1 files changed, 115 insertions, 0 deletions
diff --git a/src/ext/Iis/ca/scassl.cpp b/src/ext/Iis/ca/scassl.cpp
new file mode 100644
index 00000000..4a06b77e
--- /dev/null
+++ b/src/ext/Iis/ca/scassl.cpp
@@ -0,0 +1,115 @@
+// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
+#include "precomp.h"
+enum eSslCertificateQuery { scqStoreName = 1, scqHash, scqWeb };
+static HRESULT AddSslCertificateToList(
+    __in SCA_WEB_SSL_CERTIFICATE** ppswscList
+    );
+HRESULT ScaSslCertificateRead(
+    __in LPCWSTR wzWebId,
+    __in WCA_WRAPQUERY_HANDLE hSslCertQuery,
+    __inout SCA_WEB_SSL_CERTIFICATE** ppswscList
+    )
+{
+    HRESULT hr = S_OK;
+    MSIHANDLE hRec;
+    SCA_WEB_SSL_CERTIFICATE* pswsc = NULL;
+    LPWSTR pwzData = NULL;
+    WcaFetchWrappedReset(hSslCertQuery);
+    // Get the certificate information.
+    while (S_OK == (hr = WcaFetchWrappedRecordWhereString(hSslCertQuery, scqWeb, wzWebId, &hRec)))
+    {
+        hr = AddSslCertificateToList(ppswscList);
+        ExitOnFailure(hr, "failed to add ssl certificate to list");
+        pswsc = *ppswscList;
+        hr = WcaGetRecordString(hRec, scqStoreName, &pwzData);
+        ExitOnFailure(hr, "Failed to get web ssl certificate store name.");
+        hr = ::StringCchCopyW(pswsc->wzStoreName, countof(pswsc->wzStoreName), pwzData);
+        ExitOnFailure(hr, "Failed to copy web ssl certificate store name.");
+        hr = WcaGetRecordString(hRec, scqHash, &pwzData);
+        ExitOnFailure(hr, "Failed to get hash for web ssl certificate.");
+        hr = StrHexDecode(pwzData, pswsc->rgbSHA1Hash, countof(pswsc->rgbSHA1Hash));
+        ExitOnFailure(hr, "Failed to decode certificate hash for web: %ls, data: %ls", wzWebId, pwzData);
+    }
+    if (E_NOMOREITEMS == hr)
+    {
+        hr = S_OK;
+    }
+    ExitOnFailure(hr, "Failed to read IIsWebSiteCertificates table.");
+LExit:
+    ReleaseStr(pwzData);
+    return hr;
+}
+HRESULT ScaSslCertificateWriteMetabase(
+    __in IMSAdminBase* piMetabase,
+    __in LPCWSTR wzWebBase,
+    __in SCA_WEB_SSL_CERTIFICATE* pswscList
+    )
+{
+    HRESULT hr = S_OK;
+    BLOB blob;
+    for (SCA_WEB_SSL_CERTIFICATE* pswsc = pswscList; pswsc; pswsc = pswsc->pNext)
+    {
+        // Write: /W3SVC/1:SslCertStoreName = "MY", "CA", "Root", etc.
+        hr = ScaWriteMetabaseValue(piMetabase, wzWebBase, L"", MD_SSL_CERT_STORE_NAME, METADATA_INHERIT, IIS_MD_UT_SERVER, STRING_METADATA, static_cast<LPVOID>(pswsc->wzStoreName));
+        ExitOnFailure(hr, "Failed to write SslCertStoreName");
+        // Write: /W3SVC/1:SslCertHash = <blob>
+        blob.pBlobData = pswsc->rgbSHA1Hash;
+        blob.cbSize = countof(pswsc->rgbSHA1Hash);
+        hr = ScaWriteMetabaseValue(piMetabase, wzWebBase, L"", MD_SSL_CERT_HASH, METADATA_INHERIT, IIS_MD_UT_SERVER, BINARY_METADATA, static_cast<LPVOID>(&blob));
+        ExitOnFailure(hr, "Failed to write SslCertHash");
+    }
+LExit:
+    return hr;
+}
+void ScaSslCertificateFreeList(
+    __in SCA_WEB_SSL_CERTIFICATE* pswscList
+    )
+{
+    SCA_WEB_SSL_CERTIFICATE* pswscDelete = pswscList;
+    while (pswscList)
+    {
+        pswscDelete = pswscList;
+        pswscList = pswscList->pNext;
+        MemFree(pswscDelete);
+    }
+}
+static HRESULT AddSslCertificateToList(
+    __in SCA_WEB_SSL_CERTIFICATE** ppswscList
+    )
+{
+    HRESULT hr = S_OK;
+    SCA_WEB_SSL_CERTIFICATE* pswsc = static_cast<SCA_WEB_SSL_CERTIFICATE*>(MemAlloc(sizeof(SCA_WEB_SSL_CERTIFICATE), TRUE));
+    ExitOnNull(pswsc, hr, E_OUTOFMEMORY, "failed to allocate memory for new SSL certificate list element");
+    pswsc->pNext = *ppswscList;
+    *ppswscList = pswsc;
+LExit:
+    return hr;
+}

diff --git a/src/ext/Iis/ca/scassl.cpp b/src/ext/Iis/ca/scassl.cpp new file mode 100644 index 00000000..4a06b77e --- /dev/null +++ b/src/ext/Iis/ca/scassl.cpp
@@ -0,0 +1,115 @@
	1	// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
	2
	3	#include "precomp.h"
	4
	5	enum eSslCertificateQuery { scqStoreName = 1, scqHash, scqWeb };
	6
	7	static HRESULT AddSslCertificateToList(
	8	__in SCA_WEB_SSL_CERTIFICATE** ppswscList
	9	);
	10
	11
	12	HRESULT ScaSslCertificateRead(
	13	__in LPCWSTR wzWebId,
	14	__in WCA_WRAPQUERY_HANDLE hSslCertQuery,
	15	__inout SCA_WEB_SSL_CERTIFICATE** ppswscList
	16	)
	17	{
	18	HRESULT hr = S_OK;
	19
	20	MSIHANDLE hRec;
	21	SCA_WEB_SSL_CERTIFICATE* pswsc = NULL;
	22	LPWSTR pwzData = NULL;
	23
	24	WcaFetchWrappedReset(hSslCertQuery);
	25
	26	// Get the certificate information.
	27	while (S_OK == (hr = WcaFetchWrappedRecordWhereString(hSslCertQuery, scqWeb, wzWebId, &hRec)))
	28	{
	29	hr = AddSslCertificateToList(ppswscList);
	30	ExitOnFailure(hr, "failed to add ssl certificate to list");
	31
	32	pswsc = *ppswscList;
	33
	34	hr = WcaGetRecordString(hRec, scqStoreName, &pwzData);
	35	ExitOnFailure(hr, "Failed to get web ssl certificate store name.");
	36
	37	hr = ::StringCchCopyW(pswsc->wzStoreName, countof(pswsc->wzStoreName), pwzData);
	38	ExitOnFailure(hr, "Failed to copy web ssl certificate store name.");
	39
	40	hr = WcaGetRecordString(hRec, scqHash, &pwzData);
	41	ExitOnFailure(hr, "Failed to get hash for web ssl certificate.");
	42
	43	hr = StrHexDecode(pwzData, pswsc->rgbSHA1Hash, countof(pswsc->rgbSHA1Hash));
	44	ExitOnFailure(hr, "Failed to decode certificate hash for web: %ls, data: %ls", wzWebId, pwzData);
	45	}
	46
	47	if (E_NOMOREITEMS == hr)
	48	{
	49	hr = S_OK;
	50	}
	51	ExitOnFailure(hr, "Failed to read IIsWebSiteCertificates table.");
	52
	53	LExit:
	54	ReleaseStr(pwzData);
	55	return hr;
	56	}
	57
	58
	59	HRESULT ScaSslCertificateWriteMetabase(
	60	__in IMSAdminBase* piMetabase,
	61	__in LPCWSTR wzWebBase,
	62	__in SCA_WEB_SSL_CERTIFICATE* pswscList
	63	)
	64	{
	65	HRESULT hr = S_OK;
	66	BLOB blob;
	67
	68	for (SCA_WEB_SSL_CERTIFICATE* pswsc = pswscList; pswsc; pswsc = pswsc->pNext)
	69	{
	70	// Write: /W3SVC/1:SslCertStoreName = "MY", "CA", "Root", etc.
	71	hr = ScaWriteMetabaseValue(piMetabase, wzWebBase, L"", MD_SSL_CERT_STORE_NAME, METADATA_INHERIT, IIS_MD_UT_SERVER, STRING_METADATA, static_cast<LPVOID>(pswsc->wzStoreName));
	72	ExitOnFailure(hr, "Failed to write SslCertStoreName");
	73
	74	// Write: /W3SVC/1:SslCertHash = <blob>
	75	blob.pBlobData = pswsc->rgbSHA1Hash;
	76	blob.cbSize = countof(pswsc->rgbSHA1Hash);
	77	hr = ScaWriteMetabaseValue(piMetabase, wzWebBase, L"", MD_SSL_CERT_HASH, METADATA_INHERIT, IIS_MD_UT_SERVER, BINARY_METADATA, static_cast<LPVOID>(&blob));
	78	ExitOnFailure(hr, "Failed to write SslCertHash");
	79	}
	80
	81	LExit:
	82	return hr;
	83	}
	84
	85
	86	void ScaSslCertificateFreeList(
	87	__in SCA_WEB_SSL_CERTIFICATE* pswscList
	88	)
	89	{
	90	SCA_WEB_SSL_CERTIFICATE* pswscDelete = pswscList;
	91	while (pswscList)
	92	{
	93	pswscDelete = pswscList;
	94	pswscList = pswscList->pNext;
	95
	96	MemFree(pswscDelete);
	97	}
	98	}
	99
	100
	101	static HRESULT AddSslCertificateToList(
	102	__in SCA_WEB_SSL_CERTIFICATE** ppswscList
	103	)
	104	{
	105	HRESULT hr = S_OK;
	106
	107	SCA_WEB_SSL_CERTIFICATE* pswsc = static_cast<SCA_WEB_SSL_CERTIFICATE*>(MemAlloc(sizeof(SCA_WEB_SSL_CERTIFICATE), TRUE));
	108	ExitOnNull(pswsc, hr, E_OUTOFMEMORY, "failed to allocate memory for new SSL certificate list element");
	109
	110	pswsc->pNext = *ppswscList;
	111	*ppswscList = pswsc;
	112
	113	LExit:
	114	return hr;
	115	}