424 lines
13 KiB
C++
424 lines
13 KiB
C++
/*++
|
|
|
|
|
|
|
|
Copyright (c) 1996 Microsoft Corporation
|
|
|
|
Module Name :
|
|
|
|
comobj.hxx
|
|
|
|
Abstract:
|
|
|
|
This module defines DCOM Admin Ex APIs used for Certificate information replication.
|
|
|
|
Author:
|
|
|
|
Philippe Choquier ( Phillich ) 23-Jun-97
|
|
Alex Mallet (amallet) 17-Feb-1998
|
|
|
|
--*/
|
|
#ifndef _CERTCOMOBJ_HXX_
|
|
#define _CERTCOMOBJ_HXX_
|
|
|
|
#include <wincrypt.h>
|
|
#include <iadmw.h>
|
|
|
|
#define RANDOM_SEED_SIZE 16 //size of random bits used to generate session key, in bytes
|
|
|
|
typedef BOOL
|
|
(WINAPI * PFN_SSLGETDEFAULTISSUERS)
|
|
(
|
|
PBYTE,
|
|
LPDWORD
|
|
) ;
|
|
|
|
//
|
|
// Structure used to hold information to open a cert store - basically, all the parameters
|
|
// you need to call CertOpenSystemStore()
|
|
//
|
|
|
|
typedef struct OpenCertStoreInfo
|
|
{
|
|
//
|
|
// Parameters used in call to CryptAcquireContext() to get handle to crypt provider
|
|
//
|
|
LPWSTR pszContainer;
|
|
LPWSTR pszProvider;
|
|
DWORD dwProvType;
|
|
DWORD dwFlags;
|
|
|
|
LPWSTR pszStoreName;
|
|
HCERTSTORE hCertStore;
|
|
} OPEN_CERT_STORE_INFO, *POPEN_CERT_STORE_INFO;
|
|
|
|
|
|
OPEN_CERT_STORE_INFO* AllocateCertStoreInfo();
|
|
|
|
VOID DeallocateCertStoreInfo( IN OPEN_CERT_STORE_INFO *pInfo );
|
|
|
|
|
|
struct _CertChainEntry {
|
|
PCCERT_CONTEXT pcCert; //certificate context for this entry
|
|
LPWSTR pszStoreName; //store the certificate came from
|
|
BOOL fDynName; //whether store name was allocated dynamically or not
|
|
LIST_ENTRY ListEntry;
|
|
};
|
|
|
|
void FreeCertChain( LIST_ENTRY *pChain );
|
|
|
|
typedef struct _CertChainEntry CertChainEntry;
|
|
|
|
|
|
class CADMEXCOM_IMSAdminReplication;
|
|
class CADMEXCOM_IMSAdminCryptoCapabilities;
|
|
|
|
class CADMEXCOM : public IUnknown {
|
|
|
|
public:
|
|
CADMEXCOM();
|
|
~CADMEXCOM();
|
|
|
|
HRESULT _stdcall
|
|
QueryInterface(REFIID riid, void **ppObject);
|
|
|
|
ULONG _stdcall
|
|
AddRef();
|
|
|
|
ULONG _stdcall
|
|
Release();
|
|
|
|
private:
|
|
ULONG m_dwRefCount;
|
|
CADMEXCOM_IMSAdminReplication* m_pIMSAdminReplication;
|
|
CADMEXCOM_IMSAdminCryptoCapabilities* m_pIMSAdminCryptoCapabilities;
|
|
} ;
|
|
|
|
|
|
class CADMEXCOM_IMSAdminReplication : public IMSAdminReplication {
|
|
|
|
public:
|
|
|
|
CADMEXCOM_IMSAdminReplication( CADMEXCOM*pAdmExCom );
|
|
~CADMEXCOM_IMSAdminReplication();
|
|
|
|
HRESULT STDMETHODCALLTYPE GetSignature(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][out] */ unsigned char __RPC_FAR *pbBuffer,
|
|
/* [out] */ DWORD __RPC_FAR *pdwMDRequiredBufferSize);
|
|
|
|
HRESULT STDMETHODCALLTYPE Propagate(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][in] */ unsigned char __RPC_FAR *pszBuffer);
|
|
|
|
HRESULT STDMETHODCALLTYPE Propagate2(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][in] */ unsigned char __RPC_FAR *pszBuffer,
|
|
/* [in] */ DWORD dwSignatureMismatch );
|
|
|
|
HRESULT STDMETHODCALLTYPE Serialize(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][out] */ unsigned char __RPC_FAR *pbBuffer,
|
|
/* [out] */ DWORD __RPC_FAR *pdwMDRequiredBufferSize);
|
|
|
|
HRESULT STDMETHODCALLTYPE DeSerialize(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][in] */ unsigned char __RPC_FAR *pbBuffer);
|
|
|
|
HRESULT _stdcall
|
|
QueryInterface(REFIID riid, void **ppObject)
|
|
{ return m_pAdmExCom->QueryInterface( riid, ppObject ); }
|
|
|
|
ULONG _stdcall
|
|
AddRef()
|
|
{ return m_pAdmExCom->AddRef(); }
|
|
|
|
ULONG _stdcall
|
|
Release()
|
|
{ return m_pAdmExCom->Release(); }
|
|
|
|
private:
|
|
CADMEXCOM* m_pAdmExCom;
|
|
IMSAdminBase *m_pMB;
|
|
BYTE m_rgbSeed[RANDOM_SEED_SIZE];
|
|
BOOL m_fGotSeed;
|
|
} ;
|
|
|
|
|
|
class CADMEXCOM_IMSAdminCryptoCapabilities : public IMSAdminCryptoCapabilities {
|
|
public:
|
|
CADMEXCOM_IMSAdminCryptoCapabilities( CADMEXCOM*pAdmExCom );
|
|
~CADMEXCOM_IMSAdminCryptoCapabilities();
|
|
BOOL LoadSchannel();
|
|
|
|
HRESULT _stdcall GetProtocols(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][out] */ unsigned char __RPC_FAR *pbBuffer,
|
|
/* [out] */ DWORD __RPC_FAR *pdwMDRequiredBufferSize);
|
|
|
|
HRESULT _stdcall GetMaximumCipherStrength(
|
|
/* [out] */ LPDWORD pdwMaximumCipherStrength );
|
|
|
|
HRESULT _stdcall GetRootCertificates(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][out] */ unsigned char __RPC_FAR *pbBuffer,
|
|
/* [out] */ DWORD __RPC_FAR *pdwMDRequiredBufferSize);
|
|
|
|
HRESULT _stdcall GetSupportedAlgs(
|
|
/* [in] */ DWORD dwBufferSize,
|
|
/* [size_is][out] */ DWORD __RPC_FAR *pbBuffer,
|
|
/* [out] */ DWORD __RPC_FAR *pdwMDRequiredBufferSize);
|
|
|
|
HRESULT _stdcall SetCAList(
|
|
/*[in] */ DWORD dwBufferSize,
|
|
/*[in, size_is(dwBufferSize)] */ unsigned char __RPC_FAR *pbBuffer );
|
|
|
|
HRESULT _stdcall
|
|
QueryInterface(REFIID riid, void **ppObject)
|
|
{ return m_pAdmExCom->QueryInterface( riid, ppObject ); }
|
|
|
|
ULONG _stdcall
|
|
AddRef()
|
|
{ return m_pAdmExCom->AddRef(); }
|
|
|
|
ULONG _stdcall
|
|
Release()
|
|
{ return m_pAdmExCom->Release(); }
|
|
|
|
private:
|
|
CADMEXCOM* m_pAdmExCom;
|
|
HINSTANCE m_hSchannel;
|
|
PFN_SSLGETDEFAULTISSUERS m_pfnGetDefaultIssuers;
|
|
//
|
|
// sspi entrypoints
|
|
//
|
|
|
|
ACQUIRE_CREDENTIALS_HANDLE_FN_W m_pfnAcquireCredentialsHandle;
|
|
FREE_CONTEXT_BUFFER_FN m_pfnFreeContextBuffer;
|
|
FREE_CREDENTIALS_HANDLE_FN m_pfnFreeCredentialsHandle;
|
|
QUERY_CREDENTIALS_ATTRIBUTES_FN m_pfnQueryCredentialsAttributes;
|
|
HINSTANCE m_hSspi;
|
|
CredHandle m_hCred;
|
|
BOOL m_fHasCredHandle;
|
|
} ;
|
|
|
|
|
|
class CADMEXCOMSrvFactory : public IClassFactory {
|
|
public:
|
|
|
|
CADMEXCOMSrvFactory();
|
|
~CADMEXCOMSrvFactory();
|
|
|
|
HRESULT _stdcall
|
|
QueryInterface(REFIID riid, void** ppObject);
|
|
|
|
ULONG _stdcall
|
|
AddRef();
|
|
|
|
ULONG _stdcall
|
|
Release();
|
|
|
|
HRESULT _stdcall
|
|
CreateInstance(IUnknown *pUnkOuter, REFIID riid,
|
|
void ** pObject);
|
|
|
|
HRESULT _stdcall
|
|
LockServer(BOOL fLock);
|
|
|
|
private:
|
|
|
|
ULONG m_dwRefCount;
|
|
};
|
|
|
|
|
|
HRESULT
|
|
GetConfigurationInformation( DWORD dwInfoType,
|
|
HCRYPTKEY *phKey,
|
|
IMSAdminBase *pMB,
|
|
unsigned char __RPC_FAR *pbBuffer,
|
|
DWORD dwBufferSize,
|
|
DWORD __RPC_FAR *pdwMDRequiredBufferSize );
|
|
|
|
HRESULT ReadServerCert( IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
OUT PCCERT_CONTEXT *ppcCertContext,
|
|
OUT OPEN_CERT_STORE_INFO **ppStoreInfo );
|
|
|
|
HRESULT ReadServerCTL( IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
OUT PCCTL_CONTEXT *ppcCTL );
|
|
|
|
|
|
HRESULT GetInstanceReplicationInfo( IN DWORD dwInfoType,
|
|
IN LPCWSTR pszInstanceNum,
|
|
IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
OUT BYTE **ppbReplicationInfo,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition );
|
|
|
|
HRESULT GetCertReplicationInfo( IN DWORD dwInfoType,
|
|
IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
OUT BYTE **ppbReplicationInfo,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition ) ;
|
|
|
|
HRESULT GetCTLReplicationInfo( DWORD dwInfoType,
|
|
IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
OUT BYTE **ppbReplicationBuffer,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition );
|
|
|
|
|
|
HRESULT RetrieveBlobFromMetabase( IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
IN OUT PMETADATA_RECORD pMDR,
|
|
IN DWORD dwSizeHint OPTIONAL = 0);
|
|
|
|
OPEN_CERT_STORE_INFO* ReadCertStoreInfoFromMB( IN IMSAdminBase *pMB,
|
|
IN METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
IN BOOL fCTL );
|
|
|
|
HRESULT ConstructCertChain( PCCERT_CONTEXT pcLeafCert,
|
|
LPWSTR pszLeafCertStore,
|
|
LIST_ENTRY *pCertChain,
|
|
PBOOL pfCompleteChain );
|
|
|
|
|
|
HRESULT BuildCTLDescription( IN PCCTL_CONTEXT pcCTL,
|
|
OUT LIST_ENTRY *pCTLCerts,
|
|
OUT PCCERT_CONTEXT *ppcSigner );
|
|
|
|
HRESULT GetCertChainSignature( IN LIST_ENTRY *pChain,
|
|
OUT PBYTE *ppbSignature,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition );
|
|
|
|
|
|
HRESULT GetCTLSignature( PCCTL_CONTEXT pcCTL,
|
|
LIST_ENTRY *pCTLCertsChain,
|
|
PCCERT_CONTEXT pcSignerCert,
|
|
PBYTE *ppbReplicationBuffer,
|
|
DWORD *pdwBufferSize,
|
|
DWORD *pdwPosition );
|
|
|
|
HRESULT SerializeCertChain( IN LIST_ENTRY *pChain,
|
|
IN OPEN_CERT_STORE_INFO *pStoreInfo,
|
|
OUT PBYTE *ppbChainBuffer,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition );
|
|
|
|
HRESULT SerializeCTL( PCCTL_CONTEXT pcCTL,
|
|
LIST_ENTRY *pCTLCertChain,
|
|
PCCERT_CONTEXT pcSigner,
|
|
PBYTE *ppbReplicationBuffer,
|
|
DWORD *pdwBufferSize,
|
|
DWORD *pdwPosition );
|
|
|
|
HRESULT DeserializeInstanceInfo( IN OUT BYTE **ppbPosition,
|
|
IN BYTE *pbEnd,
|
|
OUT DWORD *pdwInstance );
|
|
|
|
HRESULT DeserializeServerCert( IN OUT BYTE **ppbBuffer,
|
|
IN BYTE *pbEnd );
|
|
|
|
HRESULT DeserializeServerCTL( IN OUT BYTE **ppbBuffer,
|
|
IN BYTE *pbEnd );
|
|
|
|
BOOL ResizeBuffer( IN OUT BYTE **ppbBuffer,
|
|
IN DWORD dwMinResize,
|
|
IN OUT DWORD *pdwPresentSize );
|
|
|
|
|
|
BOOL MBPathHasCAPIInfo( IN IMSAdminBase *pMB,
|
|
METADATA_HANDLE hHandle,
|
|
IN LPCWSTR pszPath,
|
|
IN DWORD *adwProperties,
|
|
IN DWORD cProperties );
|
|
|
|
HRESULT GenerateHash( IN OPTIONAL HCRYPTPROV *phProv,
|
|
IN ALG_ID aiAlg,
|
|
IN BYTE *pbData,
|
|
IN DWORD cbData,
|
|
OUT BYTE **ppbHashBuffer,
|
|
IN OUT DWORD *pcbHashSize,
|
|
OUT OPTIONAL HCRYPTHASH *phHash );
|
|
|
|
BOOL IsSelfSignedCert( IN PCCERT_CONTEXT pCertContext );
|
|
|
|
HRESULT ExportAndSerializeServerPK( IN PCCERT_CONTEXT pcCert,
|
|
IN OUT BYTE **ppbChainBuffer,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition );
|
|
|
|
HRESULT DeserializeAndImportServerPK( IN OUT BYTE **ppbBuffer,
|
|
IN BYTE *pbEnd,
|
|
OUT HCRYPTKEY *phKey,
|
|
OUT PCRYPT_KEY_PROV_INFO pCKPI );
|
|
|
|
HRESULT GenerateSessionKey( IN IMSAdminBase *pMB,
|
|
OUT HCRYPTKEY *phKey,
|
|
OUT BYTE *rgbRandom );
|
|
|
|
VOID DeleteKey( IN HCRYPTKEY *phKey,
|
|
IN LPCWSTR pszKeyContainer );
|
|
|
|
VOID DeleteSessionKey( IN HCRYPTKEY *phKey );
|
|
|
|
DWORD SizeOfCKPI( IN CRYPT_KEY_PROV_INFO *pInfo );
|
|
|
|
VOID SerializeCKPI( OUT BYTE *pbBuffer,
|
|
IN CRYPT_KEY_PROV_INFO *pInfo,
|
|
OUT DWORD *pdwPosition );
|
|
|
|
BOOL DeserializeCKPI( IN OUT BYTE **ppbBuffer,
|
|
OUT CRYPT_KEY_PROV_INFO *pInfo );
|
|
|
|
HRESULT DistributeCerts( IN HCERTSTORE hMemStore,
|
|
IN BYTE *rgbCertHash,
|
|
IN PCRYPT_KEY_PROV_INFO pCKPI );
|
|
|
|
HRESULT ReadSessionKeySeed( IN IMSAdminBase *pMB,
|
|
OUT BYTE **ppbbSeed,
|
|
OUT DWORD *pcbSeed );
|
|
|
|
HRESULT RegenerateSessionKey( IN IMSAdminBase *pMB,
|
|
OUT HCRYPTKEY *phSessionKey );
|
|
|
|
HRESULT EncryptBuffer( IN HCRYPTKEY hKey,
|
|
IN OUT PBYTE *ppbReplicationInfo,
|
|
IN OUT DWORD *pdwBufferSize,
|
|
IN OUT DWORD *pdwPosition );
|
|
|
|
HRESULT DecryptBuffer( IN HCRYPTKEY hKey,
|
|
IN PBYTE pbEncrypted,
|
|
IN DWORD cbEncrypted,
|
|
OUT BYTE **ppbDecrypted,
|
|
OUT BYTE **ppbEndDecrypted );
|
|
|
|
HRESULT DeleteMBSessionKeyInfo ( IN IMSAdminBase *pMB );
|
|
|
|
BOOL CertMatchesHash( IN PCCERT_CONTEXT pCert,
|
|
IN BYTE *rgbHash,
|
|
OUT BOOL *pfMatch);
|
|
|
|
BOOL IsReplicableCert( IN PCCERT_CONTEXT pCert );
|
|
|
|
BOOL SetLocalSystemSecurityOnKeyContainer( IN HCRYPTPROV hProv );
|
|
|
|
BOOL IsFortezzaCert( IN PCCERT_CONTEXT pCert );
|
|
|
|
LPWSTR mystrdup(LPWSTR pszIn IN);
|
|
|
|
BOOL IsNumber( LPCWSTR pszName );
|
|
|
|
#endif // _CERTCOMOBJ_HXX_
|