certificate VMCAClient::GetCertificateFromCSR(const std::string& CSR, time_t NotBefore, time_t NotAfter)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate result;
if (CSR.length() <= 0 )
{
dwError = VMCA_ARGUMENT_ERROR;
BAIL_ON_ERROR(dwError);
}
dwError = VMCAGetSignedCertificateFromCSRHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
CSR.c_str(),
NotBefore,
NotAfter,
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
THROW_IF_NEEDED(dwError);
return result;
}
vmca_server_context::vmca_server_context(
const std::string& username,
const std::string& domain,
const std::string& password,
const std::string& server_address
) : _username(username),
_domain(domain),
_password(password),
_server_address(server_address),
_pServerContext(NULL)
{
PVMCA_SERVER_CONTEXT pContext = NULL;
DWORD dwError = VMCAOpenServerA(
_server_address.c_str(),
username.c_str(),
domain.c_str(),
password.c_str(),
0,
NULL,
&pContext);
THROW_IF_NEEDED(dwError);
_pServerContext = pContext;
}
certificate VMCAClient::GetSelfSignedCertificate(const REQUEST& req, const KEYPAIR& keys, time_t NotBefore, time_t NotAfter)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
PVMCA_PKCS_10_REQ_DATAA data = NULL;
certificate result;
dwError = VMCAAllocatePKCS10DataA(&data);
BAIL_ON_ERROR(dwError);
dwError = req.InitPKCS10(data);
BAIL_ON_ERROR(dwError);
dwError = VMCACreateSelfSignedCertificateA(data,
(PSTR) keys.privatekey.c_str(),
NULL,
NotBefore,
NotAfter,
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
if (data != NULL) {
VMCAFreePKCS10DataA(data);
}
THROW_IF_NEEDED(dwError);
return result;
}
void client::SetMachineCertWithString(
std::string PEMEncodedCertificate,
std::string PEMEncodedPrivateKey)
{
DWORD dwError = 0;
if (PEMEncodedCertificate.length() <= 0)
{
dwError = VECS_NO_CERT_FOUND;
BAIL_ON_ERROR(dwError);
}
if (PEMEncodedPrivateKey.length() <= 0)
{
dwError = VECS_NO_CERT_FOUND;
BAIL_ON_ERROR(dwError);
}
dwError = VmAfdSetSSLCertificate(ServerName.c_str(),
(PSTR) PEMEncodedCertificate.c_str(),
(PSTR) PEMEncodedPrivateKey.c_str());
BAIL_ON_ERROR(dwError);
cleanup:
return;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
certificate VMCAClient::GetCertificate(const REQUEST& req, const KEYPAIR& keys, time_t NotBefore, time_t NotAfter)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate result;
dwError = VMCAGetSignedCertificateFromCSRHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
req.GetCSR(keys).c_str(),
NotBefore,
NotAfter,
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
THROW_IF_NEEDED(dwError);
return result;
}
opaque client::OpenCertStore(
std::string StoreName,
std::string Password)
{
DWORD dwError = 0;
opaque result;
PVECS_STORE pStore = NULL;
PSTR pszPassword = NULL;
pszPassword = (PSTR)Password.c_str();
if (pszPassword && pszPassword[0] == '\0') {
pszPassword = NULL;
}
dwError = VecsOpenCertStoreA(
ServerName.c_str(),
StoreName.c_str(),
pszPassword,
&pStore);
BAIL_ON_ERROR(dwError);
result = (opaque)pStore;
cleanup:
return result;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
std::string client::GetStatus()
{
DWORD dwError = 0;
VMAFD_STATUS status = VMAFD_STATUS_UNKNOWN;
std::string result;
dwError = VmAfdGetStatusA(ServerName.c_str(), &status);
BAIL_ON_ERROR(dwError);
if (status == VMAFD_STATUS_UNKNOWN) {
result.assign("Unknown");
}
if (status == VMAFD_STATUS_INITIALIZING) {
result.assign("Initializing");
}
if (status == VMAFD_STATUS_RUNNING) {
result.assign("Running");
}
error:
THROW_IF_NEEDED(dwError);
return result;
}
std::string client::GetCertByAlias(
opaque Store,
std::string Alias)
{
DWORD dwError = 0;
PSTR pszAlias = NULL;
PSTR pszCertificate = NULL;
PVECS_STORE pStore = NULL;
std::string result;
if (Alias.length() <= 0)
{
dwError = VECS_NO_CERT_FOUND;
BAIL_ON_ERROR(dwError);
}
pStore = (PVECS_STORE)Store;
dwError = VecsGetCertificateByAliasA(
pStore,
(PSTR)Alias.c_str(),
&pszCertificate);
BAIL_ON_ERROR(dwError);
result.assign(pszCertificate);
cleanup:
VMAFD_SAFE_FREE_MEMORY(pszCertificate);
return result;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
opaque client::BeginEnumAliases(
opaque Store,
int EntryCount)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
PVECS_ENUM_CONTEXT pEnumContext = NULL;
opaque result;
pStore = (PVECS_STORE)Store;
dwError = VecsBeginEnumEntries(
pStore,
EntryCount,
ENTRY_INFO_LEVEL_1,
&pEnumContext);
BAIL_ON_ERROR(dwError);
result = (opaque)pEnumContext;
cleanup:
return result;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
std::string request::GetCSR(const KEYPAIR& keypair) const
{
DWORD dwError = 0;
PVMCA_CSR pCSR = NULL;
PVMCA_PKCS_10_REQ_DATAA data = NULL;
std::string result;
dwError = VMCAAllocatePKCS10DataA(&data);
BAIL_ON_ERROR(dwError);
dwError = InitPKCS10(data);
BAIL_ON_ERROR(dwError);
dwError = VMCACreateSigningRequestA(data, (PSTR) keypair.privatekey.c_str(),
NULL, &pCSR);
BAIL_ON_ERROR(dwError);
result.assign(pCSR);
error :
if ( data != NULL) {
VMCAFreePKCS10DataA(data);
}
if(pCSR != NULL) {
VMCAFreeCSR(pCSR);
}
THROW_IF_NEEDED(dwError);
return result;
}
std::string client::GetDomainState()
{
VMAFD_DOMAIN_STATE domainState = VMAFD_DOMAIN_STATE_NONE;
DWORD dwError = 0;
std::string result;
dwError = VmAfdGetDomainStateA(ServerName.c_str(), &domainState);
BAIL_ON_ERROR(dwError);
switch (domainState)
{
case VMAFD_DOMAIN_STATE_NONE:
result.assign("None");
break;
case VMAFD_DOMAIN_STATE_CONTROLLER:
result.assign("Controller");
break;
case VMAFD_DOMAIN_STATE_CLIENT:
result.assign("Client");
break;
default:
result.assign("Unknown");
break;
}
error:
THROW_IF_NEEDED(dwError);
return result;
}
void client::DisableClientAffinity()
{
DWORD dwError = 0;
//This code would eventually move out of here
//when other APIs become remotable
PVMAFD_SERVER pServer = NULL;
dwError = VmAfdOpenServerA(NULL,NULL,NULL,&pServer);
BAIL_ON_ERROR(dwError);
dwError = CdcDisableClientAffinity(pServer);
BAIL_ON_ERROR(dwError);
cleanup:
if (pServer)
{
VmAfdCloseServer(pServer);
}
return;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
void client::SetLDU(std::string LDUName)
{
DWORD dwError = 0;
dwError = VmAfdSetLDUA(ServerName.c_str(), LDUName.c_str());
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
void client::SetDCPort(unsigned int port)
{
DWORD dwError = 0;
dwError = VmAfdSetDCPortA(ServerName.c_str(), port);
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
void client::SetDomainName(std::string domainName)
{
DWORD dwError = 0;
dwError = VmAfdSetDomainNameA(ServerName.c_str(),
domainName.c_str());
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
void client::SetPNID(std::string PNID)
{
DWORD dwError = 0;
dwError = VmAfdSetPNIDA(ServerName.c_str(),
PNID.c_str());
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
void client::SetCAPath(std::string path)
{
DWORD dwError = 0;
dwError = VmAfdSetCAPathA(ServerName.c_str(),
path.c_str());
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
void client::SetMachineID(std::string id)
{
DWORD dwError = 0;
dwError = VmAfdSetMachineIDA(
ServerName.c_str(),
id.c_str());
BAIL_ON_ERROR(dwError);
error:
THROW_IF_NEEDED(dwError);
}
bool client::Revoke(const certificate& cert)
{
DWORD dwError = 0;
dwError = VMCARevokeCertificateA(ServerName.c_str(),
(PVMCA_CERTIFICATE)cert.certString.c_str());
BAIL_ON_ERROR(dwError);
error :
THROW_IF_NEEDED(dwError);
return true;
}
VMCACRL client::GetCRL(const std::string& newCRL)
{
VMCACRL result;
DWORD dwError = 0;
dwError = VMCAGetCRLA((PSTR)ServerName.c_str(),
NULL, (PSTR) newCRL.c_str());
BAIL_ON_ERROR(dwError);
result.filepath.assign(newCRL);
error :
THROW_IF_NEEDED(dwError);
return result;
}
bool client::AddRootCertificate(const std::string& Certificate, const std::string& PrivateKey)
{
DWORD dwError = 0;
dwError = VMCAAddRootCertificateA(ServerName.c_str(),
(PVMCA_CERTIFICATE) Certificate.c_str(),
NULL,
(PVMCA_KEY) PrivateKey.c_str());
BAIL_ON_ERROR(dwError);
error :
THROW_IF_NEEDED(dwError);
return true;
}
vmcacontext2 VMCAClient::OpenEnumHandle(const std::string& statusFilter)
{
DWORD dwError = 0;
PVOID pContext = NULL;
VMCA_CERTIFICATE_STATUS dwStatus = VMCA_CERTIFICATE_ALL;
vmcacontext2 ctx;
// initialize enum
ctx.pContext = NULL;
ctx.pclient = NULL;
ctx.currIndex = 0;
ctx.enumStatus = VMCA_ENUM_ERROR;
if ( std::strcmp(statusFilter.c_str(), "active") == 0) {
dwStatus = VMCA_CERTIFICATE_ACTIVE;
}
else if ( std::strcmp(statusFilter.c_str(), "revoked") == 0) {
dwStatus = VMCA_CERTIFICATE_REVOKED;
}
else if ( std::strcmp(statusFilter.c_str(), "expired") == 0) {
dwStatus = VMCA_CERTIFICATE_EXPIRED;
}
else if ( std::strcmp(statusFilter.c_str(), "all") == 0) {
dwStatus = VMCA_CERTIFICATE_ALL;
}
else {
goto error;
}
dwError = VMCAOpenEnumContextHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
dwStatus,
&pContext
);
BAIL_ON_ERROR(dwError);
ctx.pContext = pContext;
ctx.pclient = this;
return ctx;
error :
if (pContext){
VMCACloseEnumContext(pContext);
}
THROW_IF_NEEDED(dwError);
return ctx;
}
VOID client::Logout()
{
DWORD dwError = 0;
#if 0
/*
* Temporarily disable logout because machine account
* credentials are used for SRP authentication.
*/
dwError = VMCALogout();
#endif
THROW_IF_NEEDED(dwError);
}
bool VMCAClient::Revoke(const certificate& cert)
{
DWORD dwError = 0;
dwError = VMCARevokeCertificateHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
(PVMCA_CERTIFICATE)cert.certString.c_str());
BAIL_ON_ERROR(dwError);
error :
THROW_IF_NEEDED(dwError);
return true;
}
std::string client::GetCdcState()
{
CDC_DC_STATE cdcState = CDC_DC_STATE_UNDEFINED;
DWORD dwError = 0;
std::string result;
//This code would eventually move out of here
//when other APIs become remotable
PVMAFD_SERVER pServer = NULL;
dwError = VmAfdOpenServerA(NULL,NULL,NULL,&pServer);
BAIL_ON_ERROR(dwError);
dwError = CdcGetCurrentState(pServer, &cdcState);
BAIL_ON_ERROR(dwError);
switch (cdcState)
{
case CDC_DC_STATE_NO_DC_LIST:
result.assign("NO_DC_LIST");
break;
case CDC_DC_STATE_SITE_AFFINITIZED:
result.assign("SITE_AFFINITIZED");
break;
case CDC_DC_STATE_OFF_SITE:
result.assign("OFF_SITE");
break;
case CDC_DC_STATE_NO_DCS_ALIVE:
result.assign("NO_DCS_ALIVE");
break;
case CDC_DC_STATE_LEGACY:
result.assign("DISABLED");
break;
default:
result.assign("UNKNOWN");
break;
}
cleanup:
if (pServer)
{
VmAfdCloseServer(pServer);
}
return result;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
bpl::list client::EnumDCEntries()
{
DWORD dwError = 0;
bpl::list result;
DWORD dwCount = 0;
DWORD dwIndex = 0;
PSTR pszDCEntry = NULL;
PSTR *ppszDCEntries = NULL;
//This code would eventually move out of here
//when other APIs become remotable
PVMAFD_SERVER pServer = NULL;
dwError = VmAfdOpenServerA(NULL,NULL,NULL,&pServer);
BAIL_ON_ERROR(dwError);
dwError = CdcEnumDCEntriesA(
pServer,
&ppszDCEntries,
&dwCount);
if (dwError == 0 && dwCount > 0)
{
for (dwIndex=0; dwIndex<dwCount; dwIndex++)
{
if (ppszDCEntries[dwIndex])
{
std::string st(ppszDCEntries[dwIndex]);
result.append(st);
}
}
}
BAIL_ON_ERROR(dwError);
cleanup:
if (pServer)
{
VmAfdCloseServer(pServer);
}
if (ppszDCEntries)
{
CdcFreeStringArrayA(ppszDCEntries, dwCount);
}
return result;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
std::string client::GetVersion()
{
PSTR pVersion = NULL;
DWORD dwError = 0;
std::string result;
dwError = VMCAGetServerVersionA(ServerName.c_str(), &pVersion);
BAIL_ON_ERROR(dwError);
result.assign (pVersion);
error :
if (pVersion != NULL) {
VMCAFreeKey(pVersion);
}
THROW_IF_NEEDED(dwError);
return result;
}
bpl::list client::EnumAliases(
opaque EnumContext)
{
DWORD dwError = 0;
bpl::list result;
PVECS_ENUM_CONTEXT pEnumContext = NULL;
DWORD dwCount = 0;
DWORD dwIndex = 0;
PSTR pAlias = NULL;
PVECS_CERT_ENTRY_A pEntries = NULL;
pEnumContext = (PVECS_ENUM_CONTEXT)EnumContext;
dwError = VecsEnumEntriesA(
pEnumContext,
&pEntries,
&dwCount);
if (dwError == 0 && dwCount > 0) {
for (dwIndex=0; dwIndex<dwCount; dwIndex++)
{
pAlias = pEntries[dwIndex].pszAlias;
if (pAlias)
{
std::string st(pAlias);
result.append(st);
}
}
}
if (dwError == ERROR_NO_MORE_ITEMS)
{
dwError = 0;
}
BAIL_ON_ERROR(dwError);
cleanup:
if (pEntries)
{
VecsFreeCertEntryArrayA(pEntries, dwCount);
}
return result;
error:
THROW_IF_NEEDED(dwError);
goto cleanup;
}
bool VMCAClient::AddRootCertificate(const std::string& Certificate, const std::string& PrivateKey)
{
DWORD dwError = 0;
dwError = VMCAAddRootCertificateHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
(PVMCA_CERTIFICATE) Certificate.c_str(),
NULL,
(PVMCA_KEY) PrivateKey.c_str());
BAIL_ON_ERROR(dwError);
error :
THROW_IF_NEEDED(dwError);
return true;
}
VMCACRL VMCAClient::GetCRL(const std::string& newCRL)
{
VMCACRL result;
DWORD dwError = 0;
dwError = VMCAGetCRLHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
NULL,
(PSTR) newCRL.c_str());
BAIL_ON_ERROR(dwError);
result.filepath.assign(newCRL);
error :
THROW_IF_NEEDED(dwError);
return result;
}
