certificate VMCAClient::GetSelfSignedCertificate(const REQUEST& req, const KEYPAIR& keys, time_t NotBefore, time_t NotAfter)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
PVMCA_PKCS_10_REQ_DATAA data = NULL;
certificate result;
dwError = VMCAAllocatePKCS10DataA(&data);
BAIL_ON_ERROR(dwError);
dwError = req.InitPKCS10(data);
BAIL_ON_ERROR(dwError);
dwError = VMCACreateSelfSignedCertificateA(data,
(PSTR) keys.privatekey.c_str(),
NULL,
NotBefore,
NotAfter,
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
if (data != NULL) {
VMCAFreePKCS10DataA(data);
}
THROW_IF_NEEDED(dwError);
return result;
}
certificate VMCAClient::GetCertificateFromCSR(const std::string& CSR, time_t NotBefore, time_t NotAfter)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate result;
if (CSR.length() <= 0 )
{
dwError = VMCA_ARGUMENT_ERROR;
BAIL_ON_ERROR(dwError);
}
dwError = VMCAGetSignedCertificateFromCSRHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
CSR.c_str(),
NotBefore,
NotAfter,
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
THROW_IF_NEEDED(dwError);
return result;
}
certificate VMCAClient::GetCertificate(const REQUEST& req, const KEYPAIR& keys, time_t NotBefore, time_t NotAfter)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate result;
dwError = VMCAGetSignedCertificateFromCSRHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
req.GetCSR(keys).c_str(),
NotBefore,
NotAfter,
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
THROW_IF_NEEDED(dwError);
return result;
}
certificate *VMCAClient::GetNextCertificate(vmcacontext2& ctx)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate *result = NULL;
dwError = VMCAGetNextCertificate(
ctx.pContext,
&pCertificate,
&ctx.currIndex,
&ctx.enumStatus
);
BAIL_ON_ERROR(dwError);
result = new certificate();
result->certString.assign(pCertificate);
VMCAFreeCertificate(pCertificate);
pCertificate = NULL;
return result;
error :
if ( pCertificate) {
VMCAFreeCertificate(pCertificate);
}
if (dwError == VMCA_ENUM_END)
{
dwError = 0; // This is the Standard Success Code
}
THROW_IF_NEEDED(dwError);
return NULL;
}
certificate client::GetRootCACert()
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate result;
dwError = VMCAGetRootCACertificateA(ServerName.c_str(), &pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
THROW_IF_NEEDED(dwError);
return result;
}
certificate VMCAClient::GetRootCACert()
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
certificate result;
dwError = VMCAGetRootCACertificateHA(
_pServerContext->getContext(),
_pServerContext->getNetworkAddress().c_str(),
&pCertificate);
BAIL_ON_ERROR(dwError);
result.certString.assign(pCertificate);
error :
if(pCertificate != NULL) {
VMCAFreeCertificate(pCertificate);
}
THROW_IF_NEEDED(dwError);
return result;
}
DWORD
VMCASrvInitCA(
VOID
)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pRootCACert = NULL;
PVMCA_KEY pPrivateKey = NULL;
PSTR pszRootCertFile = NULL;
PSTR pszPrivateKeyFile = NULL;
PSTR pszPasswordFile = NULL;
PVMCA_X509_CA pCA = NULL;
DWORD dwCRLNumberCurrent = 0;
BOOL bIsHoldingMutex = FALSE;
dwError = VMCAGetRootCertificateFilePath(&pszRootCertFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetPrivateKeyPath(&pszPrivateKeyFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetPrivateKeyPasswordPath(&pszPasswordFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAReadCertificateChainFromFile(pszRootCertFile,&pRootCACert);
BAIL_ON_VMCA_ERROR(dwError);
//
// TODO : Support Passwords for private key
//
dwError = VMCAReadPrivateKeyFromFilePrivate(
pszPrivateKeyFile,
NULL,
&pPrivateKey);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAValidateCACertificatePrivate(
(LPSTR) pRootCACert,
NULL,
pPrivateKey);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCACreateCA( pRootCACert, pPrivateKey, NULL, &pCA);
BAIL_ON_VMCA_ERROR(dwError);
if (BN_num_bits(pCA->pKey->pkey.rsa->n) < VMCA_MIN_CA_CERT_PRIV_KEY_LENGTH)
{
dwError = VMCA_ERROR_INVALID_KEY_LENGTH;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCASrvSetCA(pCA);
BAIL_ON_VMCA_ERROR(dwError);
pthread_mutex_lock (&gVMCAServerGlobals.mutexCRL);
bIsHoldingMutex = TRUE;
dwError = VmcaDbGetCurrentCRLNumber(&dwCRLNumberCurrent);
if (dwError == ERROR_OBJECT_NOT_FOUND)
{
dwError = 0;
dwCRLNumberCurrent = 0;
}
BAIL_ON_VMCA_ERROR (dwError);
gVMCAServerGlobals.dwCurrentCRLNumber = dwCRLNumberCurrent;
pthread_mutex_unlock (&gVMCAServerGlobals.mutexCRL);
bIsHoldingMutex = FALSE;
error:
if ( pPrivateKey != NULL )
{
VMCAFreeKey(pPrivateKey);
}
if (pRootCACert != NULL)
{
VMCAFreeCertificate(pRootCACert);
}
if (bIsHoldingMutex)
{
pthread_mutex_unlock(&gVMCAServerGlobals.mutexCRL);
}
VMCA_SAFE_FREE_STRINGA(pszRootCertFile);
VMCA_SAFE_FREE_STRINGA(pszPrivateKeyFile);
VMCA_SAFE_FREE_STRINGA(pszPasswordFile);
if (pCA)
{
VMCAReleaseCA(pCA);
}
return dwError;
}
