able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/inetsrv/iis/ui/admin/certmap/readme.txt
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

597 lines
27 KiB
Plaintext
Raw Blame History

CERT_KEY_PROV_INFO_PROP_ID is needed by boyd's code
typedef struct _CRYPT_KEY_PROV_INFO {
LPWSTR pwszContainerName;
LPWSTR pwszProvName;
DWORD dwProvType;
DWORD dwFlags;
DWORD cProvParam;
PCRYPT_KEY_PROV_PARAM rgProvParam;
DWORD dwKeySpec;
} CRYPT_KEY_PROV_INFO, *PCRYPT_KEY_PROV_INFO;
the above comes from WinCrypt.h.
// This section covers how we interact with the Xenroll and CertServer
// COM objects. It shows a line of action [documenting ALL interaction
// with have with these COM objects] Main action is in nLocEnrl.cpp
// and if any line numbers are given they refer to check in date 4-12-98 v14 in Slim]
hr = spICertGetConfig->GetConfig(0, &ConfigString) ;
Invoke_GetConfig(CComBSTR & {...}, ADMIN_INFO & {...}, IPtr<ICertGetConfig,IID_ICertGetConfig> & {...}) line 2361 + 19 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 830 + 17 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
==> it will retrieve a ConfigString like "TPOP_DELL\Your Name" <== strange name...
hr = x->put_GenKeyFlags( (DWORD) CRYPT_EXPORTABLE); // in VB use '1' its value see wincrypt.h
&
hr = x->put_ProviderType( pdwType ); // we need PROV_RSA_SCHANNEL but use PROV_RSA_FULL
in the code there is a popup that will ask which to use
&
hr = x->put_HashAlgorithmWStr(L"MD5");
SeeIf_keysExport_or_MD5(ADMIN_INFO & {...}, int 1, IPtr<IEnroll,IID_IEnroll> & {...}) line 2430 + 10 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 924 + 20 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
DWORD dwFlags = 0;
hr = x->get_MyStoreFlags( &dwFlags);
dwFlags &= ~CERT_SYSTEM_STORE_LOCATION_MASK ;
dwFlags |= CERT_SYSTEM_STORE_LOCAL_MACHINE ;
hr = x->put_MyStoreFlags( dwFlags);
ForceCertIntoLocalMachineMyStore(ADMIN_INFO & {...}, IPtr<IEnroll,IID_IEnroll> & {...}) line 230 + 12 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 975 + 16 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
hr = x->createPKCS10WStr(IN BSTR2LPCWSTR(DN), IN BSTR2LPCWSTR(Usage), OUT &PKCS10Blob);
// line: 1178 in nLocEnrl.cpp [as of date 4-12-98 v14 in Slim]
DN="CN=localhost.explorer.TPOP.microsoft.com;O=tjpExploration Air;OU=IIS;C=US;S=Washington;L=Seattle"
Usage="1.3.6.1.5.5.7.3.1,1.3.6.1.4.1.311.10.3.1"
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1178 + 36 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
DoWizardFinish(ADMIN_INFO & {...}) line 282 + 14 bytes
WCHAR* wszContainerName=0;
hr = x->get_ContainerNameWStr( &wszContainerName );
// after this call wszContainerName is: "f6d013e1-d269-11d1-8ac9-00c04fd42c51"
GetContainerName_fromXenroll_storeInMetabase(ADMIN_INFO & {...}, IPtr<IEnroll,IID_IEnroll> & {...}) line 2525 + 12 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1184 + 16 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
//////////////////////////////////////////////////////////////////
// The following will free the blob and set the byte count
// to Zero for safety (if the upper layer still has a ptr to it).
//////////////////////////////////////////////////////////////////
if(PKCS10Blob.pbData) {
if (bWeAllocated_PKCS10Blob_pbData) // if we allocate it, call XFree
XFree(PKCS10Blob.pbData); // otherwise Xenroll allocated
else // it so call 'freeRequestInfoBlob'
x->freeRequestInfoBlob(PKCS10Blob);
AddBeginEndWrappers(_CRYPTOAPI_BLOB & {...}, int 0, CComBSTR & {...}, unsigned long & 258, ADMIN_INFO & {...}, IPtr<IEnroll,IID_IEnroll> & {...}) line 2908 + 18 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1247 + 44 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
hr = spICertRequest->Submit(SubmitFlag, bstrPKCS10, Attributes, ConfigString,
OUT &DispositionCode );
//SubmitFlag=258,for binary data in BSTR bstrPKCS10
//Attributes=""
//ConfigString="TPOP_DELL\Your Name" [the string we queried earlier]
//DispositionCode=3 after the successful operation
Send2CA(CComBSTR & {...}, CComBSTR & {...}, unsigned long & 258, CComBSTR & {...}, ADMIN_INFO & {...}, IPtr<ICertRequest,IID_ICertRequest> & {...}) line 3272 + 45 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1353 + 38 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
hr = spICertRequest->GetCertificate(GetCertFlag, OUT &bstrPKCS7Certificate);
//GetCertFlag=257,because we want a base64 string output
Send2CA(CComBSTR & {...}, CComBSTR & {...}, unsigned long & 258, CComBSTR & {...}, ADMIN_INFO & {...}, IPtr<ICertRequest,IID_ICertRequest> & {...}) line 3355 + 21 bytes
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1353 + 38 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
hr = x->put_RootStoreNameWStr (wszName);
//wszName="CA"
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1414 + 18 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
DoWizardFinish(ADMIN_INFO & {...}) line 282 + 14 bytes
hr = x->acceptPKCS7Blob( &PKCS7Blob );
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1822 + 15 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
DoWizardFinish(ADMIN_INFO & {...}) line 282 + 14 bytes
if ( (PKCS7Blob.cbData == 0)
|| ((pCertContext = x->getCertContextFromPKCS7(
IN /*PCRYPT_DATA_BLOB*/ &PKCS7Blob )) == 0))
callXenroll(char * 0x0233ab5c, char * 0x0012dcf0, int 1, TAGCertStates MD_CERT_ENROLL_ENTERING_DATA, ADMIN_INFO & {...}) line 1845 + 21 bytes
Finish_NewCertWiz(ADMIN_INFO & {...}, CString & {""}) line 701 + 34 bytes
DoWizardFinish(ADMIN_INFO & {...}) line 282 + 14 bytes
Now I am trying: http://pkstl1/CertSrv/CertEnroll/krenroll.asp
=== its another cert server. We get the same error 0x80093005
==For this CertServer: http://certsrv/CertSrv/CertEnroll/ceaccept.asp
==This is what we get back from createPKCS10 when doing a renewal request
==its pretty big: >4098 chars. When I give this to CertServer I get an error code
==of 0x80093005
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIMHQYJKoZIhvcNAQcCoIIMDjCCDAoCAQExCzAJBgUrDgMCGgUAMIIGngYJKoZI
hvcNAQcBoIIGjwSCBoswggaHMIIGNQIBADAAMFwwDQYJKoZIhvcNAQEBBQADSwAw
SAJBALSnpRBe3rvyzH7fFaNYhI/bm8jhFX5/Fy5ySGqJoVlVAG1eW2EiGhhITW46
bKSZFvmItHw7s/U5q6NRiMvHpLcCAwEAAaCCBc4wIAYKKwYBBAGCNwIBDjESMBAw
DgYDVR0PAQH/BAQDAgHAMIIBSwYKKwYBBAGCNw0CAjGCATswggE3HoGoAE0AaQBj
AHIAbwBzAG8AZgB0ACAAQgBhAHMAZQAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABp
AGMAIABQAHIAbwB2AGkAZABlAHIAIAB2ADEALgAwAAAAAAAFAAwBAAAIAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAFAAAAFADQABTcoAAgAGQAbABs
AAAADQADAQAADFNSMUEASAAAA4GJAIhSraSWBd0MUKT+LrIzrFo677g6+iRcJlNu
EpqWe/lKpcYBMgqHfTYjHqqLQpYPLgEkQXOlaUB1HJQbQQl0qjNXrYC+NMsqxb4I
vx/bfglMC0tj2niAkpKZxmgE9K+OYIRvHn5DNu0FKSr+fOd9MpEstUFNCqSoyslZ
3tEnCM9WAAAAAAAAAAAwggRZBgkrBgEEAYI3DQExggRKMIIERjCCA/CgAwIBAgII
Gb0Z4QAABrEwDQYJKoZIhvcNAQEEBQAwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJXQTEQMA4GA1UEBxMHUmVkbW9uZDETMBEGA1UEChMKV2luZG93cyBOVDEbMBkG
A1UECxMSRGlzdHJpYnV0ZWQgU3lzdGVtMTMwMQYDVQQDEypNaWNyb3NvZnQgQ2Vy
dGlmaWNhdGUgU2VydmVyIFRlc3QgR3JvdXAgQ0EwHhcNOTgwNDA2MjE0MTIwWhcN
OTgxMDE0MTgxMTI4WjBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
bjEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQL
EwNJSVMxGzAZBgNVBAMTEmJveWQubWljcm9zb2Z0LmNvbTBcMA0GCSqGSIb3DQEB
AQUAA0sAMEgCQQD+vFXGy/7SkbMUdugDhptekRIT4n6Dw5OKUygYgC6w7IcWcxUk
SAYO4QZVbuMoCzN2OAuoGqIQ3i/k/n0T+cvbAgMBAAGjggJFMIICQTALBgNVHQ8E
BAMCADgwHwYDVR0lBBgwFgYIKwYBBQUHAwEGCisGAQQBgjcKAwEwgc8GA1UdIwSB
xzCBxIAUt4UyEbgWWjom4bdQ2Y501IPyIkWhgZmkgZYwgZMxCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDETMBEGA1UEChMKV2luZG93
cyBOVDEbMBkGA1UECxMSRGlzdHJpYnV0ZWQgU3lzdGVtMTMwMQYDVQQDEypNaWNy
b3NvZnQgQ2VydGlmaWNhdGUgU2VydmVyIFRlc3QgR3JvdXAgQ0GCEBETYQCqAP6F
EdFEueIoFGMwgb0GA1UdHwSBtTCBsjBWoFSgUoZQaHR0cDovL0NFUlRTUlYvQ2Vy
dFNydi9DZXJ0RW5yb2xsL01pY3Jvc29mdCBDZXJ0aWZpY2F0ZSBTZXJ2ZXIgVGVz
dCBHcm91cCBDQS5jcmwwWKBWoFSGUmZpbGU6Ly9cXENFUlRTUlZcQ2VydFNydlxD
ZXJ0RW5yb2xsXE1pY3Jvc29mdCBDZXJ0aWZpY2F0ZSBTZXJ2ZXIgVGVzdCBHcm91
cCBDQS5jcmwwCQYDVR0TBAIwADB0BggrBgEFBQcBAQRoMGYwZAYIKwYBBQUHMAKG
WGh0dHA6Ly9DRVJUU1JWL0NlcnRTcnYvQ2VydEVucm9sbC9DRVJUU1JWX01pY3Jv
c29mdCBDZXJ0aWZpY2F0ZSBTZXJ2ZXIgVGVzdCBHcm91cCBDQS5jcnQwDQYJKoZI
hvcNAQEEBQADQQAMUda1ACOj+imFQF3z/7ThA+LEB3Inhy6wX5Dn7gK4+lDXiijo
qWZOD29ahmYQ+z+Lx6TO0zeVK4SBBbGm6h6fMAkGBSsOAwIdBQADQQCUpydHmmrC
ukAadubMOJzboBM7fhn0Ip4ketWSOmkZ15Vp39VFMcfXkwupuKe//6WGfqBo4eX5
f8cpOZ7QDdB+oIIESjCCBEYwggPwoAMCAQICCBm9GeEAAAaxMA0GCSqGSIb3DQEB
BAUAMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1JlZG1v
bmQxEzARBgNVBAoTCldpbmRvd3MgTlQxGzAZBgNVBAsTEkRpc3RyaWJ1dGVkIFN5
c3RlbTEzMDEGA1UEAxMqTWljcm9zb2Z0IENlcnRpZmljYXRlIFNlcnZlciBUZXN0
IEdyb3VwIENBMB4XDTk4MDQwNjIxNDEyMFoXDTk4MTAxNDE4MTEyOFowczELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
EjAQBgNVBAoTCU1pY3Jvc29mdDEMMAoGA1UECxMDSUlTMRswGQYDVQQDExJib3lk
Lm1pY3Jvc29mdC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA/rxVxsv+0pGz
FHboA4abXpESE+J+g8OTilMoGIAusOyHFnMVJEgGDuEGVW7jKAszdjgLqBqiEN4v
5P59E/nL2wIDAQABo4ICRTCCAkEwCwYDVR0PBAQDAgA4MB8GA1UdJQQYMBYGCCsG
AQUFBwMBBgorBgEEAYI3CgMBMIHPBgNVHSMEgccwgcSAFLeFMhG4Flo6JuG3UNmO
dNSD8iJFoYGZpIGWMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNV
BAcTB1JlZG1vbmQxEzARBgNVBAoTCldpbmRvd3MgTlQxGzAZBgNVBAsTEkRpc3Ry
aWJ1dGVkIFN5c3RlbTEzMDEGA1UEAxMqTWljcm9zb2Z0IENlcnRpZmljYXRlIFNl
cnZlciBUZXN0IEdyb3VwIENBghARE2EAqgD+hRHRRLniKBRjMIG9BgNVHR8EgbUw
gbIwVqBUoFKGUGh0dHA6Ly9DRVJUU1JWL0NlcnRTcnYvQ2VydEVucm9sbC9NaWNy
b3NvZnQgQ2VydGlmaWNhdGUgU2VydmVyIFRlc3QgR3JvdXAgQ0EuY3JsMFigVqBU
hlJmaWxlOi8vXFxDRVJUU1JWXENlcnRTcnZcQ2VydEVucm9sbFxNaWNyb3NvZnQg
Q2VydGlmaWNhdGUgU2VydmVyIFRlc3QgR3JvdXAgQ0EuY3JsMAkGA1UdEwQCMAAw
dAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhodHRwOi8vQ0VSVFNSVi9DZXJ0
U3J2L0NlcnRFbnJvbGwvQ0VSVFNSVl9NaWNyb3NvZnQgQ2VydGlmaWNhdGUgU2Vy
dmVyIFRlc3QgR3JvdXAgQ0EuY3J0MA0GCSqGSIb3DQEBBAUAA0EADFHWtQAjo/op
hUBd8/+04QPixAdyJ4cusF+Q5+4CuPpQ14oo6KlmTg9vWoZmEPs/i8ekztM3lSuE
gQWxpuoenzGCAQYwggECAgEBMIGgMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
V0ExEDAOBgNVBAcTB1JlZG1vbmQxEzARBgNVBAoTCldpbmRvd3MgTlQxGzAZBgNV
BAsTEkRpc3RyaWJ1dGVkIFN5c3RlbTEzMDEGA1UEAxMqTWljcm9zb2Z0IENlcnRp
ZmljYXRlIFNlcnZlciBUZXN0IEdyb3VwIENBAggZvRnhAAAGsTAJBgUrDgMCGgUA
MA0GCSqGSIb3DQEBAQUABEDMqxiFfAXZ11mtHC2/qRlbB2jtU4bW8EKOWpzOCkig
wsztKwHdqXT0fznLWG790nGfFk9IJ440dAnBSGy4P6J0
-----END NEW CERTIFICATE REQUEST-----
REM Enabling debug
REM
REM If using the NT command shell use:
\\tpophp\public\registry -s -k"HKEY_CURRENT_USER\Software\Microsoft\CertMap\Debug" -n Enabled -v "TRUE"
\\tpophp\public\registry -s -k"HKEY_CURRENT_USER\Software\Microsoft\CertMap\Debug" -n Mode -v "Aging"
REM
REM If you use mks shell use
REM registry -s -k"HKEY_CURRENT_USER\\Software\\Microsoft\\CertMap\\Debug" -n Enabled -v "TRUE"
REM registry -s -k"HKEY_CURRENT_USER\\Software\\Microsoft\\CertMap\\Debug" -n Mode -v "Aging"
[D:/work/test] ./mdutil enum w3svc/info
MajorVersion : [S] (DWORD) 0x4={4}
MinorVersion : [S] (DWORD) 0x0={0}
ServerPlatform : [S] (DWORD) 0x1={1}
Capabilities : [S] (DWORD) 0xfbf={4031} <<===
ServerConfigurationInfo : [S] (DWORD) 0xe={14}
KeyType : [S] (STRING) "IIsWebInfo"
The Capabilities setting will give us the answer to whether this
web server is International or Domestic and allow us to Fix the #Bits
in the key.
After running CertWiz you can expect to see this with MDutil. The lines
with ==> are added by CertWiz
D:\work\test>mdutil enum w3svc\1
ServerSize : [IS] (DWORD) 0x1={Medium}
Win32Error : [S] (DWORD) 0x0={0}
6269 : [F] (DWORD) 0x1234={4660}
ServerState : [S] (DWORD) 0x4={Stopped}
5534 : [IS] (DWORD) 0x0={0}
5532 : [IS] (DWORD) 0x352742d0={891765456}
5533 : [IS] (DWORD) 0xd={13}
5531 : [IS] (DWORD) 0xd0ddd00d={-790769651}
ServerComment : [IS] (STRING) "Default Web Site"
KeyType : [S] (STRING) "IIsWebServer"
5513 : [IS] (STRING) "Tom"
5507 ==> : [IS] (STRING) "{9D11875D-D144-E285-0F78-C6732D7E1483}"
5511 ==> : [IS] (STRING) "MY"
5506 ==> : [IS] (BINARY) 0xa1 32 6e 8d 3e 4c ea 5c c6 c2 d0 18 65 17 d7 de 3e a3 ed 53
ServerBindings : [IS] (MULTISZ) ":80:"
SecureBindings : [IS] (MULTISZ) ":443:"
SysAllocStringLen can have embedded nulls use:
BSTR SysAllocStringLen( OLECHAR FAR* pch, unsigned int cch )
This version of MsgBox uses the string resource with the ID [nIDPrompt] to
display a message in the message box. The associated Help page is found
through the value of nIDHelp. If the default value of nIDHelp is
used (<28> 1), the string resource ID, nIDPrompt, is used for the Help context.
For more information about defining Help contexts, see the article Help
Topics in Visual C++ Programmer's Guide and Technical Note 28.
This version of MsgBox uses the string resource with the ID [nIDPrompt] to
// when doing key ring import we ran into trouble when we tried to do a ViewCert
// and passed in the cert pointer: here is the code from NKMuxPg.cpp near ln 1258
if (pCertContext!=0)
{
if (YesNoMsgBox(
Easy::Load(szResourceStr,
IDS_WOULD_YOU_LIKE_TO_VIEW_THE_CERTIFICATE_THAT_YOU_JUST_IMPORTED
// "Would you like to view the Certificate that you just imported?"
)))
{
ViewACert( pCertContext );
// after hitting break in the debugger we get the following stack dump
NTDLL! 77f98bb3()
MSAFD! 77514dd7()
WS2_32! 7756357b()
WSOCK32! 775811d7()
// as we call FinCertImport::OnWizardFinish() that will take the filename
// c:/tmp/newcert318.cer and process it in Xenroll to finalize the OOB
// this is the stack
CFinCertImport::OnWizardFinish() line 212
MFC42! 5f46f278()
MFC42! 5f40230b()
MFC42! 5f402294()
MFC42! 5f40221f()
AfxWndProcDllStatic(HWND__ * 0x000c0a0c, unsigned int 78, unsigned int 0, long 1237948) line 57 + 21 bytes
USER32! 77e753d0()
USER32! 77e762d5()
COMCTL32! 779f709a()
COMCTL32! 77a035a6()
COMCTL32! 77a30fd1()
COMCTL32! 77a31e74()
USER32! 77e87983()
USER32! 77e8be30()
USER32! 77e75bc1()
MFC42! 5f402783()
MFC42! 5f402322()
MFC42! 5f402294()
MFC42! 5f40221f()
AfxWndProcDllStatic(HWND__ * 0x00350812, unsigned int 273, unsigned int 12325, long 3213652) line 57 + 21 bytes
USER32! 77e753d0()
USER32! 77e762d5()
USER32! 77e8f3d1()
USER32! 77e91486()
USER32! 77e7387f()
USER32! 77e79704()
USER32! 77e8ddab()
// when we run xenroll to finish an OOB and we get a error this is typically
// what the call stack will be
DisplayError_ErrorReturn(long -2146885628, ADMIN_INFO & {...}, char * 0x00c43854) line 3796
DisplayError_ErrorReturn(long -2146885628, ADMIN_INFO & {...}, unsigned int 4068, TAGCertStates MD_CERT_ENROLL_RECVED_ERR_FROM_ENROLL) line 3879 + 17 bytes
callXenroll(char * 0x5f4c86bc, char * 0x0012e0f4, int 4, TAGCertStates MD_CERT_ENROLL_PROCESSING_PKCS7_OUTOFBAND, ADMIN_INFO & {...}) line 1652 + 23 bytes
Finish_FinishOOBCertWiz(ADMIN_INFO & {...}, CString & {""}) line 519 + 34 bytes
CFinCertImport::OnWizardFinish() line 263 + 26 bytes
MFC42! 5f46f278()
MFC42! 5f40230b()
MFC42! 5f402294()
MFC42! 5f40221f()
AfxWndProcDllStatic(HWND__ * 0x000c0a24, unsigned int 78, unsigned int 0, long 1238152) line 57 + 21 bytes
USER32! 77e753d0()
USER32! 77e762d5()
COMCTL32! 779f709a()
COMCTL32! 77a035a6()
COMCTL32! 77a30fd1()
COMCTL32! 77a31e74()
USER32! 77e87983()
USER32! 77e8be30()
The second form of the function uses the string resource with the ID nIDPrompt to display a message in the message box. The associated Help page is found through the value of nIDHelp. If the default value of nIDHelp is used (<28> 1), the string resource ID, nIDPrompt, is used for the Help context. For more information about defining Help contexts, see the article Help Topics in Visual C++ Programmer's Guide and Technical Note 28.
00125DCC 30 82 04 2D 30 82 03 D7 A0 0<>.-0<>
00125DD5 03 02 01 02 02 08 06 A6 C6 .......<2E><>
00125DDE 5C 00 00 05 BD 30 0D 06 09 \...<2E>0..
00125DE7 2A 86 48 86 F7 0D 01 01 04 *<2A>H<EFBFBD><48>....
00125DF0 05 00 30 81 93 31 0B 30 09 ..0.<2E>1.0
00125DF9 06 03 55 04 06 13 02 55 53 ..U....US
00125E02 31 0B 30 09 06 03 55 04 08 1.0 ..U..
00125E0B 13 02 57 41 31 10 30 0E 06 ..WA1.0..
00125E14 03 55 04 07 13 07 52 65 64 .U....Red
00125E1D 6D 6F 6E 64 31 13 30 11 06 mond1.0..
00125E26 03 55 04 0A 13 0A 57 69 6E .U....Win
00125E2F 64 6F 77 73 20 4E 54 31 1B dows NT1.
00125E38 30 19 06 03 55 04 0B 13 12 0...U....
00125E41 44 69 73 74 72 69 62 75 74 Distribut
00125E4A 65 64 20 53 79 73 74 65 6D ed System
00125E53 31 33 30 31 06 03 55 04 03 1301..U..
00125E5C 13 2A 4D 69 63 72 6F 73 6F .*Microso
00125E65 66 74 20 43 65 72 74 69 66 ft Certif
00125E6E 69 63 61 74 65 20 53 65 72 icate Ser
00125E77 76 65 72 20 54 65 73 74 20 ver Test
00125E80 47 72 6F 75 70 20 43 41 30 Group CA0
"CertificateAuthority.Request" is the request object that we use in VB
0012D5E8 F0 F3 AF 98 24 55 D0 11 88 12 00
0012D5F3 A0 C9 03 B8 3C
Using this code:
if (Util::PeekBool(++cStepCnt > 0) // a failure here will have cnt=1
&& (hr=E_FAIL) // trick so that we get a nice error code if the bstr extract fails
&& bstr
&& Util::PeekBool(++cStepCnt > 0) // a failure here will have cnt=2, etc...
&& SUCCEEDED( hr=convertPKCS7_BSTR2Blob( IN /*CComBSTR& */ bstrPKCS7Contents,
OUT /*CRYPT_DATA_BLOB&*/ PKCS7Blob) )
&& Util::PeekBool(++cStepCnt > 0)
&& SUCCEEDED( hr = x->acceptPKCS7Blob( IN /*PCRYPT_DATA_BLOB*/ &PKCS7Blob))
I am getting a HR of 0x80093009 <-- a failure from the acceptPKCS7Blob
any ideas? I believe that I imported and decoded
it properly, I will show the cert below also
as an attachment.
>> I think that the code is sound but the Cert Server gave
>> me a bad cert file. BECAUSE if I click on the pkcs7.cer
>> file under NT's fileExplorer it says "Invalid Security Cert File"
PKCS7Blob.cbData = 1748 The PKCS7Blob.pbData = 0x00128864
Here is the first part of my PKCS7Blob:
00128864 50 44 FC 77 D8 D1 18 00 00 00 14 PD<50>w<EFBFBD><77>.....
0012886F 00 E0 D1 18 00 E8 88 12 00 2B E8 .<2E><>..<2E><>..+<2B>
0012887A FB 77 81 E8 FB 77 48 05 14 00 00 <20>w.<2E><>wH....
00128885 00 14 00 E0 D1 18 00 50 10 4B 00 ...<2E><>..P.K.
00128890 38 00 00 00 48 88 12 00 C0 D6 18 8...H<>..<2E><>.
0012889B 00 3C 89 12 00 50 44 FC 77 68 2D .<<3C>..PD<50>wh-
001288A6 F9 77 FF FF FF FF 4C 89 12 00 37 <20>w<EFBFBD><77><EFBFBD><EFBFBD>L<EFBFBD>..7
001288B1 FF FA 77 00 00 14 00 61 00 00 50 <20><>w....a..P
001288BC 01 D6 18 00 00 00 14 00 70 F3 14 .<2E>......p<>.
001288C7 00 00 00 00 00 70 89 12 00 00 00 .....p<>....
001288D2 14 00 AD 00 FB 77 80 F3 14 00 F8 ..<2E>.<2E>w<EFBFBD><77>..<2E>
0018CAD0 30 82 01 74 30 82 01 22 02 01 00 0<>.t0<74>."...
0018CADB 30 81 85 31 28 30 26 06 03 55 04 0.<2E>1(0&..U.
0018CAE6 03 13 1F 77 77 77 2E 32 54 50 4F ...www.2TPO
0018CAF1 50 44 45 4C 4C 2E 64 6E 73 2E 6D PDELL.dns.m
0018CAFC 69 63 72 6F 73 6F 66 74 2E 63 6F icrosoft.co
0018CB07 6D 31 12 30 10 06 03 55 04 0A 13 m1.0...U...
0018CB12 09 4D 69 63 72 6F 73 6F 66 74 31 Microsoft1
0018CB1D 11 30 0F 06 03 55 04 0B 13 08 49 .0...U....I
0018CB28 49 53 44 65 76 32 32 31 0B 30 09 ISDev221.0
0018CB33 06 03 55 04 06 13 02 55 53 31 13 ..U....US1.
0018CB3E 30 11 06 03 55 04 08 13 0A 57 61 0...U....Wa
0018CB49 73 68 69 6E 67 74 6F 6E 31 10 30 shington1.0
0018CB54 0E 06 03 55 04 07 13 07 52 65 64 ...U....Red
0018CB5F 6D 6F 6E 64 30 5C 30 0D 06 09 2A mond0\0.. *
0018CB6A 86 48 86 F7 0D 01 01 01 05 00 03 <20>H<EFBFBD><48>.......
0018CB75 4B 00 30 48 02 41 00 DF 81 A8 A9 K.0H.A.<2E>.<2E><>
0018CB80 7A 1A E6 0F A9 66 49 6E 6A 65 A1 z.<2E>.<2E>fInje<6A>
0018CB8B E2 2E A5 8E 89 D5 4D E0 91 3D 6C <20>.<2E><><EFBFBD><EFBFBD>M<EFBFBD><4D>=l
0018CB96 EE 0B E7 52 43 9E CD 2C 15 E7 48 <20>.<2E>RC<52><43>,.<2E>H
0018CBA1 85 64 A5 2E BD 14 A7 12 D4 56 90 <20>d<EFBFBD>.<2E>.<2E>.<2E>V.
0018CBAC 40 98 A9 BB 47 09 77 F2 96 FB 33 @<40><><EFBFBD>G w<><77><EFBFBD>3
0018CBB7 11 40 B0 A2 B1 02 03 01 00 01 A0 .@<40><><EFBFBD>.....<2E>
0018CBC2 37 30 35 06 0A 2B 06 01 04 01 82 705..+....<2E>
0018CBCD 37 02 01 0E 31 27 30 25 30 0E 06 7...1'0%0..
========================================================================
ActiveX CertWizard Control DLL : CERTMAP
========================================================================
1. Enabling Debugging
/////////////////////////////////////////////////////////////////////
//
// If using the NT command shell use:
// registry -s -k"HKEY_CURRENT_USER\Software\Microsoft\CertMap\Debug" -n Enabled -v "TRUE"
//
//
// All you MKS shell users can enable it by doing:
// registry -s -k"HKEY_CURRENT_USER\\Software\\Microsoft\\CertMap\\Debug" -n Enabled -v "TRUE"
//
// [if you want the aging feature that rescans every 12 calls, then
// you also need to set MODE=Aging]
//
// If using the NT command shell use:
// registry -s -k"HKEY_CURRENT_USER\Software\Microsoft\CertMap\Debug" -n Mode -v "Aging"
// All you MKS shell users can enable it by doing:
// registry -s -k"HKEY_CURRENT_USER\\Software\\Microsoft\\CertMap\\Debug"-n Mode -v "Aging"
//
// Similarly for you MKS'sh-ers you can use the following command to test if its enabled:
// registry -p -k"HKEY_CURRENT_USER\\Software\\Microsoft\\CertMap\\Debug"
// If it says:
//
// HKEY_CURRENT_USER\Software\Microsoft\CertMap\Debug Enabled "TRUE"
//
// Its enabled!
/////////////////////////////////////////////////////////////////////
//
//
// Similarly for you MKS'sh-ers you can use the following command to test if its enabled:
// registry -p -k"HKEY_CURRENT_USER\\Software\\Microsoft\\CertMap\\Debug"
// If it says:
//
// HKEY_CURRENT_USER\Software\Microsoft\CertMap\Debug Enabled "TRUE"
If you dont have MKS just use the command regEdt32 to do it.
2. Testing the MS Cert Server Online CA
You need to install at least a stub in the registry. I do it
with MKS ksh doing the following operations: We need a Reg Key
named "${CA}\\${MS}" to exist under HKEY_LOCAL_MACHINE. The following
code will just create it and install a {name=Enabled value=True} setting
MS="Microsoft Certificate Server"
CA="Software\\Microsoft\\CertMap\\Parameters\\Certificate Authorities"
registry -s -k"HKEY_LOCAL_MACHINE\\${CA}\\${MS}" -n Enabled -v True
If you dont have MKS just use the command regEdt32 to do it.
3. What if CertServer is suspected of having problems or is not running?
Here is what we do: ReInstall it by:
[C:/WINNT50/system32] sysocmgr -i:certmast.inf -n
Then check if it works by running -- this just prints out the config info
[C:/WINNT50/system32] ./certutil
Entry 0:
Name: `Your Name'
OrgUnit: `Your Unit'
Organization: `Your Organization'
Locality: `Your Locality'
State: `Your State'
Country: `US'
Config: `TPOP_DELL\Your Name'
SignatureCertificate: `TPOP_DELL_Your Name.crt'
Description: `Your Description.'
Server: `TPOP_DELL'
Authority: `Your Name'
For debugging you can fire up a testing tool that starts up a shell
window so that you can watch CertServer requests/tasks while it works:
[C:/WINNT50/system32] start certsrv -z
Note that if you want to run the above command YOU MUST MAKE SURE THAT
CERT SERVER IS STOPED FIRST SINCE IT WILL START IT AS A SERVICE AND
YOU CAN ONLY HAVE 1 CERT SERV SERVICE. Use the following to do it:
[C:/WINNT50/system32] net stop certsvc
You might notice that we say certSVC not certSVR as in 'start certsrv -z'
========================================================================
ActiveX Control DLL : CERTMAP
========================================================================
ControlWizard has created this project for your CERTMAP OLE Control DLL,
which contains 1 control.
This skeleton project not only demonstrates the basics of writing an OLE
Control, but is also a starting point for writing the specific features
of your control.
This file contains a summary of what you will find in each of the files
that make up your CERTMAP OLE Control DLL.
certmap.mak
The Visual C++ project makefile for building your OLE Control.
certmap.h
This is the main include file for the OLE Control DLL. It
includes other project-specific includes such as resource.h.
certmap.cpp
This is the main source file that contains code for DLL initialization,
termination and other bookkeeping.
certmap.rc
This is a listing of the Microsoft Windows resources that the project
uses. This file can be directly edited with the Visual C++ resource
editor.
certmap.def
This file contains information about the OLE Control DLL that
must be provided to run with Microsoft Windows.
certmap.clw
This file contains information used by ClassWizard to edit existing
classes or add new classes. ClassWizard also uses this file to store
information needed to generate and edit message maps and dialog data
maps and to generate prototype member functions.
certmap.odl
This file contains the Object Description Language source code for the
type library of your control.
/////////////////////////////////////////////////////////////////////////////
Certmap control:
CertCtl.h
This file contains the declaration of the CCertmapCtrl C++ class.
CertCtl.cpp
This file contains the implementation of the CCertmapCtrl C++ class.
CertPpg.h
This file contains the declaration of the CCertmapPropPage C++ class.
CertPpg.cpp
This file contains the implementation of the CCertmapPropPage C++ class.
CertCtl.bmp
This file contains a bitmap that a container will use to represent the
CCertmapCtrl control when it appears on a tool palette. This bitmap
is included by the main resource file certmap.rc.
/////////////////////////////////////////////////////////////////////////////
Other standard files:
stdafx.h, stdafx.cpp
These files are used to build a precompiled header (PCH) file
named stdafx.pch and a precompiled types (PCT) file named stdafx.obj.
resource.h
This is the standard header file, which defines new resource IDs.
The Visual C++ resource editor reads and updates this file.
/////////////////////////////////////////////////////////////////////////////
Other notes:
ControlWizard uses "TODO:" to indicate parts of the source code you
should add to or customize.
/////////////////////////////////////////////////////////////////////////////
Reference in a new issue View git blame Copy permalink