search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
configure: Remove some unused but set variables (LLVM/Clang).
[wine.git] / dlls / crypt32 / object.c
blob2587c4d293c90d121168f17342aa871e27b3e805
1 /*
2 * crypt32 Crypt*Object functions
3 *
4 * Copyright 2007 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20 #include <stdarg.h>
21 #define NONAMELESSUNION
22 #include "windef.h"
23 #include "winbase.h"
24 #include "wincrypt.h"
25 #include "mssip.h"
26 #include "winuser.h"
27 #include "wintrust.h"
28 #include "crypt32_private.h"
29 #include "cryptres.h"
30 #include "wine/unicode.h"
31 #include "wine/debug.h"
32
33 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
34
35 static BOOL CRYPT_ReadBlobFromFile(LPCWSTR fileName, PCERT_BLOB blob)
36 {
37 BOOL ret = FALSE;
38 HANDLE file;
39
40 TRACE("%s\n", debugstr_w(fileName));
41
42 file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
43 OPEN_EXISTING, 0, NULL);
44 if (file != INVALID_HANDLE_VALUE)
45 {
46 ret = TRUE;
47 blob->cbData = GetFileSize(file, NULL);
48 if (blob->cbData)
49 {
50 blob->pbData = CryptMemAlloc(blob->cbData);
51 if (blob->pbData)
52 {
53 DWORD read;
54
55 ret = ReadFile(file, blob->pbData, blob->cbData, &read, NULL);
56 }
57 }
58 CloseHandle(file);
59 }
60 TRACE("returning %d\n", ret);
61 return ret;
62 }
63
64 static BOOL CRYPT_QueryContextBlob(const CERT_BLOB *blob,
65 DWORD dwExpectedContentTypeFlags, HCERTSTORE store,
66 DWORD *contentType, const void **ppvContext)
67 {
68 BOOL ret = FALSE;
69
70 if (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CERT)
71 {
72 ret = pCertInterface->addEncodedToStore(store, X509_ASN_ENCODING,
73 blob->pbData, blob->cbData, CERT_STORE_ADD_ALWAYS, ppvContext);
74 if (ret && contentType)
75 *contentType = CERT_QUERY_CONTENT_CERT;
76 }
77 if (!ret && (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CRL))
78 {
79 ret = pCRLInterface->addEncodedToStore(store, X509_ASN_ENCODING,
80 blob->pbData, blob->cbData, CERT_STORE_ADD_ALWAYS, ppvContext);
81 if (ret && contentType)
82 *contentType = CERT_QUERY_CONTENT_CRL;
83 }
84 if (!ret && (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CTL))
85 {
86 ret = pCTLInterface->addEncodedToStore(store, X509_ASN_ENCODING,
87 blob->pbData, blob->cbData, CERT_STORE_ADD_ALWAYS, ppvContext);
88 if (ret && contentType)
89 *contentType = CERT_QUERY_CONTENT_CTL;
90 }
91 return ret;
92 }
93
94 static BOOL CRYPT_QueryContextObject(DWORD dwObjectType, const void *pvObject,
95 DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags,
96 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType,
97 HCERTSTORE *phCertStore, const void **ppvContext)
98 {
99 CERT_BLOB fileBlob;
100 const CERT_BLOB *blob;
101 HCERTSTORE store;
102 BOOL ret;
103 DWORD formatType = 0;
104
105 switch (dwObjectType)
106 {
107 case CERT_QUERY_OBJECT_FILE:
108 /* Cert, CRL, and CTL contexts can't be "embedded" in a file, so
109 * just read the file directly
110 */
111 ret = CRYPT_ReadBlobFromFile(pvObject, &fileBlob);
112 blob = &fileBlob;
113 break;
114 case CERT_QUERY_OBJECT_BLOB:
115 blob = pvObject;
116 ret = TRUE;
117 break;
118 default:
119 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
120 ret = FALSE;
121 }
122 if (!ret)
123 return FALSE;
124
125 ret = FALSE;
126 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
127 CERT_STORE_CREATE_NEW_FLAG, NULL);
128 if (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BINARY)
129 {
130 ret = CRYPT_QueryContextBlob(blob, dwExpectedContentTypeFlags, store,
131 pdwContentType, ppvContext);
132 if (ret)
133 formatType = CERT_QUERY_FORMAT_BINARY;
134 }
135 if (!ret &&
136 (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED))
137 {
138 CRYPT_DATA_BLOB trimmed = { blob->cbData, blob->pbData };
139 CRYPT_DATA_BLOB decoded;
140
141 while (trimmed.cbData && !trimmed.pbData[trimmed.cbData - 1])
142 trimmed.cbData--;
143 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData, trimmed.cbData,
144 CRYPT_STRING_BASE64_ANY, NULL, &decoded.cbData, NULL, NULL);
145 if (ret)
146 {
147 decoded.pbData = CryptMemAlloc(decoded.cbData);
148 if (decoded.pbData)
149 {
150 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData,
151 trimmed.cbData, CRYPT_STRING_BASE64_ANY, decoded.pbData,
152 &decoded.cbData, NULL, NULL);
153 if (ret)
154 {
155 ret = CRYPT_QueryContextBlob(&decoded,
156 dwExpectedContentTypeFlags, store, pdwContentType,
157 ppvContext);
158 if (ret)
159 formatType = CERT_QUERY_FORMAT_BASE64_ENCODED;
160 }
161 CryptMemFree(decoded.pbData);
162 }
163 else
164 ret = FALSE;
165 }
166 }
167 if (ret)
168 {
169 if (pdwMsgAndCertEncodingType)
170 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
171 if (pdwFormatType)
172 *pdwFormatType = formatType;
173 if (phCertStore)
174 *phCertStore = CertDuplicateStore(store);
175 }
176 CertCloseStore(store, 0);
177 if (blob == &fileBlob)
178 CryptMemFree(blob->pbData);
179 TRACE("returning %d\n", ret);
180 return ret;
181 }
182
183 static BOOL CRYPT_QuerySerializedContextObject(DWORD dwObjectType,
184 const void *pvObject, DWORD dwExpectedContentTypeFlags,
185 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
186 HCERTSTORE *phCertStore, const void **ppvContext)
187 {
188 CERT_BLOB fileBlob;
189 const CERT_BLOB *blob;
190 const WINE_CONTEXT_INTERFACE *contextInterface = NULL;
191 const void *context;
192 DWORD contextType;
193 BOOL ret;
194
195 switch (dwObjectType)
196 {
197 case CERT_QUERY_OBJECT_FILE:
198 /* Cert, CRL, and CTL contexts can't be "embedded" in a file, so
199 * just read the file directly
200 */
201 ret = CRYPT_ReadBlobFromFile(pvObject, &fileBlob);
202 blob = &fileBlob;
203 break;
204 case CERT_QUERY_OBJECT_BLOB:
205 blob = pvObject;
206 ret = TRUE;
207 break;
208 default:
209 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
210 ret = FALSE;
211 }
212 if (!ret)
213 return FALSE;
214
215 ret = FALSE;
216 context = CRYPT_ReadSerializedElement(blob->pbData, blob->cbData,
217 CERT_STORE_ALL_CONTEXT_FLAG, &contextType);
218 if (context)
219 {
220 DWORD contentType, certStoreOffset;
221
222 ret = TRUE;
223 switch (contextType)
224 {
225 case CERT_STORE_CERTIFICATE_CONTEXT:
226 contextInterface = pCertInterface;
227 contentType = CERT_QUERY_CONTENT_SERIALIZED_CERT;
228 certStoreOffset = offsetof(CERT_CONTEXT, hCertStore);
229 if (!(dwExpectedContentTypeFlags &
230 CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT))
231 {
232 SetLastError(ERROR_INVALID_DATA);
233 ret = FALSE;
234 goto end;
235 }
236 break;
237 case CERT_STORE_CRL_CONTEXT:
238 contextInterface = pCRLInterface;
239 contentType = CERT_QUERY_CONTENT_SERIALIZED_CRL;
240 certStoreOffset = offsetof(CRL_CONTEXT, hCertStore);
241 if (!(dwExpectedContentTypeFlags &
242 CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL))
243 {
244 SetLastError(ERROR_INVALID_DATA);
245 ret = FALSE;
246 goto end;
247 }
248 break;
249 case CERT_STORE_CTL_CONTEXT:
250 contextInterface = pCTLInterface;
251 contentType = CERT_QUERY_CONTENT_SERIALIZED_CTL;
252 certStoreOffset = offsetof(CTL_CONTEXT, hCertStore);
253 if (!(dwExpectedContentTypeFlags &
254 CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL))
255 {
256 SetLastError(ERROR_INVALID_DATA);
257 ret = FALSE;
258 goto end;
259 }
260 break;
261 default:
262 SetLastError(ERROR_INVALID_DATA);
263 ret = FALSE;
264 goto end;
265 }
266 if (pdwMsgAndCertEncodingType)
267 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
268 if (pdwContentType)
269 *pdwContentType = contentType;
270 if (phCertStore)
271 *phCertStore = CertDuplicateStore(
272 *(HCERTSTORE *)((const BYTE *)context + certStoreOffset));
273 if (ppvContext)
274 *ppvContext = contextInterface->duplicate(context);
275 }
276
277 end:
278 if (contextInterface && context)
279 contextInterface->free(context);
280 if (blob == &fileBlob)
281 CryptMemFree(blob->pbData);
282 TRACE("returning %d\n", ret);
283 return ret;
284 }
285
286 static BOOL CRYPT_QuerySerializedStoreFromFile(LPCWSTR fileName,
287 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
288 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
289 {
290 HANDLE file;
291 BOOL ret = FALSE;
292
293 TRACE("%s\n", debugstr_w(fileName));
294 file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
295 OPEN_EXISTING, 0, NULL);
296 if (file != INVALID_HANDLE_VALUE)
297 {
298 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
299 CERT_STORE_CREATE_NEW_FLAG, NULL);
300
301 ret = CRYPT_ReadSerializedStoreFromFile(file, store);
302 if (ret)
303 {
304 if (pdwMsgAndCertEncodingType)
305 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
306 if (pdwContentType)
307 *pdwContentType = CERT_QUERY_CONTENT_SERIALIZED_STORE;
308 if (phCertStore)
309 *phCertStore = CertDuplicateStore(store);
310 }
311 CertCloseStore(store, 0);
312 CloseHandle(file);
313 }
314 TRACE("returning %d\n", ret);
315 return ret;
316 }
317
318 static BOOL CRYPT_QuerySerializedStoreFromBlob(const CRYPT_DATA_BLOB *blob,
319 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
320 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
321 {
322 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
323 CERT_STORE_CREATE_NEW_FLAG, NULL);
324 BOOL ret;
325
326 TRACE("(%d, %p)\n", blob->cbData, blob->pbData);
327
328 ret = CRYPT_ReadSerializedStoreFromBlob(blob, store);
329 if (ret)
330 {
331 if (pdwMsgAndCertEncodingType)
332 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
333 if (pdwContentType)
334 *pdwContentType = CERT_QUERY_CONTENT_SERIALIZED_STORE;
335 if (phCertStore)
336 *phCertStore = CertDuplicateStore(store);
337 }
338 CertCloseStore(store, 0);
339 TRACE("returning %d\n", ret);
340 return ret;
341 }
342
343 static BOOL CRYPT_QuerySerializedStoreObject(DWORD dwObjectType,
344 const void *pvObject, DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
345 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
346 {
347 switch (dwObjectType)
348 {
349 case CERT_QUERY_OBJECT_FILE:
350 return CRYPT_QuerySerializedStoreFromFile(pvObject,
351 pdwMsgAndCertEncodingType, pdwContentType, phCertStore, phMsg);
352 case CERT_QUERY_OBJECT_BLOB:
353 return CRYPT_QuerySerializedStoreFromBlob(pvObject,
354 pdwMsgAndCertEncodingType, pdwContentType, phCertStore, phMsg);
355 default:
356 FIXME("unimplemented for type %d\n", dwObjectType);
357 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
358 return FALSE;
359 }
360 }
361
362 static BOOL CRYPT_QuerySignedMessage(const CRYPT_DATA_BLOB *blob,
363 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, HCRYPTMSG *phMsg)
364 {
365 DWORD encodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
366 BOOL ret = FALSE;
367 HCRYPTMSG msg;
368
369 if ((msg = CryptMsgOpenToDecode(encodingType, 0, 0, 0, NULL, NULL)))
370 {
371 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
372 if (ret)
373 {
374 DWORD type, len = sizeof(type);
375
376 ret = CryptMsgGetParam(msg, CMSG_TYPE_PARAM, 0, &type, &len);
377 if (ret)
378 {
379 if (type != CMSG_SIGNED)
380 {
381 SetLastError(ERROR_INVALID_DATA);
382 ret = FALSE;
383 }
384 }
385 }
386 if (!ret)
387 {
388 CryptMsgClose(msg);
389 msg = CryptMsgOpenToDecode(encodingType, 0, CMSG_SIGNED, 0, NULL,
390 NULL);
391 if (msg)
392 {
393 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
394 if (!ret)
395 {
396 CryptMsgClose(msg);
397 msg = NULL;
398 }
399 }
400 }
401 }
402 if (ret)
403 {
404 if (pdwMsgAndCertEncodingType)
405 *pdwMsgAndCertEncodingType = encodingType;
406 if (pdwContentType)
407 *pdwContentType = CERT_QUERY_CONTENT_PKCS7_SIGNED;
408 if (phMsg)
409 *phMsg = msg;
410 }
411 return ret;
412 }
413
414 static BOOL CRYPT_QueryUnsignedMessage(const CRYPT_DATA_BLOB *blob,
415 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, HCRYPTMSG *phMsg)
416 {
417 DWORD encodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
418 BOOL ret = FALSE;
419 HCRYPTMSG msg;
420
421 if ((msg = CryptMsgOpenToDecode(encodingType, 0, 0, 0, NULL, NULL)))
422 {
423 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
424 if (ret)
425 {
426 DWORD type, len = sizeof(type);
427
428 ret = CryptMsgGetParam(msg, CMSG_TYPE_PARAM, 0, &type, &len);
429 if (ret)
430 {
431 if (type != CMSG_DATA)
432 {
433 SetLastError(ERROR_INVALID_DATA);
434 ret = FALSE;
435 }
436 }
437 }
438 if (!ret)
439 {
440 CryptMsgClose(msg);
441 msg = CryptMsgOpenToDecode(encodingType, 0, CMSG_DATA, 0,
442 NULL, NULL);
443 if (msg)
444 {
445 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
446 if (!ret)
447 {
448 CryptMsgClose(msg);
449 msg = NULL;
450 }
451 }
452 }
453 }
454 if (ret)
455 {
456 if (pdwMsgAndCertEncodingType)
457 *pdwMsgAndCertEncodingType = encodingType;
458 if (pdwContentType)
459 *pdwContentType = CERT_QUERY_CONTENT_PKCS7_SIGNED;
460 if (phMsg)
461 *phMsg = msg;
462 }
463 return ret;
464 }
465
466 /* Used to decode non-embedded messages */
467 static BOOL CRYPT_QueryMessageObject(DWORD dwObjectType, const void *pvObject,
468 DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags,
469 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType,
470 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
471 {
472 CERT_BLOB fileBlob;
473 const CERT_BLOB *blob;
474 BOOL ret;
475 HCRYPTMSG msg = NULL;
476 DWORD encodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
477 DWORD formatType = 0;
478
479 TRACE("(%d, %p, %08x, %08x, %p, %p, %p, %p, %p)\n", dwObjectType, pvObject,
480 dwExpectedContentTypeFlags, dwExpectedFormatTypeFlags,
481 pdwMsgAndCertEncodingType, pdwContentType, pdwFormatType, phCertStore,
482 phMsg);
483
484 switch (dwObjectType)
485 {
486 case CERT_QUERY_OBJECT_FILE:
487 /* This isn't an embedded PKCS7 message, so just read the file
488 * directly
489 */
490 ret = CRYPT_ReadBlobFromFile(pvObject, &fileBlob);
491 blob = &fileBlob;
492 break;
493 case CERT_QUERY_OBJECT_BLOB:
494 blob = pvObject;
495 ret = TRUE;
496 break;
497 default:
498 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
499 ret = FALSE;
500 }
501 if (!ret)
502 return FALSE;
503
504 ret = FALSE;
505 if (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BINARY)
506 {
507 /* Try it first as a signed message */
508 if (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED)
509 ret = CRYPT_QuerySignedMessage(blob, pdwMsgAndCertEncodingType,
510 pdwContentType, &msg);
511 /* Failing that, try as an unsigned message */
512 if (!ret &&
513 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED))
514 ret = CRYPT_QueryUnsignedMessage(blob, pdwMsgAndCertEncodingType,
515 pdwContentType, &msg);
516 if (ret)
517 formatType = CERT_QUERY_FORMAT_BINARY;
518 }
519 if (!ret &&
520 (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED))
521 {
522 CRYPT_DATA_BLOB trimmed = { blob->cbData, blob->pbData };
523 CRYPT_DATA_BLOB decoded;
524
525 while (trimmed.cbData && !trimmed.pbData[trimmed.cbData - 1])
526 trimmed.cbData--;
527 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData, trimmed.cbData,
528 CRYPT_STRING_BASE64_ANY, NULL, &decoded.cbData, NULL, NULL);
529 if (ret)
530 {
531 decoded.pbData = CryptMemAlloc(decoded.cbData);
532 if (decoded.pbData)
533 {
534 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData,
535 trimmed.cbData, CRYPT_STRING_BASE64_ANY, decoded.pbData,
536 &decoded.cbData, NULL, NULL);
537 if (ret)
538 {
539 /* Try it first as a signed message */
540 if (dwExpectedContentTypeFlags &
541 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED)
542 ret = CRYPT_QuerySignedMessage(&decoded,
543 pdwMsgAndCertEncodingType, pdwContentType, &msg);
544 /* Failing that, try as an unsigned message */
545 if (!ret && (dwExpectedContentTypeFlags &
546 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED))
547 ret = CRYPT_QueryUnsignedMessage(&decoded,
548 pdwMsgAndCertEncodingType, pdwContentType, &msg);
549 if (ret)
550 formatType = CERT_QUERY_FORMAT_BASE64_ENCODED;
551 }
552 CryptMemFree(decoded.pbData);
553 }
554 else
555 ret = FALSE;
556 }
557 if (!ret && !(blob->cbData % sizeof(WCHAR)))
558 {
559 CRYPT_DATA_BLOB decoded;
560 LPWSTR str = (LPWSTR)blob->pbData;
561 DWORD strLen = blob->cbData / sizeof(WCHAR);
562
563 /* Try again, assuming the input string is UTF-16 base64 */
564 while (strLen && !str[strLen - 1])
565 strLen--;
566 ret = CryptStringToBinaryW(str, strLen, CRYPT_STRING_BASE64_ANY,
567 NULL, &decoded.cbData, NULL, NULL);
568 if (ret)
569 {
570 decoded.pbData = CryptMemAlloc(decoded.cbData);
571 if (decoded.pbData)
572 {
573 ret = CryptStringToBinaryW(str, strLen,
574 CRYPT_STRING_BASE64_ANY, decoded.pbData, &decoded.cbData,
575 NULL, NULL);
576 if (ret)
577 {
578 /* Try it first as a signed message */
579 if (dwExpectedContentTypeFlags &
580 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED)
581 ret = CRYPT_QuerySignedMessage(&decoded,
582 pdwMsgAndCertEncodingType, pdwContentType, &msg);
583 /* Failing that, try as an unsigned message */
584 if (!ret && (dwExpectedContentTypeFlags &
585 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED))
586 ret = CRYPT_QueryUnsignedMessage(&decoded,
587 pdwMsgAndCertEncodingType, pdwContentType, &msg);
588 if (ret)
589 formatType = CERT_QUERY_FORMAT_BASE64_ENCODED;
590 }
591 CryptMemFree(decoded.pbData);
592 }
593 else
594 ret = FALSE;
595 }
596 }
597 }
598 if (ret)
599 {
600 if (pdwFormatType)
601 *pdwFormatType = formatType;
602 if (phCertStore)
603 *phCertStore = CertOpenStore(CERT_STORE_PROV_MSG, encodingType, 0,
604 0, msg);
605 if (phMsg)
606 *phMsg = msg;
607 else
608 CryptMsgClose(msg);
609 }
610 if (blob == &fileBlob)
611 CryptMemFree(blob->pbData);
612 TRACE("returning %d\n", ret);
613 return ret;
614 }
615
616 static BOOL CRYPT_QueryEmbeddedMessageObject(DWORD dwObjectType,
617 const void *pvObject, DWORD dwExpectedContentTypeFlags,
618 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
619 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
620 {
621 HANDLE file;
622 GUID subject;
623 BOOL ret = FALSE;
624
625 TRACE("%s\n", debugstr_w(pvObject));
626
627 if (dwObjectType != CERT_QUERY_OBJECT_FILE)
628 {
629 WARN("don't know what to do for type %d embedded signed messages\n",
630 dwObjectType);
631 SetLastError(E_INVALIDARG);
632 return FALSE;
633 }
634 file = CreateFileW(pvObject, GENERIC_READ, FILE_SHARE_READ,
635 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
636 if (file != INVALID_HANDLE_VALUE)
637 {
638 ret = CryptSIPRetrieveSubjectGuid(pvObject, file, &subject);
639 if (ret)
640 {
641 SIP_DISPATCH_INFO sip;
642
643 memset(&sip, 0, sizeof(sip));
644 sip.cbSize = sizeof(sip);
645 ret = CryptSIPLoad(&subject, 0, &sip);
646 if (ret)
647 {
648 SIP_SUBJECTINFO subjectInfo;
649 CERT_BLOB blob;
650 DWORD encodingType;
651
652 memset(&subjectInfo, 0, sizeof(subjectInfo));
653 subjectInfo.cbSize = sizeof(subjectInfo);
654 subjectInfo.pgSubjectType = &subject;
655 subjectInfo.hFile = file;
656 subjectInfo.pwsFileName = pvObject;
657 ret = sip.pfGet(&subjectInfo, &encodingType, 0, &blob.cbData,
658 NULL);
659 if (ret)
660 {
661 blob.pbData = CryptMemAlloc(blob.cbData);
662 if (blob.pbData)
663 {
664 ret = sip.pfGet(&subjectInfo, &encodingType, 0,
665 &blob.cbData, blob.pbData);
666 if (ret)
667 {
668 ret = CRYPT_QueryMessageObject(
669 CERT_QUERY_OBJECT_BLOB, &blob,
670 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED,
671 CERT_QUERY_FORMAT_FLAG_BINARY,
672 pdwMsgAndCertEncodingType, NULL, NULL,
673 phCertStore, phMsg);
674 if (ret && pdwContentType)
675 *pdwContentType = CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED;
676 }
677 CryptMemFree(blob.pbData);
678 }
679 else
680 {
681 SetLastError(ERROR_OUTOFMEMORY);
682 ret = FALSE;
683 }
684 }
685 }
686 }
687 CloseHandle(file);
688 }
689 TRACE("returning %d\n", ret);
690 return ret;
691 }
692
693 BOOL WINAPI CryptQueryObject(DWORD dwObjectType, const void *pvObject,
694 DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags,
695 DWORD dwFlags, DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
696 DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg,
697 const void **ppvContext)
698 {
699 static const DWORD unimplementedTypes =
700 CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX |
701 CERT_QUERY_CONTENT_FLAG_CERT_PAIR;
702 BOOL ret = TRUE;
703
704 TRACE("(%08x, %p, %08x, %08x, %08x, %p, %p, %p, %p, %p, %p)\n",
705 dwObjectType, pvObject, dwExpectedContentTypeFlags,
706 dwExpectedFormatTypeFlags, dwFlags, pdwMsgAndCertEncodingType,
707 pdwContentType, pdwFormatType, phCertStore, phMsg, ppvContext);
708
709 if (dwObjectType != CERT_QUERY_OBJECT_BLOB &&
710 dwObjectType != CERT_QUERY_OBJECT_FILE)
711 {
712 WARN("unsupported type %d\n", dwObjectType);
713 SetLastError(E_INVALIDARG);
714 return FALSE;
715 }
716 if (!pvObject)
717 {
718 WARN("missing required argument\n");
719 SetLastError(E_INVALIDARG);
720 return FALSE;
721 }
722 if (dwExpectedContentTypeFlags & unimplementedTypes)
723 WARN("unimplemented for types %08x\n",
724 dwExpectedContentTypeFlags & unimplementedTypes);
725
726 if (pdwFormatType)
727 *pdwFormatType = CERT_QUERY_FORMAT_BINARY;
728 if (phCertStore)
729 *phCertStore = NULL;
730 if (phMsg)
731 *phMsg = NULL;
732 if (ppvContext)
733 *ppvContext = NULL;
734
735 ret = FALSE;
736 if ((dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CERT) ||
737 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CRL) ||
738 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CTL))
739 {
740 ret = CRYPT_QueryContextObject(dwObjectType, pvObject,
741 dwExpectedContentTypeFlags, dwExpectedFormatTypeFlags,
742 pdwMsgAndCertEncodingType, pdwContentType, pdwFormatType, phCertStore,
743 ppvContext);
744 }
745 if (!ret &&
746 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE))
747 {
748 ret = CRYPT_QuerySerializedStoreObject(dwObjectType, pvObject,
749 pdwMsgAndCertEncodingType, pdwContentType, phCertStore, phMsg);
750 }
751 if (!ret &&
752 ((dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT) ||
753 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL) ||
754 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL)))
755 {
756 ret = CRYPT_QuerySerializedContextObject(dwObjectType, pvObject,
757 dwExpectedContentTypeFlags, pdwMsgAndCertEncodingType, pdwContentType,
758 phCertStore, ppvContext);
759 }
760 if (!ret &&
761 ((dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED) ||
762 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED)))
763 {
764 ret = CRYPT_QueryMessageObject(dwObjectType, pvObject,
765 dwExpectedContentTypeFlags, dwExpectedFormatTypeFlags,
766 pdwMsgAndCertEncodingType, pdwContentType, pdwFormatType,
767 phCertStore, phMsg);
768 }
769 if (!ret &&
770 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED))
771 {
772 ret = CRYPT_QueryEmbeddedMessageObject(dwObjectType, pvObject,
773 dwExpectedContentTypeFlags, pdwMsgAndCertEncodingType, pdwContentType,
774 phCertStore, phMsg);
775 }
776 if (!ret)
777 SetLastError(CRYPT_E_NO_MATCH);
778 TRACE("returning %d\n", ret);
779 return ret;
780 }
781
782 static BOOL WINAPI CRYPT_FormatHexString(DWORD dwCertEncodingType,
783 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
784 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
785 DWORD *pcbFormat)
786 {
787 BOOL ret;
788 DWORD bytesNeeded;
789
790 if (cbEncoded)
791 bytesNeeded = (cbEncoded * 3) * sizeof(WCHAR);
792 else
793 bytesNeeded = sizeof(WCHAR);
794 if (!pbFormat)
795 {
796 *pcbFormat = bytesNeeded;
797 ret = TRUE;
798 }
799 else if (*pcbFormat < bytesNeeded)
800 {
801 *pcbFormat = bytesNeeded;
802 SetLastError(ERROR_MORE_DATA);
803 ret = FALSE;
804 }
805 else
806 {
807 static const WCHAR fmt[] = { '%','0','2','x',' ',0 };
808 static const WCHAR endFmt[] = { '%','0','2','x',0 };
809 DWORD i;
810 LPWSTR ptr = pbFormat;
811
812 *pcbFormat = bytesNeeded;
813 if (cbEncoded)
814 {
815 for (i = 0; i < cbEncoded; i++)
816 {
817 if (i < cbEncoded - 1)
818 ptr += sprintfW(ptr, fmt, pbEncoded[i]);
819 else
820 ptr += sprintfW(ptr, endFmt, pbEncoded[i]);
821 }
822 }
823 else
824 *ptr = 0;
825 ret = TRUE;
826 }
827 return ret;
828 }
829
830 #define MAX_STRING_RESOURCE_LEN 128
831
832 static const WCHAR commaSpace[] = { ',',' ',0 };
833
834 struct BitToString
835 {
836 BYTE bit;
837 int id;
838 WCHAR str[MAX_STRING_RESOURCE_LEN];
839 };
840
841 static BOOL CRYPT_FormatBits(BYTE bits, const struct BitToString *map,
842 DWORD mapEntries, void *pbFormat, DWORD *pcbFormat, BOOL *first)
843 {
844 DWORD bytesNeeded = sizeof(WCHAR);
845 int i;
846 BOOL ret = TRUE, localFirst = *first;
847
848 for (i = 0; i < mapEntries; i++)
849 if (bits & map[i].bit)
850 {
851 if (!localFirst)
852 bytesNeeded += strlenW(commaSpace) * sizeof(WCHAR);
853 localFirst = FALSE;
854 bytesNeeded += strlenW(map[i].str) * sizeof(WCHAR);
855 }
856 if (!pbFormat)
857 {
858 *first = localFirst;
859 *pcbFormat = bytesNeeded;
860 }
861 else if (*pcbFormat < bytesNeeded)
862 {
863 *first = localFirst;
864 *pcbFormat = bytesNeeded;
865 SetLastError(ERROR_MORE_DATA);
866 ret = FALSE;
867 }
868 else
869 {
870 LPWSTR str = pbFormat;
871
872 localFirst = *first;
873 *pcbFormat = bytesNeeded;
874 for (i = 0; i < mapEntries; i++)
875 if (bits & map[i].bit)
876 {
877 if (!localFirst)
878 {
879 strcpyW(str, commaSpace);
880 str += strlenW(commaSpace);
881 }
882 localFirst = FALSE;
883 strcpyW(str, map[i].str);
884 str += strlenW(map[i].str);
885 }
886 *first = localFirst;
887 }
888 return ret;
889 }
890
891 static struct BitToString keyUsageByte0Map[] = {
892 { CERT_DIGITAL_SIGNATURE_KEY_USAGE, IDS_DIGITAL_SIGNATURE, { 0 } },
893 { CERT_NON_REPUDIATION_KEY_USAGE, IDS_NON_REPUDIATION, { 0 } },
894 { CERT_KEY_ENCIPHERMENT_KEY_USAGE, IDS_KEY_ENCIPHERMENT, { 0 } },
895 { CERT_DATA_ENCIPHERMENT_KEY_USAGE, IDS_DATA_ENCIPHERMENT, { 0 } },
896 { CERT_KEY_AGREEMENT_KEY_USAGE, IDS_KEY_AGREEMENT, { 0 } },
897 { CERT_KEY_CERT_SIGN_KEY_USAGE, IDS_CERT_SIGN, { 0 } },
898 { CERT_OFFLINE_CRL_SIGN_KEY_USAGE, IDS_OFFLINE_CRL_SIGN, { 0 } },
899 { CERT_CRL_SIGN_KEY_USAGE, IDS_CRL_SIGN, { 0 } },
900 { CERT_ENCIPHER_ONLY_KEY_USAGE, IDS_ENCIPHER_ONLY, { 0 } },
901 };
902 static struct BitToString keyUsageByte1Map[] = {
903 { CERT_DECIPHER_ONLY_KEY_USAGE, IDS_DECIPHER_ONLY, { 0 } },
904 };
905
906 static BOOL WINAPI CRYPT_FormatKeyUsage(DWORD dwCertEncodingType,
907 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
908 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
909 DWORD *pcbFormat)
910 {
911 DWORD size;
912 CRYPT_BIT_BLOB *bits;
913 BOOL ret;
914
915 if (!cbEncoded)
916 {
917 SetLastError(E_INVALIDARG);
918 return FALSE;
919 }
920 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_KEY_USAGE,
921 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &bits, &size)))
922 {
923 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
924 DWORD bytesNeeded = sizeof(WCHAR);
925
926 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
927 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
928 if (!bits->cbData || bits->cbData > 2)
929 {
930 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
931 if (!pbFormat)
932 *pcbFormat = bytesNeeded;
933 else if (*pcbFormat < bytesNeeded)
934 {
935 *pcbFormat = bytesNeeded;
936 SetLastError(ERROR_MORE_DATA);
937 ret = FALSE;
938 }
939 else
940 {
941 LPWSTR str = pbFormat;
942
943 *pcbFormat = bytesNeeded;
944 strcpyW(str, infoNotAvailable);
945 }
946 }
947 else
948 {
949 static BOOL stringsLoaded = FALSE;
950 int i;
951 DWORD bitStringLen;
952 BOOL first = TRUE;
953
954 if (!stringsLoaded)
955 {
956 for (i = 0;
957 i < sizeof(keyUsageByte0Map) / sizeof(keyUsageByte0Map[0]);
958 i++)
959 LoadStringW(hInstance, keyUsageByte0Map[i].id,
960 keyUsageByte0Map[i].str, MAX_STRING_RESOURCE_LEN);
961 for (i = 0;
962 i < sizeof(keyUsageByte1Map) / sizeof(keyUsageByte1Map[0]);
963 i++)
964 LoadStringW(hInstance, keyUsageByte1Map[i].id,
965 keyUsageByte1Map[i].str, MAX_STRING_RESOURCE_LEN);
966 stringsLoaded = TRUE;
967 }
968 CRYPT_FormatBits(bits->pbData[0], keyUsageByte0Map,
969 sizeof(keyUsageByte0Map) / sizeof(keyUsageByte0Map[0]),
970 NULL, &bitStringLen, &first);
971 bytesNeeded += bitStringLen;
972 if (bits->cbData == 2)
973 {
974 CRYPT_FormatBits(bits->pbData[1], keyUsageByte1Map,
975 sizeof(keyUsageByte1Map) / sizeof(keyUsageByte1Map[0]),
976 NULL, &bitStringLen, &first);
977 bytesNeeded += bitStringLen;
978 }
979 bytesNeeded += 3 * sizeof(WCHAR); /* " (" + ")" */
980 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
981 bits->cbData, NULL, &size);
982 bytesNeeded += size;
983 if (!pbFormat)
984 *pcbFormat = bytesNeeded;
985 else if (*pcbFormat < bytesNeeded)
986 {
987 *pcbFormat = bytesNeeded;
988 SetLastError(ERROR_MORE_DATA);
989 ret = FALSE;
990 }
991 else
992 {
993 LPWSTR str = pbFormat;
994
995 bitStringLen = bytesNeeded;
996 first = TRUE;
997 CRYPT_FormatBits(bits->pbData[0], keyUsageByte0Map,
998 sizeof(keyUsageByte0Map) / sizeof(keyUsageByte0Map[0]),
999 str, &bitStringLen, &first);
1000 str += bitStringLen / sizeof(WCHAR) - 1;
1001 if (bits->cbData == 2)
1002 {
1003 bitStringLen = bytesNeeded;
1004 CRYPT_FormatBits(bits->pbData[1], keyUsageByte1Map,
1005 sizeof(keyUsageByte1Map) / sizeof(keyUsageByte1Map[0]),
1006 str, &bitStringLen, &first);
1007 str += bitStringLen / sizeof(WCHAR) - 1;
1008 }
1009 *str++ = ' ';
1010 *str++ = '(';
1011 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
1012 bits->cbData, str, &size);
1013 str += size / sizeof(WCHAR) - 1;
1014 *str++ = ')';
1015 *str = 0;
1016 }
1017 }
1018 LocalFree(bits);
1019 }
1020 return ret;
1021 }
1022
1023 static const WCHAR crlf[] = { '\r','\n',0 };
1024
1025 static WCHAR subjectTypeHeader[MAX_STRING_RESOURCE_LEN];
1026 static WCHAR subjectTypeCA[MAX_STRING_RESOURCE_LEN];
1027 static WCHAR subjectTypeEndCert[MAX_STRING_RESOURCE_LEN];
1028 static WCHAR pathLengthHeader[MAX_STRING_RESOURCE_LEN];
1029
1030 static BOOL WINAPI CRYPT_FormatBasicConstraints2(DWORD dwCertEncodingType,
1031 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1032 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1033 DWORD *pcbFormat)
1034 {
1035 DWORD size;
1036 CERT_BASIC_CONSTRAINTS2_INFO *info;
1037 BOOL ret;
1038
1039 if (!cbEncoded)
1040 {
1041 SetLastError(E_INVALIDARG);
1042 return FALSE;
1043 }
1044 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BASIC_CONSTRAINTS2,
1045 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1046 {
1047 static const WCHAR pathFmt[] = { '%','d',0 };
1048 static BOOL stringsLoaded = FALSE;
1049 DWORD bytesNeeded = sizeof(WCHAR); /* space for the NULL terminator */
1050 WCHAR pathLength[MAX_STRING_RESOURCE_LEN];
1051 LPCWSTR sep, subjectType;
1052 DWORD sepLen;
1053
1054 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1055 {
1056 sep = crlf;
1057 sepLen = strlenW(crlf) * sizeof(WCHAR);
1058 }
1059 else
1060 {
1061 sep = commaSpace;
1062 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
1063 }
1064
1065 if (!stringsLoaded)
1066 {
1067 LoadStringW(hInstance, IDS_SUBJECT_TYPE, subjectTypeHeader,
1068 sizeof(subjectTypeHeader) / sizeof(subjectTypeHeader[0]));
1069 LoadStringW(hInstance, IDS_SUBJECT_TYPE_CA, subjectTypeCA,
1070 sizeof(subjectTypeCA) / sizeof(subjectTypeCA[0]));
1071 LoadStringW(hInstance, IDS_SUBJECT_TYPE_END_CERT,
1072 subjectTypeEndCert,
1073 sizeof(subjectTypeEndCert) / sizeof(subjectTypeEndCert[0]));
1074 LoadStringW(hInstance, IDS_PATH_LENGTH, pathLengthHeader,
1075 sizeof(pathLengthHeader) / sizeof(pathLengthHeader[0]));
1076 stringsLoaded = TRUE;
1077 }
1078 bytesNeeded += strlenW(subjectTypeHeader) * sizeof(WCHAR);
1079 if (info->fCA)
1080 subjectType = subjectTypeCA;
1081 else
1082 subjectType = subjectTypeEndCert;
1083 bytesNeeded += strlenW(subjectType) * sizeof(WCHAR);
1084 bytesNeeded += sepLen;
1085 bytesNeeded += strlenW(pathLengthHeader) * sizeof(WCHAR);
1086 if (info->fPathLenConstraint)
1087 sprintfW(pathLength, pathFmt, info->dwPathLenConstraint);
1088 else
1089 LoadStringW(hInstance, IDS_PATH_LENGTH_NONE, pathLength,
1090 sizeof(pathLength) / sizeof(pathLength[0]));
1091 bytesNeeded += strlenW(pathLength) * sizeof(WCHAR);
1092 if (!pbFormat)
1093 *pcbFormat = bytesNeeded;
1094 else if (*pcbFormat < bytesNeeded)
1095 {
1096 *pcbFormat = bytesNeeded;
1097 SetLastError(ERROR_MORE_DATA);
1098 ret = FALSE;
1099 }
1100 else
1101 {
1102 LPWSTR str = pbFormat;
1103
1104 *pcbFormat = bytesNeeded;
1105 strcpyW(str, subjectTypeHeader);
1106 str += strlenW(subjectTypeHeader);
1107 strcpyW(str, subjectType);
1108 str += strlenW(subjectType);
1109 strcpyW(str, sep);
1110 str += sepLen / sizeof(WCHAR);
1111 strcpyW(str, pathLengthHeader);
1112 str += strlenW(pathLengthHeader);
1113 strcpyW(str, pathLength);
1114 str += strlenW(pathLength);
1115 }
1116 LocalFree(info);
1117 }
1118 return ret;
1119 }
1120
1121 static BOOL CRYPT_FormatHexStringWithPrefix(const CRYPT_DATA_BLOB *blob, int id,
1122 LPWSTR str, DWORD *pcbStr)
1123 {
1124 WCHAR buf[MAX_STRING_RESOURCE_LEN];
1125 DWORD bytesNeeded;
1126 BOOL ret;
1127
1128 LoadStringW(hInstance, id, buf, sizeof(buf) / sizeof(buf[0]));
1129 CRYPT_FormatHexString(X509_ASN_ENCODING, 0, 0, NULL, NULL,
1130 blob->pbData, blob->cbData, NULL, &bytesNeeded);
1131 bytesNeeded += strlenW(buf) * sizeof(WCHAR);
1132 if (!str)
1133 {
1134 *pcbStr = bytesNeeded;
1135 ret = TRUE;
1136 }
1137 else if (*pcbStr < bytesNeeded)
1138 {
1139 *pcbStr = bytesNeeded;
1140 SetLastError(ERROR_MORE_DATA);
1141 ret = FALSE;
1142 }
1143 else
1144 {
1145 *pcbStr = bytesNeeded;
1146 strcpyW(str, buf);
1147 str += strlenW(str);
1148 bytesNeeded -= strlenW(str) * sizeof(WCHAR);
1149 ret = CRYPT_FormatHexString(X509_ASN_ENCODING, 0, 0, NULL, NULL,
1150 blob->pbData, blob->cbData, str, &bytesNeeded);
1151 }
1152 return ret;
1153 }
1154
1155 static BOOL CRYPT_FormatKeyId(const CRYPT_DATA_BLOB *keyId, LPWSTR str,
1156 DWORD *pcbStr)
1157 {
1158 return CRYPT_FormatHexStringWithPrefix(keyId, IDS_KEY_ID, str, pcbStr);
1159 }
1160
1161 static BOOL CRYPT_FormatCertSerialNumber(const CRYPT_DATA_BLOB *serialNum, LPWSTR str,
1162 DWORD *pcbStr)
1163 {
1164 return CRYPT_FormatHexStringWithPrefix(serialNum, IDS_CERT_SERIAL_NUMBER,
1165 str, pcbStr);
1166 }
1167
1168 static const WCHAR indent[] = { ' ',' ',' ',' ',' ',0 };
1169 static const WCHAR colonCrlf[] = { ':','\r','\n',0 };
1170
1171 static BOOL CRYPT_FormatAltNameEntry(DWORD dwFormatStrType, DWORD indentLevel,
1172 const CERT_ALT_NAME_ENTRY *entry, LPWSTR str, DWORD *pcbStr)
1173 {
1174 BOOL ret;
1175 WCHAR buf[MAX_STRING_RESOURCE_LEN];
1176 WCHAR mask[MAX_STRING_RESOURCE_LEN];
1177 WCHAR ipAddrBuf[32];
1178 WCHAR maskBuf[16];
1179 DWORD bytesNeeded = sizeof(WCHAR);
1180 DWORD strType = CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG;
1181
1182 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1183 bytesNeeded += indentLevel * strlenW(indent) * sizeof(WCHAR);
1184 switch (entry->dwAltNameChoice)
1185 {
1186 case CERT_ALT_NAME_RFC822_NAME:
1187 LoadStringW(hInstance, IDS_ALT_NAME_RFC822_NAME, buf,
1188 sizeof(buf) / sizeof(buf[0]));
1189 bytesNeeded += strlenW(entry->u.pwszRfc822Name) * sizeof(WCHAR);
1190 ret = TRUE;
1191 break;
1192 case CERT_ALT_NAME_DNS_NAME:
1193 LoadStringW(hInstance, IDS_ALT_NAME_DNS_NAME, buf,
1194 sizeof(buf) / sizeof(buf[0]));
1195 bytesNeeded += strlenW(entry->u.pwszDNSName) * sizeof(WCHAR);
1196 ret = TRUE;
1197 break;
1198 case CERT_ALT_NAME_DIRECTORY_NAME:
1199 {
1200 DWORD directoryNameLen;
1201
1202 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1203 strType |= CERT_NAME_STR_CRLF_FLAG;
1204 directoryNameLen = cert_name_to_str_with_indent(X509_ASN_ENCODING,
1205 indentLevel + 1, &entry->u.DirectoryName, strType, NULL, 0);
1206 LoadStringW(hInstance, IDS_ALT_NAME_DIRECTORY_NAME, buf,
1207 sizeof(buf) / sizeof(buf[0]));
1208 bytesNeeded += (directoryNameLen - 1) * sizeof(WCHAR);
1209 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1210 bytesNeeded += strlenW(colonCrlf) * sizeof(WCHAR);
1211 else
1212 bytesNeeded += sizeof(WCHAR); /* '=' */
1213 ret = TRUE;
1214 break;
1215 }
1216 case CERT_ALT_NAME_URL:
1217 LoadStringW(hInstance, IDS_ALT_NAME_URL, buf,
1218 sizeof(buf) / sizeof(buf[0]));
1219 bytesNeeded += strlenW(entry->u.pwszURL) * sizeof(WCHAR);
1220 ret = TRUE;
1221 break;
1222 case CERT_ALT_NAME_IP_ADDRESS:
1223 {
1224 static const WCHAR ipAddrWithMaskFmt[] = { '%','d','.','%','d','.',
1225 '%','d','.','%','d','/','%','d','.','%','d','.','%','d','.','%','d',0
1226 };
1227 static const WCHAR ipAddrFmt[] = { '%','d','.','%','d','.','%','d',
1228 '.','%','d',0 };
1229
1230 LoadStringW(hInstance, IDS_ALT_NAME_IP_ADDRESS, buf,
1231 sizeof(buf) / sizeof(buf[0]));
1232 if (entry->u.IPAddress.cbData == 8)
1233 {
1234 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1235 {
1236 LoadStringW(hInstance, IDS_ALT_NAME_MASK, mask,
1237 sizeof(mask) / sizeof(mask[0]));
1238 bytesNeeded += strlenW(mask) * sizeof(WCHAR);
1239 sprintfW(ipAddrBuf, ipAddrFmt,
1240 entry->u.IPAddress.pbData[0],
1241 entry->u.IPAddress.pbData[1],
1242 entry->u.IPAddress.pbData[2],
1243 entry->u.IPAddress.pbData[3]);
1244 bytesNeeded += strlenW(ipAddrBuf) * sizeof(WCHAR);
1245 /* indent again, for the mask line */
1246 bytesNeeded += indentLevel * strlenW(indent) * sizeof(WCHAR);
1247 sprintfW(maskBuf, ipAddrFmt,
1248 entry->u.IPAddress.pbData[4],
1249 entry->u.IPAddress.pbData[5],
1250 entry->u.IPAddress.pbData[6],
1251 entry->u.IPAddress.pbData[7]);
1252 bytesNeeded += strlenW(maskBuf) * sizeof(WCHAR);
1253 bytesNeeded += strlenW(crlf) * sizeof(WCHAR);
1254 }
1255 else
1256 {
1257 sprintfW(ipAddrBuf, ipAddrWithMaskFmt,
1258 entry->u.IPAddress.pbData[0],
1259 entry->u.IPAddress.pbData[1],
1260 entry->u.IPAddress.pbData[2],
1261 entry->u.IPAddress.pbData[3],
1262 entry->u.IPAddress.pbData[4],
1263 entry->u.IPAddress.pbData[5],
1264 entry->u.IPAddress.pbData[6],
1265 entry->u.IPAddress.pbData[7]);
1266 bytesNeeded += (strlenW(ipAddrBuf) + 1) * sizeof(WCHAR);
1267 }
1268 ret = TRUE;
1269 }
1270 else
1271 {
1272 FIXME("unknown IP address format (%d bytes)\n",
1273 entry->u.IPAddress.cbData);
1274 ret = FALSE;
1275 }
1276 break;
1277 }
1278 default:
1279 FIXME("unimplemented for %d\n", entry->dwAltNameChoice);
1280 ret = FALSE;
1281 }
1282 if (ret)
1283 {
1284 bytesNeeded += strlenW(buf) * sizeof(WCHAR);
1285 if (!str)
1286 *pcbStr = bytesNeeded;
1287 else if (*pcbStr < bytesNeeded)
1288 {
1289 *pcbStr = bytesNeeded;
1290 SetLastError(ERROR_MORE_DATA);
1291 ret = FALSE;
1292 }
1293 else
1294 {
1295 DWORD i;
1296
1297 *pcbStr = bytesNeeded;
1298 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1299 {
1300 for (i = 0; i < indentLevel; i++)
1301 {
1302 strcpyW(str, indent);
1303 str += strlenW(indent);
1304 }
1305 }
1306 strcpyW(str, buf);
1307 str += strlenW(str);
1308 switch (entry->dwAltNameChoice)
1309 {
1310 case CERT_ALT_NAME_RFC822_NAME:
1311 case CERT_ALT_NAME_DNS_NAME:
1312 case CERT_ALT_NAME_URL:
1313 strcpyW(str, entry->u.pwszURL);
1314 break;
1315 case CERT_ALT_NAME_DIRECTORY_NAME:
1316 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1317 {
1318 strcpyW(str, colonCrlf);
1319 str += strlenW(colonCrlf);
1320 }
1321 else
1322 *str++ = '=';
1323 cert_name_to_str_with_indent(X509_ASN_ENCODING,
1324 indentLevel + 1, &entry->u.DirectoryName, strType, str,
1325 bytesNeeded / sizeof(WCHAR));
1326 break;
1327 case CERT_ALT_NAME_IP_ADDRESS:
1328 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1329 {
1330 strcpyW(str, ipAddrBuf);
1331 str += strlenW(ipAddrBuf);
1332 strcpyW(str, crlf);
1333 str += strlenW(crlf);
1334 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1335 {
1336 for (i = 0; i < indentLevel; i++)
1337 {
1338 strcpyW(str, indent);
1339 str += strlenW(indent);
1340 }
1341 }
1342 strcpyW(str, mask);
1343 str += strlenW(mask);
1344 strcpyW(str, maskBuf);
1345 }
1346 else
1347 strcpyW(str, ipAddrBuf);
1348 break;
1349 }
1350 }
1351 }
1352 return ret;
1353 }
1354
1355 static BOOL CRYPT_FormatAltNameInfo(DWORD dwFormatStrType, DWORD indentLevel,
1356 const CERT_ALT_NAME_INFO *name, LPWSTR str, DWORD *pcbStr)
1357 {
1358 DWORD i, size, bytesNeeded = 0;
1359 BOOL ret = TRUE;
1360 LPCWSTR sep;
1361 DWORD sepLen;
1362
1363 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1364 {
1365 sep = crlf;
1366 sepLen = strlenW(crlf) * sizeof(WCHAR);
1367 }
1368 else
1369 {
1370 sep = commaSpace;
1371 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
1372 }
1373
1374 for (i = 0; ret && i < name->cAltEntry; i++)
1375 {
1376 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, indentLevel,
1377 &name->rgAltEntry[i], NULL, &size);
1378 if (ret)
1379 {
1380 bytesNeeded += size - sizeof(WCHAR);
1381 if (i < name->cAltEntry - 1)
1382 bytesNeeded += sepLen;
1383 }
1384 }
1385 if (ret)
1386 {
1387 bytesNeeded += sizeof(WCHAR);
1388 if (!str)
1389 *pcbStr = bytesNeeded;
1390 else if (*pcbStr < bytesNeeded)
1391 {
1392 *pcbStr = bytesNeeded;
1393 SetLastError(ERROR_MORE_DATA);
1394 ret = FALSE;
1395 }
1396 else
1397 {
1398 *pcbStr = bytesNeeded;
1399 for (i = 0; ret && i < name->cAltEntry; i++)
1400 {
1401 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, indentLevel,
1402 &name->rgAltEntry[i], str, &size);
1403 if (ret)
1404 {
1405 str += size / sizeof(WCHAR) - 1;
1406 if (i < name->cAltEntry - 1)
1407 {
1408 strcpyW(str, sep);
1409 str += sepLen / sizeof(WCHAR);
1410 }
1411 }
1412 }
1413 }
1414 }
1415 return ret;
1416 }
1417
1418 static const WCHAR colonSep[] = { ':',' ',0 };
1419
1420 static BOOL WINAPI CRYPT_FormatAltName(DWORD dwCertEncodingType,
1421 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1422 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1423 DWORD *pcbFormat)
1424 {
1425 BOOL ret;
1426 CERT_ALT_NAME_INFO *info;
1427 DWORD size;
1428
1429 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_ALTERNATE_NAME,
1430 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1431 {
1432 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 0, info, pbFormat, pcbFormat);
1433 LocalFree(info);
1434 }
1435 return ret;
1436 }
1437
1438 static BOOL CRYPT_FormatCertIssuer(DWORD dwFormatStrType,
1439 const CERT_ALT_NAME_INFO *issuer, LPWSTR str, DWORD *pcbStr)
1440 {
1441 WCHAR buf[MAX_STRING_RESOURCE_LEN];
1442 DWORD bytesNeeded, sepLen;
1443 LPCWSTR sep;
1444 BOOL ret;
1445
1446 LoadStringW(hInstance, IDS_CERT_ISSUER, buf, sizeof(buf) / sizeof(buf[0]));
1447 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 1, issuer, NULL,
1448 &bytesNeeded);
1449 bytesNeeded += strlenW(buf) * sizeof(WCHAR);
1450 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1451 {
1452 sep = colonCrlf;
1453 sepLen = strlenW(colonCrlf) * sizeof(WCHAR);
1454 }
1455 else
1456 {
1457 sep = colonSep;
1458 sepLen = strlenW(colonSep) * sizeof(WCHAR);
1459 }
1460 bytesNeeded += sepLen;
1461 if (ret)
1462 {
1463 if (!str)
1464 *pcbStr = bytesNeeded;
1465 else if (*pcbStr < bytesNeeded)
1466 {
1467 *pcbStr = bytesNeeded;
1468 SetLastError(ERROR_MORE_DATA);
1469 ret = FALSE;
1470 }
1471 else
1472 {
1473 *pcbStr = bytesNeeded;
1474 strcpyW(str, buf);
1475 bytesNeeded -= strlenW(str) * sizeof(WCHAR);
1476 str += strlenW(str);
1477 strcpyW(str, sep);
1478 str += sepLen / sizeof(WCHAR);
1479 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 1, issuer, str,
1480 &bytesNeeded);
1481 }
1482 }
1483 return ret;
1484 }
1485
1486 static BOOL WINAPI CRYPT_FormatAuthorityKeyId2(DWORD dwCertEncodingType,
1487 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1488 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1489 DWORD *pcbFormat)
1490 {
1491 CERT_AUTHORITY_KEY_ID2_INFO *info;
1492 DWORD size;
1493 BOOL ret = FALSE;
1494
1495 if (!cbEncoded)
1496 {
1497 SetLastError(E_INVALIDARG);
1498 return FALSE;
1499 }
1500 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_AUTHORITY_KEY_ID2,
1501 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1502 {
1503 DWORD bytesNeeded = sizeof(WCHAR); /* space for the NULL terminator */
1504 LPCWSTR sep;
1505 DWORD sepLen;
1506 BOOL needSeparator = FALSE;
1507
1508 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1509 {
1510 sep = crlf;
1511 sepLen = strlenW(crlf) * sizeof(WCHAR);
1512 }
1513 else
1514 {
1515 sep = commaSpace;
1516 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
1517 }
1518
1519 if (info->KeyId.cbData)
1520 {
1521 needSeparator = TRUE;
1522 ret = CRYPT_FormatKeyId(&info->KeyId, NULL, &size);
1523 if (ret)
1524 {
1525 /* don't include NULL-terminator more than once */
1526 bytesNeeded += size - sizeof(WCHAR);
1527 }
1528 }
1529 if (info->AuthorityCertIssuer.cAltEntry)
1530 {
1531 if (needSeparator)
1532 bytesNeeded += sepLen;
1533 needSeparator = TRUE;
1534 ret = CRYPT_FormatCertIssuer(dwFormatStrType,
1535 &info->AuthorityCertIssuer, NULL, &size);
1536 if (ret)
1537 {
1538 /* don't include NULL-terminator more than once */
1539 bytesNeeded += size - sizeof(WCHAR);
1540 }
1541 }
1542 if (info->AuthorityCertSerialNumber.cbData)
1543 {
1544 if (needSeparator)
1545 bytesNeeded += sepLen;
1546 ret = CRYPT_FormatCertSerialNumber(
1547 &info->AuthorityCertSerialNumber, NULL, &size);
1548 if (ret)
1549 {
1550 /* don't include NULL-terminator more than once */
1551 bytesNeeded += size - sizeof(WCHAR);
1552 }
1553 }
1554 if (ret)
1555 {
1556 if (!pbFormat)
1557 *pcbFormat = bytesNeeded;
1558 else if (*pcbFormat < bytesNeeded)
1559 {
1560 *pcbFormat = bytesNeeded;
1561 SetLastError(ERROR_MORE_DATA);
1562 ret = FALSE;
1563 }
1564 else
1565 {
1566 LPWSTR str = pbFormat;
1567
1568 *pcbFormat = bytesNeeded;
1569 needSeparator = FALSE;
1570 if (info->KeyId.cbData)
1571 {
1572 needSeparator = TRUE;
1573 /* Overestimate size available, it's already been checked
1574 * above.
1575 */
1576 size = bytesNeeded;
1577 ret = CRYPT_FormatKeyId(&info->KeyId, str, &size);
1578 if (ret)
1579 str += size / sizeof(WCHAR) - 1;
1580 }
1581 if (info->AuthorityCertIssuer.cAltEntry)
1582 {
1583 if (needSeparator)
1584 {
1585 strcpyW(str, sep);
1586 str += sepLen / sizeof(WCHAR);
1587 }
1588 needSeparator = TRUE;
1589 /* Overestimate size available, it's already been checked
1590 * above.
1591 */
1592 size = bytesNeeded;
1593 ret = CRYPT_FormatCertIssuer(dwFormatStrType,
1594 &info->AuthorityCertIssuer, str, &size);
1595 if (ret)
1596 str += size / sizeof(WCHAR) - 1;
1597 }
1598 if (info->AuthorityCertSerialNumber.cbData)
1599 {
1600 if (needSeparator)
1601 {
1602 strcpyW(str, sep);
1603 str += sepLen / sizeof(WCHAR);
1604 }
1605 /* Overestimate size available, it's already been checked
1606 * above.
1607 */
1608 size = bytesNeeded;
1609 ret = CRYPT_FormatCertSerialNumber(
1610 &info->AuthorityCertSerialNumber, str, &size);
1611 }
1612 }
1613 }
1614 LocalFree(info);
1615 }
1616 return ret;
1617 }
1618
1619 static WCHAR aia[MAX_STRING_RESOURCE_LEN];
1620 static WCHAR accessMethod[MAX_STRING_RESOURCE_LEN];
1621 static WCHAR ocsp[MAX_STRING_RESOURCE_LEN];
1622 static WCHAR caIssuers[MAX_STRING_RESOURCE_LEN];
1623 static WCHAR unknown[MAX_STRING_RESOURCE_LEN];
1624 static WCHAR accessLocation[MAX_STRING_RESOURCE_LEN];
1625
1626 static BOOL WINAPI CRYPT_FormatAuthorityInfoAccess(DWORD dwCertEncodingType,
1627 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1628 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1629 DWORD *pcbFormat)
1630 {
1631 CERT_AUTHORITY_INFO_ACCESS *info;
1632 DWORD size;
1633 BOOL ret = FALSE;
1634
1635 if (!cbEncoded)
1636 {
1637 SetLastError(E_INVALIDARG);
1638 return FALSE;
1639 }
1640 if ((ret = CryptDecodeObjectEx(dwCertEncodingType,
1641 X509_AUTHORITY_INFO_ACCESS, pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG,
1642 NULL, &info, &size)))
1643 {
1644 DWORD bytesNeeded = sizeof(WCHAR);
1645
1646 if (!info->cAccDescr)
1647 {
1648 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
1649
1650 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
1651 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
1652 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
1653 if (!pbFormat)
1654 *pcbFormat = bytesNeeded;
1655 else if (*pcbFormat < bytesNeeded)
1656 {
1657 *pcbFormat = bytesNeeded;
1658 SetLastError(ERROR_MORE_DATA);
1659 ret = FALSE;
1660 }
1661 else
1662 {
1663 *pcbFormat = bytesNeeded;
1664 strcpyW(pbFormat, infoNotAvailable);
1665 }
1666 }
1667 else
1668 {
1669 static const WCHAR numFmt[] = { '%','d',0 };
1670 static const WCHAR equal[] = { '=',0 };
1671 static BOOL stringsLoaded = FALSE;
1672 DWORD i;
1673 LPCWSTR headingSep, accessMethodSep, locationSep;
1674 WCHAR accessDescrNum[11];
1675
1676 if (!stringsLoaded)
1677 {
1678 LoadStringW(hInstance, IDS_AIA, aia,
1679 sizeof(aia) / sizeof(aia[0]));
1680 LoadStringW(hInstance, IDS_ACCESS_METHOD, accessMethod,
1681 sizeof(accessMethod) / sizeof(accessMethod[0]));
1682 LoadStringW(hInstance, IDS_ACCESS_METHOD_OCSP, ocsp,
1683 sizeof(ocsp) / sizeof(ocsp[0]));
1684 LoadStringW(hInstance, IDS_ACCESS_METHOD_CA_ISSUERS, caIssuers,
1685 sizeof(caIssuers) / sizeof(caIssuers[0]));
1686 LoadStringW(hInstance, IDS_ACCESS_METHOD_UNKNOWN, unknown,
1687 sizeof(unknown) / sizeof(unknown[0]));
1688 LoadStringW(hInstance, IDS_ACCESS_LOCATION, accessLocation,
1689 sizeof(accessLocation) / sizeof(accessLocation[0]));
1690 stringsLoaded = TRUE;
1691 }
1692 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1693 {
1694 headingSep = crlf;
1695 accessMethodSep = crlf;
1696 locationSep = colonCrlf;
1697 }
1698 else
1699 {
1700 headingSep = colonSep;
1701 accessMethodSep = commaSpace;
1702 locationSep = equal;
1703 }
1704
1705 for (i = 0; ret && i < info->cAccDescr; i++)
1706 {
1707 /* Heading */
1708 bytesNeeded += sizeof(WCHAR); /* left bracket */
1709 sprintfW(accessDescrNum, numFmt, i + 1);
1710 bytesNeeded += strlenW(accessDescrNum) * sizeof(WCHAR);
1711 bytesNeeded += sizeof(WCHAR); /* right bracket */
1712 bytesNeeded += strlenW(aia) * sizeof(WCHAR);
1713 bytesNeeded += strlenW(headingSep) * sizeof(WCHAR);
1714 /* Access method */
1715 bytesNeeded += strlenW(accessMethod) * sizeof(WCHAR);
1716 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1717 bytesNeeded += strlenW(indent) * sizeof(WCHAR);
1718 if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1719 szOID_PKIX_OCSP))
1720 bytesNeeded += strlenW(ocsp) * sizeof(WCHAR);
1721 else if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1722 szOID_PKIX_CA_ISSUERS))
1723 bytesNeeded += strlenW(caIssuers) * sizeof(caIssuers);
1724 else
1725 bytesNeeded += strlenW(unknown) * sizeof(WCHAR);
1726 bytesNeeded += sizeof(WCHAR); /* space */
1727 bytesNeeded += sizeof(WCHAR); /* left paren */
1728 bytesNeeded += strlen(info->rgAccDescr[i].pszAccessMethod)
1729 * sizeof(WCHAR);
1730 bytesNeeded += sizeof(WCHAR); /* right paren */
1731 /* Delimiter between access method and location */
1732 bytesNeeded += strlenW(accessMethodSep) * sizeof(WCHAR);
1733 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1734 bytesNeeded += strlenW(indent) * sizeof(WCHAR);
1735 bytesNeeded += strlenW(accessLocation) * sizeof(WCHAR);
1736 bytesNeeded += strlenW(locationSep) * sizeof(WCHAR);
1737 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, 2,
1738 &info->rgAccDescr[i].AccessLocation, NULL, &size);
1739 if (ret)
1740 bytesNeeded += size - sizeof(WCHAR);
1741 /* Need extra delimiter between access method entries */
1742 if (i < info->cAccDescr - 1)
1743 bytesNeeded += strlenW(accessMethodSep) * sizeof(WCHAR);
1744 }
1745 if (ret)
1746 {
1747 if (!pbFormat)
1748 *pcbFormat = bytesNeeded;
1749 else if (*pcbFormat < bytesNeeded)
1750 {
1751 *pcbFormat = bytesNeeded;
1752 SetLastError(ERROR_MORE_DATA);
1753 ret = FALSE;
1754 }
1755 else
1756 {
1757 LPWSTR str = pbFormat;
1758 DWORD altNameEntrySize;
1759
1760 *pcbFormat = bytesNeeded;
1761 for (i = 0; ret && i < info->cAccDescr; i++)
1762 {
1763 LPCSTR oidPtr;
1764
1765 *str++ = '[';
1766 sprintfW(accessDescrNum, numFmt, i + 1);
1767 strcpyW(str, accessDescrNum);
1768 str += strlenW(accessDescrNum);
1769 *str++ = ']';
1770 strcpyW(str, aia);
1771 str += strlenW(aia);
1772 strcpyW(str, headingSep);
1773 str += strlenW(headingSep);
1774 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1775 {
1776 strcpyW(str, indent);
1777 str += strlenW(indent);
1778 }
1779 strcpyW(str, accessMethod);
1780 str += strlenW(accessMethod);
1781 if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1782 szOID_PKIX_OCSP))
1783 {
1784 strcpyW(str, ocsp);
1785 str += strlenW(ocsp);
1786 }
1787 else if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1788 szOID_PKIX_CA_ISSUERS))
1789 {
1790 strcpyW(str, caIssuers);
1791 str += strlenW(caIssuers);
1792 }
1793 else
1794 {
1795 strcpyW(str, unknown);
1796 str += strlenW(unknown);
1797 }
1798 *str++ = ' ';
1799 *str++ = '(';
1800 for (oidPtr = info->rgAccDescr[i].pszAccessMethod;
1801 *oidPtr; oidPtr++, str++)
1802 *str = *oidPtr;
1803 *str++ = ')';
1804 strcpyW(str, accessMethodSep);
1805 str += strlenW(accessMethodSep);
1806 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1807 {
1808 strcpyW(str, indent);
1809 str += strlenW(indent);
1810 }
1811 strcpyW(str, accessLocation);
1812 str += strlenW(accessLocation);
1813 strcpyW(str, locationSep);
1814 str += strlenW(locationSep);
1815 /* This overestimates the size available, but that
1816 * won't matter since we checked earlier whether enough
1817 * space for the entire string was available.
1818 */
1819 altNameEntrySize = bytesNeeded;
1820 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, 2,
1821 &info->rgAccDescr[i].AccessLocation, str,
1822 &altNameEntrySize);
1823 if (ret)
1824 str += altNameEntrySize / sizeof(WCHAR) - 1;
1825 if (i < info->cAccDescr - 1)
1826 {
1827 strcpyW(str, accessMethodSep);
1828 str += strlenW(accessMethodSep);
1829 }
1830 }
1831 }
1832 }
1833 }
1834 LocalFree(info);
1835 }
1836 return ret;
1837 }
1838
1839 static WCHAR keyCompromise[MAX_STRING_RESOURCE_LEN];
1840 static WCHAR caCompromise[MAX_STRING_RESOURCE_LEN];
1841 static WCHAR affiliationChanged[MAX_STRING_RESOURCE_LEN];
1842 static WCHAR superseded[MAX_STRING_RESOURCE_LEN];
1843 static WCHAR operationCeased[MAX_STRING_RESOURCE_LEN];
1844 static WCHAR certificateHold[MAX_STRING_RESOURCE_LEN];
1845
1846 struct reason_map_entry
1847 {
1848 BYTE reasonBit;
1849 LPWSTR reason;
1850 int id;
1851 };
1852 static struct reason_map_entry reason_map[] = {
1853 { CRL_REASON_KEY_COMPROMISE_FLAG, keyCompromise, IDS_REASON_KEY_COMPROMISE },
1854 { CRL_REASON_CA_COMPROMISE_FLAG, caCompromise, IDS_REASON_CA_COMPROMISE },
1855 { CRL_REASON_AFFILIATION_CHANGED_FLAG, affiliationChanged,
1856 IDS_REASON_AFFILIATION_CHANGED },
1857 { CRL_REASON_SUPERSEDED_FLAG, superseded, IDS_REASON_SUPERSEDED },
1858 { CRL_REASON_CESSATION_OF_OPERATION_FLAG, operationCeased,
1859 IDS_REASON_CESSATION_OF_OPERATION },
1860 { CRL_REASON_CERTIFICATE_HOLD_FLAG, certificateHold,
1861 IDS_REASON_CERTIFICATE_HOLD },
1862 };
1863
1864 static BOOL CRYPT_FormatReason(DWORD dwFormatStrType,
1865 const CRYPT_BIT_BLOB *reasonFlags, LPWSTR str, DWORD *pcbStr)
1866 {
1867 static const WCHAR sep[] = { ',',' ',0 };
1868 static const WCHAR bitsFmt[] = { ' ','(','%','0','2','x',')',0 };
1869 static BOOL stringsLoaded = FALSE;
1870 int i, numReasons = 0;
1871 BOOL ret = TRUE;
1872 DWORD bytesNeeded = sizeof(WCHAR);
1873 WCHAR bits[6];
1874
1875 if (!stringsLoaded)
1876 {
1877 for (i = 0; i < sizeof(reason_map) / sizeof(reason_map[0]); i++)
1878 LoadStringW(hInstance, reason_map[i].id, reason_map[i].reason,
1879 MAX_STRING_RESOURCE_LEN);
1880 stringsLoaded = TRUE;
1881 }
1882 /* No need to check reasonFlags->cbData, we already know it's positive.
1883 * Ignore any other bytes, as they're for undefined bits.
1884 */
1885 for (i = 0; i < sizeof(reason_map) / sizeof(reason_map[0]); i++)
1886 {
1887 if (reasonFlags->pbData[0] & reason_map[i].reasonBit)
1888 {
1889 bytesNeeded += strlenW(reason_map[i].reason) * sizeof(WCHAR);
1890 if (numReasons++)
1891 bytesNeeded += strlenW(sep) * sizeof(WCHAR);
1892 }
1893 }
1894 sprintfW(bits, bitsFmt, reasonFlags->pbData[0]);
1895 bytesNeeded += strlenW(bits);
1896 if (!str)
1897 *pcbStr = bytesNeeded;
1898 else if (*pcbStr < bytesNeeded)
1899 {
1900 *pcbStr = bytesNeeded;
1901 SetLastError(ERROR_MORE_DATA);
1902 ret = FALSE;
1903 }
1904 else
1905 {
1906 *pcbStr = bytesNeeded;
1907 for (i = 0; i < sizeof(reason_map) / sizeof(reason_map[0]); i++)
1908 {
1909 if (reasonFlags->pbData[0] & reason_map[i].reasonBit)
1910 {
1911 strcpyW(str, reason_map[i].reason);
1912 str += strlenW(reason_map[i].reason);
1913 if (i < sizeof(reason_map) / sizeof(reason_map[0]) - 1 &&
1914 numReasons)
1915 {
1916 strcpyW(str, sep);
1917 str += strlenW(sep);
1918 }
1919 }
1920 }
1921 strcpyW(str, bits);
1922 }
1923 return ret;
1924 }
1925
1926 static WCHAR crlDistPoint[MAX_STRING_RESOURCE_LEN];
1927 static WCHAR distPointName[MAX_STRING_RESOURCE_LEN];
1928 static WCHAR fullName[MAX_STRING_RESOURCE_LEN];
1929 static WCHAR rdnName[MAX_STRING_RESOURCE_LEN];
1930 static WCHAR reason[MAX_STRING_RESOURCE_LEN];
1931 static WCHAR issuer[MAX_STRING_RESOURCE_LEN];
1932
1933 static BOOL WINAPI CRYPT_FormatCRLDistPoints(DWORD dwCertEncodingType,
1934 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1935 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1936 DWORD *pcbFormat)
1937 {
1938 CRL_DIST_POINTS_INFO *info;
1939 DWORD size;
1940 BOOL ret = FALSE;
1941
1942 if (!cbEncoded)
1943 {
1944 SetLastError(E_INVALIDARG);
1945 return FALSE;
1946 }
1947 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CRL_DIST_POINTS,
1948 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1949 {
1950 static const WCHAR numFmt[] = { '%','d',0 };
1951 static const WCHAR colon[] = { ':',0 };
1952 static BOOL stringsLoaded = FALSE;
1953 DWORD bytesNeeded = sizeof(WCHAR); /* space for NULL terminator */
1954 BOOL haveAnEntry = FALSE;
1955 LPCWSTR headingSep, nameSep;
1956 WCHAR distPointNum[11];
1957 DWORD i;
1958
1959 if (!stringsLoaded)
1960 {
1961 LoadStringW(hInstance, IDS_CRL_DIST_POINT, crlDistPoint,
1962 sizeof(crlDistPoint) / sizeof(crlDistPoint[0]));
1963 LoadStringW(hInstance, IDS_CRL_DIST_POINT_NAME, distPointName,
1964 sizeof(distPointName) / sizeof(distPointName[0]));
1965 LoadStringW(hInstance, IDS_CRL_DIST_POINT_FULL_NAME, fullName,
1966 sizeof(fullName) / sizeof(fullName[0]));
1967 LoadStringW(hInstance, IDS_CRL_DIST_POINT_RDN_NAME, rdnName,
1968 sizeof(rdnName) / sizeof(rdnName[0]));
1969 LoadStringW(hInstance, IDS_CRL_DIST_POINT_REASON, reason,
1970 sizeof(reason) / sizeof(reason[0]));
1971 LoadStringW(hInstance, IDS_CRL_DIST_POINT_ISSUER, issuer,
1972 sizeof(issuer) / sizeof(issuer[0]));
1973 stringsLoaded = TRUE;
1974 }
1975 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1976 {
1977 headingSep = crlf;
1978 nameSep = colonCrlf;
1979 }
1980 else
1981 {
1982 headingSep = colonSep;
1983 nameSep = colon;
1984 }
1985
1986 for (i = 0; ret && i < info->cDistPoint; i++)
1987 {
1988 CRL_DIST_POINT *distPoint = &info->rgDistPoint[i];
1989
1990 if (distPoint->DistPointName.dwDistPointNameChoice !=
1991 CRL_DIST_POINT_NO_NAME)
1992 {
1993 bytesNeeded += strlenW(distPointName) * sizeof(WCHAR);
1994 bytesNeeded += strlenW(nameSep) * sizeof(WCHAR);
1995 if (distPoint->DistPointName.dwDistPointNameChoice ==
1996 CRL_DIST_POINT_FULL_NAME)
1997 bytesNeeded += strlenW(fullName) * sizeof(WCHAR);
1998 else
1999 bytesNeeded += strlenW(rdnName) * sizeof(WCHAR);
2000 bytesNeeded += strlenW(nameSep) * sizeof(WCHAR);
2001 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2002 bytesNeeded += 2 * strlenW(indent) * sizeof(WCHAR);
2003 /* The indent level (3) is higher than when used as the issuer,
2004 * because the name is subordinate to the name type (full vs.
2005 * RDN.)
2006 */
2007 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 3,
2008 &distPoint->DistPointName.u.FullName, NULL, &size);
2009 if (ret)
2010 bytesNeeded += size - sizeof(WCHAR);
2011 haveAnEntry = TRUE;
2012 }
2013 else if (distPoint->ReasonFlags.cbData)
2014 {
2015 bytesNeeded += strlenW(reason) * sizeof(WCHAR);
2016 ret = CRYPT_FormatReason(dwFormatStrType,
2017 &distPoint->ReasonFlags, NULL, &size);
2018 if (ret)
2019 bytesNeeded += size - sizeof(WCHAR);
2020 haveAnEntry = TRUE;
2021 }
2022 else if (distPoint->CRLIssuer.cAltEntry)
2023 {
2024 bytesNeeded += strlenW(issuer) * sizeof(WCHAR);
2025 bytesNeeded += strlenW(nameSep) * sizeof(WCHAR);
2026 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 2,
2027 &distPoint->CRLIssuer, NULL, &size);
2028 if (ret)
2029 bytesNeeded += size - sizeof(WCHAR);
2030 haveAnEntry = TRUE;
2031 }
2032 if (haveAnEntry)
2033 {
2034 bytesNeeded += sizeof(WCHAR); /* left bracket */
2035 sprintfW(distPointNum, numFmt, i + 1);
2036 bytesNeeded += strlenW(distPointNum) * sizeof(WCHAR);
2037 bytesNeeded += sizeof(WCHAR); /* right bracket */
2038 bytesNeeded += strlenW(crlDistPoint) * sizeof(WCHAR);
2039 bytesNeeded += strlenW(headingSep) * sizeof(WCHAR);
2040 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2041 bytesNeeded += strlenW(indent) * sizeof(WCHAR);
2042 }
2043 }
2044 if (!haveAnEntry)
2045 {
2046 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
2047
2048 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
2049 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
2050 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
2051 if (!pbFormat)
2052 *pcbFormat = bytesNeeded;
2053 else if (*pcbFormat < bytesNeeded)
2054 {
2055 *pcbFormat = bytesNeeded;
2056 SetLastError(ERROR_MORE_DATA);
2057 ret = FALSE;
2058 }
2059 else
2060 {
2061 *pcbFormat = bytesNeeded;
2062 strcpyW(pbFormat, infoNotAvailable);
2063 }
2064 }
2065 else
2066 {
2067 if (!pbFormat)
2068 *pcbFormat = bytesNeeded;
2069 else if (*pcbFormat < bytesNeeded)
2070 {
2071 *pcbFormat = bytesNeeded;
2072 SetLastError(ERROR_MORE_DATA);
2073 ret = FALSE;
2074 }
2075 else
2076 {
2077 LPWSTR str = pbFormat;
2078
2079 *pcbFormat = bytesNeeded;
2080 for (i = 0; ret && i < info->cDistPoint; i++)
2081 {
2082 CRL_DIST_POINT *distPoint = &info->rgDistPoint[i];
2083
2084 *str++ = '[';
2085 sprintfW(distPointNum, numFmt, i + 1);
2086 strcpyW(str, distPointNum);
2087 str += strlenW(distPointNum);
2088 *str++ = ']';
2089 strcpyW(str, crlDistPoint);
2090 str += strlenW(crlDistPoint);
2091 strcpyW(str, headingSep);
2092 str += strlenW(headingSep);
2093 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2094 {
2095 strcpyW(str, indent);
2096 str += strlenW(indent);
2097 }
2098 if (distPoint->DistPointName.dwDistPointNameChoice !=
2099 CRL_DIST_POINT_NO_NAME)
2100 {
2101 DWORD altNameSize = bytesNeeded;
2102
2103 strcpyW(str, distPointName);
2104 str += strlenW(distPointName);
2105 strcpyW(str, nameSep);
2106 str += strlenW(nameSep);
2107 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2108 {
2109 strcpyW(str, indent);
2110 str += strlenW(indent);
2111 strcpyW(str, indent);
2112 str += strlenW(indent);
2113 }
2114 if (distPoint->DistPointName.dwDistPointNameChoice ==
2115 CRL_DIST_POINT_FULL_NAME)
2116 {
2117 strcpyW(str, fullName);
2118 str += strlenW(fullName);
2119 }
2120 else
2121 {
2122 strcpyW(str, rdnName);
2123 str += strlenW(rdnName);
2124 }
2125 strcpyW(str, nameSep);
2126 str += strlenW(nameSep);
2127 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 3,
2128 &distPoint->DistPointName.u.FullName, str,
2129 &altNameSize);
2130 if (ret)
2131 str += altNameSize / sizeof(WCHAR) - 1;
2132 }
2133 else if (distPoint->ReasonFlags.cbData)
2134 {
2135 DWORD reasonSize = bytesNeeded;
2136
2137 strcpyW(str, reason);
2138 str += strlenW(reason);
2139 ret = CRYPT_FormatReason(dwFormatStrType,
2140 &distPoint->ReasonFlags, str, &reasonSize);
2141 if (ret)
2142 str += reasonSize / sizeof(WCHAR) - 1;
2143 }
2144 else if (distPoint->CRLIssuer.cAltEntry)
2145 {
2146 DWORD crlIssuerSize = bytesNeeded;
2147
2148 strcpyW(str, issuer);
2149 str += strlenW(issuer);
2150 strcpyW(str, nameSep);
2151 str += strlenW(nameSep);
2152 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 2,
2153 &distPoint->CRLIssuer, str,
2154 &crlIssuerSize);
2155 if (ret)
2156 str += crlIssuerSize / sizeof(WCHAR) - 1;
2157 }
2158 }
2159 }
2160 }
2161 LocalFree(info);
2162 }
2163 return ret;
2164 }
2165
2166 static BOOL WINAPI CRYPT_FormatEnhancedKeyUsage(DWORD dwCertEncodingType,
2167 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2168 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2169 DWORD *pcbFormat)
2170 {
2171 CERT_ENHKEY_USAGE *usage;
2172 DWORD size;
2173 BOOL ret = FALSE;
2174
2175 if (!cbEncoded)
2176 {
2177 SetLastError(E_INVALIDARG);
2178 return FALSE;
2179 }
2180 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_ENHANCED_KEY_USAGE,
2181 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &usage, &size)))
2182 {
2183 WCHAR unknown[MAX_STRING_RESOURCE_LEN];
2184 DWORD i;
2185 DWORD bytesNeeded = sizeof(WCHAR); /* space for the NULL terminator */
2186 LPCWSTR sep;
2187 DWORD sepLen;
2188
2189 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2190 {
2191 sep = crlf;
2192 sepLen = strlenW(crlf) * sizeof(WCHAR);
2193 }
2194 else
2195 {
2196 sep = commaSpace;
2197 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
2198 }
2199
2200 LoadStringW(hInstance, IDS_USAGE_UNKNOWN, unknown,
2201 sizeof(unknown) / sizeof(unknown[0]));
2202 for (i = 0; i < usage->cUsageIdentifier; i++)
2203 {
2204 PCCRYPT_OID_INFO info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2205 usage->rgpszUsageIdentifier[i], CRYPT_ENHKEY_USAGE_OID_GROUP_ID);
2206
2207 if (info)
2208 bytesNeeded += strlenW(info->pwszName) * sizeof(WCHAR);
2209 else
2210 bytesNeeded += strlenW(unknown) * sizeof(WCHAR);
2211 bytesNeeded += sizeof(WCHAR); /* space */
2212 bytesNeeded += sizeof(WCHAR); /* left paren */
2213 bytesNeeded += strlen(usage->rgpszUsageIdentifier[i]) *
2214 sizeof(WCHAR);
2215 bytesNeeded += sizeof(WCHAR); /* right paren */
2216 if (i < usage->cUsageIdentifier - 1)
2217 bytesNeeded += sepLen;
2218 }
2219 if (!pbFormat)
2220 *pcbFormat = bytesNeeded;
2221 else if (*pcbFormat < bytesNeeded)
2222 {
2223 *pcbFormat = bytesNeeded;
2224 SetLastError(ERROR_MORE_DATA);
2225 ret = FALSE;
2226 }
2227 else
2228 {
2229 LPWSTR str = pbFormat;
2230
2231 *pcbFormat = bytesNeeded;
2232 for (i = 0; i < usage->cUsageIdentifier; i++)
2233 {
2234 PCCRYPT_OID_INFO info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2235 usage->rgpszUsageIdentifier[i],
2236 CRYPT_ENHKEY_USAGE_OID_GROUP_ID);
2237 LPCSTR oidPtr;
2238
2239 if (info)
2240 {
2241 strcpyW(str, info->pwszName);
2242 str += strlenW(info->pwszName);
2243 }
2244 else
2245 {
2246 strcpyW(str, unknown);
2247 str += strlenW(unknown);
2248 }
2249 *str++ = ' ';
2250 *str++ = '(';
2251 for (oidPtr = usage->rgpszUsageIdentifier[i]; *oidPtr; oidPtr++)
2252 *str++ = *oidPtr;
2253 *str++ = ')';
2254 *str = 0;
2255 if (i < usage->cUsageIdentifier - 1)
2256 {
2257 strcpyW(str, sep);
2258 str += sepLen / sizeof(WCHAR);
2259 }
2260 }
2261 }
2262 LocalFree(usage);
2263 }
2264 return ret;
2265 }
2266
2267 static struct BitToString netscapeCertTypeMap[] = {
2268 { NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE, IDS_NETSCAPE_SSL_CLIENT, { 0 } },
2269 { NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE, IDS_NETSCAPE_SSL_SERVER, { 0 } },
2270 { NETSCAPE_SMIME_CERT_TYPE, IDS_NETSCAPE_SMIME, { 0 } },
2271 { NETSCAPE_SIGN_CERT_TYPE, IDS_NETSCAPE_SIGN, { 0 } },
2272 { NETSCAPE_SSL_CA_CERT_TYPE, IDS_NETSCAPE_SSL_CA, { 0 } },
2273 { NETSCAPE_SMIME_CA_CERT_TYPE, IDS_NETSCAPE_SMIME_CA, { 0 } },
2274 { NETSCAPE_SIGN_CA_CERT_TYPE, IDS_NETSCAPE_SIGN_CA, { 0 } },
2275 };
2276
2277 static BOOL WINAPI CRYPT_FormatNetscapeCertType(DWORD dwCertEncodingType,
2278 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2279 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2280 DWORD *pcbFormat)
2281 {
2282 DWORD size;
2283 CRYPT_BIT_BLOB *bits;
2284 BOOL ret;
2285
2286 if (!cbEncoded)
2287 {
2288 SetLastError(E_INVALIDARG);
2289 return FALSE;
2290 }
2291 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BITS,
2292 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &bits, &size)))
2293 {
2294 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
2295 DWORD bytesNeeded = sizeof(WCHAR);
2296
2297 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
2298 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
2299 if (!bits->cbData || bits->cbData > 1)
2300 {
2301 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
2302 if (!pbFormat)
2303 *pcbFormat = bytesNeeded;
2304 else if (*pcbFormat < bytesNeeded)
2305 {
2306 *pcbFormat = bytesNeeded;
2307 SetLastError(ERROR_MORE_DATA);
2308 ret = FALSE;
2309 }
2310 else
2311 {
2312 LPWSTR str = pbFormat;
2313
2314 *pcbFormat = bytesNeeded;
2315 strcpyW(str, infoNotAvailable);
2316 }
2317 }
2318 else
2319 {
2320 static BOOL stringsLoaded = FALSE;
2321 int i;
2322 DWORD bitStringLen;
2323 BOOL first = TRUE;
2324
2325 if (!stringsLoaded)
2326 {
2327 for (i = 0; i < sizeof(netscapeCertTypeMap) /
2328 sizeof(netscapeCertTypeMap[0]); i++)
2329 LoadStringW(hInstance, netscapeCertTypeMap[i].id,
2330 netscapeCertTypeMap[i].str, MAX_STRING_RESOURCE_LEN);
2331 stringsLoaded = TRUE;
2332 }
2333 CRYPT_FormatBits(bits->pbData[0], netscapeCertTypeMap,
2334 sizeof(netscapeCertTypeMap) / sizeof(netscapeCertTypeMap[0]),
2335 NULL, &bitStringLen, &first);
2336 bytesNeeded += bitStringLen;
2337 bytesNeeded += 3 * sizeof(WCHAR); /* " (" + ")" */
2338 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
2339 bits->cbData, NULL, &size);
2340 bytesNeeded += size;
2341 if (!pbFormat)
2342 *pcbFormat = bytesNeeded;
2343 else if (*pcbFormat < bytesNeeded)
2344 {
2345 *pcbFormat = bytesNeeded;
2346 SetLastError(ERROR_MORE_DATA);
2347 ret = FALSE;
2348 }
2349 else
2350 {
2351 LPWSTR str = pbFormat;
2352
2353 bitStringLen = bytesNeeded;
2354 first = TRUE;
2355 CRYPT_FormatBits(bits->pbData[0], netscapeCertTypeMap,
2356 sizeof(netscapeCertTypeMap) / sizeof(netscapeCertTypeMap[0]),
2357 str, &bitStringLen, &first);
2358 str += bitStringLen / sizeof(WCHAR) - 1;
2359 *str++ = ' ';
2360 *str++ = '(';
2361 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
2362 bits->cbData, str, &size);
2363 str += size / sizeof(WCHAR) - 1;
2364 *str++ = ')';
2365 *str = 0;
2366 }
2367 }
2368 LocalFree(bits);
2369 }
2370 return ret;
2371 }
2372
2373 static WCHAR financialCriteria[MAX_STRING_RESOURCE_LEN];
2374 static WCHAR available[MAX_STRING_RESOURCE_LEN];
2375 static WCHAR notAvailable[MAX_STRING_RESOURCE_LEN];
2376 static WCHAR meetsCriteria[MAX_STRING_RESOURCE_LEN];
2377 static WCHAR yes[MAX_STRING_RESOURCE_LEN];
2378 static WCHAR no[MAX_STRING_RESOURCE_LEN];
2379
2380 static BOOL WINAPI CRYPT_FormatSpcFinancialCriteria(DWORD dwCertEncodingType,
2381 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2382 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2383 DWORD *pcbFormat)
2384 {
2385 SPC_FINANCIAL_CRITERIA criteria;
2386 DWORD size = sizeof(criteria);
2387 BOOL ret = FALSE;
2388
2389 if (!cbEncoded)
2390 {
2391 SetLastError(E_INVALIDARG);
2392 return FALSE;
2393 }
2394 if ((ret = CryptDecodeObjectEx(dwCertEncodingType,
2395 SPC_FINANCIAL_CRITERIA_STRUCT, pbEncoded, cbEncoded, 0, NULL, &criteria,
2396 &size)))
2397 {
2398 static BOOL stringsLoaded = FALSE;
2399 DWORD bytesNeeded = sizeof(WCHAR);
2400 LPCWSTR sep;
2401 DWORD sepLen;
2402
2403 if (!stringsLoaded)
2404 {
2405 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA, financialCriteria,
2406 sizeof(financialCriteria) / sizeof(financialCriteria[0]));
2407 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA_AVAILABLE, available,
2408 sizeof(available) / sizeof(available[0]));
2409 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA_NOT_AVAILABLE,
2410 notAvailable, sizeof(notAvailable) / sizeof(notAvailable[0]));
2411 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA_MEETS_CRITERIA,
2412 meetsCriteria, sizeof(meetsCriteria) / sizeof(meetsCriteria[0]));
2413 LoadStringW(hInstance, IDS_YES, yes, sizeof(yes) / sizeof(yes[0]));
2414 LoadStringW(hInstance, IDS_NO, no, sizeof(no) / sizeof(no[0]));
2415 stringsLoaded = TRUE;
2416 }
2417 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2418 {
2419 sep = crlf;
2420 sepLen = strlenW(crlf) * sizeof(WCHAR);
2421 }
2422 else
2423 {
2424 sep = commaSpace;
2425 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
2426 }
2427 bytesNeeded += strlenW(financialCriteria) * sizeof(WCHAR);
2428 if (criteria.fFinancialInfoAvailable)
2429 {
2430 bytesNeeded += strlenW(available) * sizeof(WCHAR);
2431 bytesNeeded += sepLen;
2432 bytesNeeded += strlenW(meetsCriteria) * sizeof(WCHAR);
2433 if (criteria.fMeetsCriteria)
2434 bytesNeeded += strlenW(yes) * sizeof(WCHAR);
2435 else
2436 bytesNeeded += strlenW(no) * sizeof(WCHAR);
2437 }
2438 else
2439 bytesNeeded += strlenW(notAvailable) * sizeof(WCHAR);
2440 if (!pbFormat)
2441 *pcbFormat = bytesNeeded;
2442 else if (*pcbFormat < bytesNeeded)
2443 {
2444 *pcbFormat = bytesNeeded;
2445 SetLastError(ERROR_MORE_DATA);
2446 ret = FALSE;
2447 }
2448 else
2449 {
2450 LPWSTR str = pbFormat;
2451
2452 *pcbFormat = bytesNeeded;
2453 strcpyW(str, financialCriteria);
2454 str += strlenW(financialCriteria);
2455 if (criteria.fFinancialInfoAvailable)
2456 {
2457 strcpyW(str, available);
2458 str += strlenW(available);
2459 strcpyW(str, sep);
2460 str += sepLen / sizeof(WCHAR);
2461 strcpyW(str, meetsCriteria);
2462 str += strlenW(meetsCriteria);
2463 if (criteria.fMeetsCriteria)
2464 strcpyW(str, yes);
2465 else
2466 strcpyW(str, no);
2467 }
2468 else
2469 {
2470 strcpyW(str, notAvailable);
2471 str += strlenW(notAvailable);
2472 }
2473 }
2474 }
2475 return ret;
2476 }
2477
2478 static BOOL WINAPI CRYPT_FormatUnicodeString(DWORD dwCertEncodingType,
2479 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2480 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2481 DWORD *pcbFormat)
2482 {
2483 CERT_NAME_VALUE *value;
2484 DWORD size;
2485 BOOL ret;
2486
2487 if (!cbEncoded)
2488 {
2489 SetLastError(E_INVALIDARG);
2490 return FALSE;
2491 }
2492 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_UNICODE_ANY_STRING,
2493 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &value, &size)))
2494 {
2495 if (!pbFormat)
2496 *pcbFormat = value->Value.cbData;
2497 else if (*pcbFormat < value->Value.cbData)
2498 {
2499 *pcbFormat = value->Value.cbData;
2500 SetLastError(ERROR_MORE_DATA);
2501 ret = FALSE;
2502 }
2503 else
2504 {
2505 LPWSTR str = pbFormat;
2506
2507 *pcbFormat = value->Value.cbData;
2508 strcpyW(str, (LPWSTR)value->Value.pbData);
2509 }
2510 }
2511 return ret;
2512 }
2513
2514 typedef BOOL (WINAPI *CryptFormatObjectFunc)(DWORD, DWORD, DWORD, void *,
2515 LPCSTR, const BYTE *, DWORD, void *, DWORD *);
2516
2517 static CryptFormatObjectFunc CRYPT_GetBuiltinFormatFunction(DWORD encodingType,
2518 DWORD formatStrType, LPCSTR lpszStructType)
2519 {
2520 CryptFormatObjectFunc format = NULL;
2521
2522 if ((encodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
2523 {
2524 SetLastError(ERROR_FILE_NOT_FOUND);
2525 return NULL;
2526 }
2527 if (IS_INTOID(lpszStructType))
2528 {
2529 switch (LOWORD(lpszStructType))
2530 {
2531 case LOWORD(X509_KEY_USAGE):
2532 format = CRYPT_FormatKeyUsage;
2533 break;
2534 case LOWORD(X509_ALTERNATE_NAME):
2535 format = CRYPT_FormatAltName;
2536 break;
2537 case LOWORD(X509_BASIC_CONSTRAINTS2):
2538 format = CRYPT_FormatBasicConstraints2;
2539 break;
2540 case LOWORD(X509_AUTHORITY_KEY_ID2):
2541 format = CRYPT_FormatAuthorityKeyId2;
2542 break;
2543 case LOWORD(X509_AUTHORITY_INFO_ACCESS):
2544 format = CRYPT_FormatAuthorityInfoAccess;
2545 break;
2546 case LOWORD(X509_CRL_DIST_POINTS):
2547 format = CRYPT_FormatCRLDistPoints;
2548 break;
2549 case LOWORD(X509_ENHANCED_KEY_USAGE):
2550 format = CRYPT_FormatEnhancedKeyUsage;
2551 break;
2552 case LOWORD(SPC_FINANCIAL_CRITERIA_STRUCT):
2553 format = CRYPT_FormatSpcFinancialCriteria;
2554 break;
2555 }
2556 }
2557 else if (!strcmp(lpszStructType, szOID_SUBJECT_ALT_NAME))
2558 format = CRYPT_FormatAltName;
2559 else if (!strcmp(lpszStructType, szOID_ISSUER_ALT_NAME))
2560 format = CRYPT_FormatAltName;
2561 else if (!strcmp(lpszStructType, szOID_KEY_USAGE))
2562 format = CRYPT_FormatKeyUsage;
2563 else if (!strcmp(lpszStructType, szOID_SUBJECT_ALT_NAME2))
2564 format = CRYPT_FormatAltName;
2565 else if (!strcmp(lpszStructType, szOID_ISSUER_ALT_NAME2))
2566 format = CRYPT_FormatAltName;
2567 else if (!strcmp(lpszStructType, szOID_BASIC_CONSTRAINTS2))
2568 format = CRYPT_FormatBasicConstraints2;
2569 else if (!strcmp(lpszStructType, szOID_AUTHORITY_INFO_ACCESS))
2570 format = CRYPT_FormatAuthorityInfoAccess;
2571 else if (!strcmp(lpszStructType, szOID_AUTHORITY_KEY_IDENTIFIER2))
2572 format = CRYPT_FormatAuthorityKeyId2;
2573 else if (!strcmp(lpszStructType, szOID_CRL_DIST_POINTS))
2574 format = CRYPT_FormatCRLDistPoints;
2575 else if (!strcmp(lpszStructType, szOID_ENHANCED_KEY_USAGE))
2576 format = CRYPT_FormatEnhancedKeyUsage;
2577 else if (!strcmp(lpszStructType, szOID_NETSCAPE_CERT_TYPE))
2578 format = CRYPT_FormatNetscapeCertType;
2579 else if (!strcmp(lpszStructType, szOID_NETSCAPE_BASE_URL) ||
2580 !strcmp(lpszStructType, szOID_NETSCAPE_REVOCATION_URL) ||
2581 !strcmp(lpszStructType, szOID_NETSCAPE_CA_REVOCATION_URL) ||
2582 !strcmp(lpszStructType, szOID_NETSCAPE_CERT_RENEWAL_URL) ||
2583 !strcmp(lpszStructType, szOID_NETSCAPE_CA_POLICY_URL) ||
2584 !strcmp(lpszStructType, szOID_NETSCAPE_SSL_SERVER_NAME) ||
2585 !strcmp(lpszStructType, szOID_NETSCAPE_COMMENT))
2586 format = CRYPT_FormatUnicodeString;
2587 else if (!strcmp(lpszStructType, SPC_FINANCIAL_CRITERIA_OBJID))
2588 format = CRYPT_FormatSpcFinancialCriteria;
2589 return format;
2590 }
2591
2592 BOOL WINAPI CryptFormatObject(DWORD dwCertEncodingType, DWORD dwFormatType,
2593 DWORD dwFormatStrType, void *pFormatStruct, LPCSTR lpszStructType,
2594 const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat, DWORD *pcbFormat)
2595 {
2596 CryptFormatObjectFunc format = NULL;
2597 HCRYPTOIDFUNCADDR hFunc = NULL;
2598 BOOL ret = FALSE;
2599
2600 TRACE("(%08x, %d, %08x, %p, %s, %p, %d, %p, %p)\n", dwCertEncodingType,
2601 dwFormatType, dwFormatStrType, pFormatStruct, debugstr_a(lpszStructType),
2602 pbEncoded, cbEncoded, pbFormat, pcbFormat);
2603
2604 if (!(format = CRYPT_GetBuiltinFormatFunction(dwCertEncodingType,
2605 dwFormatStrType, lpszStructType)))
2606 {
2607 static HCRYPTOIDFUNCSET set = NULL;
2608
2609 if (!set)
2610 set = CryptInitOIDFunctionSet(CRYPT_OID_FORMAT_OBJECT_FUNC, 0);
2611 CryptGetOIDFunctionAddress(set, dwCertEncodingType, lpszStructType, 0,
2612 (void **)&format, &hFunc);
2613 }
2614 if (!format && (dwCertEncodingType & CERT_ENCODING_TYPE_MASK) ==
2615 X509_ASN_ENCODING && !(dwFormatStrType & CRYPT_FORMAT_STR_NO_HEX))
2616 format = CRYPT_FormatHexString;
2617 if (format)
2618 ret = format(dwCertEncodingType, dwFormatType, dwFormatStrType,
2619 pFormatStruct, lpszStructType, pbEncoded, cbEncoded, pbFormat,
2620 pcbFormat);
2621 if (hFunc)
2622 CryptFreeOIDFunctionAddress(hFunc, 0);
2623 return ret;
2624 }
Windows API implementation