search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: Moved context desatructor to vtbl.
[wine.git] / dlls / crypt32 / cert.c
blob9016d8c4d85ed561ae7b8c98a990ef32fa2b24dc
1 /*
2 * Copyright 2004-2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22
23 #define NONAMELESSUNION
24 #include "windef.h"
25 #include "winbase.h"
26 #include "wincrypt.h"
27 #include "winnls.h"
28 #include "rpc.h"
29 #include "wine/debug.h"
30 #include "wine/unicode.h"
31 #include "crypt32_private.h"
32
33 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
34
35 /* Internal version of CertGetCertificateContextProperty that gets properties
36 * directly from the context (or the context it's linked to, depending on its
37 * type.) Doesn't handle special-case properties, since they are handled by
38 * CertGetCertificateContextProperty, and are particular to the store in which
39 * the property exists (which is separate from the context.)
40 */
41 static BOOL CertContext_GetProperty(void *context, DWORD dwPropId,
42 void *pvData, DWORD *pcbData);
43
44 /* Internal version of CertSetCertificateContextProperty that sets properties
45 * directly on the context (or the context it's linked to, depending on its
46 * type.) Doesn't handle special cases, since they're handled by
47 * CertSetCertificateContextProperty anyway.
48 */
49 static BOOL CertContext_SetProperty(void *context, DWORD dwPropId,
50 DWORD dwFlags, const void *pvData);
51
52 BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore,
53 DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded,
54 DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
55 {
56 PCCERT_CONTEXT cert = CertCreateCertificateContext(dwCertEncodingType,
57 pbCertEncoded, cbCertEncoded);
58 BOOL ret;
59
60 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
61 pbCertEncoded, cbCertEncoded, dwAddDisposition, ppCertContext);
62
63 if (cert)
64 {
65 ret = CertAddCertificateContextToStore(hCertStore, cert,
66 dwAddDisposition, ppCertContext);
67 CertFreeCertificateContext(cert);
68 }
69 else
70 ret = FALSE;
71 return ret;
72 }
73
74 BOOL WINAPI CertAddEncodedCertificateToSystemStoreA(LPCSTR pszCertStoreName,
75 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
76 {
77 HCERTSTORE store;
78 BOOL ret = FALSE;
79
80 TRACE("(%s, %p, %d)\n", debugstr_a(pszCertStoreName), pbCertEncoded,
81 cbCertEncoded);
82
83 store = CertOpenSystemStoreA(0, pszCertStoreName);
84 if (store)
85 {
86 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
87 pbCertEncoded, cbCertEncoded, CERT_STORE_ADD_USE_EXISTING, NULL);
88 CertCloseStore(store, 0);
89 }
90 return ret;
91 }
92
93 BOOL WINAPI CertAddEncodedCertificateToSystemStoreW(LPCWSTR pszCertStoreName,
94 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
95 {
96 HCERTSTORE store;
97 BOOL ret = FALSE;
98
99 TRACE("(%s, %p, %d)\n", debugstr_w(pszCertStoreName), pbCertEncoded,
100 cbCertEncoded);
101
102 store = CertOpenSystemStoreW(0, pszCertStoreName);
103 if (store)
104 {
105 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
106 pbCertEncoded, cbCertEncoded, CERT_STORE_ADD_USE_EXISTING, NULL);
107 CertCloseStore(store, 0);
108 }
109 return ret;
110 }
111
112 static void Cert_free(context_t *context)
113 {
114 cert_t *cert = (cert_t*)context;
115
116 CryptMemFree(cert->ctx.pbCertEncoded);
117 LocalFree(cert->ctx.pCertInfo);
118 }
119
120 static const context_vtbl_t cert_vtbl = {
121 Cert_free
122 };
123
124 BOOL WINAPI CertAddCertificateLinkToStore(HCERTSTORE hCertStore,
125 PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition,
126 PCCERT_CONTEXT *ppCertContext)
127 {
128 static int calls;
129 WINECRYPT_CERTSTORE *store = (WINECRYPT_CERTSTORE*)hCertStore;
130
131 if (!(calls++))
132 FIXME("(%p, %p, %08x, %p): semi-stub\n", hCertStore, pCertContext,
133 dwAddDisposition, ppCertContext);
134 if (store->dwMagic != WINE_CRYPTCERTSTORE_MAGIC)
135 return FALSE;
136 if (store->type == StoreTypeCollection)
137 {
138 SetLastError(E_INVALIDARG);
139 return FALSE;
140 }
141 return CertAddCertificateContextToStore(hCertStore, pCertContext,
142 dwAddDisposition, ppCertContext);
143 }
144
145 PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType,
146 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
147 {
148 PCERT_CONTEXT cert = NULL;
149 BOOL ret;
150 PCERT_INFO certInfo = NULL;
151 DWORD size = 0;
152
153 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCertEncoded,
154 cbCertEncoded);
155
156 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
157 {
158 SetLastError(E_INVALIDARG);
159 return NULL;
160 }
161
162 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
163 pbCertEncoded, cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
164 &certInfo, &size);
165 if (ret)
166 {
167 BYTE *data = NULL;
168
169 cert = Context_CreateDataContext(sizeof(CERT_CONTEXT), &cert_vtbl);
170 if (!cert)
171 goto end;
172 data = CryptMemAlloc(cbCertEncoded);
173 if (!data)
174 {
175 CertFreeCertificateContext(cert);
176 cert = NULL;
177 goto end;
178 }
179 memcpy(data, pbCertEncoded, cbCertEncoded);
180 cert->dwCertEncodingType = dwCertEncodingType;
181 cert->pbCertEncoded = data;
182 cert->cbCertEncoded = cbCertEncoded;
183 cert->pCertInfo = certInfo;
184 cert->hCertStore = &empty_store;
185 }
186
187 end:
188 return cert;
189 }
190
191 PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
192 {
193 TRACE("(%p)\n", pCertContext);
194
195 if (!pCertContext)
196 return NULL;
197
198 Context_AddRef(&cert_from_ptr(pCertContext)->base);
199 return pCertContext;
200 }
201
202 BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
203 {
204 BOOL ret = TRUE;
205
206 TRACE("(%p)\n", pCertContext);
207
208 if (pCertContext)
209 ret = Context_Release(&cert_from_ptr(pCertContext)->base);
210 return ret;
211 }
212
213 DWORD WINAPI CertEnumCertificateContextProperties(PCCERT_CONTEXT pCertContext,
214 DWORD dwPropId)
215 {
216 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(pCertContext);
217 DWORD ret;
218
219 TRACE("(%p, %d)\n", pCertContext, dwPropId);
220
221 if (properties)
222 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
223 else
224 ret = 0;
225 return ret;
226 }
227
228 static BOOL CertContext_GetHashProp(void *context, DWORD dwPropId,
229 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
230 DWORD *pcbData)
231 {
232 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
233 pcbData);
234 if (ret && pvData)
235 {
236 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
237
238 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
239 }
240 return ret;
241 }
242
243 static BOOL CertContext_CopyParam(void *pvData, DWORD *pcbData, const void *pb,
244 DWORD cb)
245 {
246 BOOL ret = TRUE;
247
248 if (!pvData)
249 *pcbData = cb;
250 else if (*pcbData < cb)
251 {
252 SetLastError(ERROR_MORE_DATA);
253 *pcbData = cb;
254 ret = FALSE;
255 }
256 else
257 {
258 memcpy(pvData, pb, cb);
259 *pcbData = cb;
260 }
261 return ret;
262 }
263
264 static BOOL CertContext_GetProperty(void *context, DWORD dwPropId,
265 void *pvData, DWORD *pcbData)
266 {
267 PCCERT_CONTEXT pCertContext = context;
268 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(context);
269 BOOL ret;
270 CRYPT_DATA_BLOB blob;
271
272 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
273
274 if (properties)
275 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
276 else
277 ret = FALSE;
278 if (ret)
279 ret = CertContext_CopyParam(pvData, pcbData, blob.pbData, blob.cbData);
280 else
281 {
282 /* Implicit properties */
283 switch (dwPropId)
284 {
285 case CERT_SHA1_HASH_PROP_ID:
286 ret = CertContext_GetHashProp(context, dwPropId, CALG_SHA1,
287 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
288 pcbData);
289 break;
290 case CERT_MD5_HASH_PROP_ID:
291 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
292 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
293 pcbData);
294 break;
295 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
296 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
297 pCertContext->pCertInfo->Subject.pbData,
298 pCertContext->pCertInfo->Subject.cbData,
299 pvData, pcbData);
300 break;
301 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
302 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
303 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
304 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData,
305 pvData, pcbData);
306 break;
307 case CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID:
308 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
309 pCertContext->pCertInfo->SerialNumber.pbData,
310 pCertContext->pCertInfo->SerialNumber.cbData,
311 pvData, pcbData);
312 break;
313 case CERT_SIGNATURE_HASH_PROP_ID:
314 ret = CryptHashToBeSigned(0, pCertContext->dwCertEncodingType,
315 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
316 pcbData);
317 if (ret && pvData)
318 {
319 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
320
321 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
322 }
323 break;
324 case CERT_KEY_IDENTIFIER_PROP_ID:
325 {
326 PCERT_EXTENSION ext = CertFindExtension(
327 szOID_SUBJECT_KEY_IDENTIFIER, pCertContext->pCertInfo->cExtension,
328 pCertContext->pCertInfo->rgExtension);
329
330 if (ext)
331 {
332 CRYPT_DATA_BLOB value;
333 DWORD size = sizeof(value);
334
335 ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
336 szOID_SUBJECT_KEY_IDENTIFIER, ext->Value.pbData,
337 ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL, &value,
338 &size);
339 if (ret)
340 {
341 ret = CertContext_CopyParam(pvData, pcbData, value.pbData,
342 value.cbData);
343 CertContext_SetProperty(context, dwPropId, 0, &value);
344 }
345 }
346 else
347 SetLastError(ERROR_INVALID_DATA);
348 break;
349 }
350 default:
351 SetLastError(CRYPT_E_NOT_FOUND);
352 }
353 }
354 TRACE("returning %d\n", ret);
355 return ret;
356 }
357
358 void CRYPT_FixKeyProvInfoPointers(PCRYPT_KEY_PROV_INFO info)
359 {
360 DWORD i, containerLen, provNameLen;
361 LPBYTE data = (LPBYTE)info + sizeof(CRYPT_KEY_PROV_INFO);
362
363 info->pwszContainerName = (LPWSTR)data;
364 containerLen = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
365 data += containerLen;
366
367 info->pwszProvName = (LPWSTR)data;
368 provNameLen = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
369 data += provNameLen;
370
371 info->rgProvParam = (PCRYPT_KEY_PROV_PARAM)data;
372 data += info->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
373
374 for (i = 0; i < info->cProvParam; i++)
375 {
376 info->rgProvParam[i].pbData = data;
377 data += info->rgProvParam[i].cbData;
378 }
379 }
380
381 BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
382 DWORD dwPropId, void *pvData, DWORD *pcbData)
383 {
384 BOOL ret;
385
386 TRACE("(%p, %d, %p, %p)\n", pCertContext, dwPropId, pvData, pcbData);
387
388 switch (dwPropId)
389 {
390 case 0:
391 case CERT_CERT_PROP_ID:
392 case CERT_CRL_PROP_ID:
393 case CERT_CTL_PROP_ID:
394 SetLastError(E_INVALIDARG);
395 ret = FALSE;
396 break;
397 case CERT_ACCESS_STATE_PROP_ID:
398 if (pCertContext->hCertStore)
399 ret = CertGetStoreProperty(pCertContext->hCertStore, dwPropId,
400 pvData, pcbData);
401 else
402 {
403 DWORD state = 0;
404
405 ret = CertContext_CopyParam(pvData, pcbData, &state, sizeof(state));
406 }
407 break;
408 case CERT_KEY_PROV_HANDLE_PROP_ID:
409 {
410 CERT_KEY_CONTEXT keyContext;
411 DWORD size = sizeof(keyContext);
412
413 ret = CertContext_GetProperty((void *)pCertContext,
414 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
415 if (ret)
416 ret = CertContext_CopyParam(pvData, pcbData, &keyContext.hCryptProv,
417 sizeof(keyContext.hCryptProv));
418 break;
419 }
420 case CERT_KEY_PROV_INFO_PROP_ID:
421 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
422 pcbData);
423 if (ret && pvData)
424 CRYPT_FixKeyProvInfoPointers(pvData);
425 break;
426 default:
427 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
428 pcbData);
429 }
430
431 TRACE("returning %d\n", ret);
432 return ret;
433 }
434
435 /* Copies key provider info from from into to, where to is assumed to be a
436 * contiguous buffer of memory large enough for from and all its associated
437 * data, but whose pointers are uninitialized.
438 * Upon return, to contains a contiguous copy of from, packed in the following
439 * order:
440 * - CRYPT_KEY_PROV_INFO
441 * - pwszContainerName
442 * - pwszProvName
443 * - rgProvParam[0]...
444 */
445 static void CRYPT_CopyKeyProvInfo(PCRYPT_KEY_PROV_INFO to,
446 const CRYPT_KEY_PROV_INFO *from)
447 {
448 DWORD i;
449 LPBYTE nextData = (LPBYTE)to + sizeof(CRYPT_KEY_PROV_INFO);
450
451 if (from->pwszContainerName)
452 {
453 to->pwszContainerName = (LPWSTR)nextData;
454 lstrcpyW(to->pwszContainerName, from->pwszContainerName);
455 nextData += (lstrlenW(from->pwszContainerName) + 1) * sizeof(WCHAR);
456 }
457 else
458 to->pwszContainerName = NULL;
459 if (from->pwszProvName)
460 {
461 to->pwszProvName = (LPWSTR)nextData;
462 lstrcpyW(to->pwszProvName, from->pwszProvName);
463 nextData += (lstrlenW(from->pwszProvName) + 1) * sizeof(WCHAR);
464 }
465 else
466 to->pwszProvName = NULL;
467 to->dwProvType = from->dwProvType;
468 to->dwFlags = from->dwFlags;
469 to->cProvParam = from->cProvParam;
470 to->rgProvParam = (PCRYPT_KEY_PROV_PARAM)nextData;
471 nextData += to->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
472 to->dwKeySpec = from->dwKeySpec;
473 for (i = 0; i < to->cProvParam; i++)
474 {
475 memcpy(&to->rgProvParam[i], &from->rgProvParam[i],
476 sizeof(CRYPT_KEY_PROV_PARAM));
477 to->rgProvParam[i].pbData = nextData;
478 memcpy(to->rgProvParam[i].pbData, from->rgProvParam[i].pbData,
479 from->rgProvParam[i].cbData);
480 nextData += from->rgProvParam[i].cbData;
481 }
482 }
483
484 static BOOL CertContext_SetKeyProvInfoProperty(CONTEXT_PROPERTY_LIST *properties,
485 const CRYPT_KEY_PROV_INFO *info)
486 {
487 BOOL ret;
488 LPBYTE buf = NULL;
489 DWORD size = sizeof(CRYPT_KEY_PROV_INFO), i, containerSize, provNameSize;
490
491 if (info->pwszContainerName)
492 containerSize = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
493 else
494 containerSize = 0;
495 if (info->pwszProvName)
496 provNameSize = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
497 else
498 provNameSize = 0;
499 size += containerSize + provNameSize;
500 for (i = 0; i < info->cProvParam; i++)
501 size += sizeof(CRYPT_KEY_PROV_PARAM) + info->rgProvParam[i].cbData;
502 buf = CryptMemAlloc(size);
503 if (buf)
504 {
505 CRYPT_CopyKeyProvInfo((PCRYPT_KEY_PROV_INFO)buf, info);
506 ret = ContextPropertyList_SetProperty(properties,
507 CERT_KEY_PROV_INFO_PROP_ID, buf, size);
508 CryptMemFree(buf);
509 }
510 else
511 ret = FALSE;
512 return ret;
513 }
514
515 static BOOL CertContext_SetProperty(void *context, DWORD dwPropId,
516 DWORD dwFlags, const void *pvData)
517 {
518 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(context);
519 BOOL ret;
520
521 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
522
523 if (!properties)
524 ret = FALSE;
525 else
526 {
527 switch (dwPropId)
528 {
529 case CERT_AUTO_ENROLL_PROP_ID:
530 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
531 case CERT_DESCRIPTION_PROP_ID:
532 case CERT_FRIENDLY_NAME_PROP_ID:
533 case CERT_HASH_PROP_ID:
534 case CERT_KEY_IDENTIFIER_PROP_ID:
535 case CERT_MD5_HASH_PROP_ID:
536 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
537 case CERT_PUBKEY_ALG_PARA_PROP_ID:
538 case CERT_PVK_FILE_PROP_ID:
539 case CERT_SIGNATURE_HASH_PROP_ID:
540 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
541 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
542 case CERT_EXTENDED_ERROR_INFO_PROP_ID:
543 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
544 case CERT_ENROLLMENT_PROP_ID:
545 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
546 case CERT_RENEWAL_PROP_ID:
547 {
548 if (pvData)
549 {
550 const CRYPT_DATA_BLOB *blob = pvData;
551
552 ret = ContextPropertyList_SetProperty(properties, dwPropId,
553 blob->pbData, blob->cbData);
554 }
555 else
556 {
557 ContextPropertyList_RemoveProperty(properties, dwPropId);
558 ret = TRUE;
559 }
560 break;
561 }
562 case CERT_DATE_STAMP_PROP_ID:
563 if (pvData)
564 ret = ContextPropertyList_SetProperty(properties, dwPropId,
565 pvData, sizeof(FILETIME));
566 else
567 {
568 ContextPropertyList_RemoveProperty(properties, dwPropId);
569 ret = TRUE;
570 }
571 break;
572 case CERT_KEY_CONTEXT_PROP_ID:
573 {
574 if (pvData)
575 {
576 const CERT_KEY_CONTEXT *keyContext = pvData;
577
578 if (keyContext->cbSize != sizeof(CERT_KEY_CONTEXT))
579 {
580 SetLastError(E_INVALIDARG);
581 ret = FALSE;
582 }
583 else
584 ret = ContextPropertyList_SetProperty(properties, dwPropId,
585 (const BYTE *)keyContext, keyContext->cbSize);
586 }
587 else
588 {
589 ContextPropertyList_RemoveProperty(properties, dwPropId);
590 ret = TRUE;
591 }
592 break;
593 }
594 case CERT_KEY_PROV_INFO_PROP_ID:
595 if (pvData)
596 ret = CertContext_SetKeyProvInfoProperty(properties, pvData);
597 else
598 {
599 ContextPropertyList_RemoveProperty(properties, dwPropId);
600 ret = TRUE;
601 }
602 break;
603 case CERT_KEY_PROV_HANDLE_PROP_ID:
604 {
605 CERT_KEY_CONTEXT keyContext;
606 DWORD size = sizeof(keyContext);
607
608 ret = CertContext_GetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
609 &keyContext, &size);
610 if (ret)
611 {
612 if (!(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG))
613 CryptReleaseContext(keyContext.hCryptProv, 0);
614 }
615 keyContext.cbSize = sizeof(keyContext);
616 if (pvData)
617 keyContext.hCryptProv = *(const HCRYPTPROV *)pvData;
618 else
619 {
620 keyContext.hCryptProv = 0;
621 keyContext.dwKeySpec = AT_SIGNATURE;
622 }
623 ret = CertContext_SetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
624 0, &keyContext);
625 break;
626 }
627 default:
628 FIXME("%d: stub\n", dwPropId);
629 ret = FALSE;
630 }
631 }
632 TRACE("returning %d\n", ret);
633 return ret;
634 }
635
636 BOOL WINAPI CertSetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
637 DWORD dwPropId, DWORD dwFlags, const void *pvData)
638 {
639 BOOL ret;
640
641 TRACE("(%p, %d, %08x, %p)\n", pCertContext, dwPropId, dwFlags, pvData);
642
643 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
644 * crashes on most of these, I'll be safer.
645 */
646 switch (dwPropId)
647 {
648 case 0:
649 case CERT_ACCESS_STATE_PROP_ID:
650 case CERT_CERT_PROP_ID:
651 case CERT_CRL_PROP_ID:
652 case CERT_CTL_PROP_ID:
653 SetLastError(E_INVALIDARG);
654 return FALSE;
655 }
656 ret = CertContext_SetProperty((void *)pCertContext, dwPropId, dwFlags,
657 pvData);
658 TRACE("returning %d\n", ret);
659 return ret;
660 }
661
662 /* Acquires the private key using the key provider info, retrieving info from
663 * the certificate if info is NULL. The acquired provider is returned in
664 * *phCryptProv, and the key spec for the provider is returned in *pdwKeySpec.
665 */
666 static BOOL CRYPT_AcquirePrivateKeyFromProvInfo(PCCERT_CONTEXT pCert,
667 PCRYPT_KEY_PROV_INFO info, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec)
668 {
669 DWORD size = 0;
670 BOOL allocated = FALSE, ret = TRUE;
671
672 if (!info)
673 {
674 ret = CertGetCertificateContextProperty(pCert,
675 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
676 if (ret)
677 {
678 info = HeapAlloc(GetProcessHeap(), 0, size);
679 if (info)
680 {
681 ret = CertGetCertificateContextProperty(pCert,
682 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
683 allocated = TRUE;
684 }
685 else
686 {
687 SetLastError(ERROR_OUTOFMEMORY);
688 ret = FALSE;
689 }
690 }
691 else
692 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
693 }
694 if (ret)
695 {
696 ret = CryptAcquireContextW(phCryptProv, info->pwszContainerName,
697 info->pwszProvName, info->dwProvType, 0);
698 if (ret)
699 {
700 DWORD i;
701
702 for (i = 0; i < info->cProvParam; i++)
703 {
704 CryptSetProvParam(*phCryptProv,
705 info->rgProvParam[i].dwParam, info->rgProvParam[i].pbData,
706 info->rgProvParam[i].dwFlags);
707 }
708 *pdwKeySpec = info->dwKeySpec;
709 }
710 else
711 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
712 }
713 if (allocated)
714 HeapFree(GetProcessHeap(), 0, info);
715 return ret;
716 }
717
718 BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT pCert,
719 DWORD dwFlags, void *pvReserved, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProv,
720 DWORD *pdwKeySpec, BOOL *pfCallerFreeProv)
721 {
722 BOOL ret = FALSE, cache = FALSE;
723 PCRYPT_KEY_PROV_INFO info = NULL;
724 CERT_KEY_CONTEXT keyContext;
725 DWORD size;
726
727 TRACE("(%p, %08x, %p, %p, %p, %p)\n", pCert, dwFlags, pvReserved,
728 phCryptProv, pdwKeySpec, pfCallerFreeProv);
729
730 if (dwFlags & CRYPT_ACQUIRE_USE_PROV_INFO_FLAG)
731 {
732 DWORD size = 0;
733
734 ret = CertGetCertificateContextProperty(pCert,
735 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
736 if (ret)
737 {
738 info = HeapAlloc(GetProcessHeap(), 0, size);
739 ret = CertGetCertificateContextProperty(pCert,
740 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
741 if (ret)
742 cache = info->dwFlags & CERT_SET_KEY_CONTEXT_PROP_ID;
743 }
744 }
745 else if (dwFlags & CRYPT_ACQUIRE_CACHE_FLAG)
746 cache = TRUE;
747 *phCryptProv = 0;
748 if (cache)
749 {
750 size = sizeof(keyContext);
751 ret = CertGetCertificateContextProperty(pCert, CERT_KEY_CONTEXT_PROP_ID,
752 &keyContext, &size);
753 if (ret)
754 {
755 *phCryptProv = keyContext.hCryptProv;
756 if (pdwKeySpec)
757 *pdwKeySpec = keyContext.dwKeySpec;
758 if (pfCallerFreeProv)
759 *pfCallerFreeProv = !cache;
760 }
761 }
762 if (!*phCryptProv)
763 {
764 ret = CRYPT_AcquirePrivateKeyFromProvInfo(pCert, info,
765 &keyContext.hCryptProv, &keyContext.dwKeySpec);
766 if (ret)
767 {
768 *phCryptProv = keyContext.hCryptProv;
769 if (pdwKeySpec)
770 *pdwKeySpec = keyContext.dwKeySpec;
771 if (cache)
772 {
773 keyContext.cbSize = sizeof(keyContext);
774 if (CertSetCertificateContextProperty(pCert,
775 CERT_KEY_CONTEXT_PROP_ID, 0, &keyContext))
776 {
777 if (pfCallerFreeProv)
778 *pfCallerFreeProv = FALSE;
779 }
780 }
781 else
782 {
783 if (pfCallerFreeProv)
784 *pfCallerFreeProv = TRUE;
785 }
786 }
787 }
788 HeapFree(GetProcessHeap(), 0, info);
789 return ret;
790 }
791
792 static BOOL key_prov_info_matches_cert(PCCERT_CONTEXT pCert,
793 const CRYPT_KEY_PROV_INFO *keyProvInfo)
794 {
795 HCRYPTPROV csp;
796 BOOL matches = FALSE;
797
798 if (CryptAcquireContextW(&csp, keyProvInfo->pwszContainerName,
799 keyProvInfo->pwszProvName, keyProvInfo->dwProvType, keyProvInfo->dwFlags))
800 {
801 DWORD size;
802
803 /* Need to sign something to verify the sig. What to sign? Why not
804 * the certificate itself?
805 */
806 if (CryptSignAndEncodeCertificate(csp, AT_SIGNATURE,
807 pCert->dwCertEncodingType, X509_CERT_TO_BE_SIGNED, pCert->pCertInfo,
808 &pCert->pCertInfo->SignatureAlgorithm, NULL, NULL, &size))
809 {
810 BYTE *certEncoded = CryptMemAlloc(size);
811
812 if (certEncoded)
813 {
814 if (CryptSignAndEncodeCertificate(csp, AT_SIGNATURE,
815 pCert->dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
816 pCert->pCertInfo, &pCert->pCertInfo->SignatureAlgorithm,
817 NULL, certEncoded, &size))
818 {
819 if (size == pCert->cbCertEncoded &&
820 !memcmp(certEncoded, pCert->pbCertEncoded, size))
821 matches = TRUE;
822 }
823 CryptMemFree(certEncoded);
824 }
825 }
826 CryptReleaseContext(csp, 0);
827 }
828 return matches;
829 }
830
831 static BOOL container_matches_cert(PCCERT_CONTEXT pCert, LPCSTR container,
832 CRYPT_KEY_PROV_INFO *keyProvInfo)
833 {
834 CRYPT_KEY_PROV_INFO copy;
835 WCHAR containerW[MAX_PATH];
836 BOOL matches = FALSE;
837
838 MultiByteToWideChar(CP_ACP, 0, container, -1,
839 containerW, sizeof(containerW) / sizeof(containerW[0]));
840 /* We make a copy of the CRYPT_KEY_PROV_INFO because the caller expects
841 * keyProvInfo->pwszContainerName to be NULL or a heap-allocated container
842 * name.
843 */
844 copy = *keyProvInfo;
845 copy.pwszContainerName = containerW;
846 matches = key_prov_info_matches_cert(pCert, &copy);
847 if (matches)
848 {
849 keyProvInfo->pwszContainerName =
850 CryptMemAlloc((strlenW(containerW) + 1) * sizeof(WCHAR));
851 if (keyProvInfo->pwszContainerName)
852 {
853 strcpyW(keyProvInfo->pwszContainerName, containerW);
854 keyProvInfo->dwKeySpec = AT_SIGNATURE;
855 }
856 else
857 matches = FALSE;
858 }
859 return matches;
860 }
861
862 /* Searches the provider named keyProvInfo.pwszProvName for a container whose
863 * private key matches pCert's public key. Upon success, updates keyProvInfo
864 * with the matching container's info (free keyProvInfo.pwszContainerName upon
865 * success.)
866 * Returns TRUE if found, FALSE if not.
867 */
868 static BOOL find_key_prov_info_in_provider(PCCERT_CONTEXT pCert,
869 CRYPT_KEY_PROV_INFO *keyProvInfo)
870 {
871 HCRYPTPROV defProvider;
872 BOOL ret, found = FALSE;
873 char containerA[MAX_PATH];
874
875 assert(keyProvInfo->pwszContainerName == NULL);
876 if ((ret = CryptAcquireContextW(&defProvider, NULL,
877 keyProvInfo->pwszProvName, keyProvInfo->dwProvType,
878 keyProvInfo->dwFlags | CRYPT_VERIFYCONTEXT)))
879 {
880 DWORD enumFlags = keyProvInfo->dwFlags | CRYPT_FIRST;
881
882 while (ret && !found)
883 {
884 DWORD size = sizeof(containerA);
885
886 ret = CryptGetProvParam(defProvider, PP_ENUMCONTAINERS,
887 (BYTE *)containerA, &size, enumFlags);
888 if (ret)
889 found = container_matches_cert(pCert, containerA, keyProvInfo);
890 if (enumFlags & CRYPT_FIRST)
891 {
892 enumFlags &= ~CRYPT_FIRST;
893 enumFlags |= CRYPT_NEXT;
894 }
895 }
896 CryptReleaseContext(defProvider, 0);
897 }
898 return found;
899 }
900
901 static BOOL find_matching_provider(PCCERT_CONTEXT pCert, DWORD dwFlags)
902 {
903 BOOL found = FALSE, ret = TRUE;
904 DWORD index = 0, cbProvName = 0;
905 CRYPT_KEY_PROV_INFO keyProvInfo;
906
907 TRACE("(%p, %08x)\n", pCert, dwFlags);
908
909 memset(&keyProvInfo, 0, sizeof(keyProvInfo));
910 while (ret && !found)
911 {
912 DWORD size = 0;
913
914 ret = CryptEnumProvidersW(index, NULL, 0, &keyProvInfo.dwProvType,
915 NULL, &size);
916 if (ret)
917 {
918 if (size <= cbProvName)
919 ret = CryptEnumProvidersW(index, NULL, 0,
920 &keyProvInfo.dwProvType, keyProvInfo.pwszProvName, &size);
921 else
922 {
923 CryptMemFree(keyProvInfo.pwszProvName);
924 keyProvInfo.pwszProvName = CryptMemAlloc(size);
925 if (keyProvInfo.pwszProvName)
926 {
927 cbProvName = size;
928 ret = CryptEnumProvidersW(index, NULL, 0,
929 &keyProvInfo.dwProvType, keyProvInfo.pwszProvName, &size);
930 if (ret)
931 {
932 if (dwFlags & CRYPT_FIND_SILENT_KEYSET_FLAG)
933 keyProvInfo.dwFlags |= CRYPT_SILENT;
934 if (dwFlags & CRYPT_FIND_USER_KEYSET_FLAG ||
935 !(dwFlags & (CRYPT_FIND_USER_KEYSET_FLAG |
936 CRYPT_FIND_MACHINE_KEYSET_FLAG)))
937 {
938 keyProvInfo.dwFlags |= CRYPT_USER_KEYSET;
939 found = find_key_prov_info_in_provider(pCert,
940 &keyProvInfo);
941 }
942 if (!found)
943 {
944 if (dwFlags & CRYPT_FIND_MACHINE_KEYSET_FLAG ||
945 !(dwFlags & (CRYPT_FIND_USER_KEYSET_FLAG |
946 CRYPT_FIND_MACHINE_KEYSET_FLAG)))
947 {
948 keyProvInfo.dwFlags &= ~CRYPT_USER_KEYSET;
949 keyProvInfo.dwFlags |= CRYPT_MACHINE_KEYSET;
950 found = find_key_prov_info_in_provider(pCert,
951 &keyProvInfo);
952 }
953 }
954 }
955 }
956 else
957 ret = FALSE;
958 }
959 index++;
960 }
961 }
962 if (found)
963 CertSetCertificateContextProperty(pCert, CERT_KEY_PROV_INFO_PROP_ID,
964 0, &keyProvInfo);
965 CryptMemFree(keyProvInfo.pwszProvName);
966 CryptMemFree(keyProvInfo.pwszContainerName);
967 return found;
968 }
969
970 static BOOL cert_prov_info_matches_cert(PCCERT_CONTEXT pCert)
971 {
972 BOOL matches = FALSE;
973 DWORD size;
974
975 if (CertGetCertificateContextProperty(pCert, CERT_KEY_PROV_INFO_PROP_ID,
976 NULL, &size))
977 {
978 CRYPT_KEY_PROV_INFO *keyProvInfo = CryptMemAlloc(size);
979
980 if (keyProvInfo)
981 {
982 if (CertGetCertificateContextProperty(pCert,
983 CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size))
984 matches = key_prov_info_matches_cert(pCert, keyProvInfo);
985 CryptMemFree(keyProvInfo);
986 }
987 }
988 return matches;
989 }
990
991 BOOL WINAPI CryptFindCertificateKeyProvInfo(PCCERT_CONTEXT pCert,
992 DWORD dwFlags, void *pvReserved)
993 {
994 BOOL matches = FALSE;
995
996 TRACE("(%p, %08x, %p)\n", pCert, dwFlags, pvReserved);
997
998 matches = cert_prov_info_matches_cert(pCert);
999 if (!matches)
1000 matches = find_matching_provider(pCert, dwFlags);
1001 return matches;
1002 }
1003
1004 BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType,
1005 PCERT_INFO pCertId1, PCERT_INFO pCertId2)
1006 {
1007 BOOL ret;
1008
1009 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertId1, pCertId2);
1010
1011 ret = CertCompareCertificateName(dwCertEncodingType, &pCertId1->Issuer,
1012 &pCertId2->Issuer) && CertCompareIntegerBlob(&pCertId1->SerialNumber,
1013 &pCertId2->SerialNumber);
1014 TRACE("returning %d\n", ret);
1015 return ret;
1016 }
1017
1018 BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType,
1019 PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
1020 {
1021 BOOL ret;
1022
1023 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertName1, pCertName2);
1024
1025 if (pCertName1->cbData == pCertName2->cbData)
1026 {
1027 if (pCertName1->cbData)
1028 ret = !memcmp(pCertName1->pbData, pCertName2->pbData,
1029 pCertName1->cbData);
1030 else
1031 ret = TRUE;
1032 }
1033 else
1034 ret = FALSE;
1035 TRACE("returning %d\n", ret);
1036 return ret;
1037 }
1038
1039 /* Returns the number of significant bytes in pInt, where a byte is
1040 * insignificant if it's a leading 0 for positive numbers or a leading 0xff
1041 * for negative numbers. pInt is assumed to be little-endian.
1042 */
1043 static DWORD CRYPT_significantBytes(const CRYPT_INTEGER_BLOB *pInt)
1044 {
1045 DWORD ret = pInt->cbData;
1046
1047 while (ret > 1)
1048 {
1049 if (pInt->pbData[ret - 2] <= 0x7f && pInt->pbData[ret - 1] == 0)
1050 ret--;
1051 else if (pInt->pbData[ret - 2] >= 0x80 && pInt->pbData[ret - 1] == 0xff)
1052 ret--;
1053 else
1054 break;
1055 }
1056 return ret;
1057 }
1058
1059 BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1,
1060 PCRYPT_INTEGER_BLOB pInt2)
1061 {
1062 BOOL ret;
1063 DWORD cb1, cb2;
1064
1065 TRACE("(%p, %p)\n", pInt1, pInt2);
1066
1067 cb1 = CRYPT_significantBytes(pInt1);
1068 cb2 = CRYPT_significantBytes(pInt2);
1069 if (cb1 == cb2)
1070 {
1071 if (cb1)
1072 ret = !memcmp(pInt1->pbData, pInt2->pbData, cb1);
1073 else
1074 ret = TRUE;
1075 }
1076 else
1077 ret = FALSE;
1078 TRACE("returning %d\n", ret);
1079 return ret;
1080 }
1081
1082 BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType,
1083 PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
1084 {
1085 BOOL ret;
1086
1087 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pPublicKey1, pPublicKey2);
1088
1089 switch (GET_CERT_ENCODING_TYPE(dwCertEncodingType))
1090 {
1091 case 0: /* Seems to mean "raw binary bits" */
1092 if (pPublicKey1->PublicKey.cbData == pPublicKey2->PublicKey.cbData &&
1093 pPublicKey1->PublicKey.cUnusedBits == pPublicKey2->PublicKey.cUnusedBits)
1094 {
1095 if (pPublicKey2->PublicKey.cbData)
1096 ret = !memcmp(pPublicKey1->PublicKey.pbData,
1097 pPublicKey2->PublicKey.pbData, pPublicKey1->PublicKey.cbData);
1098 else
1099 ret = TRUE;
1100 }
1101 else
1102 ret = FALSE;
1103 break;
1104 default:
1105 WARN("Unknown encoding type %08x\n", dwCertEncodingType);
1106 /* FALLTHROUGH */
1107 case X509_ASN_ENCODING:
1108 {
1109 BLOBHEADER *pblob1, *pblob2;
1110 DWORD length;
1111 ret = FALSE;
1112 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1113 pPublicKey1->PublicKey.pbData, pPublicKey1->PublicKey.cbData,
1114 0, NULL, &length))
1115 {
1116 pblob1 = CryptMemAlloc(length);
1117 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1118 pPublicKey1->PublicKey.pbData, pPublicKey1->PublicKey.cbData,
1119 0, pblob1, &length))
1120 {
1121 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1122 pPublicKey2->PublicKey.pbData, pPublicKey2->PublicKey.cbData,
1123 0, NULL, &length))
1124 {
1125 pblob2 = CryptMemAlloc(length);
1126 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1127 pPublicKey2->PublicKey.pbData, pPublicKey2->PublicKey.cbData,
1128 0, pblob2, &length))
1129 {
1130 /* The RSAPUBKEY structure directly follows the BLOBHEADER */
1131 RSAPUBKEY *pk1 = (LPVOID)(pblob1 + 1),
1132 *pk2 = (LPVOID)(pblob2 + 1);
1133 ret = (pk1->bitlen == pk2->bitlen) && (pk1->pubexp == pk2->pubexp)
1134 && !memcmp(pk1 + 1, pk2 + 1, pk1->bitlen/8);
1135 }
1136 CryptMemFree(pblob2);
1137 }
1138 }
1139 CryptMemFree(pblob1);
1140 }
1141
1142 break;
1143 }
1144 }
1145 return ret;
1146 }
1147
1148 DWORD WINAPI CertGetPublicKeyLength(DWORD dwCertEncodingType,
1149 PCERT_PUBLIC_KEY_INFO pPublicKey)
1150 {
1151 DWORD len = 0;
1152
1153 TRACE("(%08x, %p)\n", dwCertEncodingType, pPublicKey);
1154
1155 if (GET_CERT_ENCODING_TYPE(dwCertEncodingType) != X509_ASN_ENCODING)
1156 {
1157 SetLastError(ERROR_FILE_NOT_FOUND);
1158 return 0;
1159 }
1160 if (pPublicKey->Algorithm.pszObjId &&
1161 !strcmp(pPublicKey->Algorithm.pszObjId, szOID_RSA_DH))
1162 {
1163 FIXME("unimplemented for DH public keys\n");
1164 SetLastError(CRYPT_E_ASN1_BADTAG);
1165 }
1166 else
1167 {
1168 DWORD size;
1169 PBYTE buf;
1170 BOOL ret = CryptDecodeObjectEx(dwCertEncodingType,
1171 RSA_CSP_PUBLICKEYBLOB, pPublicKey->PublicKey.pbData,
1172 pPublicKey->PublicKey.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
1173 &size);
1174
1175 if (ret)
1176 {
1177 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));
1178
1179 len = rsaPubKey->bitlen;
1180 LocalFree(buf);
1181 }
1182 }
1183 return len;
1184 }
1185
1186 typedef BOOL (*CertCompareFunc)(PCCERT_CONTEXT pCertContext, DWORD dwType,
1187 DWORD dwFlags, const void *pvPara);
1188
1189 static BOOL compare_cert_by_md5_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1190 DWORD dwFlags, const void *pvPara)
1191 {
1192 BOOL ret;
1193 BYTE hash[16];
1194 DWORD size = sizeof(hash);
1195
1196 ret = CertGetCertificateContextProperty(pCertContext,
1197 CERT_MD5_HASH_PROP_ID, hash, &size);
1198 if (ret)
1199 {
1200 const CRYPT_HASH_BLOB *pHash = pvPara;
1201
1202 if (size == pHash->cbData)
1203 ret = !memcmp(pHash->pbData, hash, size);
1204 else
1205 ret = FALSE;
1206 }
1207 return ret;
1208 }
1209
1210 static BOOL compare_cert_by_sha1_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1211 DWORD dwFlags, const void *pvPara)
1212 {
1213 BOOL ret;
1214 BYTE hash[20];
1215 DWORD size = sizeof(hash);
1216
1217 ret = CertGetCertificateContextProperty(pCertContext,
1218 CERT_SHA1_HASH_PROP_ID, hash, &size);
1219 if (ret)
1220 {
1221 const CRYPT_HASH_BLOB *pHash = pvPara;
1222
1223 if (size == pHash->cbData)
1224 ret = !memcmp(pHash->pbData, hash, size);
1225 else
1226 ret = FALSE;
1227 }
1228 return ret;
1229 }
1230
1231 static BOOL compare_cert_by_name(PCCERT_CONTEXT pCertContext, DWORD dwType,
1232 DWORD dwFlags, const void *pvPara)
1233 {
1234 CERT_NAME_BLOB *blob = (CERT_NAME_BLOB *)pvPara, *toCompare;
1235 BOOL ret;
1236
1237 if (dwType & CERT_INFO_SUBJECT_FLAG)
1238 toCompare = &pCertContext->pCertInfo->Subject;
1239 else
1240 toCompare = &pCertContext->pCertInfo->Issuer;
1241 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1242 toCompare, blob);
1243 return ret;
1244 }
1245
1246 static BOOL compare_cert_by_public_key(PCCERT_CONTEXT pCertContext,
1247 DWORD dwType, DWORD dwFlags, const void *pvPara)
1248 {
1249 CERT_PUBLIC_KEY_INFO *publicKey = (CERT_PUBLIC_KEY_INFO *)pvPara;
1250 BOOL ret;
1251
1252 ret = CertComparePublicKeyInfo(pCertContext->dwCertEncodingType,
1253 &pCertContext->pCertInfo->SubjectPublicKeyInfo, publicKey);
1254 return ret;
1255 }
1256
1257 static BOOL compare_cert_by_subject_cert(PCCERT_CONTEXT pCertContext,
1258 DWORD dwType, DWORD dwFlags, const void *pvPara)
1259 {
1260 CERT_INFO *pCertInfo = (CERT_INFO *)pvPara;
1261 BOOL ret;
1262
1263 /* Matching serial number and subject match.. */
1264 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1265 &pCertContext->pCertInfo->Subject, &pCertInfo->Issuer);
1266 if (ret)
1267 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1268 &pCertInfo->SerialNumber);
1269 else
1270 {
1271 /* failing that, if the serial number and issuer match, we match */
1272 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1273 &pCertInfo->SerialNumber);
1274 if (ret)
1275 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1276 &pCertContext->pCertInfo->Issuer, &pCertInfo->Issuer);
1277 }
1278 TRACE("returning %d\n", ret);
1279 return ret;
1280 }
1281
1282 static BOOL compare_cert_by_cert_id(PCCERT_CONTEXT pCertContext, DWORD dwType,
1283 DWORD dwFlags, const void *pvPara)
1284 {
1285 CERT_ID *id = (CERT_ID *)pvPara;
1286 BOOL ret;
1287
1288 switch (id->dwIdChoice)
1289 {
1290 case CERT_ID_ISSUER_SERIAL_NUMBER:
1291 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1292 &pCertContext->pCertInfo->Issuer, &id->u.IssuerSerialNumber.Issuer);
1293 if (ret)
1294 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1295 &id->u.IssuerSerialNumber.SerialNumber);
1296 break;
1297 case CERT_ID_SHA1_HASH:
1298 ret = compare_cert_by_sha1_hash(pCertContext, dwType, dwFlags,
1299 &id->u.HashId);
1300 break;
1301 case CERT_ID_KEY_IDENTIFIER:
1302 {
1303 DWORD size = 0;
1304
1305 ret = CertGetCertificateContextProperty(pCertContext,
1306 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
1307 if (ret && size == id->u.KeyId.cbData)
1308 {
1309 LPBYTE buf = CryptMemAlloc(size);
1310
1311 if (buf)
1312 {
1313 CertGetCertificateContextProperty(pCertContext,
1314 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
1315 ret = !memcmp(buf, id->u.KeyId.pbData, size);
1316 CryptMemFree(buf);
1317 }
1318 }
1319 else
1320 ret = FALSE;
1321 break;
1322 }
1323 default:
1324 ret = FALSE;
1325 break;
1326 }
1327 return ret;
1328 }
1329
1330 static BOOL compare_existing_cert(PCCERT_CONTEXT pCertContext, DWORD dwType,
1331 DWORD dwFlags, const void *pvPara)
1332 {
1333 PCCERT_CONTEXT toCompare = pvPara;
1334 return CertCompareCertificate(pCertContext->dwCertEncodingType,
1335 pCertContext->pCertInfo, toCompare->pCertInfo);
1336 }
1337
1338 static BOOL compare_cert_by_signature_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1339 DWORD dwFlags, const void *pvPara)
1340 {
1341 const CRYPT_HASH_BLOB *hash = pvPara;
1342 DWORD size = 0;
1343 BOOL ret;
1344
1345 ret = CertGetCertificateContextProperty(pCertContext,
1346 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
1347 if (ret && size == hash->cbData)
1348 {
1349 LPBYTE buf = CryptMemAlloc(size);
1350
1351 if (buf)
1352 {
1353 CertGetCertificateContextProperty(pCertContext,
1354 CERT_SIGNATURE_HASH_PROP_ID, buf, &size);
1355 ret = !memcmp(buf, hash->pbData, size);
1356 CryptMemFree(buf);
1357 }
1358 }
1359 else
1360 ret = FALSE;
1361 return ret;
1362 }
1363
1364 static inline PCCERT_CONTEXT cert_compare_certs_in_store(HCERTSTORE store,
1365 PCCERT_CONTEXT prev, CertCompareFunc compare, DWORD dwType, DWORD dwFlags,
1366 const void *pvPara)
1367 {
1368 BOOL matches = FALSE;
1369 PCCERT_CONTEXT ret;
1370
1371 ret = prev;
1372 do {
1373 ret = CertEnumCertificatesInStore(store, ret);
1374 if (ret)
1375 matches = compare(ret, dwType, dwFlags, pvPara);
1376 } while (ret != NULL && !matches);
1377 return ret;
1378 }
1379
1380 typedef PCCERT_CONTEXT (*CertFindFunc)(HCERTSTORE store, DWORD dwType,
1381 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev);
1382
1383 static PCCERT_CONTEXT find_cert_any(HCERTSTORE store, DWORD dwType,
1384 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1385 {
1386 return CertEnumCertificatesInStore(store, prev);
1387 }
1388
1389 static PCCERT_CONTEXT find_cert_by_issuer(HCERTSTORE store, DWORD dwType,
1390 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1391 {
1392 BOOL ret;
1393 PCCERT_CONTEXT found = NULL, subject = pvPara;
1394 PCERT_EXTENSION ext;
1395 DWORD size;
1396
1397 if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
1398 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
1399 {
1400 CERT_AUTHORITY_KEY_ID_INFO *info;
1401
1402 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
1403 X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
1404 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1405 &info, &size);
1406 if (ret)
1407 {
1408 CERT_ID id;
1409
1410 if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
1411 {
1412 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1413 memcpy(&id.u.IssuerSerialNumber.Issuer, &info->CertIssuer,
1414 sizeof(CERT_NAME_BLOB));
1415 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
1416 &info->CertSerialNumber, sizeof(CRYPT_INTEGER_BLOB));
1417 }
1418 else if (info->KeyId.cbData)
1419 {
1420 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
1421 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
1422 }
1423 else
1424 ret = FALSE;
1425 if (ret)
1426 found = cert_compare_certs_in_store(store, prev,
1427 compare_cert_by_cert_id, dwType, dwFlags, &id);
1428 LocalFree(info);
1429 }
1430 }
1431 else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
1432 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
1433 {
1434 CERT_AUTHORITY_KEY_ID2_INFO *info;
1435
1436 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
1437 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
1438 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1439 &info, &size);
1440 if (ret)
1441 {
1442 CERT_ID id;
1443
1444 if (info->AuthorityCertIssuer.cAltEntry &&
1445 info->AuthorityCertSerialNumber.cbData)
1446 {
1447 PCERT_ALT_NAME_ENTRY directoryName = NULL;
1448 DWORD i;
1449
1450 for (i = 0; !directoryName &&
1451 i < info->AuthorityCertIssuer.cAltEntry; i++)
1452 if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
1453 == CERT_ALT_NAME_DIRECTORY_NAME)
1454 directoryName =
1455 &info->AuthorityCertIssuer.rgAltEntry[i];
1456 if (directoryName)
1457 {
1458 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1459 memcpy(&id.u.IssuerSerialNumber.Issuer,
1460 &directoryName->u.DirectoryName, sizeof(CERT_NAME_BLOB));
1461 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
1462 &info->AuthorityCertSerialNumber,
1463 sizeof(CRYPT_INTEGER_BLOB));
1464 }
1465 else
1466 {
1467 FIXME("no supported name type in authority key id2\n");
1468 ret = FALSE;
1469 }
1470 }
1471 else if (info->KeyId.cbData)
1472 {
1473 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
1474 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
1475 }
1476 else
1477 ret = FALSE;
1478 if (ret)
1479 found = cert_compare_certs_in_store(store, prev,
1480 compare_cert_by_cert_id, dwType, dwFlags, &id);
1481 LocalFree(info);
1482 }
1483 }
1484 else
1485 found = cert_compare_certs_in_store(store, prev,
1486 compare_cert_by_name, CERT_COMPARE_NAME | CERT_COMPARE_SUBJECT_CERT,
1487 dwFlags, &subject->pCertInfo->Issuer);
1488 return found;
1489 }
1490
1491 static BOOL compare_cert_by_name_str(PCCERT_CONTEXT pCertContext,
1492 DWORD dwType, DWORD dwFlags, const void *pvPara)
1493 {
1494 PCERT_NAME_BLOB name;
1495 DWORD len;
1496 BOOL ret = FALSE;
1497
1498 if (dwType & CERT_INFO_SUBJECT_FLAG)
1499 name = &pCertContext->pCertInfo->Subject;
1500 else
1501 name = &pCertContext->pCertInfo->Issuer;
1502 len = CertNameToStrW(pCertContext->dwCertEncodingType, name,
1503 CERT_SIMPLE_NAME_STR, NULL, 0);
1504 if (len)
1505 {
1506 LPWSTR str = CryptMemAlloc(len * sizeof(WCHAR));
1507
1508 if (str)
1509 {
1510 LPWSTR ptr;
1511
1512 CertNameToStrW(pCertContext->dwCertEncodingType, name,
1513 CERT_SIMPLE_NAME_STR, str, len);
1514 for (ptr = str; *ptr; ptr++)
1515 *ptr = tolowerW(*ptr);
1516 if (strstrW(str, pvPara))
1517 ret = TRUE;
1518 CryptMemFree(str);
1519 }
1520 }
1521 return ret;
1522 }
1523
1524 static PCCERT_CONTEXT find_cert_by_name_str_a(HCERTSTORE store, DWORD dwType,
1525 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1526 {
1527 PCCERT_CONTEXT found = NULL;
1528
1529 TRACE("%s\n", debugstr_a(pvPara));
1530
1531 if (pvPara)
1532 {
1533 int len = MultiByteToWideChar(CP_ACP, 0, pvPara, -1, NULL, 0);
1534 LPWSTR str = CryptMemAlloc(len * sizeof(WCHAR));
1535
1536 if (str)
1537 {
1538 LPWSTR ptr;
1539
1540 MultiByteToWideChar(CP_ACP, 0, pvPara, -1, str, len);
1541 for (ptr = str; *ptr; ptr++)
1542 *ptr = tolowerW(*ptr);
1543 found = cert_compare_certs_in_store(store, prev,
1544 compare_cert_by_name_str, dwType, dwFlags, str);
1545 CryptMemFree(str);
1546 }
1547 }
1548 else
1549 found = find_cert_any(store, dwType, dwFlags, NULL, prev);
1550 return found;
1551 }
1552
1553 static PCCERT_CONTEXT find_cert_by_name_str_w(HCERTSTORE store, DWORD dwType,
1554 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1555 {
1556 PCCERT_CONTEXT found = NULL;
1557
1558 TRACE("%s\n", debugstr_w(pvPara));
1559
1560 if (pvPara)
1561 {
1562 DWORD len = strlenW(pvPara);
1563 LPWSTR str = CryptMemAlloc((len + 1) * sizeof(WCHAR));
1564
1565 if (str)
1566 {
1567 LPCWSTR src;
1568 LPWSTR dst;
1569
1570 for (src = pvPara, dst = str; *src; src++, dst++)
1571 *dst = tolowerW(*src);
1572 *dst = 0;
1573 found = cert_compare_certs_in_store(store, prev,
1574 compare_cert_by_name_str, dwType, dwFlags, str);
1575 CryptMemFree(str);
1576 }
1577 }
1578 else
1579 found = find_cert_any(store, dwType, dwFlags, NULL, prev);
1580 return found;
1581 }
1582
1583 PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore,
1584 DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara,
1585 PCCERT_CONTEXT pPrevCertContext)
1586 {
1587 PCCERT_CONTEXT ret;
1588 CertFindFunc find = NULL;
1589 CertCompareFunc compare = NULL;
1590
1591 TRACE("(%p, %08x, %08x, %08x, %p, %p)\n", hCertStore, dwCertEncodingType,
1592 dwFlags, dwType, pvPara, pPrevCertContext);
1593
1594 switch (dwType >> CERT_COMPARE_SHIFT)
1595 {
1596 case CERT_COMPARE_ANY:
1597 find = find_cert_any;
1598 break;
1599 case CERT_COMPARE_MD5_HASH:
1600 compare = compare_cert_by_md5_hash;
1601 break;
1602 case CERT_COMPARE_SHA1_HASH:
1603 compare = compare_cert_by_sha1_hash;
1604 break;
1605 case CERT_COMPARE_NAME:
1606 compare = compare_cert_by_name;
1607 break;
1608 case CERT_COMPARE_PUBLIC_KEY:
1609 compare = compare_cert_by_public_key;
1610 break;
1611 case CERT_COMPARE_NAME_STR_A:
1612 find = find_cert_by_name_str_a;
1613 break;
1614 case CERT_COMPARE_NAME_STR_W:
1615 find = find_cert_by_name_str_w;
1616 break;
1617 case CERT_COMPARE_SUBJECT_CERT:
1618 compare = compare_cert_by_subject_cert;
1619 break;
1620 case CERT_COMPARE_CERT_ID:
1621 compare = compare_cert_by_cert_id;
1622 break;
1623 case CERT_COMPARE_ISSUER_OF:
1624 find = find_cert_by_issuer;
1625 break;
1626 case CERT_COMPARE_EXISTING:
1627 compare = compare_existing_cert;
1628 break;
1629 case CERT_COMPARE_SIGNATURE_HASH:
1630 compare = compare_cert_by_signature_hash;
1631 break;
1632 default:
1633 FIXME("find type %08x unimplemented\n", dwType);
1634 }
1635
1636 if (find)
1637 ret = find(hCertStore, dwFlags, dwType, pvPara, pPrevCertContext);
1638 else if (compare)
1639 ret = cert_compare_certs_in_store(hCertStore, pPrevCertContext,
1640 compare, dwType, dwFlags, pvPara);
1641 else
1642 ret = NULL;
1643 if (!ret)
1644 SetLastError(CRYPT_E_NOT_FOUND);
1645 TRACE("returning %p\n", ret);
1646 return ret;
1647 }
1648
1649 PCCERT_CONTEXT WINAPI CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore,
1650 DWORD dwCertEncodingType, PCERT_INFO pCertId)
1651 {
1652 TRACE("(%p, %08x, %p)\n", hCertStore, dwCertEncodingType, pCertId);
1653
1654 if (!pCertId)
1655 {
1656 SetLastError(E_INVALIDARG);
1657 return NULL;
1658 }
1659 return CertFindCertificateInStore(hCertStore, dwCertEncodingType, 0,
1660 CERT_FIND_SUBJECT_CERT, pCertId, NULL);
1661 }
1662
1663 BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
1664 PCCERT_CONTEXT pIssuer, DWORD *pdwFlags)
1665 {
1666 static const DWORD supportedFlags = CERT_STORE_REVOCATION_FLAG |
1667 CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG;
1668
1669 if (*pdwFlags & ~supportedFlags)
1670 {
1671 SetLastError(E_INVALIDARG);
1672 return FALSE;
1673 }
1674 if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
1675 {
1676 DWORD flags = 0;
1677 PCCRL_CONTEXT crl = CertGetCRLFromStore(pSubject->hCertStore, pSubject,
1678 NULL, &flags);
1679
1680 /* FIXME: what if the CRL has expired? */
1681 if (crl)
1682 {
1683 if (CertVerifyCRLRevocation(pSubject->dwCertEncodingType,
1684 pSubject->pCertInfo, 1, (PCRL_INFO *)&crl->pCrlInfo))
1685 *pdwFlags &= CERT_STORE_REVOCATION_FLAG;
1686 }
1687 else
1688 *pdwFlags |= CERT_STORE_NO_CRL_FLAG;
1689 }
1690 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
1691 {
1692 if (0 == CertVerifyTimeValidity(NULL, pSubject->pCertInfo))
1693 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
1694 }
1695 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
1696 {
1697 if (CryptVerifyCertificateSignatureEx(0, pSubject->dwCertEncodingType,
1698 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)pSubject,
1699 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuer, 0, NULL))
1700 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
1701 }
1702 return TRUE;
1703 }
1704
1705 PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
1706 PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext,
1707 DWORD *pdwFlags)
1708 {
1709 PCCERT_CONTEXT ret;
1710
1711 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pSubjectContext,
1712 pPrevIssuerContext, *pdwFlags);
1713
1714 if (!pSubjectContext)
1715 {
1716 SetLastError(E_INVALIDARG);
1717 return NULL;
1718 }
1719
1720 ret = CertFindCertificateInStore(hCertStore,
1721 pSubjectContext->dwCertEncodingType, 0, CERT_FIND_ISSUER_OF,
1722 pSubjectContext, pPrevIssuerContext);
1723 if (ret)
1724 {
1725 if (!CertVerifySubjectCertificateContext(pSubjectContext, ret,
1726 pdwFlags))
1727 {
1728 CertFreeCertificateContext(ret);
1729 ret = NULL;
1730 }
1731 }
1732 TRACE("returning %p\n", ret);
1733 return ret;
1734 }
1735
1736 typedef struct _OLD_CERT_REVOCATION_STATUS {
1737 DWORD cbSize;
1738 DWORD dwIndex;
1739 DWORD dwError;
1740 DWORD dwReason;
1741 } OLD_CERT_REVOCATION_STATUS;
1742
1743 typedef BOOL (WINAPI *CertVerifyRevocationFunc)(DWORD, DWORD, DWORD,
1744 void **, DWORD, PCERT_REVOCATION_PARA, PCERT_REVOCATION_STATUS);
1745
1746 BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1747 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1748 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1749 {
1750 BOOL ret;
1751
1752 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1753 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1754
1755 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1756 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1757 {
1758 SetLastError(E_INVALIDARG);
1759 return FALSE;
1760 }
1761 if (cContext)
1762 {
1763 static HCRYPTOIDFUNCSET set = NULL;
1764 DWORD size;
1765
1766 if (!set)
1767 set = CryptInitOIDFunctionSet(CRYPT_OID_VERIFY_REVOCATION_FUNC, 0);
1768 ret = CryptGetDefaultOIDDllList(set, dwEncodingType, NULL, &size);
1769 if (ret)
1770 {
1771 if (size == 1)
1772 {
1773 /* empty list */
1774 SetLastError(CRYPT_E_NO_REVOCATION_DLL);
1775 ret = FALSE;
1776 }
1777 else
1778 {
1779 LPWSTR dllList = CryptMemAlloc(size * sizeof(WCHAR)), ptr;
1780
1781 if (dllList)
1782 {
1783 ret = CryptGetDefaultOIDDllList(set, dwEncodingType,
1784 dllList, &size);
1785 if (ret)
1786 {
1787 for (ptr = dllList; ret && *ptr;
1788 ptr += lstrlenW(ptr) + 1)
1789 {
1790 CertVerifyRevocationFunc func;
1791 HCRYPTOIDFUNCADDR hFunc;
1792
1793 ret = CryptGetDefaultOIDFunctionAddress(set,
1794 dwEncodingType, ptr, 0, (void **)&func, &hFunc);
1795 if (ret)
1796 {
1797 ret = func(dwEncodingType, dwRevType, cContext,
1798 rgpvContext, dwFlags, pRevPara, pRevStatus);
1799 CryptFreeOIDFunctionAddress(hFunc, 0);
1800 }
1801 }
1802 }
1803 CryptMemFree(dllList);
1804 }
1805 else
1806 {
1807 SetLastError(ERROR_OUTOFMEMORY);
1808 ret = FALSE;
1809 }
1810 }
1811 }
1812 }
1813 else
1814 ret = TRUE;
1815 return ret;
1816 }
1817
1818 PCRYPT_ATTRIBUTE WINAPI CertFindAttribute(LPCSTR pszObjId, DWORD cAttr,
1819 CRYPT_ATTRIBUTE rgAttr[])
1820 {
1821 PCRYPT_ATTRIBUTE ret = NULL;
1822 DWORD i;
1823
1824 TRACE("%s %d %p\n", debugstr_a(pszObjId), cAttr, rgAttr);
1825
1826 if (!cAttr)
1827 return NULL;
1828 if (!pszObjId)
1829 {
1830 SetLastError(ERROR_INVALID_PARAMETER);
1831 return NULL;
1832 }
1833
1834 for (i = 0; !ret && i < cAttr; i++)
1835 if (rgAttr[i].pszObjId && !strcmp(pszObjId, rgAttr[i].pszObjId))
1836 ret = &rgAttr[i];
1837 return ret;
1838 }
1839
1840 PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions,
1841 CERT_EXTENSION rgExtensions[])
1842 {
1843 PCERT_EXTENSION ret = NULL;
1844 DWORD i;
1845
1846 TRACE("%s %d %p\n", debugstr_a(pszObjId), cExtensions, rgExtensions);
1847
1848 if (!cExtensions)
1849 return NULL;
1850 if (!pszObjId)
1851 {
1852 SetLastError(ERROR_INVALID_PARAMETER);
1853 return NULL;
1854 }
1855
1856 for (i = 0; !ret && i < cExtensions; i++)
1857 if (rgExtensions[i].pszObjId && !strcmp(pszObjId,
1858 rgExtensions[i].pszObjId))
1859 ret = &rgExtensions[i];
1860 return ret;
1861 }
1862
1863 PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
1864 {
1865 PCERT_RDN_ATTR ret = NULL;
1866 DWORD i, j;
1867
1868 TRACE("%s %p\n", debugstr_a(pszObjId), pName);
1869
1870 if (!pszObjId)
1871 {
1872 SetLastError(ERROR_INVALID_PARAMETER);
1873 return NULL;
1874 }
1875
1876 for (i = 0; !ret && i < pName->cRDN; i++)
1877 for (j = 0; !ret && j < pName->rgRDN[i].cRDNAttr; j++)
1878 if (pName->rgRDN[i].rgRDNAttr[j].pszObjId && !strcmp(pszObjId,
1879 pName->rgRDN[i].rgRDNAttr[j].pszObjId))
1880 ret = &pName->rgRDN[i].rgRDNAttr[j];
1881 return ret;
1882 }
1883
1884 static BOOL find_matching_rdn_attr(DWORD dwFlags, const CERT_NAME_INFO *name,
1885 const CERT_RDN_ATTR *attr)
1886 {
1887 DWORD i, j;
1888 BOOL match = FALSE;
1889
1890 for (i = 0; !match && i < name->cRDN; i++)
1891 {
1892 for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
1893 {
1894 if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId,
1895 attr->pszObjId) &&
1896 name->rgRDN[i].rgRDNAttr[j].dwValueType ==
1897 attr->dwValueType)
1898 {
1899 if (dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG)
1900 {
1901 LPCWSTR nameStr =
1902 (LPCWSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData;
1903 LPCWSTR attrStr = (LPCWSTR)attr->Value.pbData;
1904
1905 if (attr->Value.cbData !=
1906 name->rgRDN[i].rgRDNAttr[j].Value.cbData)
1907 match = FALSE;
1908 else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG)
1909 match = !strncmpiW(nameStr, attrStr,
1910 attr->Value.cbData / sizeof(WCHAR));
1911 else
1912 match = !strncmpW(nameStr, attrStr,
1913 attr->Value.cbData / sizeof(WCHAR));
1914 TRACE("%s : %s => %d\n",
1915 debugstr_wn(nameStr, attr->Value.cbData / sizeof(WCHAR)),
1916 debugstr_wn(attrStr, attr->Value.cbData / sizeof(WCHAR)),
1917 match);
1918 }
1919 else
1920 {
1921 LPCSTR nameStr =
1922 (LPCSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData;
1923 LPCSTR attrStr = (LPCSTR)attr->Value.pbData;
1924
1925 if (attr->Value.cbData !=
1926 name->rgRDN[i].rgRDNAttr[j].Value.cbData)
1927 match = FALSE;
1928 else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG)
1929 match = !strncasecmp(nameStr, attrStr,
1930 attr->Value.cbData);
1931 else
1932 match = !strncmp(nameStr, attrStr, attr->Value.cbData);
1933 TRACE("%s : %s => %d\n",
1934 debugstr_an(nameStr, attr->Value.cbData),
1935 debugstr_an(attrStr, attr->Value.cbData), match);
1936 }
1937 }
1938 }
1939 }
1940 return match;
1941 }
1942
1943 BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType,
1944 DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN)
1945 {
1946 CERT_NAME_INFO *name;
1947 LPCSTR type;
1948 DWORD size;
1949 BOOL ret;
1950
1951 TRACE("(%08x, %08x, %p, %p)\n", dwCertEncodingType, dwFlags, pCertName,
1952 pRDN);
1953
1954 type = dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG ? X509_UNICODE_NAME :
1955 X509_NAME;
1956 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, type, pCertName->pbData,
1957 pCertName->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &name, &size)))
1958 {
1959 DWORD i;
1960
1961 for (i = 0; ret && i < pRDN->cRDNAttr; i++)
1962 ret = find_matching_rdn_attr(dwFlags, name, &pRDN->rgRDNAttr[i]);
1963 if (!ret)
1964 SetLastError(CRYPT_E_NO_MATCH);
1965 LocalFree(name);
1966 }
1967 return ret;
1968 }
1969
1970 LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify,
1971 PCERT_INFO pCertInfo)
1972 {
1973 FILETIME fileTime;
1974 LONG ret;
1975
1976 if (!pTimeToVerify)
1977 {
1978 GetSystemTimeAsFileTime(&fileTime);
1979 pTimeToVerify = &fileTime;
1980 }
1981 if ((ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotBefore)) >= 0)
1982 {
1983 ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotAfter);
1984 if (ret < 0)
1985 ret = 0;
1986 }
1987 return ret;
1988 }
1989
1990 BOOL WINAPI CertVerifyValidityNesting(PCERT_INFO pSubjectInfo,
1991 PCERT_INFO pIssuerInfo)
1992 {
1993 TRACE("(%p, %p)\n", pSubjectInfo, pIssuerInfo);
1994
1995 return CertVerifyTimeValidity(&pSubjectInfo->NotBefore, pIssuerInfo) == 0
1996 && CertVerifyTimeValidity(&pSubjectInfo->NotAfter, pIssuerInfo) == 0;
1997 }
1998
1999 BOOL WINAPI CryptHashCertificate(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid,
2000 DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash,
2001 DWORD *pcbComputedHash)
2002 {
2003 BOOL ret = TRUE;
2004 HCRYPTHASH hHash = 0;
2005
2006 TRACE("(%08lx, %d, %08x, %p, %d, %p, %p)\n", hCryptProv, Algid, dwFlags,
2007 pbEncoded, cbEncoded, pbComputedHash, pcbComputedHash);
2008
2009 if (!hCryptProv)
2010 hCryptProv = CRYPT_GetDefaultProvider();
2011 if (!Algid)
2012 Algid = CALG_SHA1;
2013 if (ret)
2014 {
2015 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
2016 if (ret)
2017 {
2018 ret = CryptHashData(hHash, pbEncoded, cbEncoded, 0);
2019 if (ret)
2020 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2021 pcbComputedHash, 0);
2022 CryptDestroyHash(hHash);
2023 }
2024 }
2025 return ret;
2026 }
2027
2028 BOOL WINAPI CryptHashPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid,
2029 DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
2030 BYTE *pbComputedHash, DWORD *pcbComputedHash)
2031 {
2032 BOOL ret = TRUE;
2033 HCRYPTHASH hHash = 0;
2034
2035 TRACE("(%08lx, %d, %08x, %d, %p, %p, %p)\n", hCryptProv, Algid, dwFlags,
2036 dwCertEncodingType, pInfo, pbComputedHash, pcbComputedHash);
2037
2038 if (!hCryptProv)
2039 hCryptProv = CRYPT_GetDefaultProvider();
2040 if (!Algid)
2041 Algid = CALG_MD5;
2042 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
2043 {
2044 SetLastError(ERROR_FILE_NOT_FOUND);
2045 return FALSE;
2046 }
2047 if (ret)
2048 {
2049 BYTE *buf;
2050 DWORD size = 0;
2051
2052 ret = CRYPT_AsnEncodePubKeyInfoNoNull(dwCertEncodingType,
2053 X509_PUBLIC_KEY_INFO, pInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
2054 (LPBYTE)&buf, &size);
2055 if (ret)
2056 {
2057 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
2058 if (ret)
2059 {
2060 ret = CryptHashData(hHash, buf, size, 0);
2061 if (ret)
2062 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2063 pcbComputedHash, 0);
2064 CryptDestroyHash(hHash);
2065 }
2066 LocalFree(buf);
2067 }
2068 }
2069 return ret;
2070 }
2071
2072 BOOL WINAPI CryptHashToBeSigned(HCRYPTPROV_LEGACY hCryptProv,
2073 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
2074 BYTE *pbComputedHash, DWORD *pcbComputedHash)
2075 {
2076 BOOL ret;
2077 CERT_SIGNED_CONTENT_INFO *info;
2078 DWORD size;
2079
2080 TRACE("(%08lx, %08x, %p, %d, %p, %d)\n", hCryptProv, dwCertEncodingType,
2081 pbEncoded, cbEncoded, pbComputedHash, *pcbComputedHash);
2082
2083 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
2084 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
2085 if (ret)
2086 {
2087 PCCRYPT_OID_INFO oidInfo;
2088 HCRYPTHASH hHash;
2089
2090 if (!hCryptProv)
2091 hCryptProv = CRYPT_GetDefaultProvider();
2092 oidInfo = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2093 info->SignatureAlgorithm.pszObjId, 0);
2094 if (!oidInfo)
2095 {
2096 SetLastError(NTE_BAD_ALGID);
2097 ret = FALSE;
2098 }
2099 else
2100 {
2101 ret = CryptCreateHash(hCryptProv, oidInfo->u.Algid, 0, 0, &hHash);
2102 if (ret)
2103 {
2104 ret = CryptHashData(hHash, info->ToBeSigned.pbData,
2105 info->ToBeSigned.cbData, 0);
2106 if (ret)
2107 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2108 pcbComputedHash, 0);
2109 CryptDestroyHash(hHash);
2110 }
2111 }
2112 LocalFree(info);
2113 }
2114 return ret;
2115 }
2116
2117 BOOL WINAPI CryptSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv,
2118 DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned,
2119 DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
2120 const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
2121 {
2122 BOOL ret;
2123 PCCRYPT_OID_INFO info;
2124 HCRYPTHASH hHash;
2125
2126 TRACE("(%08lx, %d, %d, %p, %d, %p, %p, %p, %p)\n", hCryptProv,
2127 dwKeySpec, dwCertEncodingType, pbEncodedToBeSigned, cbEncodedToBeSigned,
2128 pSignatureAlgorithm, pvHashAuxInfo, pbSignature, pcbSignature);
2129
2130 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2131 pSignatureAlgorithm->pszObjId, 0);
2132 if (!info)
2133 {
2134 SetLastError(NTE_BAD_ALGID);
2135 return FALSE;
2136 }
2137 if (info->dwGroupId == CRYPT_HASH_ALG_OID_GROUP_ID)
2138 {
2139 if (!hCryptProv)
2140 hCryptProv = CRYPT_GetDefaultProvider();
2141 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
2142 if (ret)
2143 {
2144 ret = CryptHashData(hHash, pbEncodedToBeSigned,
2145 cbEncodedToBeSigned, 0);
2146 if (ret)
2147 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbSignature,
2148 pcbSignature, 0);
2149 CryptDestroyHash(hHash);
2150 }
2151 }
2152 else
2153 {
2154 if (!hCryptProv)
2155 {
2156 SetLastError(ERROR_INVALID_PARAMETER);
2157 ret = FALSE;
2158 }
2159 else
2160 {
2161 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
2162 if (ret)
2163 {
2164 ret = CryptHashData(hHash, pbEncodedToBeSigned,
2165 cbEncodedToBeSigned, 0);
2166 if (ret)
2167 ret = CryptSignHashW(hHash, dwKeySpec, NULL, 0, pbSignature,
2168 pcbSignature);
2169 CryptDestroyHash(hHash);
2170 }
2171 }
2172 }
2173 return ret;
2174 }
2175
2176 BOOL WINAPI CryptSignAndEncodeCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv,
2177 DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
2178 const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
2179 const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD *pcbEncoded)
2180 {
2181 BOOL ret;
2182 DWORD encodedSize, hashSize;
2183
2184 TRACE("(%08lx, %d, %d, %s, %p, %p, %p, %p, %p)\n", hCryptProv, dwKeySpec,
2185 dwCertEncodingType, debugstr_a(lpszStructType), pvStructInfo,
2186 pSignatureAlgorithm, pvHashAuxInfo, pbEncoded, pcbEncoded);
2187
2188 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType, pvStructInfo,
2189 NULL, &encodedSize);
2190 if (ret)
2191 {
2192 PBYTE encoded = CryptMemAlloc(encodedSize);
2193
2194 if (encoded)
2195 {
2196 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType,
2197 pvStructInfo, encoded, &encodedSize);
2198 if (ret)
2199 {
2200 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
2201 dwCertEncodingType, encoded, encodedSize, pSignatureAlgorithm,
2202 pvHashAuxInfo, NULL, &hashSize);
2203 if (ret)
2204 {
2205 PBYTE hash = CryptMemAlloc(hashSize);
2206
2207 if (hash)
2208 {
2209 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
2210 dwCertEncodingType, encoded, encodedSize,
2211 pSignatureAlgorithm, pvHashAuxInfo, hash, &hashSize);
2212 if (ret)
2213 {
2214 CERT_SIGNED_CONTENT_INFO info = { { 0 } };
2215
2216 info.ToBeSigned.cbData = encodedSize;
2217 info.ToBeSigned.pbData = encoded;
2218 info.SignatureAlgorithm = *pSignatureAlgorithm;
2219 info.Signature.cbData = hashSize;
2220 info.Signature.pbData = hash;
2221 info.Signature.cUnusedBits = 0;
2222 ret = CryptEncodeObject(dwCertEncodingType,
2223 X509_CERT, &info, pbEncoded, pcbEncoded);
2224 }
2225 CryptMemFree(hash);
2226 }
2227 }
2228 }
2229 CryptMemFree(encoded);
2230 }
2231 }
2232 return ret;
2233 }
2234
2235 BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV_LEGACY hCryptProv,
2236 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
2237 PCERT_PUBLIC_KEY_INFO pPublicKey)
2238 {
2239 CRYPT_DATA_BLOB blob = { cbEncoded, (BYTE *)pbEncoded };
2240
2241 return CryptVerifyCertificateSignatureEx(hCryptProv, dwCertEncodingType,
2242 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &blob,
2243 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
2244 }
2245
2246 static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv,
2247 DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
2248 const CERT_SIGNED_CONTENT_INFO *signedCert)
2249 {
2250 BOOL ret;
2251 HCRYPTKEY key;
2252 PCCRYPT_OID_INFO info;
2253 ALG_ID pubKeyID, hashID;
2254
2255 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2256 signedCert->SignatureAlgorithm.pszObjId, 0);
2257 if (!info || info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID)
2258 {
2259 SetLastError(NTE_BAD_ALGID);
2260 return FALSE;
2261 }
2262 hashID = info->u.Algid;
2263 if (info->ExtraInfo.cbData >= sizeof(ALG_ID))
2264 pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData;
2265 else
2266 pubKeyID = hashID;
2267 /* Load the default provider if necessary */
2268 if (!hCryptProv)
2269 hCryptProv = CRYPT_GetDefaultProvider();
2270 ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
2271 pubKeyInfo, pubKeyID, 0, NULL, &key);
2272 if (ret)
2273 {
2274 HCRYPTHASH hash;
2275
2276 ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash);
2277 if (ret)
2278 {
2279 ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
2280 signedCert->ToBeSigned.cbData, 0);
2281 if (ret)
2282 ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
2283 signedCert->Signature.cbData, key, NULL, 0);
2284 CryptDestroyHash(hash);
2285 }
2286 CryptDestroyKey(key);
2287 }
2288 return ret;
2289 }
2290
2291 BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv,
2292 DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
2293 DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
2294 {
2295 BOOL ret = TRUE;
2296 CRYPT_DATA_BLOB subjectBlob;
2297
2298 TRACE("(%08lx, %d, %d, %p, %d, %p, %08x, %p)\n", hCryptProv,
2299 dwCertEncodingType, dwSubjectType, pvSubject, dwIssuerType, pvIssuer,
2300 dwFlags, pvReserved);
2301
2302 switch (dwSubjectType)
2303 {
2304 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB:
2305 {
2306 PCRYPT_DATA_BLOB blob = pvSubject;
2307
2308 subjectBlob.pbData = blob->pbData;
2309 subjectBlob.cbData = blob->cbData;
2310 break;
2311 }
2312 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT:
2313 {
2314 PCERT_CONTEXT context = pvSubject;
2315
2316 subjectBlob.pbData = context->pbCertEncoded;
2317 subjectBlob.cbData = context->cbCertEncoded;
2318 break;
2319 }
2320 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL:
2321 {
2322 PCRL_CONTEXT context = pvSubject;
2323
2324 subjectBlob.pbData = context->pbCrlEncoded;
2325 subjectBlob.cbData = context->cbCrlEncoded;
2326 break;
2327 }
2328 default:
2329 SetLastError(E_INVALIDARG);
2330 ret = FALSE;
2331 }
2332
2333 if (ret)
2334 {
2335 PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
2336 DWORD size = 0;
2337
2338 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
2339 subjectBlob.pbData, subjectBlob.cbData,
2340 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
2341 &signedCert, &size);
2342 if (ret)
2343 {
2344 switch (dwIssuerType)
2345 {
2346 case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
2347 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
2348 dwCertEncodingType, pvIssuer,
2349 signedCert);
2350 break;
2351 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
2352 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
2353 dwCertEncodingType,
2354 &((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
2355 signedCert);
2356 break;
2357 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
2358 FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
2359 ret = FALSE;
2360 break;
2361 case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
2362 if (pvIssuer)
2363 {
2364 SetLastError(E_INVALIDARG);
2365 ret = FALSE;
2366 }
2367 else
2368 {
2369 FIXME("unimplemented for NULL signer\n");
2370 SetLastError(E_INVALIDARG);
2371 ret = FALSE;
2372 }
2373 break;
2374 default:
2375 SetLastError(E_INVALIDARG);
2376 ret = FALSE;
2377 }
2378 LocalFree(signedCert);
2379 }
2380 }
2381 return ret;
2382 }
2383
2384 BOOL WINAPI CertGetIntendedKeyUsage(DWORD dwCertEncodingType,
2385 PCERT_INFO pCertInfo, BYTE *pbKeyUsage, DWORD cbKeyUsage)
2386 {
2387 PCERT_EXTENSION ext;
2388 BOOL ret = FALSE;
2389
2390 TRACE("(%08x, %p, %p, %d)\n", dwCertEncodingType, pCertInfo, pbKeyUsage,
2391 cbKeyUsage);
2392
2393 ext = CertFindExtension(szOID_KEY_USAGE, pCertInfo->cExtension,
2394 pCertInfo->rgExtension);
2395 if (ext)
2396 {
2397 CRYPT_BIT_BLOB usage;
2398 DWORD size = sizeof(usage);
2399
2400 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BITS,
2401 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL,
2402 &usage, &size);
2403 if (ret)
2404 {
2405 if (cbKeyUsage < usage.cbData)
2406 ret = FALSE;
2407 else
2408 {
2409 memcpy(pbKeyUsage, usage.pbData, usage.cbData);
2410 if (cbKeyUsage > usage.cbData)
2411 memset(pbKeyUsage + usage.cbData, 0,
2412 cbKeyUsage - usage.cbData);
2413 }
2414 }
2415 }
2416 else
2417 SetLastError(0);
2418 return ret;
2419 }
2420
2421 BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags,
2422 PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
2423 {
2424 PCERT_ENHKEY_USAGE usage = NULL;
2425 DWORD bytesNeeded;
2426 BOOL ret = TRUE;
2427
2428 if (!pCertContext || !pcbUsage)
2429 {
2430 SetLastError(ERROR_INVALID_PARAMETER);
2431 return FALSE;
2432 }
2433
2434 TRACE("(%p, %08x, %p, %d)\n", pCertContext, dwFlags, pUsage, *pcbUsage);
2435
2436 if (!(dwFlags & CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG))
2437 {
2438 DWORD propSize = 0;
2439
2440 if (CertGetCertificateContextProperty(pCertContext,
2441 CERT_ENHKEY_USAGE_PROP_ID, NULL, &propSize))
2442 {
2443 LPBYTE buf = CryptMemAlloc(propSize);
2444
2445 if (buf)
2446 {
2447 if (CertGetCertificateContextProperty(pCertContext,
2448 CERT_ENHKEY_USAGE_PROP_ID, buf, &propSize))
2449 {
2450 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
2451 X509_ENHANCED_KEY_USAGE, buf, propSize,
2452 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
2453 }
2454 CryptMemFree(buf);
2455 }
2456 }
2457 }
2458 if (!usage && !(dwFlags & CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG))
2459 {
2460 PCERT_EXTENSION ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
2461 pCertContext->pCertInfo->cExtension,
2462 pCertContext->pCertInfo->rgExtension);
2463
2464 if (ext)
2465 {
2466 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
2467 X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
2468 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
2469 }
2470 }
2471 if (!usage)
2472 {
2473 /* If a particular location is specified, this should fail. Otherwise
2474 * it should succeed with an empty usage. (This is true on Win2k and
2475 * later, which we emulate.)
2476 */
2477 if (dwFlags)
2478 {
2479 SetLastError(CRYPT_E_NOT_FOUND);
2480 ret = FALSE;
2481 }
2482 else
2483 bytesNeeded = sizeof(CERT_ENHKEY_USAGE);
2484 }
2485
2486 if (ret)
2487 {
2488 if (!pUsage)
2489 *pcbUsage = bytesNeeded;
2490 else if (*pcbUsage < bytesNeeded)
2491 {
2492 SetLastError(ERROR_MORE_DATA);
2493 *pcbUsage = bytesNeeded;
2494 ret = FALSE;
2495 }
2496 else
2497 {
2498 *pcbUsage = bytesNeeded;
2499 if (usage)
2500 {
2501 DWORD i;
2502 LPSTR nextOID = (LPSTR)((LPBYTE)pUsage +
2503 sizeof(CERT_ENHKEY_USAGE) +
2504 usage->cUsageIdentifier * sizeof(LPSTR));
2505
2506 pUsage->cUsageIdentifier = usage->cUsageIdentifier;
2507 pUsage->rgpszUsageIdentifier = (LPSTR *)((LPBYTE)pUsage +
2508 sizeof(CERT_ENHKEY_USAGE));
2509 for (i = 0; i < usage->cUsageIdentifier; i++)
2510 {
2511 pUsage->rgpszUsageIdentifier[i] = nextOID;
2512 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
2513 nextOID += strlen(nextOID) + 1;
2514 }
2515 }
2516 else
2517 pUsage->cUsageIdentifier = 0;
2518 }
2519 }
2520 if (usage)
2521 LocalFree(usage);
2522 TRACE("returning %d\n", ret);
2523 return ret;
2524 }
2525
2526 BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext,
2527 PCERT_ENHKEY_USAGE pUsage)
2528 {
2529 BOOL ret;
2530
2531 TRACE("(%p, %p)\n", pCertContext, pUsage);
2532
2533 if (pUsage)
2534 {
2535 CRYPT_DATA_BLOB blob = { 0, NULL };
2536
2537 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
2538 pUsage, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData, &blob.cbData);
2539 if (ret)
2540 {
2541 ret = CertSetCertificateContextProperty(pCertContext,
2542 CERT_ENHKEY_USAGE_PROP_ID, 0, &blob);
2543 LocalFree(blob.pbData);
2544 }
2545 }
2546 else
2547 ret = CertSetCertificateContextProperty(pCertContext,
2548 CERT_ENHKEY_USAGE_PROP_ID, 0, NULL);
2549 return ret;
2550 }
2551
2552 BOOL WINAPI CertAddEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
2553 LPCSTR pszUsageIdentifier)
2554 {
2555 BOOL ret;
2556 DWORD size;
2557
2558 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
2559
2560 if (CertGetEnhancedKeyUsage(pCertContext,
2561 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size))
2562 {
2563 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(size);
2564
2565 if (usage)
2566 {
2567 ret = CertGetEnhancedKeyUsage(pCertContext,
2568 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, usage, &size);
2569 if (ret)
2570 {
2571 DWORD i;
2572 BOOL exists = FALSE;
2573
2574 /* Make sure usage doesn't already exist */
2575 for (i = 0; !exists && i < usage->cUsageIdentifier; i++)
2576 {
2577 if (!strcmp(usage->rgpszUsageIdentifier[i],
2578 pszUsageIdentifier))
2579 exists = TRUE;
2580 }
2581 if (!exists)
2582 {
2583 PCERT_ENHKEY_USAGE newUsage = CryptMemAlloc(size +
2584 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
2585
2586 if (newUsage)
2587 {
2588 LPSTR nextOID;
2589
2590 newUsage->rgpszUsageIdentifier = (LPSTR *)
2591 ((LPBYTE)newUsage + sizeof(CERT_ENHKEY_USAGE));
2592 nextOID = (LPSTR)((LPBYTE)newUsage->rgpszUsageIdentifier
2593 + (usage->cUsageIdentifier + 1) * sizeof(LPSTR));
2594 for (i = 0; i < usage->cUsageIdentifier; i++)
2595 {
2596 newUsage->rgpszUsageIdentifier[i] = nextOID;
2597 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
2598 nextOID += strlen(nextOID) + 1;
2599 }
2600 newUsage->rgpszUsageIdentifier[i] = nextOID;
2601 strcpy(nextOID, pszUsageIdentifier);
2602 newUsage->cUsageIdentifier = i + 1;
2603 ret = CertSetEnhancedKeyUsage(pCertContext, newUsage);
2604 CryptMemFree(newUsage);
2605 }
2606 else
2607 ret = FALSE;
2608 }
2609 }
2610 CryptMemFree(usage);
2611 }
2612 else
2613 ret = FALSE;
2614 }
2615 else
2616 {
2617 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(sizeof(CERT_ENHKEY_USAGE) +
2618 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
2619
2620 if (usage)
2621 {
2622 usage->rgpszUsageIdentifier =
2623 (LPSTR *)((LPBYTE)usage + sizeof(CERT_ENHKEY_USAGE));
2624 usage->rgpszUsageIdentifier[0] = (LPSTR)((LPBYTE)usage +
2625 sizeof(CERT_ENHKEY_USAGE) + sizeof(LPSTR));
2626 strcpy(usage->rgpszUsageIdentifier[0], pszUsageIdentifier);
2627 usage->cUsageIdentifier = 1;
2628 ret = CertSetEnhancedKeyUsage(pCertContext, usage);
2629 CryptMemFree(usage);
2630 }
2631 else
2632 ret = FALSE;
2633 }
2634 return ret;
2635 }
2636
2637 BOOL WINAPI CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
2638 LPCSTR pszUsageIdentifier)
2639 {
2640 BOOL ret;
2641 DWORD size;
2642 CERT_ENHKEY_USAGE usage;
2643
2644 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
2645
2646 size = sizeof(usage);
2647 ret = CertGetEnhancedKeyUsage(pCertContext,
2648 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, &usage, &size);
2649 if (!ret && GetLastError() == ERROR_MORE_DATA)
2650 {
2651 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
2652
2653 if (pUsage)
2654 {
2655 ret = CertGetEnhancedKeyUsage(pCertContext,
2656 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2657 if (ret)
2658 {
2659 if (pUsage->cUsageIdentifier)
2660 {
2661 DWORD i;
2662 BOOL found = FALSE;
2663
2664 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2665 {
2666 if (!strcmp(pUsage->rgpszUsageIdentifier[i],
2667 pszUsageIdentifier))
2668 found = TRUE;
2669 if (found && i < pUsage->cUsageIdentifier - 1)
2670 pUsage->rgpszUsageIdentifier[i] =
2671 pUsage->rgpszUsageIdentifier[i + 1];
2672 }
2673 pUsage->cUsageIdentifier--;
2674 /* Remove the usage if it's empty */
2675 if (pUsage->cUsageIdentifier)
2676 ret = CertSetEnhancedKeyUsage(pCertContext, pUsage);
2677 else
2678 ret = CertSetEnhancedKeyUsage(pCertContext, NULL);
2679 }
2680 }
2681 CryptMemFree(pUsage);
2682 }
2683 else
2684 ret = FALSE;
2685 }
2686 else
2687 {
2688 /* it fit in an empty usage, therefore there's nothing to remove */
2689 ret = TRUE;
2690 }
2691 return ret;
2692 }
2693
2694 struct BitField
2695 {
2696 DWORD cIndexes;
2697 DWORD *indexes;
2698 };
2699
2700 #define BITS_PER_DWORD (sizeof(DWORD) * 8)
2701
2702 static void CRYPT_SetBitInField(struct BitField *field, DWORD bit)
2703 {
2704 DWORD indexIndex = bit / BITS_PER_DWORD;
2705
2706 if (indexIndex + 1 > field->cIndexes)
2707 {
2708 if (field->cIndexes)
2709 field->indexes = CryptMemRealloc(field->indexes,
2710 (indexIndex + 1) * sizeof(DWORD));
2711 else
2712 field->indexes = CryptMemAlloc(sizeof(DWORD));
2713 if (field->indexes)
2714 {
2715 field->indexes[indexIndex] = 0;
2716 field->cIndexes = indexIndex + 1;
2717 }
2718 }
2719 if (field->indexes)
2720 field->indexes[indexIndex] |= 1 << (bit % BITS_PER_DWORD);
2721 }
2722
2723 static BOOL CRYPT_IsBitInFieldSet(const struct BitField *field, DWORD bit)
2724 {
2725 BOOL set = FALSE;
2726 DWORD indexIndex = bit / BITS_PER_DWORD;
2727
2728 assert(field->cIndexes);
2729 set = field->indexes[indexIndex] & (1 << (bit % BITS_PER_DWORD));
2730 return set;
2731 }
2732
2733 BOOL WINAPI CertGetValidUsages(DWORD cCerts, PCCERT_CONTEXT *rghCerts,
2734 int *cNumOIDs, LPSTR *rghOIDs, DWORD *pcbOIDs)
2735 {
2736 BOOL ret = TRUE;
2737 DWORD i, cbOIDs = 0;
2738 BOOL allUsagesValid = TRUE;
2739 CERT_ENHKEY_USAGE validUsages = { 0, NULL };
2740
2741 TRACE("(%d, %p, %d, %p, %d)\n", cCerts, rghCerts, *cNumOIDs,
2742 rghOIDs, *pcbOIDs);
2743
2744 for (i = 0; i < cCerts; i++)
2745 {
2746 CERT_ENHKEY_USAGE usage;
2747 DWORD size = sizeof(usage);
2748
2749 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, &usage, &size);
2750 /* Success is deliberately ignored: it implies all usages are valid */
2751 if (!ret && GetLastError() == ERROR_MORE_DATA)
2752 {
2753 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
2754
2755 allUsagesValid = FALSE;
2756 if (pUsage)
2757 {
2758 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, pUsage, &size);
2759 if (ret)
2760 {
2761 if (!validUsages.cUsageIdentifier)
2762 {
2763 DWORD j;
2764
2765 cbOIDs = pUsage->cUsageIdentifier * sizeof(LPSTR);
2766 validUsages.cUsageIdentifier = pUsage->cUsageIdentifier;
2767 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2768 cbOIDs += lstrlenA(pUsage->rgpszUsageIdentifier[j])
2769 + 1;
2770 validUsages.rgpszUsageIdentifier =
2771 CryptMemAlloc(cbOIDs);
2772 if (validUsages.rgpszUsageIdentifier)
2773 {
2774 LPSTR nextOID = (LPSTR)
2775 ((LPBYTE)validUsages.rgpszUsageIdentifier +
2776 validUsages.cUsageIdentifier * sizeof(LPSTR));
2777
2778 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2779 {
2780 validUsages.rgpszUsageIdentifier[j] = nextOID;
2781 lstrcpyA(validUsages.rgpszUsageIdentifier[j],
2782 pUsage->rgpszUsageIdentifier[j]);
2783 nextOID += lstrlenA(nextOID) + 1;
2784 }
2785 }
2786 }
2787 else
2788 {
2789 struct BitField validIndexes = { 0, NULL };
2790 DWORD j, k, numRemoved = 0;
2791
2792 /* Merge: build a bitmap of all the indexes of
2793 * validUsages.rgpszUsageIdentifier that are in pUsage.
2794 */
2795 for (j = 0; j < pUsage->cUsageIdentifier; j++)
2796 {
2797 for (k = 0; k < validUsages.cUsageIdentifier; k++)
2798 {
2799 if (!strcmp(pUsage->rgpszUsageIdentifier[j],
2800 validUsages.rgpszUsageIdentifier[k]))
2801 {
2802 CRYPT_SetBitInField(&validIndexes, k);
2803 break;
2804 }
2805 }
2806 }
2807 /* Merge by removing from validUsages those that are
2808 * not in the bitmap.
2809 */
2810 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2811 {
2812 if (!CRYPT_IsBitInFieldSet(&validIndexes, j))
2813 {
2814 if (j < validUsages.cUsageIdentifier - 1)
2815 {
2816 memmove(&validUsages.rgpszUsageIdentifier[j],
2817 &validUsages.rgpszUsageIdentifier[j +
2818 numRemoved + 1],
2819 (validUsages.cUsageIdentifier - numRemoved
2820 - j - 1) * sizeof(LPSTR));
2821 cbOIDs -= lstrlenA(
2822 validUsages.rgpszUsageIdentifier[j]) + 1 +
2823 sizeof(LPSTR);
2824 validUsages.cUsageIdentifier--;
2825 numRemoved++;
2826 }
2827 else
2828 validUsages.cUsageIdentifier--;
2829 }
2830 }
2831 CryptMemFree(validIndexes.indexes);
2832 }
2833 }
2834 CryptMemFree(pUsage);
2835 }
2836 }
2837 }
2838 ret = TRUE;
2839 if (allUsagesValid)
2840 {
2841 *cNumOIDs = -1;
2842 *pcbOIDs = 0;
2843 }
2844 else
2845 {
2846 *cNumOIDs = validUsages.cUsageIdentifier;
2847 if (!rghOIDs)
2848 *pcbOIDs = cbOIDs;
2849 else if (*pcbOIDs < cbOIDs)
2850 {
2851 *pcbOIDs = cbOIDs;
2852 SetLastError(ERROR_MORE_DATA);
2853 ret = FALSE;
2854 }
2855 else
2856 {
2857 LPSTR nextOID = (LPSTR)((LPBYTE)rghOIDs +
2858 validUsages.cUsageIdentifier * sizeof(LPSTR));
2859
2860 *pcbOIDs = cbOIDs;
2861 for (i = 0; i < validUsages.cUsageIdentifier; i++)
2862 {
2863 rghOIDs[i] = nextOID;
2864 lstrcpyA(nextOID, validUsages.rgpszUsageIdentifier[i]);
2865 nextOID += lstrlenA(nextOID) + 1;
2866 }
2867 }
2868 }
2869 CryptMemFree(validUsages.rgpszUsageIdentifier);
2870 TRACE("cNumOIDs: %d\n", *cNumOIDs);
2871 TRACE("returning %d\n", ret);
2872 return ret;
2873 }
2874
2875 /* Sets the CERT_KEY_PROV_INFO_PROP_ID property of context from pInfo, or, if
2876 * pInfo is NULL, from the attributes of hProv.
2877 */
2878 static void CertContext_SetKeyProvInfo(PCCERT_CONTEXT context,
2879 const CRYPT_KEY_PROV_INFO *pInfo, HCRYPTPROV hProv)
2880 {
2881 CRYPT_KEY_PROV_INFO info = { 0 };
2882 BOOL ret;
2883
2884 if (!pInfo)
2885 {
2886 DWORD size;
2887 int len;
2888
2889 ret = CryptGetProvParam(hProv, PP_CONTAINER, NULL, &size, 0);
2890 if (ret)
2891 {
2892 LPSTR szContainer = CryptMemAlloc(size);
2893
2894 if (szContainer)
2895 {
2896 ret = CryptGetProvParam(hProv, PP_CONTAINER,
2897 (BYTE *)szContainer, &size, 0);
2898 if (ret)
2899 {
2900 len = MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
2901 NULL, 0);
2902 if (len)
2903 {
2904 info.pwszContainerName = CryptMemAlloc(len *
2905 sizeof(WCHAR));
2906 MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
2907 info.pwszContainerName, len);
2908 }
2909 }
2910 CryptMemFree(szContainer);
2911 }
2912 }
2913 ret = CryptGetProvParam(hProv, PP_NAME, NULL, &size, 0);
2914 if (ret)
2915 {
2916 LPSTR szProvider = CryptMemAlloc(size);
2917
2918 if (szProvider)
2919 {
2920 ret = CryptGetProvParam(hProv, PP_NAME, (BYTE *)szProvider,
2921 &size, 0);
2922 if (ret)
2923 {
2924 len = MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
2925 NULL, 0);
2926 if (len)
2927 {
2928 info.pwszProvName = CryptMemAlloc(len *
2929 sizeof(WCHAR));
2930 MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
2931 info.pwszProvName, len);
2932 }
2933 }
2934 CryptMemFree(szProvider);
2935 }
2936 }
2937 size = sizeof(info.dwKeySpec);
2938 /* in case no CRYPT_KEY_PROV_INFO given,
2939 * we always use AT_SIGNATURE key spec
2940 */
2941 info.dwKeySpec = AT_SIGNATURE;
2942 size = sizeof(info.dwProvType);
2943 ret = CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE)&info.dwProvType,
2944 &size, 0);
2945 if (!ret)
2946 info.dwProvType = PROV_RSA_FULL;
2947 pInfo = &info;
2948 }
2949
2950 CertSetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
2951 0, pInfo);
2952
2953 if (pInfo == &info)
2954 {
2955 CryptMemFree(info.pwszContainerName);
2956 CryptMemFree(info.pwszProvName);
2957 }
2958 }
2959
2960 /* Creates a signed certificate context from the unsigned, encoded certificate
2961 * in blob, using the crypto provider hProv and the signature algorithm sigAlgo.
2962 */
2963 static PCCERT_CONTEXT CRYPT_CreateSignedCert(const CRYPT_DER_BLOB *blob,
2964 HCRYPTPROV hProv, DWORD dwKeySpec, PCRYPT_ALGORITHM_IDENTIFIER sigAlgo)
2965 {
2966 PCCERT_CONTEXT context = NULL;
2967 BOOL ret;
2968 DWORD sigSize = 0;
2969
2970 ret = CryptSignCertificate(hProv, dwKeySpec, X509_ASN_ENCODING,
2971 blob->pbData, blob->cbData, sigAlgo, NULL, NULL, &sigSize);
2972 if (ret)
2973 {
2974 LPBYTE sig = CryptMemAlloc(sigSize);
2975
2976 ret = CryptSignCertificate(hProv, dwKeySpec, X509_ASN_ENCODING,
2977 blob->pbData, blob->cbData, sigAlgo, NULL, sig, &sigSize);
2978 if (ret)
2979 {
2980 CERT_SIGNED_CONTENT_INFO signedInfo;
2981 BYTE *encodedSignedCert = NULL;
2982 DWORD encodedSignedCertSize = 0;
2983
2984 signedInfo.ToBeSigned.cbData = blob->cbData;
2985 signedInfo.ToBeSigned.pbData = blob->pbData;
2986 signedInfo.SignatureAlgorithm = *sigAlgo;
2987 signedInfo.Signature.cbData = sigSize;
2988 signedInfo.Signature.pbData = sig;
2989 signedInfo.Signature.cUnusedBits = 0;
2990 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT,
2991 &signedInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
2992 &encodedSignedCert, &encodedSignedCertSize);
2993 if (ret)
2994 {
2995 context = CertCreateCertificateContext(X509_ASN_ENCODING,
2996 encodedSignedCert, encodedSignedCertSize);
2997 LocalFree(encodedSignedCert);
2998 }
2999 }
3000 CryptMemFree(sig);
3001 }
3002 return context;
3003 }
3004
3005 /* Copies data from the parameters into info, where:
3006 * pSerialNumber: The serial number. Must not be NULL.
3007 * pSubjectIssuerBlob: Specifies both the subject and issuer for info.
3008 * Must not be NULL
3009 * pSignatureAlgorithm: Optional.
3010 * pStartTime: The starting time of the certificate. If NULL, the current
3011 * system time is used.
3012 * pEndTime: The ending time of the certificate. If NULL, one year past the
3013 * starting time is used.
3014 * pubKey: The public key of the certificate. Must not be NULL.
3015 * pExtensions: Extensions to be included with the certificate. Optional.
3016 */
3017 static void CRYPT_MakeCertInfo(PCERT_INFO info, const CRYPT_DATA_BLOB *pSerialNumber,
3018 const CERT_NAME_BLOB *pSubjectIssuerBlob,
3019 const CRYPT_ALGORITHM_IDENTIFIER *pSignatureAlgorithm, const SYSTEMTIME *pStartTime,
3020 const SYSTEMTIME *pEndTime, const CERT_PUBLIC_KEY_INFO *pubKey,
3021 const CERT_EXTENSIONS *pExtensions)
3022 {
3023 static CHAR oid[] = szOID_RSA_SHA1RSA;
3024
3025 assert(info);
3026 assert(pSerialNumber);
3027 assert(pSubjectIssuerBlob);
3028 assert(pubKey);
3029
3030 if (pExtensions && pExtensions->cExtension)
3031 info->dwVersion = CERT_V3;
3032 else
3033 info->dwVersion = CERT_V1;
3034 info->SerialNumber.cbData = pSerialNumber->cbData;
3035 info->SerialNumber.pbData = pSerialNumber->pbData;
3036 if (pSignatureAlgorithm)
3037 info->SignatureAlgorithm = *pSignatureAlgorithm;
3038 else
3039 {
3040 info->SignatureAlgorithm.pszObjId = oid;
3041 info->SignatureAlgorithm.Parameters.cbData = 0;
3042 info->SignatureAlgorithm.Parameters.pbData = NULL;
3043 }
3044 info->Issuer.cbData = pSubjectIssuerBlob->cbData;
3045 info->Issuer.pbData = pSubjectIssuerBlob->pbData;
3046 if (pStartTime)
3047 SystemTimeToFileTime(pStartTime, &info->NotBefore);
3048 else
3049 GetSystemTimeAsFileTime(&info->NotBefore);
3050 if (pEndTime)
3051 SystemTimeToFileTime(pEndTime, &info->NotAfter);
3052 else
3053 {
3054 SYSTEMTIME endTime;
3055
3056 if (FileTimeToSystemTime(&info->NotBefore, &endTime))
3057 {
3058 endTime.wYear++;
3059 SystemTimeToFileTime(&endTime, &info->NotAfter);
3060 }
3061 }
3062 info->Subject.cbData = pSubjectIssuerBlob->cbData;
3063 info->Subject.pbData = pSubjectIssuerBlob->pbData;
3064 info->SubjectPublicKeyInfo = *pubKey;
3065 if (pExtensions)
3066 {
3067 info->cExtension = pExtensions->cExtension;
3068 info->rgExtension = pExtensions->rgExtension;
3069 }
3070 else
3071 {
3072 info->cExtension = 0;
3073 info->rgExtension = NULL;
3074 }
3075 }
3076
3077 typedef RPC_STATUS (RPC_ENTRY *UuidCreateFunc)(UUID *);
3078 typedef RPC_STATUS (RPC_ENTRY *UuidToStringFunc)(UUID *, unsigned char **);
3079 typedef RPC_STATUS (RPC_ENTRY *RpcStringFreeFunc)(unsigned char **);
3080
3081 static HCRYPTPROV CRYPT_CreateKeyProv(void)
3082 {
3083 HCRYPTPROV hProv = 0;
3084 HMODULE rpcrt = LoadLibraryA("rpcrt4");
3085
3086 if (rpcrt)
3087 {
3088 UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
3089 "UuidCreate");
3090 UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
3091 "UuidToStringA");
3092 RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
3093 rpcrt, "RpcStringFreeA");
3094
3095 if (uuidCreate && uuidToString && rpcStringFree)
3096 {
3097 UUID uuid;
3098 RPC_STATUS status = uuidCreate(&uuid);
3099
3100 if (status == RPC_S_OK || status == RPC_S_UUID_LOCAL_ONLY)
3101 {
3102 unsigned char *uuidStr;
3103
3104 status = uuidToString(&uuid, &uuidStr);
3105 if (status == RPC_S_OK)
3106 {
3107 BOOL ret = CryptAcquireContextA(&hProv, (LPCSTR)uuidStr,
3108 MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_NEWKEYSET);
3109
3110 if (ret)
3111 {
3112 HCRYPTKEY key;
3113
3114 ret = CryptGenKey(hProv, AT_SIGNATURE, 0, &key);
3115 if (ret)
3116 CryptDestroyKey(key);
3117 }
3118 rpcStringFree(&uuidStr);
3119 }
3120 }
3121 }
3122 FreeLibrary(rpcrt);
3123 }
3124 return hProv;
3125 }
3126
3127 PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv,
3128 PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD dwFlags,
3129 PCRYPT_KEY_PROV_INFO pKeyProvInfo,
3130 PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
3131 PSYSTEMTIME pEndTime, PCERT_EXTENSIONS pExtensions)
3132 {
3133 PCCERT_CONTEXT context = NULL;
3134 BOOL ret, releaseContext = FALSE;
3135 PCERT_PUBLIC_KEY_INFO pubKey = NULL;
3136 DWORD pubKeySize = 0, dwKeySpec;
3137
3138 TRACE("(%08lx, %p, %08x, %p, %p, %p, %p, %p)\n", hProv,
3139 pSubjectIssuerBlob, dwFlags, pKeyProvInfo, pSignatureAlgorithm, pStartTime,
3140 pExtensions, pExtensions);
3141
3142 if(!pSubjectIssuerBlob)
3143 {
3144 SetLastError(ERROR_INVALID_PARAMETER);
3145 return NULL;
3146 }
3147
3148 dwKeySpec = pKeyProvInfo ? pKeyProvInfo->dwKeySpec : AT_SIGNATURE;
3149 if (!hProv)
3150 {
3151 if (!pKeyProvInfo)
3152 {
3153 hProv = CRYPT_CreateKeyProv();
3154 releaseContext = TRUE;
3155 }
3156 else if (pKeyProvInfo->dwFlags & CERT_SET_KEY_PROV_HANDLE_PROP_ID)
3157 {
3158 SetLastError(NTE_BAD_FLAGS);
3159 return NULL;
3160 }
3161 else
3162 {
3163 HCRYPTKEY hKey = 0;
3164 /* acquire the context using the given information*/
3165 ret = CryptAcquireContextW(&hProv,pKeyProvInfo->pwszContainerName,
3166 pKeyProvInfo->pwszProvName,pKeyProvInfo->dwProvType,
3167 pKeyProvInfo->dwFlags);
3168 if (!ret)
3169 {
3170 if(GetLastError() != NTE_BAD_KEYSET)
3171 return NULL;
3172 /* create the key set */
3173 ret = CryptAcquireContextW(&hProv,pKeyProvInfo->pwszContainerName,
3174 pKeyProvInfo->pwszProvName,pKeyProvInfo->dwProvType,
3175 pKeyProvInfo->dwFlags|CRYPT_NEWKEYSET);
3176 if (!ret)
3177 return NULL;
3178 }
3179 /* check if the key is here */
3180 ret = CryptGetUserKey(hProv,dwKeySpec,&hKey);
3181 if(!ret)
3182 {
3183 if (NTE_NO_KEY == GetLastError())
3184 { /* generate the key */
3185 ret = CryptGenKey(hProv,dwKeySpec,0,&hKey);
3186 }
3187 if (!ret)
3188 {
3189 CryptReleaseContext(hProv,0);
3190 SetLastError(NTE_BAD_KEYSET);
3191 return NULL;
3192 }
3193 }
3194 CryptDestroyKey(hKey);
3195 releaseContext = TRUE;
3196 }
3197 }
3198
3199 ret = CryptExportPublicKeyInfo(hProv, dwKeySpec, X509_ASN_ENCODING, NULL,
3200 &pubKeySize);
3201 if (!ret)
3202 goto end;
3203 pubKey = CryptMemAlloc(pubKeySize);
3204 if (pubKey)
3205 {
3206 ret = CryptExportPublicKeyInfo(hProv, dwKeySpec, X509_ASN_ENCODING,
3207 pubKey, &pubKeySize);
3208 if (ret)
3209 {
3210 CERT_INFO info = { 0 };
3211 CRYPT_DER_BLOB blob = { 0, NULL };
3212 BYTE serial[16];
3213 CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
3214
3215 CryptGenRandom(hProv, sizeof(serial), serial);
3216 CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
3217 pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
3218 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
3219 &info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData,
3220 &blob.cbData);
3221 if (ret)
3222 {
3223 if (!(dwFlags & CERT_CREATE_SELFSIGN_NO_SIGN))
3224 context = CRYPT_CreateSignedCert(&blob, hProv,dwKeySpec,
3225 &info.SignatureAlgorithm);
3226 else
3227 context = CertCreateCertificateContext(X509_ASN_ENCODING,
3228 blob.pbData, blob.cbData);
3229 if (context && !(dwFlags & CERT_CREATE_SELFSIGN_NO_KEY_INFO))
3230 CertContext_SetKeyProvInfo(context, pKeyProvInfo, hProv);
3231 LocalFree(blob.pbData);
3232 }
3233 }
3234 CryptMemFree(pubKey);
3235 }
3236 end:
3237 if (releaseContext)
3238 CryptReleaseContext(hProv, 0);
3239 return context;
3240 }
3241
3242 BOOL WINAPI CertVerifyCTLUsage(DWORD dwEncodingType, DWORD dwSubjectType,
3243 void *pvSubject, PCTL_USAGE pSubjectUsage, DWORD dwFlags,
3244 PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
3245 PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus)
3246 {
3247 FIXME("(0x%x, %d, %p, %p, 0x%x, %p, %p): stub\n", dwEncodingType,
3248 dwSubjectType, pvSubject, pSubjectUsage, dwFlags, pVerifyUsagePara,
3249 pVerifyUsageStatus);
3250 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3251 return FALSE;
3252 }
3253
3254 const void * WINAPI CertCreateContext(DWORD dwContextType, DWORD dwEncodingType,
3255 const BYTE *pbEncoded, DWORD cbEncoded,
3256 DWORD dwFlags, PCERT_CREATE_CONTEXT_PARA pCreatePara)
3257 {
3258 TRACE("(0x%x, 0x%x, %p, %d, 0x%08x, %p)\n", dwContextType, dwEncodingType,
3259 pbEncoded, cbEncoded, dwFlags, pCreatePara);
3260
3261 if (dwFlags)
3262 {
3263 FIXME("dwFlags 0x%08x not handled\n", dwFlags);
3264 return NULL;
3265 }
3266 if (pCreatePara)
3267 {
3268 FIXME("pCreatePara not handled\n");
3269 return NULL;
3270 }
3271
3272 switch (dwContextType)
3273 {
3274 case CERT_STORE_CERTIFICATE_CONTEXT:
3275 return CertCreateCertificateContext(dwEncodingType, pbEncoded, cbEncoded);
3276 case CERT_STORE_CRL_CONTEXT:
3277 return CertCreateCRLContext(dwEncodingType, pbEncoded, cbEncoded);
3278 case CERT_STORE_CTL_CONTEXT:
3279 return CertCreateCTLContext(dwEncodingType, pbEncoded, cbEncoded);
3280 default:
3281 WARN("unknown context type: 0x%x\n", dwContextType);
3282 return NULL;
3283 }
3284 }
Windows API implementation