccessPermission(HCERTTYPE).
//----------------------------------------------------------------------
virtual BOOL CheckAccessPermission(HCERTTYPE hCertType);
//----------------------------------------------------------------------
// See CertRequesterContext::BuildCSPList(BOOL *).
//----------------------------------------------------------------------
virtual HRESULT GetDefaultCSP(BOOL *pfAllocateCSP);
//----------------------------------------------------------------------
// See CertRequesterContext::BuildCSPList(HCAINFO).
//----------------------------------------------------------------------
virtual BOOL CheckCAPermission(HCAINFO hCAInfo); virtual HRESULT Enroll(OUT DWORD *pdwStatus, OUT HANDLE *pResult) = 0;
virtual HRESULT QueryRequestStatus(IN HANDLE hRequest, OUT CRYPTUI_WIZ_QUERY_CERT_REQUEST_INFO *pQueryInfo);
//----------------------------------------------------------------------
// Requires:
// * This CertRequesterContext was created with a valid CERT_WIZARD_INFO pointer.
// * This CertRequesterContext has been initialized with a call to Initialize().
//
// Modifies:
// * The following fields of the internal CERT_WIZARD_INFO pointer:
// awszAllowedCertTypes : contains an array of cert types which this context
// has permission to enroll for. This field, and each
// array element, must be freed with WizardFree().
// awszValidCA : contains an array of CAs which this context has
// permission to enroll from. This field, and each array
// element, must be freed with WizardFree().
// Returns:
// S_OK if initialization succeeded, an error code otherwise.
//
//----------------------------------------------------------------------
virtual HRESULT Initialize();
virtual ~KeySvcContext() { // free the list of allowed CertTypes
// These may be allocate by the KeySvcContext's Initialize() method.
if(NULL != m_pCertWizardInfo->awszAllowedCertTypes) { WizardFree(m_pCertWizardInfo->awszAllowedCertTypes); } if(NULL != m_pCertWizardInfo->awszValidCA) { WizardFree(m_pCertWizardInfo->awszValidCA); } }
protected: KeySvcContext(CERT_WIZARD_INFO * pCertWizardInfo) : CertRequesterContext(pCertWizardInfo) { if (NULL != m_pCertWizardInfo) { m_pCertWizardInfo->fLocal = FALSE; m_pCertWizardInfo->awszAllowedCertTypes = NULL; m_pCertWizardInfo->awszValidCA = NULL; } }
HRESULT ToCertContext(IN CERT_BLOB *pPKCS7Blob, IN CERT_BLOB *pHashBlob, OUT DWORD *pdwStatus, OUT PCCERT_CONTEXT *ppCertContext);
private: KeySvcContext();
};
class WhistlerMachineContext : public KeySvcContext { friend class CertRequesterContext;
virtual HRESULT Enroll(OUT DWORD *pdwStatus, OUT HANDLE *ppCertContext);
private: WhistlerMachineContext(CERT_WIZARD_INFO * pCertWizardInfo) : KeySvcContext(pCertWizardInfo) { }
HRESULT CreateRequest(IN KEYSVCC_HANDLE hKeyService, IN LPSTR pszMachineName, IN LPWSTR pwszCALocation, IN LPWSTR pwszCAName, IN PCERT_REQUEST_PVK_NEW pKeyNew, IN CERT_BLOB *pCert, IN PCERT_REQUEST_PVK_NEW pRenewKey, IN LPWSTR pszHashAlg, IN PCERT_ENROLL_INFO pRequestInfo, OUT HANDLE *phRequest);
HRESULT SubmitRequest(IN KEYSVCC_HANDLE hKeyService, IN LPSTR pszMachineName, IN LPWSTR pwszCALocation, IN LPWSTR pwszCAName, IN HANDLE hRequest, OUT PCCERT_CONTEXT *ppCertContext, OUT DWORD *pdwStatus); void FreeRequest(IN KEYSVCC_HANDLE hKeyService, IN LPSTR pszMachineName, IN HANDLE hRequest);
};
#endif // #ifndef __CERT_REQUESTER_CONTEXT_H__
|
