search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: Store properties directly in link contexts and get rid of Context_GetProperties.
[wine.git] / dlls / crypt32 / crl.c
blob1fa8aa9f8464b44b15cc6f9e34c3cfd251e52921
1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #define NONAMELESSUNION
23 #include "windef.h"
24 #include "winbase.h"
25 #include "wincrypt.h"
26 #include "wine/debug.h"
27 #include "wine/unicode.h"
28 #include "crypt32_private.h"
29
30 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
31
32 static void CRL_free(context_t *context)
33 {
34 crl_t *crl = (crl_t*)context;
35
36 CryptMemFree(crl->ctx.pbCrlEncoded);
37 LocalFree(crl->ctx.pCrlInfo);
38 }
39
40 static context_t *CRL_clone(context_t *context, WINECRYPT_CERTSTORE *store, BOOL use_link)
41 {
42 crl_t *crl;
43
44 if(!use_link) {
45 FIXME("Only links supported\n");
46 return NULL;
47 }
48
49 crl = (crl_t*)Context_CreateLinkContext(sizeof(CRL_CONTEXT), context);
50 if(!crl)
51 return NULL;
52
53 crl->ctx.hCertStore = store;
54 return &crl->base;
55 }
56
57 static const context_vtbl_t crl_vtbl = {
58 CRL_free,
59 CRL_clone
60 };
61
62 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
63 const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
64 {
65 PCRL_CONTEXT crl = NULL;
66 BOOL ret;
67 PCRL_INFO crlInfo = NULL;
68 DWORD size = 0;
69
70 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
71 cbCrlEncoded);
72
73 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
74 {
75 SetLastError(E_INVALIDARG);
76 return NULL;
77 }
78 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
79 pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
80 &crlInfo, &size);
81 if (ret)
82 {
83 BYTE *data = NULL;
84
85 crl = Context_CreateDataContext(sizeof(CRL_CONTEXT), &crl_vtbl);
86 if (!crl)
87 goto end;
88 data = CryptMemAlloc(cbCrlEncoded);
89 if (!data)
90 {
91 CertFreeCRLContext(crl);
92 crl = NULL;
93 goto end;
94 }
95 memcpy(data, pbCrlEncoded, cbCrlEncoded);
96 crl->dwCertEncodingType = dwCertEncodingType;
97 crl->pbCrlEncoded = data;
98 crl->cbCrlEncoded = cbCrlEncoded;
99 crl->pCrlInfo = crlInfo;
100 crl->hCertStore = 0;
101 }
102
103 end:
104 return crl;
105 }
106
107 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
108 DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
109 DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
110 {
111 PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
112 pbCrlEncoded, cbCrlEncoded);
113 BOOL ret;
114
115 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
116 pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
117
118 if (crl)
119 {
120 ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
121 ppCrlContext);
122 CertFreeCRLContext(crl);
123 }
124 else
125 ret = FALSE;
126 return ret;
127 }
128
129 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
130 DWORD dwFlags, const void *pvPara);
131
132 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
133 DWORD dwFlags, const void *pvPara)
134 {
135 return TRUE;
136 }
137
138 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
139 DWORD dwFlags, const void *pvPara)
140 {
141 BOOL ret;
142
143 if (pvPara)
144 {
145 PCCERT_CONTEXT issuer = pvPara;
146
147 ret = CertCompareCertificateName(issuer->dwCertEncodingType,
148 &issuer->pCertInfo->Subject, &pCrlContext->pCrlInfo->Issuer);
149 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_SIGNATURE_FLAG))
150 ret = CryptVerifyCertificateSignatureEx(0,
151 issuer->dwCertEncodingType,
152 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
153 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
154 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
155 {
156 PCERT_EXTENSION ext = CertFindExtension(
157 szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
158 pCrlContext->pCrlInfo->rgExtension);
159
160 if (ext)
161 {
162 CERT_AUTHORITY_KEY_ID2_INFO *info;
163 DWORD size;
164
165 if ((ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
166 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
167 CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
168 {
169 if (info->AuthorityCertIssuer.cAltEntry &&
170 info->AuthorityCertSerialNumber.cbData)
171 {
172 PCERT_ALT_NAME_ENTRY directoryName = NULL;
173 DWORD i;
174
175 for (i = 0; !directoryName &&
176 i < info->AuthorityCertIssuer.cAltEntry; i++)
177 if (info->AuthorityCertIssuer.rgAltEntry[i].
178 dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
179 directoryName =
180 &info->AuthorityCertIssuer.rgAltEntry[i];
181 if (directoryName)
182 {
183 ret = CertCompareCertificateName(
184 issuer->dwCertEncodingType,
185 &issuer->pCertInfo->Subject,
186 &directoryName->u.DirectoryName);
187 if (ret)
188 ret = CertCompareIntegerBlob(
189 &issuer->pCertInfo->SerialNumber,
190 &info->AuthorityCertSerialNumber);
191 }
192 else
193 {
194 FIXME("no supported name type in authority key id2\n");
195 ret = FALSE;
196 }
197 }
198 else if (info->KeyId.cbData)
199 {
200 DWORD size;
201
202 ret = CertGetCertificateContextProperty(issuer,
203 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
204 if (ret && size == info->KeyId.cbData)
205 {
206 LPBYTE buf = CryptMemAlloc(size);
207
208 if (buf)
209 {
210 CertGetCertificateContextProperty(issuer,
211 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
212 ret = !memcmp(buf, info->KeyId.pbData, size);
213 CryptMemFree(buf);
214 }
215 else
216 ret = FALSE;
217 }
218 else
219 ret = FALSE;
220 }
221 else
222 {
223 FIXME("unsupported value for AKI extension\n");
224 ret = FALSE;
225 }
226 LocalFree(info);
227 }
228 }
229 /* else: a CRL without an AKI matches any cert */
230 }
231 }
232 else
233 ret = TRUE;
234 return ret;
235 }
236
237 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
238 DWORD dwFlags, const void *pvPara)
239 {
240 BOOL ret;
241
242 if (pvPara)
243 {
244 PCCRL_CONTEXT crl = pvPara;
245
246 ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
247 &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
248 }
249 else
250 ret = TRUE;
251 return ret;
252 }
253
254 static BOOL compare_crl_issued_for(PCCRL_CONTEXT pCrlContext, DWORD dwType,
255 DWORD dwFlags, const void *pvPara)
256 {
257 const CRL_FIND_ISSUED_FOR_PARA *para = pvPara;
258 BOOL ret;
259
260 ret = CertCompareCertificateName(para->pIssuerCert->dwCertEncodingType,
261 &para->pIssuerCert->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
262 return ret;
263 }
264
265 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
266 DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
267 const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
268 {
269 PCCRL_CONTEXT ret;
270 CrlCompareFunc compare;
271
272 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
273 dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
274
275 switch (dwFindType)
276 {
277 case CRL_FIND_ANY:
278 compare = compare_crl_any;
279 break;
280 case CRL_FIND_ISSUED_BY:
281 compare = compare_crl_issued_by;
282 break;
283 case CRL_FIND_EXISTING:
284 compare = compare_crl_existing;
285 break;
286 case CRL_FIND_ISSUED_FOR:
287 compare = compare_crl_issued_for;
288 break;
289 default:
290 FIXME("find type %08x unimplemented\n", dwFindType);
291 compare = NULL;
292 }
293
294 if (compare)
295 {
296 BOOL matches = FALSE;
297
298 ret = pPrevCrlContext;
299 do {
300 ret = CertEnumCRLsInStore(hCertStore, ret);
301 if (ret)
302 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
303 } while (ret != NULL && !matches);
304 if (!ret)
305 SetLastError(CRYPT_E_NOT_FOUND);
306 }
307 else
308 {
309 SetLastError(CRYPT_E_NOT_FOUND);
310 ret = NULL;
311 }
312 return ret;
313 }
314
315 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
316 PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
317 {
318 static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
319 CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
320 CERT_STORE_DELTA_CRL_FLAG;
321 PCCRL_CONTEXT ret;
322
323 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
324 *pdwFlags);
325
326 if (*pdwFlags & ~supportedFlags)
327 {
328 SetLastError(E_INVALIDARG);
329 return NULL;
330 }
331 if (pIssuerContext)
332 ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
333 0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
334 else
335 ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
336 pPrevCrlContext);
337 if (ret)
338 {
339 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
340 {
341 if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
342 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
343 }
344 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
345 {
346 if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
347 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
348 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
349 NULL))
350 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
351 }
352 }
353 return ret;
354 }
355
356 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
357 {
358 TRACE("(%p)\n", pCrlContext);
359 if (pCrlContext)
360 Context_AddRef(&crl_from_ptr(pCrlContext)->base);
361 return pCrlContext;
362 }
363
364 BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT pCrlContext)
365 {
366 BOOL ret = TRUE;
367
368 TRACE("(%p)\n", pCrlContext);
369
370 if (pCrlContext)
371 ret = Context_Release(&crl_from_ptr(pCrlContext)->base);
372 return ret;
373 }
374
375 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
376 DWORD dwPropId)
377 {
378 TRACE("(%p, %d)\n", pCRLContext, dwPropId);
379
380 return ContextPropertyList_EnumPropIDs(crl_from_ptr(pCRLContext)->base.properties, dwPropId);
381 }
382
383 static BOOL CRLContext_SetProperty(crl_t *crl, DWORD dwPropId,
384 DWORD dwFlags, const void *pvData);
385
386 static BOOL CRLContext_GetHashProp(crl_t *crl, DWORD dwPropId,
387 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
388 DWORD *pcbData)
389 {
390 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
391 pcbData);
392 if (ret && pvData)
393 {
394 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
395
396 ret = CRLContext_SetProperty(crl, dwPropId, 0, &blob);
397 }
398 return ret;
399 }
400
401 static BOOL CRLContext_GetProperty(crl_t *crl, DWORD dwPropId,
402 void *pvData, DWORD *pcbData)
403 {
404 BOOL ret;
405 CRYPT_DATA_BLOB blob;
406
407 TRACE("(%p, %d, %p, %p)\n", crl, dwPropId, pvData, pcbData);
408
409 if (crl->base.properties)
410 ret = ContextPropertyList_FindProperty(crl->base.properties, dwPropId, &blob);
411 else
412 ret = FALSE;
413 if (ret)
414 {
415 if (!pvData)
416 *pcbData = blob.cbData;
417 else if (*pcbData < blob.cbData)
418 {
419 SetLastError(ERROR_MORE_DATA);
420 *pcbData = blob.cbData;
421 ret = FALSE;
422 }
423 else
424 {
425 memcpy(pvData, blob.pbData, blob.cbData);
426 *pcbData = blob.cbData;
427 }
428 }
429 else
430 {
431 /* Implicit properties */
432 switch (dwPropId)
433 {
434 case CERT_SHA1_HASH_PROP_ID:
435 ret = CRLContext_GetHashProp(crl, dwPropId, CALG_SHA1,
436 crl->ctx.pbCrlEncoded, crl->ctx.cbCrlEncoded, pvData,
437 pcbData);
438 break;
439 case CERT_MD5_HASH_PROP_ID:
440 ret = CRLContext_GetHashProp(crl, dwPropId, CALG_MD5,
441 crl->ctx.pbCrlEncoded, crl->ctx.cbCrlEncoded, pvData,
442 pcbData);
443 break;
444 default:
445 SetLastError(CRYPT_E_NOT_FOUND);
446 }
447 }
448 TRACE("returning %d\n", ret);
449 return ret;
450 }
451
452 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
453 DWORD dwPropId, void *pvData, DWORD *pcbData)
454 {
455 BOOL ret;
456
457 TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
458
459 switch (dwPropId)
460 {
461 case 0:
462 case CERT_CERT_PROP_ID:
463 case CERT_CRL_PROP_ID:
464 case CERT_CTL_PROP_ID:
465 SetLastError(E_INVALIDARG);
466 ret = FALSE;
467 break;
468 case CERT_ACCESS_STATE_PROP_ID:
469 if (!pvData)
470 {
471 *pcbData = sizeof(DWORD);
472 ret = TRUE;
473 }
474 else if (*pcbData < sizeof(DWORD))
475 {
476 SetLastError(ERROR_MORE_DATA);
477 *pcbData = sizeof(DWORD);
478 ret = FALSE;
479 }
480 else
481 {
482 if (pCRLContext->hCertStore)
483 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
484 pvData, pcbData);
485 else
486 {
487 *(DWORD *)pvData = 0;
488 ret = TRUE;
489 }
490 }
491 break;
492 default:
493 ret = CRLContext_GetProperty(crl_from_ptr(pCRLContext), dwPropId, pvData, pcbData);
494 }
495 return ret;
496 }
497
498 static BOOL CRLContext_SetProperty(crl_t *crl, DWORD dwPropId,
499 DWORD dwFlags, const void *pvData)
500 {
501 BOOL ret;
502
503 TRACE("(%p, %d, %08x, %p)\n", crl, dwPropId, dwFlags, pvData);
504
505 if (!crl->base.properties)
506 ret = FALSE;
507 else if (!pvData)
508 {
509 ContextPropertyList_RemoveProperty(crl->base.properties, dwPropId);
510 ret = TRUE;
511 }
512 else
513 {
514 switch (dwPropId)
515 {
516 case CERT_AUTO_ENROLL_PROP_ID:
517 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
518 case CERT_DESCRIPTION_PROP_ID:
519 case CERT_FRIENDLY_NAME_PROP_ID:
520 case CERT_HASH_PROP_ID:
521 case CERT_KEY_IDENTIFIER_PROP_ID:
522 case CERT_MD5_HASH_PROP_ID:
523 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
524 case CERT_PUBKEY_ALG_PARA_PROP_ID:
525 case CERT_PVK_FILE_PROP_ID:
526 case CERT_SIGNATURE_HASH_PROP_ID:
527 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
528 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
529 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
530 case CERT_ENROLLMENT_PROP_ID:
531 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
532 case CERT_RENEWAL_PROP_ID:
533 {
534 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
535
536 ret = ContextPropertyList_SetProperty(crl->base.properties, dwPropId,
537 blob->pbData, blob->cbData);
538 break;
539 }
540 case CERT_DATE_STAMP_PROP_ID:
541 ret = ContextPropertyList_SetProperty(crl->base.properties, dwPropId,
542 pvData, sizeof(FILETIME));
543 break;
544 default:
545 FIXME("%d: stub\n", dwPropId);
546 ret = FALSE;
547 }
548 }
549 TRACE("returning %d\n", ret);
550 return ret;
551 }
552
553 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
554 DWORD dwPropId, DWORD dwFlags, const void *pvData)
555 {
556 BOOL ret;
557
558 TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
559
560 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
561 * crashes on most of these, I'll be safer.
562 */
563 switch (dwPropId)
564 {
565 case 0:
566 case CERT_ACCESS_STATE_PROP_ID:
567 case CERT_CERT_PROP_ID:
568 case CERT_CRL_PROP_ID:
569 case CERT_CTL_PROP_ID:
570 SetLastError(E_INVALIDARG);
571 return FALSE;
572 }
573 ret = CRLContext_SetProperty(crl_from_ptr(pCRLContext), dwPropId, dwFlags, pvData);
574 TRACE("returning %d\n", ret);
575 return ret;
576 }
577
578 static BOOL compare_dist_point_name(const CRL_DIST_POINT_NAME *name1,
579 const CRL_DIST_POINT_NAME *name2)
580 {
581 BOOL match;
582
583 if (name1->dwDistPointNameChoice == name2->dwDistPointNameChoice)
584 {
585 match = TRUE;
586 if (name1->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
587 {
588 if (name1->u.FullName.cAltEntry == name2->u.FullName.cAltEntry)
589 {
590 DWORD i;
591
592 for (i = 0; match && i < name1->u.FullName.cAltEntry; i++)
593 {
594 const CERT_ALT_NAME_ENTRY *entry1 =
595 &name1->u.FullName.rgAltEntry[i];
596 const CERT_ALT_NAME_ENTRY *entry2 =
597 &name2->u.FullName.rgAltEntry[i];
598
599 if (entry1->dwAltNameChoice == entry2->dwAltNameChoice)
600 {
601 switch (entry1->dwAltNameChoice)
602 {
603 case CERT_ALT_NAME_URL:
604 match = !strcmpiW(entry1->u.pwszURL,
605 entry2->u.pwszURL);
606 break;
607 case CERT_ALT_NAME_DIRECTORY_NAME:
608 match = (entry1->u.DirectoryName.cbData ==
609 entry2->u.DirectoryName.cbData) &&
610 !memcmp(entry1->u.DirectoryName.pbData,
611 entry2->u.DirectoryName.pbData,
612 entry1->u.DirectoryName.cbData);
613 break;
614 default:
615 FIXME("unimplemented for type %d\n",
616 entry1->dwAltNameChoice);
617 match = FALSE;
618 }
619 }
620 else
621 match = FALSE;
622 }
623 }
624 else
625 match = FALSE;
626 }
627 }
628 else
629 match = FALSE;
630 return match;
631 }
632
633 static BOOL match_dist_point_with_issuing_dist_point(
634 const CRL_DIST_POINT *distPoint, const CRL_ISSUING_DIST_POINT *idp)
635 {
636 BOOL match;
637
638 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
639 * CRL distribution points by reasons, it doesn't preclude doing so.
640 * "This profile RECOMMENDS against segmenting CRLs by reason code."
641 * If the issuing distribution point for this CRL is only valid for
642 * some reasons, only match if the reasons covered also match the
643 * reasons in the CRL distribution point.
644 */
645 if (idp->OnlySomeReasonFlags.cbData)
646 {
647 if (idp->OnlySomeReasonFlags.cbData == distPoint->ReasonFlags.cbData)
648 {
649 DWORD i;
650
651 match = TRUE;
652 for (i = 0; match && i < distPoint->ReasonFlags.cbData; i++)
653 if (idp->OnlySomeReasonFlags.pbData[i] !=
654 distPoint->ReasonFlags.pbData[i])
655 match = FALSE;
656 }
657 else
658 match = FALSE;
659 }
660 else
661 match = TRUE;
662 if (match)
663 match = compare_dist_point_name(&idp->DistPointName,
664 &distPoint->DistPointName);
665 return match;
666 }
667
668 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
669 PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
670 {
671 PCERT_EXTENSION ext;
672 BOOL ret;
673
674 TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
675
676 if (!pCert)
677 return TRUE;
678
679 if ((ext = CertFindExtension(szOID_ISSUING_DIST_POINT,
680 pCrl->pCrlInfo->cExtension, pCrl->pCrlInfo->rgExtension)))
681 {
682 CRL_ISSUING_DIST_POINT *idp;
683 DWORD size;
684
685 if ((ret = CryptDecodeObjectEx(pCrl->dwCertEncodingType,
686 X509_ISSUING_DIST_POINT, ext->Value.pbData, ext->Value.cbData,
687 CRYPT_DECODE_ALLOC_FLAG, NULL, &idp, &size)))
688 {
689 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
690 pCert->pCertInfo->cExtension, pCert->pCertInfo->rgExtension)))
691 {
692 CRL_DIST_POINTS_INFO *distPoints;
693
694 if ((ret = CryptDecodeObjectEx(pCert->dwCertEncodingType,
695 X509_CRL_DIST_POINTS, ext->Value.pbData, ext->Value.cbData,
696 CRYPT_DECODE_ALLOC_FLAG, NULL, &distPoints, &size)))
697 {
698 DWORD i;
699
700 ret = FALSE;
701 for (i = 0; !ret && i < distPoints->cDistPoint; i++)
702 ret = match_dist_point_with_issuing_dist_point(
703 &distPoints->rgDistPoint[i], idp);
704 if (!ret)
705 SetLastError(CRYPT_E_NO_MATCH);
706 LocalFree(distPoints);
707 }
708 }
709 else
710 {
711 /* no CRL dist points extension in cert, can't match the CRL
712 * (which has an issuing dist point extension)
713 */
714 ret = FALSE;
715 SetLastError(CRYPT_E_NO_MATCH);
716 }
717 LocalFree(idp);
718 }
719 }
720 else
721 ret = TRUE;
722 return ret;
723 }
724
725 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
726 {
727 DWORD i;
728 PCRL_ENTRY entry = NULL;
729
730 for (i = 0; !entry && i < crl->cCRLEntry; i++)
731 if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
732 &cert->SerialNumber))
733 entry = &crl->rgCRLEntry[i];
734 return entry;
735 }
736
737 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
738 PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
739 PCRL_ENTRY *ppCrlEntry)
740 {
741 TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
742 ppCrlEntry);
743
744 *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
745 pCrlContext->pCrlInfo);
746 return TRUE;
747 }
748
749 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
750 PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
751 {
752 DWORD i;
753 PCRL_ENTRY entry = NULL;
754
755 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
756 rgpCrlInfo);
757
758 for (i = 0; !entry && i < cCrlInfo; i++)
759 entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
760 return entry == NULL;
761 }
762
763 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
764 PCRL_INFO pCrlInfo)
765 {
766 FILETIME fileTime;
767 LONG ret;
768
769 if (!pTimeToVerify)
770 {
771 GetSystemTimeAsFileTime(&fileTime);
772 pTimeToVerify = &fileTime;
773 }
774 if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
775 {
776 ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
777 if (ret < 0)
778 ret = 0;
779 }
780 return ret;
781 }
Windows API implementation