2020-09-30 16:53:55 +02:00

2449 lines
76 KiB
C++

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 2000-2002.
//
// File: CertTemplate.cpp
//
// Contents: CCertTemplate
//
//----------------------------------------------------------------------------
/// CertTemplate.cpp: implementation of the CCertTemplate class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "CertTemplate.h"
#define _SECOND ((ULONGLONG) 10000000)
#define _MINUTE (60 * _SECOND)
#define _HOUR (60 * _MINUTE)
#define _DAY (24 * _HOUR)
CERT_EXTENSION g_EKUCertExtension = {szOID_ENHANCED_KEY_USAGE, 0, {0, 0}};
CERT_EXTENSION g_certPolCertExtension = {szOID_CERT_POLICIES, 0, {0, 0}};
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CCertTemplate::CCertTemplate(
PCWSTR pszObjectName,
PCWSTR pszTemplateName,
const CString& szLDAPPath,
bool fIsReadOnly,
const bool fUseCache) :
CCertTmplCookie (CERTTMPL_CERT_TEMPLATE, pszObjectName),
m_strTemplateName (pszTemplateName),
m_hCertType (0),
m_dwVersion (0),
m_dwEnrollmentFlags (0),
m_dwSubjectNameFlags (0),
m_dwPrivateKeyFlags (0),
m_dwGeneralFlags (0),
m_dwKeySpec (0),
m_bIsClone (false),
m_bCanBeDeletedOnCancel (false),
m_bGoodForAutoenrollmentFlagPendingSave (false),
m_szLDAPPath (szLDAPPath),
m_fIsReadOnly (fIsReadOnly),
m_nOriginalValidityDays (-1),
m_nNewValidityDays (-1),
m_nOriginalRenewalDays (-1),
m_nNewRenewalDays (-1),
m_pCertExtensions (0),
m_fUseCache (fUseCache),
m_bIssuancePoliciesRequired (false),
m_fFailedToSetSecurity (false)
{
// _TRACE (1, L"Entering CCertTemplate::CCertTemplate\n");
m_strOriginalTemplateName = pszTemplateName;
Initialize ();
// _TRACE (-1, L"Leaving CCertTemplate::CCertTemplate\n");
}
CCertTemplate::CCertTemplate(
const CCertTemplate &rTemplate,
bool bIsClone,
bool fIsReadOnly,
const bool fUseCache)
: CCertTmplCookie (CERTTMPL_CERT_TEMPLATE),
m_hCertType (0),
m_dwVersion (0),
m_dwEnrollmentFlags (0),
m_dwSubjectNameFlags (0),
m_dwPrivateKeyFlags (0),
m_dwGeneralFlags (0),
m_dwKeySpec (0),
m_bIsClone (bIsClone),
m_bCanBeDeletedOnCancel (true),
m_bGoodForAutoenrollmentFlagPendingSave (false),
m_fIsReadOnly (fIsReadOnly),
m_szLDAPPath (rTemplate.GetLDAPPath ()),
m_nOriginalValidityDays (-1),
m_nNewValidityDays (-1),
m_nOriginalRenewalDays (-1),
m_nNewRenewalDays (-1),
m_pCertExtensions (0),
m_fUseCache (fUseCache),
m_bIssuancePoliciesRequired (false),
m_fFailedToSetSecurity (false)
{
// _TRACE (1, L"Entering CCertTemplate::CCertTemplate (copy constructor)\n");
// _TRACE (-1, L"Leaving CCertTemplate::CCertTemplate (copy constructor)\n");
}
CCertTemplate::~CCertTemplate()
{
// _TRACE (1, L"Entering CCertTemplate::~CCertTemplate - m_hCertType = 0x%x\n", m_hCertType);
if ( m_hCertType )
{
FreeCertExtensions ();
HRESULT hr = CACloseCertType (m_hCertType);
_ASSERT (SUCCEEDED (hr));
if ( !SUCCEEDED (hr) )
{
_TRACE (0, L"CACloseCertType (%s) failed: 0x%x\n", hr);
}
}
// _TRACE (-1, L"Leaving CCertTemplate::~CCertTemplate\n");
}
HRESULT CCertTemplate::Initialize()
{
// _TRACE (1, L"Entering CCertTemplate::Initialize - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( !m_hCertType )
{
DWORD dwFlags = CT_ENUM_MACHINE_TYPES | CT_ENUM_USER_TYPES;
if ( !m_fUseCache )
{
dwFlags |= CT_FLAG_NO_CACHE_LOOKUP;
}
hr = CAFindCertTypeByName (m_strTemplateName,
NULL,
dwFlags,
&m_hCertType);
_ASSERT (SUCCEEDED (hr));
}
if ( SUCCEEDED (hr) )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_SCHEMA_VERSION,
&m_dwVersion);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_SCHEMA_VERSION) failed: 0x%x\n", hr);
}
// Get enrollment flags
if ( SUCCEEDED (hr) )
{
hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_ENROLLMENT_FLAG,
&m_dwEnrollmentFlags);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_ENROLLMENT_FLAG) failed: 0x%x\n", hr);
}
}
// Get subject name flags
if ( SUCCEEDED (hr) )
{
hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_SUBJECT_NAME_FLAG,
&m_dwSubjectNameFlags);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_SUBJECT_NAME_FLAG) failed: 0x%x\n", hr);
}
}
// Get private key flags
if ( SUCCEEDED (hr) )
{
hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_PRIVATE_KEY_FLAG,
&m_dwPrivateKeyFlags);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_PRIVATE_KEY_FLAG) failed: 0x%x\n", hr);
}
}
// Get general flags
if ( SUCCEEDED (hr) )
{
hr = CAGetCertTypeFlagsEx (m_hCertType, CERTTYPE_GENERAL_FLAG,
&m_dwGeneralFlags);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypeFlagsEx (CERTTYPE_GENERAL_FLAG) failed: 0x%x\n", hr);
}
}
if ( SUCCEEDED (hr) )
{
hr = CAGetCertTypeKeySpec (m_hCertType, &m_dwKeySpec);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypeKeySpec () failed: 0x%x\n", hr);
}
}
}
else
{
_TRACE (0, L"CAFindCertTypeByName (%s) failed: 0x%x\n", (PCWSTR) m_strTemplateName, hr);
}
// _TRACE (-1, L"Leaving CCertTemplate::Initialize: 0x%x\n", hr);
return hr;
}
DWORD CCertTemplate::GetType() const
{
return m_dwVersion;
}
CString CCertTemplate::GetDisplayName ()
{
// _TRACE (1, L"Entering CCertTemplate::GetDisplayName - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( m_szDisplayName.IsEmpty () )
{
if ( m_hCertType )
{
PWSTR* rgwszProp = 0;
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_FRIENDLY_NAME, &rgwszProp);
if ( SUCCEEDED (hr) && rgwszProp )
{
m_szDisplayName = *rgwszProp;
CAFreeCertTypeProperty (m_hCertType, rgwszProp);
}
else
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_FRIENDLY_NAME) failed: 0x%x\n", hr);
m_szDisplayName = GetObjectName ();
}
}
else
m_szDisplayName = GetObjectName ();
}
// _TRACE (-1, L"Leaving CCertTemplate::GetDisplayName: %s, 0x%x\n", (PCWSTR) m_szDisplayName, hr);
return m_szDisplayName;
}
CString CCertTemplate::GetTemplateName() const
{
return m_strTemplateName;
}
bool CCertTemplate::SubjectIsCA() const
{
return (m_dwGeneralFlags & CT_FLAG_IS_CA) ? true : false;
}
bool CCertTemplate::SubjectIsCrossCA() const
{
return (m_dwGeneralFlags & CT_FLAG_IS_CROSS_CA) ? true : false;
}
bool CCertTemplate::IsMachineType() const
{
return (m_dwGeneralFlags & CT_FLAG_MACHINE_TYPE) ? true : false;
}
bool CCertTemplate::PublishToDS() const
{
return (m_dwEnrollmentFlags & CT_FLAG_PUBLISH_TO_DS) ? true : false;
}
DWORD CCertTemplate::GetCertExtensionCount()
{
DWORD dwCnt = 0;
PCERT_EXTENSIONS pCertExtensions = 0;
HRESULT hr = CAGetCertTypeExtensions (m_hCertType, &pCertExtensions);
if ( SUCCEEDED (hr) )
{
if ( pCertExtensions )
{
dwCnt = pCertExtensions->cExtension;
CAFreeCertTypeExtensions (m_hCertType, pCertExtensions);
}
}
else
{
_TRACE (0, L"CAGetCertTypeExtensions () failed: 0x%x\n", hr);
}
return dwCnt;
}
///////////////////////////////////////////////////////////////////////////////
//
// Method: GetCertExtension
//
// Note: The pointer returned through ppCertExtension must not be freed. The
// caller must call FreeCertExtensions () when done with it.
///////////////////////////////////////////////////////////////////////////////
HRESULT CCertTemplate::GetCertExtension (PSTR pszOID, PCERT_EXTENSION* ppCertExtension)
{
HRESULT hr = S_OK;
if ( ppCertExtension )
{
hr = CAGetCertTypeExtensions (m_hCertType, &m_pCertExtensions);
if ( SUCCEEDED (hr) )
{
if ( m_pCertExtensions )
{
*ppCertExtension = CertFindExtension(pszOID,
m_pCertExtensions->cExtension,
m_pCertExtensions->rgExtension);
if ( ! (*ppCertExtension) )
{
if ( SubjectIsCA () )
{
if ( !_stricmp (szOID_ENHANCED_KEY_USAGE, pszOID) )
*ppCertExtension = &g_EKUCertExtension;
else if ( !_stricmp (szOID_CERT_POLICIES, pszOID) )
*ppCertExtension = &g_certPolCertExtension;
}
}
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeExtensions () failed: 0x%x\n", hr);
}
}
else
return E_POINTER;
return hr;
}
HRESULT CCertTemplate::GetCertExtension(DWORD dwIndex, PSTR* ppszObjId, BOOL& fCritical)
{
if ( !ppszObjId )
return E_POINTER;
PCERT_EXTENSIONS pCertExtensions = 0;
HRESULT hr = CAGetCertTypeExtensions (m_hCertType, &pCertExtensions);
if ( SUCCEEDED (hr) )
{
if ( pCertExtensions )
{
if ( dwIndex >= pCertExtensions->cExtension )
hr = E_INVALIDARG;
else
{
PCERT_EXTENSION pExtension = &pCertExtensions->rgExtension[dwIndex];
ASSERT (pExtension->pszObjId);
if ( pExtension->pszObjId )
{
// security review 2/21/2002 BryanWal ok
PSTR pszOID = new char[strlen (pExtension->pszObjId)+1];
if ( pszOID )
{
// security review 2/21/2002 BryanWal ok
strcpy (pszOID, pExtension->pszObjId);
*ppszObjId = pszOID;
fCritical = pExtension->fCritical;
}
else
hr = E_OUTOFMEMORY;
}
else
hr = E_FAIL;
}
CAFreeCertTypeExtensions (m_hCertType, pCertExtensions);
}
}
else
{
_TRACE (0, L"CAGetCertTypeExtensions () failed: 0x%x\n", hr);
}
return hr;
}
bool CCertTemplate::HasKeySpecSignature() const
{
return m_dwKeySpec & AT_SIGNATURE ? true : false;
}
bool CCertTemplate::HasEncryptionSignature() const
{
return m_dwKeySpec & AT_KEYEXCHANGE ? true : false;
}
bool CCertTemplate::RequireSubjectInRequest() const
{
return m_dwSubjectNameFlags & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT ? true : false;
}
#define CVT_BASE (1000 * 1000 * 10)
HRESULT CCertTemplate::ConvertCertTypeFileTimeToDays (FILETIME const *pftCertType, int& nDays)
{
HRESULT hr = S_OK;
if ( !pftCertType )
return E_POINTER;
LONGLONG ll = *(LONGLONG *) pftCertType; // Signed 64 bit scalar!
if (0 > ll)
{
ll = -ll;
ll /= CVT_BASE; // now in seconds
nDays = (int) (ll / (60 * 60 * 24));
}
else
nDays = 0;
return hr;
}
HRESULT CCertTemplate::GetValidityPeriod(int& nValidityDays)
{
HRESULT hr = S_OK;
FILETIME ftValidity;
hr = CAGetCertTypeExpiration (m_hCertType, &ftValidity, 0);
if ( SUCCEEDED (hr) )
{
hr = ConvertCertTypeFileTimeToDays (&ftValidity, nValidityDays);
if ( SUCCEEDED (hr) )
m_nOriginalValidityDays = nValidityDays;
}
return hr;
}
HRESULT CCertTemplate::GetRenewalPeriod(int& nRenewalDays)
{
HRESULT hr = S_OK;
FILETIME ftRenewal;
hr = CAGetCertTypeExpiration (m_hCertType, 0, &ftRenewal);
if ( SUCCEEDED (hr) )
{
hr = ConvertCertTypeFileTimeToDays (&ftRenewal, nRenewalDays);
if ( SUCCEEDED (hr) )
m_nOriginalRenewalDays = nRenewalDays;
}
return hr;
}
// NEW CLONE
HRESULT CCertTemplate::Clone (
const CCertTemplate& rTemplate,
const CString& strTemplateName,
const CString& strDisplayName)
{
_TRACE (1, L"Entering CCertTemplate::Clone (%s, %s)\n", (PCWSTR) strTemplateName, (PCWSTR) strDisplayName);
HRESULT hr = S_OK;
_ASSERT (m_bIsClone);
if ( m_bIsClone )
{
m_strTemplateName = strTemplateName;
// Set the originalTemplateName so that we can tell later if the
// user has renamed the template. This is important because renaming
// a template creates a brand new template and the old one must then
// be deleted.
m_strOriginalTemplateName = strTemplateName;
SetObjectName (strDisplayName);
if ( SUCCEEDED (hr) )
{
hr = CAFindCertTypeByName (rTemplate.GetTemplateName (),
NULL,
CT_ENUM_MACHINE_TYPES | CT_ENUM_USER_TYPES | CT_FLAG_NO_CACHE_LOOKUP,
&m_hCertType);
if ( SUCCEEDED (hr) )
{
HCERTTYPE hNewCertType = 0;
hr = CACloneCertType (
m_hCertType,
strTemplateName,
strDisplayName,
0,
(GetType () > 1 ) ?
(CT_CLONE_KEEP_SUBJECT_NAME_SETTING | CT_CLONE_KEEP_AUTOENROLLMENT_SETTING): 0,
&hNewCertType);
if ( SUCCEEDED (hr) )
{
CACloseCertType (m_hCertType);
m_hCertType = hNewCertType;
m_szLDAPPath = GetDN ();
hr = Initialize ();
}
else
{
_TRACE (0, L"CACloneCertType (%s, %s) failed: 0x%d\n",
(PCWSTR) strTemplateName, (PCWSTR) strDisplayName,
hr);
}
}
else
{
_TRACE (0, L"CAFindCertTypeByName (%s) failed: 0x%x",
(PCWSTR) rTemplate.GetTemplateName (), hr);
}
}
}
else
hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::Clone: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::Delete()
{
_TRACE (1, L"Entering CCertTemplate::Delete - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( !(m_dwGeneralFlags & CT_FLAG_IS_DEFAULT) )
{
if ( m_hCertType )
{
hr = CADeleteCertType (m_hCertType);
if ( FAILED (hr) )
{
_TRACE (0, L"CADeleteCertType failed: 0x%x\n", hr);
}
}
else
{
_TRACE (0, L"m_hCertType was unexpectedly NULL\n");
hr = E_UNEXPECTED;
}
}
else
hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::Delete: 0x%x\n", hr);
return hr;
}
bool CCertTemplate::IsDefault() const
{
return m_dwGeneralFlags & CT_FLAG_IS_DEFAULT ? true : false;
}
bool CCertTemplate::IsClone() const
{
return m_bIsClone;
}
HRESULT CCertTemplate::SetTemplateName(const CString &strTemplateName)
{
_TRACE (1, L"Entering CCertTemplate::SetTemplateName (%s) - m_hCertType = 0x%x\n",
strTemplateName, m_hCertType);
HRESULT hr = S_OK;
if ( LocaleStrCmp (m_strTemplateName, strTemplateName) )
{
PWSTR rgwszProp[2];
rgwszProp[0] = (PWSTR)(PCWSTR) strTemplateName;
rgwszProp[1] = 0;;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_CN, rgwszProp);
if ( SUCCEEDED (hr) )
{
m_strTemplateName = strTemplateName;
}
else
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_CN, %s) failed: 0x%x",
rgwszProp[0], hr);
}
}
_TRACE (-1, L"Leaving CCertTemplate::SetTemplateName: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetDisplayName(const CString &strDisplayName, bool bForce)
{
_TRACE (1, L"Entering CCertTemplate::SetDisplayName (%s) - m_hCertType = 0x%x\n",
strDisplayName, m_hCertType);
HRESULT hr = S_OK;
if ( bForce || LocaleStrCmp (GetDisplayName (), strDisplayName) )
{
PWSTR rgwszProp[2];
rgwszProp[0] = (PWSTR)(PCWSTR) strDisplayName;
rgwszProp[1] = 0;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_FRIENDLY_NAME, rgwszProp);
if ( SUCCEEDED (hr) )
{
m_szDisplayName = L"";
m_szDisplayName = GetDisplayName ();
SetObjectName (m_szDisplayName);
}
else
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_FRIENDLY_NAME, %s) failed: 0x%x",
rgwszProp[0], hr);
}
}
_TRACE (-1, L"Leaving CCertTemplate::SetDisplayName: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SaveChanges(bool bIncrementMinorVersion /*=true*/)
{
_TRACE (1, L"Entering CCertTemplate::SaveChanges - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
m_bCanBeDeletedOnCancel = false;
if ( m_hCertType )
{
// Save validity period
if ( -1 != m_nNewValidityDays && m_nOriginalValidityDays != m_nNewValidityDays )
{
LONGLONG ll = (LONGLONG) m_nNewValidityDays * (60 * 60 * 24); // seconds
ll *= CVT_BASE;
ll = -ll;
FILETIME ftValidity;
ftValidity.dwLowDateTime = (DWORD) (ll & 0xFFFFFFFF);
ftValidity.dwHighDateTime = (DWORD) (ll >> 32);
// save the new value back to the cert template
hr = CASetCertTypeExpiration (m_hCertType, &ftValidity, 0);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypeExpiration (validity) failed: 0x%x\n", hr);
}
}
// Save renewal period
if ( -1 != m_nNewRenewalDays && m_nOriginalRenewalDays != m_nNewRenewalDays )
{
LONGLONG ll = (LONGLONG) m_nNewRenewalDays * (60 * 60 * 24); // seconds
ll *= CVT_BASE;
ll = -ll;
// get the original value
FILETIME ftRenewal;
ftRenewal.dwLowDateTime = (DWORD) (ll & 0xFFFFFFFF);
ftRenewal.dwHighDateTime = (DWORD) (ll >> 32);
// save the new value back to the cert template
hr = CASetCertTypeExpiration (m_hCertType, 0, &ftRenewal);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypeExpiration (renewal) failed: 0x%x\n", hr);
}
}
if ( SUCCEEDED (hr) )
{
if ( bIncrementMinorVersion )
hr = IncrementMinorVersion ();
if ( SUCCEEDED (hr) )
{
hr = CAUpdateCertType (m_hCertType);
if ( SUCCEEDED (hr) )
{
// If the name was changed a new template was created and the old one needs to be deleted
if ( LocaleStrCmp (m_strOriginalTemplateName, m_strTemplateName) )
{
HCERTTYPE hCertType = 0;
HRESULT hr1 = CAFindCertTypeByName (m_strOriginalTemplateName,
NULL,
CT_ENUM_MACHINE_TYPES | CT_ENUM_USER_TYPES | CT_FLAG_NO_CACHE_LOOKUP,
&hCertType);
if ( SUCCEEDED (hr1) )
{
hr1 = CADeleteCertType (hCertType);
if (FAILED (hr1) )
{
_TRACE (0, L"Cert Template was renamed. Original cert template %s was found but could not be deleted: 0x%x\n",
m_strOriginalTemplateName, hr);
}
m_strOriginalTemplateName = m_strTemplateName;
hr1 = CACloseCertType (hCertType);
if ( FAILED (hr1) )
{
_TRACE (0, L"CACloseCertType () failed: 0x%x", hr);
}
}
else
{
_TRACE (0, L"Cert Template was renamed. Unable to find original cert template %s. 0x%x\n",
m_strOriginalTemplateName, hr);
}
}
else
{
m_bIsClone = false;
Cancel (); // cause all settings to be refreshed
}
}
else
{
_TRACE (0, L"CAUpdateCertType () failed: 0x%x", hr);
}
}
}
}
else
hr = E_FAIL;
if ( SUCCEEDED (hr) )
m_bIsClone = false;
_TRACE (-1, L"Leaving CCertTemplate::SaveChanges: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetSubjectIsCA(bool bSubjectIsCA)
{
_TRACE (1, L"Entering CCertTemplate::SetSubjectIsCA - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = SetFlag (CERTTYPE_GENERAL_FLAG, CT_FLAG_IS_CA, bSubjectIsCA);
_TRACE (-1, L"Leaving CCertTemplate::SetSubjectIsCA: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetKeySpecSignature(bool bHasKeySpecSignature)
{
_TRACE (1, L"Entering CCertTemplate::SetKeySpecSignature - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( m_hCertType )
{
if ( bHasKeySpecSignature )
m_dwKeySpec |= AT_SIGNATURE;
else
m_dwKeySpec &= ~AT_SIGNATURE;
hr = CASetCertTypeKeySpec (m_hCertType, m_dwKeySpec);
if ( SUCCEEDED (hr) )
{
PCERT_EXTENSION pCertExtension = 0;
hr = GetCertExtension (szOID_KEY_USAGE, &pCertExtension);
if ( SUCCEEDED (hr) && pCertExtension )
{
DWORD cbKeyUsage = 0;
if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING,
szOID_KEY_USAGE,
pCertExtension->Value.pbData,
pCertExtension->Value.cbData,
0, NULL, &cbKeyUsage) )
{
CRYPT_BIT_BLOB* pKeyUsage = (CRYPT_BIT_BLOB*)
::LocalAlloc (LPTR, cbKeyUsage);
if ( pKeyUsage )
{
if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING,
szOID_KEY_USAGE,
pCertExtension->Value.pbData,
pCertExtension->Value.cbData,
0, pKeyUsage, &cbKeyUsage) )
{
if (pKeyUsage->cbData >= 1)
{
if ( bHasKeySpecSignature )
{
pKeyUsage->pbData[0] |= CERT_DIGITAL_SIGNATURE_KEY_USAGE;
// NTRAID# 312946 Cert Template Snap-in:
// Should clear up the Key Encipherment
// bit for signature certificate
pKeyUsage->pbData[0] &= ~CERT_KEY_AGREEMENT_KEY_USAGE;
pKeyUsage->pbData[0] &= ~CERT_KEY_ENCIPHERMENT_KEY_USAGE;
pKeyUsage->pbData[0] &= ~CERT_DATA_ENCIPHERMENT_KEY_USAGE;
}
else
{
// is encryption only - clear the digital
// signature and non-repudiation key usages
pKeyUsage->pbData[0] &= ~CERT_DIGITAL_SIGNATURE_KEY_USAGE;
pKeyUsage->pbData[0] &= ~CERT_NON_REPUDIATION_KEY_USAGE;
if ( !(CERT_KEY_AGREEMENT_KEY_USAGE & pKeyUsage->pbData[0]) )
pKeyUsage->pbData[0] |= CERT_KEY_ENCIPHERMENT_KEY_USAGE;
}
pKeyUsage->cUnusedBits = 0;
SetKeyUsage (pKeyUsage,
pCertExtension->fCritical ? true : false);
FreeCertExtensions ();
}
}
else
{
DWORD dwErr = GetLastError ();
_TRACE (0, L"CryptDecodeObject (szOID_KEY_USAGE) failed: 0x%x\n", dwErr);
DisplaySystemError (NULL, dwErr);
}
::LocalFree (pKeyUsage);
}
}
else
{
DWORD dwErr = GetLastError ();
_TRACE (0, L"CryptDecodeObject (szOID_KEY_USAGE) failed: 0x%x\n", dwErr);
DisplaySystemError (NULL, dwErr);
}
}
}
else
{
_TRACE (0, L"CASetCertTypeKeySpec() failed: 0x%x\n", hr);
}
}
else
hr = E_UNEXPECTED;
_TRACE (-1, L"Leaving CCertTemplate::SetKeySpecSignature: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetFlag (DWORD dwFlagType, DWORD dwFlag, bool bValue)
{
_TRACE (1, L"Entering CCertTemplate::SetFlag - m_hCertType = 0x%x\n", m_hCertType);;
HRESULT hr = S_OK;
DWORD* pdwFlags = 0;
switch (dwFlagType)
{
case CERTTYPE_ENROLLMENT_FLAG:
pdwFlags = &m_dwEnrollmentFlags;
break;
case CERTTYPE_SUBJECT_NAME_FLAG:
pdwFlags = &m_dwSubjectNameFlags;
break;
case CERTTYPE_PRIVATE_KEY_FLAG:
pdwFlags = &m_dwPrivateKeyFlags;
break;
case CERTTYPE_GENERAL_FLAG:
pdwFlags = &m_dwGeneralFlags;
break;
default:
_ASSERT (0);
hr = E_FAIL;
break;
}
if ( pdwFlags )
{
if ( bValue )
*pdwFlags |= dwFlag;
else
*pdwFlags &= ~dwFlag;
hr = CASetCertTypeFlagsEx (m_hCertType, dwFlagType, *pdwFlags);
_ASSERT (SUCCEEDED (hr));
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypeFlagsEx () failed: 0x%x\n", hr);
}
}
_TRACE (-1, L"Leaving CCertTemplate::SetFlag: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetEncryptionSignature(bool bHasEncryptionSignature)
{
_TRACE (1, L"Entering CCertTemplate::SetEncryptionSignature - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( m_hCertType )
{
if ( bHasEncryptionSignature )
m_dwKeySpec |= AT_KEYEXCHANGE;
else
m_dwKeySpec &= ~AT_KEYEXCHANGE;
hr = CASetCertTypeKeySpec (m_hCertType, m_dwKeySpec);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypeKeySpec() failed: 0x%x\n", hr);
}
}
else
hr = E_UNEXPECTED;
_TRACE (-1, L"Leaving CCertTemplate::SetEncryptionSignature: 0x%x\n", hr);
return hr;
}
bool CCertTemplate::CanBeDeletedOnCancel() const
{
return m_bCanBeDeletedOnCancel;
}
HRESULT CCertTemplate::SetAutoEnrollment(bool bSuitableForAutoEnrollment)
{
HRESULT hr = S_OK;
if ( IsClone () )
{
// If this is a clone, the autoenrollment flag has already been turned
// off. Here we wish only to keep track of what the user's
// preferences are so that we can turn it on, if desired, at the
// final save.
m_bGoodForAutoenrollmentFlagPendingSave = bSuitableForAutoEnrollment;
}
else
hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_AUTO_ENROLLMENT,
bSuitableForAutoEnrollment);
return hr;
}
HRESULT CCertTemplate::GetMinimumKeySize(DWORD &dwMinKeySize) const
{
_TRACE (1, L"Entering CCertTemplate::GetMinimumKeySize - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( m_hCertType )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_MIN_KEY_SIZE,
&dwMinKeySize);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_MIN_KEY_SIZE) failed: 0x%x\n", hr);
}
}
_TRACE (-1, L"Leaving CCertTemplate::GetMinimumKeySize (%d): 0x%x\n", dwMinKeySize, hr);
return hr;
}
bool CCertTemplate::PrivateKeyIsExportable() const
{
return (m_dwPrivateKeyFlags & CT_FLAG_EXPORTABLE_KEY) ? true : false;
}
HRESULT CCertTemplate::MakePrivateKeyExportable(bool bMakeExportable)
{
return SetFlag (CERTTYPE_PRIVATE_KEY_FLAG, CT_FLAG_EXPORTABLE_KEY,
bMakeExportable);
}
bool CCertTemplate::AllowPrivateKeyArchival() const
{
return (m_dwPrivateKeyFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL) ? true : false;
}
HRESULT CCertTemplate::AllowPrivateKeyArchival(bool bAllowArchival)
{
return SetFlag (CERTTYPE_PRIVATE_KEY_FLAG,
CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL, bAllowArchival);
}
bool CCertTemplate::IncludeSymmetricAlgorithms() const
{
return (m_dwEnrollmentFlags & CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS) ? true : false;
}
HRESULT CCertTemplate::IncludeSymmetricAlgorithms(bool bInclude)
{
return SetFlag (CERTTYPE_ENROLLMENT_FLAG,
CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS, bInclude);
}
HRESULT CCertTemplate::DoAutoEnrollmentPendingSave()
{
HRESULT hr = S_OK;
if ( m_hCertType )
{
if ( IsClone () && m_bGoodForAutoenrollmentFlagPendingSave )
{
// Set the flag for real
hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_AUTO_ENROLLMENT,
true);
// Save changes
if ( SUCCEEDED (hr) )
hr = SaveChanges ();
}
}
else
hr = E_FAIL;
return hr;
}
bool CCertTemplate::AltNameIncludesDNS() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_DNS) ? true : false;
}
HRESULT CCertTemplate::AltNameIncludesDNS(bool fIncludeDNS)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_ALT_REQUIRE_DNS, fIncludeDNS);
}
bool CCertTemplate::AltNameIncludesEMail() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL) ? true : false;
}
HRESULT CCertTemplate::AltNameIncludesEMail(bool bIncludesEMail)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL, bIncludesEMail);
}
bool CCertTemplate::AltNameIncludesUPN() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_UPN) ? true : false;
}
HRESULT CCertTemplate::AltNameIncludesUPN(bool bIncludesUPN)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_ALT_REQUIRE_UPN, bIncludesUPN);
}
bool CCertTemplate::SubjectNameIncludesEMail() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_REQUIRE_EMAIL) ? true : false;
}
HRESULT CCertTemplate::SubjectNameIncludesEMail(bool bIncludesEMail)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_REQUIRE_EMAIL, bIncludesEMail);
}
bool CCertTemplate::SubjectNameMustBeFullDN() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH) ? true : false;
}
HRESULT CCertTemplate::SubjectNameMustBeFullDN(bool bMustBeDN)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH, bMustBeDN);
}
bool CCertTemplate::SubjectNameMustBeCN() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME) ? true : false;
}
HRESULT CCertTemplate::SubjectNameMustBeCN(bool bMustBeCN)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME, bMustBeCN);
}
HRESULT CCertTemplate::RequireSubjectInRequest(bool bRequire)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT, bRequire);
}
bool CCertTemplate::AltNameIncludesSPN() const
{
return (m_dwSubjectNameFlags & CT_FLAG_SUBJECT_ALT_REQUIRE_SPN) ? true : false;
}
HRESULT CCertTemplate::AltNameIncludesSPN(bool bIncludesSPN)
{
return SetFlag (CERTTYPE_SUBJECT_NAME_FLAG,
CT_FLAG_SUBJECT_ALT_REQUIRE_SPN, bIncludesSPN);
}
HRESULT CCertTemplate::SetMinimumKeySizeValue(DWORD dwMinKeySize)
{
_TRACE (1, L"Entering CCertTemplate::SetMinimumKeySizeValue (%d)- m_hCertType = 0x%x\n",
dwMinKeySize, m_hCertType);
HRESULT hr = S_OK;
if ( m_hCertType )
{
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_MIN_KEY_SIZE,
&dwMinKeySize);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_MIN_KEY_SIZE) failed: 0x%x\n", hr);
}
}
_TRACE (-1, L"Leaving CCertTemplate::SetMinimumKeySizeValue (%d): 0x%x\n", dwMinKeySize, hr);
return hr;
}
HRESULT CCertTemplate::ModifyCriticalExtensions (const CString &szExtension, bool bAdd)
{
_TRACE (1, L"Entering CCertTemplate::ModifyCriticalExtensions (%s, bAdd=%s)\n",
(PCWSTR) szExtension, bAdd ? L"true" : L"false");
PWSTR* pawszCriticalExtensions = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_CRITICAL_EXTENSIONS,
&pawszCriticalExtensions);
if ( SUCCEEDED (hr) )
{
if ( !pawszCriticalExtensions )
pawszCriticalExtensions = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR));
if ( pawszCriticalExtensions )
{
hr = ModifyStringList (CERTTYPE_PROP_CRITICAL_EXTENSIONS,
&pawszCriticalExtensions, szExtension, bAdd);
LocalFree (pawszCriticalExtensions);
}
else
hr = E_OUTOFMEMORY;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CRITICAL_EXTENSIONS) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::ModifyCriticalExtensions: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::ModifyCSPList(const CString &szCSPName, bool bAdd)
{
_TRACE (1, L"Entering CCertTemplate::ModifyCSPList (%s, bAdd=%s)\n",
(PCWSTR) szCSPName, bAdd ? L"true" : L"false");
PWSTR* pawszCSPList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_CSP_LIST,
&pawszCSPList);
if ( SUCCEEDED (hr) )
{
if ( !pawszCSPList )
pawszCSPList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*));
if ( pawszCSPList )
{
hr = ModifyStringList (CERTTYPE_PROP_CSP_LIST,
&pawszCSPList, szCSPName, bAdd);
LocalFree (pawszCSPList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CSP_LIST) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::ModifyCSPList: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::ModifyRAIssuancePolicyList(const CString &szRAPolicyOID, bool bAdd)
{
_TRACE (1, L"Entering CCertTemplate::ModifyRAIssuancePolicyList (%s, bAdd=%s)\n",
(PCWSTR) szRAPolicyOID, bAdd ? L"true" : L"false");
PWSTR* pawszRAPolicyList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_RA_POLICY,
&pawszRAPolicyList);
if ( SUCCEEDED (hr) )
{
if ( !pawszRAPolicyList )
pawszRAPolicyList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*));
if ( pawszRAPolicyList )
{
hr = ModifyStringList (CERTTYPE_PROP_RA_POLICY,
&pawszRAPolicyList, szRAPolicyOID, bAdd);
LocalFree (pawszRAPolicyList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_POLICY) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::ModifyRAIssuancePolicyList: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::ModifyRAApplicationPolicyList(const CString &szRAPolicyOID, bool bAdd)
{
_TRACE (1, L"Entering CCertTemplate::ModifyRAApplicationPolicyList (%s, bAdd=%s)\n",
(PCWSTR) szRAPolicyOID, bAdd ? L"true" : L"false");
PWSTR* pawszRAPolicyList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_RA_APPLICATION_POLICY,
&pawszRAPolicyList);
if ( SUCCEEDED (hr) )
{
if ( !pawszRAPolicyList )
pawszRAPolicyList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*));
if ( pawszRAPolicyList )
{
hr = ModifyStringList (CERTTYPE_PROP_RA_APPLICATION_POLICY,
&pawszRAPolicyList, szRAPolicyOID, bAdd);
LocalFree (pawszRAPolicyList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_APPLICATION_POLICY) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::ModifyRAApplicationPolicyList: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::ModifySupercededTemplateList(
const CString &szSupercededTemplateName,
bool bAdd)
{
_TRACE (1, L"Entering CCertTemplate::ModifySupercededTemplateList (%s, bAdd=%s)\n",
(PCWSTR) szSupercededTemplateName, bAdd ? L"true" : L"false");
PWSTR* pawszSupercededTemplateList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_SUPERSEDE,
&pawszSupercededTemplateList);
if ( SUCCEEDED (hr) )
{
if ( !pawszSupercededTemplateList )
pawszSupercededTemplateList = (PWSTR*) LocalAlloc (LPTR, sizeof (PWSTR*));
if ( pawszSupercededTemplateList )
{
hr = ModifyStringList (CERTTYPE_PROP_SUPERSEDE,
&pawszSupercededTemplateList, szSupercededTemplateName, bAdd);
LocalFree (pawszSupercededTemplateList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_SUPERSEDE) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::ModifySupercededTemplateList: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::ModifyStringList(const CString& szPropertyName,
PWSTR** ppStringList,
const CString &szValue,
bool bAdd)
{
_TRACE (1, L"Entering CCertTemplate::ModifyStringList (%s, bAdd=%s)\n",
(PCWSTR) szValue, bAdd ? L"true" : L"false");
HRESULT hr = S_OK;
if ( !szValue.IsEmpty () )
{
bool bFound = false;
int nCnt = 0;
size_t cbNameBytes = 0;
int nDeleteIndex = -1;
// count the number of items we already have and get the string lengths
for (int nIndex = 0; (*ppStringList)[nIndex]; nIndex++)
{
nCnt++;
// security review 2/21/2002 BryanWal ok
cbNameBytes += (wcslen ((*ppStringList)[nIndex]) + 1) * sizeof (WCHAR);
if ( !LocaleStrCmp (szValue, (*ppStringList)[nIndex]) )
{
bFound = true;
if ( !bAdd )
nDeleteIndex = nIndex;
}
}
// Adding a name: If the name was found, nothing needs to be done,
// otherwise, increment the count and rebuild the list.
// Removing a name: If the name was not found, nothing needs to be
// done, otherwise, decrement the count and rebuild the list.
if ( (bAdd && !bFound) || (!bAdd && bFound) )
{
// awszResult is an array of pointers to different offsets of
// null-terminated strings stored in a contiguous array
PWSTR *awszResult = 0;
if ( bAdd )
nCnt++;
else
nCnt--;
if ( bAdd )
{
// security review 2/21/2002 BryanWal ok
cbNameBytes += (wcslen (szValue) + 1 ) * sizeof (WCHAR);
}
size_t cbBuf = sizeof (WCHAR*) * (nCnt + 1) + // the WCHAR pointers
cbNameBytes; // the strings themselves
awszResult = (WCHAR**) LocalAlloc (LPTR, cbBuf);
if ( awszResult )
{
// set the ptr to the space after the last valid index (
// including the NULL terminator
PWSTR ptr = (WCHAR*) &awszResult[nCnt+1];
int nTgtIndex = 0;
for (int nSrcIndex = 0; (*ppStringList)[nSrcIndex]; nSrcIndex++)
{
// If we are removing the name, and this is the item to be
// removed, then skip this name and go to the next
if ( !bAdd && nSrcIndex == nDeleteIndex )
continue;
awszResult[nTgtIndex] = ptr;
// security review 2/21/2002 BryanWal ok
ptr += wcslen ((*ppStringList)[nSrcIndex]) + 1; // ptr arithmetic - increments by sizeof (WCHAR)
// security review 2/21/2002 BryanWal ok
wcscpy (awszResult[nTgtIndex], (*ppStringList)[nSrcIndex]);
nTgtIndex++;
}
// If we are adding, append the name here
if ( bAdd )
{
awszResult[nTgtIndex] = ptr;
// security review 2/21/2002 BryanWal ok
ptr += wcslen (szValue) + 1; // ptr arithmetic - increments by sizeof (WCHAR)
// security review 2/21/2002 BryanWal ok
wcscpy (awszResult[nTgtIndex], szValue);
nTgtIndex++;
}
_ASSERT (nTgtIndex == nCnt);
awszResult[nTgtIndex] = 0;
LocalFree (*ppStringList);
(*ppStringList) = awszResult;
hr = CASetCertTypePropertyEx (m_hCertType,
szPropertyName,
(*ppStringList));
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypePropertyEx (%s) failed: 0x%x\n",
szPropertyName, hr);
}
}
else
hr = E_OUTOFMEMORY;
}
}
else
hr = E_INVALIDARG;
_TRACE (-1, L"Leaving CCertTemplate::ModifyStringList: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::IsExtensionCritical (PCWSTR szExtension, bool& bCritical)
{
_TRACE (1, L"Entering CCertTemplate::IsExtensionCritical (szExtension=%s\n", szExtension);
// Get Cryptographic Service Providers
PWSTR* pawszCriticalExtensionList = 0;
bCritical = false;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_CRITICAL_EXTENSIONS,
&pawszCriticalExtensionList);
if ( SUCCEEDED (hr) )
{
if ( pawszCriticalExtensionList )
{
for (int nIndex = 0; pawszCriticalExtensionList[nIndex]; nIndex++)
{
if ( !wcscmp (szExtension, pawszCriticalExtensionList[nIndex]) )
{
bCritical = true;
break;
}
}
LocalFree (pawszCriticalExtensionList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CRITICAL_EXTENSIONS) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GeIsExtensionCriticaltCSP (szCSP=%s, bCritical=%s): 0x%x\n",
szExtension, bCritical ? L"true" : L"false", hr);
return hr;
}
HRESULT CCertTemplate::GetCSP(int nIndex, CString &szCSP)
{
_TRACE (1, L"Entering CCertTemplate::GetCSP (nIndex=%d\n", nIndex);
// Get Cryptographic Service Providers
PWSTR* pawszCSPList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_CSP_LIST,
&pawszCSPList);
if ( SUCCEEDED (hr) )
{
if ( pawszCSPList )
{
int nCnt = 0;
while ( pawszCSPList[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szCSP = pawszCSPList[nIndex];
else
hr = E_INVALIDARG;
LocalFree (pawszCSPList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_CSP_LIST) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetCSP (szCSP=%s): 0x%x\n",
(PCWSTR) szCSP, hr);
return hr;
}
HRESULT CCertTemplate::GetCertPolicy (int nIndex, CString &szCertPolicy)
{
_TRACE (1, L"Entering CCertTemplate::GetCertPolicy (nIndex=%d\n", nIndex);
HRESULT hr = S_OK;
PWSTR* pawszCertPolicyList = 0;
hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_POLICY,
&pawszCertPolicyList);
if ( SUCCEEDED (hr) )
{
if ( pawszCertPolicyList )
{
int nCnt = 0;
while ( pawszCertPolicyList[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szCertPolicy = pawszCertPolicyList[nIndex];
else
hr = E_FAIL;
LocalFree (pawszCertPolicyList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_POLICY) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetCertPolicy (szCSP=%s): 0x%x\n",
(PCWSTR) szCertPolicy, hr);
return hr;
}
HRESULT CCertTemplate::GetRAIssuancePolicy (int nIndex, CString &szRAPolicyOID)
{
_TRACE (1, L"Entering CCertTemplate::GetRAIssuancePolicy (nIndex=%d\n", nIndex);
PWSTR* pawszRAPolicyList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_RA_POLICY,
&pawszRAPolicyList);
if ( SUCCEEDED (hr) )
{
if ( pawszRAPolicyList )
{
int nCnt = 0;
while ( pawszRAPolicyList[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szRAPolicyOID = pawszRAPolicyList[nIndex];
else
hr = E_FAIL;
LocalFree (pawszRAPolicyList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_POLICY) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetRAIssuancePolicy (szRAPolicyOID=%s): 0x%x\n",
(PCWSTR) szRAPolicyOID, hr);
return hr;
}
HRESULT CCertTemplate::GetRAApplicationPolicy (int nIndex, CString &szRAPolicyOID)
{
_TRACE (1, L"Entering CCertTemplate::GetRAApplicationPolicy (nIndex=%d\n", nIndex);
PWSTR* pawszRAPolicyList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_RA_APPLICATION_POLICY,
&pawszRAPolicyList);
if ( SUCCEEDED (hr) )
{
if ( pawszRAPolicyList )
{
int nCnt = 0;
while ( pawszRAPolicyList[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szRAPolicyOID = pawszRAPolicyList[nIndex];
else
hr = E_FAIL;
LocalFree (pawszRAPolicyList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_RA_APPLICATION_POLICY) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetRAApplicationPolicy (szRAPolicyOID=%s): 0x%x\n",
(PCWSTR) szRAPolicyOID, hr);
return hr;
}
HRESULT CCertTemplate::GetSupercededTemplate(int nIndex, CString &szSupercededTemplate)
{
_TRACE (1, L"Entering CCertTemplate::GetSupercededTemplate (nIndex=%d\n", nIndex);
PWSTR* pawszSupercededTemplateList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_SUPERSEDE,
&pawszSupercededTemplateList);
if ( SUCCEEDED (hr) )
{
if ( pawszSupercededTemplateList )
{
int nCnt = 0;
while ( pawszSupercededTemplateList[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szSupercededTemplate = pawszSupercededTemplateList[nIndex];
else
hr = E_FAIL;
LocalFree (pawszSupercededTemplateList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_SUPERSEDE) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetSupercededTemplate (szSupercededTemplate=%s): 0x%x\n",
(PCWSTR) szSupercededTemplate, hr);
return hr;
}
bool CCertTemplate::ReadOnly() const
{
return m_fIsReadOnly;
}
HRESULT CCertTemplate::SetSecurity(PSECURITY_DESCRIPTOR pSD)
{
HRESULT hr = CACertTypeSetSecurity (m_hCertType, pSD);
if (S_OK != hr)
return hr;
for (int nTry = 0; nTry < 20; nTry++)
{
hr = CAUpdateCertType(m_hCertType);
if ( FAILED (hr) && HRESULT_FROM_WIN32 (ERROR_DS_OBJ_NOT_FOUND) == hr )
{
// pause and retry up to 20 times - object was renamed and needs a
// little time to propagate
// NTRAID# 643744 Certtmpl: Cannot save security settings on newly
// cloned template from member in non Root Domain -- object not found
Sleep (1000);
continue;
}
else
break;
}
if ( FAILED (hr) )
Cancel ();
return hr;
}
HRESULT CCertTemplate::GetSecurity(PSECURITY_DESCRIPTOR *ppSD) const
{
return CACertTypeGetSecurity (m_hCertType, ppSD);
}
CString CCertTemplate::GetLDAPPath() const
{
return m_szLDAPPath;
}
HRESULT CCertTemplate::SetValidityPeriod(int nDays)
{
HRESULT hr = S_OK;
if ( nDays >= 0 )
this->m_nNewValidityDays = nDays;
else
hr = E_INVALIDARG;
return hr;
}
HRESULT CCertTemplate::SetRenewalPeriod(int nDays)
{
HRESULT hr = S_OK;
if ( nDays >= 0 )
this->m_nNewRenewalDays = nDays;
else
hr = E_INVALIDARG;
return hr;
}
HRESULT CCertTemplate::SetPublishToDS(bool bPublish)
{
_TRACE (1, L"Entering CCertTemplate::SetPublishToDS - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_PUBLISH_TO_DS, bPublish);
_TRACE (-1, L"Leaving CCertTemplate::SetPublishToDS: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::GetRANumSignaturesRequired(DWORD &dwNumSignatures)
{
_TRACE (1, L"Entering CCertTemplate::GetRANumSignaturesRequired - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
if ( m_hCertType )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_RA_SIGNATURE,
&dwNumSignatures);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_RA_SIGNATURE) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::GetRANumSignaturesRequired: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetRANumSignaturesRequired(DWORD dwNumSignaturesRequired)
{
_TRACE (1, L"Entering CCertTemplate::SetRANumSignaturesRequired (%d)- m_hCertType = 0x%x\n",
dwNumSignaturesRequired, m_hCertType);
HRESULT hr = S_OK;
if ( m_hCertType )
{
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_RA_SIGNATURE,
&dwNumSignaturesRequired);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_RA_SIGNATURE) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::SetRANumSignaturesRequired (): 0x%x\n", hr);
return hr;
}
bool CCertTemplate::ReenrollmentValidWithPreviousApproval() const
{
return m_dwEnrollmentFlags & CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT ? true : false;
}
HRESULT CCertTemplate::SetReenrollmentValidWithPreviousApproval(bool bValid)
{
_TRACE (1, L"Entering CCertTemplate::SetReenrollmentValidWithPreviousApproval - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT, bValid);
_TRACE (-1, L"Leaving CCertTemplate::SetReenrollmentValidWithPreviousApproval: 0x%x\n", hr);
return hr;
}
bool CCertTemplate::PendAllRequests() const
{
return m_dwEnrollmentFlags & CT_FLAG_PEND_ALL_REQUESTS ? true : false;
}
HRESULT CCertTemplate::SetPendAllRequests(bool bPend)
{
_TRACE (1, L"Entering CCertTemplate::SetPendAllRequests - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = SetFlag (CERTTYPE_ENROLLMENT_FLAG, CT_FLAG_PEND_ALL_REQUESTS, bPend);
_TRACE (-1, L"Leaving CCertTemplate::SetPendAllRequests: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::GetMajorVersion(DWORD &dwMajorVersion) const
{
// _TRACE (1, L"Entering CCertTemplate::GetMajorVersion\n");
HRESULT hr = S_OK;
if ( m_hCertType )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_REVISION,
&dwMajorVersion);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_REVISION) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
// _TRACE (-1, L"Leaving CCertTemplate::GetMajorVersion (dwMajorVersion = %d) : 0x%x\n",
// dwMajorVersion, hr);
return hr;
}
HRESULT CCertTemplate::GetMinorVersion(DWORD &dwMinorVersion) const
{
// _TRACE (1, L"Entering CCertTemplate::GetMinorVersion\n");
HRESULT hr = S_OK;
if ( m_hCertType )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_MINOR_REVISION,
&dwMinorVersion);
if ( FAILED (hr) )
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
// _TRACE (-1, L"Leaving CCertTemplate::GetMinorVersion (dwMinorVersion = %d) : 0x%x\n",
// dwMinorVersion, hr);
return hr;
}
HRESULT CCertTemplate::IncrementMajorVersion()
{
_TRACE (1, L"Entering CCertTemplate::IncrementMajorVersion\n");
HRESULT hr = S_OK;
DWORD dwMajorVersion = 0;
if ( m_hCertType )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_REVISION,
&dwMajorVersion);
if ( SUCCEEDED (hr) )
{
dwMajorVersion++;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_REVISION,
&dwMajorVersion);
if ( SUCCEEDED (hr) )
{
DWORD dwMinorVersion = 0;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_MINOR_REVISION,
&dwMinorVersion);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION, %d) failed: 0x%x\n",
dwMinorVersion, hr);
}
}
else
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_REVISION, %d) failed: 0x%x\n",
dwMajorVersion, hr);
}
}
else
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_REVISION) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::IncrementMajorVersion (dwMajorVersion = %d) : 0x%x\n",
dwMajorVersion, hr);
return hr;
}
HRESULT CCertTemplate::IncrementMinorVersion()
{
_TRACE (1, L"Entering CCertTemplate::IncrementMinorVersion\n");
HRESULT hr = S_OK;
DWORD dwMinorVersion = 0;
if ( m_hCertType )
{
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_MINOR_REVISION,
&dwMinorVersion);
if ( SUCCEEDED (hr) )
{
dwMinorVersion++;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_MINOR_REVISION,
&dwMinorVersion);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION, %d) failed: 0x%x\n",
dwMinorVersion, hr);
}
}
else
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_MINOR_REVISION) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
_TRACE (-1, L"Leaving CCertTemplate::IncrementMinorVersion (dwMinorVersion = %d) : 0x%x\n",
dwMinorVersion, hr);
return hr;
}
bool CCertTemplate::GoodForAutoEnrollment() const
{
bool bGoodForAutoEnrollment = false;
// Bug 175912 Version 1 type templates not good for autoenrollment
if ( (GetType () > 1) && (m_dwEnrollmentFlags & CT_FLAG_AUTO_ENROLLMENT) )
bGoodForAutoEnrollment = true;
return bGoodForAutoEnrollment;
}
HRESULT CCertTemplate::SetKeyUsage(CRYPT_BIT_BLOB* pKeyUsage, bool bCritical)
{
_TRACE (1, L"Entering CCertTemplate::SetKeyUsage\n");
HRESULT hr = S_OK;
if ( pKeyUsage )
{
hr = CASetCertTypeExtension(
m_hCertType,
TEXT (szOID_KEY_USAGE),
bCritical ? CA_EXT_FLAG_CRITICAL : 0,
pKeyUsage);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypeExtension (szOID_KEY_USAGE) failed: 0x%x\n", hr);
}
}
else
hr = E_POINTER;
_TRACE (-1, L"Leaving CCertTemplate::SetKeyUsage: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetBasicConstraints(PCERT_BASIC_CONSTRAINTS2_INFO pBCInfo, bool bCritical)
{
_TRACE (1, L"Entering CCertTemplate::SetBasicConstraints\n");
HRESULT hr = S_OK;
if ( pBCInfo )
{
hr = CASetCertTypeExtension(
m_hCertType,
TEXT (szOID_BASIC_CONSTRAINTS2),
bCritical ? CA_EXT_FLAG_CRITICAL : 0,
pBCInfo);
if ( FAILED (hr) )
{
_TRACE (0, L"CASetCertTypeExtension (X509_BASIC_CONSTRAINTS2) failed: 0x%x\n", hr);
}
}
else
hr = E_POINTER;
_TRACE (-1, L"Leaving CCertTemplate::SetBasicConstraints: 0x%x\n", hr);
return hr;
}
bool CCertTemplate::CheckDSCert() const
{
return (m_dwEnrollmentFlags & CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE) ? true : false;
}
HRESULT CCertTemplate::SetCheckDSCert(bool bCheck)
{
return SetFlag (CERTTYPE_ENROLLMENT_FLAG,
CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE, bCheck);
}
bool CCertTemplate::RemoveInvalidCertFromPersonalStore () const
{
return (m_dwEnrollmentFlags & CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE) ? true : false;
}
HRESULT CCertTemplate::SetRemoveInvalidCertFromPersonalStore(bool bRemove)
{
return SetFlag (CERTTYPE_ENROLLMENT_FLAG,
CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE, bRemove);
}
bool CCertTemplate::UserInteractionRequired () const
{
return (m_dwEnrollmentFlags & CT_FLAG_USER_INTERACTION_REQUIRED) ? true : false;
}
HRESULT CCertTemplate::SetUserInteractionRequired(bool bSet)
{
return SetFlag (CERTTYPE_ENROLLMENT_FLAG,
CT_FLAG_USER_INTERACTION_REQUIRED, bSet);
}
bool CCertTemplate::StrongKeyProtectionRequired () const
{
return (m_dwPrivateKeyFlags & CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED) ? true : false;
}
HRESULT CCertTemplate::SetStrongKeyProtectionRequired(bool bSet)
{
return SetFlag (CERTTYPE_PRIVATE_KEY_FLAG,
CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED, bSet);
}
HRESULT CCertTemplate::GetEnhancedKeyUsage (int nIndex, CString &szEKU)
{
_TRACE (1, L"Entering CCertTemplate::GetEnhancedKeyUsage (nIndex=%d\n", nIndex);
HRESULT hr = S_OK;
PWSTR* pawszEKU = 0;
hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_EXTENDED_KEY_USAGE,
&pawszEKU);
if ( SUCCEEDED (hr) )
{
if ( pawszEKU )
{
int nCnt = 0;
while ( pawszEKU[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szEKU = pawszEKU[nIndex];
else
hr = E_FAIL;
}
else
hr = E_FAIL;
LocalFree (pawszEKU);
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_EXTENDED_KEY_USAGE) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetEnhancedKeyUsage (szEKU=%s): 0x%x\n",
(PCWSTR) szEKU, hr);
return hr;
}
HRESULT CCertTemplate::GetApplicationPolicy (int nIndex, CString &szAppPolicy)
{
_TRACE (1, L"Entering CCertTemplate::GetApplicationPolicy (nIndex=%d\n", nIndex);
HRESULT hr = S_OK;
PWSTR* pawszAppPolicy = 0;
hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_APPLICATION_POLICY,
&pawszAppPolicy);
if ( SUCCEEDED (hr) )
{
if ( pawszAppPolicy )
{
int nCnt = 0;
while ( pawszAppPolicy[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szAppPolicy = pawszAppPolicy[nIndex];
else
hr = E_FAIL;
}
else
hr = E_FAIL;
LocalFree (pawszAppPolicy);
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_APPLICATION_POLICY) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetApplicationPolicy (szAppPolicy=%s): 0x%x\n",
(PCWSTR) szAppPolicy, hr);
return hr;
}
HRESULT CCertTemplate::SetEnhancedKeyUsage (const PWSTR* pawszEKU, bool bCritical)
{
_TRACE (1, L"Entering CCertTemplate::SetEnhancedKeyUsage ()\n");
HRESULT hr = S_OK;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_EXTENDED_KEY_USAGE,
(PVOID) pawszEKU);
if ( SUCCEEDED (hr) )
{
hr = ModifyCriticalExtensions (szOID_ENHANCED_KEY_USAGE, bCritical);
}
else
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_EXTENDED_KEY_USAGE) failed: 0x%x\n",
hr);
}
_TRACE (-1, L"Leaving CCertTemplate::SetEnhancedKeyUsage: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetApplicationPolicy (const PWSTR* pawszAppPolicy, bool bCritical)
{
_TRACE (1, L"Entering CCertTemplate::SetApplicationPolicy ()\n");
HRESULT hr = S_OK;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_APPLICATION_POLICY,
(PVOID) pawszAppPolicy);
if ( SUCCEEDED (hr) )
{
hr = ModifyCriticalExtensions (szOID_APPLICATION_CERT_POLICIES, bCritical);
}
else
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_APPLICATION_POLICY) failed: 0x%x\n",
hr);
}
_TRACE (-1, L"Leaving CCertTemplate::SetApplicationPolicy: 0x%x\n", hr);
return hr;
}
HRESULT CCertTemplate::SetCertPolicy (const PWSTR* pawszCertPolicy, bool bCritical)
{
_TRACE (1, L"Entering CCertTemplate::SetCertPolicy ()\n");
HRESULT hr = S_OK;
hr = CASetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_POLICY,
(PVOID) pawszCertPolicy);
if ( SUCCEEDED (hr) )
{
hr = ModifyCriticalExtensions (szOID_CERT_POLICIES, bCritical);
}
else
{
_TRACE (0, L"CASetCertTypePropertyEx (CERTTYPE_PROP_POLICY) failed: 0x%x\n",
hr);
}
_TRACE (-1, L"Leaving CCertTemplate::SetCertPolicy: 0x%x\n", hr);
return hr;
}
void CCertTemplate::FreeCertExtensions()
{
if ( m_pCertExtensions )
{
CAFreeCertTypeExtensions (m_hCertType, m_pCertExtensions);
m_pCertExtensions = 0;
}
}
HRESULT CCertTemplate::Cancel()
{
_TRACE (1, L"Entering CCertTemplate::Cancel\n");
HRESULT hr = S_OK;
// Close and re-open cert template without saving.
if ( m_hCertType )
{
FreeCertExtensions ();
hr = CACloseCertType (m_hCertType);
_ASSERT (SUCCEEDED (hr));
if ( SUCCEEDED (hr) )
{
m_hCertType = 0;
// Reinitialize the cert template
if ( !m_bIsClone )
hr = Initialize ();
}
else
{
_TRACE (0, L"CACloseCertType (%s) failed: 0x%x\n", hr);
}
}
else
hr = E_FAIL;
_TRACE (-1, L":Leaving CCertTemplate::Cancel: 0x%x\n", hr);
return hr;
}
/* NO LONGER NEEDED NTRAID# 321742
bool CCertTemplate::AllowAutoenrollment()
{
// Bug 251388 "There are templates that should never be allowed to set
// autoenrollment flag (CT_FLAG_AUTO_ENROLLMENT). The "Allow
// Autoenrollment" task for those templates should be disabled if one of
// the following three conditions is true:
//
// templates whose subject name flag has CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT
// set;
// templates whose subject name flag has
// CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME set;
// templates whose CERTTYPE_PROP_RA_SIGNATURE is greater than 1 and
// CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT is not set in the
// enrollment flag."
bool bResult = true;
DWORD dwNumSignatures = 0;
GetRANumSignaturesRequired (dwNumSignatures);
// NTRAID# 175912 Version 1 type templates not good for autoenrollment
if ( 1 == GetType () ||
(m_dwSubjectNameFlags & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT) ||
(m_dwSubjectNameFlags & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME) ||
( dwNumSignatures > 1 &&
!(m_dwEnrollmentFlags & CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT)) )
{
bResult = false;
}
// NTRAID# 276180 Certificate Template Snap-in: Grey out "Allow
// Autoenrollment" context menu based on properties of the template
if ( RequireSubjectInRequest () ||
dwNumSignatures >= 2 && !ReenrollmentValidWithPreviousApproval () )
{
bResult = false;
}
return bResult;
}
*/
HRESULT CCertTemplate::GetSubjectTypeDescription (int nIndex, CString &szSubjectTypeDescription)
{
_TRACE (1, L"Entering CCertTemplate::GetSubjectTypeDescription (nIndex=%d\n", nIndex);
PWSTR* pawszSubjectTypeDescriptionList = 0;
HRESULT hr = CAGetCertTypeProperty (m_hCertType,
CERTTYPE_PROP_DESCRIPTION,
&pawszSubjectTypeDescriptionList);
if ( SUCCEEDED (hr) )
{
if ( pawszSubjectTypeDescriptionList )
{
int nCnt = 0;
while ( pawszSubjectTypeDescriptionList[nCnt] )
nCnt++;
if ( nIndex < nCnt )
szSubjectTypeDescription = pawszSubjectTypeDescriptionList[nIndex];
else
hr = E_FAIL;
LocalFree (pawszSubjectTypeDescriptionList);
}
else
hr = E_FAIL;
}
else
{
_TRACE (0, L"CAGetCertTypeProperty (CERTTYPE_PROP_DESCRIPTION) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving CCertTemplate::GetSubjectTypeDescription (szRAPolicyOID=%s): 0x%x\n",
(PCWSTR) szSubjectTypeDescription, hr);
return hr;
}
// NTRAID# 278356 CertSRV: No CSPs in mmc certificate snapin advanced
// option list with v2 templates that have ENC and SIG as purpose.
HRESULT CCertTemplate::SetDigitalSignature(
bool bSet,
bool bSetOnlyDigitalSignature /* = false */)
{
_TRACE (1, L"Entering CCertTemplate::SetDigitalSignature (bSet = %s)\n", bSet ? L"true" : L"false");
PCERT_EXTENSION pCertExtension = 0;
HRESULT hr = GetCertExtension (szOID_KEY_USAGE, &pCertExtension);
if ( SUCCEEDED (hr) )
{
ASSERT (pCertExtension);
if ( pCertExtension )
{
DWORD cbKeyUsage = 0;
if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING,
szOID_KEY_USAGE,
pCertExtension->Value.pbData,
pCertExtension->Value.cbData,
0, NULL, &cbKeyUsage) )
{
CRYPT_BIT_BLOB* pKeyUsage = (CRYPT_BIT_BLOB*)
::LocalAlloc (LPTR, cbKeyUsage);
if ( pKeyUsage )
{
if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING,
szOID_KEY_USAGE,
pCertExtension->Value.pbData,
pCertExtension->Value.cbData,
0, pKeyUsage, &cbKeyUsage) )
{
if (pKeyUsage->cbData >= 1)
{
pKeyUsage->cUnusedBits = 0;
if ( bSetOnlyDigitalSignature )
{
pKeyUsage->pbData[0] = CERT_DIGITAL_SIGNATURE_KEY_USAGE;
}
else if ( bSet )
pKeyUsage->pbData[0] |= CERT_DIGITAL_SIGNATURE_KEY_USAGE;
else
pKeyUsage->pbData[0] &= ~CERT_DIGITAL_SIGNATURE_KEY_USAGE;
hr = SetKeyUsage (pKeyUsage, pCertExtension->fCritical ? true : false);
}
else
hr = E_FAIL;
}
else
{
DWORD dwErr = GetLastError ();
hr = HRESULT_FROM_WIN32 (dwErr);
_TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr);
}
LocalFree (pKeyUsage);
}
else
hr = E_OUTOFMEMORY;
}
else
{
DWORD dwErr = GetLastError ();
hr = HRESULT_FROM_WIN32 (dwErr);
_TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr);
}
}
FreeCertExtensions ();
}
_TRACE (-1, L"Leaving CCertTemplate::SetDigitalSignature (bSet = %s): 0x%x\n",
bSet ? L"true" : L"false", hr);
return hr;
}
HRESULT CCertTemplate::GetDigitalSignature(
bool &bHasDigitalSignature,
bool* pbHasOnlyDigitalSignature /* = 0 */)
{
_TRACE (1, L"Entering CCertTemplate::GetDigitalSignature ()\n");
PCERT_EXTENSION pCertExtension = 0;
HRESULT hr = GetCertExtension (szOID_KEY_USAGE, &pCertExtension);
if ( SUCCEEDED (hr) )
{
ASSERT (pCertExtension);
if ( pCertExtension )
{
DWORD cbKeyUsage = 0;
if ( ::CryptDecodeObject(CRYPT_ASN_ENCODING,
szOID_KEY_USAGE,
pCertExtension->Value.pbData,
pCertExtension->Value.cbData,
0, NULL, &cbKeyUsage) )
{
CRYPT_BIT_BLOB* pKeyUsage = (CRYPT_BIT_BLOB*)
::LocalAlloc (LPTR, cbKeyUsage);
if ( pKeyUsage )
{
if ( ::CryptDecodeObject (CRYPT_ASN_ENCODING,
szOID_KEY_USAGE,
pCertExtension->Value.pbData,
pCertExtension->Value.cbData,
0, pKeyUsage, &cbKeyUsage) )
{
if (pKeyUsage->cbData >= 1)
{
pKeyUsage->cUnusedBits = 0;
if ( pKeyUsage->pbData[0] & CERT_DIGITAL_SIGNATURE_KEY_USAGE )
bHasDigitalSignature = true;
else
bHasDigitalSignature = false;
if ( pbHasOnlyDigitalSignature )
{
if ( pKeyUsage->pbData[0] == CERT_DIGITAL_SIGNATURE_KEY_USAGE )
*pbHasOnlyDigitalSignature = true;
else
*pbHasOnlyDigitalSignature = false;
}
}
else
hr = E_FAIL;
}
else
{
DWORD dwErr = GetLastError ();
hr = HRESULT_FROM_WIN32 (dwErr);
_TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr);
}
LocalFree (pKeyUsage);
}
else
hr = E_OUTOFMEMORY;
}
else
{
DWORD dwErr = GetLastError ();
hr = HRESULT_FROM_WIN32 (dwErr);
_TRACE (0, L"CryptDecodeObject(CRYPT_ASN_ENCODING, szOID_KEY_USAGE) failed: 0x%x\n", dwErr);
}
}
FreeCertExtensions ();
}
_TRACE (-1, L"Leaving CCertTemplate::GetDigitalSignature (bHasDigitalSignature = %s): 0x%x\n",
bHasDigitalSignature ? L"true" : L"false", hr);
return hr;
}
void CCertTemplate::IssuancePoliciesRequired(bool bRequired)
{
m_bIssuancePoliciesRequired = bRequired;
}
bool CCertTemplate::IssuancePoliciesRequired() const
{
return m_bIssuancePoliciesRequired;
}
CString CCertTemplate::GetDN () const
{
_TRACE (1, L"Entering CCertTemplate::GetDN - m_hCertType = 0x%x\n", m_hCertType);
HRESULT hr = S_OK;
CString szDN;
if ( m_hCertType )
{
PWSTR* rgwszProp = 0;
hr = CAGetCertTypePropertyEx (m_hCertType,
CERTTYPE_PROP_DN, &rgwszProp);
if ( SUCCEEDED (hr) && rgwszProp )
{
szDN = *rgwszProp;
CAFreeCertTypeProperty (m_hCertType, rgwszProp);
}
else
{
_TRACE (0, L"CAGetCertTypePropertyEx (CERTTYPE_PROP_DN) failed: 0x%x\n", hr);
szDN = GetObjectName ();
}
}
else
szDN = GetObjectName ();
_TRACE (-1, L"Leaving CCertTemplate::GetDN: %s, 0x%x\n", (PCWSTR) szDN, hr);
return szDN;
}