// Microsoft Windows // Copyright (C) Microsoft Corporation, 1996 - 1999 // File: CCert.cpp // Contents: Microsoft Internet Security Certificate Class // History: 14-Aug-1997 pberkman created #include "global.hxx" #include "signer.h" extern "C" { extern BOOL WINAPI GetCryptProvFromCert(HWND hwnd, PCCERT_CONTEXT pCert, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec, BOOL *pfDidCryptAcquire, LPWSTR *ppwszTmpContainer, LPWSTR *ppwszProviderName, DWORD *pdwProviderType); extern void WINAPI FreeCryptProvFromCert(BOOL fAcquired, HCRYPTPROV hProv, LPWSTR pwszCapiProvider, DWORD dwProviderType, LPWSTR pwszTmpContainer); }; #include "ccert.hxx" CCert_::CCert_(PCCERT_CONTEXT pCertContext) { m_pCertContext = CertDuplicateCertificateContext(pCertContext); m_pCCert_Issuer = NULL; m_pwszPublisherName = NULL; m_pwszAgencyName = NULL; m_pwszProvider = NULL; m_pwszKeyContainer = NULL; m_dwProviderType = 0; m_chStores = 0; m_fTriedPrivateKey = FALSE; memset(m_pahStores, 0x00, sizeof(HCERTSTORE) * CCERT_MAXSTORES); } CCert_::~CCert_(void) { CertFreeCertificateContext(m_pCertContext); DELETE_OBJECT(m_pCCert_Issuer); DELETE_OBJECT(m_pwszPublisherName); DELETE_OBJECT(m_pwszAgencyName); DELETE_OBJECT(m_pwszProvider); DELETE_OBJECT(m_pwszKeyContainer); for (int i = 0; i < (int)m_chStores; i++) { if (m_pahStores[i]) { CertCloseStore(m_pahStores[i], 0); } } } WCHAR *CCert_::PublisherName(void) { if (m_pwszPublisherName) { return(m_pwszPublisherName); } if (!(this->ExtractCommonNameExt(&m_pwszPublisherName))) { if (!(this->ExtractCommonNameAttr(&m_pwszPublisherName))) { m_pwszPublisherName = this->GetRDNAttr(szOID_COMMON_NAME, &m_pCertContext->pCertInfo->Subject); } } return(m_pwszPublisherName); } WCHAR *CCert_::AgencyName(void) { if (m_pwszAgencyName) { return(m_pwszAgencyName); } if (!(m_pCertContext)) { return(NULL); } m_pwszAgencyName = this->GetRDNAttr(szOID_ORGANIZATIONAL_UNIT_NAME, &m_pCertContext->pCertInfo->Subject); if (!(m_pwszAgencyName)) { m_pwszAgencyName = this->GetRDNAttr(szOID_ORGANIZATION_NAME, &m_pCertContext->pCertInfo->Subject); if (!(m_pwszAgencyName)) { m_pwszAgencyName = this->GetRDNAttr(szOID_COMMON_NAME, &m_pCertContext->pCertInfo->Subject); } } return(m_pwszAgencyName); } WCHAR *CCert_::ProviderName(void) { if (m_pwszProvider) { return(m_pwszProvider); } if (!(m_pCertContext)) { return(NULL); } this->FindPrivateKey(); return(m_pwszProvider); } DWORD CCert_::ProviderType(void) { if (m_pwszProvider) { return(m_dwProviderType); } this->FindPrivateKey(); return(m_dwProviderType); } WCHAR *CCert_::PrivateKeyContainer(void) { if (m_pwszKeyContainer) { return(m_pwszKeyContainer); } this->FindPrivateKey(); return(m_pwszKeyContainer); } BOOL CCert_::BuildChain(FILETIME *psftVerifyAsOf) { FILETIME sft; if (!(m_pCertContext)) { return(FALSE); } if (m_pCCert_Issuer) { return(TRUE); } if (!(psftVerifyAsOf)) { GetSystemTimeAsFileTime(&sft); psftVerifyAsOf = &sft; } this->OpenStores(); return(this->BuildChainPrivate(m_chStores, m_pahStores, psftVerifyAsOf)); } //// // protected BOOL CCert_::ExtractCommonNameExt(WCHAR **ppwszRet) { *ppwszRet = NULL; if (!(m_pCertContext)) { return(FALSE); } PCERT_NAME_VALUE pNameValue; PCERT_EXTENSION pExt; pNameValue = NULL; pExt = CertFindExtension(SPC_COMMON_NAME_OBJID, m_pCertContext->pCertInfo->cExtension, m_pCertContext->pCertInfo->rgExtension); if (pExt) { DWORD cbInfo; PCERT_RDN_VALUE_BLOB pValue; DWORD dwValueType; DWORD cwsz; cbInfo = 0; CryptDecodeObject( X509_ASN_ENCODING, X509_NAME_VALUE, pExt->Value.pbData, pExt->Value.cbData, 0, NULL, &cbInfo); if (cbInfo == 0) { return(FALSE); } if (!(pNameValue = (PCERT_NAME_VALUE)new BYTE[cbInfo])) { return(FALSE); } if (!(CryptDecodeObject(X509_ASN_ENCODING, X509_NAME_VALUE, pExt->Value.pbData, pExt->Value.cbData, 0, pNameValue, &cbInfo))) { delete pNameValue; return(FALSE); } dwValueType = pNameValue->dwValueType; pValue = &pNameValue->Value; cwsz = CertRDNValueToStrW(dwValueType, pValue, NULL, 0); if (cwsz > 1) { if (!(*ppwszRet = new WCHAR[cwsz])) { delete pNameValue; SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(FALSE); } CertRDNValueToStrW(dwValueType, pValue, *ppwszRet, cwsz); delete pNameValue; return(TRUE); } } DELETE_OBJECT(pNameValue); return(FALSE); } BOOL CCert_::ExtractCommonNameAttr(WCHAR **ppwszRet) { *ppwszRet = GetRDNAttr(szOID_COMMON_NAME, &m_pCertContext->pCertInfo->Subject); if (*ppwszRet) { return(TRUE); } return(FALSE); } WCHAR *CCert_::GetRDNAttr(char *pszObjId, PCERT_NAME_BLOB pNameBlob) { LPWSTR pwsz; PCERT_NAME_INFO pNameInfo; PCERT_RDN_ATTR pRDNAttr; DWORD cbInfo; pwsz = NULL; pNameInfo = NULL; cbInfo = 0; CryptDecodeObject( X509_ASN_ENCODING, X509_NAME, pNameBlob->pbData, pNameBlob->cbData, 0, NULL, &cbInfo); if (cbInfo == 0) { return(NULL); } if (!(pNameInfo = (PCERT_NAME_INFO)new BYTE[cbInfo])) { return(NULL); } if (!(CryptDecodeObject(X509_ASN_ENCODING, X509_NAME, pNameBlob->pbData, pNameBlob->cbData, 0, pNameInfo, &cbInfo))) { delete pNameInfo; return(NULL); } pRDNAttr = CertFindRDNAttr(pszObjId, pNameInfo); if (pRDNAttr) { PCERT_RDN_VALUE_BLOB pValue = &pRDNAttr->Value; DWORD dwValueType = pRDNAttr->dwValueType; DWORD cwsz; pValue = &pRDNAttr->Value; dwValueType = pRDNAttr->dwValueType; cwsz = CertRDNValueToStrW(dwValueType, pValue, NULL, 0); if (cwsz > 1) { if (!(pwsz = new WCHAR[cwsz])) { delete pNameInfo; SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(NULL); } CertRDNValueToStrW(dwValueType, pValue, pwsz, cwsz); } } DELETE_OBJECT(pNameInfo); return(pwsz); } //// // private BOOL CCert_::BuildChainPrivate(DWORD chStores, HCERTSTORE *pahStores, FILETIME *psftVerifyAsOf) { DWORD dwError; PCCERT_CONTEXT pIssuerCertContext; DELETE_OBJECT(m_pCCert_Issuer); if (TrustIsCertificateSelfSigned(m_pCertContext, m_pCertContext->dwCertEncodingType, 0)) { return(TRUE); } pIssuerCertContext = TrustFindIssuerCertificate(m_pCertContext, m_pCertContext->dwCertEncodingType, chStores, pahStores, psftVerifyAsOf, &m_dwConfidence, &dwError, 0); if (!(pIssuerCertContext)) { SetLastError(dwError); return(FALSE); } m_pCCert_Issuer = new CCert_(pIssuerCertContext); CertFreeCertificateContext(pIssuerCertContext); if (!(m_pCCert_Issuer)) { return(FALSE); } return(m_pCCert_Issuer->BuildChainPrivate(chStores, pahStores, psftVerifyAsOf)); } // warning: if you add a store, make sure to add one to the CCERT_MAXSTORES in ccert.hxx!!! void CCert_::OpenStores(void) { HCERTSTORE hStore; m_chStores = 0; if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "ROOT")) { m_pahStores[m_chStores] = hStore; m_chStores++; } else { return; // if we can't find the root, FAIL! } // open the Trust List store if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "TRUST")) { m_pahStores[m_chStores] = hStore; m_chStores++; } // CA Store if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "CA")) { m_pahStores[m_chStores] = hStore; m_chStores++; } // MY Store if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "MY")) { m_pahStores[m_chStores] = hStore; m_chStores++; } // SPC Store (historic reasons!) if (hStore = CertOpenStore( CERT_STORE_PROV_SYSTEM_A, 0, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_READONLY_FLAG | CERT_STORE_NO_CRYPT_RELEASE_FLAG, "SPC")) { m_pahStores[m_chStores] = hStore; m_chStores++; } } BOOL CCert_::FindPrivateKey(void) { if ((m_pwszProvider) || (m_pwszKeyContainer)) { return(TRUE); } if (m_fTriedPrivateKey) { return(FALSE); } m_fTriedPrivateKey = TRUE; DELETE_OBJECT(m_pwszProvider); DELETE_OBJECT(m_pwszKeyContainer); // try mssign32.dll first HCRYPTPROV signer_hProv; WCHAR *signer_pwszTmpContainer; WCHAR *signer_pwszProviderName; DWORD signer_dwKeySpec; DWORD signer_dwProviderType; BOOL signer_fDidCryptAcquire; signer_hProv = NULL; signer_pwszTmpContainer = NULL; signer_pwszProviderName = NULL; if (GetCryptProvFromCert(NULL, m_pCertContext, &signer_hProv, &signer_dwKeySpec, &signer_fDidCryptAcquire, &signer_pwszTmpContainer, &signer_pwszProviderName, &signer_dwProviderType)) { if (signer_pwszProviderName) { if (!(m_pwszProvider = new WCHAR[wcslen(signer_pwszProviderName) + 1])) { return(FALSE); } wcscpy(m_pwszProvider, signer_pwszProviderName); if (signer_pwszTmpContainer) { if (!(m_pwszKeyContainer = new WCHAR[wcslen(signer_pwszTmpContainer) + 1])) { return(FALSE); } wcscpy(m_pwszKeyContainer, signer_pwszTmpContainer); } m_dwProviderType = signer_dwProviderType; FreeCryptProvFromCert(signer_fDidCryptAcquire, signer_hProv, signer_pwszProviderName, signer_dwProviderType, signer_pwszTmpContainer); return(TRUE); } FreeCryptProvFromCert(signer_fDidCryptAcquire, signer_hProv, signer_pwszProviderName, signer_dwProviderType, signer_pwszTmpContainer); } DWORD dwIndexProv; DWORD dwIndexContainer; DWORD dwProvType; DWORD cbSize; WCHAR wszProv[MAX_PATH + 1]; WCHAR *pwszContainer; HCRYPTPROV hProvEnum; pwszContainer = NULL; dwIndexProv = 0; for EVER { cbSize = MAX_PATH; if (!(CryptEnumProvidersU(dwIndexProv, NULL, 0, &dwProvType, &wszProv[0], &cbSize))) { break; } wszProv[cbSize] = NULL; dwIndexContainer = 0; hProvEnum = NULL; for EVER { if (!(this->EnumContainer(&hProvEnum, dwIndexContainer, dwProvType, &wszProv[0], &pwszContainer))) { break; } if (this->CheckContainerForKey(&wszProv[0], dwProvType, pwszContainer)) { m_dwProviderType = dwProvType; m_pwszKeyContainer = pwszContainer; if (m_pwszProvider = new WCHAR[wcslen(&wszProv[0]) + 1]) { wcscpy(m_pwszProvider, &wszProv[0]); } CryptReleaseContext(hProvEnum, 0); return(TRUE); } DELETE_OBJECT(pwszContainer); dwIndexContainer++; } if (hProvEnum) { CryptReleaseContext(hProvEnum, 0); } dwIndexProv++; // for our enum at the top! } return(FALSE); } BOOL CCert_::EnumContainer(HCRYPTPROV *phProv, DWORD dwIndex, DWORD dwProvType, WCHAR *pwszProv, WCHAR **ppwszContainer) { DWORD i; DWORD cbSize; char *psz; *ppwszContainer = NULL; if (!(*phProv)) { if (!(CryptAcquireContextU(phProv, NULL, pwszProv, dwProvType, CRYPT_VERIFYCONTEXT))) { return(FALSE); } } cbSize = 0; CryptGetProvParam(*phProv, PP_ENUMCONTAINERS, NULL, &cbSize, CRYPT_FIRST); if (cbSize > 0) { if (!(psz = new char[cbSize])) { return(FALSE); } memset(psz, 0x00, cbSize); CryptGetProvParam(*phProv, PP_ENUMCONTAINERS, (BYTE *)psz, &cbSize, CRYPT_FIRST); for (i = 1; i <= dwIndex; i++) { if (!(CryptGetProvParam(*phProv, PP_ENUMCONTAINERS, (BYTE *)psz, &cbSize, 0))) { delete psz; return(FALSE); } } if (!(*ppwszContainer = new WCHAR[strlen(psz) + 1])) { delete psz; SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(FALSE); } MultiByteToWideChar(0, 0, psz, -1, *ppwszContainer, (strlen(psz) + 1) * sizeof(WCHAR)); delete psz; return(TRUE); } return(FALSE); } BOOL CCert_::CheckContainerForKey(WCHAR *pwszProv, DWORD dwProvType, WCHAR *pwszContainer) { HCRYPTPROV hProv; DWORD cbSize; PCERT_PUBLIC_KEY_INFO pContInfo; if (CryptAcquireContextU(&hProv, pwszContainer, pwszProv, dwProvType, 0)) { if (!(CryptExportPublicKeyInfo(hProv, AT_SIGNATURE, X509_ASN_ENCODING, NULL, &cbSize))) { CryptReleaseContext(hProv, 0); return(FALSE); } if (!(pContInfo = (PCERT_PUBLIC_KEY_INFO)new BYTE[cbSize])) { CryptReleaseContext(hProv, 0); SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(FALSE); } if (!(CryptExportPublicKeyInfo(hProv, AT_SIGNATURE, X509_ASN_ENCODING, pContInfo, &cbSize))) { delete pContInfo; CryptReleaseContext(hProv, 0); return(FALSE); } CryptReleaseContext(hProv, 0); if (CertComparePublicKeyInfo(X509_ASN_ENCODING, &m_pCertContext->pCertInfo->SubjectPublicKeyInfo, pContInfo)) { delete pContInfo; return(TRUE); } delete pContInfo; } return(FALSE); }