search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
winmm/tests: Add tests for visibility of video window.
[wine.git] / dlls / crypt32 / crl.c
blob51ae270ae73198aff18f4fe26e7967df721a72a2
1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #define NONAMELESSUNION
23 #include "windef.h"
24 #include "winbase.h"
25 #include "wincrypt.h"
26 #include "wine/debug.h"
27 #include "crypt32_private.h"
28
29 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
30
31 static void CRL_free(context_t *context)
32 {
33 crl_t *crl = (crl_t*)context;
34
35 CryptMemFree(crl->ctx.pbCrlEncoded);
36 LocalFree(crl->ctx.pCrlInfo);
37 }
38
39 static const context_vtbl_t crl_vtbl;
40
41 static char *copy_string(char *p, char **dst, const char *src)
42 {
43 size_t size = strlen(src) + 1;
44
45 *dst = memcpy(p, src, size);
46 return p + size;
47 }
48
49 static char *copy_blob(char *p, DATA_BLOB *dst, const DATA_BLOB *src)
50 {
51 size_t size = src->cbData;
52
53 dst->cbData = size;
54 dst->pbData = memcpy(p, src->pbData, size);
55 return p + size;
56 }
57
58 static char *copy_extension(char *p, CERT_EXTENSION *dst, const CERT_EXTENSION *src)
59 {
60 p = copy_string(p, &dst->pszObjId, src->pszObjId);
61 dst->fCritical = src->fCritical;
62 return copy_blob(p, &dst->Value, &src->Value);
63 }
64
65 static CRL_INFO *clone_crl_info(const CRL_INFO *src)
66 {
67 size_t size = sizeof(CRL_INFO);
68 CRL_INFO *dst;
69 DWORD i, j;
70 char *p;
71
72 if (src->SignatureAlgorithm.pszObjId)
73 size += strlen(src->SignatureAlgorithm.pszObjId) + 1;
74 size += src->SignatureAlgorithm.Parameters.cbData;
75 size += src->Issuer.cbData;
76 for (i = 0; i < src->cCRLEntry; ++i)
77 {
78 const CRL_ENTRY *entry = &src->rgCRLEntry[i];
79
80 size += sizeof(CRL_ENTRY);
81 size += entry->SerialNumber.cbData;
82 for (j = 0; j < entry->cExtension; ++j)
83 {
84 const CERT_EXTENSION *ext = &entry->rgExtension[j];
85
86 size += sizeof(CERT_EXTENSION);
87 size += strlen(ext->pszObjId) + 1;
88 size += ext->Value.cbData;
89 }
90 }
91
92 for (j = 0; j < src->cExtension; ++j)
93 {
94 const CERT_EXTENSION *ext = &src->rgExtension[j];
95
96 size += sizeof(CERT_EXTENSION);
97 size += strlen(ext->pszObjId) + 1;
98 size += ext->Value.cbData;
99 }
100
101 if (!(dst = LocalAlloc(LPTR, size)))
102 return NULL;
103 p = (char *)(dst + 1);
104
105 dst->dwVersion = src->dwVersion;
106 if (src->SignatureAlgorithm.pszObjId)
107 p = copy_string(p, &dst->SignatureAlgorithm.pszObjId, src->SignatureAlgorithm.pszObjId);
108 p = copy_blob(p, &dst->SignatureAlgorithm.Parameters, &src->SignatureAlgorithm.Parameters);
109 p = copy_blob(p, &dst->Issuer, &src->Issuer);
110 dst->ThisUpdate = src->ThisUpdate;
111 dst->NextUpdate = src->NextUpdate;
112
113 dst->cCRLEntry = src->cCRLEntry;
114 dst->rgCRLEntry = (CRL_ENTRY *)p;
115 p += src->cCRLEntry * sizeof(CRL_ENTRY);
116
117 dst->cExtension = src->cExtension;
118 dst->rgExtension = (CERT_EXTENSION *)p;
119 p += src->cExtension * sizeof(CERT_EXTENSION);
120
121 for (i = 0; i < src->cCRLEntry; ++i)
122 {
123 const CRL_ENTRY *src_entry = &src->rgCRLEntry[i];
124 CRL_ENTRY *dst_entry = &dst->rgCRLEntry[i];
125
126 p = copy_blob(p, &dst_entry->SerialNumber, &src_entry->SerialNumber);
127 dst_entry->RevocationDate = src_entry->RevocationDate;
128 dst_entry->cExtension = src_entry->cExtension;
129 dst_entry->rgExtension = (CERT_EXTENSION *)p;
130 p += src_entry->cExtension * sizeof(CERT_EXTENSION);
131
132 for (j = 0; j < src_entry->cExtension; ++j)
133 p = copy_extension(p, &dst_entry->rgExtension[j], &src_entry->rgExtension[j]);
134 }
135
136 for (j = 0; j < src->cExtension; ++j)
137 p = copy_extension(p, &dst->rgExtension[j], &src->rgExtension[j]);
138
139 assert(p - (char *)dst == size);
140 return dst;
141 }
142
143 static context_t *CRL_clone(context_t *context, WINECRYPT_CERTSTORE *store, BOOL use_link)
144 {
145 crl_t *dst;
146
147 if(use_link) {
148 if (!(dst = (crl_t *)Context_CreateLinkContext(sizeof(CRL_CONTEXT), context, store)))
149 return NULL;
150 }else {
151 const crl_t *src = (const crl_t*)context;
152
153 if (!(dst = (crl_t *)Context_CreateDataContext(sizeof(CRL_CONTEXT), &crl_vtbl, store)))
154 return NULL;
155
156 Context_CopyProperties(&dst->ctx, &src->ctx);
157
158 dst->ctx.dwCertEncodingType = src->ctx.dwCertEncodingType;
159 dst->ctx.pbCrlEncoded = CryptMemAlloc(src->ctx.cbCrlEncoded);
160 memcpy(dst->ctx.pbCrlEncoded, src->ctx.pbCrlEncoded, src->ctx.cbCrlEncoded);
161 dst->ctx.cbCrlEncoded = src->ctx.cbCrlEncoded;
162
163 if (!(dst->ctx.pCrlInfo = clone_crl_info(src->ctx.pCrlInfo)))
164 {
165 CertFreeCRLContext(&dst->ctx);
166 return NULL;
167 }
168 }
169
170 dst->ctx.hCertStore = store;
171 return &dst->base;
172 }
173
174 static const context_vtbl_t crl_vtbl = {
175 CRL_free,
176 CRL_clone
177 };
178
179 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
180 const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
181 {
182 crl_t *crl = NULL;
183 BOOL ret;
184 PCRL_INFO crlInfo = NULL;
185 BYTE *data = NULL;
186 DWORD size = 0;
187
188 TRACE("(%08lx, %p, %ld)\n", dwCertEncodingType, pbCrlEncoded,
189 cbCrlEncoded);
190
191 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
192 {
193 SetLastError(E_INVALIDARG);
194 return NULL;
195 }
196 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
197 pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
198 &crlInfo, &size);
199 if (!ret)
200 return NULL;
201
202 crl = (crl_t*)Context_CreateDataContext(sizeof(CRL_CONTEXT), &crl_vtbl, &empty_store);
203 if (!crl)
204 return NULL;
205
206 data = CryptMemAlloc(cbCrlEncoded);
207 if (!data)
208 {
209 Context_Release(&crl->base);
210 return NULL;
211 }
212
213 memcpy(data, pbCrlEncoded, cbCrlEncoded);
214 crl->ctx.dwCertEncodingType = dwCertEncodingType;
215 crl->ctx.pbCrlEncoded = data;
216 crl->ctx.cbCrlEncoded = cbCrlEncoded;
217 crl->ctx.pCrlInfo = crlInfo;
218 crl->ctx.hCertStore = &empty_store;
219
220 return &crl->ctx;
221 }
222
223 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
224 DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
225 DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
226 {
227 PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
228 pbCrlEncoded, cbCrlEncoded);
229 BOOL ret;
230
231 TRACE("(%p, %08lx, %p, %ld, %08lx, %p)\n", hCertStore, dwCertEncodingType,
232 pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
233
234 if (crl)
235 {
236 ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
237 ppCrlContext);
238 CertFreeCRLContext(crl);
239 }
240 else
241 ret = FALSE;
242 return ret;
243 }
244
245 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
246 DWORD dwFlags, const void *pvPara);
247
248 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
249 DWORD dwFlags, const void *pvPara)
250 {
251 return TRUE;
252 }
253
254 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
255 DWORD dwFlags, const void *pvPara)
256 {
257 BOOL ret;
258
259 if (pvPara)
260 {
261 PCCERT_CONTEXT issuer = pvPara;
262
263 ret = CertCompareCertificateName(issuer->dwCertEncodingType,
264 &issuer->pCertInfo->Subject, &pCrlContext->pCrlInfo->Issuer);
265 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_SIGNATURE_FLAG))
266 ret = CryptVerifyCertificateSignatureEx(0,
267 issuer->dwCertEncodingType,
268 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
269 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
270 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
271 {
272 PCERT_EXTENSION ext = CertFindExtension(
273 szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
274 pCrlContext->pCrlInfo->rgExtension);
275
276 if (ext)
277 {
278 CERT_AUTHORITY_KEY_ID2_INFO *info;
279 DWORD size;
280
281 if ((ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
282 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
283 CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
284 {
285 if (info->AuthorityCertIssuer.cAltEntry &&
286 info->AuthorityCertSerialNumber.cbData)
287 {
288 PCERT_ALT_NAME_ENTRY directoryName = NULL;
289 DWORD i;
290
291 for (i = 0; !directoryName &&
292 i < info->AuthorityCertIssuer.cAltEntry; i++)
293 if (info->AuthorityCertIssuer.rgAltEntry[i].
294 dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
295 directoryName =
296 &info->AuthorityCertIssuer.rgAltEntry[i];
297 if (directoryName)
298 {
299 ret = CertCompareCertificateName(
300 issuer->dwCertEncodingType,
301 &issuer->pCertInfo->Subject,
302 &directoryName->u.DirectoryName);
303 if (ret)
304 ret = CertCompareIntegerBlob(
305 &issuer->pCertInfo->SerialNumber,
306 &info->AuthorityCertSerialNumber);
307 }
308 else
309 {
310 FIXME("no supported name type in authority key id2\n");
311 ret = FALSE;
312 }
313 }
314 else if (info->KeyId.cbData)
315 {
316 DWORD size;
317
318 ret = CertGetCertificateContextProperty(issuer,
319 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
320 if (ret && size == info->KeyId.cbData)
321 {
322 LPBYTE buf = CryptMemAlloc(size);
323
324 if (buf)
325 {
326 CertGetCertificateContextProperty(issuer,
327 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
328 ret = !memcmp(buf, info->KeyId.pbData, size);
329 CryptMemFree(buf);
330 }
331 else
332 ret = FALSE;
333 }
334 else
335 ret = FALSE;
336 }
337 else
338 {
339 FIXME("unsupported value for AKI extension\n");
340 ret = FALSE;
341 }
342 LocalFree(info);
343 }
344 }
345 /* else: a CRL without an AKI matches any cert */
346 }
347 }
348 else
349 ret = TRUE;
350 return ret;
351 }
352
353 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
354 DWORD dwFlags, const void *pvPara)
355 {
356 BOOL ret;
357
358 if (pvPara)
359 {
360 PCCRL_CONTEXT crl = pvPara;
361
362 ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
363 &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
364 }
365 else
366 ret = TRUE;
367 return ret;
368 }
369
370 static BOOL compare_crl_issued_for(PCCRL_CONTEXT pCrlContext, DWORD dwType,
371 DWORD dwFlags, const void *pvPara)
372 {
373 const CRL_FIND_ISSUED_FOR_PARA *para = pvPara;
374 BOOL ret;
375
376 ret = CertCompareCertificateName(para->pIssuerCert->dwCertEncodingType,
377 &para->pIssuerCert->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
378 return ret;
379 }
380
381 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
382 DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
383 const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
384 {
385 PCCRL_CONTEXT ret;
386 CrlCompareFunc compare;
387
388 TRACE("(%p, %ld, %ld, %ld, %p, %p)\n", hCertStore, dwCertEncodingType,
389 dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
390
391 switch (dwFindType)
392 {
393 case CRL_FIND_ANY:
394 compare = compare_crl_any;
395 break;
396 case CRL_FIND_ISSUED_BY:
397 compare = compare_crl_issued_by;
398 break;
399 case CRL_FIND_EXISTING:
400 compare = compare_crl_existing;
401 break;
402 case CRL_FIND_ISSUED_FOR:
403 compare = compare_crl_issued_for;
404 break;
405 default:
406 FIXME("find type %08lx unimplemented\n", dwFindType);
407 compare = NULL;
408 }
409
410 if (compare)
411 {
412 BOOL matches = FALSE;
413
414 ret = pPrevCrlContext;
415 do {
416 ret = CertEnumCRLsInStore(hCertStore, ret);
417 if (ret)
418 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
419 } while (ret != NULL && !matches);
420 if (!ret)
421 SetLastError(CRYPT_E_NOT_FOUND);
422 }
423 else
424 {
425 SetLastError(CRYPT_E_NOT_FOUND);
426 ret = NULL;
427 }
428 return ret;
429 }
430
431 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
432 PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
433 {
434 static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
435 CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
436 CERT_STORE_DELTA_CRL_FLAG;
437 PCCRL_CONTEXT ret;
438
439 TRACE("(%p, %p, %p, %08lx)\n", hCertStore, pIssuerContext, pPrevCrlContext,
440 *pdwFlags);
441
442 if (*pdwFlags & ~supportedFlags)
443 {
444 SetLastError(E_INVALIDARG);
445 return NULL;
446 }
447 if (pIssuerContext)
448 ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
449 0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
450 else
451 ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
452 pPrevCrlContext);
453 if (ret)
454 {
455 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
456 {
457 if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
458 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
459 }
460 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
461 {
462 if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
463 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
464 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
465 NULL))
466 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
467 }
468 }
469 return ret;
470 }
471
472 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
473 {
474 TRACE("(%p)\n", pCrlContext);
475 if (pCrlContext)
476 Context_AddRef(&crl_from_ptr(pCrlContext)->base);
477 return pCrlContext;
478 }
479
480 BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT pCrlContext)
481 {
482 TRACE("(%p)\n", pCrlContext);
483
484 if (pCrlContext)
485 Context_Release(&crl_from_ptr(pCrlContext)->base);
486 return TRUE;
487 }
488
489 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
490 DWORD dwPropId)
491 {
492 TRACE("(%p, %ld)\n", pCRLContext, dwPropId);
493
494 return ContextPropertyList_EnumPropIDs(crl_from_ptr(pCRLContext)->base.properties, dwPropId);
495 }
496
497 static BOOL CRLContext_SetProperty(crl_t *crl, DWORD dwPropId,
498 DWORD dwFlags, const void *pvData);
499
500 static BOOL CRLContext_GetHashProp(crl_t *crl, DWORD dwPropId,
501 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
502 DWORD *pcbData)
503 {
504 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
505 pcbData);
506 if (ret && pvData)
507 {
508 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
509
510 ret = CRLContext_SetProperty(crl, dwPropId, 0, &blob);
511 }
512 return ret;
513 }
514
515 static BOOL CRLContext_GetProperty(crl_t *crl, DWORD dwPropId,
516 void *pvData, DWORD *pcbData)
517 {
518 BOOL ret;
519 CRYPT_DATA_BLOB blob;
520
521 TRACE("(%p, %ld, %p, %p)\n", crl, dwPropId, pvData, pcbData);
522
523 if (crl->base.properties)
524 ret = ContextPropertyList_FindProperty(crl->base.properties, dwPropId, &blob);
525 else
526 ret = FALSE;
527 if (ret)
528 {
529 if (!pvData)
530 *pcbData = blob.cbData;
531 else if (*pcbData < blob.cbData)
532 {
533 SetLastError(ERROR_MORE_DATA);
534 *pcbData = blob.cbData;
535 ret = FALSE;
536 }
537 else
538 {
539 memcpy(pvData, blob.pbData, blob.cbData);
540 *pcbData = blob.cbData;
541 }
542 }
543 else
544 {
545 /* Implicit properties */
546 switch (dwPropId)
547 {
548 case CERT_SHA1_HASH_PROP_ID:
549 ret = CRLContext_GetHashProp(crl, dwPropId, CALG_SHA1,
550 crl->ctx.pbCrlEncoded, crl->ctx.cbCrlEncoded, pvData,
551 pcbData);
552 break;
553 case CERT_MD5_HASH_PROP_ID:
554 ret = CRLContext_GetHashProp(crl, dwPropId, CALG_MD5,
555 crl->ctx.pbCrlEncoded, crl->ctx.cbCrlEncoded, pvData,
556 pcbData);
557 break;
558 default:
559 SetLastError(CRYPT_E_NOT_FOUND);
560 }
561 }
562 TRACE("returning %d\n", ret);
563 return ret;
564 }
565
566 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
567 DWORD dwPropId, void *pvData, DWORD *pcbData)
568 {
569 BOOL ret;
570
571 TRACE("(%p, %ld, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
572
573 switch (dwPropId)
574 {
575 case 0:
576 case CERT_CERT_PROP_ID:
577 case CERT_CRL_PROP_ID:
578 case CERT_CTL_PROP_ID:
579 SetLastError(E_INVALIDARG);
580 ret = FALSE;
581 break;
582 case CERT_ACCESS_STATE_PROP_ID:
583 if (!pvData)
584 {
585 *pcbData = sizeof(DWORD);
586 ret = TRUE;
587 }
588 else if (*pcbData < sizeof(DWORD))
589 {
590 SetLastError(ERROR_MORE_DATA);
591 *pcbData = sizeof(DWORD);
592 ret = FALSE;
593 }
594 else
595 {
596 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId, pvData, pcbData);
597 }
598 break;
599 default:
600 ret = CRLContext_GetProperty(crl_from_ptr(pCRLContext), dwPropId, pvData, pcbData);
601 }
602 return ret;
603 }
604
605 static BOOL CRLContext_SetProperty(crl_t *crl, DWORD dwPropId,
606 DWORD dwFlags, const void *pvData)
607 {
608 BOOL ret;
609
610 TRACE("(%p, %ld, %08lx, %p)\n", crl, dwPropId, dwFlags, pvData);
611
612 if (!crl->base.properties)
613 ret = FALSE;
614 else if (!pvData)
615 {
616 ContextPropertyList_RemoveProperty(crl->base.properties, dwPropId);
617 ret = TRUE;
618 }
619 else
620 {
621 switch (dwPropId)
622 {
623 case CERT_AUTO_ENROLL_PROP_ID:
624 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
625 case CERT_DESCRIPTION_PROP_ID:
626 case CERT_FRIENDLY_NAME_PROP_ID:
627 case CERT_HASH_PROP_ID:
628 case CERT_KEY_IDENTIFIER_PROP_ID:
629 case CERT_MD5_HASH_PROP_ID:
630 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
631 case CERT_PUBKEY_ALG_PARA_PROP_ID:
632 case CERT_PVK_FILE_PROP_ID:
633 case CERT_SIGNATURE_HASH_PROP_ID:
634 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
635 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
636 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
637 case CERT_ENROLLMENT_PROP_ID:
638 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
639 case CERT_RENEWAL_PROP_ID:
640 {
641 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
642
643 ret = ContextPropertyList_SetProperty(crl->base.properties, dwPropId,
644 blob->pbData, blob->cbData);
645 break;
646 }
647 case CERT_DATE_STAMP_PROP_ID:
648 ret = ContextPropertyList_SetProperty(crl->base.properties, dwPropId,
649 pvData, sizeof(FILETIME));
650 break;
651 default:
652 FIXME("%ld: stub\n", dwPropId);
653 ret = FALSE;
654 }
655 }
656 TRACE("returning %d\n", ret);
657 return ret;
658 }
659
660 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
661 DWORD dwPropId, DWORD dwFlags, const void *pvData)
662 {
663 BOOL ret;
664
665 TRACE("(%p, %ld, %08lx, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
666
667 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
668 * crashes on most of these, I'll be safer.
669 */
670 switch (dwPropId)
671 {
672 case 0:
673 case CERT_ACCESS_STATE_PROP_ID:
674 case CERT_CERT_PROP_ID:
675 case CERT_CRL_PROP_ID:
676 case CERT_CTL_PROP_ID:
677 SetLastError(E_INVALIDARG);
678 return FALSE;
679 }
680 ret = CRLContext_SetProperty(crl_from_ptr(pCRLContext), dwPropId, dwFlags, pvData);
681 TRACE("returning %d\n", ret);
682 return ret;
683 }
684
685 static BOOL compare_dist_point_name(const CRL_DIST_POINT_NAME *name1,
686 const CRL_DIST_POINT_NAME *name2)
687 {
688 BOOL match;
689
690 if (name1->dwDistPointNameChoice == name2->dwDistPointNameChoice)
691 {
692 match = TRUE;
693 if (name1->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
694 {
695 if (name1->u.FullName.cAltEntry == name2->u.FullName.cAltEntry)
696 {
697 DWORD i;
698
699 for (i = 0; match && i < name1->u.FullName.cAltEntry; i++)
700 {
701 const CERT_ALT_NAME_ENTRY *entry1 =
702 &name1->u.FullName.rgAltEntry[i];
703 const CERT_ALT_NAME_ENTRY *entry2 =
704 &name2->u.FullName.rgAltEntry[i];
705
706 if (entry1->dwAltNameChoice == entry2->dwAltNameChoice)
707 {
708 switch (entry1->dwAltNameChoice)
709 {
710 case CERT_ALT_NAME_URL:
711 match = !wcsicmp(entry1->u.pwszURL,
712 entry2->u.pwszURL);
713 break;
714 case CERT_ALT_NAME_DIRECTORY_NAME:
715 match = (entry1->u.DirectoryName.cbData ==
716 entry2->u.DirectoryName.cbData) &&
717 !memcmp(entry1->u.DirectoryName.pbData,
718 entry2->u.DirectoryName.pbData,
719 entry1->u.DirectoryName.cbData);
720 break;
721 default:
722 FIXME("unimplemented for type %ld\n",
723 entry1->dwAltNameChoice);
724 match = FALSE;
725 }
726 }
727 else
728 match = FALSE;
729 }
730 }
731 else
732 match = FALSE;
733 }
734 }
735 else
736 match = FALSE;
737 return match;
738 }
739
740 static BOOL match_dist_point_with_issuing_dist_point(
741 const CRL_DIST_POINT *distPoint, const CRL_ISSUING_DIST_POINT *idp)
742 {
743 BOOL match;
744
745 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
746 * CRL distribution points by reasons, it doesn't preclude doing so.
747 * "This profile RECOMMENDS against segmenting CRLs by reason code."
748 * If the issuing distribution point for this CRL is only valid for
749 * some reasons, only match if the reasons covered also match the
750 * reasons in the CRL distribution point.
751 */
752 if (idp->OnlySomeReasonFlags.cbData)
753 {
754 if (idp->OnlySomeReasonFlags.cbData == distPoint->ReasonFlags.cbData)
755 {
756 DWORD i;
757
758 match = TRUE;
759 for (i = 0; match && i < distPoint->ReasonFlags.cbData; i++)
760 if (idp->OnlySomeReasonFlags.pbData[i] !=
761 distPoint->ReasonFlags.pbData[i])
762 match = FALSE;
763 }
764 else
765 match = FALSE;
766 }
767 else
768 match = TRUE;
769 if (match)
770 match = compare_dist_point_name(&idp->DistPointName,
771 &distPoint->DistPointName);
772 return match;
773 }
774
775 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
776 PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
777 {
778 PCERT_EXTENSION ext;
779 BOOL ret;
780
781 TRACE("(%p, %p, %08lx, %p)\n", pCert, pCrl, dwFlags, pvReserved);
782
783 if (!pCert)
784 return TRUE;
785
786 if ((ext = CertFindExtension(szOID_ISSUING_DIST_POINT,
787 pCrl->pCrlInfo->cExtension, pCrl->pCrlInfo->rgExtension)))
788 {
789 CRL_ISSUING_DIST_POINT *idp;
790 DWORD size;
791
792 if ((ret = CryptDecodeObjectEx(pCrl->dwCertEncodingType,
793 X509_ISSUING_DIST_POINT, ext->Value.pbData, ext->Value.cbData,
794 CRYPT_DECODE_ALLOC_FLAG, NULL, &idp, &size)))
795 {
796 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
797 pCert->pCertInfo->cExtension, pCert->pCertInfo->rgExtension)))
798 {
799 CRL_DIST_POINTS_INFO *distPoints;
800
801 if ((ret = CryptDecodeObjectEx(pCert->dwCertEncodingType,
802 X509_CRL_DIST_POINTS, ext->Value.pbData, ext->Value.cbData,
803 CRYPT_DECODE_ALLOC_FLAG, NULL, &distPoints, &size)))
804 {
805 DWORD i;
806
807 ret = FALSE;
808 for (i = 0; !ret && i < distPoints->cDistPoint; i++)
809 ret = match_dist_point_with_issuing_dist_point(
810 &distPoints->rgDistPoint[i], idp);
811 if (!ret)
812 SetLastError(CRYPT_E_NO_MATCH);
813 LocalFree(distPoints);
814 }
815 }
816 else
817 {
818 /* no CRL dist points extension in cert, can't match the CRL
819 * (which has an issuing dist point extension)
820 */
821 ret = FALSE;
822 SetLastError(CRYPT_E_NO_MATCH);
823 }
824 LocalFree(idp);
825 }
826 }
827 else
828 ret = TRUE;
829 return ret;
830 }
831
832 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
833 {
834 DWORD i;
835 PCRL_ENTRY entry = NULL;
836
837 for (i = 0; !entry && i < crl->cCRLEntry; i++)
838 if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
839 &cert->SerialNumber))
840 entry = &crl->rgCRLEntry[i];
841 return entry;
842 }
843
844 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
845 PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
846 PCRL_ENTRY *ppCrlEntry)
847 {
848 TRACE("(%p, %p, %08lx, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
849 ppCrlEntry);
850
851 *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
852 pCrlContext->pCrlInfo);
853 return TRUE;
854 }
855
856 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
857 PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
858 {
859 DWORD i;
860 PCRL_ENTRY entry = NULL;
861
862 TRACE("(%08lx, %p, %ld, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
863 rgpCrlInfo);
864
865 for (i = 0; !entry && i < cCrlInfo; i++)
866 entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
867 return entry == NULL;
868 }
869
870 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
871 PCRL_INFO pCrlInfo)
872 {
873 FILETIME fileTime;
874 LONG ret;
875
876 if (!pTimeToVerify)
877 {
878 GetSystemTimeAsFileTime(&fileTime);
879 pTimeToVerify = &fileTime;
880 }
881 if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
882 {
883 ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
884 if (ret < 0)
885 ret = 0;
886 }
887 return ret;
888 }
Windows API implementation