search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: Moved CertAddCertificateContextToStore to cert.c.
[wine.git] / dlls / crypt32 / cert.c
blob2c96419b108cecd6f4c42696bfb9ea91277aaea0
1 /*
2 * Copyright 2004-2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22
23 #define NONAMELESSUNION
24 #include "windef.h"
25 #include "winbase.h"
26 #include "wincrypt.h"
27 #include "winnls.h"
28 #include "rpc.h"
29 #include "wine/debug.h"
30 #include "wine/unicode.h"
31 #include "crypt32_private.h"
32
33 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
34
35 /* Internal version of CertGetCertificateContextProperty that gets properties
36 * directly from the context (or the context it's linked to, depending on its
37 * type.) Doesn't handle special-case properties, since they are handled by
38 * CertGetCertificateContextProperty, and are particular to the store in which
39 * the property exists (which is separate from the context.)
40 */
41 static BOOL CertContext_GetProperty(void *context, DWORD dwPropId,
42 void *pvData, DWORD *pcbData);
43
44 /* Internal version of CertSetCertificateContextProperty that sets properties
45 * directly on the context (or the context it's linked to, depending on its
46 * type.) Doesn't handle special cases, since they're handled by
47 * CertSetCertificateContextProperty anyway.
48 */
49 static BOOL CertContext_SetProperty(void *context, DWORD dwPropId,
50 DWORD dwFlags, const void *pvData);
51
52 BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore,
53 DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded,
54 DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
55 {
56 PCCERT_CONTEXT cert = CertCreateCertificateContext(dwCertEncodingType,
57 pbCertEncoded, cbCertEncoded);
58 BOOL ret;
59
60 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
61 pbCertEncoded, cbCertEncoded, dwAddDisposition, ppCertContext);
62
63 if (cert)
64 {
65 ret = CertAddCertificateContextToStore(hCertStore, cert,
66 dwAddDisposition, ppCertContext);
67 CertFreeCertificateContext(cert);
68 }
69 else
70 ret = FALSE;
71 return ret;
72 }
73
74 BOOL WINAPI CertAddEncodedCertificateToSystemStoreA(LPCSTR pszCertStoreName,
75 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
76 {
77 HCERTSTORE store;
78 BOOL ret = FALSE;
79
80 TRACE("(%s, %p, %d)\n", debugstr_a(pszCertStoreName), pbCertEncoded,
81 cbCertEncoded);
82
83 store = CertOpenSystemStoreA(0, pszCertStoreName);
84 if (store)
85 {
86 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
87 pbCertEncoded, cbCertEncoded, CERT_STORE_ADD_USE_EXISTING, NULL);
88 CertCloseStore(store, 0);
89 }
90 return ret;
91 }
92
93 BOOL WINAPI CertAddEncodedCertificateToSystemStoreW(LPCWSTR pszCertStoreName,
94 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
95 {
96 HCERTSTORE store;
97 BOOL ret = FALSE;
98
99 TRACE("(%s, %p, %d)\n", debugstr_w(pszCertStoreName), pbCertEncoded,
100 cbCertEncoded);
101
102 store = CertOpenSystemStoreW(0, pszCertStoreName);
103 if (store)
104 {
105 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
106 pbCertEncoded, cbCertEncoded, CERT_STORE_ADD_USE_EXISTING, NULL);
107 CertCloseStore(store, 0);
108 }
109 return ret;
110 }
111
112 static void Cert_free(context_t *context)
113 {
114 cert_t *cert = (cert_t*)context;
115
116 CryptMemFree(cert->ctx.pbCertEncoded);
117 LocalFree(cert->ctx.pCertInfo);
118 }
119
120 static const context_vtbl_t cert_vtbl = {
121 Cert_free
122 };
123
124 BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore,
125 PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition,
126 PCCERT_CONTEXT *ppStoreContext)
127 {
128 WINECRYPT_CERTSTORE *store = hCertStore;
129 BOOL ret = TRUE;
130 PCCERT_CONTEXT toAdd = NULL, existing = NULL;
131
132 TRACE("(%p, %p, %08x, %p)\n", hCertStore, pCertContext,
133 dwAddDisposition, ppStoreContext);
134
135 switch (dwAddDisposition)
136 {
137 case CERT_STORE_ADD_ALWAYS:
138 break;
139 case CERT_STORE_ADD_NEW:
140 case CERT_STORE_ADD_REPLACE_EXISTING:
141 case CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES:
142 case CERT_STORE_ADD_USE_EXISTING:
143 case CERT_STORE_ADD_NEWER:
144 case CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES:
145 {
146 BYTE hashToAdd[20];
147 DWORD size = sizeof(hashToAdd);
148
149 ret = CertGetCertificateContextProperty(pCertContext, CERT_HASH_PROP_ID,
150 hashToAdd, &size);
151 if (ret)
152 {
153 CRYPT_HASH_BLOB blob = { sizeof(hashToAdd), hashToAdd };
154
155 existing = CertFindCertificateInStore(hCertStore,
156 pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob,
157 NULL);
158 }
159 break;
160 }
161 default:
162 FIXME("Unimplemented add disposition %d\n", dwAddDisposition);
163 SetLastError(E_INVALIDARG);
164 ret = FALSE;
165 }
166
167 switch (dwAddDisposition)
168 {
169 case CERT_STORE_ADD_ALWAYS:
170 toAdd = CertDuplicateCertificateContext(pCertContext);
171 break;
172 case CERT_STORE_ADD_NEW:
173 if (existing)
174 {
175 TRACE("found matching certificate, not adding\n");
176 SetLastError(CRYPT_E_EXISTS);
177 ret = FALSE;
178 }
179 else
180 toAdd = CertDuplicateCertificateContext(pCertContext);
181 break;
182 case CERT_STORE_ADD_REPLACE_EXISTING:
183 toAdd = CertDuplicateCertificateContext(pCertContext);
184 break;
185 case CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES:
186 toAdd = CertDuplicateCertificateContext(pCertContext);
187 if (existing)
188 Context_CopyProperties(toAdd, existing);
189 break;
190 case CERT_STORE_ADD_USE_EXISTING:
191 if (existing)
192 {
193 Context_CopyProperties(existing, pCertContext);
194 if (ppStoreContext)
195 *ppStoreContext = CertDuplicateCertificateContext(existing);
196 }
197 else
198 toAdd = CertDuplicateCertificateContext(pCertContext);
199 break;
200 case CERT_STORE_ADD_NEWER:
201 if (existing)
202 {
203 if (CompareFileTime(&existing->pCertInfo->NotBefore,
204 &pCertContext->pCertInfo->NotBefore) >= 0)
205 {
206 TRACE("existing certificate is newer, not adding\n");
207 SetLastError(CRYPT_E_EXISTS);
208 ret = FALSE;
209 }
210 else
211 toAdd = CertDuplicateCertificateContext(pCertContext);
212 }
213 else
214 toAdd = CertDuplicateCertificateContext(pCertContext);
215 break;
216 case CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES:
217 if (existing)
218 {
219 if (CompareFileTime(&existing->pCertInfo->NotBefore,
220 &pCertContext->pCertInfo->NotBefore) >= 0)
221 {
222 TRACE("existing certificate is newer, not adding\n");
223 SetLastError(CRYPT_E_EXISTS);
224 ret = FALSE;
225 }
226 else
227 {
228 toAdd = CertDuplicateCertificateContext(pCertContext);
229 Context_CopyProperties(toAdd, existing);
230 }
231 }
232 else
233 toAdd = CertDuplicateCertificateContext(pCertContext);
234 break;
235 }
236
237 if (toAdd)
238 {
239 if (store)
240 ret = store->vtbl->certs.addContext(store, (void *)toAdd,
241 (void *)existing, (const void **)ppStoreContext);
242 else if (ppStoreContext)
243 *ppStoreContext = CertDuplicateCertificateContext(toAdd);
244 CertFreeCertificateContext(toAdd);
245 }
246 CertFreeCertificateContext(existing);
247
248 TRACE("returning %d\n", ret);
249 return ret;
250 }
251
252 BOOL WINAPI CertAddCertificateLinkToStore(HCERTSTORE hCertStore,
253 PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition,
254 PCCERT_CONTEXT *ppCertContext)
255 {
256 static int calls;
257 WINECRYPT_CERTSTORE *store = (WINECRYPT_CERTSTORE*)hCertStore;
258
259 if (!(calls++))
260 FIXME("(%p, %p, %08x, %p): semi-stub\n", hCertStore, pCertContext,
261 dwAddDisposition, ppCertContext);
262 if (store->dwMagic != WINE_CRYPTCERTSTORE_MAGIC)
263 return FALSE;
264 if (store->type == StoreTypeCollection)
265 {
266 SetLastError(E_INVALIDARG);
267 return FALSE;
268 }
269 return CertAddCertificateContextToStore(hCertStore, pCertContext,
270 dwAddDisposition, ppCertContext);
271 }
272
273 PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType,
274 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
275 {
276 PCERT_CONTEXT cert = NULL;
277 BOOL ret;
278 PCERT_INFO certInfo = NULL;
279 DWORD size = 0;
280
281 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCertEncoded,
282 cbCertEncoded);
283
284 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
285 {
286 SetLastError(E_INVALIDARG);
287 return NULL;
288 }
289
290 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
291 pbCertEncoded, cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
292 &certInfo, &size);
293 if (ret)
294 {
295 BYTE *data = NULL;
296
297 cert = Context_CreateDataContext(sizeof(CERT_CONTEXT), &cert_vtbl);
298 if (!cert)
299 goto end;
300 data = CryptMemAlloc(cbCertEncoded);
301 if (!data)
302 {
303 CertFreeCertificateContext(cert);
304 cert = NULL;
305 goto end;
306 }
307 memcpy(data, pbCertEncoded, cbCertEncoded);
308 cert->dwCertEncodingType = dwCertEncodingType;
309 cert->pbCertEncoded = data;
310 cert->cbCertEncoded = cbCertEncoded;
311 cert->pCertInfo = certInfo;
312 cert->hCertStore = &empty_store;
313 }
314
315 end:
316 return cert;
317 }
318
319 PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
320 {
321 TRACE("(%p)\n", pCertContext);
322
323 if (!pCertContext)
324 return NULL;
325
326 Context_AddRef(&cert_from_ptr(pCertContext)->base);
327 return pCertContext;
328 }
329
330 BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
331 {
332 BOOL ret = TRUE;
333
334 TRACE("(%p)\n", pCertContext);
335
336 if (pCertContext)
337 ret = Context_Release(&cert_from_ptr(pCertContext)->base);
338 return ret;
339 }
340
341 DWORD WINAPI CertEnumCertificateContextProperties(PCCERT_CONTEXT pCertContext,
342 DWORD dwPropId)
343 {
344 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(pCertContext);
345 DWORD ret;
346
347 TRACE("(%p, %d)\n", pCertContext, dwPropId);
348
349 if (properties)
350 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
351 else
352 ret = 0;
353 return ret;
354 }
355
356 static BOOL CertContext_GetHashProp(void *context, DWORD dwPropId,
357 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
358 DWORD *pcbData)
359 {
360 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
361 pcbData);
362 if (ret && pvData)
363 {
364 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
365
366 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
367 }
368 return ret;
369 }
370
371 static BOOL CertContext_CopyParam(void *pvData, DWORD *pcbData, const void *pb,
372 DWORD cb)
373 {
374 BOOL ret = TRUE;
375
376 if (!pvData)
377 *pcbData = cb;
378 else if (*pcbData < cb)
379 {
380 SetLastError(ERROR_MORE_DATA);
381 *pcbData = cb;
382 ret = FALSE;
383 }
384 else
385 {
386 memcpy(pvData, pb, cb);
387 *pcbData = cb;
388 }
389 return ret;
390 }
391
392 static BOOL CertContext_GetProperty(void *context, DWORD dwPropId,
393 void *pvData, DWORD *pcbData)
394 {
395 PCCERT_CONTEXT pCertContext = context;
396 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(context);
397 BOOL ret;
398 CRYPT_DATA_BLOB blob;
399
400 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
401
402 if (properties)
403 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
404 else
405 ret = FALSE;
406 if (ret)
407 ret = CertContext_CopyParam(pvData, pcbData, blob.pbData, blob.cbData);
408 else
409 {
410 /* Implicit properties */
411 switch (dwPropId)
412 {
413 case CERT_SHA1_HASH_PROP_ID:
414 ret = CertContext_GetHashProp(context, dwPropId, CALG_SHA1,
415 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
416 pcbData);
417 break;
418 case CERT_MD5_HASH_PROP_ID:
419 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
420 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
421 pcbData);
422 break;
423 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
424 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
425 pCertContext->pCertInfo->Subject.pbData,
426 pCertContext->pCertInfo->Subject.cbData,
427 pvData, pcbData);
428 break;
429 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
430 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
431 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
432 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData,
433 pvData, pcbData);
434 break;
435 case CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID:
436 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
437 pCertContext->pCertInfo->SerialNumber.pbData,
438 pCertContext->pCertInfo->SerialNumber.cbData,
439 pvData, pcbData);
440 break;
441 case CERT_SIGNATURE_HASH_PROP_ID:
442 ret = CryptHashToBeSigned(0, pCertContext->dwCertEncodingType,
443 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
444 pcbData);
445 if (ret && pvData)
446 {
447 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
448
449 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
450 }
451 break;
452 case CERT_KEY_IDENTIFIER_PROP_ID:
453 {
454 PCERT_EXTENSION ext = CertFindExtension(
455 szOID_SUBJECT_KEY_IDENTIFIER, pCertContext->pCertInfo->cExtension,
456 pCertContext->pCertInfo->rgExtension);
457
458 if (ext)
459 {
460 CRYPT_DATA_BLOB value;
461 DWORD size = sizeof(value);
462
463 ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
464 szOID_SUBJECT_KEY_IDENTIFIER, ext->Value.pbData,
465 ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL, &value,
466 &size);
467 if (ret)
468 {
469 ret = CertContext_CopyParam(pvData, pcbData, value.pbData,
470 value.cbData);
471 CertContext_SetProperty(context, dwPropId, 0, &value);
472 }
473 }
474 else
475 SetLastError(ERROR_INVALID_DATA);
476 break;
477 }
478 default:
479 SetLastError(CRYPT_E_NOT_FOUND);
480 }
481 }
482 TRACE("returning %d\n", ret);
483 return ret;
484 }
485
486 void CRYPT_FixKeyProvInfoPointers(PCRYPT_KEY_PROV_INFO info)
487 {
488 DWORD i, containerLen, provNameLen;
489 LPBYTE data = (LPBYTE)info + sizeof(CRYPT_KEY_PROV_INFO);
490
491 info->pwszContainerName = (LPWSTR)data;
492 containerLen = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
493 data += containerLen;
494
495 info->pwszProvName = (LPWSTR)data;
496 provNameLen = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
497 data += provNameLen;
498
499 info->rgProvParam = (PCRYPT_KEY_PROV_PARAM)data;
500 data += info->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
501
502 for (i = 0; i < info->cProvParam; i++)
503 {
504 info->rgProvParam[i].pbData = data;
505 data += info->rgProvParam[i].cbData;
506 }
507 }
508
509 BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
510 DWORD dwPropId, void *pvData, DWORD *pcbData)
511 {
512 BOOL ret;
513
514 TRACE("(%p, %d, %p, %p)\n", pCertContext, dwPropId, pvData, pcbData);
515
516 switch (dwPropId)
517 {
518 case 0:
519 case CERT_CERT_PROP_ID:
520 case CERT_CRL_PROP_ID:
521 case CERT_CTL_PROP_ID:
522 SetLastError(E_INVALIDARG);
523 ret = FALSE;
524 break;
525 case CERT_ACCESS_STATE_PROP_ID:
526 if (pCertContext->hCertStore)
527 ret = CertGetStoreProperty(pCertContext->hCertStore, dwPropId,
528 pvData, pcbData);
529 else
530 {
531 DWORD state = 0;
532
533 ret = CertContext_CopyParam(pvData, pcbData, &state, sizeof(state));
534 }
535 break;
536 case CERT_KEY_PROV_HANDLE_PROP_ID:
537 {
538 CERT_KEY_CONTEXT keyContext;
539 DWORD size = sizeof(keyContext);
540
541 ret = CertContext_GetProperty((void *)pCertContext,
542 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
543 if (ret)
544 ret = CertContext_CopyParam(pvData, pcbData, &keyContext.hCryptProv,
545 sizeof(keyContext.hCryptProv));
546 break;
547 }
548 case CERT_KEY_PROV_INFO_PROP_ID:
549 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
550 pcbData);
551 if (ret && pvData)
552 CRYPT_FixKeyProvInfoPointers(pvData);
553 break;
554 default:
555 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
556 pcbData);
557 }
558
559 TRACE("returning %d\n", ret);
560 return ret;
561 }
562
563 /* Copies key provider info from from into to, where to is assumed to be a
564 * contiguous buffer of memory large enough for from and all its associated
565 * data, but whose pointers are uninitialized.
566 * Upon return, to contains a contiguous copy of from, packed in the following
567 * order:
568 * - CRYPT_KEY_PROV_INFO
569 * - pwszContainerName
570 * - pwszProvName
571 * - rgProvParam[0]...
572 */
573 static void CRYPT_CopyKeyProvInfo(PCRYPT_KEY_PROV_INFO to,
574 const CRYPT_KEY_PROV_INFO *from)
575 {
576 DWORD i;
577 LPBYTE nextData = (LPBYTE)to + sizeof(CRYPT_KEY_PROV_INFO);
578
579 if (from->pwszContainerName)
580 {
581 to->pwszContainerName = (LPWSTR)nextData;
582 lstrcpyW(to->pwszContainerName, from->pwszContainerName);
583 nextData += (lstrlenW(from->pwszContainerName) + 1) * sizeof(WCHAR);
584 }
585 else
586 to->pwszContainerName = NULL;
587 if (from->pwszProvName)
588 {
589 to->pwszProvName = (LPWSTR)nextData;
590 lstrcpyW(to->pwszProvName, from->pwszProvName);
591 nextData += (lstrlenW(from->pwszProvName) + 1) * sizeof(WCHAR);
592 }
593 else
594 to->pwszProvName = NULL;
595 to->dwProvType = from->dwProvType;
596 to->dwFlags = from->dwFlags;
597 to->cProvParam = from->cProvParam;
598 to->rgProvParam = (PCRYPT_KEY_PROV_PARAM)nextData;
599 nextData += to->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
600 to->dwKeySpec = from->dwKeySpec;
601 for (i = 0; i < to->cProvParam; i++)
602 {
603 memcpy(&to->rgProvParam[i], &from->rgProvParam[i],
604 sizeof(CRYPT_KEY_PROV_PARAM));
605 to->rgProvParam[i].pbData = nextData;
606 memcpy(to->rgProvParam[i].pbData, from->rgProvParam[i].pbData,
607 from->rgProvParam[i].cbData);
608 nextData += from->rgProvParam[i].cbData;
609 }
610 }
611
612 static BOOL CertContext_SetKeyProvInfoProperty(CONTEXT_PROPERTY_LIST *properties,
613 const CRYPT_KEY_PROV_INFO *info)
614 {
615 BOOL ret;
616 LPBYTE buf = NULL;
617 DWORD size = sizeof(CRYPT_KEY_PROV_INFO), i, containerSize, provNameSize;
618
619 if (info->pwszContainerName)
620 containerSize = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
621 else
622 containerSize = 0;
623 if (info->pwszProvName)
624 provNameSize = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
625 else
626 provNameSize = 0;
627 size += containerSize + provNameSize;
628 for (i = 0; i < info->cProvParam; i++)
629 size += sizeof(CRYPT_KEY_PROV_PARAM) + info->rgProvParam[i].cbData;
630 buf = CryptMemAlloc(size);
631 if (buf)
632 {
633 CRYPT_CopyKeyProvInfo((PCRYPT_KEY_PROV_INFO)buf, info);
634 ret = ContextPropertyList_SetProperty(properties,
635 CERT_KEY_PROV_INFO_PROP_ID, buf, size);
636 CryptMemFree(buf);
637 }
638 else
639 ret = FALSE;
640 return ret;
641 }
642
643 static BOOL CertContext_SetProperty(void *context, DWORD dwPropId,
644 DWORD dwFlags, const void *pvData)
645 {
646 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(context);
647 BOOL ret;
648
649 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
650
651 if (!properties)
652 ret = FALSE;
653 else
654 {
655 switch (dwPropId)
656 {
657 case CERT_AUTO_ENROLL_PROP_ID:
658 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
659 case CERT_DESCRIPTION_PROP_ID:
660 case CERT_FRIENDLY_NAME_PROP_ID:
661 case CERT_HASH_PROP_ID:
662 case CERT_KEY_IDENTIFIER_PROP_ID:
663 case CERT_MD5_HASH_PROP_ID:
664 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
665 case CERT_PUBKEY_ALG_PARA_PROP_ID:
666 case CERT_PVK_FILE_PROP_ID:
667 case CERT_SIGNATURE_HASH_PROP_ID:
668 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
669 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
670 case CERT_EXTENDED_ERROR_INFO_PROP_ID:
671 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
672 case CERT_ENROLLMENT_PROP_ID:
673 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
674 case CERT_RENEWAL_PROP_ID:
675 {
676 if (pvData)
677 {
678 const CRYPT_DATA_BLOB *blob = pvData;
679
680 ret = ContextPropertyList_SetProperty(properties, dwPropId,
681 blob->pbData, blob->cbData);
682 }
683 else
684 {
685 ContextPropertyList_RemoveProperty(properties, dwPropId);
686 ret = TRUE;
687 }
688 break;
689 }
690 case CERT_DATE_STAMP_PROP_ID:
691 if (pvData)
692 ret = ContextPropertyList_SetProperty(properties, dwPropId,
693 pvData, sizeof(FILETIME));
694 else
695 {
696 ContextPropertyList_RemoveProperty(properties, dwPropId);
697 ret = TRUE;
698 }
699 break;
700 case CERT_KEY_CONTEXT_PROP_ID:
701 {
702 if (pvData)
703 {
704 const CERT_KEY_CONTEXT *keyContext = pvData;
705
706 if (keyContext->cbSize != sizeof(CERT_KEY_CONTEXT))
707 {
708 SetLastError(E_INVALIDARG);
709 ret = FALSE;
710 }
711 else
712 ret = ContextPropertyList_SetProperty(properties, dwPropId,
713 (const BYTE *)keyContext, keyContext->cbSize);
714 }
715 else
716 {
717 ContextPropertyList_RemoveProperty(properties, dwPropId);
718 ret = TRUE;
719 }
720 break;
721 }
722 case CERT_KEY_PROV_INFO_PROP_ID:
723 if (pvData)
724 ret = CertContext_SetKeyProvInfoProperty(properties, pvData);
725 else
726 {
727 ContextPropertyList_RemoveProperty(properties, dwPropId);
728 ret = TRUE;
729 }
730 break;
731 case CERT_KEY_PROV_HANDLE_PROP_ID:
732 {
733 CERT_KEY_CONTEXT keyContext;
734 DWORD size = sizeof(keyContext);
735
736 ret = CertContext_GetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
737 &keyContext, &size);
738 if (ret)
739 {
740 if (!(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG))
741 CryptReleaseContext(keyContext.hCryptProv, 0);
742 }
743 keyContext.cbSize = sizeof(keyContext);
744 if (pvData)
745 keyContext.hCryptProv = *(const HCRYPTPROV *)pvData;
746 else
747 {
748 keyContext.hCryptProv = 0;
749 keyContext.dwKeySpec = AT_SIGNATURE;
750 }
751 ret = CertContext_SetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
752 0, &keyContext);
753 break;
754 }
755 default:
756 FIXME("%d: stub\n", dwPropId);
757 ret = FALSE;
758 }
759 }
760 TRACE("returning %d\n", ret);
761 return ret;
762 }
763
764 BOOL WINAPI CertSetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
765 DWORD dwPropId, DWORD dwFlags, const void *pvData)
766 {
767 BOOL ret;
768
769 TRACE("(%p, %d, %08x, %p)\n", pCertContext, dwPropId, dwFlags, pvData);
770
771 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
772 * crashes on most of these, I'll be safer.
773 */
774 switch (dwPropId)
775 {
776 case 0:
777 case CERT_ACCESS_STATE_PROP_ID:
778 case CERT_CERT_PROP_ID:
779 case CERT_CRL_PROP_ID:
780 case CERT_CTL_PROP_ID:
781 SetLastError(E_INVALIDARG);
782 return FALSE;
783 }
784 ret = CertContext_SetProperty((void *)pCertContext, dwPropId, dwFlags,
785 pvData);
786 TRACE("returning %d\n", ret);
787 return ret;
788 }
789
790 /* Acquires the private key using the key provider info, retrieving info from
791 * the certificate if info is NULL. The acquired provider is returned in
792 * *phCryptProv, and the key spec for the provider is returned in *pdwKeySpec.
793 */
794 static BOOL CRYPT_AcquirePrivateKeyFromProvInfo(PCCERT_CONTEXT pCert,
795 PCRYPT_KEY_PROV_INFO info, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec)
796 {
797 DWORD size = 0;
798 BOOL allocated = FALSE, ret = TRUE;
799
800 if (!info)
801 {
802 ret = CertGetCertificateContextProperty(pCert,
803 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
804 if (ret)
805 {
806 info = HeapAlloc(GetProcessHeap(), 0, size);
807 if (info)
808 {
809 ret = CertGetCertificateContextProperty(pCert,
810 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
811 allocated = TRUE;
812 }
813 else
814 {
815 SetLastError(ERROR_OUTOFMEMORY);
816 ret = FALSE;
817 }
818 }
819 else
820 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
821 }
822 if (ret)
823 {
824 ret = CryptAcquireContextW(phCryptProv, info->pwszContainerName,
825 info->pwszProvName, info->dwProvType, 0);
826 if (ret)
827 {
828 DWORD i;
829
830 for (i = 0; i < info->cProvParam; i++)
831 {
832 CryptSetProvParam(*phCryptProv,
833 info->rgProvParam[i].dwParam, info->rgProvParam[i].pbData,
834 info->rgProvParam[i].dwFlags);
835 }
836 *pdwKeySpec = info->dwKeySpec;
837 }
838 else
839 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
840 }
841 if (allocated)
842 HeapFree(GetProcessHeap(), 0, info);
843 return ret;
844 }
845
846 BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT pCert,
847 DWORD dwFlags, void *pvReserved, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProv,
848 DWORD *pdwKeySpec, BOOL *pfCallerFreeProv)
849 {
850 BOOL ret = FALSE, cache = FALSE;
851 PCRYPT_KEY_PROV_INFO info = NULL;
852 CERT_KEY_CONTEXT keyContext;
853 DWORD size;
854
855 TRACE("(%p, %08x, %p, %p, %p, %p)\n", pCert, dwFlags, pvReserved,
856 phCryptProv, pdwKeySpec, pfCallerFreeProv);
857
858 if (dwFlags & CRYPT_ACQUIRE_USE_PROV_INFO_FLAG)
859 {
860 DWORD size = 0;
861
862 ret = CertGetCertificateContextProperty(pCert,
863 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
864 if (ret)
865 {
866 info = HeapAlloc(GetProcessHeap(), 0, size);
867 ret = CertGetCertificateContextProperty(pCert,
868 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
869 if (ret)
870 cache = info->dwFlags & CERT_SET_KEY_CONTEXT_PROP_ID;
871 }
872 }
873 else if (dwFlags & CRYPT_ACQUIRE_CACHE_FLAG)
874 cache = TRUE;
875 *phCryptProv = 0;
876 if (cache)
877 {
878 size = sizeof(keyContext);
879 ret = CertGetCertificateContextProperty(pCert, CERT_KEY_CONTEXT_PROP_ID,
880 &keyContext, &size);
881 if (ret)
882 {
883 *phCryptProv = keyContext.hCryptProv;
884 if (pdwKeySpec)
885 *pdwKeySpec = keyContext.dwKeySpec;
886 if (pfCallerFreeProv)
887 *pfCallerFreeProv = !cache;
888 }
889 }
890 if (!*phCryptProv)
891 {
892 ret = CRYPT_AcquirePrivateKeyFromProvInfo(pCert, info,
893 &keyContext.hCryptProv, &keyContext.dwKeySpec);
894 if (ret)
895 {
896 *phCryptProv = keyContext.hCryptProv;
897 if (pdwKeySpec)
898 *pdwKeySpec = keyContext.dwKeySpec;
899 if (cache)
900 {
901 keyContext.cbSize = sizeof(keyContext);
902 if (CertSetCertificateContextProperty(pCert,
903 CERT_KEY_CONTEXT_PROP_ID, 0, &keyContext))
904 {
905 if (pfCallerFreeProv)
906 *pfCallerFreeProv = FALSE;
907 }
908 }
909 else
910 {
911 if (pfCallerFreeProv)
912 *pfCallerFreeProv = TRUE;
913 }
914 }
915 }
916 HeapFree(GetProcessHeap(), 0, info);
917 return ret;
918 }
919
920 static BOOL key_prov_info_matches_cert(PCCERT_CONTEXT pCert,
921 const CRYPT_KEY_PROV_INFO *keyProvInfo)
922 {
923 HCRYPTPROV csp;
924 BOOL matches = FALSE;
925
926 if (CryptAcquireContextW(&csp, keyProvInfo->pwszContainerName,
927 keyProvInfo->pwszProvName, keyProvInfo->dwProvType, keyProvInfo->dwFlags))
928 {
929 DWORD size;
930
931 /* Need to sign something to verify the sig. What to sign? Why not
932 * the certificate itself?
933 */
934 if (CryptSignAndEncodeCertificate(csp, AT_SIGNATURE,
935 pCert->dwCertEncodingType, X509_CERT_TO_BE_SIGNED, pCert->pCertInfo,
936 &pCert->pCertInfo->SignatureAlgorithm, NULL, NULL, &size))
937 {
938 BYTE *certEncoded = CryptMemAlloc(size);
939
940 if (certEncoded)
941 {
942 if (CryptSignAndEncodeCertificate(csp, AT_SIGNATURE,
943 pCert->dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
944 pCert->pCertInfo, &pCert->pCertInfo->SignatureAlgorithm,
945 NULL, certEncoded, &size))
946 {
947 if (size == pCert->cbCertEncoded &&
948 !memcmp(certEncoded, pCert->pbCertEncoded, size))
949 matches = TRUE;
950 }
951 CryptMemFree(certEncoded);
952 }
953 }
954 CryptReleaseContext(csp, 0);
955 }
956 return matches;
957 }
958
959 static BOOL container_matches_cert(PCCERT_CONTEXT pCert, LPCSTR container,
960 CRYPT_KEY_PROV_INFO *keyProvInfo)
961 {
962 CRYPT_KEY_PROV_INFO copy;
963 WCHAR containerW[MAX_PATH];
964 BOOL matches = FALSE;
965
966 MultiByteToWideChar(CP_ACP, 0, container, -1,
967 containerW, sizeof(containerW) / sizeof(containerW[0]));
968 /* We make a copy of the CRYPT_KEY_PROV_INFO because the caller expects
969 * keyProvInfo->pwszContainerName to be NULL or a heap-allocated container
970 * name.
971 */
972 copy = *keyProvInfo;
973 copy.pwszContainerName = containerW;
974 matches = key_prov_info_matches_cert(pCert, &copy);
975 if (matches)
976 {
977 keyProvInfo->pwszContainerName =
978 CryptMemAlloc((strlenW(containerW) + 1) * sizeof(WCHAR));
979 if (keyProvInfo->pwszContainerName)
980 {
981 strcpyW(keyProvInfo->pwszContainerName, containerW);
982 keyProvInfo->dwKeySpec = AT_SIGNATURE;
983 }
984 else
985 matches = FALSE;
986 }
987 return matches;
988 }
989
990 /* Searches the provider named keyProvInfo.pwszProvName for a container whose
991 * private key matches pCert's public key. Upon success, updates keyProvInfo
992 * with the matching container's info (free keyProvInfo.pwszContainerName upon
993 * success.)
994 * Returns TRUE if found, FALSE if not.
995 */
996 static BOOL find_key_prov_info_in_provider(PCCERT_CONTEXT pCert,
997 CRYPT_KEY_PROV_INFO *keyProvInfo)
998 {
999 HCRYPTPROV defProvider;
1000 BOOL ret, found = FALSE;
1001 char containerA[MAX_PATH];
1002
1003 assert(keyProvInfo->pwszContainerName == NULL);
1004 if ((ret = CryptAcquireContextW(&defProvider, NULL,
1005 keyProvInfo->pwszProvName, keyProvInfo->dwProvType,
1006 keyProvInfo->dwFlags | CRYPT_VERIFYCONTEXT)))
1007 {
1008 DWORD enumFlags = keyProvInfo->dwFlags | CRYPT_FIRST;
1009
1010 while (ret && !found)
1011 {
1012 DWORD size = sizeof(containerA);
1013
1014 ret = CryptGetProvParam(defProvider, PP_ENUMCONTAINERS,
1015 (BYTE *)containerA, &size, enumFlags);
1016 if (ret)
1017 found = container_matches_cert(pCert, containerA, keyProvInfo);
1018 if (enumFlags & CRYPT_FIRST)
1019 {
1020 enumFlags &= ~CRYPT_FIRST;
1021 enumFlags |= CRYPT_NEXT;
1022 }
1023 }
1024 CryptReleaseContext(defProvider, 0);
1025 }
1026 return found;
1027 }
1028
1029 static BOOL find_matching_provider(PCCERT_CONTEXT pCert, DWORD dwFlags)
1030 {
1031 BOOL found = FALSE, ret = TRUE;
1032 DWORD index = 0, cbProvName = 0;
1033 CRYPT_KEY_PROV_INFO keyProvInfo;
1034
1035 TRACE("(%p, %08x)\n", pCert, dwFlags);
1036
1037 memset(&keyProvInfo, 0, sizeof(keyProvInfo));
1038 while (ret && !found)
1039 {
1040 DWORD size = 0;
1041
1042 ret = CryptEnumProvidersW(index, NULL, 0, &keyProvInfo.dwProvType,
1043 NULL, &size);
1044 if (ret)
1045 {
1046 if (size <= cbProvName)
1047 ret = CryptEnumProvidersW(index, NULL, 0,
1048 &keyProvInfo.dwProvType, keyProvInfo.pwszProvName, &size);
1049 else
1050 {
1051 CryptMemFree(keyProvInfo.pwszProvName);
1052 keyProvInfo.pwszProvName = CryptMemAlloc(size);
1053 if (keyProvInfo.pwszProvName)
1054 {
1055 cbProvName = size;
1056 ret = CryptEnumProvidersW(index, NULL, 0,
1057 &keyProvInfo.dwProvType, keyProvInfo.pwszProvName, &size);
1058 if (ret)
1059 {
1060 if (dwFlags & CRYPT_FIND_SILENT_KEYSET_FLAG)
1061 keyProvInfo.dwFlags |= CRYPT_SILENT;
1062 if (dwFlags & CRYPT_FIND_USER_KEYSET_FLAG ||
1063 !(dwFlags & (CRYPT_FIND_USER_KEYSET_FLAG |
1064 CRYPT_FIND_MACHINE_KEYSET_FLAG)))
1065 {
1066 keyProvInfo.dwFlags |= CRYPT_USER_KEYSET;
1067 found = find_key_prov_info_in_provider(pCert,
1068 &keyProvInfo);
1069 }
1070 if (!found)
1071 {
1072 if (dwFlags & CRYPT_FIND_MACHINE_KEYSET_FLAG ||
1073 !(dwFlags & (CRYPT_FIND_USER_KEYSET_FLAG |
1074 CRYPT_FIND_MACHINE_KEYSET_FLAG)))
1075 {
1076 keyProvInfo.dwFlags &= ~CRYPT_USER_KEYSET;
1077 keyProvInfo.dwFlags |= CRYPT_MACHINE_KEYSET;
1078 found = find_key_prov_info_in_provider(pCert,
1079 &keyProvInfo);
1080 }
1081 }
1082 }
1083 }
1084 else
1085 ret = FALSE;
1086 }
1087 index++;
1088 }
1089 }
1090 if (found)
1091 CertSetCertificateContextProperty(pCert, CERT_KEY_PROV_INFO_PROP_ID,
1092 0, &keyProvInfo);
1093 CryptMemFree(keyProvInfo.pwszProvName);
1094 CryptMemFree(keyProvInfo.pwszContainerName);
1095 return found;
1096 }
1097
1098 static BOOL cert_prov_info_matches_cert(PCCERT_CONTEXT pCert)
1099 {
1100 BOOL matches = FALSE;
1101 DWORD size;
1102
1103 if (CertGetCertificateContextProperty(pCert, CERT_KEY_PROV_INFO_PROP_ID,
1104 NULL, &size))
1105 {
1106 CRYPT_KEY_PROV_INFO *keyProvInfo = CryptMemAlloc(size);
1107
1108 if (keyProvInfo)
1109 {
1110 if (CertGetCertificateContextProperty(pCert,
1111 CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size))
1112 matches = key_prov_info_matches_cert(pCert, keyProvInfo);
1113 CryptMemFree(keyProvInfo);
1114 }
1115 }
1116 return matches;
1117 }
1118
1119 BOOL WINAPI CryptFindCertificateKeyProvInfo(PCCERT_CONTEXT pCert,
1120 DWORD dwFlags, void *pvReserved)
1121 {
1122 BOOL matches = FALSE;
1123
1124 TRACE("(%p, %08x, %p)\n", pCert, dwFlags, pvReserved);
1125
1126 matches = cert_prov_info_matches_cert(pCert);
1127 if (!matches)
1128 matches = find_matching_provider(pCert, dwFlags);
1129 return matches;
1130 }
1131
1132 BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType,
1133 PCERT_INFO pCertId1, PCERT_INFO pCertId2)
1134 {
1135 BOOL ret;
1136
1137 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertId1, pCertId2);
1138
1139 ret = CertCompareCertificateName(dwCertEncodingType, &pCertId1->Issuer,
1140 &pCertId2->Issuer) && CertCompareIntegerBlob(&pCertId1->SerialNumber,
1141 &pCertId2->SerialNumber);
1142 TRACE("returning %d\n", ret);
1143 return ret;
1144 }
1145
1146 BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType,
1147 PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
1148 {
1149 BOOL ret;
1150
1151 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertName1, pCertName2);
1152
1153 if (pCertName1->cbData == pCertName2->cbData)
1154 {
1155 if (pCertName1->cbData)
1156 ret = !memcmp(pCertName1->pbData, pCertName2->pbData,
1157 pCertName1->cbData);
1158 else
1159 ret = TRUE;
1160 }
1161 else
1162 ret = FALSE;
1163 TRACE("returning %d\n", ret);
1164 return ret;
1165 }
1166
1167 /* Returns the number of significant bytes in pInt, where a byte is
1168 * insignificant if it's a leading 0 for positive numbers or a leading 0xff
1169 * for negative numbers. pInt is assumed to be little-endian.
1170 */
1171 static DWORD CRYPT_significantBytes(const CRYPT_INTEGER_BLOB *pInt)
1172 {
1173 DWORD ret = pInt->cbData;
1174
1175 while (ret > 1)
1176 {
1177 if (pInt->pbData[ret - 2] <= 0x7f && pInt->pbData[ret - 1] == 0)
1178 ret--;
1179 else if (pInt->pbData[ret - 2] >= 0x80 && pInt->pbData[ret - 1] == 0xff)
1180 ret--;
1181 else
1182 break;
1183 }
1184 return ret;
1185 }
1186
1187 BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1,
1188 PCRYPT_INTEGER_BLOB pInt2)
1189 {
1190 BOOL ret;
1191 DWORD cb1, cb2;
1192
1193 TRACE("(%p, %p)\n", pInt1, pInt2);
1194
1195 cb1 = CRYPT_significantBytes(pInt1);
1196 cb2 = CRYPT_significantBytes(pInt2);
1197 if (cb1 == cb2)
1198 {
1199 if (cb1)
1200 ret = !memcmp(pInt1->pbData, pInt2->pbData, cb1);
1201 else
1202 ret = TRUE;
1203 }
1204 else
1205 ret = FALSE;
1206 TRACE("returning %d\n", ret);
1207 return ret;
1208 }
1209
1210 BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType,
1211 PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
1212 {
1213 BOOL ret;
1214
1215 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pPublicKey1, pPublicKey2);
1216
1217 switch (GET_CERT_ENCODING_TYPE(dwCertEncodingType))
1218 {
1219 case 0: /* Seems to mean "raw binary bits" */
1220 if (pPublicKey1->PublicKey.cbData == pPublicKey2->PublicKey.cbData &&
1221 pPublicKey1->PublicKey.cUnusedBits == pPublicKey2->PublicKey.cUnusedBits)
1222 {
1223 if (pPublicKey2->PublicKey.cbData)
1224 ret = !memcmp(pPublicKey1->PublicKey.pbData,
1225 pPublicKey2->PublicKey.pbData, pPublicKey1->PublicKey.cbData);
1226 else
1227 ret = TRUE;
1228 }
1229 else
1230 ret = FALSE;
1231 break;
1232 default:
1233 WARN("Unknown encoding type %08x\n", dwCertEncodingType);
1234 /* FALLTHROUGH */
1235 case X509_ASN_ENCODING:
1236 {
1237 BLOBHEADER *pblob1, *pblob2;
1238 DWORD length;
1239 ret = FALSE;
1240 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1241 pPublicKey1->PublicKey.pbData, pPublicKey1->PublicKey.cbData,
1242 0, NULL, &length))
1243 {
1244 pblob1 = CryptMemAlloc(length);
1245 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1246 pPublicKey1->PublicKey.pbData, pPublicKey1->PublicKey.cbData,
1247 0, pblob1, &length))
1248 {
1249 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1250 pPublicKey2->PublicKey.pbData, pPublicKey2->PublicKey.cbData,
1251 0, NULL, &length))
1252 {
1253 pblob2 = CryptMemAlloc(length);
1254 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1255 pPublicKey2->PublicKey.pbData, pPublicKey2->PublicKey.cbData,
1256 0, pblob2, &length))
1257 {
1258 /* The RSAPUBKEY structure directly follows the BLOBHEADER */
1259 RSAPUBKEY *pk1 = (LPVOID)(pblob1 + 1),
1260 *pk2 = (LPVOID)(pblob2 + 1);
1261 ret = (pk1->bitlen == pk2->bitlen) && (pk1->pubexp == pk2->pubexp)
1262 && !memcmp(pk1 + 1, pk2 + 1, pk1->bitlen/8);
1263 }
1264 CryptMemFree(pblob2);
1265 }
1266 }
1267 CryptMemFree(pblob1);
1268 }
1269
1270 break;
1271 }
1272 }
1273 return ret;
1274 }
1275
1276 DWORD WINAPI CertGetPublicKeyLength(DWORD dwCertEncodingType,
1277 PCERT_PUBLIC_KEY_INFO pPublicKey)
1278 {
1279 DWORD len = 0;
1280
1281 TRACE("(%08x, %p)\n", dwCertEncodingType, pPublicKey);
1282
1283 if (GET_CERT_ENCODING_TYPE(dwCertEncodingType) != X509_ASN_ENCODING)
1284 {
1285 SetLastError(ERROR_FILE_NOT_FOUND);
1286 return 0;
1287 }
1288 if (pPublicKey->Algorithm.pszObjId &&
1289 !strcmp(pPublicKey->Algorithm.pszObjId, szOID_RSA_DH))
1290 {
1291 FIXME("unimplemented for DH public keys\n");
1292 SetLastError(CRYPT_E_ASN1_BADTAG);
1293 }
1294 else
1295 {
1296 DWORD size;
1297 PBYTE buf;
1298 BOOL ret = CryptDecodeObjectEx(dwCertEncodingType,
1299 RSA_CSP_PUBLICKEYBLOB, pPublicKey->PublicKey.pbData,
1300 pPublicKey->PublicKey.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
1301 &size);
1302
1303 if (ret)
1304 {
1305 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));
1306
1307 len = rsaPubKey->bitlen;
1308 LocalFree(buf);
1309 }
1310 }
1311 return len;
1312 }
1313
1314 typedef BOOL (*CertCompareFunc)(PCCERT_CONTEXT pCertContext, DWORD dwType,
1315 DWORD dwFlags, const void *pvPara);
1316
1317 static BOOL compare_cert_by_md5_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1318 DWORD dwFlags, const void *pvPara)
1319 {
1320 BOOL ret;
1321 BYTE hash[16];
1322 DWORD size = sizeof(hash);
1323
1324 ret = CertGetCertificateContextProperty(pCertContext,
1325 CERT_MD5_HASH_PROP_ID, hash, &size);
1326 if (ret)
1327 {
1328 const CRYPT_HASH_BLOB *pHash = pvPara;
1329
1330 if (size == pHash->cbData)
1331 ret = !memcmp(pHash->pbData, hash, size);
1332 else
1333 ret = FALSE;
1334 }
1335 return ret;
1336 }
1337
1338 static BOOL compare_cert_by_sha1_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1339 DWORD dwFlags, const void *pvPara)
1340 {
1341 BOOL ret;
1342 BYTE hash[20];
1343 DWORD size = sizeof(hash);
1344
1345 ret = CertGetCertificateContextProperty(pCertContext,
1346 CERT_SHA1_HASH_PROP_ID, hash, &size);
1347 if (ret)
1348 {
1349 const CRYPT_HASH_BLOB *pHash = pvPara;
1350
1351 if (size == pHash->cbData)
1352 ret = !memcmp(pHash->pbData, hash, size);
1353 else
1354 ret = FALSE;
1355 }
1356 return ret;
1357 }
1358
1359 static BOOL compare_cert_by_name(PCCERT_CONTEXT pCertContext, DWORD dwType,
1360 DWORD dwFlags, const void *pvPara)
1361 {
1362 CERT_NAME_BLOB *blob = (CERT_NAME_BLOB *)pvPara, *toCompare;
1363 BOOL ret;
1364
1365 if (dwType & CERT_INFO_SUBJECT_FLAG)
1366 toCompare = &pCertContext->pCertInfo->Subject;
1367 else
1368 toCompare = &pCertContext->pCertInfo->Issuer;
1369 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1370 toCompare, blob);
1371 return ret;
1372 }
1373
1374 static BOOL compare_cert_by_public_key(PCCERT_CONTEXT pCertContext,
1375 DWORD dwType, DWORD dwFlags, const void *pvPara)
1376 {
1377 CERT_PUBLIC_KEY_INFO *publicKey = (CERT_PUBLIC_KEY_INFO *)pvPara;
1378 BOOL ret;
1379
1380 ret = CertComparePublicKeyInfo(pCertContext->dwCertEncodingType,
1381 &pCertContext->pCertInfo->SubjectPublicKeyInfo, publicKey);
1382 return ret;
1383 }
1384
1385 static BOOL compare_cert_by_subject_cert(PCCERT_CONTEXT pCertContext,
1386 DWORD dwType, DWORD dwFlags, const void *pvPara)
1387 {
1388 CERT_INFO *pCertInfo = (CERT_INFO *)pvPara;
1389 BOOL ret;
1390
1391 /* Matching serial number and subject match.. */
1392 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1393 &pCertContext->pCertInfo->Subject, &pCertInfo->Issuer);
1394 if (ret)
1395 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1396 &pCertInfo->SerialNumber);
1397 else
1398 {
1399 /* failing that, if the serial number and issuer match, we match */
1400 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1401 &pCertInfo->SerialNumber);
1402 if (ret)
1403 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1404 &pCertContext->pCertInfo->Issuer, &pCertInfo->Issuer);
1405 }
1406 TRACE("returning %d\n", ret);
1407 return ret;
1408 }
1409
1410 static BOOL compare_cert_by_cert_id(PCCERT_CONTEXT pCertContext, DWORD dwType,
1411 DWORD dwFlags, const void *pvPara)
1412 {
1413 CERT_ID *id = (CERT_ID *)pvPara;
1414 BOOL ret;
1415
1416 switch (id->dwIdChoice)
1417 {
1418 case CERT_ID_ISSUER_SERIAL_NUMBER:
1419 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1420 &pCertContext->pCertInfo->Issuer, &id->u.IssuerSerialNumber.Issuer);
1421 if (ret)
1422 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1423 &id->u.IssuerSerialNumber.SerialNumber);
1424 break;
1425 case CERT_ID_SHA1_HASH:
1426 ret = compare_cert_by_sha1_hash(pCertContext, dwType, dwFlags,
1427 &id->u.HashId);
1428 break;
1429 case CERT_ID_KEY_IDENTIFIER:
1430 {
1431 DWORD size = 0;
1432
1433 ret = CertGetCertificateContextProperty(pCertContext,
1434 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
1435 if (ret && size == id->u.KeyId.cbData)
1436 {
1437 LPBYTE buf = CryptMemAlloc(size);
1438
1439 if (buf)
1440 {
1441 CertGetCertificateContextProperty(pCertContext,
1442 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
1443 ret = !memcmp(buf, id->u.KeyId.pbData, size);
1444 CryptMemFree(buf);
1445 }
1446 }
1447 else
1448 ret = FALSE;
1449 break;
1450 }
1451 default:
1452 ret = FALSE;
1453 break;
1454 }
1455 return ret;
1456 }
1457
1458 static BOOL compare_existing_cert(PCCERT_CONTEXT pCertContext, DWORD dwType,
1459 DWORD dwFlags, const void *pvPara)
1460 {
1461 PCCERT_CONTEXT toCompare = pvPara;
1462 return CertCompareCertificate(pCertContext->dwCertEncodingType,
1463 pCertContext->pCertInfo, toCompare->pCertInfo);
1464 }
1465
1466 static BOOL compare_cert_by_signature_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1467 DWORD dwFlags, const void *pvPara)
1468 {
1469 const CRYPT_HASH_BLOB *hash = pvPara;
1470 DWORD size = 0;
1471 BOOL ret;
1472
1473 ret = CertGetCertificateContextProperty(pCertContext,
1474 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
1475 if (ret && size == hash->cbData)
1476 {
1477 LPBYTE buf = CryptMemAlloc(size);
1478
1479 if (buf)
1480 {
1481 CertGetCertificateContextProperty(pCertContext,
1482 CERT_SIGNATURE_HASH_PROP_ID, buf, &size);
1483 ret = !memcmp(buf, hash->pbData, size);
1484 CryptMemFree(buf);
1485 }
1486 }
1487 else
1488 ret = FALSE;
1489 return ret;
1490 }
1491
1492 static inline PCCERT_CONTEXT cert_compare_certs_in_store(HCERTSTORE store,
1493 PCCERT_CONTEXT prev, CertCompareFunc compare, DWORD dwType, DWORD dwFlags,
1494 const void *pvPara)
1495 {
1496 BOOL matches = FALSE;
1497 PCCERT_CONTEXT ret;
1498
1499 ret = prev;
1500 do {
1501 ret = CertEnumCertificatesInStore(store, ret);
1502 if (ret)
1503 matches = compare(ret, dwType, dwFlags, pvPara);
1504 } while (ret != NULL && !matches);
1505 return ret;
1506 }
1507
1508 typedef PCCERT_CONTEXT (*CertFindFunc)(HCERTSTORE store, DWORD dwType,
1509 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev);
1510
1511 static PCCERT_CONTEXT find_cert_any(HCERTSTORE store, DWORD dwType,
1512 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1513 {
1514 return CertEnumCertificatesInStore(store, prev);
1515 }
1516
1517 static PCCERT_CONTEXT find_cert_by_issuer(HCERTSTORE store, DWORD dwType,
1518 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1519 {
1520 BOOL ret;
1521 PCCERT_CONTEXT found = NULL, subject = pvPara;
1522 PCERT_EXTENSION ext;
1523 DWORD size;
1524
1525 if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
1526 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
1527 {
1528 CERT_AUTHORITY_KEY_ID_INFO *info;
1529
1530 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
1531 X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
1532 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1533 &info, &size);
1534 if (ret)
1535 {
1536 CERT_ID id;
1537
1538 if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
1539 {
1540 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1541 memcpy(&id.u.IssuerSerialNumber.Issuer, &info->CertIssuer,
1542 sizeof(CERT_NAME_BLOB));
1543 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
1544 &info->CertSerialNumber, sizeof(CRYPT_INTEGER_BLOB));
1545 }
1546 else if (info->KeyId.cbData)
1547 {
1548 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
1549 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
1550 }
1551 else
1552 ret = FALSE;
1553 if (ret)
1554 found = cert_compare_certs_in_store(store, prev,
1555 compare_cert_by_cert_id, dwType, dwFlags, &id);
1556 LocalFree(info);
1557 }
1558 }
1559 else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
1560 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
1561 {
1562 CERT_AUTHORITY_KEY_ID2_INFO *info;
1563
1564 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
1565 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
1566 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1567 &info, &size);
1568 if (ret)
1569 {
1570 CERT_ID id;
1571
1572 if (info->AuthorityCertIssuer.cAltEntry &&
1573 info->AuthorityCertSerialNumber.cbData)
1574 {
1575 PCERT_ALT_NAME_ENTRY directoryName = NULL;
1576 DWORD i;
1577
1578 for (i = 0; !directoryName &&
1579 i < info->AuthorityCertIssuer.cAltEntry; i++)
1580 if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
1581 == CERT_ALT_NAME_DIRECTORY_NAME)
1582 directoryName =
1583 &info->AuthorityCertIssuer.rgAltEntry[i];
1584 if (directoryName)
1585 {
1586 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1587 memcpy(&id.u.IssuerSerialNumber.Issuer,
1588 &directoryName->u.DirectoryName, sizeof(CERT_NAME_BLOB));
1589 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
1590 &info->AuthorityCertSerialNumber,
1591 sizeof(CRYPT_INTEGER_BLOB));
1592 }
1593 else
1594 {
1595 FIXME("no supported name type in authority key id2\n");
1596 ret = FALSE;
1597 }
1598 }
1599 else if (info->KeyId.cbData)
1600 {
1601 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
1602 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
1603 }
1604 else
1605 ret = FALSE;
1606 if (ret)
1607 found = cert_compare_certs_in_store(store, prev,
1608 compare_cert_by_cert_id, dwType, dwFlags, &id);
1609 LocalFree(info);
1610 }
1611 }
1612 else
1613 found = cert_compare_certs_in_store(store, prev,
1614 compare_cert_by_name, CERT_COMPARE_NAME | CERT_COMPARE_SUBJECT_CERT,
1615 dwFlags, &subject->pCertInfo->Issuer);
1616 return found;
1617 }
1618
1619 static BOOL compare_cert_by_name_str(PCCERT_CONTEXT pCertContext,
1620 DWORD dwType, DWORD dwFlags, const void *pvPara)
1621 {
1622 PCERT_NAME_BLOB name;
1623 DWORD len;
1624 BOOL ret = FALSE;
1625
1626 if (dwType & CERT_INFO_SUBJECT_FLAG)
1627 name = &pCertContext->pCertInfo->Subject;
1628 else
1629 name = &pCertContext->pCertInfo->Issuer;
1630 len = CertNameToStrW(pCertContext->dwCertEncodingType, name,
1631 CERT_SIMPLE_NAME_STR, NULL, 0);
1632 if (len)
1633 {
1634 LPWSTR str = CryptMemAlloc(len * sizeof(WCHAR));
1635
1636 if (str)
1637 {
1638 LPWSTR ptr;
1639
1640 CertNameToStrW(pCertContext->dwCertEncodingType, name,
1641 CERT_SIMPLE_NAME_STR, str, len);
1642 for (ptr = str; *ptr; ptr++)
1643 *ptr = tolowerW(*ptr);
1644 if (strstrW(str, pvPara))
1645 ret = TRUE;
1646 CryptMemFree(str);
1647 }
1648 }
1649 return ret;
1650 }
1651
1652 static PCCERT_CONTEXT find_cert_by_name_str_a(HCERTSTORE store, DWORD dwType,
1653 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1654 {
1655 PCCERT_CONTEXT found = NULL;
1656
1657 TRACE("%s\n", debugstr_a(pvPara));
1658
1659 if (pvPara)
1660 {
1661 int len = MultiByteToWideChar(CP_ACP, 0, pvPara, -1, NULL, 0);
1662 LPWSTR str = CryptMemAlloc(len * sizeof(WCHAR));
1663
1664 if (str)
1665 {
1666 LPWSTR ptr;
1667
1668 MultiByteToWideChar(CP_ACP, 0, pvPara, -1, str, len);
1669 for (ptr = str; *ptr; ptr++)
1670 *ptr = tolowerW(*ptr);
1671 found = cert_compare_certs_in_store(store, prev,
1672 compare_cert_by_name_str, dwType, dwFlags, str);
1673 CryptMemFree(str);
1674 }
1675 }
1676 else
1677 found = find_cert_any(store, dwType, dwFlags, NULL, prev);
1678 return found;
1679 }
1680
1681 static PCCERT_CONTEXT find_cert_by_name_str_w(HCERTSTORE store, DWORD dwType,
1682 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1683 {
1684 PCCERT_CONTEXT found = NULL;
1685
1686 TRACE("%s\n", debugstr_w(pvPara));
1687
1688 if (pvPara)
1689 {
1690 DWORD len = strlenW(pvPara);
1691 LPWSTR str = CryptMemAlloc((len + 1) * sizeof(WCHAR));
1692
1693 if (str)
1694 {
1695 LPCWSTR src;
1696 LPWSTR dst;
1697
1698 for (src = pvPara, dst = str; *src; src++, dst++)
1699 *dst = tolowerW(*src);
1700 *dst = 0;
1701 found = cert_compare_certs_in_store(store, prev,
1702 compare_cert_by_name_str, dwType, dwFlags, str);
1703 CryptMemFree(str);
1704 }
1705 }
1706 else
1707 found = find_cert_any(store, dwType, dwFlags, NULL, prev);
1708 return found;
1709 }
1710
1711 PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore,
1712 DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara,
1713 PCCERT_CONTEXT pPrevCertContext)
1714 {
1715 PCCERT_CONTEXT ret;
1716 CertFindFunc find = NULL;
1717 CertCompareFunc compare = NULL;
1718
1719 TRACE("(%p, %08x, %08x, %08x, %p, %p)\n", hCertStore, dwCertEncodingType,
1720 dwFlags, dwType, pvPara, pPrevCertContext);
1721
1722 switch (dwType >> CERT_COMPARE_SHIFT)
1723 {
1724 case CERT_COMPARE_ANY:
1725 find = find_cert_any;
1726 break;
1727 case CERT_COMPARE_MD5_HASH:
1728 compare = compare_cert_by_md5_hash;
1729 break;
1730 case CERT_COMPARE_SHA1_HASH:
1731 compare = compare_cert_by_sha1_hash;
1732 break;
1733 case CERT_COMPARE_NAME:
1734 compare = compare_cert_by_name;
1735 break;
1736 case CERT_COMPARE_PUBLIC_KEY:
1737 compare = compare_cert_by_public_key;
1738 break;
1739 case CERT_COMPARE_NAME_STR_A:
1740 find = find_cert_by_name_str_a;
1741 break;
1742 case CERT_COMPARE_NAME_STR_W:
1743 find = find_cert_by_name_str_w;
1744 break;
1745 case CERT_COMPARE_SUBJECT_CERT:
1746 compare = compare_cert_by_subject_cert;
1747 break;
1748 case CERT_COMPARE_CERT_ID:
1749 compare = compare_cert_by_cert_id;
1750 break;
1751 case CERT_COMPARE_ISSUER_OF:
1752 find = find_cert_by_issuer;
1753 break;
1754 case CERT_COMPARE_EXISTING:
1755 compare = compare_existing_cert;
1756 break;
1757 case CERT_COMPARE_SIGNATURE_HASH:
1758 compare = compare_cert_by_signature_hash;
1759 break;
1760 default:
1761 FIXME("find type %08x unimplemented\n", dwType);
1762 }
1763
1764 if (find)
1765 ret = find(hCertStore, dwFlags, dwType, pvPara, pPrevCertContext);
1766 else if (compare)
1767 ret = cert_compare_certs_in_store(hCertStore, pPrevCertContext,
1768 compare, dwType, dwFlags, pvPara);
1769 else
1770 ret = NULL;
1771 if (!ret)
1772 SetLastError(CRYPT_E_NOT_FOUND);
1773 TRACE("returning %p\n", ret);
1774 return ret;
1775 }
1776
1777 PCCERT_CONTEXT WINAPI CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore,
1778 DWORD dwCertEncodingType, PCERT_INFO pCertId)
1779 {
1780 TRACE("(%p, %08x, %p)\n", hCertStore, dwCertEncodingType, pCertId);
1781
1782 if (!pCertId)
1783 {
1784 SetLastError(E_INVALIDARG);
1785 return NULL;
1786 }
1787 return CertFindCertificateInStore(hCertStore, dwCertEncodingType, 0,
1788 CERT_FIND_SUBJECT_CERT, pCertId, NULL);
1789 }
1790
1791 BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
1792 PCCERT_CONTEXT pIssuer, DWORD *pdwFlags)
1793 {
1794 static const DWORD supportedFlags = CERT_STORE_REVOCATION_FLAG |
1795 CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG;
1796
1797 if (*pdwFlags & ~supportedFlags)
1798 {
1799 SetLastError(E_INVALIDARG);
1800 return FALSE;
1801 }
1802 if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
1803 {
1804 DWORD flags = 0;
1805 PCCRL_CONTEXT crl = CertGetCRLFromStore(pSubject->hCertStore, pSubject,
1806 NULL, &flags);
1807
1808 /* FIXME: what if the CRL has expired? */
1809 if (crl)
1810 {
1811 if (CertVerifyCRLRevocation(pSubject->dwCertEncodingType,
1812 pSubject->pCertInfo, 1, (PCRL_INFO *)&crl->pCrlInfo))
1813 *pdwFlags &= CERT_STORE_REVOCATION_FLAG;
1814 }
1815 else
1816 *pdwFlags |= CERT_STORE_NO_CRL_FLAG;
1817 }
1818 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
1819 {
1820 if (0 == CertVerifyTimeValidity(NULL, pSubject->pCertInfo))
1821 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
1822 }
1823 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
1824 {
1825 if (CryptVerifyCertificateSignatureEx(0, pSubject->dwCertEncodingType,
1826 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)pSubject,
1827 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuer, 0, NULL))
1828 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
1829 }
1830 return TRUE;
1831 }
1832
1833 PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
1834 PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext,
1835 DWORD *pdwFlags)
1836 {
1837 PCCERT_CONTEXT ret;
1838
1839 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pSubjectContext,
1840 pPrevIssuerContext, *pdwFlags);
1841
1842 if (!pSubjectContext)
1843 {
1844 SetLastError(E_INVALIDARG);
1845 return NULL;
1846 }
1847
1848 ret = CertFindCertificateInStore(hCertStore,
1849 pSubjectContext->dwCertEncodingType, 0, CERT_FIND_ISSUER_OF,
1850 pSubjectContext, pPrevIssuerContext);
1851 if (ret)
1852 {
1853 if (!CertVerifySubjectCertificateContext(pSubjectContext, ret,
1854 pdwFlags))
1855 {
1856 CertFreeCertificateContext(ret);
1857 ret = NULL;
1858 }
1859 }
1860 TRACE("returning %p\n", ret);
1861 return ret;
1862 }
1863
1864 typedef struct _OLD_CERT_REVOCATION_STATUS {
1865 DWORD cbSize;
1866 DWORD dwIndex;
1867 DWORD dwError;
1868 DWORD dwReason;
1869 } OLD_CERT_REVOCATION_STATUS;
1870
1871 typedef BOOL (WINAPI *CertVerifyRevocationFunc)(DWORD, DWORD, DWORD,
1872 void **, DWORD, PCERT_REVOCATION_PARA, PCERT_REVOCATION_STATUS);
1873
1874 BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1875 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1876 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1877 {
1878 BOOL ret;
1879
1880 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1881 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1882
1883 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1884 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1885 {
1886 SetLastError(E_INVALIDARG);
1887 return FALSE;
1888 }
1889 if (cContext)
1890 {
1891 static HCRYPTOIDFUNCSET set = NULL;
1892 DWORD size;
1893
1894 if (!set)
1895 set = CryptInitOIDFunctionSet(CRYPT_OID_VERIFY_REVOCATION_FUNC, 0);
1896 ret = CryptGetDefaultOIDDllList(set, dwEncodingType, NULL, &size);
1897 if (ret)
1898 {
1899 if (size == 1)
1900 {
1901 /* empty list */
1902 SetLastError(CRYPT_E_NO_REVOCATION_DLL);
1903 ret = FALSE;
1904 }
1905 else
1906 {
1907 LPWSTR dllList = CryptMemAlloc(size * sizeof(WCHAR)), ptr;
1908
1909 if (dllList)
1910 {
1911 ret = CryptGetDefaultOIDDllList(set, dwEncodingType,
1912 dllList, &size);
1913 if (ret)
1914 {
1915 for (ptr = dllList; ret && *ptr;
1916 ptr += lstrlenW(ptr) + 1)
1917 {
1918 CertVerifyRevocationFunc func;
1919 HCRYPTOIDFUNCADDR hFunc;
1920
1921 ret = CryptGetDefaultOIDFunctionAddress(set,
1922 dwEncodingType, ptr, 0, (void **)&func, &hFunc);
1923 if (ret)
1924 {
1925 ret = func(dwEncodingType, dwRevType, cContext,
1926 rgpvContext, dwFlags, pRevPara, pRevStatus);
1927 CryptFreeOIDFunctionAddress(hFunc, 0);
1928 }
1929 }
1930 }
1931 CryptMemFree(dllList);
1932 }
1933 else
1934 {
1935 SetLastError(ERROR_OUTOFMEMORY);
1936 ret = FALSE;
1937 }
1938 }
1939 }
1940 }
1941 else
1942 ret = TRUE;
1943 return ret;
1944 }
1945
1946 PCRYPT_ATTRIBUTE WINAPI CertFindAttribute(LPCSTR pszObjId, DWORD cAttr,
1947 CRYPT_ATTRIBUTE rgAttr[])
1948 {
1949 PCRYPT_ATTRIBUTE ret = NULL;
1950 DWORD i;
1951
1952 TRACE("%s %d %p\n", debugstr_a(pszObjId), cAttr, rgAttr);
1953
1954 if (!cAttr)
1955 return NULL;
1956 if (!pszObjId)
1957 {
1958 SetLastError(ERROR_INVALID_PARAMETER);
1959 return NULL;
1960 }
1961
1962 for (i = 0; !ret && i < cAttr; i++)
1963 if (rgAttr[i].pszObjId && !strcmp(pszObjId, rgAttr[i].pszObjId))
1964 ret = &rgAttr[i];
1965 return ret;
1966 }
1967
1968 PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions,
1969 CERT_EXTENSION rgExtensions[])
1970 {
1971 PCERT_EXTENSION ret = NULL;
1972 DWORD i;
1973
1974 TRACE("%s %d %p\n", debugstr_a(pszObjId), cExtensions, rgExtensions);
1975
1976 if (!cExtensions)
1977 return NULL;
1978 if (!pszObjId)
1979 {
1980 SetLastError(ERROR_INVALID_PARAMETER);
1981 return NULL;
1982 }
1983
1984 for (i = 0; !ret && i < cExtensions; i++)
1985 if (rgExtensions[i].pszObjId && !strcmp(pszObjId,
1986 rgExtensions[i].pszObjId))
1987 ret = &rgExtensions[i];
1988 return ret;
1989 }
1990
1991 PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
1992 {
1993 PCERT_RDN_ATTR ret = NULL;
1994 DWORD i, j;
1995
1996 TRACE("%s %p\n", debugstr_a(pszObjId), pName);
1997
1998 if (!pszObjId)
1999 {
2000 SetLastError(ERROR_INVALID_PARAMETER);
2001 return NULL;
2002 }
2003
2004 for (i = 0; !ret && i < pName->cRDN; i++)
2005 for (j = 0; !ret && j < pName->rgRDN[i].cRDNAttr; j++)
2006 if (pName->rgRDN[i].rgRDNAttr[j].pszObjId && !strcmp(pszObjId,
2007 pName->rgRDN[i].rgRDNAttr[j].pszObjId))
2008 ret = &pName->rgRDN[i].rgRDNAttr[j];
2009 return ret;
2010 }
2011
2012 static BOOL find_matching_rdn_attr(DWORD dwFlags, const CERT_NAME_INFO *name,
2013 const CERT_RDN_ATTR *attr)
2014 {
2015 DWORD i, j;
2016 BOOL match = FALSE;
2017
2018 for (i = 0; !match && i < name->cRDN; i++)
2019 {
2020 for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
2021 {
2022 if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId,
2023 attr->pszObjId) &&
2024 name->rgRDN[i].rgRDNAttr[j].dwValueType ==
2025 attr->dwValueType)
2026 {
2027 if (dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG)
2028 {
2029 LPCWSTR nameStr =
2030 (LPCWSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData;
2031 LPCWSTR attrStr = (LPCWSTR)attr->Value.pbData;
2032
2033 if (attr->Value.cbData !=
2034 name->rgRDN[i].rgRDNAttr[j].Value.cbData)
2035 match = FALSE;
2036 else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG)
2037 match = !strncmpiW(nameStr, attrStr,
2038 attr->Value.cbData / sizeof(WCHAR));
2039 else
2040 match = !strncmpW(nameStr, attrStr,
2041 attr->Value.cbData / sizeof(WCHAR));
2042 TRACE("%s : %s => %d\n",
2043 debugstr_wn(nameStr, attr->Value.cbData / sizeof(WCHAR)),
2044 debugstr_wn(attrStr, attr->Value.cbData / sizeof(WCHAR)),
2045 match);
2046 }
2047 else
2048 {
2049 LPCSTR nameStr =
2050 (LPCSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData;
2051 LPCSTR attrStr = (LPCSTR)attr->Value.pbData;
2052
2053 if (attr->Value.cbData !=
2054 name->rgRDN[i].rgRDNAttr[j].Value.cbData)
2055 match = FALSE;
2056 else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG)
2057 match = !strncasecmp(nameStr, attrStr,
2058 attr->Value.cbData);
2059 else
2060 match = !strncmp(nameStr, attrStr, attr->Value.cbData);
2061 TRACE("%s : %s => %d\n",
2062 debugstr_an(nameStr, attr->Value.cbData),
2063 debugstr_an(attrStr, attr->Value.cbData), match);
2064 }
2065 }
2066 }
2067 }
2068 return match;
2069 }
2070
2071 BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType,
2072 DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN)
2073 {
2074 CERT_NAME_INFO *name;
2075 LPCSTR type;
2076 DWORD size;
2077 BOOL ret;
2078
2079 TRACE("(%08x, %08x, %p, %p)\n", dwCertEncodingType, dwFlags, pCertName,
2080 pRDN);
2081
2082 type = dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG ? X509_UNICODE_NAME :
2083 X509_NAME;
2084 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, type, pCertName->pbData,
2085 pCertName->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &name, &size)))
2086 {
2087 DWORD i;
2088
2089 for (i = 0; ret && i < pRDN->cRDNAttr; i++)
2090 ret = find_matching_rdn_attr(dwFlags, name, &pRDN->rgRDNAttr[i]);
2091 if (!ret)
2092 SetLastError(CRYPT_E_NO_MATCH);
2093 LocalFree(name);
2094 }
2095 return ret;
2096 }
2097
2098 LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify,
2099 PCERT_INFO pCertInfo)
2100 {
2101 FILETIME fileTime;
2102 LONG ret;
2103
2104 if (!pTimeToVerify)
2105 {
2106 GetSystemTimeAsFileTime(&fileTime);
2107 pTimeToVerify = &fileTime;
2108 }
2109 if ((ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotBefore)) >= 0)
2110 {
2111 ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotAfter);
2112 if (ret < 0)
2113 ret = 0;
2114 }
2115 return ret;
2116 }
2117
2118 BOOL WINAPI CertVerifyValidityNesting(PCERT_INFO pSubjectInfo,
2119 PCERT_INFO pIssuerInfo)
2120 {
2121 TRACE("(%p, %p)\n", pSubjectInfo, pIssuerInfo);
2122
2123 return CertVerifyTimeValidity(&pSubjectInfo->NotBefore, pIssuerInfo) == 0
2124 && CertVerifyTimeValidity(&pSubjectInfo->NotAfter, pIssuerInfo) == 0;
2125 }
2126
2127 BOOL WINAPI CryptHashCertificate(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid,
2128 DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash,
2129 DWORD *pcbComputedHash)
2130 {
2131 BOOL ret = TRUE;
2132 HCRYPTHASH hHash = 0;
2133
2134 TRACE("(%08lx, %d, %08x, %p, %d, %p, %p)\n", hCryptProv, Algid, dwFlags,
2135 pbEncoded, cbEncoded, pbComputedHash, pcbComputedHash);
2136
2137 if (!hCryptProv)
2138 hCryptProv = CRYPT_GetDefaultProvider();
2139 if (!Algid)
2140 Algid = CALG_SHA1;
2141 if (ret)
2142 {
2143 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
2144 if (ret)
2145 {
2146 ret = CryptHashData(hHash, pbEncoded, cbEncoded, 0);
2147 if (ret)
2148 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2149 pcbComputedHash, 0);
2150 CryptDestroyHash(hHash);
2151 }
2152 }
2153 return ret;
2154 }
2155
2156 BOOL WINAPI CryptHashPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid,
2157 DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
2158 BYTE *pbComputedHash, DWORD *pcbComputedHash)
2159 {
2160 BOOL ret = TRUE;
2161 HCRYPTHASH hHash = 0;
2162
2163 TRACE("(%08lx, %d, %08x, %d, %p, %p, %p)\n", hCryptProv, Algid, dwFlags,
2164 dwCertEncodingType, pInfo, pbComputedHash, pcbComputedHash);
2165
2166 if (!hCryptProv)
2167 hCryptProv = CRYPT_GetDefaultProvider();
2168 if (!Algid)
2169 Algid = CALG_MD5;
2170 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
2171 {
2172 SetLastError(ERROR_FILE_NOT_FOUND);
2173 return FALSE;
2174 }
2175 if (ret)
2176 {
2177 BYTE *buf;
2178 DWORD size = 0;
2179
2180 ret = CRYPT_AsnEncodePubKeyInfoNoNull(dwCertEncodingType,
2181 X509_PUBLIC_KEY_INFO, pInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
2182 (LPBYTE)&buf, &size);
2183 if (ret)
2184 {
2185 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
2186 if (ret)
2187 {
2188 ret = CryptHashData(hHash, buf, size, 0);
2189 if (ret)
2190 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2191 pcbComputedHash, 0);
2192 CryptDestroyHash(hHash);
2193 }
2194 LocalFree(buf);
2195 }
2196 }
2197 return ret;
2198 }
2199
2200 BOOL WINAPI CryptHashToBeSigned(HCRYPTPROV_LEGACY hCryptProv,
2201 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
2202 BYTE *pbComputedHash, DWORD *pcbComputedHash)
2203 {
2204 BOOL ret;
2205 CERT_SIGNED_CONTENT_INFO *info;
2206 DWORD size;
2207
2208 TRACE("(%08lx, %08x, %p, %d, %p, %d)\n", hCryptProv, dwCertEncodingType,
2209 pbEncoded, cbEncoded, pbComputedHash, *pcbComputedHash);
2210
2211 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
2212 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
2213 if (ret)
2214 {
2215 PCCRYPT_OID_INFO oidInfo;
2216 HCRYPTHASH hHash;
2217
2218 if (!hCryptProv)
2219 hCryptProv = CRYPT_GetDefaultProvider();
2220 oidInfo = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2221 info->SignatureAlgorithm.pszObjId, 0);
2222 if (!oidInfo)
2223 {
2224 SetLastError(NTE_BAD_ALGID);
2225 ret = FALSE;
2226 }
2227 else
2228 {
2229 ret = CryptCreateHash(hCryptProv, oidInfo->u.Algid, 0, 0, &hHash);
2230 if (ret)
2231 {
2232 ret = CryptHashData(hHash, info->ToBeSigned.pbData,
2233 info->ToBeSigned.cbData, 0);
2234 if (ret)
2235 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2236 pcbComputedHash, 0);
2237 CryptDestroyHash(hHash);
2238 }
2239 }
2240 LocalFree(info);
2241 }
2242 return ret;
2243 }
2244
2245 BOOL WINAPI CryptSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv,
2246 DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned,
2247 DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
2248 const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
2249 {
2250 BOOL ret;
2251 PCCRYPT_OID_INFO info;
2252 HCRYPTHASH hHash;
2253
2254 TRACE("(%08lx, %d, %d, %p, %d, %p, %p, %p, %p)\n", hCryptProv,
2255 dwKeySpec, dwCertEncodingType, pbEncodedToBeSigned, cbEncodedToBeSigned,
2256 pSignatureAlgorithm, pvHashAuxInfo, pbSignature, pcbSignature);
2257
2258 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2259 pSignatureAlgorithm->pszObjId, 0);
2260 if (!info)
2261 {
2262 SetLastError(NTE_BAD_ALGID);
2263 return FALSE;
2264 }
2265 if (info->dwGroupId == CRYPT_HASH_ALG_OID_GROUP_ID)
2266 {
2267 if (!hCryptProv)
2268 hCryptProv = CRYPT_GetDefaultProvider();
2269 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
2270 if (ret)
2271 {
2272 ret = CryptHashData(hHash, pbEncodedToBeSigned,
2273 cbEncodedToBeSigned, 0);
2274 if (ret)
2275 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbSignature,
2276 pcbSignature, 0);
2277 CryptDestroyHash(hHash);
2278 }
2279 }
2280 else
2281 {
2282 if (!hCryptProv)
2283 {
2284 SetLastError(ERROR_INVALID_PARAMETER);
2285 ret = FALSE;
2286 }
2287 else
2288 {
2289 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
2290 if (ret)
2291 {
2292 ret = CryptHashData(hHash, pbEncodedToBeSigned,
2293 cbEncodedToBeSigned, 0);
2294 if (ret)
2295 ret = CryptSignHashW(hHash, dwKeySpec, NULL, 0, pbSignature,
2296 pcbSignature);
2297 CryptDestroyHash(hHash);
2298 }
2299 }
2300 }
2301 return ret;
2302 }
2303
2304 BOOL WINAPI CryptSignAndEncodeCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv,
2305 DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
2306 const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
2307 const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD *pcbEncoded)
2308 {
2309 BOOL ret;
2310 DWORD encodedSize, hashSize;
2311
2312 TRACE("(%08lx, %d, %d, %s, %p, %p, %p, %p, %p)\n", hCryptProv, dwKeySpec,
2313 dwCertEncodingType, debugstr_a(lpszStructType), pvStructInfo,
2314 pSignatureAlgorithm, pvHashAuxInfo, pbEncoded, pcbEncoded);
2315
2316 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType, pvStructInfo,
2317 NULL, &encodedSize);
2318 if (ret)
2319 {
2320 PBYTE encoded = CryptMemAlloc(encodedSize);
2321
2322 if (encoded)
2323 {
2324 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType,
2325 pvStructInfo, encoded, &encodedSize);
2326 if (ret)
2327 {
2328 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
2329 dwCertEncodingType, encoded, encodedSize, pSignatureAlgorithm,
2330 pvHashAuxInfo, NULL, &hashSize);
2331 if (ret)
2332 {
2333 PBYTE hash = CryptMemAlloc(hashSize);
2334
2335 if (hash)
2336 {
2337 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
2338 dwCertEncodingType, encoded, encodedSize,
2339 pSignatureAlgorithm, pvHashAuxInfo, hash, &hashSize);
2340 if (ret)
2341 {
2342 CERT_SIGNED_CONTENT_INFO info = { { 0 } };
2343
2344 info.ToBeSigned.cbData = encodedSize;
2345 info.ToBeSigned.pbData = encoded;
2346 info.SignatureAlgorithm = *pSignatureAlgorithm;
2347 info.Signature.cbData = hashSize;
2348 info.Signature.pbData = hash;
2349 info.Signature.cUnusedBits = 0;
2350 ret = CryptEncodeObject(dwCertEncodingType,
2351 X509_CERT, &info, pbEncoded, pcbEncoded);
2352 }
2353 CryptMemFree(hash);
2354 }
2355 }
2356 }
2357 CryptMemFree(encoded);
2358 }
2359 }
2360 return ret;
2361 }
2362
2363 BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV_LEGACY hCryptProv,
2364 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
2365 PCERT_PUBLIC_KEY_INFO pPublicKey)
2366 {
2367 CRYPT_DATA_BLOB blob = { cbEncoded, (BYTE *)pbEncoded };
2368
2369 return CryptVerifyCertificateSignatureEx(hCryptProv, dwCertEncodingType,
2370 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &blob,
2371 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
2372 }
2373
2374 static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv,
2375 DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
2376 const CERT_SIGNED_CONTENT_INFO *signedCert)
2377 {
2378 BOOL ret;
2379 HCRYPTKEY key;
2380 PCCRYPT_OID_INFO info;
2381 ALG_ID pubKeyID, hashID;
2382
2383 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2384 signedCert->SignatureAlgorithm.pszObjId, 0);
2385 if (!info || info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID)
2386 {
2387 SetLastError(NTE_BAD_ALGID);
2388 return FALSE;
2389 }
2390 hashID = info->u.Algid;
2391 if (info->ExtraInfo.cbData >= sizeof(ALG_ID))
2392 pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData;
2393 else
2394 pubKeyID = hashID;
2395 /* Load the default provider if necessary */
2396 if (!hCryptProv)
2397 hCryptProv = CRYPT_GetDefaultProvider();
2398 ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
2399 pubKeyInfo, pubKeyID, 0, NULL, &key);
2400 if (ret)
2401 {
2402 HCRYPTHASH hash;
2403
2404 ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash);
2405 if (ret)
2406 {
2407 ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
2408 signedCert->ToBeSigned.cbData, 0);
2409 if (ret)
2410 ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
2411 signedCert->Signature.cbData, key, NULL, 0);
2412 CryptDestroyHash(hash);
2413 }
2414 CryptDestroyKey(key);
2415 }
2416 return ret;
2417 }
2418
2419 BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv,
2420 DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
2421 DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
2422 {
2423 BOOL ret = TRUE;
2424 CRYPT_DATA_BLOB subjectBlob;
2425
2426 TRACE("(%08lx, %d, %d, %p, %d, %p, %08x, %p)\n", hCryptProv,
2427 dwCertEncodingType, dwSubjectType, pvSubject, dwIssuerType, pvIssuer,
2428 dwFlags, pvReserved);
2429
2430 switch (dwSubjectType)
2431 {
2432 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB:
2433 {
2434 PCRYPT_DATA_BLOB blob = pvSubject;
2435
2436 subjectBlob.pbData = blob->pbData;
2437 subjectBlob.cbData = blob->cbData;
2438 break;
2439 }
2440 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT:
2441 {
2442 PCERT_CONTEXT context = pvSubject;
2443
2444 subjectBlob.pbData = context->pbCertEncoded;
2445 subjectBlob.cbData = context->cbCertEncoded;
2446 break;
2447 }
2448 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL:
2449 {
2450 PCRL_CONTEXT context = pvSubject;
2451
2452 subjectBlob.pbData = context->pbCrlEncoded;
2453 subjectBlob.cbData = context->cbCrlEncoded;
2454 break;
2455 }
2456 default:
2457 SetLastError(E_INVALIDARG);
2458 ret = FALSE;
2459 }
2460
2461 if (ret)
2462 {
2463 PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
2464 DWORD size = 0;
2465
2466 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
2467 subjectBlob.pbData, subjectBlob.cbData,
2468 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
2469 &signedCert, &size);
2470 if (ret)
2471 {
2472 switch (dwIssuerType)
2473 {
2474 case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
2475 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
2476 dwCertEncodingType, pvIssuer,
2477 signedCert);
2478 break;
2479 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
2480 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
2481 dwCertEncodingType,
2482 &((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
2483 signedCert);
2484 break;
2485 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
2486 FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
2487 ret = FALSE;
2488 break;
2489 case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
2490 if (pvIssuer)
2491 {
2492 SetLastError(E_INVALIDARG);
2493 ret = FALSE;
2494 }
2495 else
2496 {
2497 FIXME("unimplemented for NULL signer\n");
2498 SetLastError(E_INVALIDARG);
2499 ret = FALSE;
2500 }
2501 break;
2502 default:
2503 SetLastError(E_INVALIDARG);
2504 ret = FALSE;
2505 }
2506 LocalFree(signedCert);
2507 }
2508 }
2509 return ret;
2510 }
2511
2512 BOOL WINAPI CertGetIntendedKeyUsage(DWORD dwCertEncodingType,
2513 PCERT_INFO pCertInfo, BYTE *pbKeyUsage, DWORD cbKeyUsage)
2514 {
2515 PCERT_EXTENSION ext;
2516 BOOL ret = FALSE;
2517
2518 TRACE("(%08x, %p, %p, %d)\n", dwCertEncodingType, pCertInfo, pbKeyUsage,
2519 cbKeyUsage);
2520
2521 ext = CertFindExtension(szOID_KEY_USAGE, pCertInfo->cExtension,
2522 pCertInfo->rgExtension);
2523 if (ext)
2524 {
2525 CRYPT_BIT_BLOB usage;
2526 DWORD size = sizeof(usage);
2527
2528 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BITS,
2529 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL,
2530 &usage, &size);
2531 if (ret)
2532 {
2533 if (cbKeyUsage < usage.cbData)
2534 ret = FALSE;
2535 else
2536 {
2537 memcpy(pbKeyUsage, usage.pbData, usage.cbData);
2538 if (cbKeyUsage > usage.cbData)
2539 memset(pbKeyUsage + usage.cbData, 0,
2540 cbKeyUsage - usage.cbData);
2541 }
2542 }
2543 }
2544 else
2545 SetLastError(0);
2546 return ret;
2547 }
2548
2549 BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags,
2550 PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
2551 {
2552 PCERT_ENHKEY_USAGE usage = NULL;
2553 DWORD bytesNeeded;
2554 BOOL ret = TRUE;
2555
2556 if (!pCertContext || !pcbUsage)
2557 {
2558 SetLastError(ERROR_INVALID_PARAMETER);
2559 return FALSE;
2560 }
2561
2562 TRACE("(%p, %08x, %p, %d)\n", pCertContext, dwFlags, pUsage, *pcbUsage);
2563
2564 if (!(dwFlags & CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG))
2565 {
2566 DWORD propSize = 0;
2567
2568 if (CertGetCertificateContextProperty(pCertContext,
2569 CERT_ENHKEY_USAGE_PROP_ID, NULL, &propSize))
2570 {
2571 LPBYTE buf = CryptMemAlloc(propSize);
2572
2573 if (buf)
2574 {
2575 if (CertGetCertificateContextProperty(pCertContext,
2576 CERT_ENHKEY_USAGE_PROP_ID, buf, &propSize))
2577 {
2578 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
2579 X509_ENHANCED_KEY_USAGE, buf, propSize,
2580 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
2581 }
2582 CryptMemFree(buf);
2583 }
2584 }
2585 }
2586 if (!usage && !(dwFlags & CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG))
2587 {
2588 PCERT_EXTENSION ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
2589 pCertContext->pCertInfo->cExtension,
2590 pCertContext->pCertInfo->rgExtension);
2591
2592 if (ext)
2593 {
2594 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
2595 X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
2596 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
2597 }
2598 }
2599 if (!usage)
2600 {
2601 /* If a particular location is specified, this should fail. Otherwise
2602 * it should succeed with an empty usage. (This is true on Win2k and
2603 * later, which we emulate.)
2604 */
2605 if (dwFlags)
2606 {
2607 SetLastError(CRYPT_E_NOT_FOUND);
2608 ret = FALSE;
2609 }
2610 else
2611 bytesNeeded = sizeof(CERT_ENHKEY_USAGE);
2612 }
2613
2614 if (ret)
2615 {
2616 if (!pUsage)
2617 *pcbUsage = bytesNeeded;
2618 else if (*pcbUsage < bytesNeeded)
2619 {
2620 SetLastError(ERROR_MORE_DATA);
2621 *pcbUsage = bytesNeeded;
2622 ret = FALSE;
2623 }
2624 else
2625 {
2626 *pcbUsage = bytesNeeded;
2627 if (usage)
2628 {
2629 DWORD i;
2630 LPSTR nextOID = (LPSTR)((LPBYTE)pUsage +
2631 sizeof(CERT_ENHKEY_USAGE) +
2632 usage->cUsageIdentifier * sizeof(LPSTR));
2633
2634 pUsage->cUsageIdentifier = usage->cUsageIdentifier;
2635 pUsage->rgpszUsageIdentifier = (LPSTR *)((LPBYTE)pUsage +
2636 sizeof(CERT_ENHKEY_USAGE));
2637 for (i = 0; i < usage->cUsageIdentifier; i++)
2638 {
2639 pUsage->rgpszUsageIdentifier[i] = nextOID;
2640 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
2641 nextOID += strlen(nextOID) + 1;
2642 }
2643 }
2644 else
2645 pUsage->cUsageIdentifier = 0;
2646 }
2647 }
2648 if (usage)
2649 LocalFree(usage);
2650 TRACE("returning %d\n", ret);
2651 return ret;
2652 }
2653
2654 BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext,
2655 PCERT_ENHKEY_USAGE pUsage)
2656 {
2657 BOOL ret;
2658
2659 TRACE("(%p, %p)\n", pCertContext, pUsage);
2660
2661 if (pUsage)
2662 {
2663 CRYPT_DATA_BLOB blob = { 0, NULL };
2664
2665 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
2666 pUsage, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData, &blob.cbData);
2667 if (ret)
2668 {
2669 ret = CertSetCertificateContextProperty(pCertContext,
2670 CERT_ENHKEY_USAGE_PROP_ID, 0, &blob);
2671 LocalFree(blob.pbData);
2672 }
2673 }
2674 else
2675 ret = CertSetCertificateContextProperty(pCertContext,
2676 CERT_ENHKEY_USAGE_PROP_ID, 0, NULL);
2677 return ret;
2678 }
2679
2680 BOOL WINAPI CertAddEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
2681 LPCSTR pszUsageIdentifier)
2682 {
2683 BOOL ret;
2684 DWORD size;
2685
2686 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
2687
2688 if (CertGetEnhancedKeyUsage(pCertContext,
2689 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size))
2690 {
2691 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(size);
2692
2693 if (usage)
2694 {
2695 ret = CertGetEnhancedKeyUsage(pCertContext,
2696 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, usage, &size);
2697 if (ret)
2698 {
2699 DWORD i;
2700 BOOL exists = FALSE;
2701
2702 /* Make sure usage doesn't already exist */
2703 for (i = 0; !exists && i < usage->cUsageIdentifier; i++)
2704 {
2705 if (!strcmp(usage->rgpszUsageIdentifier[i],
2706 pszUsageIdentifier))
2707 exists = TRUE;
2708 }
2709 if (!exists)
2710 {
2711 PCERT_ENHKEY_USAGE newUsage = CryptMemAlloc(size +
2712 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
2713
2714 if (newUsage)
2715 {
2716 LPSTR nextOID;
2717
2718 newUsage->rgpszUsageIdentifier = (LPSTR *)
2719 ((LPBYTE)newUsage + sizeof(CERT_ENHKEY_USAGE));
2720 nextOID = (LPSTR)((LPBYTE)newUsage->rgpszUsageIdentifier
2721 + (usage->cUsageIdentifier + 1) * sizeof(LPSTR));
2722 for (i = 0; i < usage->cUsageIdentifier; i++)
2723 {
2724 newUsage->rgpszUsageIdentifier[i] = nextOID;
2725 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
2726 nextOID += strlen(nextOID) + 1;
2727 }
2728 newUsage->rgpszUsageIdentifier[i] = nextOID;
2729 strcpy(nextOID, pszUsageIdentifier);
2730 newUsage->cUsageIdentifier = i + 1;
2731 ret = CertSetEnhancedKeyUsage(pCertContext, newUsage);
2732 CryptMemFree(newUsage);
2733 }
2734 else
2735 ret = FALSE;
2736 }
2737 }
2738 CryptMemFree(usage);
2739 }
2740 else
2741 ret = FALSE;
2742 }
2743 else
2744 {
2745 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(sizeof(CERT_ENHKEY_USAGE) +
2746 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
2747
2748 if (usage)
2749 {
2750 usage->rgpszUsageIdentifier =
2751 (LPSTR *)((LPBYTE)usage + sizeof(CERT_ENHKEY_USAGE));
2752 usage->rgpszUsageIdentifier[0] = (LPSTR)((LPBYTE)usage +
2753 sizeof(CERT_ENHKEY_USAGE) + sizeof(LPSTR));
2754 strcpy(usage->rgpszUsageIdentifier[0], pszUsageIdentifier);
2755 usage->cUsageIdentifier = 1;
2756 ret = CertSetEnhancedKeyUsage(pCertContext, usage);
2757 CryptMemFree(usage);
2758 }
2759 else
2760 ret = FALSE;
2761 }
2762 return ret;
2763 }
2764
2765 BOOL WINAPI CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
2766 LPCSTR pszUsageIdentifier)
2767 {
2768 BOOL ret;
2769 DWORD size;
2770 CERT_ENHKEY_USAGE usage;
2771
2772 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
2773
2774 size = sizeof(usage);
2775 ret = CertGetEnhancedKeyUsage(pCertContext,
2776 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, &usage, &size);
2777 if (!ret && GetLastError() == ERROR_MORE_DATA)
2778 {
2779 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
2780
2781 if (pUsage)
2782 {
2783 ret = CertGetEnhancedKeyUsage(pCertContext,
2784 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2785 if (ret)
2786 {
2787 if (pUsage->cUsageIdentifier)
2788 {
2789 DWORD i;
2790 BOOL found = FALSE;
2791
2792 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2793 {
2794 if (!strcmp(pUsage->rgpszUsageIdentifier[i],
2795 pszUsageIdentifier))
2796 found = TRUE;
2797 if (found && i < pUsage->cUsageIdentifier - 1)
2798 pUsage->rgpszUsageIdentifier[i] =
2799 pUsage->rgpszUsageIdentifier[i + 1];
2800 }
2801 pUsage->cUsageIdentifier--;
2802 /* Remove the usage if it's empty */
2803 if (pUsage->cUsageIdentifier)
2804 ret = CertSetEnhancedKeyUsage(pCertContext, pUsage);
2805 else
2806 ret = CertSetEnhancedKeyUsage(pCertContext, NULL);
2807 }
2808 }
2809 CryptMemFree(pUsage);
2810 }
2811 else
2812 ret = FALSE;
2813 }
2814 else
2815 {
2816 /* it fit in an empty usage, therefore there's nothing to remove */
2817 ret = TRUE;
2818 }
2819 return ret;
2820 }
2821
2822 struct BitField
2823 {
2824 DWORD cIndexes;
2825 DWORD *indexes;
2826 };
2827
2828 #define BITS_PER_DWORD (sizeof(DWORD) * 8)
2829
2830 static void CRYPT_SetBitInField(struct BitField *field, DWORD bit)
2831 {
2832 DWORD indexIndex = bit / BITS_PER_DWORD;
2833
2834 if (indexIndex + 1 > field->cIndexes)
2835 {
2836 if (field->cIndexes)
2837 field->indexes = CryptMemRealloc(field->indexes,
2838 (indexIndex + 1) * sizeof(DWORD));
2839 else
2840 field->indexes = CryptMemAlloc(sizeof(DWORD));
2841 if (field->indexes)
2842 {
2843 field->indexes[indexIndex] = 0;
2844 field->cIndexes = indexIndex + 1;
2845 }
2846 }
2847 if (field->indexes)
2848 field->indexes[indexIndex] |= 1 << (bit % BITS_PER_DWORD);
2849 }
2850
2851 static BOOL CRYPT_IsBitInFieldSet(const struct BitField *field, DWORD bit)
2852 {
2853 BOOL set = FALSE;
2854 DWORD indexIndex = bit / BITS_PER_DWORD;
2855
2856 assert(field->cIndexes);
2857 set = field->indexes[indexIndex] & (1 << (bit % BITS_PER_DWORD));
2858 return set;
2859 }
2860
2861 BOOL WINAPI CertGetValidUsages(DWORD cCerts, PCCERT_CONTEXT *rghCerts,
2862 int *cNumOIDs, LPSTR *rghOIDs, DWORD *pcbOIDs)
2863 {
2864 BOOL ret = TRUE;
2865 DWORD i, cbOIDs = 0;
2866 BOOL allUsagesValid = TRUE;
2867 CERT_ENHKEY_USAGE validUsages = { 0, NULL };
2868
2869 TRACE("(%d, %p, %d, %p, %d)\n", cCerts, rghCerts, *cNumOIDs,
2870 rghOIDs, *pcbOIDs);
2871
2872 for (i = 0; i < cCerts; i++)
2873 {
2874 CERT_ENHKEY_USAGE usage;
2875 DWORD size = sizeof(usage);
2876
2877 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, &usage, &size);
2878 /* Success is deliberately ignored: it implies all usages are valid */
2879 if (!ret && GetLastError() == ERROR_MORE_DATA)
2880 {
2881 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
2882
2883 allUsagesValid = FALSE;
2884 if (pUsage)
2885 {
2886 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, pUsage, &size);
2887 if (ret)
2888 {
2889 if (!validUsages.cUsageIdentifier)
2890 {
2891 DWORD j;
2892
2893 cbOIDs = pUsage->cUsageIdentifier * sizeof(LPSTR);
2894 validUsages.cUsageIdentifier = pUsage->cUsageIdentifier;
2895 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2896 cbOIDs += lstrlenA(pUsage->rgpszUsageIdentifier[j])
2897 + 1;
2898 validUsages.rgpszUsageIdentifier =
2899 CryptMemAlloc(cbOIDs);
2900 if (validUsages.rgpszUsageIdentifier)
2901 {
2902 LPSTR nextOID = (LPSTR)
2903 ((LPBYTE)validUsages.rgpszUsageIdentifier +
2904 validUsages.cUsageIdentifier * sizeof(LPSTR));
2905
2906 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2907 {
2908 validUsages.rgpszUsageIdentifier[j] = nextOID;
2909 lstrcpyA(validUsages.rgpszUsageIdentifier[j],
2910 pUsage->rgpszUsageIdentifier[j]);
2911 nextOID += lstrlenA(nextOID) + 1;
2912 }
2913 }
2914 }
2915 else
2916 {
2917 struct BitField validIndexes = { 0, NULL };
2918 DWORD j, k, numRemoved = 0;
2919
2920 /* Merge: build a bitmap of all the indexes of
2921 * validUsages.rgpszUsageIdentifier that are in pUsage.
2922 */
2923 for (j = 0; j < pUsage->cUsageIdentifier; j++)
2924 {
2925 for (k = 0; k < validUsages.cUsageIdentifier; k++)
2926 {
2927 if (!strcmp(pUsage->rgpszUsageIdentifier[j],
2928 validUsages.rgpszUsageIdentifier[k]))
2929 {
2930 CRYPT_SetBitInField(&validIndexes, k);
2931 break;
2932 }
2933 }
2934 }
2935 /* Merge by removing from validUsages those that are
2936 * not in the bitmap.
2937 */
2938 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2939 {
2940 if (!CRYPT_IsBitInFieldSet(&validIndexes, j))
2941 {
2942 if (j < validUsages.cUsageIdentifier - 1)
2943 {
2944 memmove(&validUsages.rgpszUsageIdentifier[j],
2945 &validUsages.rgpszUsageIdentifier[j +
2946 numRemoved + 1],
2947 (validUsages.cUsageIdentifier - numRemoved
2948 - j - 1) * sizeof(LPSTR));
2949 cbOIDs -= lstrlenA(
2950 validUsages.rgpszUsageIdentifier[j]) + 1 +
2951 sizeof(LPSTR);
2952 validUsages.cUsageIdentifier--;
2953 numRemoved++;
2954 }
2955 else
2956 validUsages.cUsageIdentifier--;
2957 }
2958 }
2959 CryptMemFree(validIndexes.indexes);
2960 }
2961 }
2962 CryptMemFree(pUsage);
2963 }
2964 }
2965 }
2966 ret = TRUE;
2967 if (allUsagesValid)
2968 {
2969 *cNumOIDs = -1;
2970 *pcbOIDs = 0;
2971 }
2972 else
2973 {
2974 *cNumOIDs = validUsages.cUsageIdentifier;
2975 if (!rghOIDs)
2976 *pcbOIDs = cbOIDs;
2977 else if (*pcbOIDs < cbOIDs)
2978 {
2979 *pcbOIDs = cbOIDs;
2980 SetLastError(ERROR_MORE_DATA);
2981 ret = FALSE;
2982 }
2983 else
2984 {
2985 LPSTR nextOID = (LPSTR)((LPBYTE)rghOIDs +
2986 validUsages.cUsageIdentifier * sizeof(LPSTR));
2987
2988 *pcbOIDs = cbOIDs;
2989 for (i = 0; i < validUsages.cUsageIdentifier; i++)
2990 {
2991 rghOIDs[i] = nextOID;
2992 lstrcpyA(nextOID, validUsages.rgpszUsageIdentifier[i]);
2993 nextOID += lstrlenA(nextOID) + 1;
2994 }
2995 }
2996 }
2997 CryptMemFree(validUsages.rgpszUsageIdentifier);
2998 TRACE("cNumOIDs: %d\n", *cNumOIDs);
2999 TRACE("returning %d\n", ret);
3000 return ret;
3001 }
3002
3003 /* Sets the CERT_KEY_PROV_INFO_PROP_ID property of context from pInfo, or, if
3004 * pInfo is NULL, from the attributes of hProv.
3005 */
3006 static void CertContext_SetKeyProvInfo(PCCERT_CONTEXT context,
3007 const CRYPT_KEY_PROV_INFO *pInfo, HCRYPTPROV hProv)
3008 {
3009 CRYPT_KEY_PROV_INFO info = { 0 };
3010 BOOL ret;
3011
3012 if (!pInfo)
3013 {
3014 DWORD size;
3015 int len;
3016
3017 ret = CryptGetProvParam(hProv, PP_CONTAINER, NULL, &size, 0);
3018 if (ret)
3019 {
3020 LPSTR szContainer = CryptMemAlloc(size);
3021
3022 if (szContainer)
3023 {
3024 ret = CryptGetProvParam(hProv, PP_CONTAINER,
3025 (BYTE *)szContainer, &size, 0);
3026 if (ret)
3027 {
3028 len = MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
3029 NULL, 0);
3030 if (len)
3031 {
3032 info.pwszContainerName = CryptMemAlloc(len *
3033 sizeof(WCHAR));
3034 MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
3035 info.pwszContainerName, len);
3036 }
3037 }
3038 CryptMemFree(szContainer);
3039 }
3040 }
3041 ret = CryptGetProvParam(hProv, PP_NAME, NULL, &size, 0);
3042 if (ret)
3043 {
3044 LPSTR szProvider = CryptMemAlloc(size);
3045
3046 if (szProvider)
3047 {
3048 ret = CryptGetProvParam(hProv, PP_NAME, (BYTE *)szProvider,
3049 &size, 0);
3050 if (ret)
3051 {
3052 len = MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
3053 NULL, 0);
3054 if (len)
3055 {
3056 info.pwszProvName = CryptMemAlloc(len *
3057 sizeof(WCHAR));
3058 MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
3059 info.pwszProvName, len);
3060 }
3061 }
3062 CryptMemFree(szProvider);
3063 }
3064 }
3065 size = sizeof(info.dwKeySpec);
3066 /* in case no CRYPT_KEY_PROV_INFO given,
3067 * we always use AT_SIGNATURE key spec
3068 */
3069 info.dwKeySpec = AT_SIGNATURE;
3070 size = sizeof(info.dwProvType);
3071 ret = CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE)&info.dwProvType,
3072 &size, 0);
3073 if (!ret)
3074 info.dwProvType = PROV_RSA_FULL;
3075 pInfo = &info;
3076 }
3077
3078 CertSetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
3079 0, pInfo);
3080
3081 if (pInfo == &info)
3082 {
3083 CryptMemFree(info.pwszContainerName);
3084 CryptMemFree(info.pwszProvName);
3085 }
3086 }
3087
3088 /* Creates a signed certificate context from the unsigned, encoded certificate
3089 * in blob, using the crypto provider hProv and the signature algorithm sigAlgo.
3090 */
3091 static PCCERT_CONTEXT CRYPT_CreateSignedCert(const CRYPT_DER_BLOB *blob,
3092 HCRYPTPROV hProv, DWORD dwKeySpec, PCRYPT_ALGORITHM_IDENTIFIER sigAlgo)
3093 {
3094 PCCERT_CONTEXT context = NULL;
3095 BOOL ret;
3096 DWORD sigSize = 0;
3097
3098 ret = CryptSignCertificate(hProv, dwKeySpec, X509_ASN_ENCODING,
3099 blob->pbData, blob->cbData, sigAlgo, NULL, NULL, &sigSize);
3100 if (ret)
3101 {
3102 LPBYTE sig = CryptMemAlloc(sigSize);
3103
3104 ret = CryptSignCertificate(hProv, dwKeySpec, X509_ASN_ENCODING,
3105 blob->pbData, blob->cbData, sigAlgo, NULL, sig, &sigSize);
3106 if (ret)
3107 {
3108 CERT_SIGNED_CONTENT_INFO signedInfo;
3109 BYTE *encodedSignedCert = NULL;
3110 DWORD encodedSignedCertSize = 0;
3111
3112 signedInfo.ToBeSigned.cbData = blob->cbData;
3113 signedInfo.ToBeSigned.pbData = blob->pbData;
3114 signedInfo.SignatureAlgorithm = *sigAlgo;
3115 signedInfo.Signature.cbData = sigSize;
3116 signedInfo.Signature.pbData = sig;
3117 signedInfo.Signature.cUnusedBits = 0;
3118 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT,
3119 &signedInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
3120 &encodedSignedCert, &encodedSignedCertSize);
3121 if (ret)
3122 {
3123 context = CertCreateCertificateContext(X509_ASN_ENCODING,
3124 encodedSignedCert, encodedSignedCertSize);
3125 LocalFree(encodedSignedCert);
3126 }
3127 }
3128 CryptMemFree(sig);
3129 }
3130 return context;
3131 }
3132
3133 /* Copies data from the parameters into info, where:
3134 * pSerialNumber: The serial number. Must not be NULL.
3135 * pSubjectIssuerBlob: Specifies both the subject and issuer for info.
3136 * Must not be NULL
3137 * pSignatureAlgorithm: Optional.
3138 * pStartTime: The starting time of the certificate. If NULL, the current
3139 * system time is used.
3140 * pEndTime: The ending time of the certificate. If NULL, one year past the
3141 * starting time is used.
3142 * pubKey: The public key of the certificate. Must not be NULL.
3143 * pExtensions: Extensions to be included with the certificate. Optional.
3144 */
3145 static void CRYPT_MakeCertInfo(PCERT_INFO info, const CRYPT_DATA_BLOB *pSerialNumber,
3146 const CERT_NAME_BLOB *pSubjectIssuerBlob,
3147 const CRYPT_ALGORITHM_IDENTIFIER *pSignatureAlgorithm, const SYSTEMTIME *pStartTime,
3148 const SYSTEMTIME *pEndTime, const CERT_PUBLIC_KEY_INFO *pubKey,
3149 const CERT_EXTENSIONS *pExtensions)
3150 {
3151 static CHAR oid[] = szOID_RSA_SHA1RSA;
3152
3153 assert(info);
3154 assert(pSerialNumber);
3155 assert(pSubjectIssuerBlob);
3156 assert(pubKey);
3157
3158 if (pExtensions && pExtensions->cExtension)
3159 info->dwVersion = CERT_V3;
3160 else
3161 info->dwVersion = CERT_V1;
3162 info->SerialNumber.cbData = pSerialNumber->cbData;
3163 info->SerialNumber.pbData = pSerialNumber->pbData;
3164 if (pSignatureAlgorithm)
3165 info->SignatureAlgorithm = *pSignatureAlgorithm;
3166 else
3167 {
3168 info->SignatureAlgorithm.pszObjId = oid;
3169 info->SignatureAlgorithm.Parameters.cbData = 0;
3170 info->SignatureAlgorithm.Parameters.pbData = NULL;
3171 }
3172 info->Issuer.cbData = pSubjectIssuerBlob->cbData;
3173 info->Issuer.pbData = pSubjectIssuerBlob->pbData;
3174 if (pStartTime)
3175 SystemTimeToFileTime(pStartTime, &info->NotBefore);
3176 else
3177 GetSystemTimeAsFileTime(&info->NotBefore);
3178 if (pEndTime)
3179 SystemTimeToFileTime(pEndTime, &info->NotAfter);
3180 else
3181 {
3182 SYSTEMTIME endTime;
3183
3184 if (FileTimeToSystemTime(&info->NotBefore, &endTime))
3185 {
3186 endTime.wYear++;
3187 SystemTimeToFileTime(&endTime, &info->NotAfter);
3188 }
3189 }
3190 info->Subject.cbData = pSubjectIssuerBlob->cbData;
3191 info->Subject.pbData = pSubjectIssuerBlob->pbData;
3192 info->SubjectPublicKeyInfo = *pubKey;
3193 if (pExtensions)
3194 {
3195 info->cExtension = pExtensions->cExtension;
3196 info->rgExtension = pExtensions->rgExtension;
3197 }
3198 else
3199 {
3200 info->cExtension = 0;
3201 info->rgExtension = NULL;
3202 }
3203 }
3204
3205 typedef RPC_STATUS (RPC_ENTRY *UuidCreateFunc)(UUID *);
3206 typedef RPC_STATUS (RPC_ENTRY *UuidToStringFunc)(UUID *, unsigned char **);
3207 typedef RPC_STATUS (RPC_ENTRY *RpcStringFreeFunc)(unsigned char **);
3208
3209 static HCRYPTPROV CRYPT_CreateKeyProv(void)
3210 {
3211 HCRYPTPROV hProv = 0;
3212 HMODULE rpcrt = LoadLibraryA("rpcrt4");
3213
3214 if (rpcrt)
3215 {
3216 UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
3217 "UuidCreate");
3218 UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
3219 "UuidToStringA");
3220 RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
3221 rpcrt, "RpcStringFreeA");
3222
3223 if (uuidCreate && uuidToString && rpcStringFree)
3224 {
3225 UUID uuid;
3226 RPC_STATUS status = uuidCreate(&uuid);
3227
3228 if (status == RPC_S_OK || status == RPC_S_UUID_LOCAL_ONLY)
3229 {
3230 unsigned char *uuidStr;
3231
3232 status = uuidToString(&uuid, &uuidStr);
3233 if (status == RPC_S_OK)
3234 {
3235 BOOL ret = CryptAcquireContextA(&hProv, (LPCSTR)uuidStr,
3236 MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_NEWKEYSET);
3237
3238 if (ret)
3239 {
3240 HCRYPTKEY key;
3241
3242 ret = CryptGenKey(hProv, AT_SIGNATURE, 0, &key);
3243 if (ret)
3244 CryptDestroyKey(key);
3245 }
3246 rpcStringFree(&uuidStr);
3247 }
3248 }
3249 }
3250 FreeLibrary(rpcrt);
3251 }
3252 return hProv;
3253 }
3254
3255 PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv,
3256 PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD dwFlags,
3257 PCRYPT_KEY_PROV_INFO pKeyProvInfo,
3258 PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
3259 PSYSTEMTIME pEndTime, PCERT_EXTENSIONS pExtensions)
3260 {
3261 PCCERT_CONTEXT context = NULL;
3262 BOOL ret, releaseContext = FALSE;
3263 PCERT_PUBLIC_KEY_INFO pubKey = NULL;
3264 DWORD pubKeySize = 0, dwKeySpec;
3265
3266 TRACE("(%08lx, %p, %08x, %p, %p, %p, %p, %p)\n", hProv,
3267 pSubjectIssuerBlob, dwFlags, pKeyProvInfo, pSignatureAlgorithm, pStartTime,
3268 pExtensions, pExtensions);
3269
3270 if(!pSubjectIssuerBlob)
3271 {
3272 SetLastError(ERROR_INVALID_PARAMETER);
3273 return NULL;
3274 }
3275
3276 dwKeySpec = pKeyProvInfo ? pKeyProvInfo->dwKeySpec : AT_SIGNATURE;
3277 if (!hProv)
3278 {
3279 if (!pKeyProvInfo)
3280 {
3281 hProv = CRYPT_CreateKeyProv();
3282 releaseContext = TRUE;
3283 }
3284 else if (pKeyProvInfo->dwFlags & CERT_SET_KEY_PROV_HANDLE_PROP_ID)
3285 {
3286 SetLastError(NTE_BAD_FLAGS);
3287 return NULL;
3288 }
3289 else
3290 {
3291 HCRYPTKEY hKey = 0;
3292 /* acquire the context using the given information*/
3293 ret = CryptAcquireContextW(&hProv,pKeyProvInfo->pwszContainerName,
3294 pKeyProvInfo->pwszProvName,pKeyProvInfo->dwProvType,
3295 pKeyProvInfo->dwFlags);
3296 if (!ret)
3297 {
3298 if(GetLastError() != NTE_BAD_KEYSET)
3299 return NULL;
3300 /* create the key set */
3301 ret = CryptAcquireContextW(&hProv,pKeyProvInfo->pwszContainerName,
3302 pKeyProvInfo->pwszProvName,pKeyProvInfo->dwProvType,
3303 pKeyProvInfo->dwFlags|CRYPT_NEWKEYSET);
3304 if (!ret)
3305 return NULL;
3306 }
3307 /* check if the key is here */
3308 ret = CryptGetUserKey(hProv,dwKeySpec,&hKey);
3309 if(!ret)
3310 {
3311 if (NTE_NO_KEY == GetLastError())
3312 { /* generate the key */
3313 ret = CryptGenKey(hProv,dwKeySpec,0,&hKey);
3314 }
3315 if (!ret)
3316 {
3317 CryptReleaseContext(hProv,0);
3318 SetLastError(NTE_BAD_KEYSET);
3319 return NULL;
3320 }
3321 }
3322 CryptDestroyKey(hKey);
3323 releaseContext = TRUE;
3324 }
3325 }
3326
3327 ret = CryptExportPublicKeyInfo(hProv, dwKeySpec, X509_ASN_ENCODING, NULL,
3328 &pubKeySize);
3329 if (!ret)
3330 goto end;
3331 pubKey = CryptMemAlloc(pubKeySize);
3332 if (pubKey)
3333 {
3334 ret = CryptExportPublicKeyInfo(hProv, dwKeySpec, X509_ASN_ENCODING,
3335 pubKey, &pubKeySize);
3336 if (ret)
3337 {
3338 CERT_INFO info = { 0 };
3339 CRYPT_DER_BLOB blob = { 0, NULL };
3340 BYTE serial[16];
3341 CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
3342
3343 CryptGenRandom(hProv, sizeof(serial), serial);
3344 CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
3345 pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
3346 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
3347 &info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData,
3348 &blob.cbData);
3349 if (ret)
3350 {
3351 if (!(dwFlags & CERT_CREATE_SELFSIGN_NO_SIGN))
3352 context = CRYPT_CreateSignedCert(&blob, hProv,dwKeySpec,
3353 &info.SignatureAlgorithm);
3354 else
3355 context = CertCreateCertificateContext(X509_ASN_ENCODING,
3356 blob.pbData, blob.cbData);
3357 if (context && !(dwFlags & CERT_CREATE_SELFSIGN_NO_KEY_INFO))
3358 CertContext_SetKeyProvInfo(context, pKeyProvInfo, hProv);
3359 LocalFree(blob.pbData);
3360 }
3361 }
3362 CryptMemFree(pubKey);
3363 }
3364 end:
3365 if (releaseContext)
3366 CryptReleaseContext(hProv, 0);
3367 return context;
3368 }
3369
3370 BOOL WINAPI CertVerifyCTLUsage(DWORD dwEncodingType, DWORD dwSubjectType,
3371 void *pvSubject, PCTL_USAGE pSubjectUsage, DWORD dwFlags,
3372 PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
3373 PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus)
3374 {
3375 FIXME("(0x%x, %d, %p, %p, 0x%x, %p, %p): stub\n", dwEncodingType,
3376 dwSubjectType, pvSubject, pSubjectUsage, dwFlags, pVerifyUsagePara,
3377 pVerifyUsageStatus);
3378 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3379 return FALSE;
3380 }
3381
3382 const void * WINAPI CertCreateContext(DWORD dwContextType, DWORD dwEncodingType,
3383 const BYTE *pbEncoded, DWORD cbEncoded,
3384 DWORD dwFlags, PCERT_CREATE_CONTEXT_PARA pCreatePara)
3385 {
3386 TRACE("(0x%x, 0x%x, %p, %d, 0x%08x, %p)\n", dwContextType, dwEncodingType,
3387 pbEncoded, cbEncoded, dwFlags, pCreatePara);
3388
3389 if (dwFlags)
3390 {
3391 FIXME("dwFlags 0x%08x not handled\n", dwFlags);
3392 return NULL;
3393 }
3394 if (pCreatePara)
3395 {
3396 FIXME("pCreatePara not handled\n");
3397 return NULL;
3398 }
3399
3400 switch (dwContextType)
3401 {
3402 case CERT_STORE_CERTIFICATE_CONTEXT:
3403 return CertCreateCertificateContext(dwEncodingType, pbEncoded, cbEncoded);
3404 case CERT_STORE_CRL_CONTEXT:
3405 return CertCreateCRLContext(dwEncodingType, pbEncoded, cbEncoded);
3406 case CERT_STORE_CTL_CONTEXT:
3407 return CertCreateCTLContext(dwEncodingType, pbEncoded, cbEncoded);
3408 default:
3409 WARN("unknown context type: 0x%x\n", dwContextType);
3410 return NULL;
3411 }
3412 }
Windows API implementation