2 * Copyright 2006 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 #define NONAMELESSUNION
26 #include "wine/debug.h"
27 #include "crypt32_private.h"
29 WINE_DEFAULT_DEBUG_CHANNEL(crypt
);
31 static void CRL_free(context_t
*context
)
33 crl_t
*crl
= (crl_t
*)context
;
35 CryptMemFree(crl
->ctx
.pbCrlEncoded
);
36 LocalFree(crl
->ctx
.pCrlInfo
);
39 static const context_vtbl_t crl_vtbl
;
41 static char *copy_string(char *p
, char **dst
, const char *src
)
43 size_t size
= strlen(src
) + 1;
45 *dst
= memcpy(p
, src
, size
);
49 static char *copy_blob(char *p
, DATA_BLOB
*dst
, const DATA_BLOB
*src
)
51 size_t size
= src
->cbData
;
54 dst
->pbData
= memcpy(p
, src
->pbData
, size
);
58 static char *copy_extension(char *p
, CERT_EXTENSION
*dst
, const CERT_EXTENSION
*src
)
60 p
= copy_string(p
, &dst
->pszObjId
, src
->pszObjId
);
61 dst
->fCritical
= src
->fCritical
;
62 return copy_blob(p
, &dst
->Value
, &src
->Value
);
65 static CRL_INFO
*clone_crl_info(const CRL_INFO
*src
)
67 size_t size
= sizeof(CRL_INFO
);
72 if (src
->SignatureAlgorithm
.pszObjId
)
73 size
+= strlen(src
->SignatureAlgorithm
.pszObjId
) + 1;
74 size
+= src
->SignatureAlgorithm
.Parameters
.cbData
;
75 size
+= src
->Issuer
.cbData
;
76 for (i
= 0; i
< src
->cCRLEntry
; ++i
)
78 const CRL_ENTRY
*entry
= &src
->rgCRLEntry
[i
];
80 size
+= sizeof(CRL_ENTRY
);
81 size
+= entry
->SerialNumber
.cbData
;
82 for (j
= 0; j
< entry
->cExtension
; ++j
)
84 const CERT_EXTENSION
*ext
= &entry
->rgExtension
[j
];
86 size
+= sizeof(CERT_EXTENSION
);
87 size
+= strlen(ext
->pszObjId
) + 1;
88 size
+= ext
->Value
.cbData
;
92 for (j
= 0; j
< src
->cExtension
; ++j
)
94 const CERT_EXTENSION
*ext
= &src
->rgExtension
[j
];
96 size
+= sizeof(CERT_EXTENSION
);
97 size
+= strlen(ext
->pszObjId
) + 1;
98 size
+= ext
->Value
.cbData
;
101 if (!(dst
= LocalAlloc(LPTR
, size
)))
103 p
= (char *)(dst
+ 1);
105 dst
->dwVersion
= src
->dwVersion
;
106 if (src
->SignatureAlgorithm
.pszObjId
)
107 p
= copy_string(p
, &dst
->SignatureAlgorithm
.pszObjId
, src
->SignatureAlgorithm
.pszObjId
);
108 p
= copy_blob(p
, &dst
->SignatureAlgorithm
.Parameters
, &src
->SignatureAlgorithm
.Parameters
);
109 p
= copy_blob(p
, &dst
->Issuer
, &src
->Issuer
);
110 dst
->ThisUpdate
= src
->ThisUpdate
;
111 dst
->NextUpdate
= src
->NextUpdate
;
113 dst
->cCRLEntry
= src
->cCRLEntry
;
114 dst
->rgCRLEntry
= (CRL_ENTRY
*)p
;
115 p
+= src
->cCRLEntry
* sizeof(CRL_ENTRY
);
117 dst
->cExtension
= src
->cExtension
;
118 dst
->rgExtension
= (CERT_EXTENSION
*)p
;
119 p
+= src
->cExtension
* sizeof(CERT_EXTENSION
);
121 for (i
= 0; i
< src
->cCRLEntry
; ++i
)
123 const CRL_ENTRY
*src_entry
= &src
->rgCRLEntry
[i
];
124 CRL_ENTRY
*dst_entry
= &dst
->rgCRLEntry
[i
];
126 p
= copy_blob(p
, &dst_entry
->SerialNumber
, &src_entry
->SerialNumber
);
127 dst_entry
->RevocationDate
= src_entry
->RevocationDate
;
128 dst_entry
->cExtension
= src_entry
->cExtension
;
129 dst_entry
->rgExtension
= (CERT_EXTENSION
*)p
;
130 p
+= src_entry
->cExtension
* sizeof(CERT_EXTENSION
);
132 for (j
= 0; j
< src_entry
->cExtension
; ++j
)
133 p
= copy_extension(p
, &dst_entry
->rgExtension
[j
], &src_entry
->rgExtension
[j
]);
136 for (j
= 0; j
< src
->cExtension
; ++j
)
137 p
= copy_extension(p
, &dst
->rgExtension
[j
], &src
->rgExtension
[j
]);
139 assert(p
- (char *)dst
== size
);
143 static context_t
*CRL_clone(context_t
*context
, WINECRYPT_CERTSTORE
*store
, BOOL use_link
)
148 if (!(dst
= (crl_t
*)Context_CreateLinkContext(sizeof(CRL_CONTEXT
), context
, store
)))
151 const crl_t
*src
= (const crl_t
*)context
;
153 if (!(dst
= (crl_t
*)Context_CreateDataContext(sizeof(CRL_CONTEXT
), &crl_vtbl
, store
)))
156 Context_CopyProperties(&dst
->ctx
, &src
->ctx
);
158 dst
->ctx
.dwCertEncodingType
= src
->ctx
.dwCertEncodingType
;
159 dst
->ctx
.pbCrlEncoded
= CryptMemAlloc(src
->ctx
.cbCrlEncoded
);
160 memcpy(dst
->ctx
.pbCrlEncoded
, src
->ctx
.pbCrlEncoded
, src
->ctx
.cbCrlEncoded
);
161 dst
->ctx
.cbCrlEncoded
= src
->ctx
.cbCrlEncoded
;
163 if (!(dst
->ctx
.pCrlInfo
= clone_crl_info(src
->ctx
.pCrlInfo
)))
165 CertFreeCRLContext(&dst
->ctx
);
170 dst
->ctx
.hCertStore
= store
;
174 static const context_vtbl_t crl_vtbl
= {
179 PCCRL_CONTEXT WINAPI
CertCreateCRLContext(DWORD dwCertEncodingType
,
180 const BYTE
* pbCrlEncoded
, DWORD cbCrlEncoded
)
184 PCRL_INFO crlInfo
= NULL
;
188 TRACE("(%08x, %p, %d)\n", dwCertEncodingType
, pbCrlEncoded
,
191 if ((dwCertEncodingType
& CERT_ENCODING_TYPE_MASK
) != X509_ASN_ENCODING
)
193 SetLastError(E_INVALIDARG
);
196 ret
= CryptDecodeObjectEx(dwCertEncodingType
, X509_CERT_CRL_TO_BE_SIGNED
,
197 pbCrlEncoded
, cbCrlEncoded
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
202 crl
= (crl_t
*)Context_CreateDataContext(sizeof(CRL_CONTEXT
), &crl_vtbl
, &empty_store
);
206 data
= CryptMemAlloc(cbCrlEncoded
);
209 Context_Release(&crl
->base
);
213 memcpy(data
, pbCrlEncoded
, cbCrlEncoded
);
214 crl
->ctx
.dwCertEncodingType
= dwCertEncodingType
;
215 crl
->ctx
.pbCrlEncoded
= data
;
216 crl
->ctx
.cbCrlEncoded
= cbCrlEncoded
;
217 crl
->ctx
.pCrlInfo
= crlInfo
;
218 crl
->ctx
.hCertStore
= &empty_store
;
223 BOOL WINAPI
CertAddEncodedCRLToStore(HCERTSTORE hCertStore
,
224 DWORD dwCertEncodingType
, const BYTE
*pbCrlEncoded
, DWORD cbCrlEncoded
,
225 DWORD dwAddDisposition
, PCCRL_CONTEXT
*ppCrlContext
)
227 PCCRL_CONTEXT crl
= CertCreateCRLContext(dwCertEncodingType
,
228 pbCrlEncoded
, cbCrlEncoded
);
231 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore
, dwCertEncodingType
,
232 pbCrlEncoded
, cbCrlEncoded
, dwAddDisposition
, ppCrlContext
);
236 ret
= CertAddCRLContextToStore(hCertStore
, crl
, dwAddDisposition
,
238 CertFreeCRLContext(crl
);
245 typedef BOOL (*CrlCompareFunc
)(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
246 DWORD dwFlags
, const void *pvPara
);
248 static BOOL
compare_crl_any(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
249 DWORD dwFlags
, const void *pvPara
)
254 static BOOL
compare_crl_issued_by(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
255 DWORD dwFlags
, const void *pvPara
)
261 PCCERT_CONTEXT issuer
= pvPara
;
263 ret
= CertCompareCertificateName(issuer
->dwCertEncodingType
,
264 &issuer
->pCertInfo
->Subject
, &pCrlContext
->pCrlInfo
->Issuer
);
265 if (ret
&& (dwFlags
& CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
))
266 ret
= CryptVerifyCertificateSignatureEx(0,
267 issuer
->dwCertEncodingType
,
268 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL
, (void *)pCrlContext
,
269 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
, (void *)issuer
, 0, NULL
);
270 if (ret
&& (dwFlags
& CRL_FIND_ISSUED_BY_AKI_FLAG
))
272 PCERT_EXTENSION ext
= CertFindExtension(
273 szOID_AUTHORITY_KEY_IDENTIFIER2
, pCrlContext
->pCrlInfo
->cExtension
,
274 pCrlContext
->pCrlInfo
->rgExtension
);
278 CERT_AUTHORITY_KEY_ID2_INFO
*info
;
281 if ((ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
,
282 X509_AUTHORITY_KEY_ID2
, ext
->Value
.pbData
, ext
->Value
.cbData
,
283 CRYPT_DECODE_ALLOC_FLAG
, NULL
, &info
, &size
)))
285 if (info
->AuthorityCertIssuer
.cAltEntry
&&
286 info
->AuthorityCertSerialNumber
.cbData
)
288 PCERT_ALT_NAME_ENTRY directoryName
= NULL
;
291 for (i
= 0; !directoryName
&&
292 i
< info
->AuthorityCertIssuer
.cAltEntry
; i
++)
293 if (info
->AuthorityCertIssuer
.rgAltEntry
[i
].
294 dwAltNameChoice
== CERT_ALT_NAME_DIRECTORY_NAME
)
296 &info
->AuthorityCertIssuer
.rgAltEntry
[i
];
299 ret
= CertCompareCertificateName(
300 issuer
->dwCertEncodingType
,
301 &issuer
->pCertInfo
->Subject
,
302 &directoryName
->u
.DirectoryName
);
304 ret
= CertCompareIntegerBlob(
305 &issuer
->pCertInfo
->SerialNumber
,
306 &info
->AuthorityCertSerialNumber
);
310 FIXME("no supported name type in authority key id2\n");
314 else if (info
->KeyId
.cbData
)
318 ret
= CertGetCertificateContextProperty(issuer
,
319 CERT_KEY_IDENTIFIER_PROP_ID
, NULL
, &size
);
320 if (ret
&& size
== info
->KeyId
.cbData
)
322 LPBYTE buf
= CryptMemAlloc(size
);
326 CertGetCertificateContextProperty(issuer
,
327 CERT_KEY_IDENTIFIER_PROP_ID
, buf
, &size
);
328 ret
= !memcmp(buf
, info
->KeyId
.pbData
, size
);
339 FIXME("unsupported value for AKI extension\n");
345 /* else: a CRL without an AKI matches any cert */
353 static BOOL
compare_crl_existing(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
354 DWORD dwFlags
, const void *pvPara
)
360 PCCRL_CONTEXT crl
= pvPara
;
362 ret
= CertCompareCertificateName(pCrlContext
->dwCertEncodingType
,
363 &pCrlContext
->pCrlInfo
->Issuer
, &crl
->pCrlInfo
->Issuer
);
370 static BOOL
compare_crl_issued_for(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
371 DWORD dwFlags
, const void *pvPara
)
373 const CRL_FIND_ISSUED_FOR_PARA
*para
= pvPara
;
376 ret
= CertCompareCertificateName(para
->pIssuerCert
->dwCertEncodingType
,
377 ¶
->pIssuerCert
->pCertInfo
->Issuer
, &pCrlContext
->pCrlInfo
->Issuer
);
381 PCCRL_CONTEXT WINAPI
CertFindCRLInStore(HCERTSTORE hCertStore
,
382 DWORD dwCertEncodingType
, DWORD dwFindFlags
, DWORD dwFindType
,
383 const void *pvFindPara
, PCCRL_CONTEXT pPrevCrlContext
)
386 CrlCompareFunc compare
;
388 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore
, dwCertEncodingType
,
389 dwFindFlags
, dwFindType
, pvFindPara
, pPrevCrlContext
);
394 compare
= compare_crl_any
;
396 case CRL_FIND_ISSUED_BY
:
397 compare
= compare_crl_issued_by
;
399 case CRL_FIND_EXISTING
:
400 compare
= compare_crl_existing
;
402 case CRL_FIND_ISSUED_FOR
:
403 compare
= compare_crl_issued_for
;
406 FIXME("find type %08x unimplemented\n", dwFindType
);
412 BOOL matches
= FALSE
;
414 ret
= pPrevCrlContext
;
416 ret
= CertEnumCRLsInStore(hCertStore
, ret
);
418 matches
= compare(ret
, dwFindType
, dwFindFlags
, pvFindPara
);
419 } while (ret
!= NULL
&& !matches
);
421 SetLastError(CRYPT_E_NOT_FOUND
);
425 SetLastError(CRYPT_E_NOT_FOUND
);
431 PCCRL_CONTEXT WINAPI
CertGetCRLFromStore(HCERTSTORE hCertStore
,
432 PCCERT_CONTEXT pIssuerContext
, PCCRL_CONTEXT pPrevCrlContext
, DWORD
*pdwFlags
)
434 static const DWORD supportedFlags
= CERT_STORE_SIGNATURE_FLAG
|
435 CERT_STORE_TIME_VALIDITY_FLAG
| CERT_STORE_BASE_CRL_FLAG
|
436 CERT_STORE_DELTA_CRL_FLAG
;
439 TRACE("(%p, %p, %p, %08x)\n", hCertStore
, pIssuerContext
, pPrevCrlContext
,
442 if (*pdwFlags
& ~supportedFlags
)
444 SetLastError(E_INVALIDARG
);
448 ret
= CertFindCRLInStore(hCertStore
, pIssuerContext
->dwCertEncodingType
,
449 0, CRL_FIND_ISSUED_BY
, pIssuerContext
, pPrevCrlContext
);
451 ret
= CertFindCRLInStore(hCertStore
, 0, 0, CRL_FIND_ANY
, NULL
,
455 if (*pdwFlags
& CERT_STORE_TIME_VALIDITY_FLAG
)
457 if (0 == CertVerifyCRLTimeValidity(NULL
, ret
->pCrlInfo
))
458 *pdwFlags
&= ~CERT_STORE_TIME_VALIDITY_FLAG
;
460 if (*pdwFlags
& CERT_STORE_SIGNATURE_FLAG
)
462 if (CryptVerifyCertificateSignatureEx(0, ret
->dwCertEncodingType
,
463 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL
, (void *)ret
,
464 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
, (void *)pIssuerContext
, 0,
466 *pdwFlags
&= ~CERT_STORE_SIGNATURE_FLAG
;
472 PCCRL_CONTEXT WINAPI
CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext
)
474 TRACE("(%p)\n", pCrlContext
);
476 Context_AddRef(&crl_from_ptr(pCrlContext
)->base
);
480 BOOL WINAPI
CertFreeCRLContext(PCCRL_CONTEXT pCrlContext
)
482 TRACE("(%p)\n", pCrlContext
);
485 Context_Release(&crl_from_ptr(pCrlContext
)->base
);
489 DWORD WINAPI
CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext
,
492 TRACE("(%p, %d)\n", pCRLContext
, dwPropId
);
494 return ContextPropertyList_EnumPropIDs(crl_from_ptr(pCRLContext
)->base
.properties
, dwPropId
);
497 static BOOL
CRLContext_SetProperty(crl_t
*crl
, DWORD dwPropId
,
498 DWORD dwFlags
, const void *pvData
);
500 static BOOL
CRLContext_GetHashProp(crl_t
*crl
, DWORD dwPropId
,
501 ALG_ID algID
, const BYTE
*toHash
, DWORD toHashLen
, void *pvData
,
504 BOOL ret
= CryptHashCertificate(0, algID
, 0, toHash
, toHashLen
, pvData
,
508 CRYPT_DATA_BLOB blob
= { *pcbData
, pvData
};
510 ret
= CRLContext_SetProperty(crl
, dwPropId
, 0, &blob
);
515 static BOOL
CRLContext_GetProperty(crl_t
*crl
, DWORD dwPropId
,
516 void *pvData
, DWORD
*pcbData
)
519 CRYPT_DATA_BLOB blob
;
521 TRACE("(%p, %d, %p, %p)\n", crl
, dwPropId
, pvData
, pcbData
);
523 if (crl
->base
.properties
)
524 ret
= ContextPropertyList_FindProperty(crl
->base
.properties
, dwPropId
, &blob
);
530 *pcbData
= blob
.cbData
;
531 else if (*pcbData
< blob
.cbData
)
533 SetLastError(ERROR_MORE_DATA
);
534 *pcbData
= blob
.cbData
;
539 memcpy(pvData
, blob
.pbData
, blob
.cbData
);
540 *pcbData
= blob
.cbData
;
545 /* Implicit properties */
548 case CERT_SHA1_HASH_PROP_ID
:
549 ret
= CRLContext_GetHashProp(crl
, dwPropId
, CALG_SHA1
,
550 crl
->ctx
.pbCrlEncoded
, crl
->ctx
.cbCrlEncoded
, pvData
,
553 case CERT_MD5_HASH_PROP_ID
:
554 ret
= CRLContext_GetHashProp(crl
, dwPropId
, CALG_MD5
,
555 crl
->ctx
.pbCrlEncoded
, crl
->ctx
.cbCrlEncoded
, pvData
,
559 SetLastError(CRYPT_E_NOT_FOUND
);
562 TRACE("returning %d\n", ret
);
566 BOOL WINAPI
CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext
,
567 DWORD dwPropId
, void *pvData
, DWORD
*pcbData
)
571 TRACE("(%p, %d, %p, %p)\n", pCRLContext
, dwPropId
, pvData
, pcbData
);
576 case CERT_CERT_PROP_ID
:
577 case CERT_CRL_PROP_ID
:
578 case CERT_CTL_PROP_ID
:
579 SetLastError(E_INVALIDARG
);
582 case CERT_ACCESS_STATE_PROP_ID
:
585 *pcbData
= sizeof(DWORD
);
588 else if (*pcbData
< sizeof(DWORD
))
590 SetLastError(ERROR_MORE_DATA
);
591 *pcbData
= sizeof(DWORD
);
596 ret
= CertGetStoreProperty(pCRLContext
->hCertStore
, dwPropId
, pvData
, pcbData
);
600 ret
= CRLContext_GetProperty(crl_from_ptr(pCRLContext
), dwPropId
, pvData
, pcbData
);
605 static BOOL
CRLContext_SetProperty(crl_t
*crl
, DWORD dwPropId
,
606 DWORD dwFlags
, const void *pvData
)
610 TRACE("(%p, %d, %08x, %p)\n", crl
, dwPropId
, dwFlags
, pvData
);
612 if (!crl
->base
.properties
)
616 ContextPropertyList_RemoveProperty(crl
->base
.properties
, dwPropId
);
623 case CERT_AUTO_ENROLL_PROP_ID
:
624 case CERT_CTL_USAGE_PROP_ID
: /* same as CERT_ENHKEY_USAGE_PROP_ID */
625 case CERT_DESCRIPTION_PROP_ID
:
626 case CERT_FRIENDLY_NAME_PROP_ID
:
627 case CERT_HASH_PROP_ID
:
628 case CERT_KEY_IDENTIFIER_PROP_ID
:
629 case CERT_MD5_HASH_PROP_ID
:
630 case CERT_NEXT_UPDATE_LOCATION_PROP_ID
:
631 case CERT_PUBKEY_ALG_PARA_PROP_ID
:
632 case CERT_PVK_FILE_PROP_ID
:
633 case CERT_SIGNATURE_HASH_PROP_ID
:
634 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID
:
635 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID
:
636 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID
:
637 case CERT_ENROLLMENT_PROP_ID
:
638 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID
:
639 case CERT_RENEWAL_PROP_ID
:
641 PCRYPT_DATA_BLOB blob
= (PCRYPT_DATA_BLOB
)pvData
;
643 ret
= ContextPropertyList_SetProperty(crl
->base
.properties
, dwPropId
,
644 blob
->pbData
, blob
->cbData
);
647 case CERT_DATE_STAMP_PROP_ID
:
648 ret
= ContextPropertyList_SetProperty(crl
->base
.properties
, dwPropId
,
649 pvData
, sizeof(FILETIME
));
652 FIXME("%d: stub\n", dwPropId
);
656 TRACE("returning %d\n", ret
);
660 BOOL WINAPI
CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext
,
661 DWORD dwPropId
, DWORD dwFlags
, const void *pvData
)
665 TRACE("(%p, %d, %08x, %p)\n", pCRLContext
, dwPropId
, dwFlags
, pvData
);
667 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
668 * crashes on most of these, I'll be safer.
673 case CERT_ACCESS_STATE_PROP_ID
:
674 case CERT_CERT_PROP_ID
:
675 case CERT_CRL_PROP_ID
:
676 case CERT_CTL_PROP_ID
:
677 SetLastError(E_INVALIDARG
);
680 ret
= CRLContext_SetProperty(crl_from_ptr(pCRLContext
), dwPropId
, dwFlags
, pvData
);
681 TRACE("returning %d\n", ret
);
685 static BOOL
compare_dist_point_name(const CRL_DIST_POINT_NAME
*name1
,
686 const CRL_DIST_POINT_NAME
*name2
)
690 if (name1
->dwDistPointNameChoice
== name2
->dwDistPointNameChoice
)
693 if (name1
->dwDistPointNameChoice
== CRL_DIST_POINT_FULL_NAME
)
695 if (name1
->u
.FullName
.cAltEntry
== name2
->u
.FullName
.cAltEntry
)
699 for (i
= 0; match
&& i
< name1
->u
.FullName
.cAltEntry
; i
++)
701 const CERT_ALT_NAME_ENTRY
*entry1
=
702 &name1
->u
.FullName
.rgAltEntry
[i
];
703 const CERT_ALT_NAME_ENTRY
*entry2
=
704 &name2
->u
.FullName
.rgAltEntry
[i
];
706 if (entry1
->dwAltNameChoice
== entry2
->dwAltNameChoice
)
708 switch (entry1
->dwAltNameChoice
)
710 case CERT_ALT_NAME_URL
:
711 match
= !wcsicmp(entry1
->u
.pwszURL
,
714 case CERT_ALT_NAME_DIRECTORY_NAME
:
715 match
= (entry1
->u
.DirectoryName
.cbData
==
716 entry2
->u
.DirectoryName
.cbData
) &&
717 !memcmp(entry1
->u
.DirectoryName
.pbData
,
718 entry2
->u
.DirectoryName
.pbData
,
719 entry1
->u
.DirectoryName
.cbData
);
722 FIXME("unimplemented for type %d\n",
723 entry1
->dwAltNameChoice
);
740 static BOOL
match_dist_point_with_issuing_dist_point(
741 const CRL_DIST_POINT
*distPoint
, const CRL_ISSUING_DIST_POINT
*idp
)
745 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
746 * CRL distribution points by reasons, it doesn't preclude doing so.
747 * "This profile RECOMMENDS against segmenting CRLs by reason code."
748 * If the issuing distribution point for this CRL is only valid for
749 * some reasons, only match if the reasons covered also match the
750 * reasons in the CRL distribution point.
752 if (idp
->OnlySomeReasonFlags
.cbData
)
754 if (idp
->OnlySomeReasonFlags
.cbData
== distPoint
->ReasonFlags
.cbData
)
759 for (i
= 0; match
&& i
< distPoint
->ReasonFlags
.cbData
; i
++)
760 if (idp
->OnlySomeReasonFlags
.pbData
[i
] !=
761 distPoint
->ReasonFlags
.pbData
[i
])
770 match
= compare_dist_point_name(&idp
->DistPointName
,
771 &distPoint
->DistPointName
);
775 BOOL WINAPI
CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert
,
776 PCCRL_CONTEXT pCrl
, DWORD dwFlags
, void *pvReserved
)
781 TRACE("(%p, %p, %08x, %p)\n", pCert
, pCrl
, dwFlags
, pvReserved
);
786 if ((ext
= CertFindExtension(szOID_ISSUING_DIST_POINT
,
787 pCrl
->pCrlInfo
->cExtension
, pCrl
->pCrlInfo
->rgExtension
)))
789 CRL_ISSUING_DIST_POINT
*idp
;
792 if ((ret
= CryptDecodeObjectEx(pCrl
->dwCertEncodingType
,
793 X509_ISSUING_DIST_POINT
, ext
->Value
.pbData
, ext
->Value
.cbData
,
794 CRYPT_DECODE_ALLOC_FLAG
, NULL
, &idp
, &size
)))
796 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
797 pCert
->pCertInfo
->cExtension
, pCert
->pCertInfo
->rgExtension
)))
799 CRL_DIST_POINTS_INFO
*distPoints
;
801 if ((ret
= CryptDecodeObjectEx(pCert
->dwCertEncodingType
,
802 X509_CRL_DIST_POINTS
, ext
->Value
.pbData
, ext
->Value
.cbData
,
803 CRYPT_DECODE_ALLOC_FLAG
, NULL
, &distPoints
, &size
)))
808 for (i
= 0; !ret
&& i
< distPoints
->cDistPoint
; i
++)
809 ret
= match_dist_point_with_issuing_dist_point(
810 &distPoints
->rgDistPoint
[i
], idp
);
812 SetLastError(CRYPT_E_NO_MATCH
);
813 LocalFree(distPoints
);
818 /* no CRL dist points extension in cert, can't match the CRL
819 * (which has an issuing dist point extension)
822 SetLastError(CRYPT_E_NO_MATCH
);
832 static PCRL_ENTRY
CRYPT_FindCertificateInCRL(PCERT_INFO cert
, const CRL_INFO
*crl
)
835 PCRL_ENTRY entry
= NULL
;
837 for (i
= 0; !entry
&& i
< crl
->cCRLEntry
; i
++)
838 if (CertCompareIntegerBlob(&crl
->rgCRLEntry
[i
].SerialNumber
,
839 &cert
->SerialNumber
))
840 entry
= &crl
->rgCRLEntry
[i
];
844 BOOL WINAPI
CertFindCertificateInCRL(PCCERT_CONTEXT pCert
,
845 PCCRL_CONTEXT pCrlContext
, DWORD dwFlags
, void *pvReserved
,
846 PCRL_ENTRY
*ppCrlEntry
)
848 TRACE("(%p, %p, %08x, %p, %p)\n", pCert
, pCrlContext
, dwFlags
, pvReserved
,
851 *ppCrlEntry
= CRYPT_FindCertificateInCRL(pCert
->pCertInfo
,
852 pCrlContext
->pCrlInfo
);
856 BOOL WINAPI
CertVerifyCRLRevocation(DWORD dwCertEncodingType
,
857 PCERT_INFO pCertId
, DWORD cCrlInfo
, PCRL_INFO rgpCrlInfo
[])
860 PCRL_ENTRY entry
= NULL
;
862 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType
, pCertId
, cCrlInfo
,
865 for (i
= 0; !entry
&& i
< cCrlInfo
; i
++)
866 entry
= CRYPT_FindCertificateInCRL(pCertId
, rgpCrlInfo
[i
]);
867 return entry
== NULL
;
870 LONG WINAPI
CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify
,
878 GetSystemTimeAsFileTime(&fileTime
);
879 pTimeToVerify
= &fileTime
;
881 if ((ret
= CompareFileTime(pTimeToVerify
, &pCrlInfo
->ThisUpdate
)) >= 0)
883 ret
= CompareFileTime(pTimeToVerify
, &pCrlInfo
->NextUpdate
);