ddraw/tests: Add another invalid arguments test for surface QI.
[wine.git] / dlls / cryptnet / cryptnet_main.c
blob9d05a91d626fa4cdb9aa992b0d73dd867b498dd1
1 /*
2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #include "config.h"
22 #include "wine/port.h"
24 #define NONAMELESSUNION
25 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
27 #include <stdio.h>
28 #include <stdarg.h>
30 #include "windef.h"
31 #include "winbase.h"
32 #include "winnt.h"
33 #include "winnls.h"
34 #include "wininet.h"
35 #include "objbase.h"
36 #include "wincrypt.h"
38 #include "wine/debug.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
42 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
44 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
45 'd','l','l',0 };
47 /***********************************************************************
48 * DllRegisterServer (CRYPTNET.@)
50 HRESULT WINAPI DllRegisterServer(void)
52 TRACE("\n");
53 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
54 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
55 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
56 cryptNet, "LdapProvOpenStore");
57 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
58 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
59 return S_OK;
62 /***********************************************************************
63 * DllUnregisterServer (CRYPTNET.@)
65 HRESULT WINAPI DllUnregisterServer(void)
67 TRACE("\n");
68 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
69 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
70 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
71 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
72 CERT_STORE_PROV_LDAP_W);
73 return S_OK;
76 static const char *url_oid_to_str(LPCSTR oid)
78 if (IS_INTOID(oid))
80 static char buf[10];
82 switch (LOWORD(oid))
84 #define _x(oid) case LOWORD(oid): return #oid
85 _x(URL_OID_CERTIFICATE_ISSUER);
86 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
87 _x(URL_OID_CTL_ISSUER);
88 _x(URL_OID_CTL_NEXT_UPDATE);
89 _x(URL_OID_CRL_ISSUER);
90 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
91 _x(URL_OID_CRL_FRESHEST_CRL);
92 _x(URL_OID_CROSS_CERT_DIST_POINT);
93 #undef _x
94 default:
95 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
96 return buf;
99 else
100 return oid;
103 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
104 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
106 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
107 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
108 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
110 PCCERT_CONTEXT cert = pvPara;
111 PCERT_EXTENSION ext;
112 BOOL ret = FALSE;
114 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
115 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
117 SetLastError(CRYPT_E_NOT_FOUND);
118 return FALSE;
120 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
121 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
123 CERT_AUTHORITY_INFO_ACCESS *aia;
124 DWORD size;
126 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
127 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
128 &aia, &size);
129 if (ret)
131 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
133 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
134 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
135 szOID_PKIX_CA_ISSUERS))
137 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
138 CERT_ALT_NAME_URL)
140 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
142 cUrl++;
143 bytesNeeded += sizeof(LPWSTR) +
144 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
145 pwszURL) + 1) * sizeof(WCHAR);
148 else
149 FIXME("unsupported alt name type %d\n",
150 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
152 if (!pcbUrlArray)
154 SetLastError(E_INVALIDARG);
155 ret = FALSE;
157 else if (!pUrlArray)
158 *pcbUrlArray = bytesNeeded;
159 else if (*pcbUrlArray < bytesNeeded)
161 SetLastError(ERROR_MORE_DATA);
162 *pcbUrlArray = bytesNeeded;
163 ret = FALSE;
165 else
167 LPWSTR nextUrl;
169 *pcbUrlArray = bytesNeeded;
170 pUrlArray->cUrl = 0;
171 pUrlArray->rgwszUrl =
172 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
173 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
174 + cUrl * sizeof(LPWSTR));
175 for (i = 0; i < aia->cAccDescr; i++)
176 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
177 szOID_PKIX_CA_ISSUERS))
179 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
180 == CERT_ALT_NAME_URL)
182 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
184 lstrcpyW(nextUrl,
185 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
186 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
187 nextUrl;
188 nextUrl += (lstrlenW(nextUrl) + 1);
193 if (ret)
195 if (pcbUrlInfo)
197 FIXME("url info: stub\n");
198 if (!pUrlInfo)
199 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
200 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
202 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
203 SetLastError(ERROR_MORE_DATA);
204 ret = FALSE;
206 else
208 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
209 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
213 LocalFree(aia);
216 else
217 SetLastError(CRYPT_E_NOT_FOUND);
218 return ret;
221 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
222 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
223 DWORD *pcbUrlInfo)
225 BOOL ret;
226 CRL_DIST_POINTS_INFO *info;
227 DWORD size;
229 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
230 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
231 if (ret)
233 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
235 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
236 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
237 == CRL_DIST_POINT_FULL_NAME)
239 DWORD j;
240 CERT_ALT_NAME_INFO *name =
241 &info->rgDistPoint[i].DistPointName.u.FullName;
243 for (j = 0; j < name->cAltEntry; j++)
244 if (name->rgAltEntry[j].dwAltNameChoice ==
245 CERT_ALT_NAME_URL)
247 if (name->rgAltEntry[j].u.pwszURL)
249 cUrl++;
250 bytesNeeded += sizeof(LPWSTR) +
251 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
252 * sizeof(WCHAR);
256 if (!pcbUrlArray)
258 SetLastError(E_INVALIDARG);
259 ret = FALSE;
261 else if (!pUrlArray)
262 *pcbUrlArray = bytesNeeded;
263 else if (*pcbUrlArray < bytesNeeded)
265 SetLastError(ERROR_MORE_DATA);
266 *pcbUrlArray = bytesNeeded;
267 ret = FALSE;
269 else
271 LPWSTR nextUrl;
273 *pcbUrlArray = bytesNeeded;
274 pUrlArray->cUrl = 0;
275 pUrlArray->rgwszUrl =
276 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
277 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
278 + cUrl * sizeof(LPWSTR));
279 for (i = 0; i < info->cDistPoint; i++)
280 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
281 == CRL_DIST_POINT_FULL_NAME)
283 DWORD j;
284 CERT_ALT_NAME_INFO *name =
285 &info->rgDistPoint[i].DistPointName.u.FullName;
287 for (j = 0; j < name->cAltEntry; j++)
288 if (name->rgAltEntry[j].dwAltNameChoice ==
289 CERT_ALT_NAME_URL)
291 if (name->rgAltEntry[j].u.pwszURL)
293 lstrcpyW(nextUrl,
294 name->rgAltEntry[j].u.pwszURL);
295 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
296 nextUrl;
297 nextUrl +=
298 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
303 if (ret)
305 if (pcbUrlInfo)
307 FIXME("url info: stub\n");
308 if (!pUrlInfo)
309 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
310 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
312 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
313 SetLastError(ERROR_MORE_DATA);
314 ret = FALSE;
316 else
318 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
319 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
323 LocalFree(info);
325 return ret;
328 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
329 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
330 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
332 PCCERT_CONTEXT cert = pvPara;
333 PCERT_EXTENSION ext;
334 BOOL ret = FALSE;
336 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
337 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
339 SetLastError(CRYPT_E_NOT_FOUND);
340 return FALSE;
342 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
343 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
344 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
345 pcbUrlArray, pUrlInfo, pcbUrlInfo);
346 else
347 SetLastError(CRYPT_E_NOT_FOUND);
348 return ret;
351 /***********************************************************************
352 * CryptGetObjectUrl (CRYPTNET.@)
354 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
355 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
356 DWORD *pcbUrlInfo, LPVOID pvReserved)
358 UrlDllGetObjectUrlFunc func = NULL;
359 HCRYPTOIDFUNCADDR hFunc = NULL;
360 BOOL ret = FALSE;
362 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
363 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
365 if (IS_INTOID(pszUrlOid))
367 switch (LOWORD(pszUrlOid))
369 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
370 func = CRYPT_GetUrlFromCertificateIssuer;
371 break;
372 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
373 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
374 break;
375 default:
376 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
377 SetLastError(ERROR_FILE_NOT_FOUND);
380 else
382 static HCRYPTOIDFUNCSET set = NULL;
384 if (!set)
385 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
386 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
387 (void **)&func, &hFunc);
389 if (func)
390 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
391 pUrlInfo, pcbUrlInfo, pvReserved);
392 if (hFunc)
393 CryptFreeOIDFunctionAddress(hFunc, 0);
394 return ret;
397 /***********************************************************************
398 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
400 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
401 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
402 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
403 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
405 BOOL ret = FALSE;
406 int len;
408 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
409 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
410 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
412 if (!pszURL)
414 SetLastError(ERROR_INVALID_PARAMETER);
415 return FALSE;
417 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
418 if (len)
420 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
422 if (url)
424 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
425 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
426 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
427 pCredentials, pvVerify, pAuxInfo);
428 CryptMemFree(url);
430 else
431 SetLastError(ERROR_OUTOFMEMORY);
433 return ret;
436 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
437 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
439 DWORD i;
441 for (i = 0; i < pObject->cBlob; i++)
442 CryptMemFree(pObject->rgBlob[i].pbData);
443 CryptMemFree(pObject->rgBlob);
446 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
448 BOOL ret;
449 LARGE_INTEGER size;
451 if ((ret = GetFileSizeEx(hFile, &size)))
453 if (size.u.HighPart)
455 WARN("file too big\n");
456 SetLastError(ERROR_INVALID_DATA);
457 ret = FALSE;
459 else
461 CRYPT_DATA_BLOB blob;
463 blob.pbData = CryptMemAlloc(size.u.LowPart);
464 if (blob.pbData)
466 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
467 NULL);
468 if (ret)
470 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
471 if (pObject->rgBlob)
473 pObject->cBlob = 1;
474 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
476 else
478 SetLastError(ERROR_OUTOFMEMORY);
479 ret = FALSE;
482 if (!ret)
483 CryptMemFree(blob.pbData);
485 else
487 SetLastError(ERROR_OUTOFMEMORY);
488 ret = FALSE;
492 return ret;
495 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
496 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
498 BOOL ret = FALSE;
499 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
500 DWORD size = 0;
502 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
504 RetrieveUrlCacheEntryFileW(pszURL, NULL, &size, 0);
505 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
506 return FALSE;
508 pCacheInfo = CryptMemAlloc(size);
509 if (!pCacheInfo)
511 SetLastError(ERROR_OUTOFMEMORY);
512 return FALSE;
515 if ((ret = RetrieveUrlCacheEntryFileW(pszURL, pCacheInfo, &size, 0)))
517 FILETIME ft;
519 GetSystemTimeAsFileTime(&ft);
520 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
522 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName, GENERIC_READ,
523 FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
525 if (hFile != INVALID_HANDLE_VALUE)
527 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
529 if (pAuxInfo && pAuxInfo->cbSize >=
530 offsetof(CRYPT_RETRIEVE_AUX_INFO,
531 pLastSyncTime) + sizeof(PFILETIME) &&
532 pAuxInfo->pLastSyncTime)
533 memcpy(pAuxInfo->pLastSyncTime,
534 &pCacheInfo->LastSyncTime,
535 sizeof(FILETIME));
537 CloseHandle(hFile);
539 else
541 DeleteUrlCacheEntryW(pszURL);
542 ret = FALSE;
545 else
547 DeleteUrlCacheEntryW(pszURL);
548 ret = FALSE;
550 UnlockUrlCacheEntryFileW(pszURL, 0);
552 CryptMemFree(pCacheInfo);
553 TRACE("returning %d\n", ret);
554 return ret;
557 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
558 * to NULL-terminated copies of those portions of the URL (to be freed with
559 * CryptMemFree.)
561 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
563 BOOL ret;
565 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
567 memset(components, 0, sizeof(*components));
568 components->dwStructSize = sizeof(*components);
569 components->lpszHostName = CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH * sizeof(WCHAR));
570 components->dwHostNameLength = INTERNET_MAX_HOST_NAME_LENGTH;
571 if (!components->lpszHostName)
573 SetLastError(ERROR_OUTOFMEMORY);
574 return FALSE;
576 components->lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
577 components->dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
578 if (!components->lpszUrlPath)
580 CryptMemFree(components->lpszHostName);
581 SetLastError(ERROR_OUTOFMEMORY);
582 return FALSE;
585 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
586 if (ret)
588 switch (components->nScheme)
590 case INTERNET_SCHEME_FTP:
591 if (!components->nPort)
592 components->nPort = INTERNET_DEFAULT_FTP_PORT;
593 break;
594 case INTERNET_SCHEME_HTTP:
595 if (!components->nPort)
596 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
597 break;
598 default:
599 ; /* do nothing */
602 TRACE("returning %d\n", ret);
603 return ret;
606 struct InetContext
608 HANDLE event;
609 DWORD timeout;
610 DWORD error;
613 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
615 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
617 if (context)
619 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
620 if (!context->event)
622 CryptMemFree(context);
623 context = NULL;
625 else
627 context->timeout = dwTimeout;
628 context->error = ERROR_SUCCESS;
631 return context;
634 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
635 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
636 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
638 CRYPT_DATA_BLOB object = { 0, NULL };
639 DWORD bytesAvailable;
640 BOOL ret;
642 do {
643 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
645 if (bytesAvailable)
647 if (object.pbData)
648 object.pbData = CryptMemRealloc(object.pbData,
649 object.cbData + bytesAvailable);
650 else
651 object.pbData = CryptMemAlloc(bytesAvailable);
652 if (object.pbData)
654 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
656 buffer.dwBufferLength = bytesAvailable;
657 buffer.lpvBuffer = object.pbData + object.cbData;
658 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
659 (DWORD_PTR)context)))
661 if (GetLastError() == ERROR_IO_PENDING)
663 if (WaitForSingleObject(context->event,
664 context->timeout) == WAIT_TIMEOUT)
665 SetLastError(ERROR_TIMEOUT);
666 else if (context->error)
667 SetLastError(context->error);
668 else
669 ret = TRUE;
672 if (ret)
673 object.cbData += buffer.dwBufferLength;
675 else
677 SetLastError(ERROR_OUTOFMEMORY);
678 ret = FALSE;
682 else if (GetLastError() == ERROR_IO_PENDING)
684 if (WaitForSingleObject(context->event, context->timeout) ==
685 WAIT_TIMEOUT)
686 SetLastError(ERROR_TIMEOUT);
687 else
688 ret = TRUE;
690 } while (ret && bytesAvailable);
691 if (ret)
693 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
694 if (!pObject->rgBlob)
696 CryptMemFree(object.pbData);
697 SetLastError(ERROR_OUTOFMEMORY);
698 ret = FALSE;
700 else
702 pObject->rgBlob[0].cbData = object.cbData;
703 pObject->rgBlob[0].pbData = object.pbData;
704 pObject->cBlob = 1;
707 TRACE("returning %d\n", ret);
708 return ret;
711 /* Finds the object specified by pszURL in the cache. If it's not found,
712 * creates a new cache entry for the object and writes the object to it.
713 * Sets the expiration time of the cache entry to expires.
715 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
716 DWORD dwRetrievalFlags, FILETIME expires)
718 WCHAR cacheFileName[MAX_PATH];
719 HANDLE hCacheFile;
720 DWORD size = 0, entryType;
721 FILETIME ft;
723 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
724 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
726 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
728 if (!info)
730 ERR("out of memory\n");
731 return;
734 if (GetUrlCacheEntryInfoW(pszURL, info, &size))
736 lstrcpyW(cacheFileName, info->lpszLocalFileName);
737 /* Check if the existing cache entry is up to date. If it isn't,
738 * remove the existing cache entry, and create a new one with the
739 * new value.
741 GetSystemTimeAsFileTime(&ft);
742 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
744 DeleteUrlCacheEntryW(pszURL);
746 else
748 info->ExpireTime = expires;
749 SetUrlCacheEntryInfoW(pszURL, info, CACHE_ENTRY_EXPTIME_FC);
750 CryptMemFree(info);
751 return;
754 CryptMemFree(info);
757 if (!CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL, cacheFileName, 0))
758 return;
760 hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
761 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
762 if(hCacheFile == INVALID_HANDLE_VALUE)
763 return;
765 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
766 pObject->rgBlob[0].cbData, &size, NULL);
767 CloseHandle(hCacheFile);
769 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
770 entryType = NORMAL_CACHE_ENTRY;
771 else
772 entryType = STICKY_CACHE_ENTRY;
773 memset(&ft, 0, sizeof(ft));
774 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
775 NULL, 0, NULL, NULL);
778 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
779 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
781 struct InetContext *context = (struct InetContext *)dwContext;
782 LPINTERNET_ASYNC_RESULT result;
784 switch (status)
786 case INTERNET_STATUS_REQUEST_COMPLETE:
787 result = statusInfo;
788 context->error = result->dwError;
789 SetEvent(context->event);
793 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
794 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
795 HINTERNET *phInt, HINTERNET *phHost)
797 BOOL ret;
799 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
800 components->nPort, context, pCredentials, phInt, phInt);
802 *phHost = NULL;
803 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL,
804 context ? INTERNET_FLAG_ASYNC : 0);
805 if (*phInt)
807 DWORD service;
809 if (context)
810 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
811 switch (components->nScheme)
813 case INTERNET_SCHEME_FTP:
814 service = INTERNET_SERVICE_FTP;
815 break;
816 case INTERNET_SCHEME_HTTP:
817 service = INTERNET_SERVICE_HTTP;
818 break;
819 default:
820 service = 0;
822 /* FIXME: use pCredentials for username/password */
823 *phHost = InternetConnectW(*phInt, components->lpszHostName,
824 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
825 if (!*phHost)
827 InternetCloseHandle(*phInt);
828 *phInt = NULL;
829 ret = FALSE;
831 else
832 ret = TRUE;
834 else
835 ret = FALSE;
836 TRACE("returning %d\n", ret);
837 return ret;
840 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
841 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
842 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
843 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
844 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
846 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
847 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
848 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
850 pObject->cBlob = 0;
851 pObject->rgBlob = NULL;
852 *ppfnFreeObject = CRYPT_FreeBlob;
853 *ppvFreeContext = NULL;
854 return FALSE;
857 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
858 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
859 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
860 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
861 0 };
862 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
863 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
864 't',0 };
865 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
866 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
867 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
868 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
869 's',0 };
870 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
871 '/','p','k','i','x','-','c','r','l',0 };
872 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
873 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
874 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
875 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
876 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
877 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
879 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
880 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
881 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
882 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
883 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
885 BOOL ret = FALSE;
887 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
888 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
889 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
891 pObject->cBlob = 0;
892 pObject->rgBlob = NULL;
893 *ppfnFreeObject = CRYPT_FreeBlob;
894 *ppvFreeContext = NULL;
896 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
897 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
898 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
899 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
901 URL_COMPONENTSW components;
903 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
905 HINTERNET hInt, hHost;
906 struct InetContext *context = NULL;
908 if (dwTimeout)
909 context = CRYPT_MakeInetContext(dwTimeout);
910 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
911 &hHost);
912 if (ret)
914 static LPCWSTR types[] = { x509cacert, x509emailcert,
915 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
916 pkcs7sig, pkcs7mime, NULL };
917 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
918 components.lpszUrlPath, NULL, NULL, types,
919 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
920 (DWORD_PTR)context);
922 if (hHttp)
924 if (dwTimeout)
926 InternetSetOptionW(hHttp,
927 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
928 sizeof(dwTimeout));
929 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
930 &dwTimeout, sizeof(dwTimeout));
932 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
933 (DWORD_PTR)context);
934 if (!ret && GetLastError() == ERROR_IO_PENDING)
936 if (WaitForSingleObject(context->event,
937 context->timeout) == WAIT_TIMEOUT)
938 SetLastError(ERROR_TIMEOUT);
939 else
940 ret = TRUE;
942 if (ret &&
943 !(ret = HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context)) &&
944 GetLastError() == ERROR_IO_PENDING)
946 if (WaitForSingleObject(context->event,
947 context->timeout) == WAIT_TIMEOUT)
948 SetLastError(ERROR_TIMEOUT);
949 else
950 ret = TRUE;
952 if (ret)
953 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
954 context, pObject, pAuxInfo);
955 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
957 SYSTEMTIME st;
958 FILETIME ft;
959 DWORD len = sizeof(st);
961 if (HttpQueryInfoW(hHttp, HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME,
962 &st, &len, NULL) && SystemTimeToFileTime(&st, &ft))
963 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags, ft);
965 InternetCloseHandle(hHttp);
967 InternetCloseHandle(hHost);
968 InternetCloseHandle(hInt);
970 if (context)
972 CloseHandle(context->event);
973 CryptMemFree(context);
975 CryptMemFree(components.lpszUrlPath);
976 CryptMemFree(components.lpszHostName);
979 TRACE("returning %d\n", ret);
980 return ret;
983 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
984 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
985 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
986 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
987 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
989 URL_COMPONENTSW components = { sizeof(components), 0 };
990 BOOL ret;
992 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
993 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
994 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
996 pObject->cBlob = 0;
997 pObject->rgBlob = NULL;
998 *ppfnFreeObject = CRYPT_FreeBlob;
999 *ppvFreeContext = NULL;
1001 components.lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
1002 components.dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
1003 if (!components.lpszUrlPath)
1005 SetLastError(ERROR_OUTOFMEMORY);
1006 return FALSE;
1009 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1010 if (ret)
1012 LPWSTR path;
1014 /* 3 == lstrlenW(L"c:") + 1 */
1015 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1016 if (path)
1018 HANDLE hFile;
1020 /* Try to create the file directly - Wine handles / in pathnames */
1021 lstrcpynW(path, components.lpszUrlPath,
1022 components.dwUrlPathLength + 1);
1023 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1024 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1025 if (hFile == INVALID_HANDLE_VALUE)
1027 /* Try again on the current drive */
1028 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1029 if (path[1] == ':')
1031 lstrcpynW(path + 2, components.lpszUrlPath,
1032 components.dwUrlPathLength + 1);
1033 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1034 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1036 if (hFile == INVALID_HANDLE_VALUE)
1038 /* Try again on the Windows drive */
1039 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1040 if (path[1] == ':')
1042 lstrcpynW(path + 2, components.lpszUrlPath,
1043 components.dwUrlPathLength + 1);
1044 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1045 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1049 if (hFile != INVALID_HANDLE_VALUE)
1051 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1053 if (pAuxInfo && pAuxInfo->cbSize >=
1054 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1055 pLastSyncTime) + sizeof(PFILETIME) &&
1056 pAuxInfo->pLastSyncTime)
1057 GetFileTime(hFile, NULL, NULL,
1058 pAuxInfo->pLastSyncTime);
1060 CloseHandle(hFile);
1062 else
1063 ret = FALSE;
1064 CryptMemFree(path);
1066 else
1068 SetLastError(ERROR_OUTOFMEMORY);
1069 ret = FALSE;
1072 CryptMemFree(components.lpszUrlPath);
1073 return ret;
1076 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1077 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1078 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1079 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1080 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1082 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1083 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1085 URL_COMPONENTSW components = { sizeof(components), 0 };
1086 BOOL ret;
1088 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1090 *pFunc = NULL;
1091 *phFunc = 0;
1092 components.dwSchemeLength = 1;
1093 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1094 if (ret)
1096 /* Microsoft always uses CryptInitOIDFunctionSet/
1097 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1098 * reason to do so for builtin schemes.
1100 switch (components.nScheme)
1102 case INTERNET_SCHEME_FTP:
1103 *pFunc = FTP_RetrieveEncodedObjectW;
1104 break;
1105 case INTERNET_SCHEME_HTTP:
1106 *pFunc = HTTP_RetrieveEncodedObjectW;
1107 break;
1108 case INTERNET_SCHEME_FILE:
1109 *pFunc = File_RetrieveEncodedObjectW;
1110 break;
1111 default:
1113 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1114 components.dwSchemeLength, NULL, 0, NULL, NULL);
1116 if (len)
1118 LPSTR scheme = CryptMemAlloc(len);
1120 if (scheme)
1122 static HCRYPTOIDFUNCSET set = NULL;
1124 if (!set)
1125 set = CryptInitOIDFunctionSet(
1126 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1127 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1128 components.dwSchemeLength, scheme, len, NULL, NULL);
1129 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1130 scheme, 0, (void **)pFunc, phFunc);
1131 CryptMemFree(scheme);
1133 else
1135 SetLastError(ERROR_OUTOFMEMORY);
1136 ret = FALSE;
1139 else
1140 ret = FALSE;
1144 TRACE("returning %d\n", ret);
1145 return ret;
1148 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1149 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1151 DWORD size, i;
1152 CRYPT_BLOB_ARRAY *context;
1153 BOOL ret = FALSE;
1155 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1156 for (i = 0; i < pObject->cBlob; i++)
1157 size += pObject->rgBlob[i].cbData;
1158 context = CryptMemAlloc(size);
1159 if (context)
1161 LPBYTE nextData;
1163 context->cBlob = 0;
1164 context->rgBlob =
1165 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1166 nextData =
1167 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1168 for (i = 0; i < pObject->cBlob; i++)
1170 memcpy(nextData, pObject->rgBlob[i].pbData,
1171 pObject->rgBlob[i].cbData);
1172 context->rgBlob[i].pbData = nextData;
1173 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1174 nextData += pObject->rgBlob[i].cbData;
1175 context->cBlob++;
1177 *ppvContext = context;
1178 ret = TRUE;
1180 return ret;
1183 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1184 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1186 static BOOL decode_base64_blob( const CRYPT_DATA_BLOB *in, CRYPT_DATA_BLOB *out )
1188 BOOL ret;
1189 DWORD len = in->cbData;
1191 while (len && !in->pbData[len - 1]) len--;
1192 if (!CryptStringToBinaryA( (char *)in->pbData, len, CRYPT_STRING_BASE64_ANY,
1193 NULL, &out->cbData, NULL, NULL )) return FALSE;
1195 if (!(out->pbData = CryptMemAlloc( out->cbData ))) return FALSE;
1196 ret = CryptStringToBinaryA( (char *)in->pbData, len, CRYPT_STRING_BASE64_ANY,
1197 out->pbData, &out->cbData, NULL, NULL );
1198 if (!ret) CryptMemFree( out->pbData );
1199 return ret;
1202 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1203 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1205 BOOL ret = TRUE;
1206 CRYPT_DATA_BLOB blob;
1208 if (!pObject->cBlob)
1210 SetLastError(ERROR_INVALID_DATA);
1211 *ppvContext = NULL;
1212 ret = FALSE;
1214 else if (pObject->cBlob == 1)
1216 if (decode_base64_blob(&pObject->rgBlob[0], &blob))
1218 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
1219 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0,
1220 NULL, NULL, NULL, NULL, NULL, (const void **)ppvContext);
1221 CryptMemFree(blob.pbData);
1223 else
1225 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1226 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0,
1227 NULL, NULL, NULL, NULL, NULL, (const void **)ppvContext);
1229 if (!ret)
1231 SetLastError(CRYPT_E_NO_MATCH);
1232 ret = FALSE;
1235 else
1237 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1238 CERT_STORE_CREATE_NEW_FLAG, NULL);
1240 if (store)
1242 DWORD i;
1243 const void *context;
1245 for (i = 0; i < pObject->cBlob; i++)
1247 if (decode_base64_blob(&pObject->rgBlob[i], &blob))
1249 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
1250 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY,
1251 0, NULL, NULL, NULL, NULL, NULL, &context);
1252 CryptMemFree(blob.pbData);
1254 else
1256 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1257 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1258 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1259 NULL, &context);
1261 if (ret)
1263 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1264 ret = FALSE;
1266 else
1268 SetLastError(CRYPT_E_NO_MATCH);
1269 ret = FALSE;
1273 else
1274 ret = FALSE;
1275 *ppvContext = store;
1277 return ret;
1280 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1281 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1283 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1284 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1287 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1288 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1290 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1291 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1294 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1295 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1297 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1298 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1301 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1302 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1304 BOOL ret;
1306 if (!pObject->cBlob)
1308 SetLastError(ERROR_INVALID_DATA);
1309 *ppvContext = NULL;
1310 ret = FALSE;
1312 else if (pObject->cBlob == 1)
1313 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1314 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1315 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1316 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1317 else
1319 FIXME("multiple messages unimplemented\n");
1320 ret = FALSE;
1322 return ret;
1325 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1326 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1328 BOOL ret;
1330 if (!pObject->cBlob)
1332 SetLastError(ERROR_INVALID_DATA);
1333 *ppvContext = NULL;
1334 ret = FALSE;
1336 else
1338 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1339 CERT_STORE_CREATE_NEW_FLAG, NULL);
1341 if (store)
1343 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1344 CERT_STORE_CREATE_NEW_FLAG, NULL);
1346 if (memStore)
1348 CertAddStoreToCollection(store, memStore,
1349 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1350 CertCloseStore(memStore, 0);
1352 else
1354 CertCloseStore(store, 0);
1355 store = NULL;
1358 if (store)
1360 DWORD i;
1362 ret = TRUE;
1363 for (i = 0; i < pObject->cBlob; i++)
1365 DWORD contentType, expectedContentTypes =
1366 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1367 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1368 CERT_QUERY_CONTENT_FLAG_CERT |
1369 CERT_QUERY_CONTENT_FLAG_CRL |
1370 CERT_QUERY_CONTENT_FLAG_CTL;
1371 HCERTSTORE contextStore;
1372 const void *context;
1374 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1375 &pObject->rgBlob[i], expectedContentTypes,
1376 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1377 &contextStore, NULL, &context))
1379 switch (contentType)
1381 case CERT_QUERY_CONTENT_CERT:
1382 if (!CertAddCertificateContextToStore(store,
1383 context, CERT_STORE_ADD_ALWAYS, NULL))
1384 ret = FALSE;
1385 CertFreeCertificateContext(context);
1386 break;
1387 case CERT_QUERY_CONTENT_CRL:
1388 if (!CertAddCRLContextToStore(store,
1389 context, CERT_STORE_ADD_ALWAYS, NULL))
1390 ret = FALSE;
1391 CertFreeCRLContext(context);
1392 break;
1393 case CERT_QUERY_CONTENT_CTL:
1394 if (!CertAddCTLContextToStore(store,
1395 context, CERT_STORE_ADD_ALWAYS, NULL))
1396 ret = FALSE;
1397 CertFreeCTLContext(context);
1398 break;
1399 default:
1400 CertAddStoreToCollection(store, contextStore, 0, 0);
1402 CertCloseStore(contextStore, 0);
1404 else
1405 ret = FALSE;
1408 else
1409 ret = FALSE;
1410 *ppvContext = store;
1412 return ret;
1415 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1416 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1418 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1419 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1421 BOOL ret = TRUE;
1423 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1425 *pFunc = NULL;
1426 *phFunc = 0;
1427 if (IS_INTOID(pszObjectOid))
1429 switch (LOWORD(pszObjectOid))
1431 case 0:
1432 *pFunc = CRYPT_CreateBlob;
1433 break;
1434 case LOWORD(CONTEXT_OID_CERTIFICATE):
1435 *pFunc = CRYPT_CreateCert;
1436 break;
1437 case LOWORD(CONTEXT_OID_CRL):
1438 *pFunc = CRYPT_CreateCRL;
1439 break;
1440 case LOWORD(CONTEXT_OID_CTL):
1441 *pFunc = CRYPT_CreateCTL;
1442 break;
1443 case LOWORD(CONTEXT_OID_PKCS7):
1444 *pFunc = CRYPT_CreatePKCS7;
1445 break;
1446 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1447 *pFunc = CRYPT_CreateAny;
1448 break;
1451 if (!*pFunc)
1453 static HCRYPTOIDFUNCSET set = NULL;
1455 if (!set)
1456 set = CryptInitOIDFunctionSet(
1457 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1458 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1459 0, (void **)pFunc, phFunc);
1461 TRACE("returning %d\n", ret);
1462 return ret;
1465 static BOOL CRYPT_GetExpiration(const void *object, const char *pszObjectOid, FILETIME *expiration)
1467 if (!IS_INTOID(pszObjectOid))
1468 return FALSE;
1470 switch (LOWORD(pszObjectOid)) {
1471 case LOWORD(CONTEXT_OID_CERTIFICATE):
1472 *expiration = ((const CERT_CONTEXT*)object)->pCertInfo->NotAfter;
1473 return TRUE;
1474 case LOWORD(CONTEXT_OID_CRL):
1475 *expiration = ((const CRL_CONTEXT*)object)->pCrlInfo->NextUpdate;
1476 return TRUE;
1477 case LOWORD(CONTEXT_OID_CTL):
1478 *expiration = ((const CTL_CONTEXT*)object)->pCtlInfo->NextUpdate;
1479 return TRUE;
1482 return FALSE;
1485 /***********************************************************************
1486 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1488 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1489 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1490 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1491 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1493 BOOL ret;
1494 SchemeDllRetrieveEncodedObjectW retrieve;
1495 ContextDllCreateObjectContext create;
1496 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1498 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1499 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1500 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1502 if (!pszURL)
1504 SetLastError(ERROR_INVALID_PARAMETER);
1505 return FALSE;
1507 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1508 if (ret)
1509 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1510 if (ret)
1512 CRYPT_BLOB_ARRAY object = { 0, NULL };
1513 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1514 void *freeContext;
1515 FILETIME expires;
1517 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1518 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1519 pAuxInfo);
1520 if (ret)
1522 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1523 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1524 CRYPT_GetExpiration(*ppvObject, pszObjectOid, &expires))
1526 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1528 freeObject(pszObjectOid, &object, freeContext);
1531 if (hCreate)
1532 CryptFreeOIDFunctionAddress(hCreate, 0);
1533 if (hRetrieve)
1534 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1535 TRACE("returning %d\n", ret);
1536 return ret;
1539 static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
1540 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1541 PCERT_REVOCATION_STATUS pRevStatus)
1543 DWORD error;
1544 PCRL_ENTRY entry = NULL;
1546 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1547 if (entry)
1549 error = CRYPT_E_REVOKED;
1550 pRevStatus->dwIndex = index;
1552 else
1554 /* Since the CRL was retrieved for the cert being checked, then it's
1555 * guaranteed to be fresh, and the cert is not revoked.
1557 error = ERROR_SUCCESS;
1559 return error;
1562 static DWORD verify_cert_revocation_from_dist_points_ext(
1563 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1564 FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
1565 PCERT_REVOCATION_STATUS pRevStatus)
1567 DWORD error = ERROR_SUCCESS, cbUrlArray;
1569 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1571 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1573 if (urlArray)
1575 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1576 BOOL ret;
1578 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1579 &cbUrlArray, NULL, NULL);
1580 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1581 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1582 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1583 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1584 dwUrlRetrievalTimeout) + sizeof(DWORD))
1586 startTime = GetTickCount();
1587 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1588 timeout = pRevPara->dwUrlRetrievalTimeout;
1590 else
1591 endTime = timeout = 0;
1592 if (!ret)
1593 error = GetLastError();
1594 /* continue looping if one was offline; break if revoked or timed out */
1595 for (j = 0; (!error || error == CRYPT_E_REVOCATION_OFFLINE) && j < urlArray->cUrl; j++)
1597 PCCRL_CONTEXT crl;
1599 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1600 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1601 NULL, NULL, NULL, NULL);
1602 if (ret)
1604 error = verify_cert_revocation_with_crl_online(cert, crl,
1605 index, pTime, pRevStatus);
1606 if (!error && timeout)
1608 DWORD time = GetTickCount();
1610 if ((int)(endTime - time) <= 0)
1612 error = ERROR_TIMEOUT;
1613 pRevStatus->dwIndex = index;
1615 else
1616 timeout = endTime - time;
1618 CertFreeCRLContext(crl);
1620 else
1621 error = CRYPT_E_REVOCATION_OFFLINE;
1623 CryptMemFree(urlArray);
1625 else
1627 error = ERROR_OUTOFMEMORY;
1628 pRevStatus->dwIndex = index;
1631 else
1633 error = GetLastError();
1634 pRevStatus->dwIndex = index;
1636 return error;
1639 static DWORD verify_cert_revocation_from_aia_ext(
1640 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1641 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1642 PCERT_REVOCATION_STATUS pRevStatus)
1644 BOOL ret;
1645 DWORD error, size;
1646 CERT_AUTHORITY_INFO_ACCESS *aia;
1648 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1649 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1650 if (ret)
1652 DWORD i;
1654 for (i = 0; i < aia->cAccDescr; i++)
1655 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1656 szOID_PKIX_OCSP))
1658 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1659 CERT_ALT_NAME_URL)
1660 FIXME("OCSP URL = %s\n",
1661 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1662 else
1663 FIXME("unsupported AccessLocation type %d\n",
1664 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1666 LocalFree(aia);
1667 /* FIXME: lie and pretend OCSP validated the cert */
1668 error = ERROR_SUCCESS;
1670 else
1671 error = GetLastError();
1672 return error;
1675 static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
1676 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1677 PCERT_REVOCATION_STATUS pRevStatus)
1679 DWORD error;
1680 LONG valid;
1682 valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
1683 if (valid <= 0)
1685 /* If this CRL is not older than the time being verified, there's no
1686 * way to know whether the certificate was revoked.
1688 TRACE("CRL not old enough\n");
1689 error = CRYPT_E_REVOCATION_OFFLINE;
1691 else
1693 PCRL_ENTRY entry = NULL;
1695 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1696 if (entry)
1698 error = CRYPT_E_REVOKED;
1699 pRevStatus->dwIndex = index;
1701 else
1703 /* Since the CRL was not retrieved for the cert being checked,
1704 * there's no guarantee it's fresh, so the cert *might* be okay,
1705 * but it's safer not to guess.
1707 TRACE("certificate not found\n");
1708 error = CRYPT_E_REVOCATION_OFFLINE;
1711 return error;
1714 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1715 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1716 PCERT_REVOCATION_STATUS pRevStatus)
1718 DWORD error = ERROR_SUCCESS;
1719 PCERT_EXTENSION ext;
1721 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1722 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1723 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1724 index, pTime, dwFlags, pRevPara, pRevStatus);
1725 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1726 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1727 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1728 index, pTime, dwFlags, pRevPara, pRevStatus);
1729 else
1731 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1733 PCCRL_CONTEXT crl = NULL;
1734 BOOL canSignCRLs;
1736 /* If the caller told us about the issuer, make sure the issuer
1737 * can sign CRLs before looking for one.
1739 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1740 pRevPara->pIssuerCert->pCertInfo->cExtension,
1741 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1743 CRYPT_BIT_BLOB usage;
1744 DWORD size = sizeof(usage);
1746 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1747 ext->Value.pbData, ext->Value.cbData,
1748 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1749 canSignCRLs = FALSE;
1750 else if (usage.cbData > 2)
1752 /* The key usage extension only defines 9 bits => no more
1753 * than 2 bytes are needed to encode all known usages.
1755 canSignCRLs = FALSE;
1757 else
1759 BYTE usageBits = usage.pbData[usage.cbData - 1];
1761 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1764 else
1765 canSignCRLs = TRUE;
1766 if (canSignCRLs)
1768 /* If the caller was helpful enough to tell us where to find a
1769 * CRL for the cert, look for one and check it.
1771 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1772 cert->dwCertEncodingType,
1773 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1774 CRL_FIND_ISSUED_BY_AKI_FLAG,
1775 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1777 if (crl)
1779 error = verify_cert_revocation_with_crl_offline(cert, crl,
1780 index, pTime, pRevStatus);
1781 CertFreeCRLContext(crl);
1783 else
1785 TRACE("no CRL found\n");
1786 error = CRYPT_E_NO_REVOCATION_CHECK;
1787 pRevStatus->dwIndex = index;
1790 else
1792 if (!pRevPara)
1793 WARN("no CERT_REVOCATION_PARA\n");
1794 else if (!pRevPara->hCrlStore)
1795 WARN("no dist points/aia extension and no CRL store\n");
1796 else if (!pRevPara->pIssuerCert)
1797 WARN("no dist points/aia extension and no issuer\n");
1798 error = CRYPT_E_NO_REVOCATION_CHECK;
1799 pRevStatus->dwIndex = index;
1802 return error;
1805 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1806 DWORD cbSize;
1807 PCCERT_CONTEXT pIssuerCert;
1808 DWORD cCertStore;
1809 HCERTSTORE *rgCertStore;
1810 HCERTSTORE hCrlStore;
1811 LPFILETIME pftTimeToUse;
1812 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1814 typedef struct _OLD_CERT_REVOCATION_STATUS {
1815 DWORD cbSize;
1816 DWORD dwIndex;
1817 DWORD dwError;
1818 DWORD dwReason;
1819 } OLD_CERT_REVOCATION_STATUS;
1821 /***********************************************************************
1822 * CertDllVerifyRevocation (CRYPTNET.@)
1824 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1825 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1826 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1828 DWORD error = 0, i;
1829 FILETIME now;
1830 LPFILETIME pTime = NULL;
1832 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1833 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1835 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1836 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1838 SetLastError(E_INVALIDARG);
1839 return FALSE;
1841 if (!cContext)
1843 SetLastError(E_INVALIDARG);
1844 return FALSE;
1846 if (pRevPara && pRevPara->cbSize >=
1847 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1848 pTime = pRevPara->pftTimeToUse;
1849 if (!pTime)
1851 GetSystemTimeAsFileTime(&now);
1852 pTime = &now;
1854 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1855 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1856 error = CRYPT_E_NO_REVOCATION_CHECK;
1857 else
1859 for (i = 0; !error && i < cContext; i++)
1860 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1861 pRevPara, pRevStatus);
1863 if (error)
1865 SetLastError(error);
1866 pRevStatus->dwError = error;
1868 TRACE("returning %d (%08x)\n", !error, error);
1869 return !error;