certificate VMCAClient::GetCertificateFromCSR(const std::string& CSR, time_t NotBefore, time_t NotAfter) { DWORD dwError = 0; PVMCA_CERTIFICATE pCertificate = NULL; certificate result; if (CSR.length() <= 0 ) { dwError = VMCA_ARGUMENT_ERROR; BAIL_ON_ERROR(dwError); } dwError = VMCAGetSignedCertificateFromCSRHA( _pServerContext->getContext(), _pServerContext->getNetworkAddress().c_str(), CSR.c_str(), NotBefore, NotAfter, &pCertificate); BAIL_ON_ERROR(dwError); result.certString.assign(pCertificate); error : if(pCertificate != NULL) { VMCAFreeCertificate(pCertificate); } THROW_IF_NEEDED(dwError); return result; }
vmca_server_context::vmca_server_context( const std::string& username, const std::string& domain, const std::string& password, const std::string& server_address ) : _username(username), _domain(domain), _password(password), _server_address(server_address), _pServerContext(NULL) { PVMCA_SERVER_CONTEXT pContext = NULL; DWORD dwError = VMCAOpenServerA( _server_address.c_str(), username.c_str(), domain.c_str(), password.c_str(), 0, NULL, &pContext); THROW_IF_NEEDED(dwError); _pServerContext = pContext; }
certificate VMCAClient::GetSelfSignedCertificate(const REQUEST& req, const KEYPAIR& keys, time_t NotBefore, time_t NotAfter) { DWORD dwError = 0; PVMCA_CERTIFICATE pCertificate = NULL; PVMCA_PKCS_10_REQ_DATAA data = NULL; certificate result; dwError = VMCAAllocatePKCS10DataA(&data); BAIL_ON_ERROR(dwError); dwError = req.InitPKCS10(data); BAIL_ON_ERROR(dwError); dwError = VMCACreateSelfSignedCertificateA(data, (PSTR) keys.privatekey.c_str(), NULL, NotBefore, NotAfter, &pCertificate); BAIL_ON_ERROR(dwError); result.certString.assign(pCertificate); error : if(pCertificate != NULL) { VMCAFreeCertificate(pCertificate); } if (data != NULL) { VMCAFreePKCS10DataA(data); } THROW_IF_NEEDED(dwError); return result; }
void client::SetMachineCertWithString( std::string PEMEncodedCertificate, std::string PEMEncodedPrivateKey) { DWORD dwError = 0; if (PEMEncodedCertificate.length() <= 0) { dwError = VECS_NO_CERT_FOUND; BAIL_ON_ERROR(dwError); } if (PEMEncodedPrivateKey.length() <= 0) { dwError = VECS_NO_CERT_FOUND; BAIL_ON_ERROR(dwError); } dwError = VmAfdSetSSLCertificate(ServerName.c_str(), (PSTR) PEMEncodedCertificate.c_str(), (PSTR) PEMEncodedPrivateKey.c_str()); BAIL_ON_ERROR(dwError); cleanup: return; error: THROW_IF_NEEDED(dwError); goto cleanup; }
certificate VMCAClient::GetCertificate(const REQUEST& req, const KEYPAIR& keys, time_t NotBefore, time_t NotAfter) { DWORD dwError = 0; PVMCA_CERTIFICATE pCertificate = NULL; certificate result; dwError = VMCAGetSignedCertificateFromCSRHA( _pServerContext->getContext(), _pServerContext->getNetworkAddress().c_str(), req.GetCSR(keys).c_str(), NotBefore, NotAfter, &pCertificate); BAIL_ON_ERROR(dwError); result.certString.assign(pCertificate); error : if(pCertificate != NULL) { VMCAFreeCertificate(pCertificate); } THROW_IF_NEEDED(dwError); return result; }
opaque client::OpenCertStore( std::string StoreName, std::string Password) { DWORD dwError = 0; opaque result; PVECS_STORE pStore = NULL; PSTR pszPassword = NULL; pszPassword = (PSTR)Password.c_str(); if (pszPassword && pszPassword[0] == '\0') { pszPassword = NULL; } dwError = VecsOpenCertStoreA( ServerName.c_str(), StoreName.c_str(), pszPassword, &pStore); BAIL_ON_ERROR(dwError); result = (opaque)pStore; cleanup: return result; error: THROW_IF_NEEDED(dwError); goto cleanup; }
std::string client::GetStatus() { DWORD dwError = 0; VMAFD_STATUS status = VMAFD_STATUS_UNKNOWN; std::string result; dwError = VmAfdGetStatusA(ServerName.c_str(), &status); BAIL_ON_ERROR(dwError); if (status == VMAFD_STATUS_UNKNOWN) { result.assign("Unknown"); } if (status == VMAFD_STATUS_INITIALIZING) { result.assign("Initializing"); } if (status == VMAFD_STATUS_RUNNING) { result.assign("Running"); } error: THROW_IF_NEEDED(dwError); return result; }
std::string client::GetCertByAlias( opaque Store, std::string Alias) { DWORD dwError = 0; PSTR pszAlias = NULL; PSTR pszCertificate = NULL; PVECS_STORE pStore = NULL; std::string result; if (Alias.length() <= 0) { dwError = VECS_NO_CERT_FOUND; BAIL_ON_ERROR(dwError); } pStore = (PVECS_STORE)Store; dwError = VecsGetCertificateByAliasA( pStore, (PSTR)Alias.c_str(), &pszCertificate); BAIL_ON_ERROR(dwError); result.assign(pszCertificate); cleanup: VMAFD_SAFE_FREE_MEMORY(pszCertificate); return result; error: THROW_IF_NEEDED(dwError); goto cleanup; }
opaque client::BeginEnumAliases( opaque Store, int EntryCount) { DWORD dwError = 0; PVECS_STORE pStore = NULL; PVECS_ENUM_CONTEXT pEnumContext = NULL; opaque result; pStore = (PVECS_STORE)Store; dwError = VecsBeginEnumEntries( pStore, EntryCount, ENTRY_INFO_LEVEL_1, &pEnumContext); BAIL_ON_ERROR(dwError); result = (opaque)pEnumContext; cleanup: return result; error: THROW_IF_NEEDED(dwError); goto cleanup; }
std::string request::GetCSR(const KEYPAIR& keypair) const { DWORD dwError = 0; PVMCA_CSR pCSR = NULL; PVMCA_PKCS_10_REQ_DATAA data = NULL; std::string result; dwError = VMCAAllocatePKCS10DataA(&data); BAIL_ON_ERROR(dwError); dwError = InitPKCS10(data); BAIL_ON_ERROR(dwError); dwError = VMCACreateSigningRequestA(data, (PSTR) keypair.privatekey.c_str(), NULL, &pCSR); BAIL_ON_ERROR(dwError); result.assign(pCSR); error : if ( data != NULL) { VMCAFreePKCS10DataA(data); } if(pCSR != NULL) { VMCAFreeCSR(pCSR); } THROW_IF_NEEDED(dwError); return result; }
std::string client::GetDomainState() { VMAFD_DOMAIN_STATE domainState = VMAFD_DOMAIN_STATE_NONE; DWORD dwError = 0; std::string result; dwError = VmAfdGetDomainStateA(ServerName.c_str(), &domainState); BAIL_ON_ERROR(dwError); switch (domainState) { case VMAFD_DOMAIN_STATE_NONE: result.assign("None"); break; case VMAFD_DOMAIN_STATE_CONTROLLER: result.assign("Controller"); break; case VMAFD_DOMAIN_STATE_CLIENT: result.assign("Client"); break; default: result.assign("Unknown"); break; } error: THROW_IF_NEEDED(dwError); return result; }
void client::DisableClientAffinity() { DWORD dwError = 0; //This code would eventually move out of here //when other APIs become remotable PVMAFD_SERVER pServer = NULL; dwError = VmAfdOpenServerA(NULL,NULL,NULL,&pServer); BAIL_ON_ERROR(dwError); dwError = CdcDisableClientAffinity(pServer); BAIL_ON_ERROR(dwError); cleanup: if (pServer) { VmAfdCloseServer(pServer); } return; error: THROW_IF_NEEDED(dwError); goto cleanup; }
void client::SetLDU(std::string LDUName) { DWORD dwError = 0; dwError = VmAfdSetLDUA(ServerName.c_str(), LDUName.c_str()); BAIL_ON_ERROR(dwError); error: THROW_IF_NEEDED(dwError); }
void client::SetDCPort(unsigned int port) { DWORD dwError = 0; dwError = VmAfdSetDCPortA(ServerName.c_str(), port); BAIL_ON_ERROR(dwError); error: THROW_IF_NEEDED(dwError); }
void client::SetDomainName(std::string domainName) { DWORD dwError = 0; dwError = VmAfdSetDomainNameA(ServerName.c_str(), domainName.c_str()); BAIL_ON_ERROR(dwError); error: THROW_IF_NEEDED(dwError); }
void client::SetPNID(std::string PNID) { DWORD dwError = 0; dwError = VmAfdSetPNIDA(ServerName.c_str(), PNID.c_str()); BAIL_ON_ERROR(dwError); error: THROW_IF_NEEDED(dwError); }
void client::SetCAPath(std::string path) { DWORD dwError = 0; dwError = VmAfdSetCAPathA(ServerName.c_str(), path.c_str()); BAIL_ON_ERROR(dwError); error: THROW_IF_NEEDED(dwError); }
void client::SetMachineID(std::string id) { DWORD dwError = 0; dwError = VmAfdSetMachineIDA( ServerName.c_str(), id.c_str()); BAIL_ON_ERROR(dwError); error: THROW_IF_NEEDED(dwError); }
bool client::Revoke(const certificate& cert) { DWORD dwError = 0; dwError = VMCARevokeCertificateA(ServerName.c_str(), (PVMCA_CERTIFICATE)cert.certString.c_str()); BAIL_ON_ERROR(dwError); error : THROW_IF_NEEDED(dwError); return true; }
VMCACRL client::GetCRL(const std::string& newCRL) { VMCACRL result; DWORD dwError = 0; dwError = VMCAGetCRLA((PSTR)ServerName.c_str(), NULL, (PSTR) newCRL.c_str()); BAIL_ON_ERROR(dwError); result.filepath.assign(newCRL); error : THROW_IF_NEEDED(dwError); return result; }
bool client::AddRootCertificate(const std::string& Certificate, const std::string& PrivateKey) { DWORD dwError = 0; dwError = VMCAAddRootCertificateA(ServerName.c_str(), (PVMCA_CERTIFICATE) Certificate.c_str(), NULL, (PVMCA_KEY) PrivateKey.c_str()); BAIL_ON_ERROR(dwError); error : THROW_IF_NEEDED(dwError); return true; }
vmcacontext2 VMCAClient::OpenEnumHandle(const std::string& statusFilter) { DWORD dwError = 0; PVOID pContext = NULL; VMCA_CERTIFICATE_STATUS dwStatus = VMCA_CERTIFICATE_ALL; vmcacontext2 ctx; // initialize enum ctx.pContext = NULL; ctx.pclient = NULL; ctx.currIndex = 0; ctx.enumStatus = VMCA_ENUM_ERROR; if ( std::strcmp(statusFilter.c_str(), "active") == 0) { dwStatus = VMCA_CERTIFICATE_ACTIVE; } else if ( std::strcmp(statusFilter.c_str(), "revoked") == 0) { dwStatus = VMCA_CERTIFICATE_REVOKED; } else if ( std::strcmp(statusFilter.c_str(), "expired") == 0) { dwStatus = VMCA_CERTIFICATE_EXPIRED; } else if ( std::strcmp(statusFilter.c_str(), "all") == 0) { dwStatus = VMCA_CERTIFICATE_ALL; } else { goto error; } dwError = VMCAOpenEnumContextHA( _pServerContext->getContext(), _pServerContext->getNetworkAddress().c_str(), dwStatus, &pContext ); BAIL_ON_ERROR(dwError); ctx.pContext = pContext; ctx.pclient = this; return ctx; error : if (pContext){ VMCACloseEnumContext(pContext); } THROW_IF_NEEDED(dwError); return ctx; }
VOID client::Logout() { DWORD dwError = 0; #if 0 /* * Temporarily disable logout because machine account * credentials are used for SRP authentication. */ dwError = VMCALogout(); #endif THROW_IF_NEEDED(dwError); }
bool VMCAClient::Revoke(const certificate& cert) { DWORD dwError = 0; dwError = VMCARevokeCertificateHA( _pServerContext->getContext(), _pServerContext->getNetworkAddress().c_str(), (PVMCA_CERTIFICATE)cert.certString.c_str()); BAIL_ON_ERROR(dwError); error : THROW_IF_NEEDED(dwError); return true; }
std::string client::GetCdcState() { CDC_DC_STATE cdcState = CDC_DC_STATE_UNDEFINED; DWORD dwError = 0; std::string result; //This code would eventually move out of here //when other APIs become remotable PVMAFD_SERVER pServer = NULL; dwError = VmAfdOpenServerA(NULL,NULL,NULL,&pServer); BAIL_ON_ERROR(dwError); dwError = CdcGetCurrentState(pServer, &cdcState); BAIL_ON_ERROR(dwError); switch (cdcState) { case CDC_DC_STATE_NO_DC_LIST: result.assign("NO_DC_LIST"); break; case CDC_DC_STATE_SITE_AFFINITIZED: result.assign("SITE_AFFINITIZED"); break; case CDC_DC_STATE_OFF_SITE: result.assign("OFF_SITE"); break; case CDC_DC_STATE_NO_DCS_ALIVE: result.assign("NO_DCS_ALIVE"); break; case CDC_DC_STATE_LEGACY: result.assign("DISABLED"); break; default: result.assign("UNKNOWN"); break; } cleanup: if (pServer) { VmAfdCloseServer(pServer); } return result; error: THROW_IF_NEEDED(dwError); goto cleanup; }
bpl::list client::EnumDCEntries() { DWORD dwError = 0; bpl::list result; DWORD dwCount = 0; DWORD dwIndex = 0; PSTR pszDCEntry = NULL; PSTR *ppszDCEntries = NULL; //This code would eventually move out of here //when other APIs become remotable PVMAFD_SERVER pServer = NULL; dwError = VmAfdOpenServerA(NULL,NULL,NULL,&pServer); BAIL_ON_ERROR(dwError); dwError = CdcEnumDCEntriesA( pServer, &ppszDCEntries, &dwCount); if (dwError == 0 && dwCount > 0) { for (dwIndex=0; dwIndex<dwCount; dwIndex++) { if (ppszDCEntries[dwIndex]) { std::string st(ppszDCEntries[dwIndex]); result.append(st); } } } BAIL_ON_ERROR(dwError); cleanup: if (pServer) { VmAfdCloseServer(pServer); } if (ppszDCEntries) { CdcFreeStringArrayA(ppszDCEntries, dwCount); } return result; error: THROW_IF_NEEDED(dwError); goto cleanup; }
std::string client::GetVersion() { PSTR pVersion = NULL; DWORD dwError = 0; std::string result; dwError = VMCAGetServerVersionA(ServerName.c_str(), &pVersion); BAIL_ON_ERROR(dwError); result.assign (pVersion); error : if (pVersion != NULL) { VMCAFreeKey(pVersion); } THROW_IF_NEEDED(dwError); return result; }
bpl::list client::EnumAliases( opaque EnumContext) { DWORD dwError = 0; bpl::list result; PVECS_ENUM_CONTEXT pEnumContext = NULL; DWORD dwCount = 0; DWORD dwIndex = 0; PSTR pAlias = NULL; PVECS_CERT_ENTRY_A pEntries = NULL; pEnumContext = (PVECS_ENUM_CONTEXT)EnumContext; dwError = VecsEnumEntriesA( pEnumContext, &pEntries, &dwCount); if (dwError == 0 && dwCount > 0) { for (dwIndex=0; dwIndex<dwCount; dwIndex++) { pAlias = pEntries[dwIndex].pszAlias; if (pAlias) { std::string st(pAlias); result.append(st); } } } if (dwError == ERROR_NO_MORE_ITEMS) { dwError = 0; } BAIL_ON_ERROR(dwError); cleanup: if (pEntries) { VecsFreeCertEntryArrayA(pEntries, dwCount); } return result; error: THROW_IF_NEEDED(dwError); goto cleanup; }
bool VMCAClient::AddRootCertificate(const std::string& Certificate, const std::string& PrivateKey) { DWORD dwError = 0; dwError = VMCAAddRootCertificateHA( _pServerContext->getContext(), _pServerContext->getNetworkAddress().c_str(), (PVMCA_CERTIFICATE) Certificate.c_str(), NULL, (PVMCA_KEY) PrivateKey.c_str()); BAIL_ON_ERROR(dwError); error : THROW_IF_NEEDED(dwError); return true; }
VMCACRL VMCAClient::GetCRL(const std::string& newCRL) { VMCACRL result; DWORD dwError = 0; dwError = VMCAGetCRLHA( _pServerContext->getContext(), _pServerContext->getNetworkAddress().c_str(), NULL, (PSTR) newCRL.c_str()); BAIL_ON_ERROR(dwError); result.filepath.assign(newCRL); error : THROW_IF_NEEDED(dwError); return result; }