archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/ui/itools/keyring/creating.cpp

662 lines
19 KiB
Raw Normal View History

Add source files
4 years ago
  1. // CreatingKeyDlg.cpp : implementation file
  2. //
  4. #include "stdafx.h"
  5. #include "resource.h"
  6. #include "keyobjs.h"
  8. #include "NKChseCA.h"
  9. #include "NKDN.h"
  10. #include "NKDN2.h"
  11. #include "NKKyInfo.h"
  12. #include "NKUsrInf.h"
  14. #include "Creating.h"
  15. #include "certcli.h"
  16. #include "OnlnAuth.h"
  18. #include "intrlkey.h"
  21. #define SECURITY_WIN32
  22. extern "C"
  23. {
  24. #include <wincrypt.h>
  25. #include <Sslsp.h>
  26. #include <sspi.h>
  27. #include <issperr.h>
  28. }
  31. #ifdef _DEBUG
  32. #define new DEBUG_NEW
  33. #undef THIS_FILE
  34. static char THIS_FILE[] = __FILE__;
  35. #endif
  37. UINT MyThreadProc( LPVOID pParam );
  39. /////////////////////////////////////////////////////////////////////////////
  40. // CCreateKeyProgThread thread controller
  42. /////////////////////////////////////////////////////////////////////////////
  43. // CCreatingKeyDlg dialog
  44. //----------------------------------------------------------------
  45. CCreatingKeyDlg::CCreatingKeyDlg(CWnd* pParent /*=NULL*/)
  46. : CDialog(CCreatingKeyDlg::IDD, pParent),
  47. m_cbPrivateKey( 0 ),
  48. m_pPrivateKey( NULL ),
  49. m_cbCertificate( 0 ),
  50. m_pCertificate( NULL ),
  51. m_cbCertificateRequest( 0 ),
  52. m_pCertificateRequest( NULL ),
  53. m_pKey( NULL ),
  54. m_pService( NULL ),
  55. m_fResubmitKey( FALSE ),
  56. m_fRenewExistingKey( FALSE ),
  57. m_fGenerateKeyPair( FALSE )
  58. {
  59. //{{AFX_DATA_INIT(CCreatingKeyDlg)
  60. m_sz_message = _T("");
  61. //}}AFX_DATA_INIT
  62. }
  64. //----------------------------------------------------------------
  65. CCreatingKeyDlg::~CCreatingKeyDlg()
  66. {
  67. // now that I'm adding a header in front of the requests, we need
  68. // to dispose of it here.
  69. if ( m_pCertificateRequest )
  70. GlobalFree( m_pCertificateRequest );
  71. m_pCertificateRequest = NULL;
  72. }
  74. //----------------------------------------------------------------
  75. void CCreatingKeyDlg::DoDataExchange(CDataExchange* pDX)
  76. {
  77. CDialog::DoDataExchange(pDX);
  78. //{{AFX_DATA_MAP(CCreatingKeyDlg)
  79. DDX_Control(pDX, IDC_MESSAGE, m_cstatic_message);
  80. DDX_Control(pDX, IDOK, m_btn_ok);
  81. DDX_Control(pDX, IDC_GRINDER_ANIMATION, m_animation);
  82. DDX_Text(pDX, IDC_MESSAGE, m_sz_message);
  83. //}}AFX_DATA_MAP
  84. }
  87. //----------------------------------------------------------------
  88. BEGIN_MESSAGE_MAP(CCreatingKeyDlg, CDialog)
  89. //{{AFX_MSG_MAP(CCreatingKeyDlg)
  90. // NOTE: the ClassWizard will add message map macros here
  91. //}}AFX_MSG_MAP
  92. END_MESSAGE_MAP()
  94. /////////////////////////////////////////////////////////////////////////////
  95. // CCreatingKeyDlg message handlers
  96. //----------------------------------------------------------------
  97. // override virtual oninitdialog
  98. BOOL CCreatingKeyDlg::OnInitDialog( )
  99. {
  100. // tell the user that we are generating the new key request
  101. // might as well do that here, since it is first
  102. m_sz_message.LoadString( IDS_GRIND_GENERATING );
  104. // call the base oninit
  105. CDialog::OnInitDialog();
  107. // disable the ok button
  108. m_btn_ok.EnableWindow( FALSE );
  110. // tell the animation control to set itself up
  111. CString szAnimName;
  112. szAnimName.LoadString(IDS_CREATING_ANIMATION);
  113. m_animation.Open( IDR_AVI_CREATING_KEY );
  115. // start up the worker thread
  116. AfxBeginThread( (AFX_THREADPROC)MyThreadProc, this);
  118. // return 0 to say we set the default item
  119. // return 1 to just select the default default item
  120. return 1;
  121. }
  123. //----------------------------------------------------------------
  124. UINT MyThreadProc( LPVOID pParam )
  125. {
  126. CCreatingKeyDlg* pDlg = (CCreatingKeyDlg*)pParam;
  127. BOOL fSuccess = TRUE;
  129. // this thread needs its own coinitialize
  130. HRESULT hRes = CoInitialize(NULL);
  131. if ( FAILED(hRes) )
  132. return GetLastError();
  134. // if the flag is set, generate the key pair
  135. if ( pDlg->m_fGenerateKeyPair )
  136. fSuccess = pDlg->FGenerateKeyPair();
  139. // do the work that needs to get done
  140. if ( fSuccess )
  141. {
  142. // if the request was generated, go to post
  143. pDlg->PostGenerateKeyPair();
  144. }
  145. else
  146. {
  147. // we weren't able to generate the keypair. Leave.
  148. AfxMessageBox( IDS_GEN_KEYPAIR_ERR );
  149. pDlg->EndDialog( IDCANCEL );
  150. }
  152. // return
  153. return 0;
  154. }
  156. //------------------------------------------------------------------------------
  157. void CCreatingKeyDlg::PostGenerateKeyPair()
  158. {
  159. BOOL fPlacedRequest = TRUE;
  161. // first we create the new key object and fill it in as best we can
  162. if ( !m_pKey )
  163. {
  164. ASSERT( !m_fRenewExistingKey );
  165. ASSERT( !m_fResubmitKey );
  166. try
  167. {
  168. CreateNewKey();
  169. }
  170. catch (CException e)
  171. {
  172. AfxMessageBox( IDS_GEN_KEYPAIR_ERR );
  173. EndDialog( IDCANCEL );
  174. return;
  175. }
  176. }
  178. // if we are renewing an existing key, target the key appropriately
  179. if ( m_fRenewExistingKey )
  180. RetargetKey();
  183. // if resubmitting the key, do so
  184. if ( m_fResubmitKey )
  185. {
  186. // tell the user that we are attempting to submit the request
  187. m_sz_message.LoadString( IDS_GRIND_RESUBMITTING );
  188. m_cstatic_message.SetWindowText(m_sz_message);
  190. // submit the request
  191. SubmitRequestToAuthority();
  192. }
  193. else
  194. // send the request off to the online service, if that was chosen.
  195. if ( m_ppage_Choose_CA && m_ppage_Choose_CA->m_nkca_radio == 1 )
  196. {
  197. // tell the user that we are attempting to submit the request
  198. m_sz_message.LoadString( IDS_GRIND_SUBMITTING );
  199. m_cstatic_message.SetWindowText(m_sz_message);
  201. // submit the request
  202. SubmitRequestToAuthority();
  203. }
  204. else
  205. // if targeted as such, write it to the file
  206. {
  207. // write the request out
  208. fPlacedRequest = WriteRequestToFile();
  209. }
  211. // one final show string
  212. // NOTE: cannot use UpdateData because we are in a different
  213. // thread than the dialog. UpdateData crashes.
  214. if ( fPlacedRequest )
  215. m_cstatic_message.SetWindowText(m_sz_message);
  216. else
  217. {
  218. m_sz_message.LoadString( IDS_IO_ERROR );
  219. m_cstatic_message.SetWindowText(m_sz_message);
  220. }
  222. // activate the ok button so we can close
  223. m_btn_ok.EnableWindow( TRUE );
  225. // stop the avi from spinning. That would give the wrong impression
  226. m_animation.Stop();
  227. }
  229. //------------------------------------------------------------------------------
  230. BOOL CCreatingKeyDlg::RetargetKey()
  231. {
  232. ASSERT( m_ppage_Choose_CA );
  233. LPREQUEST_HEADER pHeader = (LPREQUEST_HEADER)m_pKey->m_pCertificateRequest;
  235. // if we are sending the key to an online authority, record which one
  236. if ( m_ppage_Choose_CA->m_nkca_radio == 1 )
  237. {
  238. // get the path of the authority dll
  239. CString szCA;
  240. if ( m_ppage_Choose_CA->GetSelectedCA(szCA) == ERROR_SUCCESS )
  241. {
  242. // fill in the rest of the request header, indicating the online authority
  243. pHeader->fReqSentToOnlineCA = TRUE;
  244. strncpy( pHeader->chCA, szCA, MAX_PATH-1 );
  245. }
  246. }
  247. else
  248. {
  249. // clear it for the file
  250. pHeader->fReqSentToOnlineCA = FALSE;
  251. }
  253. return TRUE;
  254. }
  256. //------------------------------------------------------------------------------
  257. void CCreatingKeyDlg::CreateNewKey()
  258. {
  259. // create the new key object
  260. m_pKey = m_pService->PNewKey();
  262. // put in the name of the key
  263. m_pKey->SetName( m_ppage_Key_Info->m_nkki_sz_name );
  264. // put in the password too
  265. m_pKey->m_szPassword = m_ppage_Key_Info->m_nkki_sz_password;
  267. // set the private data into place
  268. ASSERT( m_cbPrivateKey );
  269. ASSERT( m_pPrivateKey );
  270. m_pKey->m_cbPrivateKey = m_cbPrivateKey;
  271. m_pKey->m_pPrivateKey = m_pPrivateKey;
  273. // set the request into place
  274. // not quite as simple because now we have the header that goes in first.
  275. ASSERT( m_cbCertificateRequest );
  276. ASSERT( m_pCertificateRequest );
  278. // allocate the the request pointer - include space for the header
  279. DWORD cbRequestAndHeader = m_cbCertificateRequest + sizeof(KeyRequestHeader);
  280. m_pKey->m_cbCertificateRequest = cbRequestAndHeader;
  281. m_pKey->m_pCertificateRequest = GlobalAlloc( GPTR, cbRequestAndHeader );
  282. ASSERT( m_pKey->m_pCertificateRequest );
  283. if ( !m_pKey->m_pCertificateRequest ) AfxThrowMemoryException();
  285. // fill in the basic header. Assume there is no online ca for now
  286. ZeroMemory( m_pKey->m_pCertificateRequest, sizeof(KeyRequestHeader) );
  287. LPREQUEST_HEADER pHeader = (LPREQUEST_HEADER)m_pKey->m_pCertificateRequest;
  288. pHeader->Identifier = REQUEST_HEADER_IDENTIFIER; // required
  289. pHeader->Version = REQUEST_HEADER_CURVERSION; // required
  290. pHeader->cbSizeOfHeader = sizeof(KeyRequestHeader); // required
  291. pHeader->cbRequestSize = m_cbCertificateRequest; // required
  293. // copy over the request data
  294. memcpy( (PUCHAR)m_pKey->m_pCertificateRequest + sizeof(KeyRequestHeader),
  295. (PUCHAR)m_pCertificateRequest, m_cbCertificateRequest );
  297. // if we are sending the key to an online authority, record which one
  298. if ( m_ppage_Choose_CA->m_nkca_radio == 1 )
  299. {
  300. // get the path of the authority dll
  301. CString szCA;
  302. if ( m_ppage_Choose_CA->GetSelectedCA(szCA) == ERROR_SUCCESS )
  303. {
  304. // fill in the rest of the request header, indicating the online authority
  305. pHeader->fReqSentToOnlineCA = TRUE;
  306. strncpy( pHeader->chCA, szCA, MAX_PATH-1 );
  307. }
  308. }
  309. }
  311. //------------------------------------------------------------------------------
  312. BOOL CCreatingKeyDlg::SubmitRequestToAuthority()
  313. {
  314. DWORD err;
  315. BOOL fAnswer = FALSE;
  316. HINSTANCE hLibrary = NULL;
  317. PUCHAR pEncoded;
  318. DWORD cbEncoded = m_pKey->m_cbCertificateRequest;
  319. PUCHAR pResponse;
  320. HRESULT hErr;
  322. LPTSTR szTCert;
  323. CString szRawCert;
  324. BSTR bstrCert = NULL;
  326. BSTR bstrDisposition = NULL;
  328. LPREQUEST_HEADER pHeader = (LPREQUEST_HEADER)m_pKey->m_pCertificateRequest;
  330. // make sure the header is a valid version (the K2 alpha/beta1 version is no
  331. // longer valid because the interface to the CA server has totally changed.
  332. // specifically we now track GUIDs instead of dll paths
  333. if ( pHeader->Version < REQUEST_HEADER_K2B2VERSION )
  334. {
  335. m_sz_message.LoadString( IDS_CA_ERROR );
  336. AfxMessageBox( IDS_INVALID_CA_REQUEST_OLD );
  337. return FALSE;
  338. }
  340. // initialize the authority object
  341. // prepare the authority object
  342. COnlineAuthority authority;
  343. if ( !authority.FInitSZ(pHeader->chCA) )
  344. {
  345. m_sz_message.LoadString( IDS_CA_ERROR );
  346. AfxMessageBox( IDS_CA_NO_INTERFACE );
  347. return FALSE;
  348. }
  350. // get the previously set up configuration string
  351. BSTR bstrConfig = NULL;
  352. if ( !authority.FGetPropertyString( &bstrConfig ) )
  353. {
  354. m_sz_message.LoadString( IDS_CA_ERROR );
  355. AfxMessageBox( IDS_CA_NO_INTERFACE );
  356. return FALSE;
  357. }
  360. // YES - I HAVE tried to pass this in as binary, but that doesn't seem to work right now.
  362. // generate a base-64 encoded request
  363. DWORD cbReq = m_pKey->m_cbCertificateRequest;
  364. PUCHAR preq = PCreateEncodedRequest( m_pKey->m_pCertificateRequest, &cbReq, FALSE );
  365. preq[cbReq] = 0;
  367. // Great. Now this needs to be unicode.
  368. OLECHAR* poch = NULL;
  369. // get the number of characters in the encoded request, plus some
  370. DWORD cchReq = _tcslen((PCHAR)preq) + 60;
  371. poch = (OLECHAR*)GlobalAlloc( GPTR, cchReq * 2 );
  372. // unicodize the name into the buffer
  373. if ( poch )
  374. MultiByteToWideChar( CP_ACP, MB_PRECOMPOSED, (PCHAR)preq, -1,
  375. poch, cchReq );
  377. // prepare the BSTR containing the request
  378. BSTR bstrRequest = NULL;
  379. bstrRequest = SysAllocString(poch);
  380. // cleanup
  381. GlobalFree( poch );
  384. // prepare the extra attributes string
  385. BSTR bstrAttrib = NULL;
  386. WORD zero = 0;
  387. bstrAttrib = SysAllocString(&zero);
  389. LONG longDisposition;
  391. // if this is the first time for this cert, call the submit method
  392. if ( !pHeader->fWaitingForApproval )
  393. {
  394. // set the flag
  395. pHeader->fReqSentToOnlineCA = TRUE;
  397. // make the call
  398. hErr = authority.pIRequest->Submit(
  399. // CR_IN_BINARY | CR_IN_PKCS10,
  400. CR_IN_BASE64HEADER | CR_IN_PKCS10,
  401. bstrRequest,
  402. bstrAttrib,
  403. bstrConfig,
  404. &longDisposition);
  406. // get the full error message text
  407. authority.pIRequest->GetDispositionMessage( &bstrDisposition );
  408. // get the string out and put it in m_sz_message
  409. BuildAuthErrorMessage( bstrDisposition, hErr );
  411. // no matter what, try to get the request ID
  412. authority.pIRequest->GetRequestId( &pHeader->longRequestID );
  413. }
  414. else
  415. // if it has already been submitted, call the pending method
  416. {
  417. // make the call
  418. hErr = authority.pIRequest->RetrievePending(
  419. pHeader->longRequestID,
  420. bstrConfig,
  421. &longDisposition);
  423. // get the full error message text
  424. authority.pIRequest->GetDispositionMessage( &bstrDisposition );
  425. // get the string out and put it in m_sz_message
  426. BuildAuthErrorMessage( bstrDisposition, hErr );
  427. }
  429. // do the appropriate thing depending on the disposition of the response
  430. switch( longDisposition )
  431. {
  432. case CR_DISP_INCOMPLETE:
  433. case CR_DISP_ERROR:
  434. case CR_DISP_DENIED:
  435. // error message obtained via BuildAuthErrorMessage above
  436. break;
  438. case CR_DISP_UNDER_SUBMISSION:
  439. // we need to try again later
  440. m_sz_message.LoadString( IDS_GRIND_DELAYED );
  442. // set the waiting for response flag
  443. pHeader->fWaitingForApproval = TRUE;
  444. break;
  445. case CR_DISP_ISSUED_OUT_OF_BAND:
  446. case CR_DISP_ISSUED:
  447. // get the certificate
  448. hErr = authority.pIRequest->GetCertificate( CR_OUT_BASE64HEADER, &bstrCert);
  449. if ( FAILED(hErr) )
  450. {
  451. // get the detailed error disposition string - reuse bstrAttrib
  452. authority.pIRequest->GetDispositionMessage( &bstrDisposition );
  453. // get the string out and put it in m_sz_message
  454. BuildAuthErrorMessage( bstrDisposition, hErr );
  455. break;
  456. }
  458. // make sure the "waiting" flag is cleared
  459. pHeader->fWaitingForApproval = FALSE;
  461. // extract the certificate from the bstr
  462. szRawCert = bstrCert;
  463. szTCert = szRawCert.GetBuffer(szRawCert.GetLength()+1);
  465. // great. The last thing left is to uudecode the data we got
  466. uudecode_cert( szTCert, &m_pKey->m_cbCertificate );
  468. //copy it into place
  469. if ( m_pKey->m_pCertificate )
  470. GlobalFree( m_pKey->m_pCertificate );
  471. m_pKey->m_pCertificate = GlobalAlloc( GPTR, m_pKey->m_cbCertificate );
  472. CopyMemory( m_pKey->m_pCertificate, szTCert, m_pKey->m_cbCertificate );
  473. szRawCert.ReleaseBuffer(0);
  475. // tell the key it is done
  476. // success! Let the user know about it
  477. m_sz_message.LoadString( IDS_GRIND_SUCCESS );
  479. // cleanup
  480. fAnswer = TRUE;
  481. break;
  482. };
  484. // clean up all the bstrings
  485. if ( bstrCert ) SysFreeString( bstrCert );
  486. if ( bstrConfig ) SysFreeString( bstrConfig );
  487. if ( bstrRequest ) SysFreeString( bstrRequest );
  488. if ( bstrAttrib ) SysFreeString( bstrAttrib );
  489. if ( bstrDisposition ) SysFreeString( bstrDisposition );
  491. // return the answer
  492. return fAnswer;
  493. }
  496. //------------------------------------------------------------------------------
  497. void CCreatingKeyDlg::BuildAuthErrorMessage( BSTR bstrMesage, HRESULT hErr )
  498. {
  499. // set the header to the message first
  500. m_sz_message.LoadString( IDS_GRIND_ONLINE_FAILURE );
  502. // add the specific message from the certificate authority
  503. if ( bstrMesage )
  504. m_sz_message += bstrMesage;
  506. // get the error code part going too.
  507. CString szErr;
  508. szErr.LoadString( IDS_ERR_GENERIC_ERRCODE );
  510. // put it all together
  511. m_sz_message.Format( "%s%s%x", m_sz_message, szErr, hErr );
  512. }
  515. //------------------------------------------------------------------------------
  516. BOOL CCreatingKeyDlg::WriteRequestToFile()
  517. {
  518. // fill in a admin info structure
  519. ADMIN_INFO info;
  520. info.pName = &m_ppage_User_Info->m_nkui_sz_name;
  521. info.pEmail = &m_ppage_User_Info->m_nkui_sz_email;
  522. info.pPhone = &m_ppage_User_Info->m_nkui_sz_phone;
  524. if ( m_ppage_DN )
  525. {
  526. info.pCommonName = &m_ppage_DN->m_nkdn_sz_CN;
  527. info.pOrgUnit = &m_ppage_DN->m_nkdn_sz_OU;
  528. info.pOrg = &m_ppage_DN->m_nkdn_sz_O;
  529. info.pLocality = &m_ppage_DN2->m_nkdn2_sz_L;
  530. info.pState = &m_ppage_DN2->m_nkdn2_sz_S;
  531. info.pCountry = &m_ppage_DN2->m_nkdn2_sz_C;
  532. }
  533. else
  534. {
  535. info.pCommonName = NULL;
  536. info.pOrgUnit = NULL;
  537. info.pOrg = NULL;
  538. info.pLocality = NULL;
  539. info.pState = NULL;
  540. info.pCountry = NULL;
  541. }
  543. // tell the key to write itself out to the disk
  544. if ( !m_pKey->FOutputRequestFile( m_ppage_Choose_CA->m_nkca_sz_file, FALSE, &info ) )
  545. return FALSE;
  547. // tell the user its there
  548. m_sz_message.LoadString( IDS_GRIND_FILE );
  549. m_sz_message += m_ppage_Choose_CA->m_nkca_sz_file;
  551. // success
  552. return TRUE;
  553. }
  555. //------------------------------------------------------------------------------
  556. BOOL CCreatingKeyDlg::FGenerateKeyPair()
  557. {
  558. BOOL fSuccess = FALSE;
  559. CString szDistinguishedName;
  560. SSL_CREDENTIAL_CERTIFICATE certs;
  561. LPTSTR pSzDN, pSzPassword;
  562. BOOL fAddComma = FALSE;
  564. // generate the distinguished name string
  565. try
  566. {
  567. szDistinguishedName.Empty();
  568. // we should never put an empty parameter in the list
  570. // start with the country code
  571. if ( !m_ppage_DN2->m_nkdn2_sz_C.IsEmpty() )
  572. {
  573. szDistinguishedName = SZ_KEY_COUNTRY;
  574. szDistinguishedName += m_ppage_DN2->m_nkdn2_sz_C;
  575. fAddComma = TRUE;
  576. }
  578. // now add on the state/province
  579. if ( !m_ppage_DN2->m_nkdn2_sz_S.IsEmpty() )
  580. {
  581. if ( fAddComma )
  582. szDistinguishedName += ",";
  583. szDistinguishedName += SZ_KEY_STATE;
  584. szDistinguishedName += m_ppage_DN2->m_nkdn2_sz_S;
  585. fAddComma = TRUE;
  586. }
  588. // now add on the locality
  589. if ( !m_ppage_DN2->m_nkdn2_sz_L.IsEmpty() )
  590. {
  591. if ( fAddComma )
  592. szDistinguishedName += ",";
  593. szDistinguishedName += SZ_KEY_LOCALITY;
  594. szDistinguishedName += m_ppage_DN2->m_nkdn2_sz_L;
  595. fAddComma = TRUE;
  596. }
  598. // now add on the organization
  599. if ( !m_ppage_DN->m_nkdn_sz_O.IsEmpty() )
  600. {
  601. if ( fAddComma )
  602. szDistinguishedName += ",";
  603. szDistinguishedName += SZ_KEY_ORGANIZATION;
  604. szDistinguishedName += m_ppage_DN->m_nkdn_sz_O;
  605. fAddComma = TRUE;
  606. }
  608. // now add on the organizational unit (optional)
  609. if ( !m_ppage_DN->m_nkdn_sz_OU.IsEmpty() )
  610. {
  611. if ( fAddComma )
  612. szDistinguishedName += ",";
  613. szDistinguishedName += SZ_KEY_ORGUNIT;
  614. szDistinguishedName += m_ppage_DN->m_nkdn_sz_OU;
  615. fAddComma = TRUE;
  616. }
  618. // now add on the common name (netaddress)
  619. if ( !m_ppage_DN->m_nkdn_sz_CN.IsEmpty() )
  620. {
  621. if ( fAddComma )
  622. szDistinguishedName += ",";
  623. szDistinguishedName += SZ_KEY_COMNAME;
  624. szDistinguishedName += m_ppage_DN->m_nkdn_sz_CN;
  625. fAddComma = TRUE;
  626. }
  627. }
  628. catch( CException e )
  629. {
  630. return FALSE;
  631. }
  633. // prep the strings - we need a pointer to the data
  634. pSzDN = szDistinguishedName.GetBuffer( szDistinguishedName.GetLength()+2 );
  635. pSzPassword = m_ppage_Key_Info->m_nkki_sz_password.GetBuffer(
  636. m_ppage_Key_Info->m_nkki_sz_password.GetLength()+2 );
  638. // zero out the certs
  639. ZeroMemory( &certs, sizeof(certs) );
  641. // generate the key pair
  642. fSuccess = SslGenerateKeyPair( &certs, pSzDN, pSzPassword, m_ppage_Key_Info->m_nBits );
  644. // release the string buffers
  645. m_ppage_Key_Info->m_nkki_sz_password.ReleaseBuffer( -1 );
  646. szDistinguishedName.ReleaseBuffer( -1 );
  648. // if generating the key pair failed, leave now
  649. if ( !fSuccess )
  650. {
  651. return FALSE;
  652. }
  654. // store away the cert and the key
  655. m_cbPrivateKey = certs.cbPrivateKey;
  656. m_pPrivateKey = certs.pPrivateKey;
  657. m_cbCertificateRequest = certs.cbCertificate;
  658. m_pCertificateRequest = certs.pCertificate;
  660. // return the success flag
  661. return fSuccess;
  662. }