CryptObjects.h

Go to the documentation of this file.

/*  CryptObjects.h - cryto API object wrappers
    Copyright (C) 2001-2004 Mark Weaver
    Written by Mark Weaver <mark@npsl.co.uk>

    Part of the Open-Win32 library.
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Library General Public
    License as published by the Free Software Foundation; either
    version 2 of the License, or (at your option) any later version.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Library General Public License for more details.

    You should have received a copy of the GNU Library General Public
    License along with this library; if not, write to the
    Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA  02111-1307, USA.
*/

#ifndef OW32_CryptObjects_h
#define OW32_CryptObjects_h

#include <OW32/OW32Libs.h>

namespace OW32 {

#ifndef MY_ENCODING_TYPE
#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
#endif

class OW32_LIB_EXPORT CCertUtils
{
public:
    static BOOL SignAndEncodeCertificate(
        CRYPT_DATA_BLOB* pBlob,
        HCRYPTPROV hSigningProv,
        DWORD dwKeySpec,
        CRYPT_ALGORITHM_IDENTIFIER* pSigAlg,
        PVOID pObject,
        LPCSTR szStructType,
        DWORD dwEncodingType = MY_ENCODING_TYPE)
    {
        pBlob->cbData = 0;
        if (!CryptSignAndEncodeCertificate(hSigningProv, dwKeySpec, dwEncodingType,
            szStructType, pObject, pSigAlg, NULL, NULL, &pBlob->cbData))
            return FALSE;
        pBlob->pbData = (PBYTE)LocalAlloc(0, pBlob->cbData);
        if (!pBlob->pbData) return FALSE;
        if (!CryptSignAndEncodeCertificate(hSigningProv, dwKeySpec, dwEncodingType,
            szStructType, pObject, pSigAlg, NULL, pBlob->pbData, &pBlob->cbData))
            return FALSE;
        return TRUE;
    };

    /* \brief Encode an object to a CRYPT_DATA_BLOB.
              If we are allowed use the SP4+ version -- see the note for DecodeObject.
     */
    static BOOL EncodeObject(CRYPT_DATA_BLOB* pBlob, 
                      LPVOID lpvObject,
                      LPCSTR szStructType,
                      DWORD dwEncodingType = MY_ENCODING_TYPE)
    {
        pBlob->cbData = 0;
    #ifdef SUPPORT_SP3
        if (!CryptEncodeObject(dwEncodingType, szStructType, lpvObject,
            NULL, &pBlob->cbData)) {
            return FALSE;
        }
        pBlob->pbData = (PBYTE)LocalAlloc(LPTR, pBlob->cbData);
        if (!pBlob->pbData) return FALSE;
        if (!CryptEncodeObject(dwEncodingType, szStructType, lpvObject,
            pBlob->pbData, &pBlob->cbData)) {
            return FALSE;
        }
        return TRUE;
    #else
        return CryptEncodeObjectEx(dwEncodingType, szStructType,
            lpvObject, CRYPT_ENCODE_ALLOC_FLAG, NULL, (PVOID)&pBlob->pbData,
            &pBlob->cbData);
    #endif
    }
};
    
template <class T, LPCSTR defszStructType>
class CCryptObject
{
protected:
    DWORD m_objectSize;
    T* m_object;

public:
    BOOL DecodeObject(const BYTE* pbEncoded, DWORD cbEncoded, 
                      DWORD dwEncodingType = MY_ENCODING_TYPE,
                      LPCSTR szStructType = defszStructType)
    {
        FreeObject();

    // If we are allowed use the SP4+ version for decoding as it is more
    // efficient, otherwise use the older method of find length/allocate/decode
#ifdef SUPPORT_SP3
        m_objectSize = 0;
        if (!CryptDecodeObject(dwEncodingType, X509_CERT_REQUEST_TO_BE_SIGNED, pbEncoded,
            cbEncoded, 0, NULL, &m_objectSize)) {
            return FALSE;
        }
        m_object = (T*)LocalAlloc(cbRequestInfo);
        if (!pRequestInfo) return FALSE;
        if (!CryptDecodeObject(dwEncodingType, X509_CERT_REQUEST_TO_BE_SIGNED, pbEncoded,
            cbEncoded, 0, (PVOID)&m_object, &m_objectSize)) {
            return FALSE;
        }
        return TRUE;
#else
        return CryptDecodeObjectEx(dwEncodingType, (LPCSTR)szStructType, pbEncoded, cbEncoded,
                    CRYPT_DECODE_ALLOC_FLAG, NULL, (PVOID)&m_object, &m_objectSize);
#endif
    }

    /* \brief Encode this object to a CRYPT_DATA_BLOB.
        If we are allowed use the SP4+ version -- see the note for #DecodeObject.
     */
    BOOL EncodeObject(CRYPT_DATA_BLOB* pBlob, DWORD dwEncodingType = MY_ENCODING_TYPE,
                      LPCSTR szStructType = defszStructType)
    {
        return CCertUtils::EncodeObject(pBlob, m_object, szStructType, dwEncodingType);
    }

    void FreeObject()
    {
        if (m_object) LocalFree(m_object);
        m_objectSize = 0;
        m_object = 0;
    }

    DWORD GetObjectSize() { return m_objectSize; }

    operator T*() { return m_object; }

    T* operator->() { return m_object; }

    CCryptObject()
    {
        m_objectSize = 0;
        m_object = 0;
    }

    ~CCryptObject()
    {
        FreeObject();
    }
};

class OW32_LIB_EXPORT CCryptDataBlob : 
    public CRYPT_DATA_BLOB
{
public:
    CCryptDataBlob() {
        cbData = 0;
        pbData = 0;
    }
    ~CCryptDataBlob() {
        Free();
    }

    void Free() {
        if (pbData) LocalFree(pbData);
        pbData = 0;
        cbData = 0;
    }
};

// Typedef a bunch of these things to common types to make them usuable
// (TODO: complete this list)
typedef CCryptObject<CERT_REQUEST_INFO,X509_CERT_REQUEST_TO_BE_SIGNED>
    CCertRequestInfo;

typedef CCryptObject<CERT_NAME_INFO, X509_NAME> CCertNameInfo;


typedef CCryptObject<CERT_BASIC_CONSTRAINTS_INFO, X509_BASIC_CONSTRAINTS>
    CCertBasicConstraintsInfo;

//typedef CCryptObject<CERT_INFO, X509_CERT>
//  CCertInfo;

class OW32_LIB_EXPORT CCertContext 
{
protected:
    PCCERT_CONTEXT m_pCertContext;

    CCertContext(const CCertContext& );
    const CCertContext& operator=(const CCertContext& );

public:
    CCertContext() {
        m_pCertContext = 0;
    }

    CCertContext(PCCERT_CONTEXT pCertContext) {
        m_pCertContext = pCertContext;
    }

    void Free() {
        if (m_pCertContext) {
            CertFreeCertificateContext(m_pCertContext);
            m_pCertContext = 0;
        }
    }

    void Attach(PCCERT_CONTEXT pCertContext) {
        Free();
        m_pCertContext = pCertContext;
    }

    PCCERT_CONTEXT Detach() {
        PCCERT_CONTEXT pCertContext = m_pCertContext;
        m_pCertContext = 0;
        return pCertContext;
    }

    PCCERT_CONTEXT* operator& () { return &m_pCertContext; }

    operator PCCERT_CONTEXT() const { return m_pCertContext; }

    PCCERT_CONTEXT operator->() { return m_pCertContext; }

    CCertContext Duplicate() {
        CCertContext newContext(
            CertDuplicateCertificateContext(m_pCertContext));
        return newContext;
    }

    BOOL AcquirePrivateKey(DWORD dwFlags, HCRYPTPROV* phCryptProv,
        DWORD* pdwKeySpec, BOOL* pfCallerFreeProv) {
        return CryptAcquireCertificatePrivateKey(m_pCertContext, dwFlags,
            NULL, phCryptProv, pdwKeySpec, pfCallerFreeProv);
    }

    BOOL GetContextProperty(DWORD dwPropId, PVOID* pvData, DWORD* pcbData = NULL)
    {
        DWORD cbData;
        if (!CertGetCertificateContextProperty(m_pCertContext, dwPropId, NULL, &cbData))
            return FALSE;
        *pvData = LocalAlloc(0,cbData);
        if (!*pvData) return FALSE;
        BOOL ret = CertGetCertificateContextProperty(m_pCertContext, dwPropId, *pvData, &cbData);
        if (!ret) {
            LocalFree(*pvData);
            return FALSE;
        }
        if (pcbData) *pcbData = cbData;
        return TRUE;
    }

    BOOL GetContextProperty(DWORD dwPropId, PVOID pvData, DWORD* pcbData)
    {
        return CertGetCertificateContextProperty(m_pCertContext, dwPropId, pvData, pcbData);
    }

    BOOL SetContextProperty(DWORD dwPropId, PVOID pvData, DWORD dwFlags=0)
    {
        return CertSetCertificateContextProperty(m_pCertContext, dwPropId, dwFlags, pvData);
    }

    BOOL CreateContext(const BYTE* pbCertEncoded, DWORD cbCertEncoded,
        DWORD dwCertEncodingType = MY_ENCODING_TYPE)
    {
        Free();
        m_pCertContext = CertCreateCertificateContext(dwCertEncodingType,
            pbCertEncoded, cbCertEncoded);
        return (m_pCertContext != NULL);
    }

    ~CCertContext()
    {
        Free();
    }
};


class OW32_LIB_EXPORT CCertInfo : 
    public CCryptObject<CERT_INFO, X509_CERT_TO_BE_SIGNED>
{
public:
    /* Constructor for an empty object */
    CCertInfo() {
    }

    BOOL New()
    {
        m_object = (CERT_INFO*)LocalAlloc(0,sizeof(CERT_INFO));
        if (!m_object) return FALSE;
        m_objectSize = sizeof(CERT_INFO);
        return TRUE;
    }

    BOOL SignAndEncode(
        CRYPT_DATA_BLOB* pBlob,
        HCRYPTPROV hSigningProv,
        DWORD dwKeySpec,
        CRYPT_ALGORITHM_IDENTIFIER* pSigAlg,
        LPCSTR szStructType = X509_CERT_TO_BE_SIGNED,
        DWORD dwEncodingType = MY_ENCODING_TYPE)
    {
        return CCertUtils::SignAndEncodeCertificate(pBlob, hSigningProv, 
            dwKeySpec, pSigAlg, m_object, szStructType, dwEncodingType);
    }
};

class OW32_LIB_EXPORT CCertPublicKeyInfo
{
    CERT_PUBLIC_KEY_INFO* m_keyInfo;
    DWORD m_keyInfoSize;

public:
    CCertPublicKeyInfo()
    {
        m_keyInfo = 0;
        m_keyInfoSize = 0;
    }

    /* \brief Tidy storage for the encapsulated public key info object */
    ~CCertPublicKeyInfo()
    {
        Free();
    }

    void Free()
    {
        if (m_keyInfo) LocalFree(m_keyInfo);
        m_keyInfo = 0;
        m_keyInfoSize = 0;
    }


    BOOL ExportPublicKeyInfo(HCRYPTPROV hCryptProv,
                 DWORD dwKeySpec, DWORD dwEncodingType)
    {
        Free();
        
        if (!CryptExportPublicKeyInfo(hCryptProv, dwKeySpec, dwEncodingType,
            NULL, &m_keyInfoSize))
            return FALSE;
        
        m_keyInfo = (CERT_PUBLIC_KEY_INFO*)LocalAlloc(0,m_keyInfoSize);
        if (!m_keyInfo) return FALSE;

        if (!CryptExportPublicKeyInfo(hCryptProv, dwKeySpec, dwEncodingType,
            m_keyInfo, &m_keyInfoSize))
            return FALSE;

        return TRUE;
    }

    DWORD GetKeyInfoSize() const { return m_keyInfoSize; }

    CERT_PUBLIC_KEY_INFO** operator& () { return &m_keyInfo; }

    /* \brief Extractor for the controlled object */
    operator CERT_PUBLIC_KEY_INFO* () const { return m_keyInfo; }
    
    CERT_PUBLIC_KEY_INFO* operator->() { return m_keyInfo; }
};

} // namespace OW32

#endif // OW32_CryptObjects_h

---