📄 clserver.c
字号:
}
bThreadFree = psts->bThreadFree;
SendMessage (hwndParent, WM_NOTIFY, (WPARAM)hwndParent,
(LPARAM)&event);
// if thread should free data structure, do it
if (bThreadFree) {
if (psts->keysetIn) PGPFreeKeySet (psts->keysetIn);
free (psts);
}
return 0;
}
// ___________________________________________________
//
// get the first key from a keyset
static PGPError
sGetFirstKeyInSet(
PGPKeySetRef keyset,
PGPKeyRef* pkey)
{
PGPError err;
PGPKeyListRef keylist;
*pkey = kInvalidPGPKeyRef;
err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
if (IsntPGPError (err))
{
PGPKeyIterRef keyiter;
err = PGPNewKeyIter (keylist, &keyiter);
if (IsntPGPError (err))
{
err = PGPKeyIterNext (keyiter, pkey);
if (err == kPGPError_EndOfIteration)
err = kPGPError_ItemNotFound;
PGPFreeKeyIter (keyiter);
}
PGPFreeKeyList (keylist);
}
return err;
}
// ___________________________________________________
//
// thread routine to handle all CA server operations
static DWORD WINAPI
sCAThreadRoutine (LPVOID lpvoid)
{
PSERVERTHREADSTRUCT psts = (PSERVERTHREADSTRUCT)lpvoid;
PGPPrefRef prefref = kPGPInvalidRef;
HWND hwndParent = psts->hwnd;
PGPError err = kPGPError_NoErr;
PGPKeyRef key = kInvalidPGPKeyRef;
PGPByte* pPasskey = NULL;
LPSTR pszPhrase = NULL;
PGPSize sizePasskey = 0;
PGPUInt32 numAVItems = 0;
PGPKeyServerAccessType ksaccess = kPGPKeyServerAccessType_Normal;
PGPclSERVEREVENT event;
BOOL bThreadFree;
PGPKeyServerThreadStorageRef previousStorage;
PGPContextRef ctx;
memset (&event, 0x00, sizeof(event));
event.nmhdr.hwndFrom = hwndParent;
event.nmhdr.idFrom = 0;
event.nmhdr.code = PGPCL_SERVERPROGRESS;
event.pData = psts->keysetOut;
event.cancel = FALSE;
event.step = PGPCL_SERVERINFINITE;
event.total = PGPCL_SERVERINFINITE;
err = PGPKeyServerInit ();
if (IsntPGPError (err))
{
PGPKeyServerCreateThreadStorage (&previousStorage);
// send message to update status text
LoadString (g_hInst, IDS_LOOKINGFORSERVER, event.szmessage,
sizeof(event.szmessage));
lstrcat (event.szmessage, psts->ksentry.serverDNS);
SendMessage (hwndParent, WM_NOTIFY, (WPARAM)hwndParent,
(LPARAM)&event);
ctx = psts->context;
err = PGPNewKeyServer (ctx,
psts->ksentry.protocol, //using protocol for class info
&psts->server,
PGPONetURL (ctx, psts->ksentry.serverDNS),
PGPOKeyServerKeySpace (ctx, psts->space),
PGPOKeyServerAccessType (ctx, ksaccess),
PGPOLastOption (ctx));
if (IsntPGPError (err))
{
PGPtlsSessionRef tls = kInvalidPGPtlsSessionRef;
PGPSetKeyServerEventHandler (psts->server,
sServerEventHandler, psts);
err = PGPNewTLSSession (psts->tlsContext, &tls);
if (IsntPGPError (err) &&
(PGPtlsSessionRefIsValid (tls)) &&
(psts->uOperation == REQUESTCERTIFICATE))
{
sGetFirstKeyInSet (psts->keysetIn, &key);
if (IsntPGPError (err) &&
(psts->pszPassPhrase == NULL))
{
err = KMGetKeyPhrase (
psts->context, // in context
psts->tlsContext, // in tlscontext
psts->hwnd, // in hwnd of parent
NULL, // in prompt
psts->keysetMain, // in keyset
key, // in key
&pszPhrase, // out phrase
&pPasskey, // out passkey buffer
&sizePasskey); // out passkey length
if (IsntPGPError (err))
psts->pszPassPhrase = pszPhrase;
}
}
// perform the CA server operation
if (IsntPGPError (err))
{
err = PGPKeyServerOpen (psts->server, tls);
if (IsntPGPError (err))
{
PVOID pBuffer = NULL;
PGPSize size;
switch (psts->uOperation) {
case REQUESTCERTIFICATE :
{
PGPUInt32 uExportFormat;
PGPUInt32 uOutputFormat;
PVOID pRequest;
PGPSize sizeRequest;
switch (psts->ksentry.protocol) {
case kPGPKeyServerClass_NetToolsCA :
uExportFormat =
kPGPExportFormat_NetToolsCAV1_CertReq;
uOutputFormat =
kPGPOutputFormat_NetToolsCAV1_CertReqInPKCS7;
break;
case kPGPKeyServerClass_Verisign :
uExportFormat =
kPGPExportFormat_VerisignV1_CertReq;
uOutputFormat =
kPGPOutputFormat_VerisignV1_CertReqInPKCS7;
break;
case kPGPKeyServerClass_Entrust :
uExportFormat =
kPGPExportFormat_EntrustV1_CertReq;
uOutputFormat =
kPGPOutputFormat_EntrustV1_CertReqInPKCS7;
break;
}
err = PGPExportKeySet (psts->keysetIn,
PGPOAllocatedOutputBuffer (psts->context,
&pBuffer, MAX_PGPSize, &size),
PGPOExportFormat (psts->context,
uExportFormat),
psts->pszPassPhrase ?
PGPOPassphrase (psts->context,
psts->pszPassPhrase) :
PGPOPasskeyBuffer (psts->context,
pPasskey, sizePasskey),
PGPOAttributeValue (psts->context,
psts->pAVlist, psts->numAVs),
PGPOLastOption (psts->context));
if (IsntPGPError (err))
{
err = PGPEncode (psts->context,
PGPOInputBuffer (psts->context,
pBuffer, size),
PGPOOutputFormat (psts->context,
uOutputFormat),
PGPOAllocatedOutputBuffer (psts->context,
&pRequest, MAX_PGPSize,
&sizeRequest),
PGPOSignWithKey (psts->context, key,
psts->pszPassPhrase ?
PGPOPassphrase (psts->context,
psts->pszPassPhrase) :
PGPOPasskeyBuffer (psts->context,
pPasskey, sizePasskey),
PGPOLastOption (psts->context)),
PGPOLastOption (psts->context));
if (IsntPGPError (err))
{
err = PGPSendCertificateRequest (
psts->server,
PGPOKeyServerCAKey (psts->context,
psts->keyIn),
PGPOKeyServerRequestKey (
psts->context, key),
PGPOInputBuffer (psts->context,
pRequest, sizeRequest),
PGPOLastOption (psts->context));
PGPFreeData (pRequest);
}
PGPFreeData (pBuffer);
}
break;
}
case RETRIEVECERTIFICATE :
{
PGPFilterRef filter = kInvalidPGPFilterRef;
PGPByte md5HashBuffer[128];
PGPUInt32 uInputFormat;
pBuffer = NULL;
switch (psts->ksentry.protocol) {
case kPGPKeyServerClass_NetToolsCA :
uInputFormat =
kPGPInputFormat_NetToolsCAV1_DataInPKCS7;
break;
case kPGPKeyServerClass_Verisign :
uInputFormat =
kPGPInputFormat_VerisignV1_DataInPKCS7;
break;
case kPGPKeyServerClass_Entrust :
uInputFormat =
kPGPInputFormat_EntrustV1_DataInPKCS7;
break;
}
switch (psts->ksentry.protocol) {
case kPGPKeyServerClass_NetToolsCA :
err = PGPGetKeyPropertyBuffer (psts->keyIn,
kPGPKeyPropX509MD5Hash, sizeof(md5HashBuffer),
md5HashBuffer, &size);
if (IsntPGPError (err))
{
err = PGPNewKeyPropertyBufferFilter (
psts->context,
kPGPKeyPropX509MD5Hash,
md5HashBuffer, size,
kPGPMatchEqual,
&filter);
if (IsntPGPError (err))
{
err = PGPRetrieveCertificate (
psts->server,
PGPOKeyServerSearchFilter (
psts->context,
filter),
PGPOAllocatedOutputBuffer (
psts->context,
&pBuffer,
MAX_PGPSize,
&size),
PGPOLastOption (psts->context));
}
}
break;
case kPGPKeyServerClass_Verisign :
case kPGPKeyServerClass_Entrust :
err = KMGetKeyPhrase (
psts->context, // in context
psts->tlsContext, // in tlscontext
psts->hwnd, // in hwnd of parent
NULL, // in prompt
psts->keysetMain, // in keyset
psts->keyIn, // in key
&pszPhrase, // out phrase
&pPasskey, // out passkey buffer
&sizePasskey); // out passkey length
if (IsntPGPError (err))
{
psts->pszPassPhrase = pszPhrase;
err = PGPRetrieveCertificate (
psts->server,
PGPOSignWithKey (
psts->context,
psts->keyIn,
pszPhrase ?
PGPOPassphrase (psts->context,
pszPhrase) :
PGPOPasskeyBuffer (psts->context,
pPasskey, sizePasskey),
PGPOLastOption (
psts->context)),
PGPOKeyServerSearchKey (
psts->context,
psts->keyIn),
PGPOAllocatedOutputBuffer (
psts->context,
&pBuffer,
MAX_PGPSize,
&size),
PGPOLastOption (psts->context));
}
break;
}
if (IsntPGPError (err))
{
err = PGPDecode (psts->context,
PGPOInputBuffer (psts->context,
pBuffer, size),
PGPODiscardOutput (psts->context,
TRUE),
PGPOImportKeysTo (psts->context,
psts->keysetOut),
PGPOInputFormat (psts->context,
uInputFormat),
PGPOLastOption (psts->context));
}
if (pBuffer)
PGPFreeData (pBuffer);
if (PGPFilterRefIsValid (filter))
PGPFreeFilter (filter);
break;
}
case UPDATEREVOCATIONS :
{
PGPUInt32 uInputFormat;
PGPKeyRef keySigning;
switch (psts->ksentry.protocol) {
case kPGPKeyServerClass_NetToolsCA :
uInputFormat =
kPGPInputFormat_NetToolsCAV1_DataInPKCS7;
break;
case kPGPKeyServerClass_Verisign :
uInputFormat =
kPGPInputFormat_VerisignV1_DataInPKCS7;
break;
case kPGPKeyServerClass_Entrust :
uInputFormat =
kPGPInputFormat_EntrustV1_DataInPKCS7;
break;
}
switch (psts->ksentry.protocol) {
case kPGPKeyServerClass_NetToolsCA :
err = PGPRetrieveCertificateRevocationList (
psts->server,
PGPOKeyServerCAKey (psts->context,
psts->keyIn),
PGPOAllocatedOutputBuffer (psts->context,
&pBuffer, MAX_PGPSize, &size),
PGPOLastOption (psts->context));
break;
case kPGPKeyServerClass_Verisign :
case kPGPKeyServerClass_Entrust :
keySigning = kInvalidPGPKeyRef;
err = KMGetSigningKeyPhrase (
psts->context, // in context
psts->tlsContext, // in tlscontext
psts->hwnd, // in hwnd of parent
NULL, // in prompt
psts->keysetMain, // in keyset
TRUE, // in no split keys
&keySigning, // out key to use
&pszPhrase, // out phrase
&pPasskey, // out passkey buffer
&sizePasskey); // out passkey length
if (IsntPGPError (err))
{
psts->pszPassPhrase = pszPhrase;
err = PGPRetrieveCertificateRevocationList (
psts->server,
PGPOKeyServerCAKey (psts->context,
psts->keyIn),
PGPOKeySetRef (psts->context,
psts->keysetMain),
PGPOSignWithKey (
psts->context,
keySigning,
pszPhrase ?
PGPOPassphrase (psts->context,
pszPhrase) :
PGPOPasskeyBuffer (psts->context,
pPasskey, sizePasskey),
PGPOLastOption (
psts->context)),
PGPOAllocatedOutputBuffer (psts->context,
&pBuffer, MAX_PGPSize, &size),
PGPOLastOption (psts->context));
}
break;
}
if (IsntPGPError (err) &&
(pBuffer != NULL))
{
err = PGPDecode (psts->context,
PGPOInputBuffer (psts->context,
pBuffer, size),
PGPODiscardOutput (psts->context, TRUE),
PGPOImportKeysTo (psts->context,
psts->keysetMain),
PGPOInputFormat (psts->context,
uInputFormat),
PGPOLastOption (psts->context));
PGPFreeData (pBuffer);
}
break;
}
}
// burn and free phrase
if (IsntNull (pszPhrase))
{
PGPclFreePhrase (pszPhrase);
psts->pszPassPhrase = NULL;
}
if (pPasskey)
PGPFreeData (pPasskey);
PGPKeyServerClose (psts->server);
}
}
PGPFreeKeyServer (psts->server);
psts->server = kInvalidPGPKeyServerRef;
if (PGPtlsSessionRefIsValid (tls))
PGPFreeTLSSession (tls);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -