unsigned int
VMCAGetRootCACertificate(
unsigned int *dwCertLength,
VMCA_CERTIFICATE_CONTAINER **ppCertContainer
)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pCertificate = NULL;
PSTR pszRootCertFile = NULL;
BOOLEAN bLocked = FALSE;
VMCA_LOCK_MUTEX_SHARED(&gVMCAServerGlobals.svcMutex, bLocked);
dwError = VMCASrvValidateCA();
BAIL_ON_VMCA_ERROR(dwError);
VMCAGetRootCertificateFilePath(&pszRootCertFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAReadCertificateChainFromFile(
pszRootCertFile,
&pCertificate);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCARpcAllocateCertificateContainer(pCertificate, ppCertContainer);
BAIL_ON_VMCA_ERROR(dwError);
strcpy((char*)(*ppCertContainer)->pCert,pCertificate);
error :
VMCA_LOCK_MUTEX_UNLOCK(&gVMCAServerGlobals.svcMutex, bLocked);
if( dwError != 0)
{
if (ppCertContainer && *ppCertContainer)
{
VMCARpcFreeCertificateContainer(*ppCertContainer);
*ppCertContainer = NULL;
}
}
VMCA_SAFE_FREE_STRINGA(pCertificate);
VMCA_SAFE_FREE_STRINGA(pszRootCertFile);
pCertificate = NULL;
return dwError;
}
DWORD
VMCASrvInitCA(
VOID
)
{
DWORD dwError = 0;
PVMCA_CERTIFICATE pRootCACert = NULL;
PVMCA_KEY pPrivateKey = NULL;
PSTR pszRootCertFile = NULL;
PSTR pszPrivateKeyFile = NULL;
PSTR pszPasswordFile = NULL;
PVMCA_X509_CA pCA = NULL;
DWORD dwCRLNumberCurrent = 0;
BOOL bIsHoldingMutex = FALSE;
dwError = VMCAGetRootCertificateFilePath(&pszRootCertFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetPrivateKeyPath(&pszPrivateKeyFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAGetPrivateKeyPasswordPath(&pszPasswordFile);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAReadCertificateChainFromFile(pszRootCertFile,&pRootCACert);
BAIL_ON_VMCA_ERROR(dwError);
//
// TODO : Support Passwords for private key
//
dwError = VMCAReadPrivateKeyFromFilePrivate(
pszPrivateKeyFile,
NULL,
&pPrivateKey);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCAValidateCACertificatePrivate(
(LPSTR) pRootCACert,
NULL,
pPrivateKey);
BAIL_ON_VMCA_ERROR(dwError);
dwError = VMCACreateCA( pRootCACert, pPrivateKey, NULL, &pCA);
BAIL_ON_VMCA_ERROR(dwError);
if (BN_num_bits(pCA->pKey->pkey.rsa->n) < VMCA_MIN_CA_CERT_PRIV_KEY_LENGTH)
{
dwError = VMCA_ERROR_INVALID_KEY_LENGTH;
BAIL_ON_VMCA_ERROR(dwError);
}
dwError = VMCASrvSetCA(pCA);
BAIL_ON_VMCA_ERROR(dwError);
pthread_mutex_lock (&gVMCAServerGlobals.mutexCRL);
bIsHoldingMutex = TRUE;
dwError = VmcaDbGetCurrentCRLNumber(&dwCRLNumberCurrent);
if (dwError == ERROR_OBJECT_NOT_FOUND)
{
dwError = 0;
dwCRLNumberCurrent = 0;
}
BAIL_ON_VMCA_ERROR (dwError);
gVMCAServerGlobals.dwCurrentCRLNumber = dwCRLNumberCurrent;
pthread_mutex_unlock (&gVMCAServerGlobals.mutexCRL);
bIsHoldingMutex = FALSE;
error:
if ( pPrivateKey != NULL )
{
VMCAFreeKey(pPrivateKey);
}
if (pRootCACert != NULL)
{
VMCAFreeCertificate(pRootCACert);
}
if (bIsHoldingMutex)
{
pthread_mutex_unlock(&gVMCAServerGlobals.mutexCRL);
}
VMCA_SAFE_FREE_STRINGA(pszRootCertFile);
VMCA_SAFE_FREE_STRINGA(pszPrivateKeyFile);
VMCA_SAFE_FREE_STRINGA(pszPasswordFile);
if (pCA)
{
VMCAReleaseCA(pCA);
}
return dwError;
}
