search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
comctl32/tests: Remove variable hwndheader which is not really used from test_items.
[wine.git] / dlls / cryptnet / cryptnet_main.c
blob0b4e31dd9b7f888b603b4e0aa13b9f2f4aea2394
1 /*
2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #include "config.h"
22 #include "wine/port.h"
23
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
27
28 #include <stdio.h>
29 #include <stdarg.h>
30
31 #include "windef.h"
32 #include "winbase.h"
33 #include "winnt.h"
34 #include "winnls.h"
35 #include "wininet.h"
36 #include "objbase.h"
37 #include "wincrypt.h"
38
39 #include "wine/debug.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
42
43 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
44
45 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
46 {
47 TRACE("(0x%p, %d, %p)\n", hinstDLL, fdwReason, lpvReserved);
48
49 switch (fdwReason) {
50 case DLL_PROCESS_ATTACH:
51 DisableThreadLibraryCalls(hinstDLL);
52 break;
53 case DLL_PROCESS_DETACH:
54 /* Do uninitialisation here */
55 break;
56 default: break;
57 }
58 return TRUE;
59 }
60
61 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
62 'd','l','l',0 };
63 static const WCHAR ldapProvOpenStore[] = { 'L','d','a','p','P','r','o','v',
64 'O','p','e','S','t','o','r','e',0 };
65
66 /***********************************************************************
67 * DllRegisterServer (CRYPTNET.@)
68 */
69 HRESULT WINAPI DllRegisterServer(void)
70 {
71 TRACE("\n");
72 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
73 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
74 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
75 cryptNet, "LdapProvOpenStore");
76 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
77 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
78 return S_OK;
79 }
80
81 /***********************************************************************
82 * DllUnregisterServer (CRYPTNET.@)
83 */
84 HRESULT WINAPI DllUnregisterServer(void)
85 {
86 TRACE("\n");
87 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
88 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
89 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
90 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
91 CERT_STORE_PROV_LDAP_W);
92 return S_OK;
93 }
94
95 static const char *url_oid_to_str(LPCSTR oid)
96 {
97 if (IS_INTOID(oid))
98 {
99 static char buf[10];
100
101 switch (LOWORD(oid))
102 {
103 #define _x(oid) case LOWORD(oid): return #oid
104 _x(URL_OID_CERTIFICATE_ISSUER);
105 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
106 _x(URL_OID_CTL_ISSUER);
107 _x(URL_OID_CTL_NEXT_UPDATE);
108 _x(URL_OID_CRL_ISSUER);
109 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
110 _x(URL_OID_CRL_FRESHEST_CRL);
111 _x(URL_OID_CROSS_CERT_DIST_POINT);
112 #undef _x
113 default:
114 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
115 return buf;
116 }
117 }
118 else
119 return oid;
120 }
121
122 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
123 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
124
125 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
126 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
127 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
128 {
129 PCCERT_CONTEXT cert = pvPara;
130 PCERT_EXTENSION ext;
131 BOOL ret = FALSE;
132
133 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
134 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
135 {
136 SetLastError(CRYPT_E_NOT_FOUND);
137 return FALSE;
138 }
139 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
140 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
141 {
142 CERT_AUTHORITY_INFO_ACCESS *aia;
143 DWORD size;
144
145 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
146 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
147 &aia, &size);
148 if (ret)
149 {
150 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
151
152 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
153 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
154 szOID_PKIX_CA_ISSUERS))
155 {
156 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
157 CERT_ALT_NAME_URL)
158 {
159 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
160 {
161 cUrl++;
162 bytesNeeded += sizeof(LPWSTR) +
163 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
164 pwszURL) + 1) * sizeof(WCHAR);
165 }
166 }
167 else
168 FIXME("unsupported alt name type %d\n",
169 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
170 }
171 if (!pcbUrlArray)
172 {
173 SetLastError(E_INVALIDARG);
174 ret = FALSE;
175 }
176 else if (!pUrlArray)
177 *pcbUrlArray = bytesNeeded;
178 else if (*pcbUrlArray < bytesNeeded)
179 {
180 SetLastError(ERROR_MORE_DATA);
181 *pcbUrlArray = bytesNeeded;
182 ret = FALSE;
183 }
184 else
185 {
186 LPWSTR nextUrl;
187
188 *pcbUrlArray = bytesNeeded;
189 pUrlArray->cUrl = 0;
190 pUrlArray->rgwszUrl =
191 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
192 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
193 + cUrl * sizeof(LPWSTR));
194 for (i = 0; i < aia->cAccDescr; i++)
195 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
196 szOID_PKIX_CA_ISSUERS))
197 {
198 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
199 == CERT_ALT_NAME_URL)
200 {
201 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
202 {
203 lstrcpyW(nextUrl,
204 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
205 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
206 nextUrl;
207 nextUrl += (lstrlenW(nextUrl) + 1);
208 }
209 }
210 }
211 }
212 if (ret)
213 {
214 if (pcbUrlInfo)
215 {
216 FIXME("url info: stub\n");
217 if (!pUrlInfo)
218 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
219 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
220 {
221 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
222 SetLastError(ERROR_MORE_DATA);
223 ret = FALSE;
224 }
225 else
226 {
227 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
228 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
229 }
230 }
231 }
232 LocalFree(aia);
233 }
234 }
235 else
236 SetLastError(CRYPT_E_NOT_FOUND);
237 return ret;
238 }
239
240 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
241 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
242 DWORD *pcbUrlInfo)
243 {
244 BOOL ret;
245 CRL_DIST_POINTS_INFO *info;
246 DWORD size;
247
248 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
249 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
250 if (ret)
251 {
252 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
253
254 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
255 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
256 == CRL_DIST_POINT_FULL_NAME)
257 {
258 DWORD j;
259 CERT_ALT_NAME_INFO *name =
260 &info->rgDistPoint[i].DistPointName.u.FullName;
261
262 for (j = 0; j < name->cAltEntry; j++)
263 if (name->rgAltEntry[j].dwAltNameChoice ==
264 CERT_ALT_NAME_URL)
265 {
266 if (name->rgAltEntry[j].u.pwszURL)
267 {
268 cUrl++;
269 bytesNeeded += sizeof(LPWSTR) +
270 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
271 * sizeof(WCHAR);
272 }
273 }
274 }
275 if (!pcbUrlArray)
276 {
277 SetLastError(E_INVALIDARG);
278 ret = FALSE;
279 }
280 else if (!pUrlArray)
281 *pcbUrlArray = bytesNeeded;
282 else if (*pcbUrlArray < bytesNeeded)
283 {
284 SetLastError(ERROR_MORE_DATA);
285 *pcbUrlArray = bytesNeeded;
286 ret = FALSE;
287 }
288 else
289 {
290 LPWSTR nextUrl;
291
292 *pcbUrlArray = bytesNeeded;
293 pUrlArray->cUrl = 0;
294 pUrlArray->rgwszUrl =
295 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
296 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
297 + cUrl * sizeof(LPWSTR));
298 for (i = 0; i < info->cDistPoint; i++)
299 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
300 == CRL_DIST_POINT_FULL_NAME)
301 {
302 DWORD j;
303 CERT_ALT_NAME_INFO *name =
304 &info->rgDistPoint[i].DistPointName.u.FullName;
305
306 for (j = 0; j < name->cAltEntry; j++)
307 if (name->rgAltEntry[j].dwAltNameChoice ==
308 CERT_ALT_NAME_URL)
309 {
310 if (name->rgAltEntry[j].u.pwszURL)
311 {
312 lstrcpyW(nextUrl,
313 name->rgAltEntry[j].u.pwszURL);
314 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
315 nextUrl;
316 nextUrl +=
317 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
318 }
319 }
320 }
321 }
322 if (ret)
323 {
324 if (pcbUrlInfo)
325 {
326 FIXME("url info: stub\n");
327 if (!pUrlInfo)
328 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
329 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
330 {
331 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
332 SetLastError(ERROR_MORE_DATA);
333 ret = FALSE;
334 }
335 else
336 {
337 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
338 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
339 }
340 }
341 }
342 LocalFree(info);
343 }
344 return ret;
345 }
346
347 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
348 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
349 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
350 {
351 PCCERT_CONTEXT cert = pvPara;
352 PCERT_EXTENSION ext;
353 BOOL ret = FALSE;
354
355 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
356 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
357 {
358 SetLastError(CRYPT_E_NOT_FOUND);
359 return FALSE;
360 }
361 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
362 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
363 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
364 pcbUrlArray, pUrlInfo, pcbUrlInfo);
365 else
366 SetLastError(CRYPT_E_NOT_FOUND);
367 return ret;
368 }
369
370 /***********************************************************************
371 * CryptGetObjectUrl (CRYPTNET.@)
372 */
373 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
374 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
375 DWORD *pcbUrlInfo, LPVOID pvReserved)
376 {
377 UrlDllGetObjectUrlFunc func = NULL;
378 HCRYPTOIDFUNCADDR hFunc = NULL;
379 BOOL ret = FALSE;
380
381 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
382 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
383
384 if (IS_INTOID(pszUrlOid))
385 {
386 switch (LOWORD(pszUrlOid))
387 {
388 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
389 func = CRYPT_GetUrlFromCertificateIssuer;
390 break;
391 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
392 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
393 break;
394 default:
395 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
396 SetLastError(ERROR_FILE_NOT_FOUND);
397 }
398 }
399 else
400 {
401 static HCRYPTOIDFUNCSET set = NULL;
402
403 if (!set)
404 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
405 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
406 (void **)&func, &hFunc);
407 }
408 if (func)
409 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
410 pUrlInfo, pcbUrlInfo, pvReserved);
411 if (hFunc)
412 CryptFreeOIDFunctionAddress(hFunc, 0);
413 return ret;
414 }
415
416 /***********************************************************************
417 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
418 */
419 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
420 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
421 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
422 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
423 {
424 BOOL ret = FALSE;
425 int len;
426
427 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
428 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
429 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
430
431 if (!pszURL)
432 {
433 SetLastError(ERROR_INVALID_PARAMETER);
434 return FALSE;
435 }
436 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
437 if (len)
438 {
439 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
440
441 if (url)
442 {
443 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
444 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
445 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
446 pCredentials, pvVerify, pAuxInfo);
447 CryptMemFree(url);
448 }
449 else
450 SetLastError(ERROR_OUTOFMEMORY);
451 }
452 return ret;
453 }
454
455 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
456 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
457 {
458 DWORD i;
459
460 for (i = 0; i < pObject->cBlob; i++)
461 CryptMemFree(pObject->rgBlob[i].pbData);
462 CryptMemFree(pObject->rgBlob);
463 }
464
465 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
466 {
467 BOOL ret;
468 LARGE_INTEGER size;
469
470 if ((ret = GetFileSizeEx(hFile, &size)))
471 {
472 if (size.u.HighPart)
473 {
474 WARN("file too big\n");
475 SetLastError(ERROR_INVALID_DATA);
476 ret = FALSE;
477 }
478 else
479 {
480 CRYPT_DATA_BLOB blob;
481
482 blob.pbData = CryptMemAlloc(size.u.LowPart);
483 if (blob.pbData)
484 {
485 blob.cbData = size.u.LowPart;
486 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
487 NULL);
488 if (ret)
489 {
490 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
491 if (pObject->rgBlob)
492 {
493 pObject->cBlob = 1;
494 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
495 }
496 else
497 {
498 SetLastError(ERROR_OUTOFMEMORY);
499 ret = FALSE;
500 }
501 }
502 if (!ret)
503 CryptMemFree(blob.pbData);
504 }
505 else
506 {
507 SetLastError(ERROR_OUTOFMEMORY);
508 ret = FALSE;
509 }
510 }
511 }
512 return ret;
513 }
514
515 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
516 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
517 {
518 BOOL ret = FALSE;
519 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
520 DWORD size = 0;
521
522 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
523
524 ret = GetUrlCacheEntryInfoW(pszURL, NULL, &size);
525 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
526 {
527 pCacheInfo = CryptMemAlloc(size);
528 if (pCacheInfo)
529 ret = TRUE;
530 else
531 SetLastError(ERROR_OUTOFMEMORY);
532 }
533 if (ret && (ret = GetUrlCacheEntryInfoW(pszURL, pCacheInfo, &size)))
534 {
535 FILETIME ft;
536
537 GetSystemTimeAsFileTime(&ft);
538 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
539 {
540 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName,
541 GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
542
543 if (hFile != INVALID_HANDLE_VALUE)
544 {
545 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
546 {
547 if (pAuxInfo && pAuxInfo->cbSize >=
548 offsetof(CRYPT_RETRIEVE_AUX_INFO,
549 pLastSyncTime) + sizeof(PFILETIME) &&
550 pAuxInfo->pLastSyncTime)
551 memcpy(pAuxInfo->pLastSyncTime,
552 &pCacheInfo->LastSyncTime,
553 sizeof(FILETIME));
554 }
555 CloseHandle(hFile);
556 }
557 else
558 {
559 DeleteUrlCacheEntryW(pszURL);
560 ret = FALSE;
561 }
562 }
563 else
564 {
565 DeleteUrlCacheEntryW(pszURL);
566 ret = FALSE;
567 }
568 }
569 CryptMemFree(pCacheInfo);
570 TRACE("returning %d\n", ret);
571 return ret;
572 }
573
574 /* Parses the URL, and sets components's lpszHostName and lpszUrlPath members
575 * to NULL-terminated copies of those portions of the URL (to be freed with
576 * CryptMemFree.)
577 */
578 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
579 {
580 BOOL ret;
581
582 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
583
584 memset(components, 0, sizeof(*components));
585 components->dwStructSize = sizeof(*components);
586 components->lpszHostName = CryptMemAlloc(MAX_PATH * sizeof(WCHAR));
587 components->dwHostNameLength = MAX_PATH;
588 components->lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
589 components->dwUrlPathLength = 2 * MAX_PATH;
590 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
591 if (ret)
592 {
593 if ((components->dwUrlPathLength == 2 * MAX_PATH - 1) ||
594 (components->dwHostNameLength == MAX_PATH - 1))
595 FIXME("Buffers are too small\n");
596 switch (components->nScheme)
597 {
598 case INTERNET_SCHEME_FTP:
599 if (!components->nPort)
600 components->nPort = INTERNET_DEFAULT_FTP_PORT;
601 break;
602 case INTERNET_SCHEME_HTTP:
603 if (!components->nPort)
604 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
605 break;
606 default:
607 ; /* do nothing */
608 }
609 }
610 TRACE("returning %d\n", ret);
611 return ret;
612 }
613
614 struct InetContext
615 {
616 HANDLE event;
617 DWORD timeout;
618 DWORD error;
619 };
620
621 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
622 {
623 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
624
625 if (context)
626 {
627 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
628 if (!context->event)
629 {
630 CryptMemFree(context);
631 context = NULL;
632 }
633 else
634 {
635 context->timeout = dwTimeout;
636 context->error = ERROR_SUCCESS;
637 }
638 }
639 return context;
640 }
641
642 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
643 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
644 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
645 {
646 CRYPT_DATA_BLOB object = { 0, NULL };
647 DWORD bytesAvailable;
648 BOOL ret;
649
650 do {
651 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
652 {
653 if (bytesAvailable)
654 {
655 if (object.pbData)
656 object.pbData = CryptMemRealloc(object.pbData,
657 object.cbData + bytesAvailable);
658 else
659 object.pbData = CryptMemAlloc(bytesAvailable);
660 if (object.pbData)
661 {
662 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
663
664 buffer.dwBufferLength = bytesAvailable;
665 buffer.lpvBuffer = object.pbData + object.cbData;
666 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
667 (DWORD_PTR)context)))
668 {
669 if (GetLastError() == ERROR_IO_PENDING)
670 {
671 if (WaitForSingleObject(context->event,
672 context->timeout) == WAIT_TIMEOUT)
673 SetLastError(ERROR_TIMEOUT);
674 else if (context->error)
675 SetLastError(context->error);
676 else
677 ret = TRUE;
678 }
679 }
680 if (ret)
681 object.cbData += buffer.dwBufferLength;
682 }
683 else
684 {
685 SetLastError(ERROR_OUTOFMEMORY);
686 ret = FALSE;
687 }
688 }
689 }
690 else if (GetLastError() == ERROR_IO_PENDING)
691 {
692 if (WaitForSingleObject(context->event, context->timeout) ==
693 WAIT_TIMEOUT)
694 SetLastError(ERROR_TIMEOUT);
695 else
696 ret = TRUE;
697 }
698 } while (ret && bytesAvailable);
699 if (ret)
700 {
701 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
702 if (!pObject->rgBlob)
703 {
704 CryptMemFree(object.pbData);
705 SetLastError(ERROR_OUTOFMEMORY);
706 ret = FALSE;
707 }
708 else
709 {
710 pObject->rgBlob[0].cbData = object.cbData;
711 pObject->rgBlob[0].pbData = object.pbData;
712 pObject->cBlob = 1;
713 }
714 }
715 TRACE("returning %d\n", ret);
716 return ret;
717 }
718
719 /* Finds the object specified by pszURL in the cache. If it's not found,
720 * creates a new cache entry for the object and writes the object to it.
721 * Sets the expiration time of the cache entry to expires.
722 */
723 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
724 DWORD dwRetrievalFlags, FILETIME expires)
725 {
726 WCHAR cacheFileName[MAX_PATH];
727 DWORD size = 0;
728 BOOL ret, create = FALSE;
729
730 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
731 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
732 {
733 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
734
735 if (info)
736 {
737 FILETIME ft;
738
739 ret = GetUrlCacheEntryInfoW(pszURL, info, &size);
740 if (ret)
741 lstrcpyW(cacheFileName, info->lpszLocalFileName);
742 /* Check if the existing cache entry is up to date. If it isn't,
743 * overwite it with the new value.
744 */
745 GetSystemTimeAsFileTime(&ft);
746 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
747 create = TRUE;
748 CryptMemFree(info);
749 }
750 else
751 ret = FALSE;
752 }
753 else
754 {
755 ret = CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL,
756 cacheFileName, 0);
757 create = TRUE;
758 }
759 if (ret)
760 {
761 DWORD entryType;
762 FILETIME ft = { 0 };
763
764 if (create)
765 {
766 HANDLE hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
767 NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
768
769 if (hCacheFile != INVALID_HANDLE_VALUE)
770 {
771 DWORD bytesWritten;
772
773 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
774 pObject->rgBlob[0].cbData, &bytesWritten, NULL);
775 CloseHandle(hCacheFile);
776 }
777 else
778 ret = FALSE;
779 }
780 if (ret)
781 {
782 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
783 entryType = NORMAL_CACHE_ENTRY;
784 else
785 entryType = STICKY_CACHE_ENTRY;
786 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
787 NULL, 0, NULL, NULL);
788 }
789 }
790 }
791
792 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
793 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
794 {
795 struct InetContext *context = (struct InetContext *)dwContext;
796 LPINTERNET_ASYNC_RESULT result;
797
798 switch (status)
799 {
800 case INTERNET_STATUS_REQUEST_COMPLETE:
801 result = statusInfo;
802 context->error = result->dwError;
803 SetEvent(context->event);
804 }
805 }
806
807 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
808 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
809 HINTERNET *phInt, HINTERNET *phHost)
810 {
811 BOOL ret;
812
813 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
814 components->nPort, context, pCredentials, phInt, phInt);
815
816 *phHost = NULL;
817 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL,
818 context ? INTERNET_FLAG_ASYNC : 0);
819 if (*phInt)
820 {
821 DWORD service;
822
823 if (context)
824 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
825 switch (components->nScheme)
826 {
827 case INTERNET_SCHEME_FTP:
828 service = INTERNET_SERVICE_FTP;
829 break;
830 case INTERNET_SCHEME_HTTP:
831 service = INTERNET_SERVICE_HTTP;
832 break;
833 default:
834 service = 0;
835 }
836 /* FIXME: use pCredentials for username/password */
837 *phHost = InternetConnectW(*phInt, components->lpszHostName,
838 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
839 if (!*phHost)
840 {
841 InternetCloseHandle(*phInt);
842 *phInt = NULL;
843 ret = FALSE;
844 }
845 else
846 ret = TRUE;
847 }
848 else
849 ret = FALSE;
850 TRACE("returning %d\n", ret);
851 return ret;
852 }
853
854 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
855 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
856 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
857 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
858 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
859 {
860 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
861 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
862 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
863
864 pObject->cBlob = 0;
865 pObject->rgBlob = NULL;
866 *ppfnFreeObject = CRYPT_FreeBlob;
867 *ppvFreeContext = NULL;
868 return FALSE;
869 }
870
871 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
872 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
873 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
874 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
875 0 };
876 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
877 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
878 't',0 };
879 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
880 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
881 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
882 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
883 's',0 };
884 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
885 '/','p','k','i','x','-','c','r','l',0 };
886 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
887 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
888 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
889 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
890 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
891 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
892
893 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
894 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
895 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
896 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
897 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
898 {
899 BOOL ret = FALSE;
900
901 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
902 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
903 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
904
905 pObject->cBlob = 0;
906 pObject->rgBlob = NULL;
907 *ppfnFreeObject = CRYPT_FreeBlob;
908 *ppvFreeContext = NULL;
909
910 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
911 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
912 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
913 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
914 {
915 URL_COMPONENTSW components;
916
917 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
918 {
919 HINTERNET hInt, hHost;
920 struct InetContext *context = NULL;
921
922 if (dwTimeout)
923 context = CRYPT_MakeInetContext(dwTimeout);
924 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
925 &hHost);
926 if (ret)
927 {
928 static LPCWSTR types[] = { x509cacert, x509emailcert,
929 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
930 pkcs7sig, pkcs7mime, NULL };
931 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
932 components.lpszUrlPath, NULL, NULL, types,
933 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
934 (DWORD_PTR)context);
935
936 if (hHttp)
937 {
938 if (dwTimeout)
939 {
940 InternetSetOptionW(hHttp,
941 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
942 sizeof(dwTimeout));
943 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
944 &dwTimeout, sizeof(dwTimeout));
945 }
946 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
947 (DWORD_PTR)context);
948 if (!ret && GetLastError() == ERROR_IO_PENDING)
949 {
950 if (WaitForSingleObject(context->event,
951 context->timeout) == WAIT_TIMEOUT)
952 SetLastError(ERROR_TIMEOUT);
953 else
954 ret = TRUE;
955 }
956 /* We don't set ret to TRUE in this block to avoid masking
957 * an error from HttpSendRequestExW.
958 */
959 if (!HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context) &&
960 GetLastError() == ERROR_IO_PENDING)
961 {
962 if (WaitForSingleObject(context->event,
963 context->timeout) == WAIT_TIMEOUT)
964 {
965 SetLastError(ERROR_TIMEOUT);
966 ret = FALSE;
967 }
968 }
969 if (ret)
970 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
971 context, pObject, pAuxInfo);
972 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
973 {
974 SYSTEMTIME st;
975 DWORD len = sizeof(st);
976
977 if (HttpQueryInfoW(hHttp,
978 HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
979 &len, NULL))
980 {
981 FILETIME ft;
982
983 SystemTimeToFileTime(&st, &ft);
984 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
985 ft);
986 }
987 }
988 InternetCloseHandle(hHttp);
989 }
990 InternetCloseHandle(hHost);
991 InternetCloseHandle(hInt);
992 }
993 if (context)
994 {
995 CloseHandle(context->event);
996 CryptMemFree(context);
997 }
998 CryptMemFree(components.lpszUrlPath);
999 CryptMemFree(components.lpszHostName);
1000 }
1001 }
1002 TRACE("returning %d\n", ret);
1003 return ret;
1004 }
1005
1006 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
1007 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1008 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1009 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1010 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1011 {
1012 URL_COMPONENTSW components = { sizeof(components), 0 };
1013 BOOL ret;
1014
1015 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1016 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
1017 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1018
1019 pObject->cBlob = 0;
1020 pObject->rgBlob = NULL;
1021 *ppfnFreeObject = CRYPT_FreeBlob;
1022 *ppvFreeContext = NULL;
1023
1024 components.lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
1025 components.dwUrlPathLength = 2 * MAX_PATH;
1026 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1027 if (ret)
1028 {
1029 LPWSTR path;
1030
1031 if (components.dwUrlPathLength == 2 * MAX_PATH - 1)
1032 FIXME("Buffers are too small\n");
1033
1034 /* 3 == lstrlenW(L"c:") + 1 */
1035 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1036 if (path)
1037 {
1038 HANDLE hFile;
1039
1040 /* Try to create the file directly - Wine handles / in pathnames */
1041 lstrcpynW(path, components.lpszUrlPath,
1042 components.dwUrlPathLength + 1);
1043 hFile = CreateFileW(path, GENERIC_READ, 0, NULL, OPEN_EXISTING,
1044 FILE_ATTRIBUTE_NORMAL, NULL);
1045 if (hFile == INVALID_HANDLE_VALUE)
1046 {
1047 /* Try again on the current drive */
1048 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1049 if (path[1] == ':')
1050 {
1051 lstrcpynW(path + 2, components.lpszUrlPath,
1052 components.dwUrlPathLength + 1);
1053 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1054 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1055 }
1056 if (hFile == INVALID_HANDLE_VALUE)
1057 {
1058 /* Try again on the Windows drive */
1059 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1060 if (path[1] == ':')
1061 {
1062 lstrcpynW(path + 2, components.lpszUrlPath,
1063 components.dwUrlPathLength + 1);
1064 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1065 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1066 }
1067 }
1068 }
1069 if (hFile != INVALID_HANDLE_VALUE)
1070 {
1071 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1072 {
1073 if (pAuxInfo && pAuxInfo->cbSize >=
1074 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1075 pLastSyncTime) + sizeof(PFILETIME) &&
1076 pAuxInfo->pLastSyncTime)
1077 GetFileTime(hFile, NULL, NULL,
1078 pAuxInfo->pLastSyncTime);
1079 }
1080 CloseHandle(hFile);
1081 }
1082 else
1083 ret = FALSE;
1084 CryptMemFree(path);
1085 }
1086 }
1087 CryptMemFree(components.lpszUrlPath);
1088 return ret;
1089 }
1090
1091 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1092 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1093 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1094 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1095 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1096
1097 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1098 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1099 {
1100 URL_COMPONENTSW components = { sizeof(components), 0 };
1101 BOOL ret;
1102
1103 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1104
1105 *pFunc = NULL;
1106 *phFunc = 0;
1107 components.dwSchemeLength = 1;
1108 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1109 if (ret)
1110 {
1111 /* Microsoft always uses CryptInitOIDFunctionSet/
1112 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1113 * reason to do so for builtin schemes.
1114 */
1115 switch (components.nScheme)
1116 {
1117 case INTERNET_SCHEME_FTP:
1118 *pFunc = FTP_RetrieveEncodedObjectW;
1119 break;
1120 case INTERNET_SCHEME_HTTP:
1121 *pFunc = HTTP_RetrieveEncodedObjectW;
1122 break;
1123 case INTERNET_SCHEME_FILE:
1124 *pFunc = File_RetrieveEncodedObjectW;
1125 break;
1126 default:
1127 {
1128 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1129 components.dwSchemeLength, NULL, 0, NULL, NULL);
1130
1131 if (len)
1132 {
1133 LPSTR scheme = CryptMemAlloc(len);
1134
1135 if (scheme)
1136 {
1137 static HCRYPTOIDFUNCSET set = NULL;
1138
1139 if (!set)
1140 set = CryptInitOIDFunctionSet(
1141 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1142 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1143 components.dwSchemeLength, scheme, len, NULL, NULL);
1144 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1145 scheme, 0, (void **)pFunc, phFunc);
1146 CryptMemFree(scheme);
1147 }
1148 else
1149 {
1150 SetLastError(ERROR_OUTOFMEMORY);
1151 ret = FALSE;
1152 }
1153 }
1154 else
1155 ret = FALSE;
1156 }
1157 }
1158 }
1159 TRACE("returning %d\n", ret);
1160 return ret;
1161 }
1162
1163 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1164 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1165 {
1166 DWORD size, i;
1167 CRYPT_BLOB_ARRAY *context;
1168 BOOL ret = FALSE;
1169
1170 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1171 for (i = 0; i < pObject->cBlob; i++)
1172 size += pObject->rgBlob[i].cbData;
1173 context = CryptMemAlloc(size);
1174 if (context)
1175 {
1176 LPBYTE nextData;
1177
1178 context->cBlob = 0;
1179 context->rgBlob =
1180 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1181 nextData =
1182 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1183 for (i = 0; i < pObject->cBlob; i++)
1184 {
1185 memcpy(nextData, pObject->rgBlob[i].pbData,
1186 pObject->rgBlob[i].cbData);
1187 context->rgBlob[i].pbData = nextData;
1188 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1189 nextData += pObject->rgBlob[i].cbData;
1190 context->cBlob++;
1191 }
1192 *ppvContext = context;
1193 ret = TRUE;
1194 }
1195 return ret;
1196 }
1197
1198 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1199 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1200
1201 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1202 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1203 {
1204 BOOL ret = TRUE;
1205
1206 if (!pObject->cBlob)
1207 {
1208 SetLastError(ERROR_INVALID_DATA);
1209 *ppvContext = NULL;
1210 ret = FALSE;
1211 }
1212 else if (pObject->cBlob == 1)
1213 {
1214 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1215 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1216 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1217 {
1218 SetLastError(CRYPT_E_NO_MATCH);
1219 ret = FALSE;
1220 }
1221 }
1222 else
1223 {
1224 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1225 CERT_STORE_CREATE_NEW_FLAG, NULL);
1226
1227 if (store)
1228 {
1229 DWORD i;
1230 const void *context;
1231
1232 for (i = 0; i < pObject->cBlob; i++)
1233 {
1234 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1235 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1236 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1237 NULL, &context))
1238 {
1239 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1240 ret = FALSE;
1241 }
1242 else
1243 {
1244 SetLastError(CRYPT_E_NO_MATCH);
1245 ret = FALSE;
1246 }
1247 }
1248 }
1249 else
1250 ret = FALSE;
1251 *ppvContext = store;
1252 }
1253 return ret;
1254 }
1255
1256 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1257 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1258 {
1259 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1260 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1261 }
1262
1263 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1264 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1265 {
1266 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1267 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1268 }
1269
1270 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1271 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1272 {
1273 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1274 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1275 }
1276
1277 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1278 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1279 {
1280 BOOL ret;
1281
1282 if (!pObject->cBlob)
1283 {
1284 SetLastError(ERROR_INVALID_DATA);
1285 *ppvContext = NULL;
1286 ret = FALSE;
1287 }
1288 else if (pObject->cBlob == 1)
1289 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1290 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1291 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1292 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1293 else
1294 {
1295 FIXME("multiple messages unimplemented\n");
1296 ret = FALSE;
1297 }
1298 return ret;
1299 }
1300
1301 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1302 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1303 {
1304 BOOL ret;
1305
1306 if (!pObject->cBlob)
1307 {
1308 SetLastError(ERROR_INVALID_DATA);
1309 *ppvContext = NULL;
1310 ret = FALSE;
1311 }
1312 else
1313 {
1314 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1315 CERT_STORE_CREATE_NEW_FLAG, NULL);
1316
1317 if (store)
1318 {
1319 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1320 CERT_STORE_CREATE_NEW_FLAG, NULL);
1321
1322 if (memStore)
1323 {
1324 CertAddStoreToCollection(store, memStore,
1325 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1326 CertCloseStore(memStore, 0);
1327 }
1328 else
1329 {
1330 CertCloseStore(store, 0);
1331 store = NULL;
1332 }
1333 }
1334 if (store)
1335 {
1336 DWORD i;
1337
1338 ret = TRUE;
1339 for (i = 0; i < pObject->cBlob; i++)
1340 {
1341 DWORD contentType, expectedContentTypes =
1342 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1343 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1344 CERT_QUERY_CONTENT_FLAG_CERT |
1345 CERT_QUERY_CONTENT_FLAG_CRL |
1346 CERT_QUERY_CONTENT_FLAG_CTL;
1347 HCERTSTORE contextStore;
1348 const void *context;
1349
1350 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1351 &pObject->rgBlob[i], expectedContentTypes,
1352 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1353 &contextStore, NULL, &context))
1354 {
1355 switch (contentType)
1356 {
1357 case CERT_QUERY_CONTENT_CERT:
1358 if (!CertAddCertificateContextToStore(store,
1359 context, CERT_STORE_ADD_ALWAYS, NULL))
1360 ret = FALSE;
1361 CertFreeCertificateContext(context);
1362 break;
1363 case CERT_QUERY_CONTENT_CRL:
1364 if (!CertAddCRLContextToStore(store,
1365 context, CERT_STORE_ADD_ALWAYS, NULL))
1366 ret = FALSE;
1367 CertFreeCRLContext(context);
1368 break;
1369 case CERT_QUERY_CONTENT_CTL:
1370 if (!CertAddCTLContextToStore(store,
1371 context, CERT_STORE_ADD_ALWAYS, NULL))
1372 ret = FALSE;
1373 CertFreeCTLContext(context);
1374 break;
1375 default:
1376 CertAddStoreToCollection(store, contextStore, 0, 0);
1377 }
1378 CertCloseStore(contextStore, 0);
1379 }
1380 else
1381 ret = FALSE;
1382 }
1383 }
1384 else
1385 ret = FALSE;
1386 *ppvContext = store;
1387 }
1388 return ret;
1389 }
1390
1391 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1392 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1393
1394 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1395 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1396 {
1397 BOOL ret = TRUE;
1398
1399 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1400
1401 *pFunc = NULL;
1402 *phFunc = 0;
1403 if (IS_INTOID(pszObjectOid))
1404 {
1405 switch (LOWORD(pszObjectOid))
1406 {
1407 case 0:
1408 *pFunc = CRYPT_CreateBlob;
1409 break;
1410 case LOWORD(CONTEXT_OID_CERTIFICATE):
1411 *pFunc = CRYPT_CreateCert;
1412 break;
1413 case LOWORD(CONTEXT_OID_CRL):
1414 *pFunc = CRYPT_CreateCRL;
1415 break;
1416 case LOWORD(CONTEXT_OID_CTL):
1417 *pFunc = CRYPT_CreateCTL;
1418 break;
1419 case LOWORD(CONTEXT_OID_PKCS7):
1420 *pFunc = CRYPT_CreatePKCS7;
1421 break;
1422 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1423 *pFunc = CRYPT_CreateAny;
1424 break;
1425 }
1426 }
1427 if (!*pFunc)
1428 {
1429 static HCRYPTOIDFUNCSET set = NULL;
1430
1431 if (!set)
1432 set = CryptInitOIDFunctionSet(
1433 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1434 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1435 0, (void **)pFunc, phFunc);
1436 }
1437 TRACE("returning %d\n", ret);
1438 return ret;
1439 }
1440
1441 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1442 FILETIME *expiration);
1443
1444 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1445 {
1446 PCCERT_CONTEXT cert = pvObject;
1447
1448 *expiration = cert->pCertInfo->NotAfter;
1449 return TRUE;
1450 }
1451
1452 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1453 {
1454 PCCRL_CONTEXT cert = pvObject;
1455
1456 *expiration = cert->pCrlInfo->NextUpdate;
1457 return TRUE;
1458 }
1459
1460 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1461 {
1462 PCCTL_CONTEXT cert = pvObject;
1463
1464 *expiration = cert->pCtlInfo->NextUpdate;
1465 return TRUE;
1466 }
1467
1468 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1469 get_object_expiration_func *getExpiration)
1470 {
1471 BOOL ret;
1472
1473 if (IS_INTOID(pszObjectOid))
1474 {
1475 switch (LOWORD(pszObjectOid))
1476 {
1477 case LOWORD(CONTEXT_OID_CERTIFICATE):
1478 *getExpiration = CRYPT_GetExpirationFromCert;
1479 ret = TRUE;
1480 break;
1481 case LOWORD(CONTEXT_OID_CRL):
1482 *getExpiration = CRYPT_GetExpirationFromCRL;
1483 ret = TRUE;
1484 break;
1485 case LOWORD(CONTEXT_OID_CTL):
1486 *getExpiration = CRYPT_GetExpirationFromCTL;
1487 ret = TRUE;
1488 break;
1489 default:
1490 ret = FALSE;
1491 }
1492 }
1493 else
1494 ret = FALSE;
1495 return ret;
1496 }
1497
1498 /***********************************************************************
1499 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1500 */
1501 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1502 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1503 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1504 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1505 {
1506 BOOL ret;
1507 SchemeDllRetrieveEncodedObjectW retrieve;
1508 ContextDllCreateObjectContext create;
1509 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1510
1511 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1512 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1513 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1514
1515 if (!pszURL)
1516 {
1517 SetLastError(ERROR_INVALID_PARAMETER);
1518 return FALSE;
1519 }
1520 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1521 if (ret)
1522 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1523 if (ret)
1524 {
1525 CRYPT_BLOB_ARRAY object = { 0, NULL };
1526 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1527 void *freeContext;
1528
1529 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1530 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1531 pAuxInfo);
1532 if (ret)
1533 {
1534 get_object_expiration_func getExpiration;
1535
1536 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1537 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1538 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1539 {
1540 FILETIME expires;
1541
1542 if (getExpiration(*ppvObject, &expires))
1543 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1544 }
1545 freeObject(pszObjectOid, &object, freeContext);
1546 }
1547 }
1548 if (hCreate)
1549 CryptFreeOIDFunctionAddress(hCreate, 0);
1550 if (hRetrieve)
1551 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1552 TRACE("returning %d\n", ret);
1553 return ret;
1554 }
1555
1556 static DWORD verify_cert_revocation_with_crl(PCCERT_CONTEXT cert,
1557 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1558 PCERT_REVOCATION_STATUS pRevStatus)
1559 {
1560 DWORD error;
1561
1562 if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
1563 {
1564 /* The CRL isn't time valid */
1565 error = CRYPT_E_NO_REVOCATION_CHECK;
1566 }
1567 else
1568 {
1569 PCRL_ENTRY entry = NULL;
1570
1571 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1572 if (entry)
1573 {
1574 error = CRYPT_E_REVOKED;
1575 pRevStatus->dwIndex = index;
1576 }
1577 else
1578 error = ERROR_SUCCESS;
1579 }
1580 return error;
1581 }
1582
1583 static DWORD verify_cert_revocation_from_dist_points_ext(
1584 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1585 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1586 PCERT_REVOCATION_STATUS pRevStatus)
1587 {
1588 DWORD error = ERROR_SUCCESS, cbUrlArray;
1589
1590 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1591 {
1592 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1593
1594 if (urlArray)
1595 {
1596 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1597 BOOL ret;
1598
1599 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1600 &cbUrlArray, NULL, NULL);
1601 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1602 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1603 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1604 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1605 dwUrlRetrievalTimeout) + sizeof(DWORD))
1606 {
1607 startTime = GetTickCount();
1608 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1609 timeout = pRevPara->dwUrlRetrievalTimeout;
1610 }
1611 else
1612 endTime = timeout = 0;
1613 if (!ret)
1614 error = GetLastError();
1615 for (j = 0; !error && j < urlArray->cUrl; j++)
1616 {
1617 PCCRL_CONTEXT crl;
1618
1619 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1620 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1621 NULL, NULL, NULL, NULL);
1622 if (ret)
1623 {
1624 error = verify_cert_revocation_with_crl(cert, crl, index,
1625 pTime, pRevStatus);
1626 if (!error && timeout)
1627 {
1628 DWORD time = GetTickCount();
1629
1630 if ((int)(endTime - time) <= 0)
1631 {
1632 error = ERROR_TIMEOUT;
1633 pRevStatus->dwIndex = index;
1634 }
1635 else
1636 timeout = endTime - time;
1637 }
1638 CertFreeCRLContext(crl);
1639 }
1640 else
1641 error = CRYPT_E_REVOCATION_OFFLINE;
1642 }
1643 CryptMemFree(urlArray);
1644 }
1645 else
1646 {
1647 error = ERROR_OUTOFMEMORY;
1648 pRevStatus->dwIndex = index;
1649 }
1650 }
1651 else
1652 {
1653 error = GetLastError();
1654 pRevStatus->dwIndex = index;
1655 }
1656 return error;
1657 }
1658
1659 static DWORD verify_cert_revocation_from_aia_ext(
1660 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1661 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1662 PCERT_REVOCATION_STATUS pRevStatus)
1663 {
1664 BOOL ret;
1665 DWORD error, size;
1666 CERT_AUTHORITY_INFO_ACCESS *aia;
1667
1668 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1669 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1670 if (ret)
1671 {
1672 DWORD i;
1673
1674 for (i = 0; i < aia->cAccDescr; i++)
1675 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1676 szOID_PKIX_OCSP))
1677 {
1678 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1679 CERT_ALT_NAME_URL)
1680 FIXME("OCSP URL = %s\n",
1681 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1682 else
1683 FIXME("unsupported AccessLocation type %d\n",
1684 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1685 }
1686 LocalFree(aia);
1687 /* FIXME: lie and pretend OCSP validated the cert */
1688 error = ERROR_SUCCESS;
1689 }
1690 else
1691 error = GetLastError();
1692 return error;
1693 }
1694
1695 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1696 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1697 PCERT_REVOCATION_STATUS pRevStatus)
1698 {
1699 DWORD error = ERROR_SUCCESS;
1700 PCERT_EXTENSION ext;
1701
1702 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1703 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1704 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1705 index, pTime, dwFlags, pRevPara, pRevStatus);
1706 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1707 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1708 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1709 index, pTime, dwFlags, pRevPara, pRevStatus);
1710 else
1711 {
1712 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1713 {
1714 PCCRL_CONTEXT crl = NULL;
1715 BOOL canSignCRLs;
1716
1717 /* If the caller told us about the issuer, make sure the issuer
1718 * can sign CRLs before looking for one.
1719 */
1720 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1721 pRevPara->pIssuerCert->pCertInfo->cExtension,
1722 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1723 {
1724 CRYPT_BIT_BLOB usage;
1725 DWORD size = sizeof(usage);
1726
1727 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1728 ext->Value.pbData, ext->Value.cbData,
1729 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1730 canSignCRLs = FALSE;
1731 else if (usage.cbData > 2)
1732 {
1733 /* The key usage extension only defines 9 bits => no more
1734 * than 2 bytes are needed to encode all known usages.
1735 */
1736 canSignCRLs = FALSE;
1737 }
1738 else
1739 {
1740 BYTE usageBits = usage.pbData[usage.cbData - 1];
1741
1742 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1743 }
1744 }
1745 else
1746 canSignCRLs = TRUE;
1747 if (canSignCRLs)
1748 {
1749 /* If the caller was helpful enough to tell us where to find a
1750 * CRL for the cert, look for one and check it.
1751 */
1752 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1753 cert->dwCertEncodingType,
1754 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1755 CRL_FIND_ISSUED_BY_AKI_FLAG,
1756 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1757 }
1758 if (crl)
1759 {
1760 error = verify_cert_revocation_with_crl(cert, crl, index,
1761 pTime, pRevStatus);
1762 CertFreeCRLContext(crl);
1763 }
1764 else
1765 {
1766 error = CRYPT_E_NO_REVOCATION_CHECK;
1767 pRevStatus->dwIndex = index;
1768 }
1769 }
1770 else
1771 {
1772 error = CRYPT_E_NO_REVOCATION_CHECK;
1773 pRevStatus->dwIndex = index;
1774 }
1775 }
1776 return error;
1777 }
1778
1779 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1780 DWORD cbSize;
1781 PCCERT_CONTEXT pIssuerCert;
1782 DWORD cCertStore;
1783 HCERTSTORE *rgCertStore;
1784 HCERTSTORE hCrlStore;
1785 LPFILETIME pftTimeToUse;
1786 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1787
1788 typedef struct _OLD_CERT_REVOCATION_STATUS {
1789 DWORD cbSize;
1790 DWORD dwIndex;
1791 DWORD dwError;
1792 DWORD dwReason;
1793 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1794
1795 /***********************************************************************
1796 * CertDllVerifyRevocation (CRYPTNET.@)
1797 */
1798 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1799 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1800 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1801 {
1802 DWORD error = 0, i;
1803 FILETIME now;
1804 LPFILETIME pTime = NULL;
1805
1806 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1807 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1808
1809 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1810 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1811 {
1812 SetLastError(E_INVALIDARG);
1813 return FALSE;
1814 }
1815 if (!cContext)
1816 {
1817 SetLastError(E_INVALIDARG);
1818 return FALSE;
1819 }
1820 if (pRevPara && pRevPara->cbSize >=
1821 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1822 pTime = pRevPara->pftTimeToUse;
1823 if (!pTime)
1824 {
1825 GetSystemTimeAsFileTime(&now);
1826 pTime = &now;
1827 }
1828 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1829 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1830 error = CRYPT_E_NO_REVOCATION_CHECK;
1831 else
1832 {
1833 for (i = 0; !error && i < cContext; i++)
1834 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1835 pRevPara, pRevStatus);
1836 }
1837 if (error)
1838 {
1839 SetLastError(error);
1840 pRevStatus->dwError = error;
1841 }
1842 TRACE("returning %d (%08x)\n", !error, error);
1843 return !error;
1844 }
Windows API implementation