|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: inf.cpp
//
// Contents: Cert Server INF file processing routines
//
//---------------------------------------------------------------------------
#include <pch.cpp>
#pragma hdrstop
#include <certca.h>
#include "csdisp.h"
#include "initcert.h"
#include "clibres.h"
#define __dwFILE__ __dwFILE_CERTLIB_INF_CPP__
#define wszBSCAPOLICYFILE L"\\" wszCAPOLICYFILE
#define wszINFKEY_CONTINUE L"_continue_"
#define cwcVALUEMAX 1024
static WCHAR *s_pwszSection = NULL;static WCHAR *s_pwszKey = NULL;static WCHAR *s_pwszValue = NULL;
VOIDinfClearString( IN OUT WCHAR **ppwsz){ if (NULL != ppwsz && NULL != *ppwsz) { LocalFree(*ppwsz); *ppwsz = NULL; }}
BOOLinfCopyString( OPTIONAL IN WCHAR const *pwszIn, OPTIONAL OUT WCHAR **ppwszOut){ HRESULT hr; if (NULL != pwszIn && L'\0' != *pwszIn) { if (NULL == *ppwszOut) { if (NULL != *ppwszOut) { LocalFree(*ppwszOut); *ppwszOut = NULL; } hr = myDupString(pwszIn, ppwszOut); _JumpIfError(hr, error, "myDupString"); } } hr = S_OK;
error: return(S_OK == hr);}
#define INFSTRINGSELECT(pwsz) (NULL != (pwsz)? (pwsz) : L"")
#if DBG_CERTSRV
# define INFSETERROR(hr, pwszSection, pwszKey, pwszValue) \
{ \ _PrintError3(hr, "infSetError", ERROR_LINE_NOT_FOUND, S_FALSE); \ infSetError(hr, pwszSection, pwszKey, pwszValue, __LINE__); \ }#else
# define INFSETERROR infSetError
#endif
VOIDinfSetError( IN HRESULT hr, OPTIONAL IN WCHAR const *pwszSection, OPTIONAL IN WCHAR const *pwszKey, OPTIONAL IN WCHAR const *pwszValue DBGPARM(IN DWORD dwLine)){ DBGPRINT(( DBG_SS_CERTLIBI, "inf.cpp(%u): infSetError Begin: [%ws] %ws = %ws\n", dwLine, INFSTRINGSELECT(pwszSection), INFSTRINGSELECT(pwszKey), INFSTRINGSELECT(pwszValue))); infCopyString(pwszSection, &s_pwszSection); infCopyString(pwszKey, &s_pwszKey); infCopyString(pwszValue, &s_pwszValue); DBGPRINT(( DBG_SS_CERTLIBI, "inf.cpp(%u): infSetError End: [%ws] %ws = %ws\n", dwLine, INFSTRINGSELECT(s_pwszSection), INFSTRINGSELECT(s_pwszKey), INFSTRINGSELECT(s_pwszValue)));}
WCHAR *myInfGetError(){ DWORD cwc = 1; WCHAR *pwsz = NULL; if (NULL != s_pwszSection) { cwc += wcslen(s_pwszSection) + 2; } if (NULL != s_pwszKey) { cwc += wcslen(s_pwszKey) + 1; } if (NULL != s_pwszValue) { cwc += wcslen(s_pwszValue) + 3; } if (1 == cwc) { goto error; } pwsz = (WCHAR *) LocalAlloc(LMEM_FIXED, cwc * sizeof(WCHAR)); if (NULL == pwsz) { goto error; } *pwsz = L'\0'; if (NULL != s_pwszSection) { wcscat(pwsz, wszLBRACKET); wcscat(pwsz, s_pwszSection); wcscat(pwsz, wszRBRACKET); } if (NULL != s_pwszKey) { if (L'\0' != *pwsz) { wcscat(pwsz, L" "); } wcscat(pwsz, s_pwszKey); } if (NULL != s_pwszValue) { wcscat(pwsz, L" = "); wcscat(pwsz, s_pwszValue); }error: return(pwsz);}
VOIDmyInfClearError(){ infClearString(&s_pwszSection); infClearString(&s_pwszKey); infClearString(&s_pwszValue);}
HRESULTinfSetupFindFirstLine( IN HINF hInf, IN WCHAR const *pwszSection, OPTIONAL IN WCHAR const *pwszKey, OUT INFCONTEXT *pInfContext){ HRESULT hr; if (!SetupFindFirstLine(hInf, pwszSection, pwszKey, pInfContext)) { hr = myHLastError(); if ((HRESULT) ERROR_LINE_NOT_FOUND == hr && SetupFindFirstLine(hInf, pwszSection, wszINFKEY_EMPTY, pInfContext)) { hr = S_FALSE; // Section exists, but Key doesn't
} _JumpErrorStr3( hr, error, "SetupFindFirstLine", pwszSection, ERROR_LINE_NOT_FOUND, S_FALSE); } hr = S_OK;
error: return(hr);}
HRESULTinfBuildPolicyElement( IN OUT INFCONTEXT *pInfContext, OPTIONAL OUT CERT_POLICY_QUALIFIER_INFO *pcpqi){ HRESULT hr; DWORD i; WCHAR wszKey[MAX_PATH]; BOOL fURL = FALSE; BOOL fNotice = FALSE; DWORD cwc; WCHAR *pwszValue = NULL; WCHAR *pwszURL = NULL; BYTE *pbData = NULL; DWORD cbData;
wszKey[0] = L'\0'; if (!SetupGetStringField( pInfContext, 0, wszKey, ARRAYSIZE(wszKey), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } DBGPRINT((DBG_SS_CERTLIBI, "Element = %ws\n", wszKey));
if (0 == lstrcmpi(wszINFKEY_URL, wszKey)) { fURL = TRUE; } else if (0 == lstrcmpi(wszINFKEY_NOTICE, wszKey)) { fNotice = TRUE; } else { if (0 != lstrcmpi(wszINFKEY_OID, wszKey)) { _PrintErrorStr(E_INVALIDARG, "Skipping unknown key", wszKey); } hr = S_FALSE; // Skip this key
} if (fURL || fNotice) { if (!SetupGetStringField(pInfContext, 1, NULL, 0, &cwc)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } pwszValue = (WCHAR *) LocalAlloc(LMEM_FIXED, cwc * sizeof(WCHAR)); if (NULL == pwszValue) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } if (!SetupGetStringField(pInfContext, 1, pwszValue, cwc, NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } DBGPRINT((DBG_SS_CERTLIBI, "SetupGetStringField = %ws\n", pwszValue));
if (fURL) { CERT_NAME_VALUE NameValue;
hr = myInternetCanonicalizeUrl(pwszValue, &pwszURL); _JumpIfError(hr, error, "myInternetCanonicalizeUrl");
NameValue.dwValueType = CERT_RDN_IA5_STRING; NameValue.Value.pbData = (BYTE *) pwszURL; NameValue.Value.cbData = 0;
if (NULL != pcpqi) { CSILOG(S_OK, IDS_ILOG_CAPOLICY_ELEMENT, pwszURL, NULL, NULL); }
if (!myEncodeObject( X509_ASN_ENCODING, X509_UNICODE_NAME_VALUE, &NameValue, 0, CERTLIB_USE_LOCALALLOC, &pbData, &cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); } } else { CERT_POLICY_QUALIFIER_USER_NOTICE UserNotice;
ZeroMemory(&UserNotice, sizeof(UserNotice)); UserNotice.pszDisplayText = pwszValue;
if (NULL != pcpqi) { CSILOG(S_OK, IDS_ILOG_CAPOLICY_ELEMENT, pwszValue, NULL, NULL); }
if (!myEncodeObject( X509_ASN_ENCODING, X509_PKIX_POLICY_QUALIFIER_USERNOTICE, &UserNotice, 0, CERTLIB_USE_LOCALALLOC, &pbData, &cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); } } if (NULL != pcpqi) { pcpqi->pszPolicyQualifierId = fURL? szOID_PKIX_POLICY_QUALIFIER_CPS : szOID_PKIX_POLICY_QUALIFIER_USERNOTICE; pcpqi->Qualifier.pbData = pbData; pcpqi->Qualifier.cbData = cbData; pbData = NULL; } hr = S_OK; }
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, NULL, wszKey, pwszValue); } if (NULL != pwszValue) { LocalFree(pwszValue); } if (NULL != pwszURL) { LocalFree(pwszURL); } if (NULL != pbData) { LocalFree(pbData); } return(hr);}
HRESULTinfBuildPolicy( IN HINF hInf, IN WCHAR const *pwszSection, IN OUT CERT_POLICY_INFO *pcpi){ HRESULT hr; INFCONTEXT InfContext; DWORD i; WCHAR wszValue[cwcVALUEMAX];
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf); wszValue[0] = L'\0'; hr = infSetupFindFirstLine(hInf, pwszSection, wszINFKEY_OID, &InfContext); if (S_OK != hr) { INFSETERROR(hr, NULL, wszINFKEY_OID, NULL); _JumpErrorStr(hr, error, "infSetupFindFirstLine", pwszSection); } if (!SetupGetStringField( &InfContext, 1, wszValue, ARRAYSIZE(wszValue), NULL)) { hr = myHLastError(); INFSETERROR(hr, NULL, wszINFKEY_OID, NULL); _JumpError(hr, error, "SetupGetStringField"); }
if (!ConvertWszToSz(&pcpi->pszPolicyIdentifier, wszValue, -1)) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "ConvertWszToSz"); } DBGPRINT((DBG_SS_CERTLIBI, "OID = %hs\n", pcpi->pszPolicyIdentifier));
hr = infSetupFindFirstLine(hInf, pwszSection, NULL, &InfContext); _JumpIfErrorStr(hr, error, "infSetupFindFirstLine", pwszSection);
for (i = 0; ; ) { hr = infBuildPolicyElement(&InfContext, NULL); if (S_FALSE != hr) { _JumpIfErrorStr(hr, error, "infBuildPolicyElement", pwszSection);
i++; }
if (!SetupFindNextLine(&InfContext, &InfContext)) { hr = myHLastError(); _PrintErrorStr2(hr, "SetupFindNextLine", pwszSection, hr); break; } }
pcpi->cPolicyQualifier = i; pcpi->rgPolicyQualifier = (CERT_POLICY_QUALIFIER_INFO *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, pcpi->cPolicyQualifier * sizeof(pcpi->rgPolicyQualifier[0])); if (NULL == pcpi->rgPolicyQualifier) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
hr = infSetupFindFirstLine(hInf, pwszSection, NULL, &InfContext); _JumpIfErrorStr(hr, error, "infSetupFindFirstLine", pwszSection);
for (i = 0; ; ) { // handle one URL or text message
hr = infBuildPolicyElement(&InfContext, &pcpi->rgPolicyQualifier[i]); if (S_FALSE != hr) { _JumpIfErrorStr(hr, error, "infBuildPolicyElement", pwszSection);
i++; } if (!SetupFindNextLine(&InfContext, &InfContext)) { hr = myHLastError(); _PrintErrorStr2(hr, "SetupFindNextLine", pwszSection, hr); break; } } CSASSERT(i == pcpi->cPolicyQualifier); hr = S_OK;
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, pwszSection, NULL, L"???"); } CSILOG( hr, IDS_ILOG_CAPOLICY_BUILD, pwszSection, S_OK == hr || L'\0' == wszValue[0]? NULL : wszValue, NULL); return(hr);}
VOIDinfFreePolicy( IN OUT CERT_POLICY_INFO *pcpi){ DWORD i; CERT_POLICY_QUALIFIER_INFO *pcpqi;
if (NULL != pcpi->pszPolicyIdentifier) { LocalFree(pcpi->pszPolicyIdentifier); } if (NULL != pcpi->rgPolicyQualifier) { for (i = 0; i < pcpi->cPolicyQualifier; i++) { pcpqi = &pcpi->rgPolicyQualifier[i]; if (NULL != pcpqi->Qualifier.pbData) { LocalFree(pcpqi->Qualifier.pbData); } } LocalFree(pcpi->rgPolicyQualifier); }}
HRESULTmyInfOpenFile( OPTIONAL IN WCHAR const *pwszfnPolicy, OUT HINF *phInf, OUT DWORD *pErrorLine){ HRESULT hr; HINF hInf; WCHAR wszPath[MAX_PATH]; UINT ErrorLine; DWORD Flags;
*phInf = INVALID_HANDLE_VALUE; *pErrorLine = 0; myInfClearError();
if (NULL == pwszfnPolicy) { if (0 == GetEnvironmentVariable( L"SystemRoot", wszPath, ARRAYSIZE(wszPath) - ARRAYSIZE(wszBSCAPOLICYFILE))) { hr = HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND); _JumpError(hr, error, "GetEnvironmentVariable"); } wcscat(wszPath, wszBSCAPOLICYFILE); pwszfnPolicy = wszPath; } else { if (NULL == wcschr(pwszfnPolicy, L'\\')) { if (ARRAYSIZE(wszPath) <= 2 + wcslen(pwszfnPolicy)) { hr = HRESULT_FROM_WIN32(ERROR_FILENAME_EXCED_RANGE); _JumpErrorStr(hr, error, "filename too long", pwszfnPolicy); } wcscpy(wszPath, L".\\"); wcscat(wszPath, pwszfnPolicy); pwszfnPolicy = wszPath; } }
Flags = INF_STYLE_WIN4; while (TRUE) { ErrorLine = 0; *phInf = SetupOpenInfFile( pwszfnPolicy, NULL, Flags, &ErrorLine); *pErrorLine = ErrorLine; if (INVALID_HANDLE_VALUE != *phInf) { break; } hr = myHLastError(); if ((HRESULT) ERROR_WRONG_INF_STYLE == hr && INF_STYLE_WIN4 == Flags) { Flags = INF_STYLE_OLDNT; continue; } CSILOG( hr, IDS_ILOG_CAPOLICY_OPEN_FAILED, pwszfnPolicy, NULL, 0 == *pErrorLine? NULL : pErrorLine); _JumpErrorStr(hr, error, "SetupOpenInfFile", pwszfnPolicy); } CSILOG(S_OK, IDS_ILOG_CAPOLICY_OPEN, pwszfnPolicy, NULL, NULL); hr = S_OK;
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfOpenFile(%ws) hr=%x --> h=%x\n", pwszfnPolicy, hr, *phInf)); return(hr);}
VOIDmyInfCloseFile( IN HINF hInf){ if (NULL != hInf && INVALID_HANDLE_VALUE != hInf) { WCHAR *pwszInfError = myInfGetError();
SetupCloseInfFile(hInf); CSILOG(S_OK, IDS_ILOG_CAPOLICY_CLOSE, pwszInfError, NULL, NULL); if (NULL != pwszInfError) { LocalFree(pwszInfError); } } DBGPRINT((DBG_SS_CERTLIBI, "myInfCloseFile(%x)\n", hInf));}
HRESULTmyInfParseBooleanValue( IN WCHAR const *pwszValue, OUT BOOL *pfValue){ HRESULT hr; DWORD i; static WCHAR const * const s_apwszTrue[] = { L"True", L"Yes", L"On", L"1" }; static WCHAR const * const s_apwszFalse[] = { L"False", L"No", L"Off", L"0" };
*pfValue = FALSE; for (i = 0; i < ARRAYSIZE(s_apwszTrue); i++) { if (0 == lstrcmpi(pwszValue, s_apwszTrue[i])) { *pfValue = TRUE; break; } } if (i == ARRAYSIZE(s_apwszTrue)) { for (i = 0; i < ARRAYSIZE(s_apwszFalse); i++) { if (0 == lstrcmpi(pwszValue, s_apwszFalse[i])) { break; } } if (i == ARRAYSIZE(s_apwszFalse)) { hr = E_INVALIDARG; _JumpErrorStr(hr, error, "bad boolean value string", pwszValue); } } hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, NULL, NULL, pwszValue); } return(hr);}
HRESULTmyInfGetBooleanValue( IN HINF hInf, IN WCHAR const *pwszSection, IN WCHAR const *pwszKey, IN BOOL fIgnoreMissingKey, OUT BOOL *pfValue){ HRESULT hr; INFCONTEXT InfContext; DWORD i; WCHAR wszValue[cwcVALUEMAX];
*pfValue = FALSE; myInfClearError();
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf);
hr = infSetupFindFirstLine(hInf, pwszSection, pwszKey, &InfContext); _PrintIfErrorStr3( hr, "infSetupFindFirstLine", pwszSection, ERROR_LINE_NOT_FOUND, S_FALSE); _JumpIfErrorStr3( hr, error, "infSetupFindFirstLine", pwszKey, ERROR_LINE_NOT_FOUND, S_FALSE);
if (!SetupGetStringField( &InfContext, 1, wszValue, ARRAYSIZE(wszValue), NULL)) { hr = myHLastError(); _JumpErrorStr(hr, error, "SetupGetStringField", pwszKey); }
DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetBooleanValue --> '%ws'\n", wszValue));
hr = myInfParseBooleanValue(wszValue, pfValue); _JumpIfError(hr, error, "myInfParseBooleanValue");
error: if (S_OK != hr && ((HRESULT) ERROR_LINE_NOT_FOUND != hr || !fIgnoreMissingKey)) { INFSETERROR(hr, pwszSection, pwszKey, NULL); } DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetBooleanValue(%ws, %ws) hr=%x --> f=%d\n", pwszSection, pwszKey, hr, *pfValue)); return(hr);}
HRESULTinfGetCriticalFlag( IN HINF hInf, IN WCHAR const *pwszSection, IN BOOL fDefault, OUT BOOL *pfCritical){ HRESULT hr;
hr = myInfGetBooleanValue( hInf, pwszSection, wszINFKEY_CRITICAL, TRUE, pfCritical); if (S_OK != hr) { *pfCritical = fDefault; if ((HRESULT) ERROR_LINE_NOT_FOUND != hr && S_FALSE != hr) { _JumpErrorStr(hr, error, "myInfGetBooleanValue", pwszSection); } hr = S_OK; }
error: DBGPRINT(( DBG_SS_CERTLIBI, "infGetCriticalFlag(%ws) hr=%x --> f=%d\n", pwszSection, hr, *pfCritical)); return(hr);}
//+------------------------------------------------------------------------
// infGetPolicyStatementExtensionSub -- build policy extension from INF file
//
// [pwszSection]
// Policies = LegalPolicy, LimitedUsePolicy, ExtraPolicy
//
// [LegalPolicy]
// OID = 1.3.6.1.4.1.311.21.43
// Notice = "Legal policy statement text."
//
// [LimitedUsePolicy]
// OID = 1.3.6.1.4.1.311.21.47
// URL = "http://http.site.com/some where/default.asp"
// URL = "ftp://ftp.site.com/some where else/default.asp"
// Notice = "Limited use policy statement text."
// URL = "ldap://ldap.site.com/some where else again/default.asp"
//
// [ExtraPolicy]
// OID = 1.3.6.1.4.1.311.21.53
// URL = http://extra.site.com/Extra Policy/default.asp
//
// Return S_OK if extension has been constructed from the INF file
// Return S_FALSE if empty section detected in INF file
// Return other error if no section detected in INF file
//-------------------------------------------------------------------------
HRESULTinfGetPolicyStatementExtensionSub( IN HINF hInf, IN WCHAR const *pwszSection, IN char const *pszObjId, OUT CERT_EXTENSION *pext){ HRESULT hr; CERT_POLICIES_INFO PoliciesInfo; INFCONTEXT InfContext; DWORD i; WCHAR wszValue[cwcVALUEMAX];
wszValue[0] = L'\0'; ZeroMemory(&PoliciesInfo, sizeof(PoliciesInfo)); ZeroMemory(pext, sizeof(*pext));
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf); hr = infSetupFindFirstLine( hInf, pwszSection, wszINFKEY_POLICIES, &InfContext); if (S_OK != hr) { CSILOG( hr, IDS_ILOG_CAPOLICY_NOKEY, pwszSection, wszINFKEY_POLICIES, NULL); _JumpErrorStr3( hr, error, "infSetupFindFirstLine", pwszSection, S_FALSE, ERROR_LINE_NOT_FOUND); }
// First, count the policies.
PoliciesInfo.cPolicyInfo = SetupGetFieldCount(&InfContext); if (0 == PoliciesInfo.cPolicyInfo) { hr = S_FALSE; _JumpError(hr, error, "SetupGetFieldCount"); }
// Next, allocate memory.
PoliciesInfo.rgPolicyInfo = (CERT_POLICY_INFO *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, PoliciesInfo.cPolicyInfo * sizeof(PoliciesInfo.rgPolicyInfo[0])); if (NULL == PoliciesInfo.rgPolicyInfo) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
// Finally! Fill in the policies data.
for (i = 0; i < PoliciesInfo.cPolicyInfo; i++) { if (!SetupGetStringField( &InfContext, i + 1, wszValue, ARRAYSIZE(wszValue), NULL)) { hr = myHLastError(); _JumpErrorStr2(hr, error, "SetupGetStringField", wszINFKEY_POLICIES, hr); } DBGPRINT((DBG_SS_CERTLIBI, "%ws[%u] = %ws\n", wszINFKEY_POLICIES, i, wszValue));
hr = infBuildPolicy(hInf, wszValue, &PoliciesInfo.rgPolicyInfo[i]); _JumpIfErrorStr(hr, error, "infBuildPolicy", wszValue); }
hr = infGetCriticalFlag(hInf, pwszSection, FALSE, &pext->fCritical); _JumpIfError(hr, error, "infGetCriticalFlag");
if (!myEncodeObject( X509_ASN_ENCODING, X509_CERT_POLICIES, &PoliciesInfo, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); }
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, pwszSection, wszINFKEY_POLICIES, wszValue); } pext->pszObjId = const_cast<char *>(pszObjId); // on error, too!
if (NULL != PoliciesInfo.rgPolicyInfo) { for (i = 0; i < PoliciesInfo.cPolicyInfo; i++) { infFreePolicy(&PoliciesInfo.rgPolicyInfo[i]); } LocalFree(PoliciesInfo.rgPolicyInfo); } CSILOG( hr, IDS_ILOG_CAPOLICY_EXTENSION, S_OK == hr || L'\0' == wszValue[0]? NULL : wszValue, NULL, NULL); return(hr);}
//+------------------------------------------------------------------------
// myInfGetPolicyStatementExtension -- build policy extension from INF file
//
// [PolicyStatementExtension]
// Policies = LegalPolicy, LimitedUsePolicy, ExtraPolicy
// ...
//
// OR
//
// [CAPolicy]
// Policies = LegalPolicy, LimitedUsePolicy, ExtraPolicy
// ...
//
// Return S_OK if extension has been constructed from the INF file
// Return S_FALSE if empty section detected in INF file
// Return other error if no section detected in INF file
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetPolicyStatementExtension;
HRESULTmyInfGetPolicyStatementExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } myInfClearError(); hr = infGetPolicyStatementExtensionSub( hInf, wszINFSECTION_POLICYSTATEMENT, szOID_CERT_POLICIES, pext); if (S_OK != hr) { HRESULT hr2; hr2 = infGetPolicyStatementExtensionSub( hInf, wszINFSECTION_CAPOLICY, szOID_CERT_POLICIES, pext); if (S_FALSE == hr2 && (HRESULT) ERROR_LINE_NOT_FOUND == hr) { hr = hr2; } } _JumpIfErrorStr3( hr, error, "infGetPolicyStatementExtensionSub", wszINFSECTION_POLICYSTATEMENT, ERROR_LINE_NOT_FOUND, S_FALSE);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetPolicyStatementExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
//+------------------------------------------------------------------------
// myInfGetApplicationPolicyStatementExtension -- build application policy
// extension from INF file
//
// [ApplicationPolicyStatementExtension]
// Policies = LegalPolicy, LimitedUsePolicy, ExtraPolicy
// ...
//
// Return S_OK if extension has been constructed from the INF file
// Return S_FALSE if empty section detected in INF file
// Return other error if no section detected in INF file
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetApplicationPolicyStatementExtension;
HRESULTmyInfGetApplicationPolicyStatementExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } myInfClearError(); hr = infGetPolicyStatementExtensionSub( hInf, wszINFSECTION_APPLICATIONPOLICYSTATEMENT, szOID_APPLICATION_CERT_POLICIES, pext); _JumpIfErrorStr3( hr, error, "infGetPolicyStatementExtensionSub", wszINFSECTION_APPLICATIONPOLICYSTATEMENT, S_FALSE, ERROR_LINE_NOT_FOUND);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetApplicationPolicyStatementExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
HRESULTinfGetCurrentKeyValue( IN OUT INFCONTEXT *pInfContext, IN DWORD Index, OUT WCHAR **ppwszValue){ HRESULT hr; WCHAR wszValue[1024];
*ppwszValue = NULL; wszValue[0] = L'\0'; if (!SetupGetStringField( pInfContext, Index, wszValue, ARRAYSIZE(wszValue), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } hr = myDupString(wszValue, ppwszValue); _JumpIfError(hr, error, "myDupString");
error: return(hr);}
HRESULTmyinfGetCRLPublicationParams( IN HINF hInf, IN LPCWSTR szInfSection_CRLPeriod, IN LPCWSTR szInfSection_CRLCount, OUT LPWSTR* ppwszCRLPeriod, OUT DWORD* pdwCRLCount){ HRESULT hr;
// Retrieve units count and string. If either fails, both are discarded.
*ppwszCRLPeriod = NULL; hr = myInfGetNumericKeyValue( hInf, FALSE, wszINFSECTION_CERTSERVER, szInfSection_CRLCount, pdwCRLCount); _JumpIfErrorStr2( hr, error, "myInfGetNumericKeyValue", szInfSection_CRLCount, ERROR_LINE_NOT_FOUND);
hr = myInfGetKeyValue( hInf, FALSE, wszINFSECTION_CERTSERVER, szInfSection_CRLPeriod, ppwszCRLPeriod); _JumpIfErrorStr2( hr, error, "myInfGetKeyValue", szInfSection_CRLPeriod, ERROR_LINE_NOT_FOUND);
error:
return hr;}
//+------------------------------------------------------------------------
// myInfGetKeyValue -- fetch a string value from INF file
//
// [pwszSection]
// pwszKey = string
//
// Returns: allocated string key value
//-------------------------------------------------------------------------
HRESULTmyInfGetKeyValue( IN HINF hInf, IN BOOL fLog, IN WCHAR const *pwszSection, IN WCHAR const *pwszKey, OUT WCHAR **ppwszValue){ HRESULT hr; INFCONTEXT InfContext; WCHAR *pwszValue = NULL; WCHAR *pwszT = NULL;
*ppwszValue = NULL; myInfClearError();
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf); hr = infSetupFindFirstLine(hInf, pwszSection, pwszKey, &InfContext); if (S_OK != hr) { if (fLog) { CSILOG(hr, IDS_ILOG_CAPOLICY_NOKEY, pwszSection, pwszKey, NULL); } _JumpErrorStr2( hr, error, "infSetupFindFirstLine", pwszKey, ERROR_LINE_NOT_FOUND); }
hr = infGetCurrentKeyValue(&InfContext, 1, &pwszValue); _JumpIfError(hr, error, "infGetCurrentKeyValue");
while (TRUE) { DWORD cwc; WCHAR *pwsz; if (!SetupFindNextLine(&InfContext, &InfContext)) { break; } hr = infGetCurrentKeyValue(&InfContext, 0, &pwszT); _JumpIfError(hr, error, "infGetCurrentKeyValue");
if (0 != lstrcmpi(wszINFKEY_CONTINUE, pwszT)) { break; } LocalFree(pwszT); pwszT = NULL;
hr = infGetCurrentKeyValue(&InfContext, 1, &pwszT); _JumpIfError(hr, error, "infGetCurrentKeyValue");
cwc = wcslen(pwszValue) + wcslen(pwszT); pwsz = (WCHAR *) LocalAlloc(LMEM_FIXED, (cwc + 1) * sizeof(WCHAR)); if (NULL == pwsz) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } wcscpy(pwsz, pwszValue); wcscat(pwsz, pwszT);
LocalFree(pwszValue); pwszValue = pwsz;
LocalFree(pwszT); pwszT = NULL; } *ppwszValue = pwszValue; pwszValue = NULL; hr = S_OK;
//wprintf(L"%ws = %ws\n", pwszKey, *ppwszValue);
error: if (NULL != pwszValue) { LocalFree(pwszValue); } if (NULL != pwszT) { LocalFree(pwszT); } if (S_OK != hr && fLog) { INFSETERROR(hr, pwszSection, pwszKey, NULL); } return(hr);}
//+------------------------------------------------------------------------
// myInfGetNumericKeyValue -- fetch a numeric value from INF file
//
// [pwszSection]
// pwszKey = 2048
//
// Returns: DWORD key value
//-------------------------------------------------------------------------
HRESULTmyInfGetNumericKeyValue( IN HINF hInf, IN BOOL fLog, IN WCHAR const *pwszSection, IN WCHAR const *pwszKey, OUT DWORD *pdwValue){ HRESULT hr; INFCONTEXT InfContext; INT Value;
myInfClearError(); CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf); if (!SetupFindFirstLine(hInf, pwszSection, pwszKey, &InfContext)) { hr = myHLastError(); if (fLog) { CSILOG(hr, IDS_ILOG_CAPOLICY_NOKEY, pwszSection, pwszKey, NULL); } _PrintErrorStr2( hr, "SetupFindFirstLine", pwszKey, ERROR_LINE_NOT_FOUND); _JumpErrorStr2( hr, error, "SetupFindFirstLine", pwszSection, ERROR_LINE_NOT_FOUND); }
if (!SetupGetIntField(&InfContext, 1, &Value)) { hr = myHLastError(); if (fLog) { CSILOG(hr, IDS_ILOG_BAD_NUMERICFIELD, pwszSection, pwszKey, NULL); } _JumpErrorStr(hr, error, "SetupGetIntField", pwszKey); } *pdwValue = Value; DBGPRINT((DBG_SS_CERTLIBI, "%ws = %u\n", pwszKey, *pdwValue)); hr = S_OK;
error: if (S_OK != hr && fLog) { INFSETERROR(hr, pwszSection, pwszKey, NULL); } return(hr);}
//+------------------------------------------------------------------------
// myInfGetKeyLength -- fetch the renewal key length from CAPolicy.inf
//
// [certsrv_server]
// RenewalKeyLength = 2048
//
// Returns: DWORD key kength
//-------------------------------------------------------------------------
HRESULTmyInfGetKeyLength( IN HINF hInf, OUT DWORD *pdwKeyLength){ HRESULT hr;
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } myInfClearError(); hr = myInfGetNumericKeyValue( hInf, TRUE, // fLog
wszINFSECTION_CERTSERVER, wszINFKEY_RENEWALKEYLENGTH, pdwKeyLength); _JumpIfErrorStr2( hr, error, "myInfGetNumericKeyValue", wszINFKEY_RENEWALKEYLENGTH, ERROR_LINE_NOT_FOUND);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetKeyLength hr=%x --> len=%x\n", hr, *pdwKeyLength)); return(hr);}
//+------------------------------------------------------------------------
// infGetValidityPeriodSub -- fetch validity period & units from CAPolicy.inf
//
// [certsrv_server]
// xxxxValidityPeriod = 8 (count)
// xxxxValidityPeriodUnits = Years (string)
//
// Returns: validity period count and enum
//-------------------------------------------------------------------------
HRESULTinfGetValidityPeriodSub( IN HINF hInf, IN BOOL fLog, IN WCHAR const *pwszInfKeyNameCount, IN WCHAR const *pwszInfKeyNameString, OPTIONAL IN WCHAR const *pwszValidityPeriodCount, OPTIONAL IN WCHAR const *pwszValidityPeriodString, OUT DWORD *pdwValidityPeriodCount, OUT ENUM_PERIOD *penumValidityPeriod){ HRESULT hr; INFCONTEXT InfContext; WCHAR *pwszStringValue = NULL; BOOL fValidCount = TRUE; UINT idsLog = IDS_ILOG_BAD_VALIDITY_STRING;
*pdwValidityPeriodCount = 0; *penumValidityPeriod = ENUM_PERIOD_INVALID;
if (NULL == pwszValidityPeriodCount && NULL == pwszValidityPeriodString) { if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); }
hr = myInfGetNumericKeyValue( hInf, fLog, wszINFSECTION_CERTSERVER, pwszInfKeyNameCount, pdwValidityPeriodCount); _JumpIfErrorStr2( hr, error, "myInfGetNumericKeyValue", pwszInfKeyNameCount, ERROR_LINE_NOT_FOUND);
hr = myInfGetKeyValue( hInf, fLog, wszINFSECTION_CERTSERVER, pwszInfKeyNameString, &pwszStringValue); if (S_OK != hr && fLog) { INFSETERROR(hr, wszINFSECTION_CERTSERVER, pwszInfKeyNameString, NULL); } _JumpIfErrorStr(hr, error, "myInfGetKeyValue", pwszInfKeyNameString);
pwszValidityPeriodString = pwszStringValue; } else { if (NULL != pwszValidityPeriodCount) { *pdwValidityPeriodCount = myWtoI( pwszValidityPeriodCount, &fValidCount); } idsLog = IDS_ILOG_BAD_VALIDITY_STRING_UNATTEND; }
DBGPRINT(( DBG_SS_CERTLIBI, "%ws = %u -- %ws = %ws\n", pwszInfKeyNameCount, *pdwValidityPeriodCount, pwszInfKeyNameString, pwszValidityPeriodString));
if (NULL != pwszValidityPeriodString) { if (0 == lstrcmpi(wszPERIODYEARS, pwszValidityPeriodString)) { *penumValidityPeriod = ENUM_PERIOD_YEARS; } else if (0 == lstrcmpi(wszPERIODMONTHS, pwszValidityPeriodString)) { *penumValidityPeriod = ENUM_PERIOD_MONTHS; } else if (0 == lstrcmpi(wszPERIODWEEKS, pwszValidityPeriodString)) { *penumValidityPeriod = ENUM_PERIOD_WEEKS; } else if (0 == lstrcmpi(wszPERIODDAYS, pwszValidityPeriodString)) { *penumValidityPeriod = ENUM_PERIOD_DAYS; } else if (fLog) { INFSETERROR( hr, wszINFSECTION_CERTSERVER, pwszInfKeyNameString, pwszValidityPeriodString); } }
DBGPRINT(( DBG_SS_CERTLIBI, "%ws = %u (%ws)\n", pwszInfKeyNameString, *penumValidityPeriod, pwszValidityPeriodString));
if (!fValidCount || (ENUM_PERIOD_YEARS == *penumValidityPeriod && fValidCount && 9999 < *pdwValidityPeriodCount)) { hr = E_INVALIDARG; if (fLog) { WCHAR awcCount[20]; if (NULL == pwszValidityPeriodCount) { wsprintf(awcCount, L"%d", *pdwValidityPeriodCount); } INFSETERROR( hr, wszINFSECTION_CERTSERVER, pwszInfKeyNameCount, NULL != pwszValidityPeriodCount? pwszValidityPeriodCount : awcCount); CSILOG( hr, idsLog, wszINFSECTION_CERTSERVER, NULL == pwszValidityPeriodCount? pwszInfKeyNameCount : NULL, pdwValidityPeriodCount); } _JumpIfErrorStr( hr, error, "bad ValidityPeriod count value", pwszValidityPeriodCount); } hr = S_OK;
error: if (NULL != pwszStringValue) { LocalFree(pwszStringValue); } return(hr);}
//+------------------------------------------------------------------------
// infGetValidityPeriod -- fetch renewal period & units from CAPolicy.inf
//
// [certsrv_server]
// xxxxValidityPeriod = 8
// xxxxValidityPeriodUnits = Years
//
// Returns: validity period count and enum
//-------------------------------------------------------------------------
HRESULTmyInfGetValidityPeriod( IN HINF hInf, OPTIONAL IN WCHAR const *pwszValidityPeriodCount, OPTIONAL IN WCHAR const *pwszValidityPeriodString, OUT DWORD *pdwValidityPeriodCount, OUT ENUM_PERIOD *penumValidityPeriod, OPTIONAL OUT BOOL *pfSwap){ HRESULT hr;
if ((NULL == hInf || INVALID_HANDLE_VALUE == hInf) && NULL == pwszValidityPeriodCount && NULL == pwszValidityPeriodString) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } myInfClearError();
if (NULL != pfSwap) { *pfSwap = FALSE; }
// Try correct order:
// [certsrv_server]
// xxxxValidityPeriod = 8 (count)
// xxxxValidityPeriodUnits = Years (string)
hr = infGetValidityPeriodSub( hInf, TRUE, wszINFKEY_RENEWALVALIDITYPERIODCOUNT, wszINFKEY_RENEWALVALIDITYPERIODSTRING, pwszValidityPeriodCount, pwszValidityPeriodString, pdwValidityPeriodCount, penumValidityPeriod); _PrintIfError2(hr, "infGetValidityPeriodSub", ERROR_LINE_NOT_FOUND);
if (S_OK != hr) { // Try backwards:
// [certsrv_server]
// xxxxValidityPeriodUnits = 8 (count)
// xxxxValidityPeriod = Years (string)
hr = infGetValidityPeriodSub( hInf, FALSE, wszINFKEY_RENEWALVALIDITYPERIODSTRING, wszINFKEY_RENEWALVALIDITYPERIODCOUNT, pwszValidityPeriodString, pwszValidityPeriodCount, pdwValidityPeriodCount, penumValidityPeriod); _JumpIfError2( hr, error, "infGetValidityPeriodSub", ERROR_LINE_NOT_FOUND);
if (NULL != pfSwap) { *pfSwap = TRUE; } }
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetValidityPeriod hr=%x --> c=%d, enum=%d\n", hr, *pdwValidityPeriodCount, *penumValidityPeriod)); return(hr);}
HRESULTinfFindNextKey( IN WCHAR const *pwszKey, IN OUT INFCONTEXT *pInfContext){ HRESULT hr; DWORD cwc; WCHAR wszKey[MAX_PATH];
while (TRUE) { if (!SetupFindNextLine(pInfContext, pInfContext)) { hr = myHLastError(); _PrintErrorStr2(hr, "SetupFindNextLine", pwszKey, hr); if ((HRESULT) ERROR_LINE_NOT_FOUND == hr) { hr = S_FALSE; } _JumpError2(hr, error, "SetupFindNextLine", hr); } if (!SetupGetStringField( pInfContext, 0, wszKey, ARRAYSIZE(wszKey), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } if (0 == lstrcmpi(pwszKey, wszKey)) { break; } } hr = S_OK;
error: return(hr);}
//+------------------------------------------------------------------------
// myInfGetKeyList -- fetch a list of key values from CAPolicy.inf
//
// [pwszSection]
// pwszKey = Value1
// pwszKey = Value2
//
// Returns: double null terminated list of values
//-------------------------------------------------------------------------
HRESULTmyInfGetKeyList( IN HINF hInf, IN WCHAR const *pwszSection, IN WCHAR const *pwszKey, OUT BOOL *pfCritical, OUT WCHAR **ppwszz){ HRESULT hr; INFCONTEXT InfContext; DWORD iVal; DWORD cwc; WCHAR *pwsz; WCHAR **apwszVal = NULL; DWORD cVal; WCHAR *pwszBuf = NULL; DWORD cwcBuf = 0;
*ppwszz = NULL; *pfCritical = FALSE; myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } hr = infSetupFindFirstLine(hInf, pwszSection, pwszKey, &InfContext); if (S_OK != hr) { CSILOG(hr, IDS_ILOG_CAPOLICY_NOKEY, pwszSection, pwszKey, NULL); _JumpErrorStr3( hr, error, "infSetupFindFirstLine", pwszSection, S_FALSE, ERROR_LINE_NOT_FOUND); }
cVal = 0; while (TRUE) { if (!SetupGetStringField(&InfContext, 1, NULL, 0, &cwc)) { hr = myHLastError(); _JumpErrorStr(hr, error, "SetupGetStringField", pwszKey); } cVal++; if (cwcBuf < cwc) { cwcBuf = cwc; } hr = infFindNextKey(pwszKey, &InfContext); if (S_FALSE == hr) { break; } _JumpIfErrorStr(hr, error, "infFindNextKey", pwszKey); }
pwszBuf = (WCHAR *) LocalAlloc(LMEM_FIXED, cwcBuf * sizeof(WCHAR)); if (NULL == pwszBuf) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
apwszVal = (WCHAR **) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, cVal * sizeof(apwszVal[0])); if (NULL == apwszVal) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
hr = infSetupFindFirstLine(hInf, pwszSection, pwszKey, &InfContext); _JumpIfErrorStr(hr, error, "infSetupFindFirstLine", pwszSection);
cwc = 1; iVal = 0; while (TRUE) { if (!SetupGetStringField(&InfContext, 1, pwszBuf, cwcBuf, NULL)) { hr = myHLastError(); _JumpErrorStr(hr, error, "SetupGetStringField", pwszKey); }
hr = myDupString(pwszBuf, &apwszVal[iVal]); _JumpIfError(hr, error, "myDupString");
DBGPRINT((DBG_SS_CERTLIBI, "%ws = %ws\n", pwszKey, apwszVal[iVal]));
cwc += wcslen(apwszVal[iVal]) + 1; iVal++;
hr = infFindNextKey(pwszKey, &InfContext); if (S_FALSE == hr) { break; } _JumpIfErrorStr(hr, error, "infFindNextKey", pwszKey); } CSASSERT(iVal == cVal);
*ppwszz = (WCHAR *) LocalAlloc(LMEM_FIXED, cwc * sizeof(WCHAR)); if (NULL == *ppwszz) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } pwsz = *ppwszz; for (iVal = 0; iVal < cVal; iVal++) { wcscpy(pwsz, apwszVal[iVal]); pwsz += wcslen(pwsz) + 1; } *pwsz = L'\0'; CSASSERT(cwc == 1 + SAFE_SUBTRACT_POINTERS(pwsz, *ppwszz));
if (NULL != pfCritical) { hr = infGetCriticalFlag(hInf, pwszSection, FALSE, pfCritical); _JumpIfError(hr, error, "infGetCriticalFlag"); } hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, pwszSection, pwszKey, NULL); } if (NULL != apwszVal) { for (iVal = 0; iVal < cVal; iVal++) { if (NULL != apwszVal[iVal]) { LocalFree(apwszVal[iVal]); } } LocalFree(apwszVal); } if (NULL != pwszBuf) { LocalFree(pwszBuf); } return(hr);}
//+------------------------------------------------------------------------
// myInfGetCRLDistributionPoints -- fetch CDP URLs from CAPolicy.inf
//
// [CRLDistributionPoint]
// URL = http://CRLhttp.site.com/Public/MyCA.crl
// URL = ftp://CRLftp.site.com/Public/MyCA.crl
//
// Returns: double null terminated list of CDP URLs
//-------------------------------------------------------------------------
HRESULTmyInfGetCRLDistributionPoints( IN HINF hInf, OUT BOOL *pfCritical, OUT WCHAR **ppwszz){ HRESULT hr;
hr = myInfGetKeyList( hInf, wszINFSECTION_CDP, wszINFKEY_URL, pfCritical, ppwszz); _JumpIfErrorStr4( hr, error, "myInfGetKeyList", wszINFSECTION_CDP, ERROR_LINE_NOT_FOUND, S_FALSE, E_HANDLE);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetCRLDistributionPoints hr=%x --> f=%d\n", hr, *pfCritical)); return(hr);}
//+------------------------------------------------------------------------
// myInfGetAuthorityInformationAccess -- fetch AIA URLs from CAPolicy.inf
//
// [AuthorityInformationAccess]
// URL = http://CRThttp.site.com/Public/MyCA.crt
// URL = ftp://CRTftp.site.com/Public/MyCA.crt
//
// Returns: double null terminated list of AIA URLs
//-------------------------------------------------------------------------
HRESULTmyInfGetAuthorityInformationAccess( IN HINF hInf, OUT BOOL *pfCritical, OUT WCHAR **ppwszz){ HRESULT hr;
hr = myInfGetKeyList( hInf, wszINFSECTION_AIA, wszINFKEY_URL, pfCritical, ppwszz); _JumpIfErrorStr4( hr, error, "myInfGetKeyList", wszINFSECTION_AIA, ERROR_LINE_NOT_FOUND, S_FALSE, E_HANDLE);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetAuthorityInformationAccess hr=%x --> f=%d\n", hr, *pfCritical)); return(hr);}
//+------------------------------------------------------------------------
// myInfGetEnhancedKeyUsage -- fetch EKU OIDS from CAPolicy.inf
//
// [EnhancedKeyUsage]
// OID = 1.2.3.4.5
// OID = 1.2.3.4.6
//
// Returns: double null terminated list of EKU OIDs
//-------------------------------------------------------------------------
HRESULTmyInfGetEnhancedKeyUsage( IN HINF hInf, OUT BOOL *pfCritical, OUT WCHAR **ppwszz){ HRESULT hr;
hr = myInfGetKeyList( hInf, wszINFSECTION_EKU, wszINFKEY_OID, pfCritical, ppwszz); _JumpIfErrorStr4( hr, error, "myInfGetKeyList", wszINFSECTION_EKU, ERROR_LINE_NOT_FOUND, S_FALSE, E_HANDLE);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetEnhancedKeyUsage hr=%x --> f=%d\n", hr, *pfCritical)); return(hr);}
//+--------------------------------------------------------------------------
// infGetBasicConstraints2CAExtension -- fetch basic constraints extension
// from INF file, setting the SubjectType flag to CA
//
// If the INF handle is bad, or if the INF section does not exist, construct
// a default extension only if fDefault is set, otherwise fail.
//
// [BasicConstraintsExtension]
// ; Subject Type is not supported -- always set to CA
// ; maximum subordinate CA path length
// PathLength = 3
//
// Return S_OK if extension has been constructed from INF file.
//
// Returns: encoded basic constraints extension
//+--------------------------------------------------------------------------
HRESULTinfGetBasicConstraints2CAExtension( IN BOOL fDefault, IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr; CERT_BASIC_CONSTRAINTS2_INFO bc2i; INFCONTEXT InfContext;
ZeroMemory(pext, sizeof(*pext)); ZeroMemory(&bc2i, sizeof(bc2i)); myInfClearError();
pext->fCritical = TRUE; // default value for both INF and default cases
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { if (!fDefault) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } } else { hr = infSetupFindFirstLine( hInf, wszINFSECTION_BASICCONSTRAINTS, NULL, &InfContext); if (S_OK != hr) { if (!fDefault) { _JumpErrorStr3( hr, error, "infSetupFindFirstLine", wszINFSECTION_BASICCONSTRAINTS, S_FALSE, ERROR_LINE_NOT_FOUND); } } else { hr = infGetCriticalFlag( hInf, wszINFSECTION_BASICCONSTRAINTS, pext->fCritical, // fDefault
&pext->fCritical); _JumpIfError(hr, error, "infGetCriticalFlag");
bc2i.fPathLenConstraint = TRUE; hr = myInfGetNumericKeyValue( hInf, TRUE, // fLog
wszINFSECTION_BASICCONSTRAINTS, wszINFKEY_PATHLENGTH, &bc2i.dwPathLenConstraint); if (S_OK != hr) { _PrintErrorStr2( hr, "myInfGetNumericKeyValue", wszINFKEY_PATHLENGTH, ERROR_LINE_NOT_FOUND); if ((HRESULT) ERROR_LINE_NOT_FOUND != hr) { goto error; } bc2i.dwPathLenConstraint = 0; bc2i.fPathLenConstraint = FALSE; } } } bc2i.fCA = TRUE;
if (!myEncodeObject( X509_ASN_ENCODING, X509_BASIC_CONSTRAINTS2, &bc2i, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); } hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, wszINFSECTION_BASICCONSTRAINTS, NULL, NULL); } pext->pszObjId = szOID_BASIC_CONSTRAINTS2; // on error, too!
DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetBasicConstraints2CAExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
//+--------------------------------------------------------------------------
// myInfGetBasicConstraints2CAExtension -- fetch basic constraints extension
// from INF file, setting the SubjectType flag to CA
//
// [BasicConstraintsExtension]
// ; Subject Type is not supported -- always set to CA
// ; maximum subordinate CA path length
// PathLength = 3
//
// Return S_OK if extension has been constructed from INF file.
//
// Returns: encoded basic constraints extension
//+--------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetBasicConstraints2CAExtension;
HRESULTmyInfGetBasicConstraints2CAExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
hr = infGetBasicConstraints2CAExtension(FALSE, hInf, pext); _JumpIfError3( hr, error, "infGetBasicConstraints2CAExtension", S_FALSE, ERROR_LINE_NOT_FOUND);
error: return(hr);}
FNMYINFGETEXTENSION myInfGetBasicConstraints2CAExtensionOrDefault;
HRESULTmyInfGetBasicConstraints2CAExtensionOrDefault( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
hr = infGetBasicConstraints2CAExtension(TRUE, hInf, pext); _JumpIfError(hr, error, "infGetBasicConstraints2CAExtension");
error: return(hr);}
//+--------------------------------------------------------------------------
// myInfGetEnhancedKeyUsageExtension -- fetch EKU extension from INF file
//
// [EnhancedKeyUsageExtension]
// OID = 1.2.3.4.5
// OID = 1.2.3.4.6
//
// Return S_OK if extension has been constructed from INF file.
// Return S_FALSE if empty section detected in INF file
// Return other error if no section detected in INF file
//
// Returns: encoded enhanced key usage extension
//+--------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetEnhancedKeyUsageExtension;
HRESULTmyInfGetEnhancedKeyUsageExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr; DWORD i; DWORD cEKU = 0; WCHAR *pwszzEKU = NULL; WCHAR *pwszCurrentEKU; CERT_ENHKEY_USAGE ceku;
ceku.rgpszUsageIdentifier = NULL; ZeroMemory(pext, sizeof(*pext)); myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } hr = myInfGetEnhancedKeyUsage(hInf, &pext->fCritical, &pwszzEKU); _JumpIfError3( hr, error, "myInfGetEnhancedKeyUsage", S_FALSE, ERROR_LINE_NOT_FOUND);
pwszCurrentEKU = pwszzEKU; if (NULL != pwszCurrentEKU) { while (L'\0' != *pwszCurrentEKU) { cEKU++; pwszCurrentEKU += wcslen(pwszCurrentEKU) + 1; } } if (0 == cEKU) { hr = S_FALSE; goto error; }
ceku.cUsageIdentifier = cEKU; ceku.rgpszUsageIdentifier = (char **) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, sizeof(ceku.rgpszUsageIdentifier[0]) * cEKU); if (NULL == ceku.rgpszUsageIdentifier) { hr = E_OUTOFMEMORY; _JumpIfError(hr, error, "LocalAlloc"); }
cEKU = 0; pwszCurrentEKU = pwszzEKU; while (L'\0' != *pwszCurrentEKU) { if (!ConvertWszToSz(&ceku.rgpszUsageIdentifier[cEKU], pwszCurrentEKU, -1)) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "ConvertWszToSz"); } cEKU++; pwszCurrentEKU += wcslen(pwszCurrentEKU) + 1; } CSASSERT(ceku.cUsageIdentifier == cEKU);
if (!myEncodeObject( X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE, &ceku, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpIfError(hr, error, "myEncodeObject"); }
error: if (S_OK != hr && E_HANDLE != hr) { INFSETERROR(hr, wszINFSECTION_EKU, NULL, NULL); } pext->pszObjId = szOID_ENHANCED_KEY_USAGE; // on error, too!
DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetEnhancedKeyUsageExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); if (NULL != ceku.rgpszUsageIdentifier) { for (i = 0; i < ceku.cUsageIdentifier; i++) { if (NULL != ceku.rgpszUsageIdentifier[i]) { LocalFree(ceku.rgpszUsageIdentifier[i]); } } LocalFree(ceku.rgpszUsageIdentifier); } if (NULL != pwszzEKU) { LocalFree(pwszzEKU); } return(hr);}
HRESULTinfAddAttribute( IN CRYPT_ATTR_BLOB const *pAttribute, IN OUT DWORD *pcAttribute, IN OUT CRYPT_ATTR_BLOB **ppaAttribute){ HRESULT hr; CRYPT_ATTR_BLOB *pAttribT; if (NULL == *ppaAttribute) { CSASSERT(0 == *pcAttribute); pAttribT = (CRYPT_ATTR_BLOB *) LocalAlloc( LMEM_FIXED, sizeof(**ppaAttribute)); } else { CSASSERT(0 != *pcAttribute); pAttribT = (CRYPT_ATTR_BLOB *) LocalReAlloc( *ppaAttribute, (*pcAttribute + 1) * sizeof(**ppaAttribute), LMEM_MOVEABLE); } if (NULL == pAttribT) { hr = E_OUTOFMEMORY; _JumpError( hr, error, NULL == *ppaAttribute? "LocalAlloc" : "LocalReAlloc"); } *ppaAttribute = pAttribT; pAttribT[(*pcAttribute)++] = *pAttribute; hr = S_OK;
error: return(hr);}
VOIDmyInfFreeRequestAttributes( IN DWORD cAttribute, IN OUT CRYPT_ATTR_BLOB *paAttribute){ if (NULL != paAttribute) { DWORD i; for (i = 0; i < cAttribute; i++) { if (NULL != paAttribute[i].pbData) { LocalFree(paAttribute[i].pbData); } } LocalFree(paAttribute); }}
//+------------------------------------------------------------------------
// myInfGetRequestAttributes -- fetch request attributes from INF file
//
// [RequestAttributes]
// AttributeName1 = AttributeValue1
// AttributeName2 = AttributeValue2
// ...
// AttributeNameN = AttributeValueN
//
// Returns: array of encoded attribute blobs
//-------------------------------------------------------------------------
HRESULTmyInfGetRequestAttributes( IN HINF hInf, OUT DWORD *pcAttribute, OUT CRYPT_ATTR_BLOB **ppaAttribute, OUT WCHAR **ppwszTemplateName){ HRESULT hr; INFCONTEXT InfContext; WCHAR wszName[MAX_PATH]; WCHAR wszValue[cwcVALUEMAX]; DWORD i; DWORD cAttribute = 0; CRYPT_ATTR_BLOB Attribute; WCHAR *pwszTemplateName = NULL;
*ppwszTemplateName = NULL; *pcAttribute = 0; *ppaAttribute = NULL; Attribute.pbData = NULL; wszName[0] = L'\0'; wszValue[0] = L'\0'; myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } hr = infSetupFindFirstLine( hInf, wszINFSECTION_REQUESTATTRIBUTES, NULL, // Key
&InfContext); _JumpIfErrorStr( hr, error, "infSetupFindFirstLine", wszINFSECTION_REQUESTATTRIBUTES);
while (TRUE) { CRYPT_ENROLLMENT_NAME_VALUE_PAIR NamePair;
wszName[0] = L'\0'; wszValue[0] = L'\0'; if (!SetupGetStringField( &InfContext, 0, wszName, ARRAYSIZE(wszName), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); }
if (!SetupGetStringField( &InfContext, 1, wszValue, ARRAYSIZE(wszValue), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); }
//wprintf(L"%ws = %ws\n", wszName, wszValue);
NamePair.pwszName = wszName; NamePair.pwszValue = wszValue;
if (0 == lstrcmpi(wszPROPCERTTEMPLATE, wszName)) { if (NULL != pwszTemplateName) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpError(hr, error, "Duplicate cert template"); } hr = myDupString(wszValue, &pwszTemplateName); _JumpIfError(hr, error, "myDupString"); }
if (!myEncodeObject( X509_ASN_ENCODING, // X509__ENROLLMENT_NAME_VALUE_PAIR
szOID_ENROLLMENT_NAME_VALUE_PAIR, &NamePair, 0, CERTLIB_USE_LOCALALLOC, &Attribute.pbData, &Attribute.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); }
hr = infAddAttribute(&Attribute, &cAttribute, ppaAttribute); _JumpIfError(hr, error, "infAddAttribute");
Attribute.pbData = NULL;
if (!SetupFindNextLine(&InfContext, &InfContext)) { hr = myHLastError(); _PrintError2(hr, "SetupFindNextLine(end)", hr); break; } } *pcAttribute = cAttribute; cAttribute = 0; *ppwszTemplateName = pwszTemplateName; pwszTemplateName = NULL;
hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, wszINFSECTION_REQUESTATTRIBUTES, wszName, wszValue); } if (NULL != pwszTemplateName) { LocalFree(pwszTemplateName); } if (NULL != Attribute.pbData) { LocalFree(Attribute.pbData); } if (0 != cAttribute) { myInfFreeRequestAttributes(cAttribute, *ppaAttribute); *ppaAttribute = NULL; }
DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetRequestAttributes hr=%x --> c=%d\n", hr, *pcAttribute)); return(hr);}
typedef struct _SUBTREEINFO{ BOOL fEmptyDefault; DWORD dwInfMinMaxIndexBase; DWORD dwAltNameChoice; WCHAR const *pwszKey;} SUBTREEINFO;
SUBTREEINFO g_aSubTreeInfo[] = { { TRUE, 2, CERT_ALT_NAME_OTHER_NAME, wszINFKEY_UPN }, { TRUE, 2, CERT_ALT_NAME_RFC822_NAME, wszINFKEY_EMAIL }, { TRUE, 2, CERT_ALT_NAME_DNS_NAME, wszINFKEY_DNS }, { TRUE, 2, CERT_ALT_NAME_DIRECTORY_NAME, wszINFKEY_DIRECTORYNAME }, { TRUE, 2, CERT_ALT_NAME_URL, wszINFKEY_URL }, { TRUE, 3, CERT_ALT_NAME_IP_ADDRESS, wszINFKEY_IPADDRESS }, { FALSE, 2, CERT_ALT_NAME_REGISTERED_ID, wszINFKEY_REGISTEREDID },};#define CSUBTREEINFO ARRAYSIZE(g_aSubTreeInfo)
#define STII_UPNOTHERNAME 0 // CERT_ALT_NAME_OTHER_NAME pOtherName
#define STII_RFC822NAME 1 // CERT_ALT_NAME_RFC822_NAME pwszRfc822Name
#define STII_DNSNAME 2 // CERT_ALT_NAME_DNS_NAME pwszDNSName
#define STII_DIRECTORYNAME 3 // CERT_ALT_NAME_DIRECTORY_NAME DirectoryName
#define STII_URL 4 // CERT_ALT_NAME_URL pwszURL
#define STII_IPADDRESS 5 // CERT_ALT_NAME_IP_ADDRESS IPAddress
#define STII_REGISTEREDID 6 // CERT_ALT_NAME_REGISTERED_ID pszRegisteredID
VOIDinfFreeGeneralSubTreeElement( IN OUT CERT_GENERAL_SUBTREE *pSubTree){ CERT_ALT_NAME_ENTRY *pName = &pSubTree->Base; VOID **ppv = NULL; DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTreeElement: p=%x, choice=%x\n", pSubTree, pName->dwAltNameChoice)); switch (pName->dwAltNameChoice) { case CERT_ALT_NAME_OTHER_NAME: ppv = (VOID **) &pName->pOtherName; if (NULL != pName->pOtherName && NULL != pName->pOtherName->Value.pbData) { DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTreeElement: p=%x, Free(other.pbData=%x\n)", pSubTree, pName->pOtherName->Value.pbData)); LocalFree(pName->pOtherName->Value.pbData); } break;
case CERT_ALT_NAME_RFC822_NAME: ppv = (VOID **) &pName->pwszRfc822Name; break;
case CERT_ALT_NAME_DNS_NAME: ppv = (VOID **) &pName->pwszDNSName; break;
case CERT_ALT_NAME_DIRECTORY_NAME: ppv = (VOID **) &pName->DirectoryName.pbData; break;
case CERT_ALT_NAME_URL: ppv = (VOID **) &pName->pwszURL; break;
case CERT_ALT_NAME_IP_ADDRESS: ppv = (VOID **) &pName->IPAddress.pbData; break;
case CERT_ALT_NAME_REGISTERED_ID: ppv = (VOID **) &pName->pszRegisteredID; break; } if (NULL != ppv && NULL != *ppv) { DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTreeElement: p=%x, Free(pv=%x)\n", pSubTree, *ppv)); LocalFree(*ppv); }}
VOIDinfFreeGeneralSubTree( IN DWORD cSubTree, IN OUT CERT_GENERAL_SUBTREE *pSubTree){ if (NULL != pSubTree) { DWORD i; DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTree: p=%x, c=%x\n", pSubTree, cSubTree)); for (i = 0; i < cSubTree; i++) { infFreeGeneralSubTreeElement(&pSubTree[i]); } LocalFree(pSubTree); }}
// Destructively parse an old-style 4 byte IP Address.
#define CB_IPV4ADDRESS 4
HRESULTinfParseIPV4Address( IN WCHAR *pwszValue, OUT BYTE *pb, IN OUT DWORD *pcb){ HRESULT hr; DWORD cb;
DBGPRINT((DBG_SS_CERTLIBI, "infParseIPV4Address(%ws)\n", pwszValue)); if (CB_IPV4ADDRESS > *pcb) { hr = HRESULT_FROM_WIN32(ERROR_BUFFER_OVERFLOW); _JumpError(hr, error, "buffer too small"); } for (cb = 0; cb < CB_IPV4ADDRESS; cb++) { WCHAR *pwszNext; BOOL fValid; DWORD dw; pwszNext = &pwszValue[wcscspn(pwszValue, L".")]; if (L'.' == *pwszNext) { *pwszNext++ = L'\0'; } dw = myWtoI(pwszValue, &fValid); if (!fValid || 255 < dw) { hr = E_INVALIDARG; _JumpErrorStr(hr, error, "bad IP Address digit string", pwszValue); } pb[cb] = (BYTE) dw; pwszValue = pwszNext; } if (L'\0' != *pwszValue) { hr = E_INVALIDARG; _JumpError(hr, error, "extra data"); } *pcb = cb; DBGPRINT(( DBG_SS_CERTLIBI, "infParseIPV4Address: %u.%u.%u.%u\n", pb[0], pb[1], pb[2], pb[3])); hr = S_OK;
error: return(hr);}
// Destructively parse a new-style 16 byte IP Address.
#define CB_IPV6ADDRESS 16
#define MAKE16(b0, b1) (((b0) << 8) | (b1))
HRESULTinfParseIPV6AddressSub( IN WCHAR *pwszValue, OUT BYTE *pb, IN OUT DWORD *pcb){ HRESULT hr; DWORD cbMax = *pcb; DWORD cb; WCHAR *pwsz;
DBGPRINT((DBG_SS_CERTLIBI, "infParseIPV6AddressSub(%ws)\n", pwszValue)); ZeroMemory(pb, cbMax);
for (cb = 0; cb < cbMax; cb += 2) { WCHAR *pwszNext; BOOL fValid; DWORD dw; WCHAR awc[7]; pwszNext = &pwszValue[wcscspn(pwszValue, L":")]; if (L':' == *pwszNext) { *pwszNext++ = L'\0'; } if (L'\0' == *pwszValue) { break; } if (4 < wcslen(pwszValue)) { hr = E_INVALIDARG; _JumpErrorStr(hr, error, "too many IP Address digits", pwszValue); } wcscpy(awc, L"0x"); wcscat(awc, pwszValue); CSASSERT(wcslen(awc) < ARRAYSIZE(awc));
dw = myWtoI(awc, &fValid); if (!fValid || 64 * 1024 <= dw) { hr = E_INVALIDARG; _JumpErrorStr(hr, error, "bad IP Address digit string", pwszValue); } pb[cb] = (BYTE) (dw >> 8); pb[cb + 1] = (BYTE) dw; pwszValue = pwszNext; } if (L'\0' != *pwszValue) { hr = E_INVALIDARG; _JumpErrorStr(hr, error, "extra data", pwszValue); } *pcb = cb; hr = S_OK;
error: return(hr);}
// Destructively parse a new-style 16 byte IP Address.
HRESULTinfParseIPV6Address( IN WCHAR *pwszValue, OUT BYTE *pb, IN OUT DWORD *pcb){ HRESULT hr; DWORD cbMax; WCHAR *pwsz; WCHAR *pwszLeft; WCHAR *pwszRight; BYTE abRight[CB_IPV6ADDRESS]; DWORD cbLeft; DWORD cbRight; DWORD i; BOOL fV4Compat;
DBGPRINT((DBG_SS_CERTLIBI, "infParseIPV6Address(%ws)\n", pwszValue)); if (CB_IPV6ADDRESS > *pcb) { hr = HRESULT_FROM_WIN32(ERROR_BUFFER_OVERFLOW); _JumpError(hr, error, "buffer too small"); } ZeroMemory(pb, CB_IPV6ADDRESS); cbMax = CB_IPV6ADDRESS;
// If there's a period after the last colon, an IP V4 Address is attached.
// Parse it as an IP V4 Address, and reduce the expected size of the IP V6
// Address to be parsed from eight to six 16-bit address chunks.
pwsz = wcsrchr(pwszValue, L':'); if (NULL != pwsz) { if (NULL != wcschr(pwsz, L'.')) { DWORD cb = CB_IPV4ADDRESS;
hr = infParseIPV4Address( &pwsz[1], &pb[CB_IPV6ADDRESS - CB_IPV4ADDRESS], &cb); _JumpIfError(hr, error, "infParseIPV4Address");
CSASSERT(CB_IPV4ADDRESS == cb);
pwsz[1] = L'\0'; // get rid of the trailing IP V4 Address
// drop the trailing colon -- if it's not part of a double colon.
if (pwsz > pwszValue && L':' != *--pwsz) { pwsz[1] = L'\0'; } cbMax -= CB_IPV4ADDRESS; } } cbLeft = 0; cbRight = 0; pwszLeft = pwszValue; pwszRight = wcsstr(pwszValue, L"::"); if (NULL != pwszRight) { *pwszRight = L'\0'; pwszRight += 2; if (L'\0' != *pwszRight) { cbRight = cbMax; hr = infParseIPV6AddressSub(pwszRight, abRight, &cbRight); _JumpIfError(hr, error, "infParseIPV6AddressSub"); } }
if (L'\0' != *pwszLeft) { cbLeft = cbMax; hr = infParseIPV6AddressSub(pwszLeft, pb, &cbLeft); _JumpIfError(hr, error, "infParseIPV6AddressSub"); } if (NULL == pwszRight && cbLeft != cbMax) { hr = E_INVALIDARG; _JumpError(hr, error, "too few IP Address chunks"); } if (cbLeft + cbRight + (NULL != pwszRight? 1 : 0) > cbMax) { hr = E_INVALIDARG; _JumpError(hr, error, "too many IP Address chunks"); } if (0 != cbRight) { CopyMemory(&pb[cbMax - cbRight], abRight, cbRight); } *pcb = CB_IPV6ADDRESS;
fV4Compat = TRUE; for (i = 0; i < CB_IPV6ADDRESS - CB_IPV4ADDRESS - 2; i++) { if (0 != pb[i]) { fV4Compat = FALSE; break; } } if (fV4Compat) { CSASSERT(i == CB_IPV6ADDRESS - CB_IPV4ADDRESS - 2); fV4Compat = (0 == pb[i] && 0 == pb[i + 1]) || (0xff == pb[i] && 0xff == pb[i + 1]); } if (fV4Compat) { CSASSERT(i == CB_IPV6ADDRESS - CB_IPV4ADDRESS - 2); DBGPRINT(( DBG_SS_CERTLIB, "infParseIPV6Address: ::%hs%u.%u.%u.%u\n", 0 == pb[i]? "" : "ffff:", pb[12], pb[13], pb[14], pb[15])); } else { DBGPRINT(( DBG_SS_CERTLIB, "infParseIPV6Address: %x:%x:%x:%x:%x:%x:%x:%x\n", MAKE16(pb[0], pb[1]), MAKE16(pb[2], pb[3]), MAKE16(pb[4], pb[5]), MAKE16(pb[6], pb[7]), MAKE16(pb[8], pb[9]), MAKE16(pb[10], pb[11]), MAKE16(pb[12], pb[13]), MAKE16(pb[14], pb[15]))); } hr = S_OK;
error: return(hr);}
HRESULTinfParseIPAddress( IN WCHAR const *pwszValue, OUT BYTE *pbData, OUT DWORD *pcbData){ HRESULT hr; DWORD cb = *pcbData; WCHAR *pwszDup = NULL; WCHAR *pwsz;
// if pwszValue is an empty string, return zero length.
*pcbData = 0; if (L'\0' != *pwszValue) { hr = myDupString(pwszValue, &pwszDup); _JumpIfError(hr, error, "myDupString");
if (NULL == wcschr(pwszDup, L':')) { hr = infParseIPV4Address(pwszDup, pbData, &cb); _JumpIfError(hr, error, "infParseIPV4Address"); } else { hr = infParseIPV6Address(pwszDup, pbData, &cb); _JumpIfError(hr, error, "infParseIPV6Address"); } *pcbData = cb; DBGDUMPHEX(( DBG_SS_CERTLIBI, DH_NOADDRESS | DH_NOTABPREFIX | 8, pbData, *pcbData)); } hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, NULL, NULL, pwszValue); } if (NULL != pwszDup) { LocalFree(pwszDup); } return(hr);}
HRESULTinfParseIPAddressAndMask( IN WCHAR const *pwszIPAddress, IN WCHAR const *pwszIPAddressMask, OUT BYTE **ppbData, OUT DWORD *pcbData){ HRESULT hr; BYTE ab[2 * CB_IPV6ADDRESS]; DWORD cb; DWORD cbAddress; DWORD cbMask; WCHAR *pwsz;
*ppbData = NULL; *pcbData = 0;
// if pwszValue is an empty string, encode zero length blob.
cb = 0; if (L'\0' != *pwszIPAddress && L'\0' != *pwszIPAddressMask) { cbAddress = sizeof(ab) / 2;
hr = infParseIPAddress(pwszIPAddress, ab, &cbAddress); _JumpIfError(hr, error, "infParseIPAddress");
if (L'\0' != *pwszIPAddressMask) { cbMask = sizeof(ab) / 2; hr = infParseIPAddress(pwszIPAddressMask, &ab[cbAddress], &cbMask); _JumpIfError(hr, error, "infParseIPMask"); } if (cbAddress != cbMask) { hr = E_INVALIDARG; _JumpError(hr, error, "address and mask lengths differ"); } cb = cbAddress + cbMask; } else if (L'\0' != *pwszIPAddress || L'\0' != *pwszIPAddressMask) { hr = E_INVALIDARG; _JumpError(hr, error, "address or mask missing"); }
*ppbData = (BYTE *) LocalAlloc(LMEM_FIXED, cb); if (NULL == *ppbData) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } *pcbData = cb; CopyMemory(*ppbData, ab, cb); DBGDUMPHEX(( DBG_SS_CERTLIBI, DH_NOADDRESS | DH_NOTABPREFIX | 8, *ppbData, *pcbData)); hr = S_OK;
error: return(hr);}
// [NameConstraintsPermitted]/[NameConstraintsExcluded]
// ; the numeric second and third arguments are optional
// ; when present, the second argument is the minimum depth
// ; when present, the third argument is the maximum depth
// ; The IETF recommends against specifying dwMinimum & dwMaximum
// DNS = [email protected]
// DNS = domain1.domain.com, 3, 6
HRESULTinfBuildSubTreeElement( IN OUT INFCONTEXT *pInfContext, OPTIONAL IN WCHAR const *pwszEmptyEntry, // NULL means read INF file
IN DWORD iSubTreeInfo, OPTIONAL OUT CERT_GENERAL_SUBTREE *pSubTree){ HRESULT hr; SUBTREEINFO const *pSubTreeInfo = &g_aSubTreeInfo[iSubTreeInfo]; CERT_GENERAL_SUBTREE SubTree; WCHAR *pwszValueRead = NULL; WCHAR *pwszValueRead2 = NULL; WCHAR const *pwszValue = NULL; WCHAR const *pwszValue2;
ZeroMemory(&SubTree, sizeof(SubTree)); if (NULL != pSubTree) { ZeroMemory(pSubTree, sizeof(*pSubTree)); }
// If pwszEmptyEntry is NULL, read the value from the INF file.
// Otherwise, encode the specified (empty string) value.
if (NULL == pwszEmptyEntry) { INT Value;
hr = infGetCurrentKeyValue(pInfContext, 1, &pwszValueRead); _JumpIfError(hr, error, "infGetCurrentKeyValue");
pwszValue = pwszValueRead;
if (!SetupGetIntField( pInfContext, pSubTreeInfo->dwInfMinMaxIndexBase, &Value)) { hr = myHLastError(); _PrintError2(hr, "SetupGetIntField:2", hr);
Value = 0; } SubTree.dwMinimum = Value; SubTree.fMaximum = TRUE;
if (!SetupGetIntField( pInfContext, pSubTreeInfo->dwInfMinMaxIndexBase + 1, &Value)) { hr = myHLastError(); _PrintError2(hr, "SetupGetIntField:3", hr);
Value = 0; SubTree.fMaximum = FALSE; } SubTree.dwMaximum = Value; } else { pwszValue = pwszEmptyEntry; }
SubTree.Base.dwAltNameChoice = pSubTreeInfo->dwAltNameChoice; if (NULL != pSubTree) { WCHAR **ppwsz = NULL; CSASSERT(CSUBTREEINFO > iSubTreeInfo); switch (iSubTreeInfo) { case STII_UPNOTHERNAME: { CERT_NAME_VALUE nameUpn;
SubTree.Base.pOtherName = (CERT_OTHER_NAME *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, sizeof(*SubTree.Base.pOtherName)); if (NULL == SubTree.Base.pOtherName) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } SubTree.Base.pOtherName->pszObjId = szOID_NT_PRINCIPAL_NAME;
nameUpn.dwValueType = CERT_RDN_UTF8_STRING; nameUpn.Value.pbData = (BYTE *) pwszValue; nameUpn.Value.cbData = 0;
if (!myEncodeObject( X509_ASN_ENCODING, X509_UNICODE_ANY_STRING, &nameUpn, 0, CERTLIB_USE_LOCALALLOC, &SubTree.Base.pOtherName->Value.pbData, &SubTree.Base.pOtherName->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); } DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTreeElement: p=%x, otherUPN=%x,%x\n", pSubTree, SubTree.Base.pOtherName, SubTree.Base.pOtherName->Value.pbData)); break; }
case STII_RFC822NAME: ppwsz = &SubTree.Base.pwszRfc822Name; break;
case STII_DNSNAME: ppwsz = &SubTree.Base.pwszDNSName; break;
case STII_DIRECTORYNAME: hr = myCertStrToName( X509_ASN_ENCODING, pwszValue, // pszX500
CERT_NAME_STR_REVERSE_FLAG, NULL, // pvReserved
&SubTree.Base.DirectoryName.pbData, &SubTree.Base.DirectoryName.cbData, NULL); // ppszError
_JumpIfError(hr, error, "myCertStrToName");
break;
case STII_URL: ppwsz = &SubTree.Base.pwszURL; break;
case STII_IPADDRESS:
// convert INF string value to binary IP Address
if (NULL == pwszEmptyEntry) { hr = infGetCurrentKeyValue(pInfContext, 2, &pwszValueRead2); _JumpIfError(hr, error, "infGetCurrentKeyValue");
pwszValue2 = pwszValueRead2; } else { pwszValue2 = pwszEmptyEntry; }
hr = infParseIPAddressAndMask( pwszValue, pwszValue2, &SubTree.Base.IPAddress.pbData, &SubTree.Base.IPAddress.cbData); _JumpIfError(hr, error, "infParseIPAddressAndMask");
break;
case STII_REGISTEREDID: if (!myConvertWszToSz( &SubTree.Base.pszRegisteredID, pwszValue, -1)) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "ConvertWszToSz"); } DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTreeElement: p=%x, psz=%x\n", pSubTree, SubTree.Base.pszRegisteredID)); break;
} if (NULL != ppwsz) { hr = myDupString(pwszValue, ppwsz); _JumpIfError(hr, error, "myDupString");
DBGPRINT(( DBG_SS_CERTLIBI, "infFreeGeneralSubTreeElement: p=%x, pwsz=%x\n", pSubTree, *ppwsz)); } *pSubTree = SubTree; ZeroMemory(&SubTree, sizeof(SubTree)); } hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, NULL, NULL, pwszValue); } infFreeGeneralSubTreeElement(&SubTree); if (NULL != pwszValueRead) { LocalFree(pwszValueRead); } if (NULL != pwszValueRead2) { LocalFree(pwszValueRead2); } return(hr);}
HRESULTinfGetGeneralSubTreeByType( IN HINF hInf, IN WCHAR const *pwszSection, OPTIONAL IN WCHAR const *pwszEmptyEntry, IN DWORD iSubTreeInfo, IN OUT DWORD *pcName, OPTIONAL OUT CERT_GENERAL_SUBTREE *pSubTree){ HRESULT hr; SUBTREEINFO const *pSubTreeInfo = &g_aSubTreeInfo[iSubTreeInfo]; INFCONTEXT InfContext; DWORD iName; DWORD cName = MAXDWORD; BOOL fIgnore = FALSE;
if (NULL == pSubTree) { *pcName = 0; } else { cName = *pcName; }
// If pwszEmptyEntry is NULL, read the value from the INF file.
// Otherwise, encode the specified (empty string) value.
if (!SetupFindFirstLine( hInf, pwszSection, pSubTreeInfo->pwszKey, &InfContext)) { hr = myHLastError(); _PrintErrorStr2( hr, "SetupFindFirstLine", pwszSection, ERROR_LINE_NOT_FOUND);
// INF file entry does not exist. Create an empty name constraints
// entry only if asked to do so (if pwszEmptyEntry is non-NULL).
if (NULL == pwszEmptyEntry) { fIgnore = (HRESULT) ERROR_LINE_NOT_FOUND == hr; goto error; } } else { // INF file entry exists; don't create an empty name constraints entry.
pwszEmptyEntry = NULL; }
for (iName = 0; ; ) { CSASSERT(NULL == pSubTree || iName < cName); hr = infBuildSubTreeElement( &InfContext, pwszEmptyEntry, iSubTreeInfo, pSubTree); _JumpIfErrorStr(hr, error, "infBuildSubTreeElement", pSubTreeInfo->pwszKey); DBGPRINT(( DBG_SS_CERTLIBI, "infBuildSubTreeElement: &p[%u]=%x, type=%ws\n", iName, pSubTree, pSubTreeInfo->pwszKey)); iName++; if (NULL != pSubTree) { pSubTree++; }
if (NULL == pwszEmptyEntry) { hr = infFindNextKey(pSubTreeInfo->pwszKey, &InfContext); } else { hr = S_FALSE; } if (S_FALSE == hr) { break; } _JumpIfErrorStr(hr, error, "infFindNextKey", pSubTreeInfo->pwszKey); } DBGPRINT(( DBG_SS_CERTLIBI, "infGetGeneralSubTreeByType: i=%x, c=%x\n", iName, cName)); CSASSERT(NULL == pSubTree || iName <= cName); *pcName = iName; hr = S_OK;
error: if (S_OK != hr && !fIgnore) { INFSETERROR(hr, pwszSection, pSubTreeInfo->pwszKey, NULL); } return(hr);}
HRESULTinfGetGeneralSubTree( IN HINF hInf, IN WCHAR const *pwszSection, IN WCHAR const *pwszKey, // key value is sub-section name
OPTIONAL IN WCHAR const *pwszEmptyEntry, OUT DWORD *pcSubTree, OUT CERT_GENERAL_SUBTREE **ppSubTree){ HRESULT hr; WCHAR *pwszSubTreeSection = NULL; DWORD cSubTree = 0; CERT_GENERAL_SUBTREE *rgSubTree = NULL; CERT_GENERAL_SUBTREE *pSubTree; DWORD iSubTreeInfo; DWORD count; DWORD cRemain; SUBTREEINFO const *pSubTreeInfo;
*pcSubTree = 0; *ppSubTree = NULL;
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf); hr = myInfGetKeyValue( hInf, TRUE, // fLog
pwszSection, pwszKey, &pwszSubTreeSection); _JumpIfErrorStr2( hr, error, "myInfGetKeyValue", pwszKey, ERROR_LINE_NOT_FOUND);
for (iSubTreeInfo = 0; iSubTreeInfo < CSUBTREEINFO; iSubTreeInfo++) { pSubTreeInfo = &g_aSubTreeInfo[iSubTreeInfo];
hr = infGetGeneralSubTreeByType( hInf, pwszSubTreeSection, pSubTreeInfo->fEmptyDefault? pwszEmptyEntry : NULL, iSubTreeInfo, &count, NULL); DBGPRINT(( DBG_SS_CERTLIBI, "infGetGeneralSubTreeByType(%ws, %ws, NULL) -> hr=%x, c=%x\n", pwszSubTreeSection, pSubTreeInfo->pwszKey, hr, count)); if (S_OK != hr) { _PrintErrorStr2( hr, "infGetGeneralSubTreeByType", pSubTreeInfo->pwszKey, ERROR_LINE_NOT_FOUND); if ((HRESULT) ERROR_LINE_NOT_FOUND != hr) { _JumpErrorStr( hr, error, "infGetGeneralSubTreeByType", pSubTreeInfo->pwszKey); } count = 0; } cSubTree += count; } rgSubTree = (CERT_GENERAL_SUBTREE *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, cSubTree * sizeof(rgSubTree[0])); if (NULL == rgSubTree) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } DBGPRINT(( DBG_SS_CERTLIBI, "infGetGeneralSubTree: rg=%x, total=%x\n", rgSubTree, cSubTree));
pSubTree = rgSubTree; cRemain = cSubTree; for (iSubTreeInfo = 0; iSubTreeInfo < CSUBTREEINFO; iSubTreeInfo++) { pSubTreeInfo = &g_aSubTreeInfo[iSubTreeInfo]; count = cRemain; hr = infGetGeneralSubTreeByType( hInf, pwszSubTreeSection, pSubTreeInfo->fEmptyDefault? pwszEmptyEntry : NULL, iSubTreeInfo, &count, pSubTree); DBGPRINT(( DBG_SS_CERTLIBI, "infGetGeneralSubTreeByType(%ws, %ws, &p[%x]=%x) -> hr=%x, c=%x\n", pwszSubTreeSection, pSubTreeInfo->pwszKey, SAFE_SUBTRACT_POINTERS(pSubTree, rgSubTree), pSubTree, hr, count)); if (S_OK != hr) { _PrintErrorStr2( hr, "infGetGeneralSubTreeByType", pSubTreeInfo->pwszKey, ERROR_LINE_NOT_FOUND); if ((HRESULT) ERROR_LINE_NOT_FOUND != hr) { _JumpErrorStr( hr, error, "infGetGeneralSubTreeByType", pSubTreeInfo->pwszKey); } if (0 < cRemain) { ZeroMemory(pSubTree, sizeof(*pSubTree)); } count = 0; } cRemain -= count; pSubTree += count; } CSASSERT(0 == cRemain); *pcSubTree = cSubTree; *ppSubTree = rgSubTree; rgSubTree = NULL; hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, pwszSection, pwszKey, pwszSubTreeSection); } if (NULL != pwszSubTreeSection) { LocalFree(pwszSubTreeSection); } if (NULL != rgSubTree) { infFreeGeneralSubTree(cSubTree, rgSubTree); } return(hr);}
//+------------------------------------------------------------------------
// myInfGetNameConstraintsExtension -- fetch name constraints extension from INF file
//
// [NameConstraintsExtension]
// Include = NameConstraintsPermitted
// Exclude = NameConstraintsExcluded
//
// [NameConstraintsPermitted]
// ; the numeric second and third arguments are optional
// ; when present, the second argument is the minimum depth
// ; when present, the third argument is the maximum depth
// ; The IETF recommends against specifying dwMinimum & dwMaximum
// DNS = [email protected]
// DNS = domain1.domain.com, 3, 6
//
// [NameConstraintsExcluded]
// DNS = domain.com
// DNS = domain2.com
//
// Returns: encoded name constraints extension
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetNameConstraintsExtension;
HRESULTmyInfGetNameConstraintsExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr; WCHAR const *pwszKey = NULL; CERT_NAME_CONSTRAINTS_INFO NameConstraints;
ZeroMemory(&NameConstraints, sizeof(NameConstraints)); ZeroMemory(pext, sizeof(*pext)); myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } pwszKey = wszINFKEY_INCLUDE; hr = infGetGeneralSubTree( hInf, wszINFSECTION_NAMECONSTRAINTS, pwszKey, L"", &NameConstraints.cPermittedSubtree, &NameConstraints.rgPermittedSubtree); _PrintIfErrorStr2( hr, "infGetGeneralSubTree", pwszKey, ERROR_LINE_NOT_FOUND); if (S_OK != hr && (HRESULT) ERROR_LINE_NOT_FOUND != hr) { goto error; }
pwszKey = wszINFKEY_EXCLUDE; hr = infGetGeneralSubTree( hInf, wszINFSECTION_NAMECONSTRAINTS, pwszKey, NULL, &NameConstraints.cExcludedSubtree, &NameConstraints.rgExcludedSubtree); _PrintIfErrorStr2( hr, "infGetGeneralSubTree", pwszKey, ERROR_LINE_NOT_FOUND); if (S_OK != hr && (HRESULT) ERROR_LINE_NOT_FOUND != hr) { goto error; } pwszKey = NULL;
if (NULL == NameConstraints.rgPermittedSubtree && NULL == NameConstraints.rgExcludedSubtree) { hr = S_FALSE; _JumpError2(hr, error, "no data", hr); } hr = infGetCriticalFlag( hInf, wszINFSECTION_NAMECONSTRAINTS, FALSE, &pext->fCritical); _JumpIfError(hr, error, "infGetCriticalFlag");
if (!myEncodeObject( X509_ASN_ENCODING, X509_NAME_CONSTRAINTS, &NameConstraints, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); }
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, wszINFSECTION_NAMECONSTRAINTS, pwszKey, NULL); } pext->pszObjId = szOID_NAME_CONSTRAINTS; // on error, too!
if (NULL != NameConstraints.rgPermittedSubtree) { infFreeGeneralSubTree( NameConstraints.cPermittedSubtree, NameConstraints.rgPermittedSubtree); } if (NULL != NameConstraints.rgExcludedSubtree) { infFreeGeneralSubTree( NameConstraints.cExcludedSubtree, NameConstraints.rgExcludedSubtree); } DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetNameConstraintsExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
VOIDinfFreePolicyMappings( IN DWORD cPolicyMapping, IN OUT CERT_POLICY_MAPPING *pPolicyMapping){ if (NULL != pPolicyMapping) { DWORD i; for (i = 0; i < cPolicyMapping; i++) { CERT_POLICY_MAPPING *pMap = &pPolicyMapping[i]; if (NULL != pMap->pszIssuerDomainPolicy) { LocalFree(pMap->pszIssuerDomainPolicy); } if (NULL != pMap->pszSubjectDomainPolicy) { LocalFree(pMap->pszSubjectDomainPolicy); } } LocalFree(pPolicyMapping); }}
HRESULTinfGetPolicyMappingsSub( IN HINF hInf, IN WCHAR const *pwszSection, IN OUT DWORD *pcPolicyMapping, OPTIONAL OUT CERT_POLICY_MAPPING *pPolicyMapping){ HRESULT hr; INFCONTEXT InfContext; WCHAR wszIssuer[cwcVALUEMAX]; WCHAR wszSubject[cwcVALUEMAX]; DWORD i; DWORD cPolicyMappingIn; DWORD cPolicyMapping = 0;
cPolicyMappingIn = MAXDWORD; if (NULL != pPolicyMapping) { cPolicyMappingIn = *pcPolicyMapping; } *pcPolicyMapping = 0; wszIssuer[0] = L'\0'; wszSubject[0] = L'\0';
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf);
cPolicyMapping = 0; hr = infSetupFindFirstLine(hInf, pwszSection, NULL, &InfContext); _JumpIfErrorStr3( hr, error, "infSetupFindFirstLine", pwszSection, S_FALSE, ERROR_LINE_NOT_FOUND);
while (TRUE) { wszIssuer[0] = L'\0'; wszSubject[0] = L'\0'; if (!SetupGetStringField( &InfContext, 0, wszIssuer, ARRAYSIZE(wszIssuer), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } if (iswdigit(wszIssuer[0])) { if (!SetupGetStringField( &InfContext, 1, wszSubject, ARRAYSIZE(wszSubject), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); } if (!iswdigit(wszSubject[0])) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); _JumpErrorStr(hr, error, "bad OID", wszSubject); } if (NULL != pPolicyMapping) { CERT_POLICY_MAPPING *pMap;
if (cPolicyMappingIn <= cPolicyMapping) { hr = HRESULT_FROM_WIN32(ERROR_MORE_DATA); _JumpError(hr, error, "*pcPolicyMapping"); }
pMap = &pPolicyMapping[cPolicyMapping]; if (!ConvertWszToSz(&pMap->pszIssuerDomainPolicy, wszIssuer, -1) || !ConvertWszToSz(&pMap->pszSubjectDomainPolicy, wszSubject, -1)) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "ConvertWszToSz"); } } DBGPRINT(( DBG_SS_CERTLIBI, "Map[%u]: %ws = %ws\n", cPolicyMapping, wszIssuer, wszSubject));
cPolicyMapping++; } if (!SetupFindNextLine(&InfContext, &InfContext)) { hr = myHLastError(); _PrintError2(hr, "SetupFindNextLine", hr); break; } } *pcPolicyMapping = cPolicyMapping; hr = S_OK;
error: if (S_OK != hr) { INFSETERROR(hr, pwszSection, wszIssuer, wszSubject); } return(hr);}
HRESULTinfGetPolicyMappings( IN HINF hInf, IN WCHAR const *pwszSection, OUT DWORD *pcPolicyMapping, OUT CERT_POLICY_MAPPING **ppPolicyMapping){ HRESULT hr; INFCONTEXT InfContext; WCHAR wszIssuer[cwcVALUEMAX]; WCHAR wszSubject[cwcVALUEMAX]; DWORD i; DWORD cPolicyMapping = 0; CERT_POLICY_MAPPING *pPolicyMapping = NULL;
*pcPolicyMapping = 0; *ppPolicyMapping = NULL;
CSASSERT(NULL != hInf && INVALID_HANDLE_VALUE != hInf);
cPolicyMapping = 0; hr = infGetPolicyMappingsSub( hInf, pwszSection, &cPolicyMapping, NULL); _JumpIfError3( hr, error, "infGetPolicyMappingsSub", S_FALSE, ERROR_LINE_NOT_FOUND);
*pcPolicyMapping = cPolicyMapping; pPolicyMapping = (CERT_POLICY_MAPPING *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, cPolicyMapping * sizeof(*pPolicyMapping)); if (NULL == pPolicyMapping) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
hr = infGetPolicyMappingsSub( hInf, pwszSection, &cPolicyMapping, pPolicyMapping); _JumpIfError(hr, error, "infGetPolicyMappingsSub");
CSASSERT(*pcPolicyMapping == cPolicyMapping); *ppPolicyMapping = pPolicyMapping; pPolicyMapping = NULL; hr = S_OK;
error: if (NULL != pPolicyMapping) { infFreePolicyMappings(*pcPolicyMapping, pPolicyMapping); } return(hr);}
//+------------------------------------------------------------------------
// infGetPolicyMappingSub -- fetch policy mapping extension from INF file
//
// [pwszSection]
// ; list of user defined policy mappings
// ; The first OID is for the Issuer Domain Policy, the second is for the
// ; Subject Domain Policy. Each entry maps one Issuer Domain policy OID
// ; to a Subject Domain policy OID
//
// 1.3.6.1.4.1.311.21.53 = 1.2.3.4.87
// 1.3.6.1.4.1.311.21.53 = 1.2.3.4.89
//
// Returns: encoded policy mapping extension
//-------------------------------------------------------------------------
HRESULTinfGetPolicyMappingExtensionSub( IN HINF hInf, IN WCHAR const *pwszSection, IN char const *pszObjId, OUT CERT_EXTENSION *pext){ HRESULT hr; CERT_POLICY_MAPPINGS_INFO PolicyMappings;
ZeroMemory(&PolicyMappings, sizeof(PolicyMappings)); ZeroMemory(pext, sizeof(*pext)); myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } hr = infGetPolicyMappings( hInf, pwszSection, &PolicyMappings.cPolicyMapping, &PolicyMappings.rgPolicyMapping); _JumpIfErrorStr3( hr, error, "infGetPolicyMappings", pwszSection, S_FALSE, ERROR_LINE_NOT_FOUND);
hr = infGetCriticalFlag( hInf, pwszSection, FALSE, &pext->fCritical); _JumpIfError(hr, error, "infGetCriticalFlag");
if (!myEncodeObject( X509_ASN_ENCODING, X509_POLICY_MAPPINGS, &PolicyMappings, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); }
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, pwszSection, NULL, NULL); } pext->pszObjId = const_cast<char *>(pszObjId); // on error, too!
if (NULL != PolicyMappings.rgPolicyMapping) { infFreePolicyMappings( PolicyMappings.cPolicyMapping, PolicyMappings.rgPolicyMapping); } return(hr);}
//+------------------------------------------------------------------------
// myInfGetPolicyMapping -- fetch policy mapping extension from INF file
//
// [PolicyMappingExtension]
// ; list of user defined policy mappings
// ; The first OID is for the Issuer Domain Policy, the second is for the
// ; Subject Domain Policy. Each entry maps one Issuer Domain policy OID
// ; to a Subject Domain policy OID
//
// 1.3.6.1.4.1.311.21.53 = 1.2.3.4.87
// 1.3.6.1.4.1.311.21.53 = 1.2.3.4.89
//
// Returns: encoded policy mapping extension
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetPolicyMappingExtension;
HRESULTmyInfGetPolicyMappingExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
hr = infGetPolicyMappingExtensionSub( hInf, wszINFSECTION_POLICYMAPPINGS, szOID_POLICY_MAPPINGS, pext); _JumpIfErrorStr3( hr, error, "infGetPolicyMappingExtensionSub", wszINFSECTION_POLICYMAPPINGS, S_FALSE, ERROR_LINE_NOT_FOUND);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetPolicyMappingExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
//+------------------------------------------------------------------------
// myInfGetApplicationPolicyMapping -- fetch application policy mapping
// extension from INF file
//
// [ApplicationPolicyMappingExtension]
// ; list of user defined policy mappings
// ; The first OID is for the Issuer Domain Policy, the second is for the
// ; Subject Domain Policy. Each entry maps one Issuer Domain policy OID
// ; to a Subject Domain policy OID
//
// 1.3.6.1.4.1.311.21.53 = 1.2.3.4.87
// 1.3.6.1.4.1.311.21.53 = 1.2.3.4.89
//
// Returns: encoded policy mapping extension
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetApplicationPolicyMappingExtension;
HRESULTmyInfGetApplicationPolicyMappingExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
hr = infGetPolicyMappingExtensionSub( hInf, wszINFSECTION_APPLICATIONPOLICYMAPPINGS, szOID_APPLICATION_POLICY_MAPPINGS, pext); _JumpIfErrorStr3( hr, error, "infGetPolicyMappingExtensionSub", wszINFSECTION_APPLICATIONPOLICYMAPPINGS, S_FALSE, ERROR_LINE_NOT_FOUND);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetApplicationPolicyMappingExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
//+------------------------------------------------------------------------
// infGetPolicyConstraintsExtensionSub -- get policy constraints ext from INF
//
// [pwszSection]
// ; consists of two optional DWORDs
// ; They refer to the depth of the CA hierarchy that requires and inhibits
// ; Policy Mapping
// RequireExplicitPolicy = 3
// InhibitPolicyMapping = 5
//
// Returns: encoded policy constraints extension
//-------------------------------------------------------------------------
HRESULTinfGetPolicyConstraintsExtensionSub( IN HINF hInf, IN WCHAR const *pwszSection, IN char const *pszObjId, OUT CERT_EXTENSION *pext){ HRESULT hr; CERT_POLICY_CONSTRAINTS_INFO PolicyConstraints; WCHAR const *pwszKey = NULL;
ZeroMemory(&PolicyConstraints, sizeof(PolicyConstraints)); ZeroMemory(pext, sizeof(*pext)); myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); }
PolicyConstraints.fRequireExplicitPolicy = TRUE; pwszKey = wszINFKEY_REQUIREEXPLICITPOLICY; hr = myInfGetNumericKeyValue( hInf, TRUE, // fLog
pwszSection, pwszKey, &PolicyConstraints.dwRequireExplicitPolicySkipCerts); if (S_OK != hr) { _PrintErrorStr2( hr, "myInfGetNumericKeyValue", wszINFKEY_REQUIREEXPLICITPOLICY, ERROR_LINE_NOT_FOUND); PolicyConstraints.dwRequireExplicitPolicySkipCerts = 0; PolicyConstraints.fRequireExplicitPolicy = FALSE; }
PolicyConstraints.fInhibitPolicyMapping = TRUE; pwszKey = wszINFKEY_INHIBITPOLICYMAPPING; hr = myInfGetNumericKeyValue( hInf, TRUE, // fLog
pwszSection, pwszKey, &PolicyConstraints.dwInhibitPolicyMappingSkipCerts); if (S_OK != hr) { _PrintErrorStr2( hr, "myInfGetNumericKeyValue", wszINFKEY_INHIBITPOLICYMAPPING, ERROR_LINE_NOT_FOUND); PolicyConstraints.dwInhibitPolicyMappingSkipCerts = 0; PolicyConstraints.fInhibitPolicyMapping = FALSE; } pwszKey = NULL; if (!PolicyConstraints.fRequireExplicitPolicy && !PolicyConstraints.fInhibitPolicyMapping) { hr = S_FALSE; _JumpError2(hr, error, "no policy constraints", hr); }
hr = infGetCriticalFlag( hInf, pwszSection, FALSE, &pext->fCritical); _JumpIfError(hr, error, "infGetCriticalFlag");
if (!myEncodeObject( X509_ASN_ENCODING, X509_POLICY_CONSTRAINTS, &PolicyConstraints, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); }
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, pwszSection, pwszKey, NULL); } pext->pszObjId = const_cast<char *>(pszObjId); // on error, too!
return(hr);}
//+------------------------------------------------------------------------
// myInfGetPolicyConstraintsExtension -- get policy constraints ext from INF
//
// [PolicyConstraintsExtension]
// ; consists of two optional DWORDs
// ; They refer to the depth of the CA hierarchy that requires and inhibits
// ; Policy Mapping
// RequireExplicitPolicy = 3
// InhibitPolicyMapping = 5
//
// Returns: encoded policy constraints extension
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetPolicyConstraintsExtension;
HRESULTmyInfGetPolicyConstraintsExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
hr = infGetPolicyConstraintsExtensionSub( hInf, wszINFSECTION_POLICYCONSTRAINTS, szOID_POLICY_CONSTRAINTS, pext); _JumpIfErrorStr2( hr, error, "infGetPolicyConstraintsExtensionSub", wszINFSECTION_POLICYCONSTRAINTS, S_FALSE);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetPolicyConstraintsExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
//+------------------------------------------------------------------------
// myInfGetApplicationPolicyConstraintsExtension -- get application policy
// constraints extension from INF
//
// [ApplicationPolicyConstraintsExtension]
// ; consists of two optional DWORDs
// ; They refer to the depth of the CA hierarchy that requires and inhibits
// ; Policy Mapping
// RequireExplicitPolicy = 3
// InhibitPolicyMapping = 5
//
// Returns: encoded policy constraints extension
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetApplicationPolicyConstraintsExtension;
HRESULTmyInfGetApplicationPolicyConstraintsExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr;
hr = infGetPolicyConstraintsExtensionSub( hInf, wszINFSECTION_APPLICATIONPOLICYCONSTRAINTS, szOID_APPLICATION_POLICY_CONSTRAINTS, pext); _JumpIfErrorStr2( hr, error, "infGetPolicyConstraintsExtensionSub", wszINFSECTION_APPLICATIONPOLICYCONSTRAINTS, S_FALSE);
error: DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetApplicationPolicyConstraintsExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData)); return(hr);}
//+------------------------------------------------------------------------
// myInfGetCrossCertDistributionPointsExtension -- fetch Cross CertDist Point
// URLs from CAPolicy.inf
//
// [CrossCertificateDistributionPointsExtension]
// SyncDeltaTime = 24
// URL = http://CRLhttp.site.com/Public/MyCA.crt
// URL = ftp://CRLftp.site.com/Public/MyCA.crt
//
// Returns: encoded cross cert dist points extension
//-------------------------------------------------------------------------
FNMYINFGETEXTENSION myInfGetCrossCertDistributionPointsExtension;
HRESULTmyInfGetCrossCertDistributionPointsExtension( IN HINF hInf, OUT CERT_EXTENSION *pext){ HRESULT hr; INFCONTEXT InfContext; CROSS_CERT_DIST_POINTS_INFO ccdpi; CERT_ALT_NAME_INFO AltNameInfo; CERT_ALT_NAME_ENTRY *rgAltEntry = NULL; WCHAR const *pwsz; WCHAR *pwszzURL = NULL; BYTE *pbData = NULL; DWORD cbData; DWORD i; WCHAR const *pwszKey = NULL;
ZeroMemory(&ccdpi, sizeof(ccdpi)); ZeroMemory(&AltNameInfo, sizeof(AltNameInfo)); ZeroMemory(pext, sizeof(*pext)); myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); }
hr = infSetupFindFirstLine(hInf, wszINFSECTION_CCDP, NULL, &InfContext); _JumpIfErrorStr3( hr, error, "infSetupFindFirstLine", wszINFSECTION_CCDP, S_FALSE, ERROR_LINE_NOT_FOUND);
pwszKey = wszINFKEY_CCDPSYNCDELTATIME; hr = myInfGetNumericKeyValue( hInf, TRUE, // fLog
wszINFSECTION_CCDP, pwszKey, &ccdpi.dwSyncDeltaTime); if (S_OK != hr) { _PrintErrorStr2( hr, "myInfGetNumericKeyValue", pwszKey, ERROR_LINE_NOT_FOUND); ccdpi.dwSyncDeltaTime = 0; } pwszKey = wszINFKEY_URL; hr = myInfGetKeyList( hInf, wszINFSECTION_CCDP, pwszKey, &pext->fCritical, &pwszzURL); _JumpIfErrorStr3( hr, error, "myInfGetKeyList", pwszKey, ERROR_LINE_NOT_FOUND, S_FALSE); pwszKey = NULL;
if (NULL != pwszzURL) { for (pwsz = pwszzURL; L'\0' != *pwsz; pwsz += wcslen(pwsz) + 1) { AltNameInfo.cAltEntry++; } }
if (0 != AltNameInfo.cAltEntry) { ccdpi.cDistPoint = 1; ccdpi.rgDistPoint = &AltNameInfo;
AltNameInfo.rgAltEntry = (CERT_ALT_NAME_ENTRY *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, AltNameInfo.cAltEntry * sizeof(AltNameInfo.rgAltEntry[0])); if (NULL == AltNameInfo.rgAltEntry) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
i = 0; for (pwsz = pwszzURL; L'\0' != *pwsz; pwsz += wcslen(pwsz) + 1) { AltNameInfo.rgAltEntry[i].pwszURL = const_cast<WCHAR *>(pwsz); AltNameInfo.rgAltEntry[i].dwAltNameChoice = CERT_ALT_NAME_URL; i++; } CSASSERT(i == AltNameInfo.cAltEntry); }
if (!myEncodeObject( X509_ASN_ENCODING, X509_CROSS_CERT_DIST_POINTS, &ccdpi, 0, CERTLIB_USE_LOCALALLOC, &pext->Value.pbData, &pext->Value.cbData)) { hr = myHLastError(); _JumpError(hr, error, "myEncodeObject"); }
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, wszINFSECTION_CCDP, pwszKey, NULL); } pext->pszObjId = szOID_CROSS_CERT_DIST_POINTS; // on error, too!
DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetCrossCertDistributionPointsExtension hr=%x --> f=%d, cb=%x\n", hr, pext->fCritical, pext->Value.cbData));
if (NULL != AltNameInfo.rgAltEntry) { LocalFree(AltNameInfo.rgAltEntry); } if (NULL != pwszzURL) { LocalFree(pwszzURL); } if (NULL != rgAltEntry) { LocalFree(rgAltEntry); } return(hr);}
HRESULTinfAddKey( IN WCHAR const *pwszName, IN OUT DWORD *pcValues, IN OUT INFVALUES **prgInfValues, OUT INFVALUES **ppInfValues){ HRESULT hr; INFVALUES *rgInfValues; WCHAR *pwszKeyT = NULL; hr = myDupString(pwszName, &pwszKeyT); _JumpIfError(hr, error, "myDupString");
if (NULL == *prgInfValues) { CSASSERT(0 == *pcValues); rgInfValues = (INFVALUES *) LocalAlloc( LMEM_FIXED | LMEM_ZEROINIT, sizeof(**prgInfValues)); } else { CSASSERT(0 != *pcValues); rgInfValues = (INFVALUES *) LocalReAlloc( *prgInfValues, (*pcValues + 1) * sizeof(**prgInfValues), LMEM_MOVEABLE | LMEM_ZEROINIT); } if (NULL == rgInfValues) { hr = E_OUTOFMEMORY; _JumpError( hr, error, NULL == *prgInfValues? "LocalAlloc" : "LocalReAlloc"); } *prgInfValues = rgInfValues; *ppInfValues = &rgInfValues[*pcValues]; (*pcValues)++; (*ppInfValues)->pwszKey = pwszKeyT; pwszKeyT = NULL; hr = S_OK;
error: if (NULL != pwszKeyT) { LocalFree(pwszKeyT); } return(hr);}
HRESULTinfAddValue( IN WCHAR const *pwszValue, IN OUT INFVALUES *pInfValues){ HRESULT hr; WCHAR *pwszValueT = NULL; WCHAR **rgpwszValues = NULL; hr = myDupString(pwszValue, &pwszValueT); _JumpIfError(hr, error, "myDupString");
if (NULL == pInfValues->rgpwszValues) { CSASSERT(0 == pInfValues->cValues); rgpwszValues = (WCHAR **) LocalAlloc( LMEM_FIXED, sizeof(*pInfValues->rgpwszValues)); } else { CSASSERT(0 != pInfValues->cValues); rgpwszValues = (WCHAR **) LocalReAlloc( pInfValues->rgpwszValues, (pInfValues->cValues + 1) * sizeof(*pInfValues->rgpwszValues), LMEM_MOVEABLE); } if (NULL == rgpwszValues) { hr = E_OUTOFMEMORY; _JumpError( hr, error, NULL == pInfValues->rgpwszValues? "LocalAlloc" : "LocalReAlloc"); } pInfValues->rgpwszValues = rgpwszValues; pInfValues->rgpwszValues[pInfValues->cValues] = pwszValueT; pInfValues->cValues++; pwszValueT = NULL; hr = S_OK;
error: if (NULL != pwszValueT) { LocalFree(pwszValueT); } return(hr);}
VOIDmyInfFreeSectionValues( IN DWORD cInfValues, IN OUT INFVALUES *rgInfValues){ DWORD i; DWORD ival; INFVALUES *pInfValues; if (NULL != rgInfValues) { for (i = 0; i < cInfValues; i++) { pInfValues = &rgInfValues[i];
if (NULL != pInfValues->pwszKey) { LocalFree(pInfValues->pwszKey); } if (NULL != pInfValues->rgpwszValues) { for (ival = 0; ival < pInfValues->cValues; ival++) { if (NULL != pInfValues->rgpwszValues[ival]) { LocalFree(pInfValues->rgpwszValues[ival]); } } LocalFree(pInfValues->rgpwszValues); } } LocalFree(rgInfValues); }}
//+------------------------------------------------------------------------
// myInfGetSectionValues -- fetch all section values from INF file
//
// [pwszSection]
// KeyName1 = KeyValue1a, KeyValue1b, ...
// KeyName2 = KeyValue2a, KeyValue2b, ...
// ...
// KeyNameN = KeyValueNa, KeyValueNb, ...
//
// Returns: array of key names and values
//-------------------------------------------------------------------------
HRESULTmyInfGetSectionValues( IN HINF hInf, IN WCHAR const *pwszSection, OUT DWORD *pcInfValues, OUT INFVALUES **prgInfValues){ HRESULT hr; INFCONTEXT InfContext; WCHAR wszName[MAX_PATH]; WCHAR wszValue[cwcVALUEMAX]; DWORD i; DWORD cInfValues = 0; INFVALUES *rgInfValues = NULL; INFVALUES *pInfValues;
*pcInfValues = 0; *prgInfValues = NULL; wszName[0] = L'\0'; wszValue[0] = L'\0'; myInfClearError();
if (NULL == hInf || INVALID_HANDLE_VALUE == hInf) { hr = E_HANDLE; _JumpError2(hr, error, "hInf", hr); } hr = infSetupFindFirstLine(hInf, pwszSection, NULL, &InfContext); _JumpIfErrorStr(hr, error, "infSetupFindFirstLine", pwszSection);
while (TRUE) { wszName[0] = L'\0'; wszValue[0] = L'\0'; if (!SetupGetStringField( &InfContext, 0, wszName, ARRAYSIZE(wszName), NULL)) { hr = myHLastError(); _JumpError(hr, error, "SetupGetStringField"); }
//wprintf(L"%ws[0]:\n", wszName);
hr = infAddKey(wszName, &cInfValues, &rgInfValues, &pInfValues); _JumpIfError(hr, error, "infAddKey");
for (i = 1; ; i++) { wszValue[0] = L'\0'; if (!SetupGetStringField( &InfContext, i, wszValue, ARRAYSIZE(wszValue), NULL)) { hr = myHLastError(); if (1 == i) { _JumpError(hr, error, "SetupGetStringField"); } break; } //wprintf(L"%ws[%u] = %ws\n", wszName, i, wszValue);
hr = infAddValue(wszValue, pInfValues); _JumpIfError(hr, error, "infAddValue"); }
if (!SetupFindNextLine(&InfContext, &InfContext)) { hr = myHLastError(); _PrintError2(hr, "SetupFindNextLine(end)", hr); break; } } *pcInfValues = cInfValues; *prgInfValues = rgInfValues; rgInfValues = NULL; hr = S_OK;
error: if (S_OK != hr && S_FALSE != hr) { INFSETERROR(hr, pwszSection, wszName, wszValue); } if (NULL != rgInfValues) { myInfFreeSectionValues(cInfValues, rgInfValues); }
DBGPRINT(( DBG_SS_CERTLIBI, "myInfGetSectionValues hr=%x --> c=%d\n", hr, *pcInfValues)); return(hr);}
|
