windows-nt/Source/XPSP1/NT/inetsrv/iis/inc/sslinfo.hxx

/*++


Copyright (c) 1997  Microsoft Corporation

Module Name:

    sslinfo.hxx

Abstract:

    Definitions and data structures for SERVER_SSL_INFO class; this holds information such
    as the server cert, info about verifying client certs etc

Author:

    Alex Mallet (amallet)    03-Feb-1997

--*/


#ifndef _SSLINFO_HXX_
#define _SSLINFO_HXX_

#ifndef IIS_STORE_NAMES
#define IIS_STORE_NAMES
#define MY_STORE_NAME "MY"
#define CA_STORE_NAME "CA"
#define ROOT_STORE_NAME "ROOT"
#endif //IIS_STORE_NAMES

BOOL IsSelfSignedCert( IN PCCERT_CONTEXT pCertContext );

//
// Forward declarations
//
class IIS_SERVER_CERT;
class IIS_CTL;

#define IIS_SSL_INFO_SIGNATURE (DWORD) 'SISI'
#define IIS_SSL_INFO_SIGNATURE_FREE (DWORD) 'sisi'

#if DBG
#define SSLINFO_REF_COUNT 1
#else
#define SSLINFO_REF_COUNT 0
#endif //DBG

#if SSLINFO_REF_COUNT

#define C_SSLINFO_REFTRACES 40

#endif

typedef VOID (*NOTIFFNCPTR) ( LPVOID pvParam ) ;

class dllexp IIS_SSL_INFO {

public:

    //
    // Constructor, destructor
    //
    IIS_SSL_INFO( LPTSTR pszCertMBPath,
                  IMDCOM *pMDObject );

    ~IIS_SSL_INFO();

    //
    // Server-certificate related functions
    //
    IIS_SERVER_CERT* GetCertificate();

    IIS_SERVER_CERT* QueryCertificate()
    {
        IIS_SERVER_CERT *pServerCert = NULL;
        Lock();
        pServerCert = m_pCert;
        Unlock();
        return pServerCert;
    }

    BOOL IsDefaultCertificate()
    { return m_fDefaultCert; }


    //
    // Client cert verification functions
    //
    IIS_CTL* GetCTL();

    IIS_CTL* QueryCTL()
    {
        IIS_CTL *pCTL = NULL;
        Lock();
        pCTL = m_pCTL;
        Unlock();
        return pCTL;
    }

    BOOL GetTrustedIssuerStore( OUT HCERTSTORE *phCertStore );

    BOOL GetTrustedIssuerCerts( OUT PCCERT_CONTEXT **ppcCertContext,
                                OUT DWORD *pdwNumCerts );

    BOOL GetCertChainEngine( OUT HCERTCHAINENGINE *phEngine );

    //
    // Cert mapping-related functions
    //
    BOOL UseDSMapper( VOID );

    //
    // Utility functions
    //
    DWORD Reference();

    static DWORD Release( PVOID pvParam );

    static IIS_SSL_INFO * CreateSSLInfo( LPTSTR pszCertMBPath,
                                         IMDCOM * pMDObject );

    VOID Lock()
    { EnterCriticalSection( &m_CritSec ); }


    VOID Unlock()
    { LeaveCriticalSection( &m_CritSec ); }

    BOOL QueryCertValidity( DWORD *pdwCertValidity );

    VOID ReleaseFortezzaHandlers();

    BOOL CTLContainsCert( IN PCCERT_CONTEXT pCert,
                          OUT BOOL *pfContains );

#if DBG

    VOID DumpReferences();

#endif //DBG

private:

    BOOL CheckSignature()
    {
        return ( m_dwSignature == IIS_SSL_INFO_SIGNATURE );
    }

    BOOL IsDefaultCTL() { return m_fDefaultCTL; }

    BOOL CreateEngineRootStore();

    BOOL CreateEngineTrustStore();

    BOOL HasCertificate( OUT PBOOL pfHasCert,
                                OUT PBOOL pfIsDefaultCert );

    BOOL HasCTL( OUT PBOOL pfHasCTL,
                        OUT PBOOL pfIsDefaultCTL );

    BOOL CheckCAPIInfo( OUT PBOOL pfHasInfo,
                        OUT PBOOL pfIsDefaultInfo,
                        IN LPTSTR pszDefaultPath,
                        IN DWORD  *adwMetabaseProperties,
                        IN DWORD cProperties );

    BOOL FindTopOfChain( IN PCCERT_CONTEXT pcLeafCert,
                         OUT PCCERT_CONTEXT *ppcIssuer );

    BOOL IsTrustedRoot( IN PCCERT_CONTEXT pcCert,
                        OUT BOOL *pfTrustedRoot );

    BOOL GetRootStoreCertificates( OUT PCCERT_CONTEXT **ppcCertContext,
                                   OUT DWORD *pdwCerts );

    DWORD            m_dwSignature; //debug signature used to detect access after frees

    IIS_SERVER_CERT *m_pCert; //server certificate associated with this object
    BOOL             m_fDefaultCert;  //BOOL indicating whether instance-specific cert
    BOOL             m_fCertOK; //BOOL indicating whether cert was constructed successfully

    IIS_CTL         *m_pCTL; //CTL associated with this object
    BOOL             m_fDefaultCTL; //BOOL indicating whether instance-specific CTL
    BOOL             m_fCTLOK; //BOOL indicating whether CTL was constructed successfully

    STR              m_strMBPath; //MB path server and CTL info is read out of
    IMDCOM          *m_pMDObject; //object used for metabase accesses
    HCERTSTORE       m_hTrustedIssuerStore; //handle for store containing trusted issuers
                                            //certs
    HCERTSTORE       m_hRestrictedRoot; //handle to Restricted Root store for cert engine
    HCERTSTORE       m_hRestrictedTrust; //handle to restricted Trust store for cert engine
    HCERTSTORE       m_hMyStore; //cached handle to MY store
    HCERTSTORE       m_hCAStore; //cached handle to CA store
    HCERTSTORE       m_hRootStore; //cached handle to ROOT store
    CRITICAL_SECTION m_CritSec; //critical section protecting this object
    DWORD            m_dwRefCount; //ref count on this object

    BOOL             m_fUseDSMapper; //indicator whether to use default NT5 client cert mapper
    BOOL             m_fCheckedDSMapper;
    HCERTCHAINENGINE m_hChainEngine; //handle to chain engine to use to verify client certs
    PCCERT_CONTEXT   *m_acRootCerts; //array of certs in actual ROOT store
    DWORD            m_cRootCerts; //number of certs in m_acRootCerts
    DWORD            m_dwCertChainStatus; //status of cert chain for server cert

#if SSLINFO_REF_COUNT

    //
    // Pointer to ref tracing object
    //

    PTRACE_LOG m_pRefTraceLog;

#endif //SSLINFO_REF_COUNT

};



#endif //_SSLINFO_HXX_