PKIFCAPICredential2.cpp

Go to the documentation of this file.

#include "PKIFCAPICredential2.h"
#include "ToolkitUtils.h"

#include "PKIFCAPIErrors.h"
#include "PKIFCryptoException.h"

#include "Certificate.h"

#include <atlbase.h>
#include <sstream>
using namespace std;

CPKIFCAPICredential2::CPKIFCAPICredential2(
    const char* provider,
    int provType,
    int sysStoRegLoc)
{
    LOG_STRING_DEBUG("CPKIFCAPICredential2::CPKIFCAPICredential2(void)", TOOLKIT_CRYPTO_CAPICRED, 0, this);

    m_provType = provType;
    m_sysStoRegLoc = sysStoRegLoc;
    m_provider = NULL;

    m_provider = NULL;
    size_t len = 0;
    if(provider)
    {
        len = strlen(provider);
        m_provider = new char[len + 1];

        //reviewed 4/23/2006
        strcpy(m_provider, provider);
    }

    m_certContext = NULL;
    m_keyProviderInfo = NULL;
    m_password = NULL;
    m_nPasswordLen = 0;
}

CPKIFCAPICredential2::~CPKIFCAPICredential2(void)
{
    LOG_STRING_DEBUG("CPKIFCAPICredential2::~CPKIFCAPICredential2(void)", TOOLKIT_CRYPTO_CAPICRED, 0, this);

    if(m_provider)
        delete[] m_provider;

    if(NULL != m_certContext)
    {
        CertFreeCertificateContext(m_certContext); m_certContext = NULL;
    }

    if(NULL != m_keyProviderInfo)
    {
        PKIFDelete(m_keyProviderInfo); m_keyProviderInfo = NULL;
    }

    if(NULL != m_password)
    {
        memset(m_password, 0, m_nPasswordLen);
        PKIFDelete(m_password); m_password = NULL;
    }
}

CPKIFCertificatePtr CPKIFCAPICredential2::GetCertificate() const
{
    LOG_STRING_DEBUG("CPKIFCAPICredential2::GetCertificate()", TOOLKIT_CRYPTO_CAPICRED, 0, this);

    //if m_cacCert has already been set, return it
    if(m_cacCert != (CPKIFCertificate*)NULL)
        return m_cacCert;

    //if it hasn't, see if there's a cert that can be parsed and stored in m_cacCert
    if(NULL != m_certContext && NULL != m_certContext->pbCertEncoded && 0 != m_certContext->cbCertEncoded)
    {
        //throw any exceptions that occur
        CPKIFCertificatePtr tmp(new CPKIFCertificate);
        tmp->Decode(m_certContext->pbCertEncoded, m_certContext->cbCertEncoded);

        CPKIFCAPICredential2* nonConst = const_cast<CPKIFCAPICredential2*>(this);
        nonConst->m_cacCert = tmp;
    }
    
    return m_cacCert;
}

void CPKIFCAPICredential2::SetPassword(
    unsigned char* password, 
    int len)
{
    LOG_STRING_DEBUG("CPKIFCAPICredential2::SetPassword(unsigned char* password, int len)", TOOLKIT_CRYPTO_CAPICRED, 0, this);

    //sanity check the inputs
    if(NULL == password || 0 >= len)
    {
        //delete any previously set password
        if(NULL != m_password)
        {
            memset(m_password, 0, m_nPasswordLen);
            PKIFDelete(m_password); m_password = NULL; m_nPasswordLen = 0;
        }

        return;
    }

    //allocate a temporary buffer for the new password
    unsigned char* tmpPassword = (unsigned char*)PKIFNew(len + 1);
    memcpy(tmpPassword, password, len);
    tmpPassword[len] = '\0';

    //after allocation succeeds destroy old password...
    if(NULL != m_password)
    {
        memset(m_password, 0, m_nPasswordLen);
        PKIFDelete(m_password); m_password = NULL; m_nPasswordLen = 0;
    }

    //and store the new one
    m_password = tmpPassword;
    m_nPasswordLen = len;
}

void CPKIFCAPICredential2::SetKeyProviderInfo() const
{
    LOG_STRING_DEBUG("CPKIFCAPICredential2::SetKeyProviderInfo()", TOOLKIT_CRYPTO_CAPICRED, 0, this);

    if(NULL == m_certContext)
        throw CPKIFCryptoException(thisComponent, PKIFCAPI_NO_KEY_ASSOCIATED, "No key has been associated with this credential object.");

    //if we already have key info there's no need to do this again
    if(NULL != m_keyProviderInfo)
        return;

    CRYPT_KEY_PROV_INFO* tmpKeyProviderInfo = NULL;
    DWORD providerInfoLen = 0;
    
    //determine the length of the key info
    BOOL succ = CertGetCertificateContextProperty(m_certContext, CERT_KEY_PROV_INFO_PROP_ID,
        NULL, &providerInfoLen);
    if(succ)
    {
        //allocate space for the new 
        tmpKeyProviderInfo = (CRYPT_KEY_PROV_INFO *)PKIFNew(providerInfoLen);
        if(NULL == tmpKeyProviderInfo) 
        {
            throw CPKIFCryptoException(thisComponent, COMMON_MEMORY_ALLOC_FAILURE);
        }
        
        //get the info into the temp object
        succ = CertGetCertificateContextProperty(m_certContext,
            CERT_KEY_PROV_INFO_PROP_ID, (void *)tmpKeyProviderInfo, &providerInfoLen);
        if(!succ)
        {
            PKIFDelete(tmpKeyProviderInfo); tmpKeyProviderInfo = NULL;

            std::ostringstream os;
            os << "CertGetCertificateContextProperty failed: " << GetLastError();
            RAISE_CRYPTO_EXCEPTION(os.str().c_str(), thisComponent, PKIFCAPI_KEY_PROV_INFO_FAILED, this);
        }

        //assign the temp object (no need to destroy existing as we would've bailed out above if !NULL)
        const_cast<CPKIFCAPICredential2*>(this)->m_keyProviderInfo = tmpKeyProviderInfo;
        return;
    }
    else
    {
        std::ostringstream os;
        os << "CertGetCertificateContextProperty failed: " << GetLastError();
        RAISE_CRYPTO_EXCEPTION(os.str().c_str(), thisComponent, PKIFCAPI_KEY_PROV_INFO_FAILED, this);
    }
}

bool CPKIFCAPICredential2::ProviderInfoMatches(
    const char* provider, 
    int provType) const
{
    LOG_STRING_DEBUG("CPKIFCAPICredential2::ProviderInfoMatches(const char* m_provider, int m_provType) const", TOOLKIT_CRYPTO_CAPICRED, 0, this);

    //simply return false for NULL inputs (or should we throw an exception)
    if(NULL == m_provider)
        return false;

    //get the key m_provider info so we can do the comparison
    if(NULL == m_keyProviderInfo)
        SetKeyProviderInfo();

    USES_CONVERSION;
    //changed strcmp(m_provider to strcmp(provider 7/9/2004
    if(0 == strcmp(provider, OLE2T(m_keyProviderInfo->pwszProvName)) &&
        provType == m_keyProviderInfo->dwProvType)
        return true;    
    else 
        return false;
}