2 * Copyright 2006 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
25 #include "wine/debug.h"
26 #include "crypt32_private.h"
28 WINE_DEFAULT_DEBUG_CHANNEL(crypt
);
30 PCCRL_CONTEXT WINAPI
CertCreateCRLContext(DWORD dwCertEncodingType
,
31 const BYTE
* pbCrlEncoded
, DWORD cbCrlEncoded
)
33 PCRL_CONTEXT crl
= NULL
;
35 PCRL_INFO crlInfo
= NULL
;
38 TRACE("(%08x, %p, %d)\n", dwCertEncodingType
, pbCrlEncoded
,
41 if ((dwCertEncodingType
& CERT_ENCODING_TYPE_MASK
) != X509_ASN_ENCODING
)
43 SetLastError(E_INVALIDARG
);
46 ret
= CryptDecodeObjectEx(dwCertEncodingType
, X509_CERT_CRL_TO_BE_SIGNED
,
47 pbCrlEncoded
, cbCrlEncoded
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
48 (BYTE
*)&crlInfo
, &size
);
53 crl
= (PCRL_CONTEXT
)Context_CreateDataContext(sizeof(CRL_CONTEXT
));
56 data
= CryptMemAlloc(cbCrlEncoded
);
63 memcpy(data
, pbCrlEncoded
, cbCrlEncoded
);
64 crl
->dwCertEncodingType
= dwCertEncodingType
;
65 crl
->pbCrlEncoded
= data
;
66 crl
->cbCrlEncoded
= cbCrlEncoded
;
67 crl
->pCrlInfo
= crlInfo
;
72 return (PCCRL_CONTEXT
)crl
;
75 BOOL WINAPI
CertAddEncodedCRLToStore(HCERTSTORE hCertStore
,
76 DWORD dwCertEncodingType
, const BYTE
*pbCrlEncoded
, DWORD cbCrlEncoded
,
77 DWORD dwAddDisposition
, PCCRL_CONTEXT
*ppCrlContext
)
79 PCCRL_CONTEXT crl
= CertCreateCRLContext(dwCertEncodingType
,
80 pbCrlEncoded
, cbCrlEncoded
);
83 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore
, dwCertEncodingType
,
84 pbCrlEncoded
, cbCrlEncoded
, dwAddDisposition
, ppCrlContext
);
88 ret
= CertAddCRLContextToStore(hCertStore
, crl
, dwAddDisposition
,
90 CertFreeCRLContext(crl
);
97 typedef BOOL (*CrlCompareFunc
)(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
98 DWORD dwFlags
, const void *pvPara
);
100 static BOOL
compare_crl_any(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
101 DWORD dwFlags
, const void *pvPara
)
106 static BOOL
compare_crl_issued_by(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
107 DWORD dwFlags
, const void *pvPara
)
113 PCCERT_CONTEXT issuer
= (PCCERT_CONTEXT
)pvPara
;
115 ret
= CertCompareCertificateName(issuer
->dwCertEncodingType
,
116 &issuer
->pCertInfo
->Issuer
, &pCrlContext
->pCrlInfo
->Issuer
);
123 static BOOL
compare_crl_existing(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
124 DWORD dwFlags
, const void *pvPara
)
130 PCCRL_CONTEXT crl
= (PCCRL_CONTEXT
)pvPara
;
132 ret
= CertCompareCertificateName(pCrlContext
->dwCertEncodingType
,
133 &pCrlContext
->pCrlInfo
->Issuer
, &crl
->pCrlInfo
->Issuer
);
140 PCCRL_CONTEXT WINAPI
CertFindCRLInStore(HCERTSTORE hCertStore
,
141 DWORD dwCertEncodingType
, DWORD dwFindFlags
, DWORD dwFindType
,
142 const void *pvFindPara
, PCCRL_CONTEXT pPrevCrlContext
)
145 CrlCompareFunc compare
;
147 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore
, dwCertEncodingType
,
148 dwFindFlags
, dwFindType
, pvFindPara
, pPrevCrlContext
);
153 compare
= compare_crl_any
;
155 case CRL_FIND_ISSUED_BY
:
156 compare
= compare_crl_issued_by
;
158 case CRL_FIND_EXISTING
:
159 compare
= compare_crl_existing
;
162 FIXME("find type %08x unimplemented\n", dwFindType
);
168 BOOL matches
= FALSE
;
170 ret
= pPrevCrlContext
;
172 ret
= CertEnumCRLsInStore(hCertStore
, ret
);
174 matches
= compare(ret
, dwFindType
, dwFindFlags
, pvFindPara
);
175 } while (ret
!= NULL
&& !matches
);
177 SetLastError(CRYPT_E_NOT_FOUND
);
181 SetLastError(CRYPT_E_NOT_FOUND
);
187 PCCRL_CONTEXT WINAPI
CertGetCRLFromStore(HCERTSTORE hCertStore
,
188 PCCERT_CONTEXT pIssuerContext
, PCCRL_CONTEXT pPrevCrlContext
, DWORD
*pdwFlags
)
190 static const DWORD supportedFlags
= CERT_STORE_SIGNATURE_FLAG
|
191 CERT_STORE_TIME_VALIDITY_FLAG
| CERT_STORE_BASE_CRL_FLAG
|
192 CERT_STORE_DELTA_CRL_FLAG
;
195 TRACE("(%p, %p, %p, %08x)\n", hCertStore
, pIssuerContext
, pPrevCrlContext
,
198 if (*pdwFlags
& ~supportedFlags
)
200 SetLastError(E_INVALIDARG
);
204 ret
= CertFindCRLInStore(hCertStore
, pIssuerContext
->dwCertEncodingType
,
205 0, CRL_FIND_ISSUED_BY
, pIssuerContext
, pPrevCrlContext
);
207 ret
= CertFindCRLInStore(hCertStore
, 0, 0, CRL_FIND_ANY
, NULL
,
211 if (*pdwFlags
& CERT_STORE_TIME_VALIDITY_FLAG
)
213 if (0 == CertVerifyCRLTimeValidity(NULL
, ret
->pCrlInfo
))
214 *pdwFlags
&= ~CERT_STORE_TIME_VALIDITY_FLAG
;
216 if (*pdwFlags
& CERT_STORE_SIGNATURE_FLAG
)
218 if (CryptVerifyCertificateSignatureEx(0, ret
->dwCertEncodingType
,
219 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL
, (void *)ret
,
220 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
, (void *)pIssuerContext
, 0,
222 *pdwFlags
&= ~CERT_STORE_SIGNATURE_FLAG
;
228 PCCRL_CONTEXT WINAPI
CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext
)
230 TRACE("(%p)\n", pCrlContext
);
231 Context_AddRef((void *)pCrlContext
, sizeof(CRL_CONTEXT
));
235 static void CrlDataContext_Free(void *context
)
237 PCRL_CONTEXT crlContext
= (PCRL_CONTEXT
)context
;
239 CryptMemFree(crlContext
->pbCrlEncoded
);
240 LocalFree(crlContext
->pCrlInfo
);
243 BOOL WINAPI
CertFreeCRLContext( PCCRL_CONTEXT pCrlContext
)
245 TRACE("(%p)\n", pCrlContext
);
248 Context_Release((void *)pCrlContext
, sizeof(CRL_CONTEXT
),
249 CrlDataContext_Free
);
253 DWORD WINAPI
CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext
,
256 PCONTEXT_PROPERTY_LIST properties
= Context_GetProperties(
257 (void *)pCRLContext
, sizeof(CRL_CONTEXT
));
260 TRACE("(%p, %d)\n", pCRLContext
, dwPropId
);
263 ret
= ContextPropertyList_EnumPropIDs(properties
, dwPropId
);
269 static BOOL
CRLContext_SetProperty(PCCRL_CONTEXT context
, DWORD dwPropId
,
270 DWORD dwFlags
, const void *pvData
);
272 static BOOL
CRLContext_GetHashProp(PCCRL_CONTEXT context
, DWORD dwPropId
,
273 ALG_ID algID
, const BYTE
*toHash
, DWORD toHashLen
, void *pvData
,
276 BOOL ret
= CryptHashCertificate(0, algID
, 0, toHash
, toHashLen
, pvData
,
280 CRYPT_DATA_BLOB blob
= { *pcbData
, pvData
};
282 ret
= CRLContext_SetProperty(context
, dwPropId
, 0, &blob
);
287 static BOOL
CRLContext_GetProperty(PCCRL_CONTEXT context
, DWORD dwPropId
,
288 void *pvData
, DWORD
*pcbData
)
290 PCONTEXT_PROPERTY_LIST properties
=
291 Context_GetProperties(context
, sizeof(CRL_CONTEXT
));
293 CRYPT_DATA_BLOB blob
;
295 TRACE("(%p, %d, %p, %p)\n", context
, dwPropId
, pvData
, pcbData
);
298 ret
= ContextPropertyList_FindProperty(properties
, dwPropId
, &blob
);
304 *pcbData
= blob
.cbData
;
305 else if (*pcbData
< blob
.cbData
)
307 SetLastError(ERROR_MORE_DATA
);
308 *pcbData
= blob
.cbData
;
313 memcpy(pvData
, blob
.pbData
, blob
.cbData
);
314 *pcbData
= blob
.cbData
;
319 /* Implicit properties */
322 case CERT_SHA1_HASH_PROP_ID
:
323 ret
= CRLContext_GetHashProp(context
, dwPropId
, CALG_SHA1
,
324 context
->pbCrlEncoded
, context
->cbCrlEncoded
, pvData
,
327 case CERT_MD5_HASH_PROP_ID
:
328 ret
= CRLContext_GetHashProp(context
, dwPropId
, CALG_MD5
,
329 context
->pbCrlEncoded
, context
->cbCrlEncoded
, pvData
,
333 SetLastError(CRYPT_E_NOT_FOUND
);
336 TRACE("returning %d\n", ret
);
340 BOOL WINAPI
CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext
,
341 DWORD dwPropId
, void *pvData
, DWORD
*pcbData
)
345 TRACE("(%p, %d, %p, %p)\n", pCRLContext
, dwPropId
, pvData
, pcbData
);
350 case CERT_CERT_PROP_ID
:
351 case CERT_CRL_PROP_ID
:
352 case CERT_CTL_PROP_ID
:
353 SetLastError(E_INVALIDARG
);
356 case CERT_ACCESS_STATE_PROP_ID
:
359 *pcbData
= sizeof(DWORD
);
362 else if (*pcbData
< sizeof(DWORD
))
364 SetLastError(ERROR_MORE_DATA
);
365 *pcbData
= sizeof(DWORD
);
370 if (pCRLContext
->hCertStore
)
371 ret
= CertGetStoreProperty(pCRLContext
->hCertStore
, dwPropId
,
374 *(DWORD
*)pvData
= 0;
379 ret
= CRLContext_GetProperty(pCRLContext
, dwPropId
, pvData
,
385 static BOOL
CRLContext_SetProperty(PCCRL_CONTEXT context
, DWORD dwPropId
,
386 DWORD dwFlags
, const void *pvData
)
388 PCONTEXT_PROPERTY_LIST properties
=
389 Context_GetProperties(context
, sizeof(CERT_CONTEXT
));
392 TRACE("(%p, %d, %08x, %p)\n", context
, dwPropId
, dwFlags
, pvData
);
398 ContextPropertyList_RemoveProperty(properties
, dwPropId
);
405 case CERT_AUTO_ENROLL_PROP_ID
:
406 case CERT_CTL_USAGE_PROP_ID
: /* same as CERT_ENHKEY_USAGE_PROP_ID */
407 case CERT_DESCRIPTION_PROP_ID
:
408 case CERT_FRIENDLY_NAME_PROP_ID
:
409 case CERT_HASH_PROP_ID
:
410 case CERT_KEY_IDENTIFIER_PROP_ID
:
411 case CERT_MD5_HASH_PROP_ID
:
412 case CERT_NEXT_UPDATE_LOCATION_PROP_ID
:
413 case CERT_PUBKEY_ALG_PARA_PROP_ID
:
414 case CERT_PVK_FILE_PROP_ID
:
415 case CERT_SIGNATURE_HASH_PROP_ID
:
416 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID
:
417 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID
:
418 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID
:
419 case CERT_ENROLLMENT_PROP_ID
:
420 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID
:
421 case CERT_RENEWAL_PROP_ID
:
423 PCRYPT_DATA_BLOB blob
= (PCRYPT_DATA_BLOB
)pvData
;
425 ret
= ContextPropertyList_SetProperty(properties
, dwPropId
,
426 blob
->pbData
, blob
->cbData
);
429 case CERT_DATE_STAMP_PROP_ID
:
430 ret
= ContextPropertyList_SetProperty(properties
, dwPropId
,
431 (const BYTE
*)pvData
, sizeof(FILETIME
));
434 FIXME("%d: stub\n", dwPropId
);
438 TRACE("returning %d\n", ret
);
442 BOOL WINAPI
CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext
,
443 DWORD dwPropId
, DWORD dwFlags
, const void *pvData
)
447 TRACE("(%p, %d, %08x, %p)\n", pCRLContext
, dwPropId
, dwFlags
, pvData
);
449 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
450 * crashes on most of these, I'll be safer.
455 case CERT_ACCESS_STATE_PROP_ID
:
456 case CERT_CERT_PROP_ID
:
457 case CERT_CRL_PROP_ID
:
458 case CERT_CTL_PROP_ID
:
459 SetLastError(E_INVALIDARG
);
462 ret
= CRLContext_SetProperty(pCRLContext
, dwPropId
, dwFlags
, pvData
);
463 TRACE("returning %d\n", ret
);
467 BOOL WINAPI
CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert
,
468 PCCRL_CONTEXT pCrl
, DWORD dwFlags
, void *pvReserved
)
470 TRACE("(%p, %p, %08x, %p)\n", pCert
, pCrl
, dwFlags
, pvReserved
);
474 static PCRL_ENTRY
CRYPT_FindCertificateInCRL(PCERT_INFO cert
, const CRL_INFO
*crl
)
477 PCRL_ENTRY entry
= NULL
;
479 for (i
= 0; !entry
&& i
< crl
->cCRLEntry
; i
++)
480 if (CertCompareIntegerBlob(&crl
->rgCRLEntry
[i
].SerialNumber
,
481 &cert
->SerialNumber
))
482 entry
= &crl
->rgCRLEntry
[i
];
486 BOOL WINAPI
CertFindCertificateInCRL(PCCERT_CONTEXT pCert
,
487 PCCRL_CONTEXT pCrlContext
, DWORD dwFlags
, void *pvReserved
,
488 PCRL_ENTRY
*ppCrlEntry
)
490 TRACE("(%p, %p, %08x, %p, %p)\n", pCert
, pCrlContext
, dwFlags
, pvReserved
,
493 *ppCrlEntry
= CRYPT_FindCertificateInCRL(pCert
->pCertInfo
,
494 pCrlContext
->pCrlInfo
);
498 BOOL WINAPI
CertVerifyCRLRevocation(DWORD dwCertEncodingType
,
499 PCERT_INFO pCertId
, DWORD cCrlInfo
, PCRL_INFO rgpCrlInfo
[])
502 PCRL_ENTRY entry
= NULL
;
504 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType
, pCertId
, cCrlInfo
,
507 for (i
= 0; !entry
&& i
< cCrlInfo
; i
++)
508 entry
= CRYPT_FindCertificateInCRL(pCertId
, rgpCrlInfo
[i
]);
509 return entry
== NULL
;
512 LONG WINAPI
CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify
,
520 GetSystemTimeAsFileTime(&fileTime
);
521 pTimeToVerify
= &fileTime
;
523 if ((ret
= CompareFileTime(pTimeToVerify
, &pCrlInfo
->ThisUpdate
)) >= 0)
525 ret
= CompareFileTime(pTimeToVerify
, &pCrlInfo
->NextUpdate
);