Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

220 lines
5.5 KiB

  1. /*++
  2. Copyright (c) 1997 Microsoft Corporation
  3. Module Name:
  4. sslinfo.hxx
  5. Abstract:
  6. Definitions and data structures for SERVER_SSL_INFO class; this holds information such
  7. as the server cert, info about verifying client certs etc
  8. Author:
  9. Alex Mallet (amallet) 03-Feb-1997
  10. --*/
  11. #ifndef _SSLINFO_HXX_
  12. #define _SSLINFO_HXX_
  13. #ifndef IIS_STORE_NAMES
  14. #define IIS_STORE_NAMES
  15. #define MY_STORE_NAME "MY"
  16. #define CA_STORE_NAME "CA"
  17. #define ROOT_STORE_NAME "ROOT"
  18. #endif //IIS_STORE_NAMES
  19. BOOL IsSelfSignedCert( IN PCCERT_CONTEXT pCertContext );
  20. //
  21. // Forward declarations
  22. //
  23. class IIS_SERVER_CERT;
  24. class IIS_CTL;
  25. #define IIS_SSL_INFO_SIGNATURE (DWORD) 'SISI'
  26. #define IIS_SSL_INFO_SIGNATURE_FREE (DWORD) 'sisi'
  27. #if DBG
  28. #define SSLINFO_REF_COUNT 1
  29. #else
  30. #define SSLINFO_REF_COUNT 0
  31. #endif //DBG
  32. #if SSLINFO_REF_COUNT
  33. #define C_SSLINFO_REFTRACES 40
  34. #endif
  35. typedef VOID (*NOTIFFNCPTR) ( LPVOID pvParam ) ;
  36. class dllexp IIS_SSL_INFO {
  37. public:
  38. //
  39. // Constructor, destructor
  40. //
  41. IIS_SSL_INFO( LPTSTR pszCertMBPath,
  42. IMDCOM *pMDObject );
  43. ~IIS_SSL_INFO();
  44. //
  45. // Server-certificate related functions
  46. //
  47. IIS_SERVER_CERT* GetCertificate();
  48. IIS_SERVER_CERT* QueryCertificate()
  49. {
  50. IIS_SERVER_CERT *pServerCert = NULL;
  51. Lock();
  52. pServerCert = m_pCert;
  53. Unlock();
  54. return pServerCert;
  55. }
  56. BOOL IsDefaultCertificate()
  57. { return m_fDefaultCert; }
  58. //
  59. // Client cert verification functions
  60. //
  61. IIS_CTL* GetCTL();
  62. IIS_CTL* QueryCTL()
  63. {
  64. IIS_CTL *pCTL = NULL;
  65. Lock();
  66. pCTL = m_pCTL;
  67. Unlock();
  68. return pCTL;
  69. }
  70. BOOL GetTrustedIssuerStore( OUT HCERTSTORE *phCertStore );
  71. BOOL GetTrustedIssuerCerts( OUT PCCERT_CONTEXT **ppcCertContext,
  72. OUT DWORD *pdwNumCerts );
  73. BOOL GetCertChainEngine( OUT HCERTCHAINENGINE *phEngine );
  74. //
  75. // Cert mapping-related functions
  76. //
  77. BOOL UseDSMapper( VOID );
  78. //
  79. // Utility functions
  80. //
  81. DWORD Reference();
  82. static DWORD Release( PVOID pvParam );
  83. static IIS_SSL_INFO * CreateSSLInfo( LPTSTR pszCertMBPath,
  84. IMDCOM * pMDObject );
  85. VOID Lock()
  86. { EnterCriticalSection( &m_CritSec ); }
  87. VOID Unlock()
  88. { LeaveCriticalSection( &m_CritSec ); }
  89. BOOL QueryCertValidity( DWORD *pdwCertValidity );
  90. VOID ReleaseFortezzaHandlers();
  91. BOOL CTLContainsCert( IN PCCERT_CONTEXT pCert,
  92. OUT BOOL *pfContains );
  93. #if DBG
  94. VOID DumpReferences();
  95. #endif //DBG
  96. private:
  97. BOOL CheckSignature()
  98. {
  99. return ( m_dwSignature == IIS_SSL_INFO_SIGNATURE );
  100. }
  101. BOOL IsDefaultCTL() { return m_fDefaultCTL; }
  102. BOOL CreateEngineRootStore();
  103. BOOL CreateEngineTrustStore();
  104. BOOL HasCertificate( OUT PBOOL pfHasCert,
  105. OUT PBOOL pfIsDefaultCert );
  106. BOOL HasCTL( OUT PBOOL pfHasCTL,
  107. OUT PBOOL pfIsDefaultCTL );
  108. BOOL CheckCAPIInfo( OUT PBOOL pfHasInfo,
  109. OUT PBOOL pfIsDefaultInfo,
  110. IN LPTSTR pszDefaultPath,
  111. IN DWORD *adwMetabaseProperties,
  112. IN DWORD cProperties );
  113. BOOL FindTopOfChain( IN PCCERT_CONTEXT pcLeafCert,
  114. OUT PCCERT_CONTEXT *ppcIssuer );
  115. BOOL IsTrustedRoot( IN PCCERT_CONTEXT pcCert,
  116. OUT BOOL *pfTrustedRoot );
  117. BOOL GetRootStoreCertificates( OUT PCCERT_CONTEXT **ppcCertContext,
  118. OUT DWORD *pdwCerts );
  119. DWORD m_dwSignature; //debug signature used to detect access after frees
  120. IIS_SERVER_CERT *m_pCert; //server certificate associated with this object
  121. BOOL m_fDefaultCert; //BOOL indicating whether instance-specific cert
  122. BOOL m_fCertOK; //BOOL indicating whether cert was constructed successfully
  123. IIS_CTL *m_pCTL; //CTL associated with this object
  124. BOOL m_fDefaultCTL; //BOOL indicating whether instance-specific CTL
  125. BOOL m_fCTLOK; //BOOL indicating whether CTL was constructed successfully
  126. STR m_strMBPath; //MB path server and CTL info is read out of
  127. IMDCOM *m_pMDObject; //object used for metabase accesses
  128. HCERTSTORE m_hTrustedIssuerStore; //handle for store containing trusted issuers
  129. //certs
  130. HCERTSTORE m_hRestrictedRoot; //handle to Restricted Root store for cert engine
  131. HCERTSTORE m_hRestrictedTrust; //handle to restricted Trust store for cert engine
  132. HCERTSTORE m_hMyStore; //cached handle to MY store
  133. HCERTSTORE m_hCAStore; //cached handle to CA store
  134. HCERTSTORE m_hRootStore; //cached handle to ROOT store
  135. CRITICAL_SECTION m_CritSec; //critical section protecting this object
  136. DWORD m_dwRefCount; //ref count on this object
  137. BOOL m_fUseDSMapper; //indicator whether to use default NT5 client cert mapper
  138. BOOL m_fCheckedDSMapper;
  139. HCERTCHAINENGINE m_hChainEngine; //handle to chain engine to use to verify client certs
  140. PCCERT_CONTEXT *m_acRootCerts; //array of certs in actual ROOT store
  141. DWORD m_cRootCerts; //number of certs in m_acRootCerts
  142. DWORD m_dwCertChainStatus; //status of cert chain for server cert
  143. #if SSLINFO_REF_COUNT
  144. //
  145. // Pointer to ref tracing object
  146. //
  147. PTRACE_LOG m_pRefTraceLog;
  148. #endif //SSLINFO_REF_COUNT
  149. };
  150. #endif //_SSLINFO_HXX_