static BOOL OpenProvider(HCRYPTPROV *phProv, char *psProvider, DWORD dwFlags)
{
BOOL fRes;
DWORD dwType = DigiCrypt_FindContext_GetCSPType(psProvider);
fRes = CryptAcquireContext(phProv,NULL,psProvider, dwType, dwFlags);
return(fRes);
}
static char *DigiCrypt_GetFirstAllowedCSPName(void)
{
char *psRes = NULL;
HKEY hKey = NULL;
LONG lRet=0;
DWORD dwIndex = 0;
BOOL fRes;
char sProvName[dSTRING_ITEM_LEN+1];
char sKeyNameBuf[dSTRING_ITEM_LEN+1];
HCRYPTPROV hProvide = 0;
DWORD dwBufLen;
FILETIME oTime;
//char buff[200];
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData=dNAME_ITEM_LEN+1;
DWORD dwProvType;
strncpy(sKeyNameBuf, psData_CSP_Path, sizeof(sKeyNameBuf));
lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKeyNameBuf,0, KEY_READ, &hKey);
while (lRet == ERROR_SUCCESS) {
dwBufLen = dSTRING_ITEM_LEN;
lRet = RegEnumKeyEx(hKey,dwIndex,sProvName,&dwBufLen,NULL,NULL,0,&oTime);
if (lRet == ERROR_SUCCESS) {
if (lstrcmp(sProvName,psData_Ignore_CSP_Name) != 0) {
dwProvType = DigiCrypt_FindContext_GetCSPType(sProvName);
LOG("CSP %s",sProvName);
if (lstrcmp(sProvName,psData_Extra_CSP_Name) != 0)
fRes = OpenProvider(&hProvide, sProvName, CRYPT_SILENT);
else {
fRes = OpenProvider(&hProvide, sProvName, CRYPT_VERIFYCONTEXT);
//fRes = CryptAcquireContext(&hProvide,"SetCARDKeyContainer",sProvName,dwProvType, CRYPT_SILENT);
fRes = CryptAcquireContext(&hProvide,NULL,sProvName,dwProvType, CRYPT_VERIFYCONTEXT);
if(fRes) {
//the extra csp might give wrong answer. We should ask from provider, why.
//The following is the work-around -- try to lookup key container from the card.
//if the result is negative this is a not the csp what is needed.
fRes=CryptGetProvParam(hProvide, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
}
}
if (fRes == TRUE) { // && dwProvType == 2)
//set global values
LOG("CSP %s accepted",sProvName);
strncpy(oG_sCSPName, sProvName, sizeof(oG_sCSPName));
CryptReleaseContext(hProvide, 0);
psRes = oG_sCSPName;
break;
}
}
}
//hProvide = 0;
CryptReleaseContext(hProvide, 0);
dwIndex++;
}
if (hKey != NULL)
RegCloseKey(hKey);
return(psRes);
}
static char *DigiCrypt_GetDefaultKeyContainerName(char *psCSPName)
{
char *psRes = NULL;
HCRYPTPROV hProvider;
BOOL fRes;
DWORD dwFlags = CRYPT_VERIFYCONTEXT;
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData = dNAME_ITEM_LEN;
DWORD dwError;
DWORD dwProvType;
ZeroMemory(pbData,cbData);
ZeroMemory(oG_sKeyContainerName,1000);
dwProvType = DigiCrypt_FindContext_GetCSPType(psCSPName);
//LOG("GetDefaultKeyContainerName CSP=%s",psCSPName);
if (lstrcmp(psCSPName,psData_Extra_CSP_Name) != 0)
fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,dwProvType, CRYPT_SILENT);
else
fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,dwProvType, CRYPT_VERIFYCONTEXT);
if (fRes == FALSE && dwFlags == CRYPT_SILENT) {
//by description must be CRYPT_VERIFYCONTEXT
fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,dwProvType, CRYPT_VERIFYCONTEXT);
}
if (fRes == TRUE) {
cbData = dNAME_ITEM_LEN;
fRes = CryptGetProvParam(hProvider, PP_CONTAINER, pbData, &cbData, 0);
/*if (fRes == FALSE)
dwError = GetLastError();*/
}
//Some cards should not have default key container
//let try to find key containers on the card.
if (fRes == FALSE) {
fRes=CryptGetProvParam(hProvider, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
if (fRes == FALSE)
dwError = GetLastError();
}
if (fRes == TRUE) {
//oG_hProvider = hProvider;
strncpy(oG_sKeyContainerName, (char *) pbData, sizeof(oG_sKeyContainerName));
//psRes = oG_sKeyContainerName;
DigiCrypt_ChangeContainerName(oG_sKeyContainerName);
} else {
}
if (psRes != NULL)
LOG("GetDefaultKeyContainerName CSP=%s",psCSPName);
else
LOG("GetDefaultKeyContainerName Not found");
if (hProvider != 0)
CryptReleaseContext(hProvider, 0);
return(oG_sKeyContainerName);
}
static char *DigiCrypt_GetFirstAllowedCSPNameNew(void)
{
char *psRes = NULL;
HKEY hKey = NULL;
LONG lRet=0;
DWORD dwIndex = 0;
BOOL fRes;
char sProvName[dSTRING_ITEM_LEN+1];
char sKeyNameBuf[dSTRING_ITEM_LEN+1];
HCRYPTPROV hProvide = 0;
DWORD dwBufLen;
FILETIME oTime;
//char buff[200];
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData=dNAME_ITEM_LEN+1;
//
DWORD dwProvType;
lstrcpy(sKeyNameBuf,psData_CSP_Path);
lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKeyNameBuf,0, KEY_READ, &hKey);
while (lRet == ERROR_SUCCESS)
{
dwBufLen = dSTRING_ITEM_LEN;
lRet = RegEnumKeyEx(hKey,dwIndex,sProvName,&dwBufLen,NULL,NULL,0,&oTime);
if (lRet == ERROR_SUCCESS)
{
if (lstrcmp(sProvName,psData_Ignore_CSP_Name) != 0)
{
cbData=dNAME_ITEM_LEN+1;
dwProvType = DigiCrypt_FindContext_GetCSPType(sProvName);
LOG("CSP %s",sProvName);
//printf("%s :",sProvName);
if ((lstrcmp(sProvName,psData_Extra_CSP_Name) != 0) && (lstrcmp(sProvName,"Belgium Identity Card CSP")!=0))
{
//fRes = OpenProvider(&hProvide, sProvName, CRYPT_SILENT);
fRes = CryptAcquireContext(&hProvide,NULL,sProvName,dwProvType, CRYPT_SILENT);
fRes=CryptGetProvParam(hProvide, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
// printf("X\n");
}
else
{
//fRes = OpenProvider(&hProvide, sProvName, CRYPT_VERIFYCONTEXT);
//fRes = CryptAcquireContext(&hProvide,"SetCARDKeyContainer",sProvName,dwProvType, CRYPT_SILENT);
fRes = CryptAcquireContext(&hProvide,NULL,sProvName,dwProvType, CRYPT_VERIFYCONTEXT);
if (fRes == TRUE)
{
//the extra csp might give wrong answer. We should ask from provider, why.
//The following is the work-around -- try to lookup key container from the card.
//if the result is negative this is a not the csp what is needed.
fRes=CryptGetProvParam(hProvide, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
if (fRes == TRUE)
fRes=CryptAcquireContext(&hProvide,(char*)pbData,sProvName,dwProvType, CRYPT_SILENT);
}
}
//printf("fRes: %x\n",GetLastError());
if (fRes == TRUE) // && dwProvType == 2)
{
// printf("OK %d %s\n",cbData, pbData);
//set global values
LOG("CSP %s accepted",sProvName);
//is it hardware token?
cbData=dNAME_ITEM_LEN+1;
if (CryptGetProvParam(hProvide, PP_IMPTYPE, pbData, &cbData, 0))
{
//printf("implementat: %d\n",pbData[0]);
if((pbData[0] & 1)) // hardware token
{
lstrcpy(oG_sCSPName,sProvName);
//CryptReleaseContext(hProvide, 0);
psRes = oG_sCSPName;
break;
}
}
}
}
}
//hProvide = 0;
CryptReleaseContext(hProvide, 0);
dwIndex++;
}
if (hKey != NULL)
RegCloseKey(hKey);
return(psRes);
}
PCCERT_CONTEXT DigiCrypt_ReadCertFromCard(void)
{
HCRYPTPROV hCryptProv;
BYTE *pbData = NULL;
HCRYPTKEY hKey;
DWORD cbData = 0;
DWORD dwKeyType=0;
DWORD dwErrCode=0;
DWORD cspType=0;
DWORD cspFlag=CRYPT_SILENT;
char *psCspName = NULL;
char *psKeyContainer;
BOOL fRes = FALSE;
PCCERT_CONTEXT pCertContext = NULL;
CRYPT_KEY_PROV_INFO KeyProvInfo;
LPWSTR wszContainerName=NULL;
LPWSTR wszProvName=NULL;
DWORD cchContainerName;
DWORD cchCSPName;
HCRYPTPROV hProv;
DigiCrypt_ReleaseFirstAllowedCSP();
psCspName=DigiCrypt_GetFirstAllowedCSPNameNew();
//very dummy thing.. i check from csp creators why i should do so...
if(!lstrcmp(psCspName,"EstEID Card CSP"))
fRes = CryptAcquireContext(&hProv,"XXX",psCspName,2, CRYPT_SILENT);
// end dummy//
if (psCspName == NULL || strstr(psCspName,psData_Est_CSP_Name) == NULL)
return(pCertContext);
cspType=DigiCrypt_FindContext_GetCSPType(psCspName);
psKeyContainer=DigiCrypt_GetDefaultKeyContainerName(psCspName);
fRes = CryptAcquireContext(&hCryptProv,psKeyContainer,psCspName,cspType, CRYPT_SILENT);
if (fRes == FALSE)
return(pCertContext);
fRes=CryptGetUserKey(hCryptProv, AT_SIGNATURE, &hKey);
if (fRes == TRUE)
{
fRes=CryptGetKeyParam(hKey, KP_CERTIFICATE, NULL, &cbData, 0);
if (fRes == TRUE)
{
pbData = (unsigned char*)malloc(cbData);
if (pbData == NULL)
fRes = FALSE;
}
if (fRes == TRUE)
fRes=CryptGetKeyParam(hKey, KP_CERTIFICATE, pbData, &cbData, 0);
if (fRes == TRUE)
{
pCertContext = CertCreateCertificateContext(MY_ENCODING_TYPE,pbData,cbData);
if (pCertContext != NULL)
{
wszContainerName=NULL;
wszProvName=NULL;
cchContainerName = (lstrlen(psKeyContainer) + 1) * sizeof(WCHAR);
cchCSPName = (lstrlen(psCspName) + 1) * sizeof(WCHAR);
wszContainerName = (LPWSTR) malloc(cchContainerName);
wszProvName = (LPWSTR) malloc(cchCSPName);
mbstowcs(wszContainerName, psKeyContainer,cchContainerName);
mbstowcs(wszProvName, psCspName, cchCSPName);
ZeroMemory((PVOID)&KeyProvInfo, sizeof(CRYPT_KEY_PROV_INFO));
KeyProvInfo.pwszContainerName = (LPWSTR) wszContainerName;
KeyProvInfo.pwszProvName = (LPWSTR) wszProvName;
KeyProvInfo.dwProvType = PROV_RSA_SIG;
KeyProvInfo.dwFlags = 0;
KeyProvInfo.dwKeySpec = dwKeyType;
fRes = CertSetCertificateContextProperty(pCertContext,CERT_KEY_PROV_INFO_PROP_ID, 0, (const void *) &KeyProvInfo);
if (wszContainerName != NULL)
free(wszContainerName);
if (wszProvName != NULL)
free(wszProvName);
}
}
}
//if (pCertContext != NULL)
// DigiCrypt_AddCertToStore(pCertContext);
if (fRes == FALSE && pCertContext != NULL)
{
CertFreeCertificateContext(pCertContext);
pCertContext = NULL;
}
if (pbData != NULL)
free(pbData);
if (hCryptProv != 0)
CryptReleaseContext(hCryptProv, 0);
return(pCertContext);
}
