archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/admin/certwiz/certutil.cpp

2133 lines
55 KiB
Raw Normal View History

Add source files
4 years ago
  1. //
  2. // CertUtil.cpp
  3. //
  4. #include "StdAfx.h"
  5. #include "CertUtil.h"
  6. #include "base64.h"
  7. #include <malloc.h>
  8. #include "Certificat.h"
  9. #include <wincrypt.h>
  10. #include "Resource.h"
  11. #include "Shlwapi.h"
  12. #include "CertCA.h"
  13. #include "cryptui.h"
  15. // for certobj object
  16. #include "certobj.h"
  19. #define ISNUM(cChar) ((cChar >= _T('0')) && (cChar <= _T('9'))) ? (TRUE) : (FALSE)
  21. const CLSID CLSID_CCertConfig =
  22. {0x372fce38, 0x4324, 0x11d0, {0x88, 0x10, 0x00, 0xa0, 0xc9, 0x03, 0xb8, 0x3c}};
  24. const GUID IID_ICertConfig =
  25. {0x372fce34, 0x4324, 0x11d0, {0x88, 0x10, 0x00, 0xa0, 0xc9, 0x03, 0xb8, 0x3c}};
  27. #define CRYPTUI_MAX_STRING_SIZE 768
  28. #define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0]))
  30. BOOL
  31. GetOnlineCAList(CStringList& list, const CString& certType, HRESULT * phRes)
  32. {
  33. BOOL bRes = TRUE;
  34. HRESULT hr = S_OK;
  35. DWORD errBefore = GetLastError();
  36. DWORD dwCACount = 0;
  38. HCAINFO hCurCAInfo = NULL;
  39. HCAINFO hPreCAInfo = NULL;
  41. if (certType.IsEmpty())
  42. return FALSE;
  44. *phRes = CAFindByCertType(certType, NULL, 0, &hCurCAInfo);
  45. if (FAILED(*phRes) || NULL == hCurCAInfo)
  46. {
  47. if (S_OK == hr)
  48. hr=E_FAIL;
  49. return FALSE;
  50. }
  52. //get the CA count
  53. if (0 == (dwCACount = CACountCAs(hCurCAInfo)))
  54. {
  55. *phRes = E_FAIL;
  56. return FALSE;
  57. }
  58. WCHAR ** ppwstrName, ** ppwstrMachine;
  59. while (hCurCAInfo)
  60. {
  61. //get the CA information
  62. if ( SUCCEEDED(CAGetCAProperty(hCurCAInfo, CA_PROP_DISPLAY_NAME, &ppwstrName))
  63. && SUCCEEDED(CAGetCAProperty(hCurCAInfo, CA_PROP_DNSNAME, &ppwstrMachine))
  64. )
  65. {
  66. CString config;
  67. config = *ppwstrMachine;
  68. config += L"\\";
  69. config += *ppwstrName;
  70. list.AddTail(config);
  71. CAFreeCAProperty(hCurCAInfo, ppwstrName);
  72. CAFreeCAProperty(hCurCAInfo, ppwstrMachine);
  73. }
  74. else
  75. {
  76. bRes = FALSE;
  77. break;
  78. }
  80. hPreCAInfo = hCurCAInfo;
  81. if (FAILED(*phRes = CAEnumNextCA(hPreCAInfo, &hCurCAInfo)))
  82. {
  83. bRes = FALSE;
  84. break;
  85. }
  86. CACloseCA(hPreCAInfo);
  87. hPreCAInfo = NULL;
  88. }
  90. if (hPreCAInfo)
  91. CACloseCA(hPreCAInfo);
  92. if (hCurCAInfo)
  93. CACloseCA(hCurCAInfo);
  95. SetLastError(errBefore);
  97. return bRes;
  98. }
  100. PCCERT_CONTEXT
  101. GetRequestContext(CCryptBlob& pkcs7, HRESULT * phRes)
  102. {
  103. ASSERT(phRes != NULL);
  104. BOOL bRes = FALSE;
  105. HCERTSTORE hStoreMsg = NULL;
  106. PCCERT_CONTEXT pCertContextMsg = NULL;
  108. if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
  109. (PCERT_BLOB)pkcs7,
  110. (CERT_QUERY_CONTENT_FLAG_CERT |
  111. CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
  112. CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE |
  113. CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED) ,
  114. CERT_QUERY_FORMAT_FLAG_ALL,
  115. 0,
  116. NULL,
  117. NULL,
  118. NULL,
  119. &hStoreMsg,
  120. NULL,
  121. NULL)
  122. || NULL == (pCertContextMsg = CertFindCertificateInStore(
  123. hStoreMsg,
  124. X509_ASN_ENCODING,
  125. 0,
  126. CERT_FIND_ANY,
  127. NULL,
  128. NULL))
  129. )
  130. {
  131. *phRes = HRESULT_FROM_WIN32(GetLastError());
  132. }
  133. return pCertContextMsg;
  134. }
  137. BOOL GetRequestInfoFromPKCS10(CCryptBlob& pkcs10,
  138. PCERT_REQUEST_INFO * pReqInfo,
  139. HRESULT * phRes)
  140. {
  141. ASSERT(pReqInfo != NULL);
  142. ASSERT(phRes != NULL);
  143. BOOL bRes = FALSE;
  144. DWORD req_info_size;
  145. if (!(bRes = CryptDecodeObjectEx(
  146. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  147. X509_CERT_REQUEST_TO_BE_SIGNED,
  148. pkcs10.GetData(),
  149. pkcs10.GetSize(),
  150. CRYPT_DECODE_ALLOC_FLAG,
  151. NULL,
  152. pReqInfo,
  153. &req_info_size)))
  154. {
  155. TRACE(_T("Error from CryptDecodeObjectEx: %xd\n"), GetLastError());
  156. *phRes = HRESULT_FROM_WIN32(GetLastError());
  157. }
  158. return bRes;
  159. }
  161. #if 0
  162. // This function extracts data from pkcs7 format
  163. BOOL GetRequestInfoFromRenewalRequest(CCryptBlob& renewal_req,
  164. PCCERT_CONTEXT * pSignerCert,
  165. HCERTSTORE hStore,
  166. PCERT_REQUEST_INFO * pReqInfo,
  167. HRESULT * phRes)
  168. {
  169. BOOL bRes;
  170. CRYPT_DECRYPT_MESSAGE_PARA decr_para;
  171. CRYPT_VERIFY_MESSAGE_PARA ver_para;
  173. decr_para.cbSize = sizeof(decr_para);
  174. decr_para.dwMsgAndCertEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
  175. decr_para.cCertStore = 1;
  176. decr_para.rghCertStore = &hStore;
  178. ver_para.cbSize = sizeof(ver_para);
  179. ver_para.dwMsgAndCertEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
  180. ver_para.hCryptProv = 0;
  181. ver_para.pfnGetSignerCertificate = NULL;
  182. ver_para.pvGetArg = NULL;
  184. DWORD dwMsgType;
  185. DWORD dwInnerContentType;
  186. DWORD cbDecoded;
  188. if (bRes = CryptDecodeMessage(
  189. CMSG_SIGNED_FLAG,
  190. &decr_para,
  191. &ver_para,
  192. 0,
  193. renewal_req.GetData(),
  194. renewal_req.GetSize(),
  195. 0,
  196. &dwMsgType,
  197. &dwInnerContentType,
  198. NULL,
  199. &cbDecoded,
  200. NULL,
  201. pSignerCert))
  202. {
  203. CCryptBlobLocal decoded_req;
  204. decoded_req.Resize(cbDecoded);
  205. if (bRes = CryptDecodeMessage(
  206. CMSG_SIGNED_FLAG,
  207. &decr_para,
  208. &ver_para,
  209. 0,
  210. renewal_req.GetData(),
  211. renewal_req.GetSize(),
  212. 0,
  213. &dwMsgType,
  214. &dwInnerContentType,
  215. decoded_req.GetData(),
  216. &cbDecoded,
  217. NULL,
  218. pSignerCert))
  219. {
  220. bRes = GetRequestInfoFromPKCS10(decoded_req,
  221. pReqInfo, phRes);
  222. }
  223. }
  224. if (!bRes)
  225. {
  226. *phRes = HRESULT_FROM_WIN32(GetLastError());
  227. }
  228. return bRes;
  229. }
  230. #endif
  232. HCERTSTORE
  233. OpenRequestStore(IEnroll * pEnroll, HRESULT * phResult)
  234. {
  235. ASSERT(NULL != phResult);
  236. HCERTSTORE hStore = NULL;
  237. WCHAR * bstrStoreName, * bstrStoreType;
  238. long dwStoreFlags;
  239. VERIFY(SUCCEEDED(pEnroll->get_RequestStoreNameWStr(&bstrStoreName)));
  240. VERIFY(SUCCEEDED(pEnroll->get_RequestStoreTypeWStr(&bstrStoreType)));
  241. VERIFY(SUCCEEDED(pEnroll->get_RequestStoreFlags(&dwStoreFlags)));
  242. size_t store_type_len = _tcslen(bstrStoreType);
  243. char * szStoreProvider = (char *)_alloca(store_type_len + 1);
  244. ASSERT(szStoreProvider != NULL);
  245. size_t n = wcstombs(szStoreProvider, bstrStoreType, store_type_len);
  246. szStoreProvider[n] = '\0';
  247. hStore = CertOpenStore(
  248. szStoreProvider,
  249. PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
  250. NULL,
  251. dwStoreFlags,
  252. bstrStoreName
  253. );
  254. CoTaskMemFree(bstrStoreName);
  255. CoTaskMemFree(bstrStoreType);
  256. if (hStore == NULL)
  257. *phResult = HRESULT_FROM_WIN32(GetLastError());
  258. return hStore;
  259. }
  261. HCERTSTORE
  262. OpenMyStore(IEnroll * pEnroll, HRESULT * phResult)
  263. {
  264. ASSERT(NULL != phResult);
  265. HCERTSTORE hStore = NULL;
  266. BSTR bstrStoreName, bstrStoreType;
  267. long dwStoreFlags;
  268. VERIFY(SUCCEEDED(pEnroll->get_MyStoreNameWStr(&bstrStoreName)));
  269. VERIFY(SUCCEEDED(pEnroll->get_MyStoreTypeWStr(&bstrStoreType)));
  270. VERIFY(SUCCEEDED(pEnroll->get_MyStoreFlags(&dwStoreFlags)));
  271. size_t store_type_len = _tcslen(bstrStoreType);
  272. char * szStoreProvider = (char *)_alloca(store_type_len + 1);
  273. ASSERT(szStoreProvider != NULL);
  274. size_t n = wcstombs(szStoreProvider, bstrStoreType, store_type_len);
  275. ASSERT(n != -1);
  276. // this converter doesn't set zero byte!!!
  277. szStoreProvider[n] = '\0';
  278. hStore = CertOpenStore(
  279. szStoreProvider,
  280. PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
  281. NULL,
  282. dwStoreFlags,
  283. bstrStoreName
  284. );
  285. CoTaskMemFree(bstrStoreName);
  286. CoTaskMemFree(bstrStoreType);
  287. if (hStore == NULL)
  288. *phResult = HRESULT_FROM_WIN32(GetLastError());
  289. return hStore;
  290. }
  292. BOOL
  293. GetStringProperty(PCCERT_CONTEXT pCertContext,
  294. DWORD propId,
  295. CString& str,
  296. HRESULT * phRes)
  297. {
  298. BOOL bRes = FALSE;
  299. DWORD cb;
  300. BYTE * prop;
  301. // compare property value
  302. if ( CertGetCertificateContextProperty(pCertContext, propId, NULL, &cb)
  303. && (NULL != (prop = (BYTE *)_alloca(cb)))
  304. && CertGetCertificateContextProperty(pCertContext, propId, prop, &cb)
  305. )
  306. {
  307. // decode this instance name property
  308. DWORD cbData = 0;
  309. void * pData = NULL;
  310. if ( CryptDecodeObject(CRYPT_ASN_ENCODING, X509_UNICODE_ANY_STRING,
  311. prop, cb, 0, NULL, &cbData)
  312. && NULL != (pData = _alloca(cbData))
  313. && CryptDecodeObject(CRYPT_ASN_ENCODING, X509_UNICODE_ANY_STRING,
  314. prop, cb, 0, pData, &cbData)
  315. )
  316. {
  317. CERT_NAME_VALUE * pName = (CERT_NAME_VALUE *)pData;
  318. DWORD cch = pName->Value.cbData/sizeof(TCHAR);
  319. void * p = str.GetBuffer(cch);
  320. memcpy(p, pName->Value.pbData, pName->Value.cbData);
  321. str.ReleaseBuffer(cch);
  322. bRes = TRUE;
  323. }
  324. }
  325. if (!bRes)
  326. *phRes = HRESULT_FROM_WIN32(GetLastError());
  327. return bRes;
  328. }
  330. BOOL
  331. GetBlobProperty(PCCERT_CONTEXT pCertContext,
  332. DWORD propId,
  333. CCryptBlob& blob,
  334. HRESULT * phRes)
  335. {
  336. BOOL bRes = FALSE;
  337. DWORD cb;
  338. // compare property value
  339. if ( CertGetCertificateContextProperty(pCertContext, propId, NULL, &cb)
  340. && blob.Resize(cb)
  341. && CertGetCertificateContextProperty(pCertContext, propId, blob.GetData(), &cb)
  342. )
  343. {
  344. bRes = TRUE;
  345. }
  346. if (!bRes)
  347. *phRes = HRESULT_FROM_WIN32(GetLastError());
  348. return bRes;
  349. }
  351. PCCERT_CONTEXT
  352. GetPendingDummyCert(const CString& inst_name,
  353. IEnroll * pEnroll,
  354. HRESULT * phRes)
  355. {
  356. PCCERT_CONTEXT pRes = NULL;
  357. HCERTSTORE hStore = OpenRequestStore(pEnroll, phRes);
  358. if (hStore != NULL)
  359. {
  360. DWORD dwPropId = CERTWIZ_INSTANCE_NAME_PROP_ID;
  361. PCCERT_CONTEXT pDummyCert = NULL;
  362. while (NULL != (pDummyCert = CertFindCertificateInStore(hStore,
  363. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  364. 0, CERT_FIND_PROPERTY,
  365. (LPVOID)&dwPropId, pDummyCert)))
  366. {
  367. CString str;
  368. if (GetStringProperty(pDummyCert, dwPropId, str, phRes))
  369. {
  370. if (str.CompareNoCase(inst_name) == 0)
  371. {
  372. pRes = pDummyCert;
  373. break;
  374. }
  375. }
  376. }
  377. CertCloseStore(hStore, CERT_CLOSE_STORE_CHECK_FLAG);
  378. }
  379. return pRes;
  380. }
  382. PCCERT_CONTEXT
  383. GetReqCertByKey(IEnroll * pEnroll, CERT_PUBLIC_KEY_INFO * pKeyInfo, HRESULT * phResult)
  384. {
  385. PCCERT_CONTEXT pRes = NULL;
  386. HCERTSTORE hStore = OpenRequestStore(pEnroll, phResult);
  387. if (hStore != NULL)
  388. {
  389. if (NULL != (pRes = CertFindCertificateInStore(hStore,
  390. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  391. 0, CERT_FIND_PUBLIC_KEY, (LPVOID)pKeyInfo, NULL)))
  392. {
  393. *phResult = S_OK;
  394. }
  395. VERIFY(SUCCEEDED(CertCloseStore(hStore, CERT_CLOSE_STORE_CHECK_FLAG)));
  396. }
  397. return pRes;
  398. }
  400. #define CERT_QUERY_CONTENT_FLAGS\
  401. CERT_QUERY_CONTENT_FLAG_CERT\
  402. |CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED\
  403. |CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE\
  404. |CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
  406. PCCERT_CONTEXT
  407. GetCertContextFromPKCS7File(const CString& resp_file_name,
  408. CERT_PUBLIC_KEY_INFO * pKeyInfo,
  409. HRESULT * phResult)
  410. {
  411. ASSERT(phResult != NULL);
  412. PCCERT_CONTEXT pRes = NULL;
  413. HANDLE hFile;
  415. if (INVALID_HANDLE_VALUE != (hFile = CreateFile(resp_file_name,
  416. GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING,
  417. FILE_ATTRIBUTE_NORMAL, NULL)))
  418. {
  419. // find the length of the buffer
  420. DWORD cbData = GetFileSize(hFile, NULL);
  421. BYTE * pbData;
  422. // alloc temp buffer
  423. if ((pbData = (BYTE *)_alloca(cbData)) != NULL)
  424. {
  425. DWORD cb = 0;
  426. if (ReadFile(hFile, pbData, cbData, &cb, NULL))
  427. {
  428. ASSERT(cb == cbData);
  429. pRes = GetCertContextFromPKCS7(pbData, cb, pKeyInfo, phResult);
  430. }
  431. else
  432. *phResult = HRESULT_FROM_WIN32(GetLastError());
  433. }
  434. CloseHandle(hFile);
  435. }
  436. else
  437. *phResult = HRESULT_FROM_WIN32(GetLastError());
  438. return pRes;
  439. }
  441. PCCERT_CONTEXT
  442. GetCertContextFromPKCS7(const BYTE * pbData,
  443. DWORD cbData,
  444. CERT_PUBLIC_KEY_INFO * pKeyInfo,
  445. HRESULT * phResult)
  446. {
  447. ASSERT(phResult != NULL);
  448. PCCERT_CONTEXT pRes = NULL;
  449. CRYPT_DATA_BLOB blob;
  450. memset(&blob, 0, sizeof(CRYPT_DATA_BLOB));
  451. blob.cbData = cbData;
  452. blob.pbData = (BYTE *)pbData;
  454. HCERTSTORE hStoreMsg = NULL;
  456. if(CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
  457. &blob,
  458. (CERT_QUERY_CONTENT_FLAG_CERT |
  459. CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
  460. CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE |
  461. CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED) ,
  462. CERT_QUERY_FORMAT_FLAG_ALL,
  463. 0,
  464. NULL,
  465. NULL,
  466. NULL,
  467. &hStoreMsg,
  468. NULL,
  469. NULL))
  470. {
  471. if (pKeyInfo != NULL)
  472. pRes = CertFindCertificateInStore(hStoreMsg,
  473. X509_ASN_ENCODING,
  474. 0,
  475. CERT_FIND_PUBLIC_KEY,
  476. pKeyInfo,
  477. NULL);
  478. else
  479. pRes = CertFindCertificateInStore(hStoreMsg,
  480. X509_ASN_ENCODING,
  481. 0,
  482. CERT_FIND_ANY,
  483. NULL,
  484. NULL);
  485. if (pRes == NULL)
  486. *phResult = HRESULT_FROM_WIN32(GetLastError());
  487. CertCloseStore(hStoreMsg, CERT_CLOSE_STORE_CHECK_FLAG);
  488. }
  489. else
  490. *phResult = HRESULT_FROM_WIN32(GetLastError());
  491. return pRes;
  492. }
  494. BOOL
  495. FormatDateString(CString& str, FILETIME ft, BOOL fIncludeTime, BOOL fLongFormat)
  496. {
  497. int cch;
  498. int cch2;
  499. LPWSTR psz;
  500. SYSTEMTIME st;
  501. FILETIME localTime;
  503. if (!FileTimeToLocalFileTime(&ft, &localTime))
  504. {
  505. return FALSE;
  506. }
  508. if (!FileTimeToSystemTime(&localTime, &st))
  509. {
  510. //
  511. // if the conversion to local time failed, then just use the original time
  512. //
  513. if (!FileTimeToSystemTime(&ft, &st))
  514. {
  515. return FALSE;
  516. }
  517. }
  519. cch = (GetTimeFormat(LOCALE_SYSTEM_DEFAULT, 0, &st, NULL, NULL, 0) +
  520. GetDateFormat(LOCALE_SYSTEM_DEFAULT, fLongFormat ? DATE_LONGDATE : 0, &st, NULL, NULL, 0) + 5);
  522. if (NULL == (psz = str.GetBuffer((cch+5) * sizeof(WCHAR))))
  523. {
  524. return FALSE;
  525. }
  527. cch2 = GetDateFormat(LOCALE_SYSTEM_DEFAULT, fLongFormat ? DATE_LONGDATE : 0, &st, NULL, psz, cch);
  529. if (fIncludeTime)
  530. {
  531. psz[cch2-1] = ' ';
  532. GetTimeFormat(LOCALE_SYSTEM_DEFAULT, TIME_NOSECONDS, &st, NULL, &psz[cch2], cch-cch2);
  533. }
  534. str.ReleaseBuffer();
  535. return TRUE;
  536. }
  538. BOOL MyGetOIDInfo(LPWSTR string, DWORD stringSize, LPSTR pszObjId)
  539. {
  540. PCCRYPT_OID_INFO pOIDInfo;
  542. if (NULL != (pOIDInfo = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY, pszObjId, 0)))
  543. {
  544. if ((DWORD)wcslen(pOIDInfo->pwszName)+1 <= stringSize)
  545. {
  546. wcscpy(string, pOIDInfo->pwszName);
  547. }
  548. else
  549. {
  550. return FALSE;
  551. }
  552. }
  553. else
  554. {
  555. return (MultiByteToWideChar(CP_ACP, 0, pszObjId, -1, string, stringSize) != 0);
  556. }
  557. return TRUE;
  558. }
  560. BOOL
  561. GetKeyUsageProperty(PCCERT_CONTEXT pCertContext,
  562. CERT_ENHKEY_USAGE ** pKeyUsage,
  563. BOOL fPropertiesOnly,
  564. HRESULT * phRes)
  565. {
  566. DWORD cb = 0;
  567. BOOL bRes = FALSE;
  568. if (!CertGetEnhancedKeyUsage(pCertContext,
  569. fPropertiesOnly ? CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG : 0,
  570. NULL,
  571. &cb))
  572. {
  573. *phRes = HRESULT_FROM_WIN32(GetLastError());
  574. goto ErrExit;
  575. }
  576. if (NULL == (*pKeyUsage = (CERT_ENHKEY_USAGE *)malloc(cb)))
  577. {
  578. *phRes = E_OUTOFMEMORY;
  579. goto ErrExit;
  580. }
  581. if (!CertGetEnhancedKeyUsage (pCertContext,
  582. fPropertiesOnly ? CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG : 0,
  583. *pKeyUsage,
  584. &cb))
  585. {
  586. free(*pKeyUsage);
  587. *phRes = HRESULT_FROM_WIN32(GetLastError());
  588. goto ErrExit;
  589. }
  590. *phRes = S_OK;
  591. bRes = TRUE;
  592. ErrExit:
  593. return bRes;
  594. }
  596. BOOL
  597. GetFriendlyName(PCCERT_CONTEXT pCertContext,
  598. CString& name,
  599. HRESULT * phRes)
  600. {
  601. BOOL bRes = FALSE;
  602. DWORD cb;
  603. BYTE * pName = NULL;
  605. if ( CertGetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, NULL, &cb)
  606. && NULL != (pName = (BYTE *)name.GetBuffer((cb + 1)/sizeof(TCHAR)))
  607. && CertGetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, pName, &cb)
  608. )
  609. {
  610. pName[cb] = 0;
  611. bRes = TRUE;
  612. }
  613. else
  614. {
  615. *phRes = HRESULT_FROM_WIN32(GetLastError());
  616. }
  617. if (pName != NULL && name.IsEmpty())
  618. {
  619. name.ReleaseBuffer();
  620. }
  621. return bRes;
  622. }
  624. BOOL
  625. GetNameString(PCCERT_CONTEXT pCertContext,
  626. DWORD type,
  627. DWORD flag,
  628. CString& name,
  629. HRESULT * phRes)
  630. {
  631. BOOL bRes = FALSE;
  632. LPTSTR pName;
  633. DWORD cchName = CertGetNameString(pCertContext, type, flag, NULL, NULL, 0);
  634. if (cchName > 1 && (NULL != (pName = name.GetBuffer(cchName))))
  635. {
  636. bRes = (1 != CertGetNameString(pCertContext, type, flag, NULL, pName, cchName));
  637. name.ReleaseBuffer();
  638. }
  639. else
  640. {
  641. *phRes = HRESULT_FROM_WIN32(GetLastError());
  642. }
  643. return bRes;
  644. }
  646. BOOL
  647. ContainsKeyUsageProperty(PCCERT_CONTEXT pCertContext,
  648. CArray<LPCSTR, LPCSTR>& uses,
  649. HRESULT * phRes
  650. )
  651. {
  652. BOOL bRes = FALSE;
  653. CERT_ENHKEY_USAGE * pKeyUsage = NULL;
  654. if ( uses.GetSize() > 0
  655. && GetKeyUsageProperty(pCertContext, &pKeyUsage, FALSE, phRes)
  656. )
  657. {
  658. if (pKeyUsage->cUsageIdentifier == 0)
  659. {
  660. bRes = FALSE;
  661. }
  662. else
  663. {
  664. for (DWORD i = 0; i < pKeyUsage->cUsageIdentifier; i++)
  665. {
  666. // Our friends from CAPI made this property ASCII even for
  667. // UNICODE program
  668. for (int n = 0; n < uses.GetSize(); n++)
  669. {
  670. if (strstr(pKeyUsage->rgpszUsageIdentifier[i], uses[n]) != NULL)
  671. {
  672. bRes = TRUE;
  673. break;
  674. }
  675. }
  676. }
  677. }
  678. free(pKeyUsage);
  679. }
  680. return bRes;
  681. }
  683. BOOL
  684. FormatEnhancedKeyUsageString(CString& str,
  685. PCCERT_CONTEXT pCertContext,
  686. BOOL fPropertiesOnly,
  687. BOOL fMultiline,
  688. HRESULT * phRes)
  689. {
  690. CERT_ENHKEY_USAGE * pKeyUsage = NULL;
  691. WCHAR szText[CRYPTUI_MAX_STRING_SIZE];
  692. BOOL bRes = FALSE;
  694. if (GetKeyUsageProperty(pCertContext, &pKeyUsage, fPropertiesOnly, phRes))
  695. {
  696. // loop for each usage and add it to the display string
  697. for (DWORD i = 0; i < pKeyUsage->cUsageIdentifier; i++)
  698. {
  699. if (!(bRes = MyGetOIDInfo(szText, ARRAYSIZE(szText), pKeyUsage->rgpszUsageIdentifier[i])))
  700. break;
  701. // add delimeter if not first iteration
  702. if (i != 0)
  703. {
  704. str += fMultiline ? L"\n" : L", ";
  705. }
  706. // add the enhanced key usage string
  707. str += szText;
  708. }
  709. free (pKeyUsage);
  710. }
  711. else
  712. {
  713. str.LoadString(IDS_ANY);
  714. bRes = TRUE;
  715. }
  716. return bRes;
  717. }
  719. BOOL
  720. GetServerComment(const CString& machine_name,
  721. const CString& server_name,
  722. CString& comment,
  723. HRESULT * phResult)
  724. {
  725. ASSERT(!machine_name.IsEmpty());
  726. ASSERT(!server_name.IsEmpty());
  727. *phResult = S_OK;
  728. CComAuthInfo auth(machine_name);
  729. CMetaKey key(&auth,
  730. server_name,
  731. METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE
  732. );
  733. if (key.Succeeded())
  734. {
  735. return SUCCEEDED(*phResult = key.QueryValue(MD_SERVER_COMMENT, comment));
  736. }
  737. else
  738. {
  739. *phResult = key.QueryResult();
  740. return FALSE;
  741. }
  742. }
  744. /*
  745. GetInstalledCert
  747. Function reads cert hash attribute from metabase
  748. using machine_name and server name as server instance
  749. description, then looks in MY store for a certificate
  750. with hash equal found in metabase.
  751. Return is cert context pointer or NULL, if cert wasn't
  752. found or certificate store wasn't opened.
  753. On return HRESULT * is filled by error code.
  754. */
  755. PCCERT_CONTEXT
  756. GetInstalledCert(const CString& machine_name,
  757. const CString& server_name,
  758. IEnroll * pEnroll,
  759. HRESULT * phResult)
  760. {
  761. ASSERT(pEnroll != NULL);
  762. ASSERT(phResult != NULL);
  763. ASSERT(!machine_name.IsEmpty());
  764. ASSERT(!server_name.IsEmpty());
  765. PCCERT_CONTEXT pCert = NULL;
  766. *phResult = S_OK;
  767. CComAuthInfo auth(machine_name);
  768. CMetaKey key(&auth, server_name,
  769. METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE
  770. );
  771. if (key.Succeeded())
  772. {
  773. CString store_name;
  774. CBlob hash;
  775. if ( SUCCEEDED(*phResult = key.QueryValue(MD_SSL_CERT_STORE_NAME, store_name))
  776. && SUCCEEDED(*phResult = key.QueryValue(MD_SSL_CERT_HASH, hash))
  777. )
  778. {
  779. // Open MY store. We assume that store type and flags
  780. // cannot be changed between installation and unistallation
  781. // of the sertificate.
  782. HCERTSTORE hStore = OpenMyStore(pEnroll, phResult);
  783. ASSERT(hStore != NULL);
  784. if (hStore != NULL)
  785. {
  786. // Now we need to find cert by hash
  787. CRYPT_HASH_BLOB crypt_hash;
  788. crypt_hash.cbData = hash.GetSize();
  789. crypt_hash.pbData = hash.GetData();
  790. pCert = CertFindCertificateInStore(hStore,
  791. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  792. 0, CERT_FIND_HASH, (LPVOID)&crypt_hash, NULL);
  793. if (pCert == NULL)
  794. *phResult = HRESULT_FROM_WIN32(GetLastError());
  795. VERIFY(CertCloseStore(hStore, 0));
  796. }
  797. }
  798. }
  799. else
  800. *phResult = key.QueryResult();
  801. return pCert;
  802. }
  805. /*
  806. GetInstalledCert
  808. Function reads cert hash attribute from metabase
  809. using machine_name and server name as server instance
  810. description, then looks in MY store for a certificate
  811. with hash equal found in metabase.
  812. Return is cert context pointer or NULL, if cert wasn't
  813. found or certificate store wasn't opened.
  814. On return HRESULT * is filled by error code.
  815. */
  816. CRYPT_HASH_BLOB *
  817. GetInstalledCertHash(const CString& machine_name,
  818. const CString& server_name,
  819. IEnroll * pEnroll,
  820. HRESULT * phResult)
  821. {
  822. ASSERT(pEnroll != NULL);
  823. ASSERT(phResult != NULL);
  824. ASSERT(!machine_name.IsEmpty());
  825. ASSERT(!server_name.IsEmpty());
  826. CRYPT_HASH_BLOB * pHashBlob = NULL;
  827. *phResult = S_OK;
  828. CComAuthInfo auth(machine_name);
  829. CMetaKey key(&auth, server_name,
  830. METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE
  831. );
  832. if (key.Succeeded())
  833. {
  834. CString store_name;
  835. CBlob hash;
  836. if ( SUCCEEDED(*phResult = key.QueryValue(MD_SSL_CERT_STORE_NAME, store_name))
  837. && SUCCEEDED(*phResult = key.QueryValue(MD_SSL_CERT_HASH, hash))
  838. )
  839. {
  840. pHashBlob = new CRYPT_HASH_BLOB;
  841. if (pHashBlob)
  842. {
  843. pHashBlob->cbData = hash.GetSize();
  844. pHashBlob->pbData = (BYTE *) ::CoTaskMemAlloc(pHashBlob->cbData);
  845. if (pHashBlob->pbData)
  846. {
  847. memcpy(pHashBlob->pbData,hash.GetData(),pHashBlob->cbData);
  848. }
  849. }
  850. }
  851. }
  852. else
  853. {
  854. *phResult = key.QueryResult();
  855. }
  856. return pHashBlob;
  857. }
  860. /*
  861. InstallHashToMetabase
  863. Function writes hash array to metabase. After that IIS
  864. could use certificate with that hash from MY store.
  865. Function expects server_name in format lm\w3svc\<number>,
  866. i.e. from root node down to virtual server
  868. */
  869. BOOL
  870. InstallHashToMetabase(CRYPT_HASH_BLOB * pHash,
  871. const CString& machine_name,
  872. const CString& server_name,
  873. HRESULT * phResult)
  874. {
  875. BOOL bRes = FALSE;
  876. CComAuthInfo auth(machine_name);
  877. CMetaKey key(&auth, server_name,
  878. METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE
  879. );
  880. if (key.Succeeded())
  881. {
  882. CBlob blob;
  883. blob.SetValue(pHash->cbData, pHash->pbData, TRUE);
  884. bRes = SUCCEEDED(*phResult = key.SetValue(MD_SSL_CERT_HASH, blob))
  885. && SUCCEEDED(*phResult = key.SetValue(MD_SSL_CERT_STORE_NAME, CString(L"MY")));
  886. }
  887. else
  888. {
  889. TRACE(_T("Failed to open metabase key. Error 0x%x\n"), key.QueryResult());
  890. *phResult = key.QueryResult();
  891. }
  892. return bRes;
  893. }
  895. /*
  896. InstallCertByHash
  898. Function looks in MY store for certificate which has hash
  899. equal to pHash parameter. If cert is found, it is installed
  900. to metabase.
  901. This function is used after xenroll accept() method, which
  902. puts certificate to store
  904. */
  905. BOOL
  906. InstallCertByHash(CRYPT_HASH_BLOB * pHash,
  907. const CString& machine_name,
  908. const CString& server_name,
  909. IEnroll * pEnroll,
  910. HRESULT * phResult)
  912. {
  913. BOOL bRes = FALSE;
  914. // we are looking to MY store only
  915. HCERTSTORE hStore = OpenMyStore(pEnroll, phResult);
  916. if (hStore != NULL)
  917. {
  918. PCCERT_CONTEXT pCert = CertFindCertificateInStore(hStore,
  919. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  920. 0, CERT_FIND_HASH, (LPVOID)pHash, NULL);
  921. // now install cert info to IIS MetaBase
  922. if (pCert != NULL)
  923. {
  924. bRes = InstallHashToMetabase(pHash,
  925. machine_name, server_name, phResult);
  926. CertFreeCertificateContext(pCert);
  927. }
  928. else
  929. {
  930. TRACE(_T("FAILED: certificate installation, error 0x%x\n"), GetLastError());
  931. // We definitely need to store the hash of the cert, so error out
  932. *phResult = HRESULT_FROM_WIN32(GetLastError());
  933. }
  934. VERIFY(CertCloseStore(hStore, 0));
  935. }
  936. return bRes;
  937. }
  939. HRESULT
  940. CreateRequest_Base64(const BSTR bstr_dn,
  941. IEnroll * pEnroll,
  942. BSTR csp_name,
  943. DWORD csp_type,
  944. BSTR * pOut)
  945. {
  946. ASSERT(pOut != NULL);
  947. ASSERT(bstr_dn != NULL);
  948. HRESULT hRes = S_OK;
  949. CString strUsage(szOID_PKIX_KP_SERVER_AUTH);
  950. CRYPT_DATA_BLOB request = {0, NULL};
  951. pEnroll->put_ProviderType(csp_type);
  952. pEnroll->put_ProviderNameWStr(csp_name);
  953. if (SUCCEEDED(hRes = pEnroll->createPKCS10WStr(
  954. bstr_dn,
  955. (LPTSTR)(LPCTSTR)strUsage,
  956. &request)))
  957. {
  958. WCHAR * wszRequestB64 = NULL;
  959. DWORD cch = 0;
  960. DWORD err = ERROR_SUCCESS;
  961. // BASE64 encode pkcs 10
  962. if ( (err = Base64EncodeW(request.pbData, request.cbData, NULL, &cch)) == ERROR_SUCCESS
  963. && (wszRequestB64 = (WCHAR *)_alloca(cch * sizeof(WCHAR))) != NULL
  964. && (err = Base64EncodeW(request.pbData, request.cbData, wszRequestB64, &cch)) == ERROR_SUCCESS
  965. )
  966. {
  967. if ((*pOut = SysAllocStringLen(wszRequestB64, cch)) == NULL )
  968. {
  969. hRes = HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY);
  970. }
  971. }
  972. else
  973. hRes = HRESULT_FROM_WIN32(err);
  974. if (request.pbData != NULL)
  975. CoTaskMemFree(request.pbData);
  976. }
  977. return hRes;
  978. }
  980. BOOL
  981. AttachFriendlyName(PCCERT_CONTEXT pContext,
  982. const CString& name,
  983. HRESULT * phRes)
  984. {
  985. IISDebugOutput(_T("AttachFriendlyName:name=%s,start\n"),name);
  987. BOOL bRes = TRUE;
  988. CRYPT_DATA_BLOB blob_name;
  989. blob_name.pbData = (LPBYTE)(LPCTSTR)name;
  990. blob_name.cbData = (name.GetLength() + 1) * sizeof(WCHAR);
  991. if (!(bRes = CertSetCertificateContextProperty(pContext,
  992. CERT_FRIENDLY_NAME_PROP_ID, 0, &blob_name)))
  993. {
  994. ASSERT(phRes != NULL);
  995. *phRes = HRESULT_FROM_WIN32(GetLastError());
  996. }
  997. else
  998. {
  999. IISDebugOutput(_T("AttachFriendlyName:name=%s,SUCCESS\n"),name);
  1000. }
  1001. IISDebugOutput(_T("AttachFriendlyName:name=%s,end\n"),name);
  1002. return bRes;
  1003. }
  1005. BOOL GetHashProperty(PCCERT_CONTEXT pCertContext,
  1006. CCryptBlob& blob,
  1007. HRESULT * phRes)
  1008. {
  1009. DWORD cb;
  1010. if (CertGetCertificateContextProperty(pCertContext, CERT_SHA1_HASH_PROP_ID, NULL, &cb))
  1011. {
  1012. if (blob.Resize(cb))
  1013. {
  1014. if (CertGetCertificateContextProperty(pCertContext,
  1015. CERT_SHA1_HASH_PROP_ID, blob.GetData(), &cb))
  1016. return TRUE;
  1017. }
  1018. }
  1019. *phRes = HRESULT_FROM_WIN32(GetLastError());
  1020. return FALSE;
  1021. }
  1023. BOOL
  1024. EncodeString(CString& str,
  1025. CCryptBlob& blob,
  1026. HRESULT * phRes)
  1027. {
  1028. BOOL bRes = FALSE;
  1029. DWORD cb;
  1030. CERT_NAME_VALUE name_value;
  1031. name_value.dwValueType = CERT_RDN_BMP_STRING;
  1032. name_value.Value.cbData = 0;
  1033. name_value.Value.pbData = (LPBYTE)(LPCTSTR)str;
  1034. if ( CryptEncodeObject(CRYPT_ASN_ENCODING, X509_UNICODE_ANY_STRING,
  1035. &name_value, NULL, &cb)
  1036. && blob.Resize(cb)
  1037. && CryptEncodeObject(CRYPT_ASN_ENCODING, X509_UNICODE_ANY_STRING,
  1038. &name_value, blob.GetData(), &cb)
  1039. )
  1040. {
  1041. bRes = TRUE;
  1042. }
  1043. else
  1044. *phRes = HRESULT_FROM_WIN32(GetLastError());
  1045. return bRes;
  1046. }
  1048. #define CERTWIZ_RENEWAL_DATA ((LPCSTR)1000)
  1050. BOOL
  1051. EncodeBlob(CCryptBlob& in,
  1052. CCryptBlob& out,
  1053. HRESULT * phRes)
  1054. {
  1055. BOOL bRes = FALSE;
  1056. DWORD cb;
  1057. if ( CryptEncodeObject(CRYPT_ASN_ENCODING, CERTWIZ_RENEWAL_DATA, in, NULL, &cb)
  1058. && out.Resize(cb)
  1059. && CryptEncodeObject(CRYPT_ASN_ENCODING, CERTWIZ_RENEWAL_DATA, in, out.GetData(), &cb)
  1060. )
  1061. {
  1062. bRes = TRUE;
  1063. }
  1064. else
  1065. *phRes = HRESULT_FROM_WIN32(GetLastError());
  1066. return bRes;
  1067. }
  1069. BOOL
  1070. DecodeBlob(CCryptBlob& in,
  1071. CCryptBlob& out,
  1072. HRESULT * phRes)
  1073. {
  1074. BOOL bRes = FALSE;
  1075. DWORD cb;
  1076. if ( CryptDecodeObject(CRYPT_ASN_ENCODING, CERTWIZ_RENEWAL_DATA,
  1077. in.GetData(),
  1078. in.GetSize(),
  1079. 0,
  1080. NULL, &cb)
  1081. && out.Resize(cb)
  1082. && CryptDecodeObject(CRYPT_ASN_ENCODING, CERTWIZ_RENEWAL_DATA,
  1083. in.GetData(),
  1084. in.GetSize(),
  1085. 0,
  1086. out.GetData(),
  1087. &cb)
  1088. )
  1089. {
  1090. bRes = TRUE;
  1091. }
  1092. else
  1093. *phRes = HRESULT_FROM_WIN32(GetLastError());
  1094. return bRes;
  1095. }
  1097. BOOL
  1098. EncodeInteger(int number,
  1099. CCryptBlob& blob,
  1100. HRESULT * phRes)
  1101. {
  1102. BOOL bRes = FALSE;
  1103. DWORD cb;
  1104. if ( CryptEncodeObject(CRYPT_ASN_ENCODING, X509_INTEGER,
  1105. &number, NULL, &cb)
  1106. && blob.Resize(cb)
  1107. && CryptEncodeObject(CRYPT_ASN_ENCODING, X509_INTEGER,
  1108. &number, blob.GetData(), &cb)
  1109. )
  1110. {
  1111. bRes = TRUE;
  1112. }
  1113. else
  1114. *phRes = HRESULT_FROM_WIN32(GetLastError());
  1115. return bRes;
  1116. }
  1118. const WCHAR RgwchHex[] = {'0', '1', '2', '3', '4', '5', '6', '7',
  1119. '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
  1121. static BOOL
  1122. FormatMemBufToString(CString& str, LPBYTE pbData, DWORD cbData)
  1123. {
  1124. DWORD i = 0;
  1125. LPBYTE pb;
  1126. DWORD numCharsInserted = 0;
  1127. LPTSTR pString;
  1129. //
  1130. // calculate the size needed
  1131. //
  1132. pb = pbData;
  1133. while (pb <= &(pbData[cbData-1]))
  1134. {
  1135. if (numCharsInserted == 4)
  1136. {
  1137. i += sizeof(WCHAR);
  1138. numCharsInserted = 0;
  1139. }
  1140. else
  1141. {
  1142. i += 2 * sizeof(WCHAR);
  1143. pb++;
  1144. numCharsInserted += 2;
  1145. }
  1146. }
  1148. if (NULL == (pString = str.GetBuffer(i)))
  1149. {
  1150. return FALSE;
  1151. }
  1153. //
  1154. // copy to the buffer
  1155. //
  1156. i = 0;
  1157. numCharsInserted = 0;
  1158. pb = pbData;
  1159. while (pb <= &(pbData[cbData-1]))
  1160. {
  1161. if (numCharsInserted == 4)
  1162. {
  1163. pString[i++] = L' ';
  1164. numCharsInserted = 0;
  1165. }
  1166. else
  1167. {
  1168. pString[i++] = RgwchHex[(*pb & 0xf0) >> 4];
  1169. pString[i++] = RgwchHex[*pb & 0x0f];
  1170. pb++;
  1171. numCharsInserted += 2;
  1172. }
  1173. }
  1174. pString[i] = 0;
  1175. str.ReleaseBuffer();
  1176. return TRUE;
  1177. }
  1180. void FormatRdnAttr(CString& str, DWORD dwValueType, CRYPT_DATA_BLOB& blob, BOOL fAppend)
  1181. {
  1182. if ( CERT_RDN_ENCODED_BLOB == dwValueType
  1183. || CERT_RDN_OCTET_STRING == dwValueType
  1184. )
  1185. {
  1186. // translate the buffer to a text string
  1187. FormatMemBufToString(str, blob.pbData, blob.cbData);
  1188. }
  1189. else
  1190. {
  1191. // buffer is already a string so just copy/append to it
  1192. if (fAppend)
  1193. {
  1194. str += (LPTSTR)blob.pbData;
  1195. }
  1196. else
  1197. {
  1198. // don't concatenate these entries...
  1199. str = (LPTSTR)blob.pbData;
  1200. }
  1201. }
  1202. }
  1204. BOOL
  1205. CreateDirectoryFromPath(LPCTSTR szPath, LPSECURITY_ATTRIBUTES lpSA)
  1206. /*++
  1208. Routine Description:
  1210. Creates the directory specified in szPath and any other "higher"
  1211. directories in the specified path that don't exist.
  1213. Arguments:
  1215. IN LPCTSTR szPath
  1216. directory path to create (assumed to be a DOS path, not a UNC)
  1218. IN LPSECURITY_ATTRIBUTES lpSA
  1219. pointer to security attributes argument used by CreateDirectory
  1222. Return Value:
  1224. TRUE if directory(ies) created
  1225. FALSE if error (GetLastError to find out why)
  1227. --*/
  1228. {
  1229. LPTSTR pLeftHalf, pNext;
  1230. CString RightHalf;
  1231. // 1. We are supporting only absolute paths. Caller should decide which
  1232. // root to use and build the path
  1233. if (PathIsRelative(szPath))
  1234. {
  1235. ASSERT(FALSE);
  1236. return FALSE;
  1237. }
  1239. pLeftHalf = (LPTSTR)szPath;
  1240. pNext = PathSkipRoot(pLeftHalf);
  1242. do {
  1243. // copy the chunk between pLeftHalf and pNext to the
  1244. // local buffer
  1245. while (pLeftHalf < pNext)
  1246. RightHalf += *pLeftHalf++;
  1247. // check if new path exists
  1248. int index = RightHalf.GetLength() - 1;
  1249. BOOL bBackslash = FALSE, bContinue = FALSE;
  1250. if (bBackslash = (RightHalf[index] == L'\\'))
  1251. {
  1252. RightHalf.SetAt(index, 0);
  1253. }
  1254. bContinue = PathIsUNCServerShare(RightHalf);
  1255. if (bBackslash)
  1256. RightHalf.SetAt(index, L'\\');
  1257. if (bContinue || PathIsDirectory(RightHalf))
  1258. continue;
  1259. else if (PathFileExists(RightHalf))
  1260. {
  1261. // we cannot create this directory
  1262. // because file with this name already exists
  1263. SetLastError(ERROR_ALREADY_EXISTS);
  1264. return FALSE;
  1265. }
  1266. else
  1267. {
  1268. // no file no directory, create
  1269. if (!CreateDirectory(RightHalf, lpSA))
  1270. return FALSE;
  1271. }
  1272. }
  1273. while (NULL != (pNext = PathFindNextComponent(pLeftHalf)));
  1274. return TRUE;
  1275. }
  1277. BOOL
  1278. CompactPathToWidth(CWnd * pControl, CString& strPath)
  1279. {
  1280. BOOL bRes;
  1281. CRect rc;
  1282. CFont * pFont = pControl->GetFont(), * pFontTmp;
  1283. CDC * pdc = pControl->GetDC(), dc;
  1284. LPTSTR pPath = strPath.GetBuffer(MAX_PATH);
  1286. dc.CreateCompatibleDC(pdc);
  1287. pFontTmp = dc.SelectObject(pFont);
  1288. pControl->GetClientRect(&rc);
  1290. bRes = PathCompactPath(dc.GetSafeHdc(), pPath, rc.Width());
  1292. dc.SelectObject(pFontTmp);
  1293. pControl->ReleaseDC(pdc);
  1294. strPath.ReleaseBuffer();
  1296. return bRes;
  1297. }
  1299. BOOL
  1300. GetKeySizeLimits(IEnroll * pEnroll,
  1301. DWORD * min, DWORD * max, DWORD * def,
  1302. BOOL bGSC,
  1303. HRESULT * phRes)
  1304. {
  1305. HCRYPTPROV hProv = NULL;
  1306. long dwProviderType;
  1307. DWORD dwFlags, cbData;
  1308. BSTR bstrProviderName;
  1309. PROV_ENUMALGS_EX paramData;
  1310. BOOL bRes = FALSE;
  1312. VERIFY(SUCCEEDED(pEnroll->get_ProviderNameWStr(&bstrProviderName)));
  1313. VERIFY(SUCCEEDED(pEnroll->get_ProviderType(&dwProviderType)));
  1315. if (!CryptAcquireContext(
  1316. &hProv,
  1317. NULL,
  1318. bstrProviderName,
  1319. dwProviderType,
  1320. CRYPT_VERIFYCONTEXT))
  1321. {
  1322. *phRes = GetLastError();
  1323. return FALSE;
  1324. }
  1326. for (int i = 0; ; i++)
  1327. {
  1328. dwFlags = 0 == i ? CRYPT_FIRST : 0;
  1329. cbData = sizeof(paramData);
  1330. if (!CryptGetProvParam(hProv, PP_ENUMALGS_EX, (BYTE*)&paramData, &cbData, dwFlags))
  1331. {
  1332. if (HRESULT_FROM_WIN32(ERROR_NO_MORE_ITEMS) == GetLastError())
  1333. {
  1334. // out of for loop
  1335. *phRes = S_OK;
  1336. bRes = TRUE;
  1337. }
  1338. else
  1339. {
  1340. *phRes = GetLastError();
  1341. }
  1342. break;
  1343. }
  1344. if (ALG_CLASS_KEY_EXCHANGE == GET_ALG_CLASS(paramData.aiAlgid))
  1345. {
  1346. *min = paramData.dwMinLen;
  1347. *max = paramData.dwMaxLen;
  1348. *def = paramData.dwDefaultLen;
  1349. bRes = TRUE;
  1350. *phRes = S_OK;
  1351. break;
  1352. }
  1353. }
  1354. if (NULL != hProv)
  1355. {
  1356. CryptReleaseContext(hProv, 0);
  1357. }
  1358. return bRes;
  1359. }
  1361. HRESULT ShutdownSSL(CString& machine_name, CString& server_name)
  1362. {
  1363. CString str = server_name;
  1364. str += _T("/root");
  1365. CComAuthInfo auth(machine_name);
  1366. CMetaKey key(&auth, str,METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE);
  1368. DWORD dwSslAccess;
  1369. if ( key.Succeeded()
  1370. && SUCCEEDED(key.QueryValue(MD_SSL_ACCESS_PERM, dwSslAccess))
  1371. && dwSslAccess > 0
  1372. )
  1373. {
  1374. // bug356587 should remove SslAccessPerm property and not set to 0 when Cert Removed
  1375. key.SetValue(MD_SSL_ACCESS_PERM, 0);
  1376. key.DeleteValue(MD_SSL_ACCESS_PERM);
  1377. key.DeleteValue(MD_SECURE_BINDINGS);
  1378. }
  1380. // Now we need to remove SSL setting from any virtual directory below
  1381. CError err;
  1382. CStringListEx strlDataPaths;
  1383. DWORD dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType;
  1385. VERIFY(CMetaKey::GetMDFieldDef(MD_SSL_ACCESS_PERM, dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType));
  1387. err = key.GetDataPaths(strlDataPaths,dwMDIdentifier,dwMDDataType);
  1389. if (err.Succeeded() && !strlDataPaths.IsEmpty())
  1390. {
  1391. POSITION pos = strlDataPaths.GetHeadPosition();
  1392. while (pos)
  1393. {
  1394. CString& str = strlDataPaths.GetNext(pos);
  1395. if (SUCCEEDED(key.QueryValue(MD_SSL_ACCESS_PERM, dwSslAccess, NULL, str)) && dwSslAccess > 0)
  1396. {
  1397. key.SetValue(MD_SSL_ACCESS_PERM, 0, NULL, str);
  1398. key.DeleteValue(MD_SSL_ACCESS_PERM, str);
  1399. key.DeleteValue(MD_SECURE_BINDINGS, str);
  1400. }
  1401. }
  1402. }
  1403. return key.QueryResult();
  1404. }
  1407. BOOL
  1408. GetServerComment(const CString& machine_name,
  1409. const CString& user_name,
  1410. const CString& user_password,
  1411. CString& MetabaseNode,
  1412. CString& comment,
  1413. HRESULT * phResult
  1414. )
  1415. {
  1416. ASSERT(!machine_name.IsEmpty());
  1417. *phResult = S_OK;
  1419. if (user_name.IsEmpty())
  1420. {
  1421. CComAuthInfo auth(machine_name);
  1422. CMetaKey key(&auth,MetabaseNode,METADATA_PERMISSION_READ);
  1423. if (key.Succeeded())
  1424. {
  1425. return SUCCEEDED(*phResult = key.QueryValue(MD_SERVER_COMMENT, comment));
  1426. }
  1427. else
  1428. {
  1429. *phResult = key.QueryResult();
  1430. return FALSE;
  1431. }
  1433. }
  1434. else
  1435. {
  1436. CComAuthInfo auth(machine_name,user_name,user_password);
  1437. CMetaKey key(&auth,MetabaseNode,METADATA_PERMISSION_READ);
  1438. if (key.Succeeded())
  1439. {
  1440. return SUCCEEDED(*phResult = key.QueryValue(MD_SERVER_COMMENT, comment));
  1441. }
  1442. else
  1443. {
  1444. *phResult = key.QueryResult();
  1445. return FALSE;
  1446. }
  1447. }
  1449. }
  1452. BOOL IsSiteTypeMetabaseNode(CString & MetabasePath)
  1453. {
  1454. BOOL bReturn = FALSE;
  1455. INT iPos1 = 0;
  1456. CString PathCopy = MetabasePath;
  1457. CString PathCopy2;
  1458. TCHAR MyChar;
  1460. // check if ends with a slash...
  1461. // if it does, then cut it off
  1462. if (PathCopy.Right(1) == _T('/'))
  1463. {
  1464. iPos1 = PathCopy.ReverseFind(_T('/'));
  1465. if (iPos1 != -1)
  1466. {
  1467. PathCopy.SetAt(iPos1,_T('0'));
  1468. }
  1469. }
  1471. iPos1 = PathCopy.ReverseFind((TCHAR) _T('/'));
  1472. if (iPos1 == -1)
  1473. {
  1474. goto IsSiteTypeMetabaseNode_Exit;
  1475. }
  1476. PathCopy2 = PathCopy.Right(PathCopy.GetLength() - iPos1);
  1477. PathCopy2.TrimRight();
  1478. for (INT i = 0; i < PathCopy2.GetLength(); i++)
  1479. {
  1480. MyChar = PathCopy2.GetAt(i);
  1481. if (MyChar != _T(' ') && MyChar != _T('/'))
  1482. {
  1483. if (FALSE == ISNUM(MyChar))
  1484. {
  1485. goto IsSiteTypeMetabaseNode_Exit;
  1486. }
  1487. }
  1488. }
  1489. bReturn = TRUE;
  1491. IsSiteTypeMetabaseNode_Exit:
  1492. return bReturn;
  1493. }
  1495. HRESULT EnumSites(CString& machine_name,CString& user_name,CString& user_password,CStringListEx * MyStringList)
  1496. {
  1497. HRESULT hr = E_FAIL;
  1498. CString str = _T("LM/W3SVC");
  1499. CString strChildPath = _T("");
  1500. CString strServerComment;
  1501. CComAuthInfo auth(machine_name,user_name,user_password);
  1502. CMetaKey key(&auth,str,METADATA_PERMISSION_READ);
  1504. hr = key.QueryResult();
  1505. if (key.Succeeded())
  1506. {
  1507. // Do a Get data paths on this key.
  1508. CError err;
  1509. CStringListEx strlDataPaths;
  1510. CBlob hash;
  1511. DWORD dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType;
  1513. VERIFY(CMetaKey::GetMDFieldDef(MD_SERVER_BINDINGS, dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType));
  1514. err = key.GetDataPaths(strlDataPaths,dwMDIdentifier,dwMDDataType);
  1515. if (err.Succeeded() && !strlDataPaths.IsEmpty())
  1516. {
  1517. POSITION pos = strlDataPaths.GetHeadPosition();
  1518. while (pos)
  1519. {
  1520. CString& strJustTheEnd = strlDataPaths.GetNext(pos);
  1522. strChildPath = str + strJustTheEnd;
  1523. if (TRUE == IsSiteTypeMetabaseNode(strChildPath))
  1524. {
  1525. MyStringList->AddTail(strChildPath);
  1526. }
  1527. }
  1528. }
  1529. hr = key.QueryResult();
  1530. }
  1532. return hr;
  1533. }
  1535. HRESULT EnumSitesWithCertInstalled(CString& machine_name,CString& user_name,CString& user_password,CStringListEx * MyStringList)
  1536. {
  1537. HRESULT hr = E_FAIL;
  1538. CString str = _T("LM/W3SVC");
  1539. CString strChildPath = _T("");
  1540. CString strServerComment;
  1541. CComAuthInfo auth(machine_name,user_name,user_password);
  1542. CMetaKey key(&auth,str,METADATA_PERMISSION_READ);
  1544. hr = key.QueryResult();
  1545. if (key.Succeeded())
  1546. {
  1547. // Do a Get data paths on this key.
  1548. CError err;
  1549. CStringListEx strlDataPaths;
  1550. CBlob hash;
  1551. DWORD dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType;
  1553. //MD_SSL_CERT_STORE_NAME
  1554. //MD_SSL_CERT_HASH, hash
  1555. VERIFY(CMetaKey::GetMDFieldDef(MD_SSL_CERT_HASH, dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType));
  1556. err = key.GetDataPaths(strlDataPaths,dwMDIdentifier,dwMDDataType);
  1557. if (err.Succeeded() && !strlDataPaths.IsEmpty())
  1558. {
  1559. POSITION pos = strlDataPaths.GetHeadPosition();
  1560. while (pos)
  1561. {
  1562. CString& strJustTheEnd = strlDataPaths.GetNext(pos);
  1564. strChildPath = str + strJustTheEnd;
  1565. if (TRUE == IsSiteTypeMetabaseNode(strChildPath))
  1566. {
  1567. MyStringList->AddTail(strChildPath);
  1568. }
  1569. }
  1570. }
  1571. hr = key.QueryResult();
  1572. }
  1574. return hr;
  1575. }
  1578. HRESULT IsCertUsedBySSLBelowMe(CString& machine_name, CString& server_name, CStringList& listFillMe)
  1579. {
  1580. CString str = server_name;
  1581. str += _T("/root");
  1582. CComAuthInfo auth(machine_name);
  1583. CMetaKey key(&auth, str,METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE);
  1585. DWORD dwSslAccess;
  1586. if ( key.Succeeded()
  1587. && SUCCEEDED(key.QueryValue(MD_SSL_ACCESS_PERM, dwSslAccess))
  1588. && dwSslAccess > 0
  1589. )
  1590. {
  1591. // it's used on my node...
  1592. // return back something to say it's used...
  1593. listFillMe.AddTail(str);
  1594. }
  1596. // Now check if it's being used below me...
  1597. CError err;
  1598. CStringListEx strlDataPaths;
  1599. DWORD dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType;
  1601. VERIFY(CMetaKey::GetMDFieldDef(MD_SSL_ACCESS_PERM, dwMDIdentifier, dwMDAttributes, dwMDUserType,dwMDDataType));
  1603. err = key.GetDataPaths(strlDataPaths,dwMDIdentifier,dwMDDataType);
  1605. if (err.Succeeded() && !strlDataPaths.IsEmpty())
  1606. {
  1607. POSITION pos = strlDataPaths.GetHeadPosition();
  1608. while (pos)
  1609. {
  1610. CString& str = strlDataPaths.GetNext(pos);
  1611. if (SUCCEEDED(key.QueryValue(MD_SSL_ACCESS_PERM, dwSslAccess, NULL, str)) && dwSslAccess > 0)
  1612. {
  1613. // yes, it's being used here...
  1614. // return back something to say it's used...
  1615. listFillMe.AddTail(str);
  1616. }
  1617. }
  1618. }
  1619. return key.QueryResult();
  1620. }
  1624. HRESULT
  1625. HereIsVtArrayGimmieBinary(
  1626. VARIANT * lpVarSrcObject,
  1627. DWORD * cbBinaryBufferSize,
  1628. char **pbBinaryBuffer,
  1629. BOOL bReturnBinaryAsVT_VARIANT
  1630. )
  1631. {
  1632. HRESULT hr = S_OK;
  1633. LONG dwSLBound = 0;
  1634. LONG dwSUBound = 0;
  1635. CHAR HUGEP *pArray = NULL;
  1637. if (NULL == cbBinaryBufferSize || NULL == pbBinaryBuffer)
  1638. {
  1639. hr = E_INVALIDARG;
  1640. goto HereIsVtArrayGimmieBinary_Exit;
  1641. }
  1643. if (bReturnBinaryAsVT_VARIANT)
  1644. {
  1645. hr = VariantChangeType(lpVarSrcObject,lpVarSrcObject,0,VT_ARRAY | VT_VARIANT);
  1646. }
  1647. else
  1648. {
  1649. hr = VariantChangeType(lpVarSrcObject,lpVarSrcObject,0,VT_ARRAY | VT_UI1);
  1650. }
  1652. if (FAILED(hr))
  1653. {
  1654. if (hr != E_OUTOFMEMORY)
  1655. {
  1656. hr = OLE_E_CANTCONVERT;
  1657. }
  1658. goto HereIsVtArrayGimmieBinary_Exit;
  1659. }
  1661. if (bReturnBinaryAsVT_VARIANT)
  1662. {
  1663. if( lpVarSrcObject->vt != (VT_ARRAY | VT_VARIANT))
  1664. {
  1665. hr = OLE_E_CANTCONVERT;
  1666. goto HereIsVtArrayGimmieBinary_Exit;
  1667. }
  1668. }
  1669. else
  1670. {
  1671. if( lpVarSrcObject->vt != (VT_ARRAY | VT_UI1))
  1672. {
  1673. hr = OLE_E_CANTCONVERT;
  1674. goto HereIsVtArrayGimmieBinary_Exit;
  1675. }
  1676. }
  1678. hr = SafeArrayGetLBound(V_ARRAY(lpVarSrcObject),1,(long FAR *) &dwSLBound );
  1679. if (FAILED(hr))
  1680. {goto HereIsVtArrayGimmieBinary_Exit;}
  1682. hr = SafeArrayGetUBound(V_ARRAY(lpVarSrcObject),1,(long FAR *) &dwSUBound );
  1683. if (FAILED(hr))
  1684. {goto HereIsVtArrayGimmieBinary_Exit;}
  1686. //*pbBinaryBuffer = (LPBYTE) AllocADsMem(dwSUBound - dwSLBound + 1);
  1687. *pbBinaryBuffer = (char *) ::CoTaskMemAlloc(dwSUBound - dwSLBound + 1);
  1688. if (*pbBinaryBuffer == NULL)
  1689. {
  1690. hr = E_OUTOFMEMORY;
  1691. goto HereIsVtArrayGimmieBinary_Exit;
  1692. }
  1694. *cbBinaryBufferSize = dwSUBound - dwSLBound + 1;
  1696. hr = SafeArrayAccessData( V_ARRAY(lpVarSrcObject),(void HUGEP * FAR *) &pArray );
  1697. if (FAILED(hr))
  1698. {goto HereIsVtArrayGimmieBinary_Exit;}
  1700. memcpy(*pbBinaryBuffer,pArray,dwSUBound-dwSLBound+1);
  1701. SafeArrayUnaccessData( V_ARRAY(lpVarSrcObject) );
  1703. HereIsVtArrayGimmieBinary_Exit:
  1704. return hr;
  1705. }
  1708. CERT_CONTEXT * GetInstalledCertFromHash(HRESULT * phResult,DWORD cbHashBlob, char * pHashBlob)
  1709. {
  1710. ATLASSERT(phResult != NULL);
  1711. CERT_CONTEXT * pCert = NULL;
  1712. *phResult = S_OK;
  1713. CString store_name = _T("MY");
  1715. HCERTSTORE hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,NULL,CERT_SYSTEM_STORE_LOCAL_MACHINE,store_name);
  1716. ASSERT(hStore != NULL);
  1717. if (hStore != NULL)
  1718. {
  1719. // Now we need to find cert by hash
  1720. CRYPT_HASH_BLOB crypt_hash;
  1721. crypt_hash.cbData = cbHashBlob;
  1722. crypt_hash.pbData = (BYTE *) pHashBlob;
  1723. pCert = (CERT_CONTEXT *)CertFindCertificateInStore(hStore,X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,0,CERT_FIND_HASH,(LPVOID)&crypt_hash,NULL);
  1724. if (pCert == NULL)
  1725. {
  1726. *phResult = HRESULT_FROM_WIN32(GetLastError());
  1727. }
  1728. VERIFY(CertCloseStore(hStore, 0));
  1729. }
  1730. else
  1731. {
  1732. *phResult = HRESULT_FROM_WIN32(GetLastError());
  1733. }
  1735. return pCert;
  1736. }
  1739. BOOL ViewCertificateDialog(CRYPT_HASH_BLOB* pcrypt_hash, HWND hWnd)
  1740. {
  1741. BOOL bReturn = FALSE;
  1742. HCERTSTORE hStore = NULL;
  1743. PCCERT_CONTEXT pCert = NULL;
  1744. CString store_name = _T("MY");
  1747. hStore = CertOpenStore(
  1748. CERT_STORE_PROV_SYSTEM,
  1749. PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
  1750. NULL,
  1751. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  1752. store_name
  1753. );
  1754. if (hStore != NULL)
  1755. {
  1756. // Now we need to find cert by hash
  1757. //CRYPT_HASH_BLOB crypt_hash;
  1758. //crypt_hash.cbData = hash.GetSize();
  1759. //crypt_hash.pbData = hash.GetData();
  1760. pCert = CertFindCertificateInStore(hStore,
  1761. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  1762. 0, CERT_FIND_HASH, (LPVOID)pcrypt_hash, NULL);
  1763. }
  1765. if (pCert)
  1766. {
  1767. BOOL fPropertiesChanged;
  1768. CRYPTUI_VIEWCERTIFICATE_STRUCT vcs;
  1769. HCERTSTORE hCertStore = ::CertDuplicateStore(hStore);
  1770. ::ZeroMemory (&vcs, sizeof (vcs));
  1771. vcs.dwSize = sizeof (vcs);
  1772. vcs.hwndParent = hWnd;
  1773. vcs.dwFlags = 0;
  1774. vcs.cStores = 1;
  1775. vcs.rghStores = &hCertStore;
  1776. vcs.pCertContext = pCert;
  1777. ::CryptUIDlgViewCertificate(&vcs, &fPropertiesChanged);
  1778. ::CertCloseStore (hCertStore, 0);
  1779. bReturn = TRUE;
  1780. }
  1781. else
  1782. {
  1783. // it failed
  1784. }
  1785. if (pCert != NULL)
  1786. ::CertFreeCertificateContext(pCert);
  1787. if (hStore != NULL)
  1788. ::CertCloseStore(hStore, 0);
  1790. return bReturn;
  1791. }
  1793. /*
  1795. -----Original Message-----
  1796. From: Helle Vu (SPECTOR)
  1797. Sent: Friday, April 27, 2001 6:02 PM
  1798. To: Aaron Lee; Trevor Freeman
  1799. Cc: Sergei Antonov
  1800. Subject: RE: bug 31010
  1802. Perfect timing, I was just about to send you an update on this:
  1804. I talked to Trevor about this, and he suggested the best thing to do for IIS would be the following (Trevor, please double-check I got this right):
  1805. If there is an EKU, and it has serverauth, display it in the list to pick web server certs from
  1806. If no EKU, look at basic constraints:
  1807. * If we do not have basic constraints, do display it in the list to pick web server certs from
  1808. * If we do have basic constraints with Subject Type =CA, don't display it in the list to pick web server certs from (this will filter out CA certs)
  1809. * If we do have basic constraints with SubectType !=CA, do display it in the list to pick web server certs from
  1810. */
  1812. /*
  1813. ===== Opened by kshenoy on 11/13/2000 02:26PM =====
  1814. Add Existing certificate option in "Web Server Certificate Request wizard" should not list CA certificates in the filter
  1815. but only End entity certificates with "Server Authentication" EKU
  1817. Since CA certificates by default have all the EKUs the filter will list CA certificates apart from
  1818. end entity certificates with "Server Auth" EKU.
  1820. In order to check if a given certificate is a CA or end entity you can look at the Basic Constraints
  1821. extension of the certificate if present. This will be present in CA certificates and set to SubjectType=CA.
  1822. If present in end entity certificates it will be set to "ServerAuth"
  1823. */
  1825. int CheckCertConstraints(PCCERT_CONTEXT pCC)
  1826. {
  1827. PCERT_EXTENSION pCExt;
  1828. LPCSTR pszObjId;
  1829. DWORD i;
  1830. CERT_BASIC_CONSTRAINTS_INFO *pConstraints=NULL;
  1831. CERT_BASIC_CONSTRAINTS2_INFO *p2Constraints=NULL;
  1832. DWORD ConstraintSize=0;
  1833. int ReturnValue = FAILURE;
  1834. BOOL Using2=FALSE;
  1835. void* ConstraintBlob=NULL;
  1837. pszObjId = szOID_BASIC_CONSTRAINTS;
  1839. pCExt = CertFindExtension(pszObjId,pCC->pCertInfo->cExtension,pCC->pCertInfo->rgExtension);
  1840. if (pCExt == NULL)
  1841. {
  1842. pszObjId = szOID_BASIC_CONSTRAINTS2;
  1843. pCExt = CertFindExtension(pszObjId,pCC->pCertInfo->cExtension,pCC->pCertInfo->rgExtension);
  1844. Using2=TRUE;
  1845. }
  1847. if (pCExt == NULL)
  1848. {
  1849. ReturnValue = DID_NOT_FIND_CONSTRAINT;
  1850. goto CheckCertConstraints_Exit;
  1851. }
  1853. // Decode extension
  1854. if (!CryptDecodeObject(X509_ASN_ENCODING,pCExt->pszObjId,pCExt->Value.pbData,pCExt->Value.cbData,0,NULL,&ConstraintSize))
  1855. {
  1856. goto CheckCertConstraints_Exit;
  1857. }
  1859. ConstraintBlob = malloc(ConstraintSize);
  1860. if (ConstraintBlob == NULL)
  1861. {
  1862. goto CheckCertConstraints_Exit;
  1863. }
  1865. if (!CryptDecodeObject(X509_ASN_ENCODING,pCExt->pszObjId,pCExt->Value.pbData,pCExt->Value.cbData,0,(void*)ConstraintBlob,&ConstraintSize))
  1866. {
  1867. goto CheckCertConstraints_Exit;
  1869. }
  1871. if (Using2)
  1872. {
  1873. p2Constraints=(CERT_BASIC_CONSTRAINTS2_INFO*)ConstraintBlob;
  1874. if (!p2Constraints->fCA)
  1875. {
  1876. // there is a constraint, and it's not a CA
  1877. ReturnValue = FOUND_CONSTRAINT;
  1878. }
  1879. else
  1880. {
  1881. // This is a CA. CA cannot be used as a 'server auth'
  1882. ReturnValue = FOUND_CONSTRAINT_BUT_THIS_IS_A_CA_OR_ITS_NOT_AN_END_ENTITY;
  1883. }
  1884. }
  1885. else
  1886. {
  1887. pConstraints=(CERT_BASIC_CONSTRAINTS_INFO*)ConstraintBlob;
  1888. if (((pConstraints->SubjectType.cbData * 8) - pConstraints->SubjectType.cUnusedBits) >= 2)
  1889. {
  1890. if ((*pConstraints->SubjectType.pbData) & CERT_END_ENTITY_SUBJECT_FLAG)
  1891. {
  1892. // there is a valid constraint
  1893. ReturnValue = FOUND_CONSTRAINT;
  1894. }
  1895. else
  1896. {
  1897. // this is not an 'end entity' so hey -- we can't use it.
  1898. ReturnValue = FOUND_CONSTRAINT_BUT_THIS_IS_A_CA_OR_ITS_NOT_AN_END_ENTITY;
  1899. }
  1901. }
  1902. }
  1904. CheckCertConstraints_Exit:
  1905. if (ConstraintBlob){free(ConstraintBlob);}
  1906. return (ReturnValue);
  1908. }
  1911. BOOL IsCertExportable(PCCERT_CONTEXT pCertContext)
  1912. {
  1913. HCRYPTPROV hCryptProv = NULL;
  1914. DWORD dwKeySpec = 0;
  1915. BOOL fCallerFreeProv = FALSE;
  1916. BOOL fReturn = FALSE;
  1917. HCRYPTKEY hKey = NULL;
  1918. DWORD dwPermissions = 0;
  1919. DWORD dwSize = 0;
  1921. if (!pCertContext)
  1922. {
  1923. fReturn = FALSE;
  1924. goto IsCertExportable_Exit;
  1925. }
  1927. //
  1928. // first get the private key context
  1929. //
  1930. if (!CryptAcquireCertificatePrivateKey(
  1931. pCertContext,
  1932. CRYPT_ACQUIRE_USE_PROV_INFO_FLAG | CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
  1933. NULL,
  1934. &hCryptProv,
  1935. &dwKeySpec,
  1936. &fCallerFreeProv))
  1937. {
  1938. fReturn = FALSE;
  1939. goto IsCertExportable_Exit;
  1940. }
  1942. //
  1943. // get the handle to the key
  1944. //
  1945. if (!CryptGetUserKey(hCryptProv, dwKeySpec, &hKey))
  1946. {
  1947. fReturn = FALSE;
  1948. goto IsCertExportable_Exit;
  1949. }
  1951. //
  1952. // finally, get the permissions on the key and check if it is exportable
  1953. //
  1954. dwSize = sizeof(dwPermissions);
  1955. if (!CryptGetKeyParam(hKey, KP_PERMISSIONS, (PBYTE)&dwPermissions, &dwSize, 0))
  1956. {
  1957. fReturn = FALSE;
  1958. goto IsCertExportable_Exit;
  1959. }
  1961. fReturn = (dwPermissions & CRYPT_EXPORT) ? TRUE : FALSE;
  1963. IsCertExportable_Exit:
  1964. if (hKey != NULL){CryptDestroyKey(hKey);}
  1965. if (fCallerFreeProv){CryptReleaseContext(hCryptProv, 0);}
  1966. return fReturn;
  1967. }
  1970. BOOL IsCertExportableOnRemoteMachine(CString ServerName,CString UserName,CString UserPassword,CString InstanceName)
  1971. {
  1972. BOOL bRes = FALSE;
  1973. BOOL bPleaseDoCoUninit = FALSE;
  1974. HRESULT hResult = E_FAIL;
  1975. IIISCertObj *pTheObject = NULL;
  1976. VARIANT_BOOL varBool = VARIANT_FALSE;
  1978. BSTR bstrServerName = SysAllocString(ServerName);
  1979. BSTR bstrUserName = SysAllocString(UserName);
  1980. BSTR bstrUserPassword = SysAllocString(UserPassword);
  1981. BSTR bstrInstanceName = SysAllocString(InstanceName);
  1983. hResult = CoInitialize(NULL);
  1984. if(FAILED(hResult))
  1985. {
  1986. return bRes;
  1987. }
  1988. bPleaseDoCoUninit = TRUE;
  1990. // this one seems to work with surrogates..
  1991. hResult = CoCreateInstance(CLSID_IISCertObj,NULL,CLSCTX_SERVER,IID_IIISCertObj,(void **)&pTheObject);
  1992. if (FAILED(hResult))
  1993. {
  1994. goto InstallCopyMoveFromRemote_Exit;
  1995. }
  1997. // at this point we were able to instantiate the com object on the server (local or remote)
  1998. pTheObject->put_ServerName(bstrServerName);
  1999. pTheObject->put_UserName(bstrUserName);
  2000. pTheObject->put_UserPassword(bstrUserPassword);
  2001. pTheObject->put_InstanceName(bstrInstanceName);
  2003. hResult = pTheObject->IsExportable(&varBool);
  2004. if (FAILED(hResult))
  2005. {
  2006. goto InstallCopyMoveFromRemote_Exit;
  2007. }
  2009. if (varBool == VARIANT_FALSE)
  2010. {
  2011. bRes = FALSE;
  2012. }
  2013. else
  2014. {
  2015. bRes = TRUE;
  2016. }
  2018. InstallCopyMoveFromRemote_Exit:
  2019. if (pTheObject)
  2020. {
  2021. pTheObject->Release();
  2022. pTheObject = NULL;
  2023. }
  2024. if (bPleaseDoCoUninit)
  2025. {
  2026. CoUninitialize();
  2027. }
  2029. if (bstrServerName) {SysFreeString(bstrServerName);}
  2030. if (bstrUserName) {SysFreeString(bstrUserName);}
  2031. if (bstrUserPassword) {SysFreeString(bstrUserPassword);}
  2032. if (bstrInstanceName) {SysFreeString(bstrInstanceName);}
  2033. return bRes;
  2034. }
  2036. BOOL DumpCertDesc(char * pBlobInfo)
  2037. {
  2038. BOOL bRes = FALSE;
  2040. IISDebugOutput(_T("blob=%s\n"),pBlobInfo);
  2042. bRes = TRUE;
  2043. return bRes;
  2044. }
  2047. BOOL GetCertDescInfo(CString ServerName,CString UserName,CString UserPassword,CString InstanceName)
  2048. {
  2049. BOOL bReturn = FALSE;
  2050. HRESULT hResult = E_FAIL;
  2051. IIISCertObj *pTheObject = NULL;
  2052. DWORD cbBinaryBufferSize = 0;
  2053. char * pbBinaryBuffer = NULL;
  2054. BOOL bPleaseDoCoUninit = FALSE;
  2055. BSTR bstrServerName = SysAllocString(ServerName);
  2056. BSTR bstrUserName = SysAllocString(UserName);
  2057. BSTR bstrUserPassword = SysAllocString(UserPassword);
  2058. BSTR bstrInstanceName = SysAllocString(InstanceName);
  2059. VARIANT VtArray;
  2061. hResult = CoInitialize(NULL);
  2062. if(FAILED(hResult))
  2063. {
  2064. return bReturn;
  2065. }
  2066. bPleaseDoCoUninit = TRUE;
  2068. // this one seems to work with surrogates..
  2069. hResult = CoCreateInstance(CLSID_IISCertObj,NULL,CLSCTX_SERVER,IID_IIISCertObj,(void **)&pTheObject);
  2070. if (FAILED(hResult))
  2071. {
  2072. goto GetCertDescInfo_Exit;
  2073. }
  2075. pTheObject->put_ServerName(bstrServerName);
  2076. pTheObject->put_UserName(bstrUserName);
  2077. pTheObject->put_UserPassword(bstrUserPassword);
  2078. pTheObject->put_InstanceName(bstrInstanceName);
  2080. hResult = pTheObject->GetCertInfo(&VtArray);
  2081. if (FAILED(hResult))
  2082. {
  2083. goto GetCertDescInfo_Exit;
  2084. }
  2086. // we have a VtArray now.
  2087. // change it back to a binary blob
  2088. hResult = HereIsVtArrayGimmieBinary(&VtArray,&cbBinaryBufferSize,&pbBinaryBuffer,FALSE);
  2089. if (FAILED(hResult))
  2090. {
  2091. goto GetCertDescInfo_Exit;
  2092. }
  2094. // Dump it out!
  2095. DumpCertDesc(pbBinaryBuffer);
  2098. bReturn = TRUE;
  2100. GetCertDescInfo_Exit:
  2101. if (pTheObject)
  2102. {
  2103. pTheObject->Release();
  2104. pTheObject = NULL;
  2105. }
  2106. if (pbBinaryBuffer)
  2107. {
  2108. CoTaskMemFree(pbBinaryBuffer);
  2109. }
  2110. if (bPleaseDoCoUninit)
  2111. {
  2112. CoUninitialize();
  2113. }
  2114. return bReturn;
  2115. }
  2118. BOOL IsWhistlerWorkstation(void)
  2119. {
  2120. BOOL WorkstationSKU = FALSE;
  2121. OSVERSIONINFOEX osvi;
  2122. //
  2123. // Determine if we are installing Personal/Professional SKU
  2124. //
  2125. ZeroMemory( &osvi, sizeof( OSVERSIONINFOEX ) );
  2126. osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
  2127. GetVersionEx((OSVERSIONINFO *) &osvi);
  2128. if (osvi.wProductType == VER_NT_WORKSTATION)
  2129. {
  2130. WorkstationSKU = TRUE;
  2131. }
  2132. return WorkstationSKU;
  2133. }