DWORD VMCASrvPublishRootCerts( VOID ) { DWORD dwError = 0; dwError = VMCASrvValidateCA(); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCASrvNotifyDirSync(); BAIL_ON_VMCA_ERROR(dwError); error: return dwError; }
unsigned int VMCAAddRootCertificate( unsigned char *pszRootCertificate, PWSTR pszPassPhrase, unsigned char *pszPrivateKey, unsigned int dwOverWrite) { DWORD dwError = 0; BOOL bFileExists = FALSE; BOOL bOverWrite = FALSE; BOOLEAN bLocked = FALSE; PSTR pszRootCertFile = NULL; PSTR pszPrivateKeyFile = NULL; PSTR pszPasswordFile = NULL; PSTR pszDataDirectory = NULL; #ifndef _WIN32 struct stat buf = { 0 }; #else struct _stat buf = { 0 }; #endif bOverWrite = (dwOverWrite == 1); // // Grab exclusive lock since we are writing the Root Cert, // and all operations must serialize for this op. // VMCA_LOCK_MUTEX_EXCLUSIVE(&gVMCAServerGlobals.svcMutex, bLocked); dwError = VMCAValidateCACertificatePrivate((LPSTR) pszRootCertificate,NULL, (LPSTR)pszPrivateKey); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCAGetRootCertificateFilePath(&pszRootCertFile); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCAGetPrivateKeyPath(&pszPrivateKeyFile); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCAGetPrivateKeyPasswordPath(&pszPasswordFile); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCAGetDataDirectory(&pszDataDirectory); BAIL_ON_VMCA_ERROR(dwError); bFileExists = (stat(pszRootCertFile,&buf) == ERROR_SUCCESS); if (!bOverWrite && bFileExists) { dwError = VMCA_ROOT_CA_ALREADY_EXISTS; BAIL_ON_VMCA_ERROR(dwError); } if (bOverWrite && bFileExists) { dwError = VMCABackupRootCAFiles(pszRootCertFile, pszPrivateKeyFile, pszPasswordFile); BAIL_ON_VMCA_ERROR(dwError); } if (!bFileExists) { dwError = VMCACreateDirectory(pszDataDirectory, TRUE); BAIL_ON_VMCA_ERROR(dwError); } dwError = VMCAWriteCertificateChainToFile(pszRootCertFile, (PVMCA_CERTIFICATE) pszRootCertificate); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCAWritePrivateKeyToFile( pszPrivateKeyFile, (LPSTR) pszPrivateKey, pszPasswordFile, pszPassPhrase); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCASetKeyPerm(pszPrivateKeyFile); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCASrvInitCA(); BAIL_ON_VMCA_ERROR(dwError); dwError = VMCASrvNotifyDirSync(); BAIL_ON_VMCA_ERROR(dwError); #if 0 #ifdef DEBUG PrintCurrentState(); #endif #endif error : VMCA_LOCK_MUTEX_UNLOCK(&gVMCAServerGlobals.svcMutex, bLocked); if ( pszRootCertFile != NULL) { VMCAFreeStringA(pszRootCertFile); } if( pszPrivateKeyFile != NULL) { VMCAFreeStringA(pszPrivateKeyFile); } if( pszPasswordFile != NULL ) { VMCAFreeStringA(pszPasswordFile); } if (pszDataDirectory != NULL) { VMCAFreeStringA(pszDataDirectory); } return dwError; }