1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
#include "precomp.h"
enum eSslCertificateQuery { scqStoreName = 1, scqHash, scqWeb };
static HRESULT AddSslCertificateToList(
__in SCA_WEB_SSL_CERTIFICATE** ppswscList
);
HRESULT ScaSslCertificateRead(
__in LPCWSTR wzWebId,
__in WCA_WRAPQUERY_HANDLE hSslCertQuery,
__inout SCA_WEB_SSL_CERTIFICATE** ppswscList
)
{
HRESULT hr = S_OK;
MSIHANDLE hRec;
SCA_WEB_SSL_CERTIFICATE* pswsc = NULL;
LPWSTR pwzData = NULL;
WcaFetchWrappedReset(hSslCertQuery);
// Get the certificate information.
while (S_OK == (hr = WcaFetchWrappedRecordWhereString(hSslCertQuery, scqWeb, wzWebId, &hRec)))
{
hr = AddSslCertificateToList(ppswscList);
ExitOnFailure(hr, "failed to add ssl certificate to list");
pswsc = *ppswscList;
hr = WcaGetRecordString(hRec, scqStoreName, &pwzData);
ExitOnFailure(hr, "Failed to get web ssl certificate store name.");
hr = ::StringCchCopyW(pswsc->wzStoreName, countof(pswsc->wzStoreName), pwzData);
ExitOnFailure(hr, "Failed to copy web ssl certificate store name.");
hr = WcaGetRecordString(hRec, scqHash, &pwzData);
ExitOnFailure(hr, "Failed to get hash for web ssl certificate.");
hr = StrHexDecode(pwzData, pswsc->rgbSHA1Hash, countof(pswsc->rgbSHA1Hash));
ExitOnFailure(hr, "Failed to decode certificate hash for web: %ls, data: %ls", wzWebId, pwzData);
}
if (E_NOMOREITEMS == hr)
{
hr = S_OK;
}
ExitOnFailure(hr, "Failed to read IIsWebSiteCertificates table.");
LExit:
ReleaseStr(pwzData);
return hr;
}
HRESULT ScaSslCertificateWriteMetabase(
__in IMSAdminBase* piMetabase,
__in LPCWSTR wzWebBase,
__in SCA_WEB_SSL_CERTIFICATE* pswscList
)
{
HRESULT hr = S_OK;
BLOB blob;
for (SCA_WEB_SSL_CERTIFICATE* pswsc = pswscList; pswsc; pswsc = pswsc->pNext)
{
// Write: /W3SVC/1:SslCertStoreName = "MY", "CA", "Root", etc.
hr = ScaWriteMetabaseValue(piMetabase, wzWebBase, L"", MD_SSL_CERT_STORE_NAME, METADATA_INHERIT, IIS_MD_UT_SERVER, STRING_METADATA, static_cast<LPVOID>(pswsc->wzStoreName));
ExitOnFailure(hr, "Failed to write SslCertStoreName");
// Write: /W3SVC/1:SslCertHash = <blob>
blob.pBlobData = pswsc->rgbSHA1Hash;
blob.cbSize = countof(pswsc->rgbSHA1Hash);
hr = ScaWriteMetabaseValue(piMetabase, wzWebBase, L"", MD_SSL_CERT_HASH, METADATA_INHERIT, IIS_MD_UT_SERVER, BINARY_METADATA, static_cast<LPVOID>(&blob));
ExitOnFailure(hr, "Failed to write SslCertHash");
}
LExit:
return hr;
}
void ScaSslCertificateFreeList(
__in SCA_WEB_SSL_CERTIFICATE* pswscList
)
{
SCA_WEB_SSL_CERTIFICATE* pswscDelete = pswscList;
while (pswscList)
{
pswscDelete = pswscList;
pswscList = pswscList->pNext;
MemFree(pswscDelete);
}
}
static HRESULT AddSslCertificateToList(
__in SCA_WEB_SSL_CERTIFICATE** ppswscList
)
{
HRESULT hr = S_OK;
SCA_WEB_SSL_CERTIFICATE* pswsc = static_cast<SCA_WEB_SSL_CERTIFICATE*>(MemAlloc(sizeof(SCA_WEB_SSL_CERTIFICATE), TRUE));
ExitOnNull(pswsc, hr, E_OUTOFMEMORY, "failed to allocate memory for new SSL certificate list element");
pswsc->pNext = *ppswscList;
*ppswscList = pswsc;
LExit:
return hr;
}
|
