2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 #include "wine/port.h"
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
39 #include "wine/debug.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet
);
43 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
45 BOOL WINAPI
DllMain(HINSTANCE hinstDLL
, DWORD fdwReason
, LPVOID lpvReserved
)
47 TRACE("(0x%p, %d, %p)\n", hinstDLL
, fdwReason
, lpvReserved
);
50 case DLL_PROCESS_ATTACH
:
51 DisableThreadLibraryCalls(hinstDLL
);
53 case DLL_PROCESS_DETACH
:
54 /* Do uninitialisation here */
61 static const WCHAR cryptNet
[] = { 'c','r','y','p','t','n','e','t','.',
63 static const WCHAR ldapProvOpenStore
[] = { 'L','d','a','p','P','r','o','v',
64 'O','p','e','S','t','o','r','e',0 };
66 /***********************************************************************
67 * DllRegisterServer (CRYPTNET.@)
69 HRESULT WINAPI
DllRegisterServer(void)
72 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING
,
73 CRYPT_OID_VERIFY_REVOCATION_FUNC
, 0, cryptNet
);
74 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
, "Ldap",
75 cryptNet
, "LdapProvOpenStore");
76 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
,
77 CERT_STORE_PROV_LDAP_W
, cryptNet
, "LdapProvOpenStore");
81 /***********************************************************************
82 * DllUnregisterServer (CRYPTNET.@)
84 HRESULT WINAPI
DllUnregisterServer(void)
87 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING
,
88 CRYPT_OID_VERIFY_REVOCATION_FUNC
, cryptNet
);
89 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
, "Ldap");
90 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
,
91 CERT_STORE_PROV_LDAP_W
);
95 static const char *url_oid_to_str(LPCSTR oid
)
103 #define _x(oid) case LOWORD(oid): return #oid
104 _x(URL_OID_CERTIFICATE_ISSUER
);
105 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT
);
106 _x(URL_OID_CTL_ISSUER
);
107 _x(URL_OID_CTL_NEXT_UPDATE
);
108 _x(URL_OID_CRL_ISSUER
);
109 _x(URL_OID_CERTIFICATE_FRESHEST_CRL
);
110 _x(URL_OID_CRL_FRESHEST_CRL
);
111 _x(URL_OID_CROSS_CERT_DIST_POINT
);
114 snprintf(buf
, sizeof(buf
), "%d", LOWORD(oid
));
122 typedef BOOL (WINAPI
*UrlDllGetObjectUrlFunc
)(LPCSTR
, LPVOID
, DWORD
,
123 PCRYPT_URL_ARRAY
, DWORD
*, PCRYPT_URL_INFO
, DWORD
*, LPVOID
);
125 static BOOL WINAPI
CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid
,
126 LPVOID pvPara
, DWORD dwFlags
, PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
,
127 PCRYPT_URL_INFO pUrlInfo
, DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
129 PCCERT_CONTEXT cert
= pvPara
;
133 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
134 if (dwFlags
&& !(dwFlags
& CRYPT_GET_URL_FROM_EXTENSION
))
136 SetLastError(CRYPT_E_NOT_FOUND
);
139 if ((ext
= CertFindExtension(szOID_AUTHORITY_INFO_ACCESS
,
140 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
142 CERT_AUTHORITY_INFO_ACCESS
*aia
;
145 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_AUTHORITY_INFO_ACCESS
,
146 ext
->Value
.pbData
, ext
->Value
.cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
150 DWORD i
, cUrl
, bytesNeeded
= sizeof(CRYPT_URL_ARRAY
);
152 for (i
= 0, cUrl
= 0; i
< aia
->cAccDescr
; i
++)
153 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
154 szOID_PKIX_CA_ISSUERS
))
156 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
==
159 if (aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
)
162 bytesNeeded
+= sizeof(LPWSTR
) +
163 (lstrlenW(aia
->rgAccDescr
[i
].AccessLocation
.u
.
164 pwszURL
) + 1) * sizeof(WCHAR
);
168 FIXME("unsupported alt name type %d\n",
169 aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
);
173 SetLastError(E_INVALIDARG
);
177 *pcbUrlArray
= bytesNeeded
;
178 else if (*pcbUrlArray
< bytesNeeded
)
180 SetLastError(ERROR_MORE_DATA
);
181 *pcbUrlArray
= bytesNeeded
;
188 *pcbUrlArray
= bytesNeeded
;
190 pUrlArray
->rgwszUrl
=
191 (LPWSTR
*)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
));
192 nextUrl
= (LPWSTR
)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
)
193 + cUrl
* sizeof(LPWSTR
));
194 for (i
= 0; i
< aia
->cAccDescr
; i
++)
195 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
196 szOID_PKIX_CA_ISSUERS
))
198 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
199 == CERT_ALT_NAME_URL
)
201 if (aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
)
204 aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
);
205 pUrlArray
->rgwszUrl
[pUrlArray
->cUrl
++] =
207 nextUrl
+= (lstrlenW(nextUrl
) + 1);
216 FIXME("url info: stub\n");
218 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
219 else if (*pcbUrlInfo
< sizeof(CRYPT_URL_INFO
))
221 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
222 SetLastError(ERROR_MORE_DATA
);
227 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
228 memset(pUrlInfo
, 0, sizeof(CRYPT_URL_INFO
));
236 SetLastError(CRYPT_E_NOT_FOUND
);
240 static BOOL
CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB
*value
,
241 PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
, PCRYPT_URL_INFO pUrlInfo
,
245 CRL_DIST_POINTS_INFO
*info
;
248 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_CRL_DIST_POINTS
,
249 value
->pbData
, value
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &info
, &size
);
252 DWORD i
, cUrl
, bytesNeeded
= sizeof(CRYPT_URL_ARRAY
);
254 for (i
= 0, cUrl
= 0; i
< info
->cDistPoint
; i
++)
255 if (info
->rgDistPoint
[i
].DistPointName
.dwDistPointNameChoice
256 == CRL_DIST_POINT_FULL_NAME
)
259 CERT_ALT_NAME_INFO
*name
=
260 &info
->rgDistPoint
[i
].DistPointName
.u
.FullName
;
262 for (j
= 0; j
< name
->cAltEntry
; j
++)
263 if (name
->rgAltEntry
[j
].dwAltNameChoice
==
266 if (name
->rgAltEntry
[j
].u
.pwszURL
)
269 bytesNeeded
+= sizeof(LPWSTR
) +
270 (lstrlenW(name
->rgAltEntry
[j
].u
.pwszURL
) + 1)
277 SetLastError(E_INVALIDARG
);
281 *pcbUrlArray
= bytesNeeded
;
282 else if (*pcbUrlArray
< bytesNeeded
)
284 SetLastError(ERROR_MORE_DATA
);
285 *pcbUrlArray
= bytesNeeded
;
292 *pcbUrlArray
= bytesNeeded
;
294 pUrlArray
->rgwszUrl
=
295 (LPWSTR
*)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
));
296 nextUrl
= (LPWSTR
)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
)
297 + cUrl
* sizeof(LPWSTR
));
298 for (i
= 0; i
< info
->cDistPoint
; i
++)
299 if (info
->rgDistPoint
[i
].DistPointName
.dwDistPointNameChoice
300 == CRL_DIST_POINT_FULL_NAME
)
303 CERT_ALT_NAME_INFO
*name
=
304 &info
->rgDistPoint
[i
].DistPointName
.u
.FullName
;
306 for (j
= 0; j
< name
->cAltEntry
; j
++)
307 if (name
->rgAltEntry
[j
].dwAltNameChoice
==
310 if (name
->rgAltEntry
[j
].u
.pwszURL
)
313 name
->rgAltEntry
[j
].u
.pwszURL
);
314 pUrlArray
->rgwszUrl
[pUrlArray
->cUrl
++] =
317 (lstrlenW(name
->rgAltEntry
[j
].u
.pwszURL
) + 1);
326 FIXME("url info: stub\n");
328 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
329 else if (*pcbUrlInfo
< sizeof(CRYPT_URL_INFO
))
331 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
332 SetLastError(ERROR_MORE_DATA
);
337 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
338 memset(pUrlInfo
, 0, sizeof(CRYPT_URL_INFO
));
347 static BOOL WINAPI
CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid
,
348 LPVOID pvPara
, DWORD dwFlags
, PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
,
349 PCRYPT_URL_INFO pUrlInfo
, DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
351 PCCERT_CONTEXT cert
= pvPara
;
355 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
356 if (dwFlags
&& !(dwFlags
& CRYPT_GET_URL_FROM_EXTENSION
))
358 SetLastError(CRYPT_E_NOT_FOUND
);
361 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
362 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
363 ret
= CRYPT_GetUrlFromCRLDistPointsExt(&ext
->Value
, pUrlArray
,
364 pcbUrlArray
, pUrlInfo
, pcbUrlInfo
);
366 SetLastError(CRYPT_E_NOT_FOUND
);
370 /***********************************************************************
371 * CryptGetObjectUrl (CRYPTNET.@)
373 BOOL WINAPI
CryptGetObjectUrl(LPCSTR pszUrlOid
, LPVOID pvPara
, DWORD dwFlags
,
374 PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
, PCRYPT_URL_INFO pUrlInfo
,
375 DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
377 UrlDllGetObjectUrlFunc func
= NULL
;
378 HCRYPTOIDFUNCADDR hFunc
= NULL
;
381 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid
),
382 pvPara
, dwFlags
, pUrlArray
, pcbUrlArray
, pUrlInfo
, pcbUrlInfo
, pvReserved
);
384 if (IS_INTOID(pszUrlOid
))
386 switch (LOWORD(pszUrlOid
))
388 case LOWORD(URL_OID_CERTIFICATE_ISSUER
):
389 func
= CRYPT_GetUrlFromCertificateIssuer
;
391 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT
):
392 func
= CRYPT_GetUrlFromCertificateCRLDistPoint
;
395 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid
));
396 SetLastError(ERROR_FILE_NOT_FOUND
);
401 static HCRYPTOIDFUNCSET set
= NULL
;
404 set
= CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC
, 0);
405 CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
, pszUrlOid
, 0,
406 (void **)&func
, &hFunc
);
409 ret
= func(pszUrlOid
, pvPara
, dwFlags
, pUrlArray
, pcbUrlArray
,
410 pUrlInfo
, pcbUrlInfo
, pvReserved
);
412 CryptFreeOIDFunctionAddress(hFunc
, 0);
416 /***********************************************************************
417 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
419 BOOL WINAPI
CryptRetrieveObjectByUrlA(LPCSTR pszURL
, LPCSTR pszObjectOid
,
420 DWORD dwRetrievalFlags
, DWORD dwTimeout
, LPVOID
*ppvObject
,
421 HCRYPTASYNC hAsyncRetrieve
, PCRYPT_CREDENTIALS pCredentials
, LPVOID pvVerify
,
422 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
427 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL
),
428 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, ppvObject
,
429 hAsyncRetrieve
, pCredentials
, pvVerify
, pAuxInfo
);
433 SetLastError(ERROR_INVALID_PARAMETER
);
436 len
= MultiByteToWideChar(CP_ACP
, 0, pszURL
, -1, NULL
, 0);
439 LPWSTR url
= CryptMemAlloc(len
* sizeof(WCHAR
));
443 MultiByteToWideChar(CP_ACP
, 0, pszURL
, -1, url
, len
);
444 ret
= CryptRetrieveObjectByUrlW(url
, pszObjectOid
,
445 dwRetrievalFlags
, dwTimeout
, ppvObject
, hAsyncRetrieve
,
446 pCredentials
, pvVerify
, pAuxInfo
);
450 SetLastError(ERROR_OUTOFMEMORY
);
455 static void WINAPI
CRYPT_FreeBlob(LPCSTR pszObjectOid
,
456 PCRYPT_BLOB_ARRAY pObject
, void *pvFreeContext
)
460 for (i
= 0; i
< pObject
->cBlob
; i
++)
461 CryptMemFree(pObject
->rgBlob
[i
].pbData
);
462 CryptMemFree(pObject
->rgBlob
);
465 static BOOL
CRYPT_GetObjectFromFile(HANDLE hFile
, PCRYPT_BLOB_ARRAY pObject
)
470 if ((ret
= GetFileSizeEx(hFile
, &size
)))
474 WARN("file too big\n");
475 SetLastError(ERROR_INVALID_DATA
);
480 CRYPT_DATA_BLOB blob
;
482 blob
.pbData
= CryptMemAlloc(size
.u
.LowPart
);
485 blob
.cbData
= size
.u
.LowPart
;
486 ret
= ReadFile(hFile
, blob
.pbData
, size
.u
.LowPart
, &blob
.cbData
,
490 pObject
->rgBlob
= CryptMemAlloc(sizeof(CRYPT_DATA_BLOB
));
494 memcpy(pObject
->rgBlob
, &blob
, sizeof(CRYPT_DATA_BLOB
));
498 SetLastError(ERROR_OUTOFMEMORY
);
503 CryptMemFree(blob
.pbData
);
507 SetLastError(ERROR_OUTOFMEMORY
);
515 static BOOL
CRYPT_GetObjectFromCache(LPCWSTR pszURL
, PCRYPT_BLOB_ARRAY pObject
,
516 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
519 INTERNET_CACHE_ENTRY_INFOW
*pCacheInfo
= NULL
;
522 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL
), pObject
, pAuxInfo
);
524 ret
= GetUrlCacheEntryInfoW(pszURL
, NULL
, &size
);
525 if (!ret
&& GetLastError() == ERROR_INSUFFICIENT_BUFFER
)
527 pCacheInfo
= CryptMemAlloc(size
);
531 SetLastError(ERROR_OUTOFMEMORY
);
533 if (ret
&& (ret
= GetUrlCacheEntryInfoW(pszURL
, pCacheInfo
, &size
)))
537 GetSystemTimeAsFileTime(&ft
);
538 if (CompareFileTime(&pCacheInfo
->ExpireTime
, &ft
) >= 0)
540 HANDLE hFile
= CreateFileW(pCacheInfo
->lpszLocalFileName
,
541 GENERIC_READ
, 0, NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
543 if (hFile
!= INVALID_HANDLE_VALUE
)
545 if ((ret
= CRYPT_GetObjectFromFile(hFile
, pObject
)))
547 if (pAuxInfo
&& pAuxInfo
->cbSize
>=
548 offsetof(CRYPT_RETRIEVE_AUX_INFO
,
549 pLastSyncTime
) + sizeof(PFILETIME
) &&
550 pAuxInfo
->pLastSyncTime
)
551 memcpy(pAuxInfo
->pLastSyncTime
,
552 &pCacheInfo
->LastSyncTime
,
559 DeleteUrlCacheEntryW(pszURL
);
565 DeleteUrlCacheEntryW(pszURL
);
569 CryptMemFree(pCacheInfo
);
570 TRACE("returning %d\n", ret
);
574 /* Parses the URL, and sets components's lpszHostName and lpszUrlPath members
575 * to NULL-terminated copies of those portions of the URL (to be freed with
578 static BOOL
CRYPT_CrackUrl(LPCWSTR pszURL
, URL_COMPONENTSW
*components
)
582 TRACE("(%s, %p)\n", debugstr_w(pszURL
), components
);
584 memset(components
, 0, sizeof(*components
));
585 components
->dwStructSize
= sizeof(*components
);
586 components
->lpszHostName
= CryptMemAlloc(MAX_PATH
* sizeof(WCHAR
));
587 components
->dwHostNameLength
= MAX_PATH
;
588 components
->lpszUrlPath
= CryptMemAlloc(MAX_PATH
* 2 * sizeof(WCHAR
));
589 components
->dwUrlPathLength
= 2 * MAX_PATH
;
590 ret
= InternetCrackUrlW(pszURL
, 0, ICU_DECODE
, components
);
593 if ((components
->dwUrlPathLength
== 2 * MAX_PATH
- 1) ||
594 (components
->dwHostNameLength
== MAX_PATH
- 1))
595 FIXME("Buffers are too small\n");
596 switch (components
->nScheme
)
598 case INTERNET_SCHEME_FTP
:
599 if (!components
->nPort
)
600 components
->nPort
= INTERNET_DEFAULT_FTP_PORT
;
602 case INTERNET_SCHEME_HTTP
:
603 if (!components
->nPort
)
604 components
->nPort
= INTERNET_DEFAULT_HTTP_PORT
;
610 TRACE("returning %d\n", ret
);
621 static struct InetContext
*CRYPT_MakeInetContext(DWORD dwTimeout
)
623 struct InetContext
*context
= CryptMemAlloc(sizeof(struct InetContext
));
627 context
->event
= CreateEventW(NULL
, FALSE
, FALSE
, NULL
);
630 CryptMemFree(context
);
635 context
->timeout
= dwTimeout
;
636 context
->error
= ERROR_SUCCESS
;
642 static BOOL
CRYPT_DownloadObject(DWORD dwRetrievalFlags
, HINTERNET hHttp
,
643 struct InetContext
*context
, PCRYPT_BLOB_ARRAY pObject
,
644 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
646 CRYPT_DATA_BLOB object
= { 0, NULL
};
647 DWORD bytesAvailable
;
651 if ((ret
= InternetQueryDataAvailable(hHttp
, &bytesAvailable
, 0, 0)))
656 object
.pbData
= CryptMemRealloc(object
.pbData
,
657 object
.cbData
+ bytesAvailable
);
659 object
.pbData
= CryptMemAlloc(bytesAvailable
);
662 INTERNET_BUFFERSA buffer
= { sizeof(buffer
), 0 };
664 buffer
.dwBufferLength
= bytesAvailable
;
665 buffer
.lpvBuffer
= object
.pbData
+ object
.cbData
;
666 if (!(ret
= InternetReadFileExA(hHttp
, &buffer
, IRF_NO_WAIT
,
667 (DWORD_PTR
)context
)))
669 if (GetLastError() == ERROR_IO_PENDING
)
671 if (WaitForSingleObject(context
->event
,
672 context
->timeout
) == WAIT_TIMEOUT
)
673 SetLastError(ERROR_TIMEOUT
);
674 else if (context
->error
)
675 SetLastError(context
->error
);
681 object
.cbData
+= buffer
.dwBufferLength
;
685 SetLastError(ERROR_OUTOFMEMORY
);
690 else if (GetLastError() == ERROR_IO_PENDING
)
692 if (WaitForSingleObject(context
->event
, context
->timeout
) ==
694 SetLastError(ERROR_TIMEOUT
);
698 } while (ret
&& bytesAvailable
);
701 pObject
->rgBlob
= CryptMemAlloc(sizeof(CRYPT_DATA_BLOB
));
702 if (!pObject
->rgBlob
)
704 CryptMemFree(object
.pbData
);
705 SetLastError(ERROR_OUTOFMEMORY
);
710 pObject
->rgBlob
[0].cbData
= object
.cbData
;
711 pObject
->rgBlob
[0].pbData
= object
.pbData
;
715 TRACE("returning %d\n", ret
);
719 /* Finds the object specified by pszURL in the cache. If it's not found,
720 * creates a new cache entry for the object and writes the object to it.
721 * Sets the expiration time of the cache entry to expires.
723 static void CRYPT_CacheURL(LPCWSTR pszURL
, const CRYPT_BLOB_ARRAY
*pObject
,
724 DWORD dwRetrievalFlags
, FILETIME expires
)
726 WCHAR cacheFileName
[MAX_PATH
];
728 BOOL ret
, create
= FALSE
;
730 GetUrlCacheEntryInfoW(pszURL
, NULL
, &size
);
731 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER
)
733 INTERNET_CACHE_ENTRY_INFOW
*info
= CryptMemAlloc(size
);
739 ret
= GetUrlCacheEntryInfoW(pszURL
, info
, &size
);
741 lstrcpyW(cacheFileName
, info
->lpszLocalFileName
);
742 /* Check if the existing cache entry is up to date. If it isn't,
743 * overwite it with the new value.
745 GetSystemTimeAsFileTime(&ft
);
746 if (CompareFileTime(&info
->ExpireTime
, &ft
) < 0)
755 ret
= CreateUrlCacheEntryW(pszURL
, pObject
->rgBlob
[0].cbData
, NULL
,
766 HANDLE hCacheFile
= CreateFileW(cacheFileName
, GENERIC_WRITE
, 0,
767 NULL
, CREATE_ALWAYS
, FILE_ATTRIBUTE_NORMAL
, NULL
);
769 if (hCacheFile
!= INVALID_HANDLE_VALUE
)
773 WriteFile(hCacheFile
, pObject
->rgBlob
[0].pbData
,
774 pObject
->rgBlob
[0].cbData
, &bytesWritten
, NULL
);
775 CloseHandle(hCacheFile
);
782 if (!(dwRetrievalFlags
& CRYPT_STICKY_CACHE_RETRIEVAL
))
783 entryType
= NORMAL_CACHE_ENTRY
;
785 entryType
= STICKY_CACHE_ENTRY
;
786 CommitUrlCacheEntryW(pszURL
, cacheFileName
, expires
, ft
, entryType
,
787 NULL
, 0, NULL
, NULL
);
792 static void CALLBACK
CRYPT_InetStatusCallback(HINTERNET hInt
,
793 DWORD_PTR dwContext
, DWORD status
, void *statusInfo
, DWORD statusInfoLen
)
795 struct InetContext
*context
= (struct InetContext
*)dwContext
;
796 LPINTERNET_ASYNC_RESULT result
;
800 case INTERNET_STATUS_REQUEST_COMPLETE
:
802 context
->error
= result
->dwError
;
803 SetEvent(context
->event
);
807 static BOOL
CRYPT_Connect(const URL_COMPONENTSW
*components
,
808 struct InetContext
*context
, PCRYPT_CREDENTIALS pCredentials
,
809 HINTERNET
*phInt
, HINTERNET
*phHost
)
813 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components
->lpszHostName
),
814 components
->nPort
, context
, pCredentials
, phInt
, phInt
);
817 *phInt
= InternetOpenW(NULL
, INTERNET_OPEN_TYPE_DIRECT
, NULL
, NULL
,
818 context
? INTERNET_FLAG_ASYNC
: 0);
824 InternetSetStatusCallbackW(*phInt
, CRYPT_InetStatusCallback
);
825 switch (components
->nScheme
)
827 case INTERNET_SCHEME_FTP
:
828 service
= INTERNET_SERVICE_FTP
;
830 case INTERNET_SCHEME_HTTP
:
831 service
= INTERNET_SERVICE_HTTP
;
836 /* FIXME: use pCredentials for username/password */
837 *phHost
= InternetConnectW(*phInt
, components
->lpszHostName
,
838 components
->nPort
, NULL
, NULL
, service
, 0, (DWORD_PTR
)context
);
841 InternetCloseHandle(*phInt
);
850 TRACE("returning %d\n", ret
);
854 static BOOL WINAPI
FTP_RetrieveEncodedObjectW(LPCWSTR pszURL
,
855 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
856 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
857 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
858 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
860 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
861 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
862 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
865 pObject
->rgBlob
= NULL
;
866 *ppfnFreeObject
= CRYPT_FreeBlob
;
867 *ppvFreeContext
= NULL
;
871 static const WCHAR x509cacert
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
872 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
873 static const WCHAR x509emailcert
[] = { 'a','p','p','l','i','c','a','t','i','o',
874 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
876 static const WCHAR x509servercert
[] = { 'a','p','p','l','i','c','a','t','i','o',
877 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
879 static const WCHAR x509usercert
[] = { 'a','p','p','l','i','c','a','t','i','o',
880 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
881 static const WCHAR pkcs7cert
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
882 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
884 static const WCHAR pkixCRL
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
885 '/','p','k','i','x','-','c','r','l',0 };
886 static const WCHAR pkcs7CRL
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
887 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
888 static const WCHAR pkcs7sig
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
889 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
890 static const WCHAR pkcs7mime
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
891 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
893 static BOOL WINAPI
HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL
,
894 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
895 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
896 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
897 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
901 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
902 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
903 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
906 pObject
->rgBlob
= NULL
;
907 *ppfnFreeObject
= CRYPT_FreeBlob
;
908 *ppvFreeContext
= NULL
;
910 if (!(dwRetrievalFlags
& CRYPT_WIRE_ONLY_RETRIEVAL
))
911 ret
= CRYPT_GetObjectFromCache(pszURL
, pObject
, pAuxInfo
);
912 if (!ret
&& (!(dwRetrievalFlags
& CRYPT_CACHE_ONLY_RETRIEVAL
) ||
913 (dwRetrievalFlags
& CRYPT_WIRE_ONLY_RETRIEVAL
)))
915 URL_COMPONENTSW components
;
917 if ((ret
= CRYPT_CrackUrl(pszURL
, &components
)))
919 HINTERNET hInt
, hHost
;
920 struct InetContext
*context
= NULL
;
923 context
= CRYPT_MakeInetContext(dwTimeout
);
924 ret
= CRYPT_Connect(&components
, context
, pCredentials
, &hInt
,
928 static LPCWSTR types
[] = { x509cacert
, x509emailcert
,
929 x509servercert
, x509usercert
, pkcs7cert
, pkixCRL
, pkcs7CRL
,
930 pkcs7sig
, pkcs7mime
, NULL
};
931 HINTERNET hHttp
= HttpOpenRequestW(hHost
, NULL
,
932 components
.lpszUrlPath
, NULL
, NULL
, types
,
933 INTERNET_FLAG_NO_COOKIES
| INTERNET_FLAG_NO_UI
,
940 InternetSetOptionW(hHttp
,
941 INTERNET_OPTION_RECEIVE_TIMEOUT
, &dwTimeout
,
943 InternetSetOptionW(hHttp
, INTERNET_OPTION_SEND_TIMEOUT
,
944 &dwTimeout
, sizeof(dwTimeout
));
946 ret
= HttpSendRequestExW(hHttp
, NULL
, NULL
, 0,
948 if (!ret
&& GetLastError() == ERROR_IO_PENDING
)
950 if (WaitForSingleObject(context
->event
,
951 context
->timeout
) == WAIT_TIMEOUT
)
952 SetLastError(ERROR_TIMEOUT
);
956 /* We don't set ret to TRUE in this block to avoid masking
957 * an error from HttpSendRequestExW.
959 if (!HttpEndRequestW(hHttp
, NULL
, 0, (DWORD_PTR
)context
) &&
960 GetLastError() == ERROR_IO_PENDING
)
962 if (WaitForSingleObject(context
->event
,
963 context
->timeout
) == WAIT_TIMEOUT
)
965 SetLastError(ERROR_TIMEOUT
);
970 ret
= CRYPT_DownloadObject(dwRetrievalFlags
, hHttp
,
971 context
, pObject
, pAuxInfo
);
972 if (ret
&& !(dwRetrievalFlags
& CRYPT_DONT_CACHE_RESULT
))
975 DWORD len
= sizeof(st
);
977 if (HttpQueryInfoW(hHttp
,
978 HTTP_QUERY_EXPIRES
| HTTP_QUERY_FLAG_SYSTEMTIME
, &st
,
983 SystemTimeToFileTime(&st
, &ft
);
984 CRYPT_CacheURL(pszURL
, pObject
, dwRetrievalFlags
,
988 InternetCloseHandle(hHttp
);
990 InternetCloseHandle(hHost
);
991 InternetCloseHandle(hInt
);
995 CloseHandle(context
->event
);
996 CryptMemFree(context
);
998 CryptMemFree(components
.lpszUrlPath
);
999 CryptMemFree(components
.lpszHostName
);
1002 TRACE("returning %d\n", ret
);
1006 static BOOL WINAPI
File_RetrieveEncodedObjectW(LPCWSTR pszURL
,
1007 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
1008 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
1009 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
1010 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
1012 URL_COMPONENTSW components
= { sizeof(components
), 0 };
1015 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
1016 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
1017 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
1020 pObject
->rgBlob
= NULL
;
1021 *ppfnFreeObject
= CRYPT_FreeBlob
;
1022 *ppvFreeContext
= NULL
;
1024 components
.lpszUrlPath
= CryptMemAlloc(MAX_PATH
* 2 * sizeof(WCHAR
));
1025 components
.dwUrlPathLength
= 2 * MAX_PATH
;
1026 ret
= InternetCrackUrlW(pszURL
, 0, ICU_DECODE
, &components
);
1031 if (components
.dwUrlPathLength
== 2 * MAX_PATH
- 1)
1032 FIXME("Buffers are too small\n");
1034 /* 3 == lstrlenW(L"c:") + 1 */
1035 path
= CryptMemAlloc((components
.dwUrlPathLength
+ 3) * sizeof(WCHAR
));
1040 /* Try to create the file directly - Wine handles / in pathnames */
1041 lstrcpynW(path
, components
.lpszUrlPath
,
1042 components
.dwUrlPathLength
+ 1);
1043 hFile
= CreateFileW(path
, GENERIC_READ
, 0, NULL
, OPEN_EXISTING
,
1044 FILE_ATTRIBUTE_NORMAL
, NULL
);
1045 if (hFile
== INVALID_HANDLE_VALUE
)
1047 /* Try again on the current drive */
1048 GetCurrentDirectoryW(components
.dwUrlPathLength
, path
);
1051 lstrcpynW(path
+ 2, components
.lpszUrlPath
,
1052 components
.dwUrlPathLength
+ 1);
1053 hFile
= CreateFileW(path
, GENERIC_READ
, 0, NULL
,
1054 OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1056 if (hFile
== INVALID_HANDLE_VALUE
)
1058 /* Try again on the Windows drive */
1059 GetWindowsDirectoryW(path
, components
.dwUrlPathLength
);
1062 lstrcpynW(path
+ 2, components
.lpszUrlPath
,
1063 components
.dwUrlPathLength
+ 1);
1064 hFile
= CreateFileW(path
, GENERIC_READ
, 0, NULL
,
1065 OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1069 if (hFile
!= INVALID_HANDLE_VALUE
)
1071 if ((ret
= CRYPT_GetObjectFromFile(hFile
, pObject
)))
1073 if (pAuxInfo
&& pAuxInfo
->cbSize
>=
1074 offsetof(CRYPT_RETRIEVE_AUX_INFO
,
1075 pLastSyncTime
) + sizeof(PFILETIME
) &&
1076 pAuxInfo
->pLastSyncTime
)
1077 GetFileTime(hFile
, NULL
, NULL
,
1078 pAuxInfo
->pLastSyncTime
);
1087 CryptMemFree(components
.lpszUrlPath
);
1091 typedef BOOL (WINAPI
*SchemeDllRetrieveEncodedObjectW
)(LPCWSTR pwszUrl
,
1092 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
1093 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
1094 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
1095 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
);
1097 static BOOL
CRYPT_GetRetrieveFunction(LPCWSTR pszURL
,
1098 SchemeDllRetrieveEncodedObjectW
*pFunc
, HCRYPTOIDFUNCADDR
*phFunc
)
1100 URL_COMPONENTSW components
= { sizeof(components
), 0 };
1103 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL
), pFunc
, phFunc
);
1107 components
.dwSchemeLength
= 1;
1108 ret
= InternetCrackUrlW(pszURL
, 0, 0, &components
);
1111 /* Microsoft always uses CryptInitOIDFunctionSet/
1112 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1113 * reason to do so for builtin schemes.
1115 switch (components
.nScheme
)
1117 case INTERNET_SCHEME_FTP
:
1118 *pFunc
= FTP_RetrieveEncodedObjectW
;
1120 case INTERNET_SCHEME_HTTP
:
1121 *pFunc
= HTTP_RetrieveEncodedObjectW
;
1123 case INTERNET_SCHEME_FILE
:
1124 *pFunc
= File_RetrieveEncodedObjectW
;
1128 int len
= WideCharToMultiByte(CP_ACP
, 0, components
.lpszScheme
,
1129 components
.dwSchemeLength
, NULL
, 0, NULL
, NULL
);
1133 LPSTR scheme
= CryptMemAlloc(len
);
1137 static HCRYPTOIDFUNCSET set
= NULL
;
1140 set
= CryptInitOIDFunctionSet(
1141 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC
, 0);
1142 WideCharToMultiByte(CP_ACP
, 0, components
.lpszScheme
,
1143 components
.dwSchemeLength
, scheme
, len
, NULL
, NULL
);
1144 ret
= CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
,
1145 scheme
, 0, (void **)pFunc
, phFunc
);
1146 CryptMemFree(scheme
);
1150 SetLastError(ERROR_OUTOFMEMORY
);
1159 TRACE("returning %d\n", ret
);
1163 static BOOL WINAPI
CRYPT_CreateBlob(LPCSTR pszObjectOid
,
1164 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1167 CRYPT_BLOB_ARRAY
*context
;
1170 size
= sizeof(CRYPT_BLOB_ARRAY
) + pObject
->cBlob
* sizeof(CRYPT_DATA_BLOB
);
1171 for (i
= 0; i
< pObject
->cBlob
; i
++)
1172 size
+= pObject
->rgBlob
[i
].cbData
;
1173 context
= CryptMemAlloc(size
);
1180 (CRYPT_DATA_BLOB
*)((LPBYTE
)context
+ sizeof(CRYPT_BLOB_ARRAY
));
1182 (LPBYTE
)context
->rgBlob
+ pObject
->cBlob
* sizeof(CRYPT_DATA_BLOB
);
1183 for (i
= 0; i
< pObject
->cBlob
; i
++)
1185 memcpy(nextData
, pObject
->rgBlob
[i
].pbData
,
1186 pObject
->rgBlob
[i
].cbData
);
1187 context
->rgBlob
[i
].pbData
= nextData
;
1188 context
->rgBlob
[i
].cbData
= pObject
->rgBlob
[i
].cbData
;
1189 nextData
+= pObject
->rgBlob
[i
].cbData
;
1192 *ppvContext
= context
;
1198 typedef BOOL (WINAPI
*AddContextToStore
)(HCERTSTORE hCertStore
,
1199 const void *pContext
, DWORD dwAddDisposition
, const void **ppStoreContext
);
1201 static BOOL
CRYPT_CreateContext(const CRYPT_BLOB_ARRAY
*pObject
,
1202 DWORD dwExpectedContentTypeFlags
, AddContextToStore addFunc
, void **ppvContext
)
1206 if (!pObject
->cBlob
)
1208 SetLastError(ERROR_INVALID_DATA
);
1212 else if (pObject
->cBlob
== 1)
1214 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &pObject
->rgBlob
[0],
1215 dwExpectedContentTypeFlags
, CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
,
1216 NULL
, NULL
, NULL
, NULL
, (const void **)ppvContext
))
1218 SetLastError(CRYPT_E_NO_MATCH
);
1224 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
1225 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1230 const void *context
;
1232 for (i
= 0; i
< pObject
->cBlob
; i
++)
1234 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB
,
1235 &pObject
->rgBlob
[i
], dwExpectedContentTypeFlags
,
1236 CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
, NULL
, NULL
, NULL
,
1239 if (!addFunc(store
, context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1244 SetLastError(CRYPT_E_NO_MATCH
);
1251 *ppvContext
= store
;
1256 static BOOL WINAPI
CRYPT_CreateCert(LPCSTR pszObjectOid
,
1257 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1259 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CERT
,
1260 (AddContextToStore
)CertAddCertificateContextToStore
, ppvContext
);
1263 static BOOL WINAPI
CRYPT_CreateCRL(LPCSTR pszObjectOid
,
1264 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1266 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CRL
,
1267 (AddContextToStore
)CertAddCRLContextToStore
, ppvContext
);
1270 static BOOL WINAPI
CRYPT_CreateCTL(LPCSTR pszObjectOid
,
1271 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1273 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CTL
,
1274 (AddContextToStore
)CertAddCTLContextToStore
, ppvContext
);
1277 static BOOL WINAPI
CRYPT_CreatePKCS7(LPCSTR pszObjectOid
,
1278 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1282 if (!pObject
->cBlob
)
1284 SetLastError(ERROR_INVALID_DATA
);
1288 else if (pObject
->cBlob
== 1)
1289 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &pObject
->rgBlob
[0],
1290 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
|
1291 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
, CERT_QUERY_FORMAT_FLAG_BINARY
,
1292 0, NULL
, NULL
, NULL
, ppvContext
, NULL
, NULL
);
1295 FIXME("multiple messages unimplemented\n");
1301 static BOOL WINAPI
CRYPT_CreateAny(LPCSTR pszObjectOid
,
1302 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1306 if (!pObject
->cBlob
)
1308 SetLastError(ERROR_INVALID_DATA
);
1314 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_COLLECTION
, 0, 0,
1315 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1319 HCERTSTORE memStore
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
1320 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1324 CertAddStoreToCollection(store
, memStore
,
1325 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG
, 0);
1326 CertCloseStore(memStore
, 0);
1330 CertCloseStore(store
, 0);
1339 for (i
= 0; i
< pObject
->cBlob
; i
++)
1341 DWORD contentType
, expectedContentTypes
=
1342 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
|
1343 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
|
1344 CERT_QUERY_CONTENT_FLAG_CERT
|
1345 CERT_QUERY_CONTENT_FLAG_CRL
|
1346 CERT_QUERY_CONTENT_FLAG_CTL
;
1347 HCERTSTORE contextStore
;
1348 const void *context
;
1350 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB
,
1351 &pObject
->rgBlob
[i
], expectedContentTypes
,
1352 CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
, &contentType
, NULL
,
1353 &contextStore
, NULL
, &context
))
1355 switch (contentType
)
1357 case CERT_QUERY_CONTENT_CERT
:
1358 if (!CertAddCertificateContextToStore(store
,
1359 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1361 CertFreeCertificateContext(context
);
1363 case CERT_QUERY_CONTENT_CRL
:
1364 if (!CertAddCRLContextToStore(store
,
1365 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1367 CertFreeCRLContext(context
);
1369 case CERT_QUERY_CONTENT_CTL
:
1370 if (!CertAddCTLContextToStore(store
,
1371 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1373 CertFreeCTLContext(context
);
1376 CertAddStoreToCollection(store
, contextStore
, 0, 0);
1378 CertCloseStore(contextStore
, 0);
1386 *ppvContext
= store
;
1391 typedef BOOL (WINAPI
*ContextDllCreateObjectContext
)(LPCSTR pszObjectOid
,
1392 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
);
1394 static BOOL
CRYPT_GetCreateFunction(LPCSTR pszObjectOid
,
1395 ContextDllCreateObjectContext
*pFunc
, HCRYPTOIDFUNCADDR
*phFunc
)
1399 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid
), pFunc
, phFunc
);
1403 if (IS_INTOID(pszObjectOid
))
1405 switch (LOWORD(pszObjectOid
))
1408 *pFunc
= CRYPT_CreateBlob
;
1410 case LOWORD(CONTEXT_OID_CERTIFICATE
):
1411 *pFunc
= CRYPT_CreateCert
;
1413 case LOWORD(CONTEXT_OID_CRL
):
1414 *pFunc
= CRYPT_CreateCRL
;
1416 case LOWORD(CONTEXT_OID_CTL
):
1417 *pFunc
= CRYPT_CreateCTL
;
1419 case LOWORD(CONTEXT_OID_PKCS7
):
1420 *pFunc
= CRYPT_CreatePKCS7
;
1422 case LOWORD(CONTEXT_OID_CAPI2_ANY
):
1423 *pFunc
= CRYPT_CreateAny
;
1429 static HCRYPTOIDFUNCSET set
= NULL
;
1432 set
= CryptInitOIDFunctionSet(
1433 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC
, 0);
1434 ret
= CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
, pszObjectOid
,
1435 0, (void **)pFunc
, phFunc
);
1437 TRACE("returning %d\n", ret
);
1441 typedef BOOL (*get_object_expiration_func
)(const void *pvContext
,
1442 FILETIME
*expiration
);
1444 static BOOL
CRYPT_GetExpirationFromCert(const void *pvObject
, FILETIME
*expiration
)
1446 PCCERT_CONTEXT cert
= pvObject
;
1448 *expiration
= cert
->pCertInfo
->NotAfter
;
1452 static BOOL
CRYPT_GetExpirationFromCRL(const void *pvObject
, FILETIME
*expiration
)
1454 PCCRL_CONTEXT cert
= pvObject
;
1456 *expiration
= cert
->pCrlInfo
->NextUpdate
;
1460 static BOOL
CRYPT_GetExpirationFromCTL(const void *pvObject
, FILETIME
*expiration
)
1462 PCCTL_CONTEXT cert
= pvObject
;
1464 *expiration
= cert
->pCtlInfo
->NextUpdate
;
1468 static BOOL
CRYPT_GetExpirationFunction(LPCSTR pszObjectOid
,
1469 get_object_expiration_func
*getExpiration
)
1473 if (IS_INTOID(pszObjectOid
))
1475 switch (LOWORD(pszObjectOid
))
1477 case LOWORD(CONTEXT_OID_CERTIFICATE
):
1478 *getExpiration
= CRYPT_GetExpirationFromCert
;
1481 case LOWORD(CONTEXT_OID_CRL
):
1482 *getExpiration
= CRYPT_GetExpirationFromCRL
;
1485 case LOWORD(CONTEXT_OID_CTL
):
1486 *getExpiration
= CRYPT_GetExpirationFromCTL
;
1498 /***********************************************************************
1499 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1501 BOOL WINAPI
CryptRetrieveObjectByUrlW(LPCWSTR pszURL
, LPCSTR pszObjectOid
,
1502 DWORD dwRetrievalFlags
, DWORD dwTimeout
, LPVOID
*ppvObject
,
1503 HCRYPTASYNC hAsyncRetrieve
, PCRYPT_CREDENTIALS pCredentials
, LPVOID pvVerify
,
1504 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
1507 SchemeDllRetrieveEncodedObjectW retrieve
;
1508 ContextDllCreateObjectContext create
;
1509 HCRYPTOIDFUNCADDR hRetrieve
= 0, hCreate
= 0;
1511 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
1512 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, ppvObject
,
1513 hAsyncRetrieve
, pCredentials
, pvVerify
, pAuxInfo
);
1517 SetLastError(ERROR_INVALID_PARAMETER
);
1520 ret
= CRYPT_GetRetrieveFunction(pszURL
, &retrieve
, &hRetrieve
);
1522 ret
= CRYPT_GetCreateFunction(pszObjectOid
, &create
, &hCreate
);
1525 CRYPT_BLOB_ARRAY object
= { 0, NULL
};
1526 PFN_FREE_ENCODED_OBJECT_FUNC freeObject
;
1529 ret
= retrieve(pszURL
, pszObjectOid
, dwRetrievalFlags
, dwTimeout
,
1530 &object
, &freeObject
, &freeContext
, hAsyncRetrieve
, pCredentials
,
1534 get_object_expiration_func getExpiration
;
1536 ret
= create(pszObjectOid
, dwRetrievalFlags
, &object
, ppvObject
);
1537 if (ret
&& !(dwRetrievalFlags
& CRYPT_DONT_CACHE_RESULT
) &&
1538 CRYPT_GetExpirationFunction(pszObjectOid
, &getExpiration
))
1542 if (getExpiration(*ppvObject
, &expires
))
1543 CRYPT_CacheURL(pszURL
, &object
, dwRetrievalFlags
, expires
);
1545 freeObject(pszObjectOid
, &object
, freeContext
);
1549 CryptFreeOIDFunctionAddress(hCreate
, 0);
1551 CryptFreeOIDFunctionAddress(hRetrieve
, 0);
1552 TRACE("returning %d\n", ret
);
1556 static DWORD
verify_cert_revocation_with_crl(PCCERT_CONTEXT cert
,
1557 PCCRL_CONTEXT crl
, DWORD index
, FILETIME
*pTime
,
1558 PCERT_REVOCATION_STATUS pRevStatus
)
1562 if (CertVerifyCRLTimeValidity(pTime
, crl
->pCrlInfo
))
1564 /* The CRL isn't time valid */
1565 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1569 PCRL_ENTRY entry
= NULL
;
1571 CertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1574 error
= CRYPT_E_REVOKED
;
1575 pRevStatus
->dwIndex
= index
;
1578 error
= ERROR_SUCCESS
;
1583 static DWORD
verify_cert_revocation_from_dist_points_ext(
1584 const CRYPT_DATA_BLOB
*value
, PCCERT_CONTEXT cert
, DWORD index
,
1585 FILETIME
*pTime
, DWORD dwFlags
, const CERT_REVOCATION_PARA
*pRevPara
,
1586 PCERT_REVOCATION_STATUS pRevStatus
)
1588 DWORD error
= ERROR_SUCCESS
, cbUrlArray
;
1590 if (CRYPT_GetUrlFromCRLDistPointsExt(value
, NULL
, &cbUrlArray
, NULL
, NULL
))
1592 CRYPT_URL_ARRAY
*urlArray
= CryptMemAlloc(cbUrlArray
);
1596 DWORD j
, retrievalFlags
= 0, startTime
, endTime
, timeout
;
1599 ret
= CRYPT_GetUrlFromCRLDistPointsExt(value
, urlArray
,
1600 &cbUrlArray
, NULL
, NULL
);
1601 if (dwFlags
& CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION
)
1602 retrievalFlags
|= CRYPT_CACHE_ONLY_RETRIEVAL
;
1603 if (dwFlags
& CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG
&&
1604 pRevPara
&& pRevPara
->cbSize
>= offsetof(CERT_REVOCATION_PARA
,
1605 dwUrlRetrievalTimeout
) + sizeof(DWORD
))
1607 startTime
= GetTickCount();
1608 endTime
= startTime
+ pRevPara
->dwUrlRetrievalTimeout
;
1609 timeout
= pRevPara
->dwUrlRetrievalTimeout
;
1612 endTime
= timeout
= 0;
1614 error
= GetLastError();
1615 for (j
= 0; !error
&& j
< urlArray
->cUrl
; j
++)
1619 ret
= CryptRetrieveObjectByUrlW(urlArray
->rgwszUrl
[j
],
1620 CONTEXT_OID_CRL
, retrievalFlags
, timeout
, (void **)&crl
,
1621 NULL
, NULL
, NULL
, NULL
);
1624 error
= verify_cert_revocation_with_crl(cert
, crl
, index
,
1626 if (!error
&& timeout
)
1628 DWORD time
= GetTickCount();
1630 if ((int)(endTime
- time
) <= 0)
1632 error
= ERROR_TIMEOUT
;
1633 pRevStatus
->dwIndex
= index
;
1636 timeout
= endTime
- time
;
1638 CertFreeCRLContext(crl
);
1641 error
= CRYPT_E_REVOCATION_OFFLINE
;
1643 CryptMemFree(urlArray
);
1647 error
= ERROR_OUTOFMEMORY
;
1648 pRevStatus
->dwIndex
= index
;
1653 error
= GetLastError();
1654 pRevStatus
->dwIndex
= index
;
1659 static DWORD
verify_cert_revocation_from_aia_ext(
1660 const CRYPT_DATA_BLOB
*value
, PCCERT_CONTEXT cert
, DWORD index
,
1661 FILETIME
*pTime
, DWORD dwFlags
, PCERT_REVOCATION_PARA pRevPara
,
1662 PCERT_REVOCATION_STATUS pRevStatus
)
1666 CERT_AUTHORITY_INFO_ACCESS
*aia
;
1668 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_AUTHORITY_INFO_ACCESS
,
1669 value
->pbData
, value
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &aia
, &size
);
1674 for (i
= 0; i
< aia
->cAccDescr
; i
++)
1675 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
1678 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
==
1680 FIXME("OCSP URL = %s\n",
1681 debugstr_w(aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
));
1683 FIXME("unsupported AccessLocation type %d\n",
1684 aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
);
1687 /* FIXME: lie and pretend OCSP validated the cert */
1688 error
= ERROR_SUCCESS
;
1691 error
= GetLastError();
1695 static DWORD
verify_cert_revocation(PCCERT_CONTEXT cert
, DWORD index
,
1696 FILETIME
*pTime
, DWORD dwFlags
, PCERT_REVOCATION_PARA pRevPara
,
1697 PCERT_REVOCATION_STATUS pRevStatus
)
1699 DWORD error
= ERROR_SUCCESS
;
1700 PCERT_EXTENSION ext
;
1702 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
1703 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
1704 error
= verify_cert_revocation_from_dist_points_ext(&ext
->Value
, cert
,
1705 index
, pTime
, dwFlags
, pRevPara
, pRevStatus
);
1706 else if ((ext
= CertFindExtension(szOID_AUTHORITY_INFO_ACCESS
,
1707 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
1708 error
= verify_cert_revocation_from_aia_ext(&ext
->Value
, cert
,
1709 index
, pTime
, dwFlags
, pRevPara
, pRevStatus
);
1712 if (pRevPara
&& pRevPara
->hCrlStore
&& pRevPara
->pIssuerCert
)
1714 PCCRL_CONTEXT crl
= NULL
;
1717 /* If the caller told us about the issuer, make sure the issuer
1718 * can sign CRLs before looking for one.
1720 if ((ext
= CertFindExtension(szOID_KEY_USAGE
,
1721 pRevPara
->pIssuerCert
->pCertInfo
->cExtension
,
1722 pRevPara
->pIssuerCert
->pCertInfo
->rgExtension
)))
1724 CRYPT_BIT_BLOB usage
;
1725 DWORD size
= sizeof(usage
);
1727 if (!CryptDecodeObjectEx(cert
->dwCertEncodingType
, X509_BITS
,
1728 ext
->Value
.pbData
, ext
->Value
.cbData
,
1729 CRYPT_DECODE_NOCOPY_FLAG
, NULL
, &usage
, &size
))
1730 canSignCRLs
= FALSE
;
1731 else if (usage
.cbData
> 2)
1733 /* The key usage extension only defines 9 bits => no more
1734 * than 2 bytes are needed to encode all known usages.
1736 canSignCRLs
= FALSE
;
1740 BYTE usageBits
= usage
.pbData
[usage
.cbData
- 1];
1742 canSignCRLs
= usageBits
& CERT_CRL_SIGN_KEY_USAGE
;
1749 /* If the caller was helpful enough to tell us where to find a
1750 * CRL for the cert, look for one and check it.
1752 crl
= CertFindCRLInStore(pRevPara
->hCrlStore
,
1753 cert
->dwCertEncodingType
,
1754 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
|
1755 CRL_FIND_ISSUED_BY_AKI_FLAG
,
1756 CRL_FIND_ISSUED_BY
, pRevPara
->pIssuerCert
, NULL
);
1760 error
= verify_cert_revocation_with_crl(cert
, crl
, index
,
1762 CertFreeCRLContext(crl
);
1766 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1767 pRevStatus
->dwIndex
= index
;
1772 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1773 pRevStatus
->dwIndex
= index
;
1779 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
{
1781 PCCERT_CONTEXT pIssuerCert
;
1783 HCERTSTORE
*rgCertStore
;
1784 HCERTSTORE hCrlStore
;
1785 LPFILETIME pftTimeToUse
;
1786 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS
;
1788 typedef struct _OLD_CERT_REVOCATION_STATUS
{
1793 } OLD_CERT_REVOCATION_STATUS
, *POLD_CERT_REVOCATION_STATUS
;
1795 /***********************************************************************
1796 * CertDllVerifyRevocation (CRYPTNET.@)
1798 BOOL WINAPI
CertDllVerifyRevocation(DWORD dwEncodingType
, DWORD dwRevType
,
1799 DWORD cContext
, PVOID rgpvContext
[], DWORD dwFlags
,
1800 PCERT_REVOCATION_PARA pRevPara
, PCERT_REVOCATION_STATUS pRevStatus
)
1804 LPFILETIME pTime
= NULL
;
1806 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType
, dwRevType
,
1807 cContext
, rgpvContext
, dwFlags
, pRevPara
, pRevStatus
);
1809 if (pRevStatus
->cbSize
!= sizeof(OLD_CERT_REVOCATION_STATUS
) &&
1810 pRevStatus
->cbSize
!= sizeof(CERT_REVOCATION_STATUS
))
1812 SetLastError(E_INVALIDARG
);
1817 SetLastError(E_INVALIDARG
);
1820 if (pRevPara
&& pRevPara
->cbSize
>=
1821 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
))
1822 pTime
= pRevPara
->pftTimeToUse
;
1825 GetSystemTimeAsFileTime(&now
);
1828 memset(&pRevStatus
->dwIndex
, 0, pRevStatus
->cbSize
- sizeof(DWORD
));
1829 if (dwRevType
!= CERT_CONTEXT_REVOCATION_TYPE
)
1830 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1833 for (i
= 0; !error
&& i
< cContext
; i
++)
1834 error
= verify_cert_revocation(rgpvContext
[i
], i
, pTime
, dwFlags
,
1835 pRevPara
, pRevStatus
);
1839 SetLastError(error
);
1840 pRevStatus
->dwError
= error
;
1842 TRACE("returning %d (%08x)\n", !error
, error
);