PKIFCAPIUserRepository2.cpp

Go to the documentation of this file.

#include "CAPIUtils.h" //added here 7/29/2004
#include "PKIFCAPIUserRepository2.h"
#include "ToolkitUtils.h"
#include "PKIFCacheErrors.h"
#include "PKIFCacheException.h"

#include "Certificate.h"
#include "GottaMatch.h"
#include "Name.h"
#include "Buffer.h"
#include "KeyIDBasedSearch.h"
#include "NameBasedSearch.h"
#include "IssuerNameAndSerialNumberBasedSearch.h"

#include "boost/numeric/conversion/cast.hpp"
#include "boost/numeric/conversion/bounds.hpp"
#include "boost/limits.hpp"

using boost::numeric_cast;
using boost::bad_numeric_cast;

#include <atlbase.h>
#include <sstream>

struct CPKIFCAPIUserRepository2Impl
{
    HCERTSTORE m_hSto;
    int m_nSysStoRegLoc;
    char* m_szStore;
};

CPKIFCAPIUserRepository2::CPKIFCAPIUserRepository2(
    int sysStoRegLoc,
    const char* store)
    : m_impl(new CPKIFCAPIUserRepository2Impl), IPKIFCAPISource(sysStoRegLoc, store)
{
    LOG_STRING_DEBUG("CPKIFCAPIUserRepository2::CPKIFCAPIUserRepository2(void)", TOOLKIT_SR_CAPIUSERREPOSITORY, 0, this);

    m_impl->m_hSto = NULL;

    m_impl->m_nSysStoRegLoc = sysStoRegLoc;

    m_impl->m_szStore = NULL;
    size_t len = 0;
    if(store)
    {
        len = strlen(store);
        m_impl->m_szStore = new char[len + 1];

        //reviewed 4/24
        strcpy(m_impl->m_szStore, store);
    }
}
CPKIFCAPIUserRepository2::~CPKIFCAPIUserRepository2(void)
{
    LOG_STRING_DEBUG("CPKIFCAPIUserRepository2::~CPKIFCAPIUserRepository2(void)", TOOLKIT_SR_CAPIUSERREPOSITORY, 0, this);

    if(m_impl->m_szStore)
        delete[] m_impl->m_szStore;

    if(NULL != m_impl->m_hSto)
    {
        CertCloseStore(m_impl->m_hSto, 0); m_impl->m_hSto = NULL;
    }
    delete m_impl;
    m_impl = NULL;
}
void CPKIFCAPIUserRepository2::Initialize(void)
{
    LOG_STRING_DEBUG("CPKIFCAPIUserRepository2::Initialize(void)", TOOLKIT_SR_CAPIUSERREPOSITORY, 0, this);

    if(NULL != m_impl->m_hSto)
    {
        LOG_STRING_WARN("Skipping initialization - CPKIFCAPIUserRepository2 instance already initialized", TOOLKIT_SR_CAPIREPOSITORY, COMMON_ALREADY_INITIALIZED, this);
        return; //already initialized - just log it, return and don't bother with exception
    }

    USES_CONVERSION;
    m_impl->m_hSto =  CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING, NULL, 
                                CERT_STORE_OPEN_EXISTING_FLAG | m_impl->m_nSysStoRegLoc , T2OLE(m_impl->m_szStore));
    if(NULL == m_impl->m_hSto)
    {
        std::ostringstream os;
        os << "CertOpenStore failed: " << GetLastError();
        RAISE_CACHE_EXCEPTION(os.str().c_str(), thisComponent, CACHE_CERT_STORE_OPEN_FAILED, this)
    }
}
void CPKIFCAPIUserRepository2::FindCertificates(
    IPKIFSearchCriteria* searchCriteria,
    CPKIFCertificateList& certList,
    PKIInfoSource source)
{
    LOG_STRING_DEBUG("CPKIFCAPIUserRepository2::FindCertificates", TOOLKIT_SR_CAPIUSERREPOSITORY, 0, this);

    //ignore requests for remote certificates
    if(REMOTE == source || NULL == searchCriteria)
    {
        LOG_STRING_DEBUG("Skipping CPKIFCAPIUserRepository2 - searching REMOTE sources only or NULL search criteria", thisComponent, 0, this);
        return;
    }

    void* ptrToSearchCriteria = NULL;
    DWORD findType = 0;

    //possible structures
    PCCERT_CONTEXT cert = NULL;
    CERT_NAME_BLOB nameBlob; 
    nameBlob.cbData = 0; 
    nameBlob.pbData = NULL;

    CERT_ID certID;
    certID.IssuerSerialNumber.Issuer.pbData = NULL;
    certID.IssuerSerialNumber.SerialNumber.pbData = NULL;

    switch(searchCriteria->GetSearchType())
    {
    case ALLCERTS:
        findType = CERT_FIND_ANY;
        break;
    case ISSUERNAME:
        {
            CPKIFNameBasedSearch* nbs = dynamic_cast<CPKIFNameBasedSearch*>(searchCriteria);
            StrToName(nbs->GetStringName(), &nameBlob.pbData, &nameBlob.cbData);
            if(0 != nameBlob.cbData)
            {
                ptrToSearchCriteria = &nameBlob;
                findType = CERT_FIND_ISSUER_NAME;
            }
            else
                return;
        }
        break;
    case SUBJECTNAME:
        {
            CPKIFNameBasedSearch* nbs = dynamic_cast<CPKIFNameBasedSearch*>(searchCriteria);
            StrToName(nbs->GetStringName(), &nameBlob.pbData, &nameBlob.cbData);
            if(0 != nameBlob.cbData)
            {
                ptrToSearchCriteria = &nameBlob;
                findType = CERT_FIND_SUBJECT_NAME;
            }
            else
                return;
        }
        break;
    case ISSUERSERIAL:
        {
            CPKIFIssuerNameAndSerialNumberBasedSearch* inasnbs = dynamic_cast<CPKIFIssuerNameAndSerialNumberBasedSearch*>(searchCriteria);
            CPKIFNamePtr issuerName = inasnbs->GetIssuerName();
            certID.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
            StrToName(issuerName->ToString(), &certID.IssuerSerialNumber.Issuer.pbData, &certID.IssuerSerialNumber.Issuer.cbData);
            const char* sn = inasnbs->GetSerialNumber();

            size_t len = strlen(sn) - 2;
            unsigned int iLen = 0;
            if(len > boost::numeric::bounds<unsigned int>::highest())
            {
                throw CPKIFCacheException(TOOLKIT_SR_CAPIUSERREPOSITORY, COMMON_INVALID_INPUT, "Serial number too big.");
            }
            else
                iLen = numeric_cast<unsigned int>(len);

            unsigned char* binSN = new unsigned char[iLen];
            atob((char*)binSN, (char*)sn+2, &iLen);
            ReverseBytes(binSN, iLen);
            certID.IssuerSerialNumber.SerialNumber.cbData = iLen;
            certID.IssuerSerialNumber.SerialNumber.pbData = binSN;
            ptrToSearchCriteria = &certID;
            findType = CERT_FIND_CERT_ID;
            break;
        }
    case KEYID:
        {
            CPKIFKeyIDBasedSearch* kidbs = dynamic_cast<CPKIFKeyIDBasedSearch*>(searchCriteria);
            if(!kidbs)
                return;

            CPKIFBufferPtr kid = kidbs->GetKeyID();

            CRYPT_HASH_BLOB chb;
            chb.cbData = kid->GetLength();
            chb.pbData = (BYTE*)kid->GetBuffer();

            ptrToSearchCriteria = &chb;
            findType = CERT_FIND_KEY_IDENTIFIER;
            break;
        }
    default:
        return;
    };

    do
    {
        cert = CertFindCertificateInStore(m_impl->m_hSto, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 
            0, findType, ptrToSearchCriteria, cert);
        if(NULL == cert)
            break;

        //create a CCACCert and stuff it into the list
        CPKIFCertificatePtr tmpCert(new CPKIFCertificate);
        try
        {
            tmpCert->Decode(cert->pbCertEncoded, cert->cbCertEncoded);

            GottaMatch<CPKIFCertificatePtr> gm;
            gm.SetRHS(tmpCert);
            if(certList.end() == find_if(certList.begin(), certList.end(), gm))
                certList.push_back(tmpCert);

//          certList.push_back(tmpCert); //moved this here from below catch block
                                        //else non-parsed certs end up in the list
        }
        catch(CPKIFException&)
        {
            //EXCEPTION DELETION
            //don't fail due to parse errors - log the failure and continue searching
            //if nothing is found that actually parses then an error will be generated
            //delete e;

            LOG_STRING_ERROR("Failed to parse certificate from CAPI store." , thisComponent, CACHE_PARSE_ERROR, this)
        }
    }while(NULL != cert);

    //free the memory allocated in call to StrToName
    if(NULL != nameBlob.pbData)
        PKIFDelete(nameBlob.pbData); //changed to PKIFDelete 12/7/2003
    if(NULL != certID.IssuerSerialNumber.Issuer.pbData)
        PKIFDelete(certID.IssuerSerialNumber.Issuer.pbData); //changed to PKIFDelete 12/7/2003
    if(NULL != certID.IssuerSerialNumber.SerialNumber.pbData)
        PKIFDelete(certID.IssuerSerialNumber.SerialNumber.pbData); //changed to PKIFDelete 12/7/2003
}