mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1372 lines
45 KiB
1372 lines
45 KiB
//depot/Lab03_N/DS/security/cryptoapi/common/keysvc/keysvcc.cpp#9 - edit change 6380 (text)
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1997 - 1999
|
|
//
|
|
// File: keysvcc.cpp
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
#include <windows.h>
|
|
#include <wincrypt.h>
|
|
#include "keysvc.h"
|
|
#include "cryptui.h"
|
|
#include "lenroll.h"
|
|
#include "keysvcc.h"
|
|
|
|
#include "unicode.h"
|
|
#include "waitsvc.h"
|
|
|
|
typedef struct _WZR_RPC_BINDING_LIST
|
|
{
|
|
LPCSTR pszProtSeq;
|
|
LPCSTR pszEndpoint;
|
|
} WZR_RPC_BINDING_LIST;
|
|
|
|
WZR_RPC_BINDING_LIST g_awzrBindingList[] =
|
|
{
|
|
{ KEYSVC_LOCAL_PROT_SEQ, KEYSVC_LOCAL_ENDPOINT },
|
|
{ KEYSVC_DEFAULT_PROT_SEQ, KEYSVC_DEFAULT_ENDPOINT},
|
|
{ KEYSVC_LEGACY_PROT_SEQ, KEYSVC_LEGACY_ENDPOINT}
|
|
};
|
|
|
|
DWORD g_cwzrBindingList = sizeof(g_awzrBindingList)/sizeof(g_awzrBindingList[0]);
|
|
|
|
/****************************************
|
|
* Client side Key Service handles
|
|
****************************************/
|
|
|
|
typedef struct _KEYSVCC_INFO_ {
|
|
KEYSVC_HANDLE hKeySvc;
|
|
handle_t hRPCBinding;
|
|
} KEYSVCC_INFO, *PKEYSVCC_INFO;
|
|
|
|
|
|
void InitUnicodeString(
|
|
PKEYSVC_UNICODE_STRING pUnicodeString,
|
|
LPCWSTR pszString
|
|
)
|
|
{
|
|
pUnicodeString->Length = wcslen(pszString) * sizeof(WCHAR);
|
|
pUnicodeString->MaximumLength = pUnicodeString->Length + sizeof(WCHAR);
|
|
pUnicodeString->Buffer = (USHORT*)pszString;
|
|
}
|
|
|
|
//*****************************************************
|
|
//
|
|
// Implementation of Client API for Key Service
|
|
//
|
|
//*****************************************************
|
|
|
|
ULONG KeyOpenKeyServiceEx
|
|
(/* [in] */ RPC_IF_HANDLE rpc_ifspec,
|
|
/* [in] */ LPSTR pszMachineName,
|
|
/* [in] */ KEYSVC_TYPE OwnerType,
|
|
/* [in] */ LPWSTR pwszOwnerName,
|
|
/* [in] */ void *pAuthentication,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out] */ KEYSVCC_HANDLE *phKeySvcCli)
|
|
|
|
{
|
|
PKEYSVC_BLOB pVersion = NULL;
|
|
KEYSVC_BLOB Authentication;
|
|
PKEYSVC_BLOB pAuth;
|
|
unsigned char *pStringBinding = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
KEYSVC_UNICODE_STRING OwnerName;
|
|
ULONG ulErr = 0;
|
|
DWORD i;
|
|
static BOOL fDone = FALSE;
|
|
|
|
|
|
memset(&Authentication, 0, sizeof(Authentication));
|
|
memset(&OwnerName, 0, sizeof(OwnerName));
|
|
|
|
if (NULL != pAuthentication)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
if (NULL != pwszOwnerName)
|
|
{
|
|
InitUnicodeString(&OwnerName, pwszOwnerName);
|
|
}
|
|
|
|
|
|
// allocate for the client key service handle
|
|
if (NULL == (pKeySvcCliInfo =
|
|
(PKEYSVCC_INFO)LocalAlloc(LMEM_ZEROINIT,
|
|
sizeof(KEYSVCC_INFO))))
|
|
{
|
|
ulErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
|
|
//
|
|
// before doing the Bind operation, wait for the cryptography
|
|
// service to be available.
|
|
//
|
|
|
|
WaitForCryptService(L"ProtectedStorage", &fDone);
|
|
for (i = 0; i < g_cwzrBindingList; i++)
|
|
{
|
|
if (RPC_S_OK != RpcNetworkIsProtseqValid(
|
|
(unsigned char *)g_awzrBindingList[i].pszProtSeq))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
ulErr = RpcStringBindingComposeA(
|
|
NULL,
|
|
(unsigned char *)g_awzrBindingList[i].pszProtSeq,
|
|
(unsigned char *)pszMachineName,
|
|
(unsigned char *)g_awzrBindingList[i].pszEndpoint,
|
|
NULL,
|
|
&pStringBinding);
|
|
if (RPC_S_OK != ulErr)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
ulErr = RpcBindingFromStringBinding(
|
|
pStringBinding,
|
|
&pKeySvcCliInfo->hRPCBinding);
|
|
if (NULL != pStringBinding)
|
|
{
|
|
RpcStringFree(&pStringBinding);
|
|
}
|
|
if (RPC_S_OK != ulErr)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
ulErr = RpcEpResolveBinding(pKeySvcCliInfo->hRPCBinding, rpc_ifspec);
|
|
if (RPC_S_OK != ulErr)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
|
|
__try
|
|
{
|
|
|
|
ulErr = KeyrOpenKeyService(pKeySvcCliInfo->hRPCBinding,
|
|
OwnerType, &OwnerName,
|
|
0, &Authentication,
|
|
&pVersion, &pKeySvcCliInfo->hKeySvc);
|
|
|
|
*phKeySvcCli = (KEYSVCC_HANDLE)pKeySvcCliInfo;
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
if (RPC_S_OK == ulErr)
|
|
{
|
|
break;
|
|
}
|
|
|
|
}
|
|
|
|
if(RPC_S_OK != ulErr)
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
if (NULL != pReserved)
|
|
{
|
|
PKEYSVC_OPEN_KEYSVC_INFO pOpenInfoCaller = (PKEYSVC_OPEN_KEYSVC_INFO)pReserved;
|
|
if (pOpenInfoCaller->ulSize != sizeof(KEYSVC_OPEN_KEYSVC_INFO))
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
if (NULL == pVersion)
|
|
{
|
|
pOpenInfoCaller->ulVersion = KEYSVC_VERSION_W2K;
|
|
}
|
|
else
|
|
{
|
|
if (NULL == pVersion->pb)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
PKEYSVC_OPEN_KEYSVC_INFO pOpenInfoCallee = (PKEYSVC_OPEN_KEYSVC_INFO)pVersion->pb;
|
|
if (pOpenInfoCallee->ulSize != sizeof(KEYSVC_OPEN_KEYSVC_INFO))
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pOpenInfoCaller->ulVersion = pOpenInfoCallee->ulVersion;
|
|
}
|
|
}
|
|
|
|
Ret:
|
|
__try
|
|
{
|
|
if (NULL != pVersion)
|
|
midl_user_free(pVersion);
|
|
if (pStringBinding)
|
|
RpcStringFree(&pStringBinding);
|
|
if (0 != ulErr)
|
|
{
|
|
if (pKeySvcCliInfo)
|
|
{
|
|
// close the RPC binding
|
|
if (pKeySvcCliInfo->hRPCBinding)
|
|
RpcBindingFree(&pKeySvcCliInfo->hRPCBinding);
|
|
LocalFree(pKeySvcCliInfo);
|
|
}
|
|
}
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyOpenKeyService
|
|
(/* [in] */ LPSTR pszMachineName,
|
|
/* [in] */ KEYSVC_TYPE OwnerType,
|
|
/* [in] */ LPWSTR pwszOwnerName,
|
|
/* [in] */ void *pAuthentication,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out] */ KEYSVCC_HANDLE *phKeySvcCli)
|
|
{
|
|
return KeyOpenKeyServiceEx
|
|
(IKeySvc_v1_0_c_ifspec,
|
|
pszMachineName,
|
|
OwnerType,
|
|
pwszOwnerName,
|
|
pAuthentication,
|
|
pReserved,
|
|
phKeySvcCli);
|
|
}
|
|
|
|
ULONG KeyEnumerateProviders(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out][in] */ ULONG *pcProviderCount,
|
|
/* [size_is][size_is][out][in] */ PKEYSVC_PROVIDER_INFO *ppProviders)
|
|
{
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrEnumerateProviders(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&pTmpReserved,
|
|
pcProviderCount, ppProviders);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyEnumerateProviderTypes(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out][in] */ ULONG *pcProviderCount,
|
|
/* [size_is][size_is][out][in] */ PKEYSVC_PROVIDER_INFO *ppProviders)
|
|
{
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrEnumerateProviderTypes(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&pTmpReserved,
|
|
pcProviderCount, ppProviders);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyEnumerateProvContainers(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ KEYSVC_PROVIDER_INFO Provider,
|
|
/* [in, out] */ void *pReserved,
|
|
/* [in, out] */ ULONG *pcContainerCount,
|
|
/* [in, out][size_is(,*pcContainerCount)] */
|
|
PKEYSVC_UNICODE_STRING *ppContainers)
|
|
{
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
return KeyrEnumerateProvContainers(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
Provider,
|
|
&pTmpReserved, pcContainerCount,
|
|
ppContainers);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyCloseKeyService(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [out][in] */ void *pReserved)
|
|
{
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrCloseKeyService(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&pTmpReserved);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyGetDefaultProvider(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ ULONG ulProvType,
|
|
/* [in] */ ULONG ulFlags,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out] */ ULONG *pulDefType,
|
|
/* [out] */ PKEYSVC_PROVIDER_INFO *ppProvider)
|
|
{
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrGetDefaultProvider(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
ulProvType, ulFlags,
|
|
&pTmpReserved, pulDefType,
|
|
ppProvider);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeySetDefaultProvider(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ ULONG ulFlags,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [in] */ KEYSVC_PROVIDER_INFO Provider)
|
|
{
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrSetDefaultProvider(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
ulFlags, &pTmpReserved,
|
|
Provider);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyEnroll
|
|
(/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ LPSTR pszMachineName, //IN Required: name of the remote machine
|
|
/* [in] */ BOOL fKeyService, //IN Required: Whether the function is called remotely
|
|
/* [in] */ DWORD dwPurpose, //IN Required: Indicates type of request - enroll/renew
|
|
/* [in] */ LPWSTR pszAcctName, //IN Optional: Account name the service runs under
|
|
/* [in] */ void *pAuthentication, //RESERVED must be NULL
|
|
/* [in] */ BOOL fEnroll, //IN Required: Whether it is enrollment or renew
|
|
/* [in] */ LPWSTR pszCALocation, //IN Required: The ca machine name
|
|
/* [in] */ LPWSTR pszCAName, //IN Required: The ca name
|
|
/* [in] */ BOOL fNewKey, //IN Required: Set the TRUE if new private key is needed
|
|
/* [in] */ PCERT_REQUEST_PVK_NEW pKeyNew, //IN Required: The private key information
|
|
/* [in] */ CERT_BLOB *pCert, //IN Optional: The old certificate if renewing
|
|
/* [in] */ PCERT_REQUEST_PVK_NEW pRenewKey, //IN Optional: The new private key information
|
|
/* [in] */ LPWSTR pszHashAlg, //IN Optional: The hash algorithm
|
|
/* [in] */ LPWSTR pszDesStore, //IN Optional: The destination store
|
|
/* [in] */ DWORD dwStoreFlags, //IN Optional: Flags for cert store.
|
|
/* [in] */ PCERT_ENROLL_INFO pRequestInfo, //IN Required: The information about the cert request
|
|
/* [in] */ LPWSTR pszAttributes, //IN Optional: Attribute string for request
|
|
/* [in] */ DWORD dwFlags, //RESERVED must be 0
|
|
/* [in] */ BYTE *pReserved, //RESERVED must be NULL
|
|
/* [out] */ CERT_BLOB *pPKCS7Blob, //OUT Optional: The PKCS7 from the CA
|
|
/* [out] */ CERT_BLOB *pHashBlob, //OUT Optioanl: The SHA1 hash of the enrolled/renewed certificate
|
|
/* [out] */ DWORD *pdwStatus) //OUT Optional: The status of the enrollment/renewal
|
|
{
|
|
PKEYSVC_BLOB pReservedBlob = NULL;
|
|
KEYSVC_UNICODE_STRING AcctName;
|
|
KEYSVC_UNICODE_STRING CALocation;
|
|
KEYSVC_UNICODE_STRING CAName;
|
|
KEYSVC_UNICODE_STRING DesStore;
|
|
KEYSVC_UNICODE_STRING HashAlg;
|
|
KEYSVC_BLOB *pPKCS7KeySvcBlob = NULL;
|
|
KEYSVC_BLOB *pHashKeySvcBlob = NULL;
|
|
KEYSVC_CERT_ENROLL_INFO EnrollInfo;
|
|
KEYSVC_CERT_REQUEST_PVK_NEW NewKeyInfo;
|
|
KEYSVC_CERT_REQUEST_PVK_NEW RenewKeyInfo;
|
|
KEYSVC_BLOB CertBlob;
|
|
DWORD i;
|
|
DWORD j;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
DWORD dwErr = 0;
|
|
DWORD cbExtensions;
|
|
PBYTE pbExtensions;
|
|
|
|
__try
|
|
{
|
|
// initialize everything
|
|
memset(pPKCS7Blob, 0, sizeof(CERT_BLOB));
|
|
memset(pHashBlob, 0, sizeof(CERT_BLOB));
|
|
memset(&AcctName, 0, sizeof(AcctName));
|
|
memset(&CALocation, 0, sizeof(CALocation));
|
|
memset(&CAName, 0, sizeof(CAName));
|
|
memset(&HashAlg, 0, sizeof(HashAlg));
|
|
memset(&DesStore, 0, sizeof(DesStore));
|
|
memset(&NewKeyInfo, 0, sizeof(NewKeyInfo));
|
|
memset(&EnrollInfo, 0, sizeof(EnrollInfo));
|
|
memset(&RenewKeyInfo, 0, sizeof(RenewKeyInfo));
|
|
memset(&CertBlob, 0, sizeof(CertBlob));
|
|
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
dwErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
// set up the key service unicode structs
|
|
if (pszAcctName)
|
|
InitUnicodeString(&AcctName, pszAcctName);
|
|
if (pszCALocation)
|
|
InitUnicodeString(&CALocation, pszCALocation);
|
|
if (pszCAName)
|
|
InitUnicodeString(&CAName, pszCAName);
|
|
if (pszHashAlg)
|
|
InitUnicodeString(&HashAlg, pszHashAlg);
|
|
if (pszDesStore)
|
|
InitUnicodeString(&DesStore, pszDesStore);
|
|
|
|
// set up the new key info structure for the remote call
|
|
NewKeyInfo.ulProvType = pKeyNew->dwProvType;
|
|
if (pKeyNew->pwszProvider)
|
|
{
|
|
InitUnicodeString(&NewKeyInfo.Provider, pKeyNew->pwszProvider);
|
|
}
|
|
NewKeyInfo.ulProviderFlags = pKeyNew->dwProviderFlags;
|
|
if (pKeyNew->pwszKeyContainer)
|
|
{
|
|
InitUnicodeString(&NewKeyInfo.KeyContainer,
|
|
pKeyNew->pwszKeyContainer);
|
|
}
|
|
NewKeyInfo.ulKeySpec = pKeyNew->dwKeySpec;
|
|
NewKeyInfo.ulGenKeyFlags = pKeyNew->dwGenKeyFlags;
|
|
|
|
// set up the usage OIDs
|
|
if (pRequestInfo->pwszUsageOID)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.UsageOID, pRequestInfo->pwszUsageOID);
|
|
}
|
|
|
|
// set up the cert DN Name
|
|
if (pRequestInfo->pwszCertDNName)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.CertDNName, pRequestInfo->pwszCertDNName);
|
|
}
|
|
|
|
// set up the request info structure for the remote call
|
|
EnrollInfo.ulPostOption = pRequestInfo->dwPostOption;
|
|
if (pRequestInfo->pwszFriendlyName)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.FriendlyName,
|
|
pRequestInfo->pwszFriendlyName);
|
|
}
|
|
if (pRequestInfo->pwszDescription)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.Description,
|
|
pRequestInfo->pwszDescription);
|
|
}
|
|
if (pszAttributes)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.Attributes, pszAttributes);
|
|
}
|
|
|
|
// convert the cert extensions
|
|
// NOTE, the extensions structure cannot be simply cast,
|
|
// as the structures have different packing behaviors in
|
|
// 64 bit systems.
|
|
|
|
|
|
EnrollInfo.cExtensions = pRequestInfo->dwExtensions;
|
|
cbExtensions = EnrollInfo.cExtensions*(sizeof(PKEYSVC_CERT_EXTENSIONS) +
|
|
sizeof(KEYSVC_CERT_EXTENSIONS));
|
|
|
|
for(i=0; i < EnrollInfo.cExtensions; i++)
|
|
{
|
|
cbExtensions += pRequestInfo->prgExtensions[i]->cExtension*
|
|
sizeof(KEYSVC_CERT_EXTENSION);
|
|
}
|
|
|
|
EnrollInfo.prgExtensions = (PKEYSVC_CERT_EXTENSIONS*)midl_user_allocate( cbExtensions);
|
|
|
|
if(NULL == EnrollInfo.prgExtensions)
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
|
|
pbExtensions = (PBYTE)(EnrollInfo.prgExtensions + EnrollInfo.cExtensions);
|
|
|
|
|
|
|
|
|
|
for(i=0; i < EnrollInfo.cExtensions; i++)
|
|
{
|
|
EnrollInfo.prgExtensions[i] = (PKEYSVC_CERT_EXTENSIONS)pbExtensions;
|
|
pbExtensions += sizeof(KEYSVC_CERT_EXTENSIONS);
|
|
EnrollInfo.prgExtensions[i]->cExtension = pRequestInfo->prgExtensions[i]->cExtension;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension = (PKEYSVC_CERT_EXTENSION)pbExtensions;
|
|
pbExtensions += sizeof(KEYSVC_CERT_EXTENSION)*EnrollInfo.prgExtensions[i]->cExtension;
|
|
|
|
|
|
for(j=0; j < EnrollInfo.prgExtensions[i]->cExtension; j++)
|
|
{
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].pszObjId =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].pszObjId;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].fCritical =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].fCritical;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].cbData =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].Value.cbData;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].pbData =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].Value.pbData;
|
|
}
|
|
}
|
|
|
|
// if doing renewal then make sure have everything needed
|
|
if ((CRYPTUI_WIZ_CERT_RENEW == dwPurpose) &&
|
|
((NULL == pRenewKey) || (NULL == pCert)))
|
|
{
|
|
dwErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
// set up the new key info structure for the remote call
|
|
if (pRenewKey)
|
|
{
|
|
RenewKeyInfo.ulProvType = pRenewKey->dwProvType;
|
|
if (pRenewKey->pwszProvider)
|
|
{
|
|
InitUnicodeString(&RenewKeyInfo.Provider, pRenewKey->pwszProvider);
|
|
}
|
|
RenewKeyInfo.ulProviderFlags = pRenewKey->dwProviderFlags;
|
|
if (pRenewKey->pwszKeyContainer)
|
|
{
|
|
InitUnicodeString(&RenewKeyInfo.KeyContainer,
|
|
pRenewKey->pwszKeyContainer);
|
|
}
|
|
RenewKeyInfo.ulKeySpec = pRenewKey->dwKeySpec;
|
|
RenewKeyInfo.ulGenKeyFlags = pRenewKey->dwGenKeyFlags;
|
|
}
|
|
|
|
// set up the cert blob for renewal
|
|
if (pCert)
|
|
{
|
|
CertBlob.cb = pCert->cbData;
|
|
CertBlob.pb = pCert->pbData;
|
|
}
|
|
|
|
// make the remote enrollment call
|
|
if (0 != (dwErr = KeyrEnroll(pKeySvcCliInfo->hRPCBinding, fKeyService, dwPurpose,
|
|
&AcctName, &CALocation, &CAName, fNewKey,
|
|
&NewKeyInfo, &CertBlob, &RenewKeyInfo,
|
|
&HashAlg, &DesStore, dwStoreFlags,
|
|
&EnrollInfo, dwFlags, &pReservedBlob,
|
|
&pPKCS7KeySvcBlob,
|
|
&pHashKeySvcBlob, pdwStatus)))
|
|
goto Ret;
|
|
|
|
// allocate and copy the output parameters
|
|
if (pPKCS7KeySvcBlob->cb)
|
|
{
|
|
pPKCS7Blob->cbData = pPKCS7KeySvcBlob->cb;
|
|
if (NULL == (pPKCS7Blob->pbData =
|
|
(BYTE*)midl_user_allocate(pPKCS7Blob->cbData)))
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
memcpy(pPKCS7Blob->pbData, pPKCS7KeySvcBlob->pb,
|
|
pPKCS7Blob->cbData);
|
|
}
|
|
if (pHashKeySvcBlob->cb)
|
|
{
|
|
pHashBlob->cbData = pHashKeySvcBlob->cb;
|
|
if (NULL == (pHashBlob->pbData =
|
|
(BYTE*)midl_user_allocate(pHashBlob->cbData)))
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
memcpy(pHashBlob->pbData, pHashKeySvcBlob->pb, pHashBlob->cbData);
|
|
}
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
return _exception_code();
|
|
}
|
|
Ret:
|
|
__try
|
|
{
|
|
if (pPKCS7KeySvcBlob)
|
|
{
|
|
midl_user_free(pPKCS7KeySvcBlob);
|
|
}
|
|
if (pHashKeySvcBlob)
|
|
{
|
|
midl_user_free(pHashKeySvcBlob);
|
|
}
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
return _exception_code();
|
|
}
|
|
return dwErr;
|
|
}
|
|
|
|
// Params needed for create:
|
|
//
|
|
// Params not needed for submit:
|
|
// all except pszMachineName, dwPurpose, dwFlags, fEnroll, dwStoreFlags, hRequest, and dwFlags.
|
|
//
|
|
// Params not needed for free:
|
|
// all except pszMachineName, hRequest, and dwFlags.
|
|
//
|
|
ULONG KeyEnroll_V2
|
|
(/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ LPSTR pszMachineName, //IN Required: name of the remote machine
|
|
/* [in] */ BOOL fKeyService, //IN Required: Whether the function is called remotely
|
|
/* [in] */ DWORD dwPurpose, //IN Required: Indicates type of request - enroll/renew
|
|
/* [in] */ DWORD dwFlags, //IN Required: Flags for enrollment
|
|
/* [in] */ LPWSTR pszAcctName, //IN Optional: Account name the service runs under
|
|
/* [in] */ void *pAuthentication, //RESERVED must be NULL
|
|
/* [in] */ BOOL fEnroll, //IN Required: Whether it is enrollment or renew
|
|
/* [in] */ LPWSTR pszCALocation, //IN Required: The ca machine names to attempt to enroll with
|
|
/* [in] */ LPWSTR pszCAName, //IN Required: The ca names to attempt to enroll with
|
|
/* [in] */ BOOL fNewKey, //IN Required: Set the TRUE if new private key is needed
|
|
/* [in] */ PCERT_REQUEST_PVK_NEW pKeyNew, //IN Required: The private key information
|
|
/* [in] */ CERT_BLOB *pCert, //IN Optional: The old certificate if renewing
|
|
/* [in] */ PCERT_REQUEST_PVK_NEW pRenewKey, //IN Optional: The new private key information
|
|
/* [in] */ LPWSTR pszHashAlg, //IN Optional: The hash algorithm
|
|
/* [in] */ LPWSTR pszDesStore, //IN Optional: The destination store
|
|
/* [in] */ DWORD dwStoreFlags, //IN Optional: Flags for cert store.
|
|
/* [in] */ PCERT_ENROLL_INFO pRequestInfo, //IN Required: The information about the cert request
|
|
/* [in] */ LPWSTR pszAttributes, //IN Optional: Attribute string for request
|
|
/* [in] */ DWORD dwReservedFlags, //RESERVED must be 0
|
|
/* [in] */ BYTE *pReserved, //RESERVED must be NULL
|
|
/* [in][out] */ HANDLE *phRequest, //IN OUT Optional: A handle to a created request
|
|
/* [out] */ CERT_BLOB *pPKCS7Blob, //OUT Optional: The PKCS7 from the CA
|
|
/* [out] */ CERT_BLOB *pHashBlob, //OUT Optioanl: The SHA1 hash of the enrolled/renewed certificate
|
|
/* [out] */ DWORD *pdwStatus) //OUT Optional: The status of the enrollment/renewal
|
|
{
|
|
PKEYSVC_BLOB pReservedBlob = NULL;
|
|
KEYSVC_UNICODE_STRING AcctName;
|
|
KEYSVC_UNICODE_STRING CALocation;
|
|
KEYSVC_UNICODE_STRING CAName;
|
|
KEYSVC_UNICODE_STRING DesStore;
|
|
KEYSVC_UNICODE_STRING HashAlg;
|
|
KEYSVC_BLOB KeySvcRequest;
|
|
KEYSVC_BLOB *pKeySvcRequest = NULL;
|
|
KEYSVC_BLOB *pPKCS7KeySvcBlob = NULL;
|
|
KEYSVC_BLOB *pHashKeySvcBlob = NULL;
|
|
ULONG ulKeySvcStatus = 0;
|
|
KEYSVC_CERT_ENROLL_INFO EnrollInfo;
|
|
KEYSVC_CERT_REQUEST_PVK_NEW_V2 NewKeyInfo;
|
|
KEYSVC_CERT_REQUEST_PVK_NEW_V2 RenewKeyInfo;
|
|
KEYSVC_BLOB CertBlob;
|
|
DWORD i;
|
|
DWORD j;
|
|
DWORD dwErr = 0;
|
|
DWORD cbExtensions;
|
|
PBYTE pbExtensions;
|
|
BOOL fCreateRequest = 0 == (dwFlags & (CRYPTUI_WIZ_SUBMIT_ONLY | CRYPTUI_WIZ_FREE_ONLY));
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
|
|
__try
|
|
{
|
|
//////////////////////////////////////////////////////////////
|
|
//
|
|
// INITIALIZATION:
|
|
//
|
|
//////////////////////////////////////////////////////////////
|
|
|
|
if (NULL != pPKCS7Blob) { memset(pPKCS7Blob, 0, sizeof(CERT_BLOB)); }
|
|
if (NULL != pHashBlob) { memset(pHashBlob, 0, sizeof(CERT_BLOB)); }
|
|
if (NULL != phRequest && NULL != *phRequest)
|
|
{
|
|
pKeySvcRequest = &KeySvcRequest;
|
|
pKeySvcRequest->cb = sizeof(*phRequest);
|
|
pKeySvcRequest->pb = (BYTE *)phRequest;
|
|
}
|
|
|
|
memset(&AcctName, 0, sizeof(AcctName));
|
|
memset(&CALocation, 0, sizeof(CALocation));
|
|
memset(&CAName, 0, sizeof(CAName));
|
|
memset(&HashAlg, 0, sizeof(HashAlg));
|
|
memset(&DesStore, 0, sizeof(DesStore));
|
|
memset(&NewKeyInfo, 0, sizeof(NewKeyInfo));
|
|
memset(&EnrollInfo, 0, sizeof(EnrollInfo));
|
|
memset(&RenewKeyInfo, 0, sizeof(RenewKeyInfo));
|
|
memset(&CertBlob, 0, sizeof(CertBlob));
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////
|
|
//
|
|
// PROCEDURE BODY:
|
|
//
|
|
//////////////////////////////////////////////////////////////
|
|
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
dwErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
// set up the key service unicode structs
|
|
if (pszAcctName)
|
|
InitUnicodeString(&AcctName, pszAcctName);
|
|
if (pszCALocation)
|
|
InitUnicodeString(&CALocation, pszCALocation);
|
|
if (pszCAName)
|
|
InitUnicodeString(&CAName, pszCAName);
|
|
if (pszHashAlg)
|
|
InitUnicodeString(&HashAlg, pszHashAlg);
|
|
if (pszDesStore)
|
|
InitUnicodeString(&DesStore, pszDesStore);
|
|
|
|
// set up the new key info structure for the remote call
|
|
// This is only necessary if we are actually _creating_ a request.
|
|
// Submit-only and free-only operations can skip this operation.
|
|
//
|
|
if (TRUE == fCreateRequest)
|
|
{
|
|
NewKeyInfo.ulProvType = pKeyNew->dwProvType;
|
|
if (pKeyNew->pwszProvider)
|
|
{
|
|
InitUnicodeString(&NewKeyInfo.Provider, pKeyNew->pwszProvider);
|
|
}
|
|
NewKeyInfo.ulProviderFlags = pKeyNew->dwProviderFlags;
|
|
if (pKeyNew->pwszKeyContainer)
|
|
{
|
|
InitUnicodeString(&NewKeyInfo.KeyContainer,
|
|
pKeyNew->pwszKeyContainer);
|
|
}
|
|
NewKeyInfo.ulKeySpec = pKeyNew->dwKeySpec;
|
|
NewKeyInfo.ulGenKeyFlags = pKeyNew->dwGenKeyFlags;
|
|
|
|
NewKeyInfo.ulEnrollmentFlags = pKeyNew->dwEnrollmentFlags;
|
|
NewKeyInfo.ulSubjectNameFlags = pKeyNew->dwSubjectNameFlags;
|
|
NewKeyInfo.ulPrivateKeyFlags = pKeyNew->dwPrivateKeyFlags;
|
|
NewKeyInfo.ulGeneralFlags = pKeyNew->dwGeneralFlags;
|
|
|
|
// set up the usage OIDs
|
|
if (pRequestInfo->pwszUsageOID)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.UsageOID, pRequestInfo->pwszUsageOID);
|
|
}
|
|
|
|
// set up the cert DN Name
|
|
if (pRequestInfo->pwszCertDNName)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.CertDNName, pRequestInfo->pwszCertDNName);
|
|
}
|
|
|
|
// set up the request info structure for the remote call
|
|
EnrollInfo.ulPostOption = pRequestInfo->dwPostOption;
|
|
if (pRequestInfo->pwszFriendlyName)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.FriendlyName,
|
|
pRequestInfo->pwszFriendlyName);
|
|
}
|
|
if (pRequestInfo->pwszDescription)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.Description,
|
|
pRequestInfo->pwszDescription);
|
|
}
|
|
if (pszAttributes)
|
|
{
|
|
InitUnicodeString(&EnrollInfo.Attributes, pszAttributes);
|
|
}
|
|
|
|
// convert the cert extensions
|
|
// NOTE, the extensions structure cannot be simply cast,
|
|
// as the structures have different packing behaviors in
|
|
// 64 bit systems.
|
|
|
|
|
|
EnrollInfo.cExtensions = pRequestInfo->dwExtensions;
|
|
cbExtensions = EnrollInfo.cExtensions*(sizeof(PKEYSVC_CERT_EXTENSIONS) +
|
|
sizeof(KEYSVC_CERT_EXTENSIONS));
|
|
|
|
for(i=0; i < EnrollInfo.cExtensions; i++)
|
|
{
|
|
cbExtensions += pRequestInfo->prgExtensions[i]->cExtension*
|
|
sizeof(KEYSVC_CERT_EXTENSION);
|
|
}
|
|
|
|
EnrollInfo.prgExtensions = (PKEYSVC_CERT_EXTENSIONS*)midl_user_allocate( cbExtensions);
|
|
|
|
if(NULL == EnrollInfo.prgExtensions)
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
|
|
pbExtensions = (PBYTE)(EnrollInfo.prgExtensions + EnrollInfo.cExtensions);
|
|
|
|
for(i=0; i < EnrollInfo.cExtensions; i++)
|
|
{
|
|
EnrollInfo.prgExtensions[i] = (PKEYSVC_CERT_EXTENSIONS)pbExtensions;
|
|
pbExtensions += sizeof(KEYSVC_CERT_EXTENSIONS);
|
|
EnrollInfo.prgExtensions[i]->cExtension = pRequestInfo->prgExtensions[i]->cExtension;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension = (PKEYSVC_CERT_EXTENSION)pbExtensions;
|
|
pbExtensions += sizeof(KEYSVC_CERT_EXTENSION)*EnrollInfo.prgExtensions[i]->cExtension;
|
|
|
|
|
|
for(j=0; j < EnrollInfo.prgExtensions[i]->cExtension; j++)
|
|
{
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].pszObjId =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].pszObjId;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].fCritical =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].fCritical;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].cbData =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].Value.cbData;
|
|
|
|
EnrollInfo.prgExtensions[i]->rgExtension[j].pbData =
|
|
pRequestInfo->prgExtensions[i]->rgExtension[j].Value.pbData;
|
|
}
|
|
}
|
|
|
|
// if doing renewal then make sure have everything needed
|
|
if ((CRYPTUI_WIZ_CERT_RENEW == dwPurpose) &&
|
|
((NULL == pRenewKey) || (NULL == pCert)))
|
|
{
|
|
dwErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
// set up the new key info structure for the remote call
|
|
if (pRenewKey)
|
|
{
|
|
RenewKeyInfo.ulProvType = pRenewKey->dwProvType;
|
|
if (pRenewKey->pwszProvider)
|
|
{
|
|
InitUnicodeString(&RenewKeyInfo.Provider, pRenewKey->pwszProvider);
|
|
}
|
|
RenewKeyInfo.ulProviderFlags = pRenewKey->dwProviderFlags;
|
|
if (pRenewKey->pwszKeyContainer)
|
|
{
|
|
InitUnicodeString(&RenewKeyInfo.KeyContainer,
|
|
pRenewKey->pwszKeyContainer);
|
|
}
|
|
RenewKeyInfo.ulKeySpec = pRenewKey->dwKeySpec;
|
|
RenewKeyInfo.ulGenKeyFlags = pRenewKey->dwGenKeyFlags;
|
|
RenewKeyInfo.ulEnrollmentFlags = pRenewKey->dwEnrollmentFlags;
|
|
RenewKeyInfo.ulSubjectNameFlags = pRenewKey->dwSubjectNameFlags;
|
|
RenewKeyInfo.ulPrivateKeyFlags = pRenewKey->dwPrivateKeyFlags;
|
|
RenewKeyInfo.ulGeneralFlags = pRenewKey->dwGeneralFlags;
|
|
}
|
|
|
|
// set up the cert blob for renewal
|
|
if (pCert)
|
|
{
|
|
CertBlob.cb = pCert->cbData;
|
|
CertBlob.pb = pCert->pbData;
|
|
}
|
|
}
|
|
|
|
// make the remote enrollment call
|
|
if (0 != (dwErr = KeyrEnroll_V2
|
|
(pKeySvcCliInfo->hRPCBinding,
|
|
fKeyService,
|
|
dwPurpose,
|
|
dwFlags,
|
|
&AcctName,
|
|
&CALocation,
|
|
&CAName,
|
|
fNewKey,
|
|
&NewKeyInfo,
|
|
&CertBlob,
|
|
&RenewKeyInfo,
|
|
&HashAlg,
|
|
&DesStore,
|
|
dwStoreFlags,
|
|
&EnrollInfo,
|
|
dwReservedFlags,
|
|
&pReservedBlob,
|
|
&pKeySvcRequest,
|
|
&pPKCS7KeySvcBlob,
|
|
&pHashKeySvcBlob,
|
|
&ulKeySvcStatus)))
|
|
goto Ret;
|
|
|
|
// allocate and copy the output parameters.
|
|
if ((NULL != pKeySvcRequest) &&
|
|
(0 < pKeySvcRequest->cb) &&
|
|
(NULL != phRequest))
|
|
{
|
|
memcpy(phRequest, pKeySvcRequest->pb, sizeof(*phRequest));
|
|
}
|
|
|
|
if ((NULL != pPKCS7KeySvcBlob) &&
|
|
(0 < pPKCS7KeySvcBlob->cb) &&
|
|
(NULL != pPKCS7Blob))
|
|
{
|
|
pPKCS7Blob->cbData = pPKCS7KeySvcBlob->cb;
|
|
if (NULL == (pPKCS7Blob->pbData =
|
|
(BYTE*)midl_user_allocate(pPKCS7Blob->cbData)))
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
memcpy(pPKCS7Blob->pbData, pPKCS7KeySvcBlob->pb,
|
|
pPKCS7Blob->cbData);
|
|
}
|
|
if ((NULL != pHashKeySvcBlob) &&
|
|
(0 < pHashKeySvcBlob->cb) &&
|
|
(NULL != pHashBlob))
|
|
{
|
|
pHashBlob->cbData = pHashKeySvcBlob->cb;
|
|
if (NULL == (pHashBlob->pbData =
|
|
(BYTE*)midl_user_allocate(pHashBlob->cbData)))
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Ret;
|
|
}
|
|
memcpy(pHashBlob->pbData, pHashKeySvcBlob->pb, pHashBlob->cbData);
|
|
}
|
|
if (NULL != pdwStatus)
|
|
{
|
|
*pdwStatus = (DWORD)ulKeySvcStatus;
|
|
}
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
return _exception_code();
|
|
}
|
|
Ret:
|
|
__try
|
|
{
|
|
if(EnrollInfo.prgExtensions)
|
|
{
|
|
midl_user_free(EnrollInfo.prgExtensions);
|
|
}
|
|
if (pKeySvcRequest)
|
|
{
|
|
midl_user_free(pKeySvcRequest);
|
|
}
|
|
if (pPKCS7KeySvcBlob)
|
|
{
|
|
midl_user_free(pPKCS7KeySvcBlob);
|
|
}
|
|
if (pHashKeySvcBlob)
|
|
{
|
|
midl_user_free(pHashKeySvcBlob);
|
|
}
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
return _exception_code();
|
|
}
|
|
return dwErr;
|
|
}
|
|
|
|
ULONG KeyExportCert(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ LPWSTR pwszPassword,
|
|
/* [in] */ LPWSTR pwszCertStore,
|
|
/* [in] */ ULONG cHashCount,
|
|
/* [size_is][in] */ KEYSVC_CERT_HASH *pHashes,
|
|
/* [in] */ ULONG ulFlags,
|
|
/* [in, out] */ void *pReserved,
|
|
/* [out] */ PKEYSVC_BLOB *ppPFXBlob)
|
|
{
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
KEYSVC_UNICODE_STRING Password;
|
|
KEYSVC_UNICODE_STRING CertStore;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
memset(&Password, 0, sizeof(Password));
|
|
memset(&CertStore, 0, sizeof(CertStore));
|
|
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
InitUnicodeString(&Password, pwszPassword);
|
|
InitUnicodeString(&CertStore, pwszCertStore);
|
|
|
|
ulErr = KeyrExportCert(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&Password, &CertStore,
|
|
cHashCount, pHashes,
|
|
ulFlags, &pTmpReserved, ppPFXBlob);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG KeyImportCert(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ LPWSTR pwszPassword,
|
|
/* [in] */ LPWSTR pwszCertStore,
|
|
/* [in] */ PKEYSVC_BLOB pPFXBlob,
|
|
/* [in] */ ULONG ulFlags,
|
|
/* [in, out] */ void *pReserved)
|
|
{
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
KEYSVC_UNICODE_STRING Password;
|
|
KEYSVC_UNICODE_STRING CertStore;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
memset(&Password, 0, sizeof(Password));
|
|
memset(&CertStore, 0, sizeof(CertStore));
|
|
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
InitUnicodeString(&Password, pwszPassword);
|
|
InitUnicodeString(&CertStore, pwszCertStore);
|
|
|
|
ulErr = KeyrImportCert(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&Password, &CertStore,
|
|
pPFXBlob, ulFlags, &pTmpReserved);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
|
|
ULONG KeyEnumerateAvailableCertTypes(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out][in] */ ULONG *pcCertTypeCount,
|
|
/* [in, out][size_is(,*pcCertTypeCount)] */
|
|
PKEYSVC_UNICODE_STRING *ppCertTypes)
|
|
|
|
{
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrEnumerateAvailableCertTypes(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&pTmpReserved,
|
|
pcCertTypeCount,
|
|
ppCertTypes);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
|
|
ULONG KeyEnumerateCAs(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [in] */ ULONG ulFlags,
|
|
/* [out][in] */ ULONG *pcCACount,
|
|
/* [in, out][size_is(,*pcCACount)] */
|
|
PKEYSVC_UNICODE_STRING *ppCAs)
|
|
|
|
{
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrEnumerateCAs(pKeySvcCliInfo->hRPCBinding,
|
|
pKeySvcCliInfo->hKeySvc,
|
|
&pTmpReserved,
|
|
ulFlags,
|
|
pcCACount,
|
|
ppCAs);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
|
|
extern "C" ULONG KeyQueryRequestStatus
|
|
(/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ HANDLE hRequest,
|
|
/* [out, ref] */ CRYPTUI_WIZ_QUERY_CERT_REQUEST_INFO *pQueryInfo)
|
|
{
|
|
KEYSVC_QUERY_CERT_REQUEST_INFO ksQueryCertRequestInfo;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli || NULL == pQueryInfo)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
ZeroMemory(&ksQueryCertRequestInfo, sizeof(ksQueryCertRequestInfo));
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = KeyrQueryRequestStatus
|
|
(pKeySvcCliInfo->hRPCBinding,
|
|
(unsigned __int64)hRequest,
|
|
&ksQueryCertRequestInfo);
|
|
if (ERROR_SUCCESS == ulErr)
|
|
{
|
|
pQueryInfo->dwSize = ksQueryCertRequestInfo.ulSize;
|
|
pQueryInfo->dwStatus = ksQueryCertRequestInfo.ulStatus;
|
|
}
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
Ret:
|
|
return ulErr;
|
|
}
|
|
|
|
ULONG RKeyOpenKeyService
|
|
(/* [in] */ LPSTR pszMachineName,
|
|
/* [in] */ KEYSVC_TYPE OwnerType,
|
|
/* [in] */ LPWSTR pwszOwnerName,
|
|
/* [in] */ void *pAuthentication,
|
|
/* [out][in] */ void *pReserved,
|
|
/* [out] */ KEYSVCC_HANDLE *phKeySvcCli)
|
|
{
|
|
BOOL fMustCloseKeyService = FALSE; // TRUE if the cleanup code must close key service
|
|
DWORD dwResult;
|
|
LPWSTR pwszServerPrincName = NULL;
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
|
|
dwResult = KeyOpenKeyServiceEx
|
|
(IKeySvcR_v1_0_c_ifspec,
|
|
pszMachineName,
|
|
OwnerType,
|
|
pwszOwnerName,
|
|
pAuthentication,
|
|
pReserved,
|
|
phKeySvcCli);
|
|
if (ERROR_SUCCESS != dwResult)
|
|
goto error;
|
|
fMustCloseKeyService = TRUE;
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)(*phKeySvcCli);
|
|
dwResult = RpcMgmtInqServerPrincNameW(pKeySvcCliInfo->hRPCBinding, RPC_C_AUTHN_GSS_NEGOTIATE, &pwszServerPrincName);
|
|
if (RPC_S_OK != dwResult)
|
|
goto error;
|
|
|
|
dwResult = RpcBindingSetAuthInfoW
|
|
(pKeySvcCliInfo->hRPCBinding,
|
|
pwszServerPrincName,
|
|
RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // Calls are authenticated and encrypted
|
|
RPC_C_AUTHN_GSS_NEGOTIATE,
|
|
NULL,
|
|
RPC_C_AUTHZ_NONE
|
|
);
|
|
if (ERROR_SUCCESS != dwResult)
|
|
goto error;
|
|
|
|
fMustCloseKeyService = FALSE;
|
|
dwResult = ERROR_SUCCESS;
|
|
error:
|
|
if (fMustCloseKeyService) { RKeyCloseKeyService(phKeySvcCli, 0); }
|
|
if (NULL != pwszServerPrincName) { RpcStringFreeW(&pwszServerPrincName); }
|
|
return dwResult;
|
|
}
|
|
|
|
ULONG RKeyCloseKeyService(
|
|
/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [out][in] */ void *pReserved)
|
|
{
|
|
return KeyCloseKeyService(hKeySvcCli, pReserved);
|
|
}
|
|
|
|
|
|
ULONG RKeyPFXInstall
|
|
(/* [in] */ KEYSVCC_HANDLE hKeySvcCli,
|
|
/* [in] */ PKEYSVC_BLOB pPFX,
|
|
/* [in] */ PKEYSVC_UNICODE_STRING pPassword,
|
|
/* [in] */ ULONG ulFlags)
|
|
{
|
|
PKEYSVCC_INFO pKeySvcCliInfo = NULL;
|
|
PKEYSVC_BLOB pTmpReserved = NULL;
|
|
ULONG ulErr = 0;
|
|
|
|
__try
|
|
{
|
|
if (NULL == hKeySvcCli)
|
|
{
|
|
ulErr = ERROR_INVALID_PARAMETER;
|
|
goto Ret;
|
|
}
|
|
|
|
pKeySvcCliInfo = (PKEYSVCC_INFO)hKeySvcCli;
|
|
|
|
ulErr = RKeyrPFXInstall(pKeySvcCliInfo->hRPCBinding,
|
|
pPFX,
|
|
pPassword,
|
|
ulFlags);
|
|
}
|
|
__except ( EXCEPTION_EXECUTE_HANDLER )
|
|
{
|
|
ulErr = _exception_code();
|
|
}
|
|
|
|
Ret:
|
|
return ulErr;
|
|
}
|