search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dinput: Use vid/pid for first chunk of product guid on OSX, too.
[wine.git] / dlls / wintrust / softpub.c
blobd65d2b681d1a765446491339e315f65c7d9602f1
1 /*
2 * Copyright 2007 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 */
18 #include <stdarg.h>
19
20 #define NONAMELESSUNION
21
22 #include "windef.h"
23 #include "winbase.h"
24 #include "wintrust.h"
25 #include "mssip.h"
26 #include "softpub.h"
27 #include "winnls.h"
28 #include "wine/debug.h"
29
30 WINE_DEFAULT_DEBUG_CHANNEL(wintrust);
31
32 HRESULT WINAPI SoftpubDefCertInit(CRYPT_PROVIDER_DATA *data)
33 {
34 HRESULT ret = S_FALSE;
35
36 TRACE("(%p)\n", data);
37
38 if (data->padwTrustStepErrors &&
39 !data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT])
40 ret = S_OK;
41 TRACE("returning %08x\n", ret);
42 return ret;
43 }
44
45 HRESULT WINAPI SoftpubInitialize(CRYPT_PROVIDER_DATA *data)
46 {
47 HRESULT ret = S_FALSE;
48
49 TRACE("(%p)\n", data);
50
51 if (data->padwTrustStepErrors &&
52 !data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT])
53 ret = S_OK;
54 TRACE("returning %08x\n", ret);
55 return ret;
56 }
57
58 HRESULT WINAPI DriverInitializePolicy(CRYPT_PROVIDER_DATA *data)
59 {
60 FIXME("stub\n");
61 return S_OK;
62 }
63
64 HRESULT WINAPI DriverCleanupPolicy(CRYPT_PROVIDER_DATA *data)
65 {
66 FIXME("stub\n");
67 return S_OK;
68 }
69
70 HRESULT WINAPI DriverFinalPolicy(CRYPT_PROVIDER_DATA *data)
71 {
72 FIXME("stub\n");
73 return S_OK;
74 }
75
76 /* Assumes data->pWintrustData->u.pFile exists. Makes sure a file handle is
77 * open for the file.
78 */
79 static DWORD SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
80 {
81 DWORD err = ERROR_SUCCESS;
82
83 /* PSDK implies that all values should be initialized to NULL, so callers
84 * typically have hFile as NULL rather than INVALID_HANDLE_VALUE. Check
85 * for both.
86 */
87 if (!data->pWintrustData->u.pFile->hFile ||
88 data->pWintrustData->u.pFile->hFile == INVALID_HANDLE_VALUE)
89 {
90 data->pWintrustData->u.pFile->hFile =
91 CreateFileW(data->pWintrustData->u.pFile->pcwszFilePath, GENERIC_READ,
92 FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
93 if (data->pWintrustData->u.pFile->hFile != INVALID_HANDLE_VALUE)
94 data->fOpenedFile = TRUE;
95 else
96 err = GetLastError();
97 }
98 if (!err)
99 GetFileTime(data->pWintrustData->u.pFile->hFile, &data->sftSystemTime,
100 NULL, NULL);
101 TRACE("returning %d\n", err);
102 return err;
103 }
104
105 /* Assumes data->pWintrustData->u.pFile exists. Sets data->pPDSip->gSubject to
106 * the file's subject GUID.
107 */
108 static DWORD SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
109 {
110 DWORD err = ERROR_SUCCESS;
111
112 if (!WVT_ISINSTRUCT(WINTRUST_FILE_INFO,
113 data->pWintrustData->u.pFile->cbStruct, pgKnownSubject) ||
114 !data->pWintrustData->u.pFile->pgKnownSubject)
115 {
116 if (!CryptSIPRetrieveSubjectGuid(
117 data->pWintrustData->u.pFile->pcwszFilePath,
118 data->pWintrustData->u.pFile->hFile,
119 &data->u.pPDSip->gSubject))
120 {
121 LARGE_INTEGER fileSize;
122 DWORD sipError = GetLastError();
123
124 /* Special case for empty files: the error is expected to be
125 * TRUST_E_SUBJECT_FORM_UNKNOWN, rather than whatever
126 * CryptSIPRetrieveSubjectGuid returns.
127 */
128 if (GetFileSizeEx(data->pWintrustData->u.pFile->hFile, &fileSize)
129 && !fileSize.QuadPart)
130 err = TRUST_E_SUBJECT_FORM_UNKNOWN;
131 else
132 err = sipError;
133 }
134 }
135 else
136 data->u.pPDSip->gSubject = *data->pWintrustData->u.pFile->pgKnownSubject;
137 TRACE("returning %d\n", err);
138 return err;
139 }
140
141 /* Assumes data->u.pPDSip exists, and its gSubject member set.
142 * Allocates data->u.pPDSip->pSip and loads it, if possible.
143 */
144 static DWORD SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
145 {
146 DWORD err = ERROR_SUCCESS;
147
148 data->u.pPDSip->pSip = data->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO));
149 if (data->u.pPDSip->pSip)
150 {
151 if (!CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip))
152 err = GetLastError();
153 }
154 else
155 err = ERROR_OUTOFMEMORY;
156 TRACE("returning %d\n", err);
157 return err;
158 }
159
160 /* Assumes data->u.pPDSip has been loaded, and data->u.pPDSip->pSip allocated.
161 * Calls data->u.pPDSip->pSip->pfGet to construct data->hMsg.
162 */
163 static DWORD SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file,
164 LPCWSTR filePath)
165 {
166 DWORD err = ERROR_SUCCESS;
167 BOOL ret;
168 LPBYTE buf = NULL;
169 DWORD size = 0;
170
171 data->u.pPDSip->psSipSubjectInfo =
172 data->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO));
173 if (!data->u.pPDSip->psSipSubjectInfo)
174 return ERROR_OUTOFMEMORY;
175
176 data->u.pPDSip->psSipSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO);
177 data->u.pPDSip->psSipSubjectInfo->pgSubjectType = &data->u.pPDSip->gSubject;
178 data->u.pPDSip->psSipSubjectInfo->hFile = file;
179 data->u.pPDSip->psSipSubjectInfo->pwsFileName = filePath;
180 data->u.pPDSip->psSipSubjectInfo->hProv = data->hProv;
181 ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
182 &data->dwEncoding, 0, &size, 0);
183 if (!ret)
184 return TRUST_E_NOSIGNATURE;
185
186 buf = data->psPfns->pfnAlloc(size);
187 if (!buf)
188 return ERROR_OUTOFMEMORY;
189
190 ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
191 &data->dwEncoding, 0, &size, buf);
192 if (ret)
193 {
194 data->hMsg = CryptMsgOpenToDecode(data->dwEncoding, 0, 0, data->hProv,
195 NULL, NULL);
196 if (data->hMsg)
197 {
198 ret = CryptMsgUpdate(data->hMsg, buf, size, TRUE);
199 if (!ret)
200 err = GetLastError();
201 }
202 }
203 else
204 err = GetLastError();
205
206 data->psPfns->pfnFree(buf);
207 TRACE("returning %d\n", err);
208 return err;
209 }
210
211 static DWORD SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
212 {
213 DWORD err = ERROR_SUCCESS;
214 HCERTSTORE store;
215
216 store = CertOpenStore(CERT_STORE_PROV_MSG, data->dwEncoding,
217 data->hProv, CERT_STORE_NO_CRYPT_RELEASE_FLAG, data->hMsg);
218 if (store)
219 {
220 if (!data->psPfns->pfnAddStore2Chain(data, store))
221 err = GetLastError();
222 CertCloseStore(store, 0);
223 }
224 else
225 err = GetLastError();
226 TRACE("returning %d\n", err);
227 return err;
228 }
229
230 static DWORD SOFTPUB_DecodeInnerContent(CRYPT_PROVIDER_DATA *data)
231 {
232 BOOL ret;
233 DWORD size, err = ERROR_SUCCESS;
234 LPSTR oid = NULL;
235 LPBYTE buf = NULL;
236
237 ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL,
238 &size);
239 if (!ret)
240 {
241 err = GetLastError();
242 goto error;
243 }
244 oid = data->psPfns->pfnAlloc(size);
245 if (!oid)
246 {
247 err = ERROR_OUTOFMEMORY;
248 goto error;
249 }
250 ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, oid,
251 &size);
252 if (!ret)
253 {
254 err = GetLastError();
255 goto error;
256 }
257 ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &size);
258 if (!ret)
259 {
260 err = GetLastError();
261 goto error;
262 }
263 buf = data->psPfns->pfnAlloc(size);
264 if (!buf)
265 {
266 err = ERROR_OUTOFMEMORY;
267 goto error;
268 }
269 ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, buf, &size);
270 if (!ret)
271 {
272 err = GetLastError();
273 goto error;
274 }
275 ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0, NULL, &size);
276 if (!ret)
277 {
278 err = GetLastError();
279 goto error;
280 }
281 data->u.pPDSip->psIndirectData = data->psPfns->pfnAlloc(size);
282 if (!data->u.pPDSip->psIndirectData)
283 {
284 err = ERROR_OUTOFMEMORY;
285 goto error;
286 }
287 ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0,
288 data->u.pPDSip->psIndirectData, &size);
289 if (!ret)
290 err = GetLastError();
291
292 error:
293 TRACE("returning %d\n", err);
294 data->psPfns->pfnFree(oid);
295 data->psPfns->pfnFree(buf);
296 return err;
297 }
298
299 static DWORD SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data)
300 {
301 DWORD err = ERROR_SUCCESS;
302
303 if (data->pWintrustData->u.pCert &&
304 WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_CERT_INFO,
305 data->pWintrustData->u.pCert->cbStruct, psCertContext))
306 {
307 if (data->psPfns)
308 {
309 CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } };
310 DWORD i;
311 BOOL ret;
312
313 /* Add a signer with nothing but the time to verify, so we can
314 * add a cert to it
315 */
316 if (WVT_ISINSTRUCT(WINTRUST_CERT_INFO,
317 data->pWintrustData->u.pCert->cbStruct, psftVerifyAsOf) &&
318 data->pWintrustData->u.pCert->psftVerifyAsOf)
319 data->sftSystemTime = signer.sftVerifyAsOf;
320 else
321 {
322 SYSTEMTIME sysTime;
323
324 GetSystemTime(&sysTime);
325 SystemTimeToFileTime(&sysTime, &signer.sftVerifyAsOf);
326 }
327 ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, 0, &signer);
328 if (ret)
329 {
330 ret = data->psPfns->pfnAddCert2Chain(data, 0, FALSE, 0,
331 data->pWintrustData->u.pCert->psCertContext);
332 if (WVT_ISINSTRUCT(WINTRUST_CERT_INFO,
333 data->pWintrustData->u.pCert->cbStruct, pahStores))
334 for (i = 0;
335 ret && i < data->pWintrustData->u.pCert->chStores; i++)
336 ret = data->psPfns->pfnAddStore2Chain(data,
337 data->pWintrustData->u.pCert->pahStores[i]);
338 }
339 if (!ret)
340 err = GetLastError();
341 }
342 }
343 else
344 err = ERROR_INVALID_PARAMETER;
345 return err;
346 }
347
348 static DWORD SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data)
349 {
350 DWORD err = ERROR_SUCCESS;
351
352 if (!data->pWintrustData->u.pFile)
353 {
354 err = ERROR_INVALID_PARAMETER;
355 goto error;
356 }
357 err = SOFTPUB_OpenFile(data);
358 if (err)
359 goto error;
360 err = SOFTPUB_GetFileSubject(data);
361 if (err)
362 goto error;
363 err = SOFTPUB_GetSIP(data);
364 if (err)
365 goto error;
366 err = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile,
367 data->pWintrustData->u.pFile->pcwszFilePath);
368 if (err)
369 goto error;
370 err = SOFTPUB_CreateStoreFromMessage(data);
371 if (err)
372 goto error;
373 err = SOFTPUB_DecodeInnerContent(data);
374
375 error:
376 if (err && data->fOpenedFile && data->pWintrustData->u.pFile)
377 {
378 /* The caller won't expect the file to be open on failure, so close it.
379 */
380 CloseHandle(data->pWintrustData->u.pFile->hFile);
381 data->pWintrustData->u.pFile->hFile = INVALID_HANDLE_VALUE;
382 data->fOpenedFile = FALSE;
383 }
384 return err;
385 }
386
387 static DWORD SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data)
388 {
389 DWORD err;
390 HANDLE catalog = INVALID_HANDLE_VALUE;
391
392 if (!data->pWintrustData->u.pCatalog)
393 {
394 SetLastError(ERROR_INVALID_PARAMETER);
395 return FALSE;
396 }
397 catalog = CreateFileW(data->pWintrustData->u.pCatalog->pcwszCatalogFilePath,
398 GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
399 NULL);
400 if (catalog == INVALID_HANDLE_VALUE)
401 return GetLastError();
402 if (!CryptSIPRetrieveSubjectGuid(
403 data->pWintrustData->u.pCatalog->pcwszCatalogFilePath, catalog,
404 &data->u.pPDSip->gSubject))
405 {
406 err = GetLastError();
407 goto error;
408 }
409 err = SOFTPUB_GetSIP(data);
410 if (err)
411 goto error;
412 err = SOFTPUB_GetMessageFromFile(data, catalog,
413 data->pWintrustData->u.pCatalog->pcwszCatalogFilePath);
414 if (err)
415 goto error;
416 err = SOFTPUB_CreateStoreFromMessage(data);
417 if (err)
418 goto error;
419 err = SOFTPUB_DecodeInnerContent(data);
420 /* FIXME: this loads the catalog file, but doesn't validate the member. */
421 error:
422 CloseHandle(catalog);
423 return err;
424 }
425
426 HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *data)
427 {
428 DWORD err = ERROR_SUCCESS;
429
430 TRACE("(%p)\n", data);
431
432 if (!data->padwTrustStepErrors)
433 return S_FALSE;
434
435 switch (data->pWintrustData->dwUnionChoice)
436 {
437 case WTD_CHOICE_CERT:
438 err = SOFTPUB_LoadCertMessage(data);
439 break;
440 case WTD_CHOICE_FILE:
441 err = SOFTPUB_LoadFileMessage(data);
442 break;
443 case WTD_CHOICE_CATALOG:
444 err = SOFTPUB_LoadCatalogMessage(data);
445 break;
446 default:
447 FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice);
448 err = ERROR_INVALID_PARAMETER;
449 }
450
451 if (err)
452 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = err;
453 TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
454 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]);
455 return !err ? S_OK : S_FALSE;
456 }
457
458 static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data,
459 DWORD signerIdx)
460 {
461 BOOL ret;
462 CMSG_SIGNER_INFO *signerInfo = NULL;
463 DWORD size;
464
465 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_INFO_PARAM, signerIdx,
466 NULL, &size);
467 if (ret)
468 {
469 signerInfo = data->psPfns->pfnAlloc(size);
470 if (signerInfo)
471 {
472 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_INFO_PARAM,
473 signerIdx, signerInfo, &size);
474 if (!ret)
475 {
476 data->psPfns->pfnFree(signerInfo);
477 signerInfo = NULL;
478 }
479 }
480 else
481 SetLastError(ERROR_OUTOFMEMORY);
482 }
483 return signerInfo;
484 }
485
486 static BOOL WINTRUST_GetTimeFromCounterSigner(
487 const CMSG_CMS_SIGNER_INFO *counterSignerInfo, FILETIME *time)
488 {
489 DWORD i;
490 BOOL foundTimeStamp = FALSE;
491
492 for (i = 0; !foundTimeStamp && i < counterSignerInfo->AuthAttrs.cAttr; i++)
493 {
494 if (!strcmp(counterSignerInfo->AuthAttrs.rgAttr[i].pszObjId,
495 szOID_RSA_signingTime))
496 {
497 const CRYPT_ATTRIBUTE *attr =
498 &counterSignerInfo->AuthAttrs.rgAttr[i];
499 DWORD j;
500
501 for (j = 0; !foundTimeStamp && j < attr->cValue; j++)
502 {
503 static const DWORD encoding = X509_ASN_ENCODING |
504 PKCS_7_ASN_ENCODING;
505 DWORD size = sizeof(FILETIME);
506
507 foundTimeStamp = CryptDecodeObjectEx(encoding,
508 X509_CHOICE_OF_TIME,
509 attr->rgValue[j].pbData, attr->rgValue[j].cbData, 0, NULL,
510 time, &size);
511 }
512 }
513 }
514 return foundTimeStamp;
515 }
516
517 static LPCSTR filetime_to_str(const FILETIME *time)
518 {
519 static char date[80];
520 char dateFmt[80]; /* sufficient for all versions of LOCALE_SSHORTDATE */
521 SYSTEMTIME sysTime;
522
523 if (!time) return NULL;
524
525 GetLocaleInfoA(LOCALE_SYSTEM_DEFAULT, LOCALE_SSHORTDATE, dateFmt, ARRAY_SIZE(dateFmt));
526 FileTimeToSystemTime(time, &sysTime);
527 GetDateFormatA(LOCALE_SYSTEM_DEFAULT, 0, &sysTime, dateFmt, date, ARRAY_SIZE(date));
528 return date;
529 }
530
531 static FILETIME WINTRUST_GetTimeFromSigner(const CRYPT_PROVIDER_DATA *data,
532 const CMSG_SIGNER_INFO *signerInfo)
533 {
534 DWORD i;
535 FILETIME time;
536 BOOL foundTimeStamp = FALSE;
537
538 for (i = 0; !foundTimeStamp && i < signerInfo->UnauthAttrs.cAttr; i++)
539 {
540 if (!strcmp(signerInfo->UnauthAttrs.rgAttr[i].pszObjId,
541 szOID_RSA_counterSign))
542 {
543 const CRYPT_ATTRIBUTE *attr = &signerInfo->UnauthAttrs.rgAttr[i];
544 DWORD j;
545
546 for (j = 0; j < attr->cValue; j++)
547 {
548 static const DWORD encoding = X509_ASN_ENCODING |
549 PKCS_7_ASN_ENCODING;
550 CMSG_CMS_SIGNER_INFO *counterSignerInfo;
551 DWORD size;
552 BOOL ret = CryptDecodeObjectEx(encoding, CMS_SIGNER_INFO,
553 attr->rgValue[j].pbData, attr->rgValue[j].cbData,
554 CRYPT_DECODE_ALLOC_FLAG, NULL, &counterSignerInfo, &size);
555 if (ret)
556 {
557 /* FIXME: need to verify countersigner signature too */
558 foundTimeStamp = WINTRUST_GetTimeFromCounterSigner(
559 counterSignerInfo, &time);
560 LocalFree(counterSignerInfo);
561 }
562 }
563 }
564 }
565 if (!foundTimeStamp)
566 {
567 TRACE("returning system time %s\n",
568 filetime_to_str(&data->sftSystemTime));
569 time = data->sftSystemTime;
570 }
571 else
572 TRACE("returning time from message %s\n", filetime_to_str(&time));
573 return time;
574 }
575
576 static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
577 {
578 DWORD err;
579 CMSG_SIGNER_INFO *signerInfo = WINTRUST_GetSigner(data, signerIdx);
580
581 if (signerInfo)
582 {
583 CRYPT_PROVIDER_SGNR sgnr = { sizeof(sgnr), { 0 } };
584
585 sgnr.psSigner = signerInfo;
586 sgnr.sftVerifyAsOf = WINTRUST_GetTimeFromSigner(data, signerInfo);
587 if (!data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr))
588 err = GetLastError();
589 else
590 err = ERROR_SUCCESS;
591 }
592 else
593 err = GetLastError();
594 return err;
595 }
596
597 static CERT_INFO *WINTRUST_GetSignerCertInfo(CRYPT_PROVIDER_DATA *data,
598 DWORD signerIdx)
599 {
600 BOOL ret;
601 CERT_INFO *certInfo = NULL;
602 DWORD size;
603
604 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_CERT_INFO_PARAM, signerIdx,
605 NULL, &size);
606 if (ret)
607 {
608 certInfo = data->psPfns->pfnAlloc(size);
609 if (certInfo)
610 {
611 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_CERT_INFO_PARAM,
612 signerIdx, certInfo, &size);
613 if (!ret)
614 {
615 data->psPfns->pfnFree(certInfo);
616 certInfo = NULL;
617 }
618 }
619 else
620 SetLastError(ERROR_OUTOFMEMORY);
621 }
622 return certInfo;
623 }
624
625 static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
626 {
627 DWORD err;
628 CERT_INFO *certInfo = WINTRUST_GetSignerCertInfo(data, signerIdx);
629
630 if (certInfo)
631 {
632 PCCERT_CONTEXT subject = CertGetSubjectCertificateFromStore(
633 data->pahStores[0], data->dwEncoding, certInfo);
634
635 if (subject)
636 {
637 CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para = { sizeof(para), 0,
638 signerIdx, CMSG_VERIFY_SIGNER_CERT, (LPVOID)subject };
639
640 if (!CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
641 &para))
642 err = TRUST_E_CERT_SIGNATURE;
643 else
644 {
645 data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
646 subject);
647 err = ERROR_SUCCESS;
648 }
649 CertFreeCertificateContext(subject);
650 }
651 else
652 err = TRUST_E_NO_SIGNER_CERT;
653 data->psPfns->pfnFree(certInfo);
654 }
655 else
656 err = GetLastError();
657 return err;
658 }
659
660 HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
661 {
662 DWORD err;
663
664 TRACE("(%p)\n", data);
665
666 if (!data->padwTrustStepErrors)
667 return S_FALSE;
668
669 if (data->hMsg)
670 {
671 DWORD signerCount, size;
672
673 size = sizeof(signerCount);
674 if (CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
675 &signerCount, &size))
676 {
677 DWORD i;
678
679 err = ERROR_SUCCESS;
680 for (i = 0; !err && i < signerCount; i++)
681 {
682 if (!(err = WINTRUST_SaveSigner(data, i)))
683 err = WINTRUST_VerifySigner(data, i);
684 }
685 }
686 else
687 err = TRUST_E_NOSIGNATURE;
688 }
689 else
690 err = ERROR_SUCCESS;
691 if (err)
692 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = err;
693 return !err ? S_OK : S_FALSE;
694 }
695
696 static DWORD WINTRUST_TrustStatusToConfidence(DWORD errorStatus)
697 {
698 DWORD confidence = 0;
699
700 confidence = 0;
701 if (!(errorStatus & CERT_TRUST_IS_NOT_SIGNATURE_VALID))
702 confidence |= CERT_CONFIDENCE_SIG;
703 if (!(errorStatus & CERT_TRUST_IS_NOT_TIME_VALID))
704 confidence |= CERT_CONFIDENCE_TIME;
705 if (!(errorStatus & CERT_TRUST_IS_NOT_TIME_NESTED))
706 confidence |= CERT_CONFIDENCE_TIMENEST;
707 return confidence;
708 }
709
710 BOOL WINAPI SoftpubCheckCert(CRYPT_PROVIDER_DATA *data, DWORD idxSigner,
711 BOOL fCounterSignerChain, DWORD idxCounterSigner)
712 {
713 BOOL ret;
714
715 TRACE("(%p, %d, %d, %d)\n", data, idxSigner, fCounterSignerChain,
716 idxCounterSigner);
717
718 if (fCounterSignerChain)
719 {
720 FIXME("unimplemented for counter signers\n");
721 ret = FALSE;
722 }
723 else
724 {
725 PCERT_SIMPLE_CHAIN simpleChain =
726 data->pasSigners[idxSigner].pChainContext->rgpChain[0];
727 DWORD i;
728
729 ret = TRUE;
730 for (i = 0; i < simpleChain->cElement; i++)
731 {
732 /* Set confidence */
733 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence =
734 WINTRUST_TrustStatusToConfidence(
735 simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus);
736 /* Set additional flags */
737 if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
738 CERT_TRUST_IS_UNTRUSTED_ROOT))
739 data->pasSigners[idxSigner].pasCertChain[i].fTrustedRoot = TRUE;
740 if (simpleChain->rgpElement[i]->TrustStatus.dwInfoStatus &
741 CERT_TRUST_IS_SELF_SIGNED)
742 data->pasSigners[idxSigner].pasCertChain[i].fSelfSigned = TRUE;
743 if (simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
744 CERT_TRUST_IS_CYCLIC)
745 data->pasSigners[idxSigner].pasCertChain[i].fIsCyclic = TRUE;
746 }
747 }
748 return ret;
749 }
750
751 static DWORD WINTRUST_TrustStatusToError(DWORD errorStatus)
752 {
753 DWORD error;
754
755 if (errorStatus & CERT_TRUST_IS_NOT_SIGNATURE_VALID)
756 error = TRUST_E_CERT_SIGNATURE;
757 else if (errorStatus & CERT_TRUST_IS_UNTRUSTED_ROOT)
758 error = CERT_E_UNTRUSTEDROOT;
759 else if (errorStatus & CERT_TRUST_IS_NOT_TIME_VALID)
760 error = CERT_E_EXPIRED;
761 else if (errorStatus & CERT_TRUST_IS_NOT_TIME_NESTED)
762 error = CERT_E_VALIDITYPERIODNESTING;
763 else if (errorStatus & CERT_TRUST_IS_REVOKED)
764 error = CERT_E_REVOKED;
765 else if (errorStatus & CERT_TRUST_IS_OFFLINE_REVOCATION ||
766 errorStatus & CERT_TRUST_REVOCATION_STATUS_UNKNOWN)
767 error = CERT_E_REVOCATION_FAILURE;
768 else if (errorStatus & CERT_TRUST_IS_NOT_VALID_FOR_USAGE)
769 error = CERT_E_WRONG_USAGE;
770 else if (errorStatus & CERT_TRUST_IS_CYCLIC)
771 error = CERT_E_CHAINING;
772 else if (errorStatus & CERT_TRUST_INVALID_EXTENSION)
773 error = CERT_E_CRITICAL;
774 else if (errorStatus & CERT_TRUST_INVALID_POLICY_CONSTRAINTS)
775 error = CERT_E_INVALID_POLICY;
776 else if (errorStatus & CERT_TRUST_INVALID_BASIC_CONSTRAINTS)
777 error = TRUST_E_BASIC_CONSTRAINTS;
778 else if (errorStatus & CERT_TRUST_INVALID_NAME_CONSTRAINTS ||
779 errorStatus & CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT ||
780 errorStatus & CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT ||
781 errorStatus & CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT ||
782 errorStatus & CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT)
783 error = CERT_E_INVALID_NAME;
784 else if (errorStatus & CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY)
785 error = CERT_E_INVALID_POLICY;
786 else if (errorStatus)
787 {
788 FIXME("unknown error status %08x\n", errorStatus);
789 error = TRUST_E_SYSTEM_ERROR;
790 }
791 else
792 error = S_OK;
793 return error;
794 }
795
796 static DWORD WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
797 {
798 DWORD err, i;
799 PCERT_SIMPLE_CHAIN simpleChain =
800 data->pasSigners[signerIdx].pChainContext->rgpChain[0];
801
802 data->pasSigners[signerIdx].pasCertChain[0].dwConfidence =
803 WINTRUST_TrustStatusToConfidence(
804 simpleChain->rgpElement[0]->TrustStatus.dwErrorStatus);
805 data->pasSigners[signerIdx].pasCertChain[0].pChainElement =
806 simpleChain->rgpElement[0];
807 err = ERROR_SUCCESS;
808 for (i = 1; !err && i < simpleChain->cElement; i++)
809 {
810 if (data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
811 simpleChain->rgpElement[i]->pCertContext))
812 {
813 data->pasSigners[signerIdx].pasCertChain[i].pChainElement =
814 simpleChain->rgpElement[i];
815 data->pasSigners[signerIdx].pasCertChain[i].dwConfidence =
816 WINTRUST_TrustStatusToConfidence(
817 simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus);
818 }
819 else
820 err = GetLastError();
821 }
822 data->pasSigners[signerIdx].pasCertChain[simpleChain->cElement - 1].dwError
823 = WINTRUST_TrustStatusToError(
824 simpleChain->rgpElement[simpleChain->cElement - 1]->
825 TrustStatus.dwErrorStatus);
826 return err;
827 }
828
829 static void WINTRUST_CreateChainPolicyCreateInfo(
830 const CRYPT_PROVIDER_DATA *data, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO info,
831 PCERT_CHAIN_PARA chainPara)
832 {
833 chainPara->cbSize = sizeof(CERT_CHAIN_PARA);
834 if (data->pRequestUsage)
835 chainPara->RequestedUsage = *data->pRequestUsage;
836 else
837 {
838 chainPara->RequestedUsage.dwType = 0;
839 chainPara->RequestedUsage.Usage.cUsageIdentifier = 0;
840 }
841 info->u.cbSize = sizeof(WTD_GENERIC_CHAIN_POLICY_CREATE_INFO);
842 info->hChainEngine = NULL;
843 info->pChainPara = chainPara;
844 if (data->dwProvFlags & CPD_REVOCATION_CHECK_END_CERT)
845 info->dwFlags = CERT_CHAIN_REVOCATION_CHECK_END_CERT;
846 else if (data->dwProvFlags & CPD_REVOCATION_CHECK_CHAIN)
847 info->dwFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN;
848 else if (data->dwProvFlags & CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT)
849 info->dwFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
850 else
851 info->dwFlags = 0;
852 info->pvReserved = NULL;
853 }
854
855 static DWORD WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
856 DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo,
857 PCERT_CHAIN_PARA chainPara)
858 {
859 DWORD err = ERROR_SUCCESS;
860 HCERTSTORE store = NULL;
861
862 if (data->chStores)
863 {
864 store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
865 CERT_STORE_CREATE_NEW_FLAG, NULL);
866 if (store)
867 {
868 DWORD i;
869
870 for (i = 0; i < data->chStores; i++)
871 CertAddStoreToCollection(store, data->pahStores[i], 0, 0);
872 }
873 else
874 err = GetLastError();
875 }
876 if (!err)
877 {
878 /* Expect the end certificate for each signer to be the only cert in
879 * the chain:
880 */
881 if (data->pasSigners[signer].csCertChain)
882 {
883 BOOL ret;
884
885 /* Create a certificate chain for each signer */
886 ret = CertGetCertificateChain(createInfo->hChainEngine,
887 data->pasSigners[signer].pasCertChain[0].pCert,
888 &data->pasSigners[signer].sftVerifyAsOf, store,
889 chainPara, createInfo->dwFlags, createInfo->pvReserved,
890 &data->pasSigners[signer].pChainContext);
891 if (ret)
892 {
893 if (data->pasSigners[signer].pChainContext->cChain != 1)
894 {
895 FIXME("unimplemented for more than 1 simple chain\n");
896 err = E_NOTIMPL;
897 }
898 else
899 {
900 if (!(err = WINTRUST_CopyChain(data, signer)))
901 {
902 if (data->psPfns->pfnCertCheckPolicy)
903 {
904 ret = data->psPfns->pfnCertCheckPolicy(data, signer,
905 FALSE, 0);
906 if (!ret)
907 err = GetLastError();
908 }
909 else
910 TRACE(
911 "no cert check policy, skipping policy check\n");
912 }
913 }
914 }
915 else
916 err = GetLastError();
917 }
918 CertCloseStore(store, 0);
919 }
920 return err;
921 }
922
923 HRESULT WINAPI WintrustCertificateTrust(CRYPT_PROVIDER_DATA *data)
924 {
925 DWORD err;
926
927 TRACE("(%p)\n", data);
928
929 if (!data->csSigners)
930 err = TRUST_E_NOSIGNATURE;
931 else
932 {
933 DWORD i;
934 WTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo;
935 CERT_CHAIN_PARA chainPara;
936
937 WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara);
938 err = ERROR_SUCCESS;
939 for (i = 0; !err && i < data->csSigners; i++)
940 err = WINTRUST_CreateChainForSigner(data, i, &createInfo,
941 &chainPara);
942 }
943 if (err)
944 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] = err;
945 TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
946 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
947 return !err ? S_OK : S_FALSE;
948 }
949
950 HRESULT WINAPI GenericChainCertificateTrust(CRYPT_PROVIDER_DATA *data)
951 {
952 DWORD err;
953 WTD_GENERIC_CHAIN_POLICY_DATA *policyData =
954 data->pWintrustData->pPolicyCallbackData;
955
956 TRACE("(%p)\n", data);
957
958 if (policyData && policyData->u.cbSize !=
959 sizeof(WTD_GENERIC_CHAIN_POLICY_CREATE_INFO))
960 {
961 err = ERROR_INVALID_PARAMETER;
962 goto end;
963 }
964 if (!data->csSigners)
965 err = TRUST_E_NOSIGNATURE;
966 else
967 {
968 DWORD i;
969 WTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo, *pCreateInfo;
970 CERT_CHAIN_PARA chainPara, *pChainPara;
971
972 if (policyData)
973 {
974 pCreateInfo = policyData->pSignerChainInfo;
975 pChainPara = pCreateInfo->pChainPara;
976 }
977 else
978 {
979 WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara);
980 pChainPara = &chainPara;
981 pCreateInfo = &createInfo;
982 }
983 err = ERROR_SUCCESS;
984 for (i = 0; !err && i < data->csSigners; i++)
985 err = WINTRUST_CreateChainForSigner(data, i, pCreateInfo,
986 pChainPara);
987 }
988
989 end:
990 if (err)
991 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] = err;
992 TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
993 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
994 return !err ? S_OK : S_FALSE;
995 }
996
997 HRESULT WINAPI SoftpubAuthenticode(CRYPT_PROVIDER_DATA *data)
998 {
999 BOOL ret;
1000 CERT_CHAIN_POLICY_STATUS policyStatus = { sizeof(policyStatus), 0 };
1001
1002 TRACE("(%p)\n", data);
1003
1004 if (data->pWintrustData->dwUIChoice != WTD_UI_NONE)
1005 FIXME("unimplemented for UI choice %d\n",
1006 data->pWintrustData->dwUIChoice);
1007 if (!data->csSigners)
1008 {
1009 ret = FALSE;
1010 policyStatus.dwError = TRUST_E_NOSIGNATURE;
1011 }
1012 else
1013 {
1014 DWORD i;
1015
1016 ret = TRUE;
1017 for (i = 0; ret && i < data->csSigners; i++)
1018 {
1019 BYTE hash[20];
1020 DWORD size = sizeof(hash);
1021
1022 /* First make sure cert isn't disallowed */
1023 if ((ret = CertGetCertificateContextProperty(
1024 data->pasSigners[i].pasCertChain[0].pCert,
1025 CERT_SIGNATURE_HASH_PROP_ID, hash, &size)))
1026 {
1027 static const WCHAR disallowedW[] =
1028 { 'D','i','s','a','l','l','o','w','e','d',0 };
1029 HCERTSTORE disallowed = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
1030 X509_ASN_ENCODING, 0, CERT_SYSTEM_STORE_CURRENT_USER,
1031 disallowedW);
1032
1033 if (disallowed)
1034 {
1035 PCCERT_CONTEXT found = CertFindCertificateInStore(
1036 disallowed, X509_ASN_ENCODING, 0, CERT_FIND_SIGNATURE_HASH,
1037 hash, NULL);
1038
1039 if (found)
1040 {
1041 /* Disallowed! Can't verify it. */
1042 policyStatus.dwError = TRUST_E_SUBJECT_NOT_TRUSTED;
1043 ret = FALSE;
1044 CertFreeCertificateContext(found);
1045 }
1046 CertCloseStore(disallowed, 0);
1047 }
1048 }
1049 if (ret)
1050 {
1051 CERT_CHAIN_POLICY_PARA policyPara = { sizeof(policyPara), 0 };
1052
1053 if (data->dwRegPolicySettings & WTPF_TRUSTTEST)
1054 policyPara.dwFlags |= CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG;
1055 if (data->dwRegPolicySettings & WTPF_TESTCANBEVALID)
1056 policyPara.dwFlags |= CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG;
1057 if (data->dwRegPolicySettings & WTPF_IGNOREEXPIRATION)
1058 policyPara.dwFlags |=
1059 CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG |
1060 CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG |
1061 CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG;
1062 if (data->dwRegPolicySettings & WTPF_IGNOREREVOKATION)
1063 policyPara.dwFlags |=
1064 CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG |
1065 CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG |
1066 CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG |
1067 CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG;
1068 CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_AUTHENTICODE,
1069 data->pasSigners[i].pChainContext, &policyPara, &policyStatus);
1070 if (policyStatus.dwError != NO_ERROR)
1071 ret = FALSE;
1072 }
1073 }
1074 }
1075 if (!ret)
1076 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV] =
1077 policyStatus.dwError;
1078 TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
1079 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV]);
1080 return ret ? S_OK : S_FALSE;
1081 }
1082
1083 static HRESULT WINAPI WINTRUST_DefaultPolicy(CRYPT_PROVIDER_DATA *pProvData,
1084 DWORD dwStepError, DWORD dwRegPolicySettings, DWORD cSigner,
1085 PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO rgpSigner, void *pvPolicyArg)
1086 {
1087 DWORD i;
1088 CERT_CHAIN_POLICY_STATUS policyStatus = { sizeof(policyStatus), 0 };
1089
1090 for (i = 0; !policyStatus.dwError && i < cSigner; i++)
1091 {
1092 CERT_CHAIN_POLICY_PARA policyPara = { sizeof(policyPara), 0 };
1093
1094 if (dwRegPolicySettings & WTPF_IGNOREEXPIRATION)
1095 policyPara.dwFlags |=
1096 CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG |
1097 CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG |
1098 CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG;
1099 if (dwRegPolicySettings & WTPF_IGNOREREVOKATION)
1100 policyPara.dwFlags |=
1101 CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG |
1102 CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG |
1103 CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG |
1104 CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG;
1105 CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_BASE,
1106 rgpSigner[i].pChainContext, &policyPara, &policyStatus);
1107 }
1108 return policyStatus.dwError;
1109 }
1110
1111 HRESULT WINAPI GenericChainFinalProv(CRYPT_PROVIDER_DATA *data)
1112 {
1113 HRESULT err = NO_ERROR; /* not a typo, MS confused the types */
1114 WTD_GENERIC_CHAIN_POLICY_DATA *policyData =
1115 data->pWintrustData->pPolicyCallbackData;
1116
1117 TRACE("(%p)\n", data);
1118
1119 if (data->pWintrustData->dwUIChoice != WTD_UI_NONE)
1120 FIXME("unimplemented for UI choice %d\n",
1121 data->pWintrustData->dwUIChoice);
1122 if (!data->csSigners)
1123 err = TRUST_E_NOSIGNATURE;
1124 else
1125 {
1126 PFN_WTD_GENERIC_CHAIN_POLICY_CALLBACK policyCallback;
1127 void *policyArg;
1128 WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *signers = NULL;
1129
1130 if (policyData)
1131 {
1132 policyCallback = policyData->pfnPolicyCallback;
1133 policyArg = policyData->pvPolicyArg;
1134 }
1135 else
1136 {
1137 policyCallback = WINTRUST_DefaultPolicy;
1138 policyArg = NULL;
1139 }
1140 if (data->csSigners)
1141 {
1142 DWORD i;
1143
1144 signers = data->psPfns->pfnAlloc(
1145 data->csSigners * sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO));
1146 if (signers)
1147 {
1148 for (i = 0; i < data->csSigners; i++)
1149 {
1150 signers[i].u.cbSize =
1151 sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO);
1152 signers[i].pChainContext =
1153 data->pasSigners[i].pChainContext;
1154 signers[i].dwSignerType = data->pasSigners[i].dwSignerType;
1155 signers[i].pMsgSignerInfo = data->pasSigners[i].psSigner;
1156 signers[i].dwError = data->pasSigners[i].dwError;
1157 if (data->pasSigners[i].csCounterSigners)
1158 FIXME("unimplemented for counter signers\n");
1159 signers[i].cCounterSigner = 0;
1160 signers[i].rgpCounterSigner = NULL;
1161 }
1162 }
1163 else
1164 err = ERROR_OUTOFMEMORY;
1165 }
1166 if (err == NO_ERROR)
1167 err = policyCallback(data, TRUSTERROR_STEP_FINAL_POLICYPROV,
1168 data->dwRegPolicySettings, data->csSigners, signers, policyArg);
1169 data->psPfns->pfnFree(signers);
1170 }
1171 if (err != NO_ERROR)
1172 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV] = err;
1173 TRACE("returning %d (%08x)\n", err == NO_ERROR ? S_OK : S_FALSE,
1174 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV]);
1175 return err == NO_ERROR ? S_OK : S_FALSE;
1176 }
1177
1178 HRESULT WINAPI SoftpubCleanup(CRYPT_PROVIDER_DATA *data)
1179 {
1180 DWORD i, j;
1181
1182 for (i = 0; i < data->csSigners; i++)
1183 {
1184 for (j = 0; j < data->pasSigners[i].csCertChain; j++)
1185 CertFreeCertificateContext(data->pasSigners[i].pasCertChain[j].pCert);
1186 data->psPfns->pfnFree(data->pasSigners[i].pasCertChain);
1187 data->psPfns->pfnFree(data->pasSigners[i].psSigner);
1188 CertFreeCertificateChain(data->pasSigners[i].pChainContext);
1189 }
1190 data->psPfns->pfnFree(data->pasSigners);
1191
1192 for (i = 0; i < data->chStores; i++)
1193 CertCloseStore(data->pahStores[i], 0);
1194 data->psPfns->pfnFree(data->pahStores);
1195
1196 if (data->u.pPDSip)
1197 {
1198 data->psPfns->pfnFree(data->u.pPDSip->pSip);
1199 data->psPfns->pfnFree(data->u.pPDSip->pCATSip);
1200 data->psPfns->pfnFree(data->u.pPDSip->psSipSubjectInfo);
1201 data->psPfns->pfnFree(data->u.pPDSip->psSipCATSubjectInfo);
1202 data->psPfns->pfnFree(data->u.pPDSip->psIndirectData);
1203 }
1204
1205 CryptMsgClose(data->hMsg);
1206
1207 if (data->fOpenedFile &&
1208 data->pWintrustData->dwUnionChoice == WTD_CHOICE_FILE &&
1209 data->pWintrustData->u.pFile)
1210 {
1211 CloseHandle(data->pWintrustData->u.pFile->hFile);
1212 data->pWintrustData->u.pFile->hFile = INVALID_HANDLE_VALUE;
1213 data->fOpenedFile = FALSE;
1214 }
1215
1216 return S_OK;
1217 }
1218
1219 HRESULT WINAPI HTTPSCertificateTrust(CRYPT_PROVIDER_DATA *data)
1220 {
1221 FIXME("(%p)\n", data);
1222 return S_OK;
1223 }
1224
1225 HRESULT WINAPI HTTPSFinalProv(CRYPT_PROVIDER_DATA *data)
1226 {
1227 FIXME("(%p)\n", data);
1228 return S_OK;
1229 }
Windows API implementation