unsigned int
RpcVMCAGetSignedCertificate(
handle_t IDL_handle,
unsigned char *pszPEMEncodedCSRRequest,
unsigned int dwValidFrom,
unsigned int dwDurationInSeconds,
wchar16_t *pszSharedSecret,
unsigned int *pdwCertLength,
VMCA_CERTIFICATE_CONTAINER **ppCertContainer)
{
DWORD dwError = 0;
VMCA_CERTIFICATE_CONTAINER* pCertContainer = NULL;
VMCA_CERTIFICATE_CONTAINER* pTempCertContainer = NULL;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (ppCertContainer == NULL ||
pszPEMEncodedCSRRequest == NULL) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetSignedCertificate(
pszPEMEncodedCSRRequest,
dwValidFrom,
dwDurationInSeconds,
&pTempCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(
pTempCertContainer->pCert,
&pCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*)pCertContainer->pCert, (char*)pTempCertContainer->pCert);
*ppCertContainer = pCertContainer;
cleanup:
VMCAFreeCertificateContainer (pTempCertContainer);
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (pdwCertLength)
{
*pdwCertLength = 0;
}
if (ppCertContainer)
{
*ppCertContainer = NULL;
}
VMCARpcFreeCertificateContainer(pCertContainer);
goto cleanup;
}
unsigned int
RpcVMCAGetServerVersion(
handle_t IDL_handle,
unsigned int *pdwCertLength,
VMCA_CERTIFICATE_CONTAINER **pServerVersion)
{
DWORD dwError = 0;
PSTR pTempServerVersion = NULL;
VMCA_CERTIFICATE_CONTAINER *pTempVersion = NULL;
/*
* TBD: Probably don't care if this is accessable remotely
* Currently VMCA API wiki states this should be SRP authenticated. (??)
*/
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (pServerVersion == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCAGetServerVersion(&pTempServerVersion);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer
(pTempServerVersion, &pTempVersion);
BAIL_ON_VMCA_ERROR(dwError);
strcpy(pTempVersion->pCert,pTempServerVersion);
*pServerVersion = pTempVersion;
cleanup:
VMCA_SAFE_FREE_STRINGA(pTempServerVersion);
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if(pdwCertLength)
{
*pdwCertLength = 0;
}
if (pServerVersion)
{
*pServerVersion = NULL;
}
if (pTempVersion)
{
VMCARpcFreeCertificateContainer(pTempVersion);
pTempVersion = NULL;
}
goto cleanup;
}
unsigned int
VMCAGetRootCACertificate(
unsigned int *dwCertLength,
VMCA_CERTIFICATE_CONTAINER **ppCertContainer
)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
PSTR pszRootCertFile = NULL;
BOOLEAN bLocked = FALSE;
VMCA_LOCK_MUTEX_SHARED(&gVMCAServerGlobals.svcMutex, bLocked);
dwError = VMCASrvValidateCA();
BAIL_ON_VMCA_ERROR(dwError);
VMCAGetRootCertificateFilePath(&pszRootCertFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAReadCertificateChainFromFile(
pszRootCertFile,
&pCertificate);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(pCertificate, ppCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*)(*ppCertContainer)->pCert,pCertificate);
error :
VMCA_LOCK_MUTEX_UNLOCK(&gVMCAServerGlobals.svcMutex, bLocked);
if( dwError != 0)
{
if (ppCertContainer && *ppCertContainer)
{
VMCARpcFreeCertificateContainer(*ppCertContainer);
*ppCertContainer = NULL;
}
}
VMCA_SAFE_FREE_STRINGA(pCertificate);
VMCA_SAFE_FREE_STRINGA(pszRootCertFile);
pCertificate = NULL;
return dwError;
}
DWORD
VMCARpcAllocateCertificateContainer(PSTR pCert, PVMCA_CERTIFICATE_CONTAINER *ppCertContainer)
{
DWORD dwError = 0;
dwError = VMCARpcAllocateMemory(sizeof(VMCA_CERTIFICATE_CONTAINER) ,(PVOID*)ppCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
memset(*ppCertContainer, 0 , sizeof(VMCA_CERTIFICATE_CONTAINER));
(*ppCertContainer)->dwCount = (unsigned long)strlen(pCert);
dwError = VMCARpcAllocateMemory(strlen(pCert)+1, (PVOID*) &((*ppCertContainer)->pCert));
BAIL_ON_VMCA_ERROR(dwError);
memset((*ppCertContainer)->pCert, 0 ,strlen(pCert)+1);
error :
if (dwError != 0) {
VMCARpcFreeCertificateContainer(*ppCertContainer);
}
return dwError;
}
DWORD
VMCAGetServerVersion(
unsigned int *dwCertLength,
VMCA_CERTIFICATE_CONTAINER **pServerVersion
)
{
DWORD dwError = 0;
dwError = VMCARpcAllocateCertificateContainer(VMCA_SERVER_VERSION_STRING, pServerVersion);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*)(*pServerVersion)->pCert,VMCA_SERVER_VERSION_STRING);
error :
if (dwError != 0) {
VMCARpcFreeCertificateContainer(*pServerVersion);
*pServerVersion = NULL;
}
return dwError;
}
unsigned int
VMCAGetSignedCertificate(
unsigned char *pszPEMEncodedCSRRequest,
unsigned int dwtmNotBefore,
unsigned int dwtmNotAfter,
PVMCA_CERTIFICATE_CONTAINER *ppCertContainer
)
{
DWORD dwError = 0;
time_t now = dwtmNotBefore;
time_t expire = dwtmNotAfter;
PSTR pCert = NULL;
PVMCA_DB_CERTIFICATE_ENTRY pEntry = NULL;
PVMCA_X509_CA pCA = NULL;
PVMCA_CERTIFICATE_CONTAINER pCertContainer = NULL;
BOOLEAN bLocked = FALSE;
VMCA_LOCK_MUTEX_EXCLUSIVE(&gVMCAServerGlobals.svcMutex, bLocked);
dwError = VMCASrvValidateCA();
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCASrvGetCA(&pCA);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCASignedRequestPrivate(
pCA,
(char *)pszPEMEncodedCSRRequest,
(char**)&pCert,
now,
expire);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(pCert, &pCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCADecodeCert(pCert, &pEntry);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAInsertCertificate(pEntry);
BAIL_ON_VMCA_ERROR(dwError);
// TODO : check for errors
strcpy((char*)pCertContainer->pCert, pCert);
*ppCertContainer = pCertContainer;
cleanup :
VMCA_LOCK_MUTEX_UNLOCK(&gVMCAServerGlobals.svcMutex, bLocked);
VMCAFreeDBEntryFields(pEntry);
VMCA_SAFE_FREE_STRINGA(pCert);
if (pCA)
{
VMCAReleaseCA(pCA);
}
return dwError;
error:
if (ppCertContainer)
{
*ppCertContainer = NULL;
}
if (pCertContainer)
{
VMCARpcFreeCertificateContainer(pCertContainer);
}
goto cleanup;
}
unsigned int
RpcVMCAGetRootCACertificate(
handle_t IDL_handle,
unsigned int *pdwCertLength,
VMCA_CERTIFICATE_CONTAINER **ppCertContainer)
{
DWORD dwError = 0;
DWORD dwCertLength = 0;
VMCA_CERTIFICATE_CONTAINER* pTempCertContainer = NULL;
PVMCA_CERTIFICATE pTempCertificate = NULL;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
/*
* TBD: This cannot be protected now; certool --WaitVMCA uses this
* interface to determine vmcad is up and responding.
*/
/* Restrict access to this RPC. Should use VECS APIs */
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
if (ppCertContainer == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCAGetRootCACertificate(
&dwCertLength,
&pTempCertificate);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(pTempCertificate, &pTempCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*) (pTempCertContainer)->pCert, pTempCertificate);
*ppCertContainer = pTempCertContainer;
*pdwCertLength = dwCertLength;
pTempCertContainer = NULL;
cleanup:
VMCA_SAFE_FREE_STRINGA(pTempCertificate);
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (pdwCertLength)
{
*pdwCertLength = 0;
}
if (ppCertContainer)
{
*ppCertContainer = NULL;
}
if (pTempCertContainer)
{
VMCARpcFreeCertificateContainer(pTempCertContainer);
}
goto cleanup;
}
