1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #include "windef.h"
23 #include "winbase.h"
24 #include "wincrypt.h"
25 #include "wine/debug.h"
26 #include "crypt32_private.h"
27
28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
29
30 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
31 const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
32 {
33 PCRL_CONTEXT crl = NULL;
34 BOOL ret;
35 PCRL_INFO crlInfo = NULL;
36 DWORD size = 0;
37
38 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
39 cbCrlEncoded);
40
41 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
42 {
43 SetLastError(E_INVALIDARG);
44 return NULL;
45 }
46 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
47 pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
48 (BYTE *)&crlInfo, &size);
49 if (ret)
50 {
51 BYTE *data = NULL;
52
53 crl = (PCRL_CONTEXT)Context_CreateDataContext(sizeof(CRL_CONTEXT));
54 if (!crl)
55 goto end;
56 data = CryptMemAlloc(cbCrlEncoded);
57 if (!data)
58 {
59 CryptMemFree(crl);
60 crl = NULL;
61 goto end;
62 }
63 memcpy(data, pbCrlEncoded, cbCrlEncoded);
64 crl->dwCertEncodingType = dwCertEncodingType;
65 crl->pbCrlEncoded = data;
66 crl->cbCrlEncoded = cbCrlEncoded;
67 crl->pCrlInfo = crlInfo;
68 crl->hCertStore = 0;
69 }
70
71 end:
72 return (PCCRL_CONTEXT)crl;
73 }
74
75 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
76 DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
77 DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
78 {
79 PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
80 pbCrlEncoded, cbCrlEncoded);
81 BOOL ret;
82
83 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
84 pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
85
86 if (crl)
87 {
88 ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
89 ppCrlContext);
90 CertFreeCRLContext(crl);
91 }
92 else
93 ret = FALSE;
94 return ret;
95 }
96
97 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
98 DWORD dwFlags, const void *pvPara);
99
100 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
101 DWORD dwFlags, const void *pvPara)
102 {
103 return TRUE;
104 }
105
106 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
107 DWORD dwFlags, const void *pvPara)
108 {
109 BOOL ret;
110
111 if (pvPara)
112 {
113 PCCERT_CONTEXT issuer = (PCCERT_CONTEXT)pvPara;
114
115 ret = CertCompareCertificateName(issuer->dwCertEncodingType,
116 &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
117 }
118 else
119 ret = TRUE;
120 return ret;
121 }
122
123 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
124 DWORD dwFlags, const void *pvPara)
125 {
126 BOOL ret;
127
128 if (pvPara)
129 {
130 PCCRL_CONTEXT crl = (PCCRL_CONTEXT)pvPara;
131
132 ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
133 &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
134 }
135 else
136 ret = TRUE;
137 return ret;
138 }
139
140 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
141 DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
142 const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
143 {
144 PCCRL_CONTEXT ret;
145 CrlCompareFunc compare;
146
147 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
148 dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
149
150 switch (dwFindType)
151 {
152 case CRL_FIND_ANY:
153 compare = compare_crl_any;
154 break;
155 case CRL_FIND_ISSUED_BY:
156 compare = compare_crl_issued_by;
157 break;
158 case CRL_FIND_EXISTING:
159 compare = compare_crl_existing;
160 break;
161 default:
162 FIXME("find type %08x unimplemented\n", dwFindType);
163 compare = NULL;
164 }
165
166 if (compare)
167 {
168 BOOL matches = FALSE;
169
170 ret = pPrevCrlContext;
171 do {
172 ret = CertEnumCRLsInStore(hCertStore, ret);
173 if (ret)
174 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
175 } while (ret != NULL && !matches);
176 if (!ret)
177 SetLastError(CRYPT_E_NOT_FOUND);
178 }
179 else
180 {
181 SetLastError(CRYPT_E_NOT_FOUND);
182 ret = NULL;
183 }
184 return ret;
185 }
186
187 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
188 PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
189 {
190 static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
191 CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
192 CERT_STORE_DELTA_CRL_FLAG;
193 PCCRL_CONTEXT ret;
194
195 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
196 *pdwFlags);
197
198 if (*pdwFlags & ~supportedFlags)
199 {
200 SetLastError(E_INVALIDARG);
201 return NULL;
202 }
203 if (pIssuerContext)
204 ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
205 0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
206 else
207 ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
208 pPrevCrlContext);
209 if (ret)
210 {
211 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
212 {
213 if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
214 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
215 }
216 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
217 {
218 if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
219 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
220 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
221 NULL))
222 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
223 }
224 }
225 return ret;
226 }
227
228 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
229 {
230 TRACE("(%p)\n", pCrlContext);
231 Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
232 return pCrlContext;
233 }
234
235 static void CrlDataContext_Free(void *context)
236 {
237 PCRL_CONTEXT crlContext = (PCRL_CONTEXT)context;
238
239 CryptMemFree(crlContext->pbCrlEncoded);
240 LocalFree(crlContext->pCrlInfo);
241 }
242
243 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
244 {
245 TRACE("(%p)\n", pCrlContext);
246
247 if (pCrlContext)
248 Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
249 CrlDataContext_Free);
250 return TRUE;
251 }
252
253 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
254 DWORD dwPropId)
255 {
256 PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
257 (void *)pCRLContext, sizeof(CRL_CONTEXT));
258 DWORD ret;
259
260 TRACE("(%p, %d)\n", pCRLContext, dwPropId);
261
262 if (properties)
263 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
264 else
265 ret = 0;
266 return ret;
267 }
268
269 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
270 DWORD dwFlags, const void *pvData);
271
272 static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
273 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
274 DWORD *pcbData)
275 {
276 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
277 pcbData);
278 if (ret)
279 {
280 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
281
282 ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
283 }
284 return ret;
285 }
286
287 static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
288 void *pvData, DWORD *pcbData)
289 {
290 PCONTEXT_PROPERTY_LIST properties =
291 Context_GetProperties(context, sizeof(CRL_CONTEXT));
292 BOOL ret;
293 CRYPT_DATA_BLOB blob;
294
295 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
296
297 if (properties)
298 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
299 else
300 ret = FALSE;
301 if (ret)
302 {
303 if (!pvData)
304 *pcbData = blob.cbData;
305 else if (*pcbData < blob.cbData)
306 {
307 SetLastError(ERROR_MORE_DATA);
308 *pcbData = blob.cbData;
309 ret = FALSE;
310 }
311 else
312 {
313 memcpy(pvData, blob.pbData, blob.cbData);
314 *pcbData = blob.cbData;
315 }
316 }
317 else
318 {
319 /* Implicit properties */
320 switch (dwPropId)
321 {
322 case CERT_SHA1_HASH_PROP_ID:
323 ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
324 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
325 pcbData);
326 break;
327 case CERT_MD5_HASH_PROP_ID:
328 ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
329 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
330 pcbData);
331 break;
332 default:
333 SetLastError(CRYPT_E_NOT_FOUND);
334 }
335 }
336 TRACE("returning %d\n", ret);
337 return ret;
338 }
339
340 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
341 DWORD dwPropId, void *pvData, DWORD *pcbData)
342 {
343 BOOL ret;
344
345 TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
346
347 switch (dwPropId)
348 {
349 case 0:
350 case CERT_CERT_PROP_ID:
351 case CERT_CRL_PROP_ID:
352 case CERT_CTL_PROP_ID:
353 SetLastError(E_INVALIDARG);
354 ret = FALSE;
355 break;
356 case CERT_ACCESS_STATE_PROP_ID:
357 if (!pvData)
358 {
359 *pcbData = sizeof(DWORD);
360 ret = TRUE;
361 }
362 else if (*pcbData < sizeof(DWORD))
363 {
364 SetLastError(ERROR_MORE_DATA);
365 *pcbData = sizeof(DWORD);
366 ret = FALSE;
367 }
368 else
369 {
370 if (pCRLContext->hCertStore)
371 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
372 pvData, pcbData);
373 else
374 *(DWORD *)pvData = 0;
375 ret = TRUE;
376 }
377 break;
378 default:
379 ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
380 pcbData);
381 }
382 return ret;
383 }
384
385 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
386 DWORD dwFlags, const void *pvData)
387 {
388 PCONTEXT_PROPERTY_LIST properties =
389 Context_GetProperties(context, sizeof(CERT_CONTEXT));
390 BOOL ret;
391
392 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
393
394 if (!properties)
395 ret = FALSE;
396 else if (!pvData)
397 {
398 ContextPropertyList_RemoveProperty(properties, dwPropId);
399 ret = TRUE;
400 }
401 else
402 {
403 switch (dwPropId)
404 {
405 case CERT_AUTO_ENROLL_PROP_ID:
406 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
407 case CERT_DESCRIPTION_PROP_ID:
408 case CERT_FRIENDLY_NAME_PROP_ID:
409 case CERT_HASH_PROP_ID:
410 case CERT_KEY_IDENTIFIER_PROP_ID:
411 case CERT_MD5_HASH_PROP_ID:
412 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
413 case CERT_PUBKEY_ALG_PARA_PROP_ID:
414 case CERT_PVK_FILE_PROP_ID:
415 case CERT_SIGNATURE_HASH_PROP_ID:
416 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
417 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
418 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
419 case CERT_ENROLLMENT_PROP_ID:
420 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
421 case CERT_RENEWAL_PROP_ID:
422 {
423 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
424
425 ret = ContextPropertyList_SetProperty(properties, dwPropId,
426 blob->pbData, blob->cbData);
427 break;
428 }
429 case CERT_DATE_STAMP_PROP_ID:
430 ret = ContextPropertyList_SetProperty(properties, dwPropId,
431 (const BYTE *)pvData, sizeof(FILETIME));
432 break;
433 default:
434 FIXME("%d: stub\n", dwPropId);
435 ret = FALSE;
436 }
437 }
438 TRACE("returning %d\n", ret);
439 return ret;
440 }
441
442 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
443 DWORD dwPropId, DWORD dwFlags, const void *pvData)
444 {
445 BOOL ret;
446
447 TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
448
449 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
450 * crashes on most of these, I'll be safer.
451 */
452 switch (dwPropId)
453 {
454 case 0:
455 case CERT_ACCESS_STATE_PROP_ID:
456 case CERT_CERT_PROP_ID:
457 case CERT_CRL_PROP_ID:
458 case CERT_CTL_PROP_ID:
459 SetLastError(E_INVALIDARG);
460 return FALSE;
461 }
462 ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
463 TRACE("returning %d\n", ret);
464 return ret;
465 }
466
467 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
468 PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
469 {
470 TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
471 return TRUE;
472 }
473
474 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
475 {
476 DWORD i;
477 PCRL_ENTRY entry = NULL;
478
479 for (i = 0; !entry && i < crl->cCRLEntry; i++)
480 if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
481 &cert->SerialNumber))
482 entry = &crl->rgCRLEntry[i];
483 return entry;
484 }
485
486 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
487 PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
488 PCRL_ENTRY *ppCrlEntry)
489 {
490 TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
491 ppCrlEntry);
492
493 *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
494 pCrlContext->pCrlInfo);
495 return TRUE;
496 }
497
498 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
499 PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
500 {
501 DWORD i;
502 PCRL_ENTRY entry = NULL;
503
504 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
505 rgpCrlInfo);
506
507 for (i = 0; !entry && i < cCrlInfo; i++)
508 entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
509 return entry == NULL;
510 }
511
512 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
513 PCRL_INFO pCrlInfo)
514 {
515 FILETIME fileTime;
516 LONG ret;
517
518 if (!pTimeToVerify)
519 {
520 GetSystemTimeAsFileTime(&fileTime);
521 pTimeToVerify = &fileTime;
522 }
523 if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
524 {
525 ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
526 if (ret < 0)
527 ret = 0;
528 }
529 return ret;
530 }
531
This page was automatically generated by the
LXR engine.
Visit the LXR main site for more
information.