unsigned int
RpcVMCARevokeCertificate(
handle_t IDL_handle,
unsigned char *pszCertificate,
wchar16_t *pszSharedSecret)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
if(pszCertificate == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCARevokeCertificate(pszCertificate);
BAIL_ON_VMCA_ERROR(dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
RpcVMCAGetSignedCertificate(
handle_t IDL_handle,
unsigned char *pszPEMEncodedCSRRequest,
unsigned int dwValidFrom,
unsigned int dwDurationInSeconds,
wchar16_t *pszSharedSecret,
unsigned int *pdwCertLength,
VMCA_CERTIFICATE_CONTAINER **ppCertContainer)
{
DWORD dwError = 0;
VMCA_CERTIFICATE_CONTAINER* pCertContainer = NULL;
VMCA_CERTIFICATE_CONTAINER* pTempCertContainer = NULL;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (ppCertContainer == NULL ||
pszPEMEncodedCSRRequest == NULL) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetSignedCertificate(
pszPEMEncodedCSRRequest,
dwValidFrom,
dwDurationInSeconds,
&pTempCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(
pTempCertContainer->pCert,
&pCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*)pCertContainer->pCert, (char*)pTempCertContainer->pCert);
*ppCertContainer = pCertContainer;
cleanup:
VMCAFreeCertificateContainer (pTempCertContainer);
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (pdwCertLength)
{
*pdwCertLength = 0;
}
if (ppCertContainer)
{
*ppCertContainer = NULL;
}
VMCARpcFreeCertificateContainer(pCertContainer);
goto cleanup;
}
unsigned int
RpcVMCAEnumCertificates(
handle_t IDL_handle,
CERTIFICATE_STATUS dwStatus,
unsigned int dwStartIndex,
unsigned int dwNumCertificates,
VMCA_CERTIFICATE_ARRAY** ppCertArray)
{
DWORD dwError = 0;
VMCA_CERTIFICATE_ARRAY* pTempCertArray = NULL;
VMCA_CERTIFICATE_ARRAY* pCertArray = NULL;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (ppCertArray == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAEnumCertificates(
dwStartIndex,
dwNumCertificates,
dwStatus,
&pTempCertArray);
BAIL_ON_VMCA_ERROR(dwError);
dwError = RpcVMCACopyCertificateToRPC(
pTempCertArray,
&pCertArray);
BAIL_ON_VMCA_ERROR(dwError);
*ppCertArray = pCertArray;
cleanup:
if (pTempCertArray)
{
VMCAFreeCertificateArray(pTempCertArray);
}
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (ppCertArray)
{
*ppCertArray = NULL;
}
if (pCertArray)
{
VMCARpcFreeCertificateArray(pCertArray);
}
goto cleanup;
}
unsigned int
RpcVMCAGetServerVersion(
handle_t IDL_handle,
unsigned int *pdwCertLength,
VMCA_CERTIFICATE_CONTAINER **pServerVersion)
{
DWORD dwError = 0;
PSTR pTempServerVersion = NULL;
VMCA_CERTIFICATE_CONTAINER *pTempVersion = NULL;
/*
* TBD: Probably don't care if this is accessable remotely
* Currently VMCA API wiki states this should be SRP authenticated. (??)
*/
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (pServerVersion == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCAGetServerVersion(&pTempServerVersion);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer
(pTempServerVersion, &pTempVersion);
BAIL_ON_VMCA_ERROR(dwError);
strcpy(pTempVersion->pCert,pTempServerVersion);
*pServerVersion = pTempVersion;
cleanup:
VMCA_SAFE_FREE_STRINGA(pTempServerVersion);
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if(pdwCertLength)
{
*pdwCertLength = 0;
}
if (pServerVersion)
{
*pServerVersion = NULL;
}
if (pTempVersion)
{
VMCARpcFreeCertificateContainer(pTempVersion);
pTempVersion = NULL;
}
goto cleanup;
}
DWORD
VmcaDbCreateContext(
PVMCA_DB_CONTEXT* ppDbContext
)
{
DWORD dwError = 0;
PVMCA_DB_CONTEXT pDbContext = NULL;
BOOLEAN bInLock = FALSE;
VMCA_LOG_(VMCA_LOG_LEVEL_DEBUG,"Creating VMCA database context");
VMCA_LOCK_MUTEX(bInLock, &gVmcaDbGlobals.mutex);
if (gVmcaDbGlobals.pDbContextList)
{
pDbContext = gVmcaDbGlobals.pDbContextList;
gVmcaDbGlobals.pDbContextList = gVmcaDbGlobals.pDbContextList->pNext;
pDbContext->pNext = NULL;
gVmcaDbGlobals.dwNumCachedContexts--;
}
else
{
VMCA_LOG_DEBUG("Allocating database context for %s", gVmcaDbGlobals.pszDbPath);
dwError = VMCAAllocateMemory(sizeof(*pDbContext), (PVOID*)&pDbContext);
BAIL_ON_VMCA_ERROR(dwError);
dwError = sqlite3_open(
gVmcaDbGlobals.pszDbPath,
&pDbContext->pDb);
BAIL_ON_VMCA_ERROR(dwError);
dwError = sqlite3_busy_timeout(
pDbContext->pDb,
5000);
BAIL_ON_VMCA_ERROR(dwError);
}
*ppDbContext = pDbContext;
cleanup:
VMCA_UNLOCK_MUTEX(bInLock, &gVmcaDbGlobals.mutex);
VMCA_LOG_DEBUG("VMCA database context created Error = %d", dwError);
return dwError;
error:
*ppDbContext = NULL;
if (pDbContext)
{
VmcaDbFreeContext(pDbContext);
}
goto cleanup;
}
unsigned int
RpcVMCAInitEnumCertificatesHandle(
handle_t IDL_handle,
unsigned int * pdwHandle)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
error:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
}
unsigned int
RpcVMCAUnsetServerOption(
handle_t IDL_handle,
unsigned int dwOption
)
{
DWORD dwError = 0;
unsigned int dwCurrentOption = 0;
unsigned int dwNewOption = 0;
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAConfigGetDword(VMCA_REG_KEY_SERVER_OPTION, &dwCurrentOption);
dwError = dwError == ERROR_FILE_NOT_FOUND ? 0: dwError;
BAIL_ON_VMCA_ERROR(dwError);
dwNewOption = dwCurrentOption & ~dwOption;
dwError = VMCAConfigSetDword(VMCA_REG_KEY_SERVER_OPTION, dwNewOption);
BAIL_ON_VMCA_ERROR(dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
RpcVMCAGetServerOption(
handle_t IDL_handle,
unsigned int *pdwOption
)
{
DWORD dwError = 0;
unsigned int dwOption = 0;
if (!pdwOption)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAConfigGetDword(VMCA_REG_KEY_SERVER_OPTION, &dwOption);
dwError = dwError == ERROR_FILE_NOT_FOUND ? 0: dwError;
BAIL_ON_VMCA_ERROR(dwError);
*pdwOption = dwOption;
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
/*
* What is the difference between these two RPC methods?
* RpcVMCAReGenCRL()
* VMCARpcReGenCRL()
*/
unsigned int
VMCARpcReGenCRL(
handle_t IDL_handle
)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VmcaSrvReGenCRL(NULL);
BAIL_ON_VMCA_ERROR(dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
VMCARpcRevokeCertificate(
handle_t IDL_handle,
wchar16_t *pszServerName,
unsigned char *pszCertificate,
unsigned int dwCertRevokeReason,
wchar16_t *pszSharedSecret)
{
DWORD dwError = 0;
VMCA_CRL_REASON certRevokeReason = CRL_REASON_UNSPECIFIED;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
if(pszCertificate == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VmcaSrvValidateCRLReason (
dwCertRevokeReason,
&certRevokeReason
);
BAIL_ON_VMCA_ERROR (dwError);
/* TODO: Can the server be NULL? */
dwError = VmcaSrvRevokeCertificate(
pszServerName,
pszCertificate,
certRevokeReason
);
BAIL_ON_VMCA_ERROR(dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
RpcVMCAPublishRootCerts(
handle_t IDL_handle
)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCASrvPublishRootCerts();
BAIL_ON_VMCA_ERROR(dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
RpcVMCAFindCertificates(
handle_t IDL_handle,
unsigned int dwSearchQueryLength,
wchar16_t *pszSearchQuery,
unsigned int *dwCertificateCount,
VMCA_CERTIFICATE_CONTAINER ** ppCertContainer
)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
RpcVMCAVerifyCertificate(
handle_t IDL_handle,
unsigned char *pszPEMEncodedCertificate,
unsigned int *pdwStatus
)
{
DWORD dwError = 0;
DWORD dwTempStatus = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (pszPEMEncodedCertificate == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
// dw status never used?
dwError = VMCAVerifyCertificate(
pszPEMEncodedCertificate,
&dwTempStatus);
BAIL_ON_VMCA_ERROR(dwError);
*pdwStatus = dwTempStatus;
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (pdwStatus)
{
*pdwStatus = 0;
}
goto cleanup;
}
unsigned int
RpcVMCAGetCertificateCount(
handle_t IDL_handle,
unsigned int dwStatus,
unsigned int *pdwNumCertificates
)
{
DWORD dwError = 0;
DWORD dwTempNumCertificates = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if (pdwNumCertificates == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetCertificateCount(
dwStatus,
&dwTempNumCertificates);
BAIL_ON_VMCA_ERROR(dwError);
*pdwNumCertificates = dwTempNumCertificates;
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (pdwNumCertificates)
{
*pdwNumCertificates = 0;
}
goto cleanup;
}
unsigned int
RpcVMCAAddRootCertificate(
handle_t IDL_handle,
unsigned char *pszRootCertificate,
wchar16_t *pszPassPhrase,
unsigned char *pszPrivateKey,
unsigned int dwOverWrite,
wchar16_t *pszSharedSecret)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
dwError = VMCACheckAccess(IDL_handle, TRUE);
BAIL_ON_VMCA_ERROR(dwError);
if (pszRootCertificate == NULL) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
if(pszPrivateKey == NULL){
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCAAddRootCertificate(
pszRootCertificate,
pszPassPhrase,
pszPrivateKey,
dwOverWrite);
BAIL_ON_VMCA_ERROR(dwError);
error :
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
}
unsigned int
RpcVMCAReGenCRL (
handle_t IDL_handle
)
{
DWORD dwError = 0;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
/*
* This is depricated. No one is using the client API.
* However, this should not do anything if the existing
* server-side RPC is called.
*/
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR (dwError);
cleanup:
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
goto cleanup;
}
unsigned int
RpcVMCAGetCRL(
handle_t IDL_handle,
unsigned char *pszClientCachedCRLID,
unsigned int dwFileOffset,
unsigned int dwSize,
VMCA_FILE_BUFFER **ppCRLData
)
{
DWORD dwError = 0;
VMCA_FILE_BUFFER* pTempCRLData = NULL;
VMCA_FILE_BUFFER* pCRLData = NULL;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
if(ppCRLData == NULL) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetCRL(
dwFileOffset,
dwSize,
&pTempCRLData);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateMemory
(
sizeof(pCRLData),
(PVOID*) &pCRLData
);
BAIL_ON_VMCA_ERROR(dwError);
pCRLData->dwCount = pTempCRLData->dwCount;
if(pCRLData->dwCount > 0)
{
dwError = VMCARpcAllocateMemory(
pCRLData->dwCount * sizeof(unsigned char),
(PVOID*) &pCRLData->buffer);
BAIL_ON_VMCA_ERROR(dwError);
memcpy(
(PVOID*) pCRLData->buffer,
pTempCRLData->buffer,
(size_t) pCRLData->dwCount);
}
*ppCRLData = pCRLData;
pTempCRLData = NULL;
cleanup:
if ( pTempCRLData )
{
VMCA_SAFE_FREE_MEMORY(pTempCRLData->buffer);
VMCA_SAFE_FREE_MEMORY(pTempCRLData);
}
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (ppCRLData)
{
*ppCRLData = NULL;
}
if(pCRLData)
{
if(pCRLData->buffer)
{
VMCARpcFreeMemory((PVOID) pCRLData->buffer);
}
VMCARpcFreeMemory((PVOID)pCRLData);
}
goto cleanup;
}
unsigned int
RpcVMCAGetRootCACertificate(
handle_t IDL_handle,
unsigned int *pdwCertLength,
VMCA_CERTIFICATE_CONTAINER **ppCertContainer)
{
DWORD dwError = 0;
DWORD dwCertLength = 0;
VMCA_CERTIFICATE_CONTAINER* pTempCertContainer = NULL;
PVMCA_CERTIFICATE pTempCertificate = NULL;
VMCA_LOG_DEBUG("Entering %s", __FUNCTION__);
/*
* TBD: This cannot be protected now; certool --WaitVMCA uses this
* interface to determine vmcad is up and responding.
*/
/* Restrict access to this RPC. Should use VECS APIs */
dwError = VMCACheckAccess(IDL_handle, FALSE);
BAIL_ON_VMCA_ERROR(dwError);
if (ppCertContainer == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCAGetRootCACertificate(
&dwCertLength,
&pTempCertificate);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(pTempCertificate, &pTempCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*) (pTempCertContainer)->pCert, pTempCertificate);
*ppCertContainer = pTempCertContainer;
*pdwCertLength = dwCertLength;
pTempCertContainer = NULL;
cleanup:
VMCA_SAFE_FREE_STRINGA(pTempCertificate);
VMCA_LOG_DEBUG("Exiting %s, Status = %d", __FUNCTION__, dwError);
return dwError;
error:
if (pdwCertLength)
{
*pdwCertLength = 0;
}
if (ppCertContainer)
{
*ppCertContainer = NULL;
}
if (pTempCertContainer)
{
VMCARpcFreeCertificateContainer(pTempCertContainer);
}
goto cleanup;
}
