search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: Get rid of no longer used contextSize argument in Context_GetProperties.
[wine.git] / dlls / crypt32 / cert.c
blob7c6a18c313d86948446cb1a463cacf02cdb8e3d2
1 /*
2 * Copyright 2004-2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22
23 #define NONAMELESSUNION
24 #include "windef.h"
25 #include "winbase.h"
26 #include "wincrypt.h"
27 #include "winnls.h"
28 #include "rpc.h"
29 #include "wine/debug.h"
30 #include "wine/unicode.h"
31 #include "crypt32_private.h"
32
33 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
34
35 /* Internal version of CertGetCertificateContextProperty that gets properties
36 * directly from the context (or the context it's linked to, depending on its
37 * type.) Doesn't handle special-case properties, since they are handled by
38 * CertGetCertificateContextProperty, and are particular to the store in which
39 * the property exists (which is separate from the context.)
40 */
41 static BOOL CertContext_GetProperty(void *context, DWORD dwPropId,
42 void *pvData, DWORD *pcbData);
43
44 /* Internal version of CertSetCertificateContextProperty that sets properties
45 * directly on the context (or the context it's linked to, depending on its
46 * type.) Doesn't handle special cases, since they're handled by
47 * CertSetCertificateContextProperty anyway.
48 */
49 static BOOL CertContext_SetProperty(void *context, DWORD dwPropId,
50 DWORD dwFlags, const void *pvData);
51
52 BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore,
53 DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded,
54 DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
55 {
56 PCCERT_CONTEXT cert = CertCreateCertificateContext(dwCertEncodingType,
57 pbCertEncoded, cbCertEncoded);
58 BOOL ret;
59
60 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
61 pbCertEncoded, cbCertEncoded, dwAddDisposition, ppCertContext);
62
63 if (cert)
64 {
65 ret = CertAddCertificateContextToStore(hCertStore, cert,
66 dwAddDisposition, ppCertContext);
67 CertFreeCertificateContext(cert);
68 }
69 else
70 ret = FALSE;
71 return ret;
72 }
73
74 BOOL WINAPI CertAddEncodedCertificateToSystemStoreA(LPCSTR pszCertStoreName,
75 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
76 {
77 HCERTSTORE store;
78 BOOL ret = FALSE;
79
80 TRACE("(%s, %p, %d)\n", debugstr_a(pszCertStoreName), pbCertEncoded,
81 cbCertEncoded);
82
83 store = CertOpenSystemStoreA(0, pszCertStoreName);
84 if (store)
85 {
86 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
87 pbCertEncoded, cbCertEncoded, CERT_STORE_ADD_USE_EXISTING, NULL);
88 CertCloseStore(store, 0);
89 }
90 return ret;
91 }
92
93 BOOL WINAPI CertAddEncodedCertificateToSystemStoreW(LPCWSTR pszCertStoreName,
94 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
95 {
96 HCERTSTORE store;
97 BOOL ret = FALSE;
98
99 TRACE("(%s, %p, %d)\n", debugstr_w(pszCertStoreName), pbCertEncoded,
100 cbCertEncoded);
101
102 store = CertOpenSystemStoreW(0, pszCertStoreName);
103 if (store)
104 {
105 ret = CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
106 pbCertEncoded, cbCertEncoded, CERT_STORE_ADD_USE_EXISTING, NULL);
107 CertCloseStore(store, 0);
108 }
109 return ret;
110 }
111
112 BOOL WINAPI CertAddCertificateLinkToStore(HCERTSTORE hCertStore,
113 PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition,
114 PCCERT_CONTEXT *ppCertContext)
115 {
116 static int calls;
117 WINECRYPT_CERTSTORE *store = (WINECRYPT_CERTSTORE*)hCertStore;
118
119 if (!(calls++))
120 FIXME("(%p, %p, %08x, %p): semi-stub\n", hCertStore, pCertContext,
121 dwAddDisposition, ppCertContext);
122 if (store->dwMagic != WINE_CRYPTCERTSTORE_MAGIC)
123 return FALSE;
124 if (store->type == StoreTypeCollection)
125 {
126 SetLastError(E_INVALIDARG);
127 return FALSE;
128 }
129 return CertAddCertificateContextToStore(hCertStore, pCertContext,
130 dwAddDisposition, ppCertContext);
131 }
132
133 PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType,
134 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
135 {
136 PCERT_CONTEXT cert = NULL;
137 BOOL ret;
138 PCERT_INFO certInfo = NULL;
139 DWORD size = 0;
140
141 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCertEncoded,
142 cbCertEncoded);
143
144 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
145 {
146 SetLastError(E_INVALIDARG);
147 return NULL;
148 }
149
150 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
151 pbCertEncoded, cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
152 &certInfo, &size);
153 if (ret)
154 {
155 BYTE *data = NULL;
156
157 cert = Context_CreateDataContext(sizeof(CERT_CONTEXT));
158 if (!cert)
159 goto end;
160 data = CryptMemAlloc(cbCertEncoded);
161 if (!data)
162 {
163 CertFreeCertificateContext(cert);
164 cert = NULL;
165 goto end;
166 }
167 memcpy(data, pbCertEncoded, cbCertEncoded);
168 cert->dwCertEncodingType = dwCertEncodingType;
169 cert->pbCertEncoded = data;
170 cert->cbCertEncoded = cbCertEncoded;
171 cert->pCertInfo = certInfo;
172 cert->hCertStore = 0;
173 }
174
175 end:
176 return cert;
177 }
178
179 PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(
180 PCCERT_CONTEXT pCertContext)
181 {
182 TRACE("(%p)\n", pCertContext);
183
184 if (!pCertContext)
185 return NULL;
186
187 Context_AddRef((void *)pCertContext);
188 return pCertContext;
189 }
190
191 static void CertDataContext_Free(void *context)
192 {
193 PCERT_CONTEXT certContext = context;
194
195 CryptMemFree(certContext->pbCertEncoded);
196 LocalFree(certContext->pCertInfo);
197 }
198
199 BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
200 {
201 BOOL ret = TRUE;
202
203 TRACE("(%p)\n", pCertContext);
204
205 if (pCertContext)
206 ret = Context_Release((void *)pCertContext, sizeof(CERT_CONTEXT),
207 CertDataContext_Free);
208 return ret;
209 }
210
211 DWORD WINAPI CertEnumCertificateContextProperties(PCCERT_CONTEXT pCertContext,
212 DWORD dwPropId)
213 {
214 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(pCertContext);
215 DWORD ret;
216
217 TRACE("(%p, %d)\n", pCertContext, dwPropId);
218
219 if (properties)
220 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
221 else
222 ret = 0;
223 return ret;
224 }
225
226 static BOOL CertContext_GetHashProp(void *context, DWORD dwPropId,
227 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
228 DWORD *pcbData)
229 {
230 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
231 pcbData);
232 if (ret && pvData)
233 {
234 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
235
236 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
237 }
238 return ret;
239 }
240
241 static BOOL CertContext_CopyParam(void *pvData, DWORD *pcbData, const void *pb,
242 DWORD cb)
243 {
244 BOOL ret = TRUE;
245
246 if (!pvData)
247 *pcbData = cb;
248 else if (*pcbData < cb)
249 {
250 SetLastError(ERROR_MORE_DATA);
251 *pcbData = cb;
252 ret = FALSE;
253 }
254 else
255 {
256 memcpy(pvData, pb, cb);
257 *pcbData = cb;
258 }
259 return ret;
260 }
261
262 static BOOL CertContext_GetProperty(void *context, DWORD dwPropId,
263 void *pvData, DWORD *pcbData)
264 {
265 PCCERT_CONTEXT pCertContext = context;
266 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(context);
267 BOOL ret;
268 CRYPT_DATA_BLOB blob;
269
270 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
271
272 if (properties)
273 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
274 else
275 ret = FALSE;
276 if (ret)
277 ret = CertContext_CopyParam(pvData, pcbData, blob.pbData, blob.cbData);
278 else
279 {
280 /* Implicit properties */
281 switch (dwPropId)
282 {
283 case CERT_SHA1_HASH_PROP_ID:
284 ret = CertContext_GetHashProp(context, dwPropId, CALG_SHA1,
285 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
286 pcbData);
287 break;
288 case CERT_MD5_HASH_PROP_ID:
289 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
290 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
291 pcbData);
292 break;
293 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
294 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
295 pCertContext->pCertInfo->Subject.pbData,
296 pCertContext->pCertInfo->Subject.cbData,
297 pvData, pcbData);
298 break;
299 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
300 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
301 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
302 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData,
303 pvData, pcbData);
304 break;
305 case CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID:
306 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
307 pCertContext->pCertInfo->SerialNumber.pbData,
308 pCertContext->pCertInfo->SerialNumber.cbData,
309 pvData, pcbData);
310 break;
311 case CERT_SIGNATURE_HASH_PROP_ID:
312 ret = CryptHashToBeSigned(0, pCertContext->dwCertEncodingType,
313 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
314 pcbData);
315 if (ret && pvData)
316 {
317 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
318
319 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
320 }
321 break;
322 case CERT_KEY_IDENTIFIER_PROP_ID:
323 {
324 PCERT_EXTENSION ext = CertFindExtension(
325 szOID_SUBJECT_KEY_IDENTIFIER, pCertContext->pCertInfo->cExtension,
326 pCertContext->pCertInfo->rgExtension);
327
328 if (ext)
329 {
330 CRYPT_DATA_BLOB value;
331 DWORD size = sizeof(value);
332
333 ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
334 szOID_SUBJECT_KEY_IDENTIFIER, ext->Value.pbData,
335 ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL, &value,
336 &size);
337 if (ret)
338 {
339 ret = CertContext_CopyParam(pvData, pcbData, value.pbData,
340 value.cbData);
341 CertContext_SetProperty(context, dwPropId, 0, &value);
342 }
343 }
344 else
345 SetLastError(ERROR_INVALID_DATA);
346 break;
347 }
348 default:
349 SetLastError(CRYPT_E_NOT_FOUND);
350 }
351 }
352 TRACE("returning %d\n", ret);
353 return ret;
354 }
355
356 void CRYPT_FixKeyProvInfoPointers(PCRYPT_KEY_PROV_INFO info)
357 {
358 DWORD i, containerLen, provNameLen;
359 LPBYTE data = (LPBYTE)info + sizeof(CRYPT_KEY_PROV_INFO);
360
361 info->pwszContainerName = (LPWSTR)data;
362 containerLen = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
363 data += containerLen;
364
365 info->pwszProvName = (LPWSTR)data;
366 provNameLen = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
367 data += provNameLen;
368
369 info->rgProvParam = (PCRYPT_KEY_PROV_PARAM)data;
370 data += info->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
371
372 for (i = 0; i < info->cProvParam; i++)
373 {
374 info->rgProvParam[i].pbData = data;
375 data += info->rgProvParam[i].cbData;
376 }
377 }
378
379 BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
380 DWORD dwPropId, void *pvData, DWORD *pcbData)
381 {
382 BOOL ret;
383
384 TRACE("(%p, %d, %p, %p)\n", pCertContext, dwPropId, pvData, pcbData);
385
386 switch (dwPropId)
387 {
388 case 0:
389 case CERT_CERT_PROP_ID:
390 case CERT_CRL_PROP_ID:
391 case CERT_CTL_PROP_ID:
392 SetLastError(E_INVALIDARG);
393 ret = FALSE;
394 break;
395 case CERT_ACCESS_STATE_PROP_ID:
396 if (pCertContext->hCertStore)
397 ret = CertGetStoreProperty(pCertContext->hCertStore, dwPropId,
398 pvData, pcbData);
399 else
400 {
401 DWORD state = 0;
402
403 ret = CertContext_CopyParam(pvData, pcbData, &state, sizeof(state));
404 }
405 break;
406 case CERT_KEY_PROV_HANDLE_PROP_ID:
407 {
408 CERT_KEY_CONTEXT keyContext;
409 DWORD size = sizeof(keyContext);
410
411 ret = CertContext_GetProperty((void *)pCertContext,
412 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
413 if (ret)
414 ret = CertContext_CopyParam(pvData, pcbData, &keyContext.hCryptProv,
415 sizeof(keyContext.hCryptProv));
416 break;
417 }
418 case CERT_KEY_PROV_INFO_PROP_ID:
419 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
420 pcbData);
421 if (ret && pvData)
422 CRYPT_FixKeyProvInfoPointers(pvData);
423 break;
424 default:
425 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
426 pcbData);
427 }
428
429 TRACE("returning %d\n", ret);
430 return ret;
431 }
432
433 /* Copies key provider info from from into to, where to is assumed to be a
434 * contiguous buffer of memory large enough for from and all its associated
435 * data, but whose pointers are uninitialized.
436 * Upon return, to contains a contiguous copy of from, packed in the following
437 * order:
438 * - CRYPT_KEY_PROV_INFO
439 * - pwszContainerName
440 * - pwszProvName
441 * - rgProvParam[0]...
442 */
443 static void CRYPT_CopyKeyProvInfo(PCRYPT_KEY_PROV_INFO to,
444 const CRYPT_KEY_PROV_INFO *from)
445 {
446 DWORD i;
447 LPBYTE nextData = (LPBYTE)to + sizeof(CRYPT_KEY_PROV_INFO);
448
449 if (from->pwszContainerName)
450 {
451 to->pwszContainerName = (LPWSTR)nextData;
452 lstrcpyW(to->pwszContainerName, from->pwszContainerName);
453 nextData += (lstrlenW(from->pwszContainerName) + 1) * sizeof(WCHAR);
454 }
455 else
456 to->pwszContainerName = NULL;
457 if (from->pwszProvName)
458 {
459 to->pwszProvName = (LPWSTR)nextData;
460 lstrcpyW(to->pwszProvName, from->pwszProvName);
461 nextData += (lstrlenW(from->pwszProvName) + 1) * sizeof(WCHAR);
462 }
463 else
464 to->pwszProvName = NULL;
465 to->dwProvType = from->dwProvType;
466 to->dwFlags = from->dwFlags;
467 to->cProvParam = from->cProvParam;
468 to->rgProvParam = (PCRYPT_KEY_PROV_PARAM)nextData;
469 nextData += to->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
470 to->dwKeySpec = from->dwKeySpec;
471 for (i = 0; i < to->cProvParam; i++)
472 {
473 memcpy(&to->rgProvParam[i], &from->rgProvParam[i],
474 sizeof(CRYPT_KEY_PROV_PARAM));
475 to->rgProvParam[i].pbData = nextData;
476 memcpy(to->rgProvParam[i].pbData, from->rgProvParam[i].pbData,
477 from->rgProvParam[i].cbData);
478 nextData += from->rgProvParam[i].cbData;
479 }
480 }
481
482 static BOOL CertContext_SetKeyProvInfoProperty(CONTEXT_PROPERTY_LIST *properties,
483 const CRYPT_KEY_PROV_INFO *info)
484 {
485 BOOL ret;
486 LPBYTE buf = NULL;
487 DWORD size = sizeof(CRYPT_KEY_PROV_INFO), i, containerSize, provNameSize;
488
489 if (info->pwszContainerName)
490 containerSize = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
491 else
492 containerSize = 0;
493 if (info->pwszProvName)
494 provNameSize = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
495 else
496 provNameSize = 0;
497 size += containerSize + provNameSize;
498 for (i = 0; i < info->cProvParam; i++)
499 size += sizeof(CRYPT_KEY_PROV_PARAM) + info->rgProvParam[i].cbData;
500 buf = CryptMemAlloc(size);
501 if (buf)
502 {
503 CRYPT_CopyKeyProvInfo((PCRYPT_KEY_PROV_INFO)buf, info);
504 ret = ContextPropertyList_SetProperty(properties,
505 CERT_KEY_PROV_INFO_PROP_ID, buf, size);
506 CryptMemFree(buf);
507 }
508 else
509 ret = FALSE;
510 return ret;
511 }
512
513 static BOOL CertContext_SetProperty(void *context, DWORD dwPropId,
514 DWORD dwFlags, const void *pvData)
515 {
516 CONTEXT_PROPERTY_LIST *properties = Context_GetProperties(context);
517 BOOL ret;
518
519 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
520
521 if (!properties)
522 ret = FALSE;
523 else
524 {
525 switch (dwPropId)
526 {
527 case CERT_AUTO_ENROLL_PROP_ID:
528 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
529 case CERT_DESCRIPTION_PROP_ID:
530 case CERT_FRIENDLY_NAME_PROP_ID:
531 case CERT_HASH_PROP_ID:
532 case CERT_KEY_IDENTIFIER_PROP_ID:
533 case CERT_MD5_HASH_PROP_ID:
534 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
535 case CERT_PUBKEY_ALG_PARA_PROP_ID:
536 case CERT_PVK_FILE_PROP_ID:
537 case CERT_SIGNATURE_HASH_PROP_ID:
538 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
539 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
540 case CERT_EXTENDED_ERROR_INFO_PROP_ID:
541 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
542 case CERT_ENROLLMENT_PROP_ID:
543 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
544 case CERT_RENEWAL_PROP_ID:
545 {
546 if (pvData)
547 {
548 const CRYPT_DATA_BLOB *blob = pvData;
549
550 ret = ContextPropertyList_SetProperty(properties, dwPropId,
551 blob->pbData, blob->cbData);
552 }
553 else
554 {
555 ContextPropertyList_RemoveProperty(properties, dwPropId);
556 ret = TRUE;
557 }
558 break;
559 }
560 case CERT_DATE_STAMP_PROP_ID:
561 if (pvData)
562 ret = ContextPropertyList_SetProperty(properties, dwPropId,
563 pvData, sizeof(FILETIME));
564 else
565 {
566 ContextPropertyList_RemoveProperty(properties, dwPropId);
567 ret = TRUE;
568 }
569 break;
570 case CERT_KEY_CONTEXT_PROP_ID:
571 {
572 if (pvData)
573 {
574 const CERT_KEY_CONTEXT *keyContext = pvData;
575
576 if (keyContext->cbSize != sizeof(CERT_KEY_CONTEXT))
577 {
578 SetLastError(E_INVALIDARG);
579 ret = FALSE;
580 }
581 else
582 ret = ContextPropertyList_SetProperty(properties, dwPropId,
583 (const BYTE *)keyContext, keyContext->cbSize);
584 }
585 else
586 {
587 ContextPropertyList_RemoveProperty(properties, dwPropId);
588 ret = TRUE;
589 }
590 break;
591 }
592 case CERT_KEY_PROV_INFO_PROP_ID:
593 if (pvData)
594 ret = CertContext_SetKeyProvInfoProperty(properties, pvData);
595 else
596 {
597 ContextPropertyList_RemoveProperty(properties, dwPropId);
598 ret = TRUE;
599 }
600 break;
601 case CERT_KEY_PROV_HANDLE_PROP_ID:
602 {
603 CERT_KEY_CONTEXT keyContext;
604 DWORD size = sizeof(keyContext);
605
606 ret = CertContext_GetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
607 &keyContext, &size);
608 if (ret)
609 {
610 if (!(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG))
611 CryptReleaseContext(keyContext.hCryptProv, 0);
612 }
613 keyContext.cbSize = sizeof(keyContext);
614 if (pvData)
615 keyContext.hCryptProv = *(const HCRYPTPROV *)pvData;
616 else
617 {
618 keyContext.hCryptProv = 0;
619 keyContext.dwKeySpec = AT_SIGNATURE;
620 }
621 ret = CertContext_SetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
622 0, &keyContext);
623 break;
624 }
625 default:
626 FIXME("%d: stub\n", dwPropId);
627 ret = FALSE;
628 }
629 }
630 TRACE("returning %d\n", ret);
631 return ret;
632 }
633
634 BOOL WINAPI CertSetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
635 DWORD dwPropId, DWORD dwFlags, const void *pvData)
636 {
637 BOOL ret;
638
639 TRACE("(%p, %d, %08x, %p)\n", pCertContext, dwPropId, dwFlags, pvData);
640
641 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
642 * crashes on most of these, I'll be safer.
643 */
644 switch (dwPropId)
645 {
646 case 0:
647 case CERT_ACCESS_STATE_PROP_ID:
648 case CERT_CERT_PROP_ID:
649 case CERT_CRL_PROP_ID:
650 case CERT_CTL_PROP_ID:
651 SetLastError(E_INVALIDARG);
652 return FALSE;
653 }
654 ret = CertContext_SetProperty((void *)pCertContext, dwPropId, dwFlags,
655 pvData);
656 TRACE("returning %d\n", ret);
657 return ret;
658 }
659
660 /* Acquires the private key using the key provider info, retrieving info from
661 * the certificate if info is NULL. The acquired provider is returned in
662 * *phCryptProv, and the key spec for the provider is returned in *pdwKeySpec.
663 */
664 static BOOL CRYPT_AcquirePrivateKeyFromProvInfo(PCCERT_CONTEXT pCert,
665 PCRYPT_KEY_PROV_INFO info, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec)
666 {
667 DWORD size = 0;
668 BOOL allocated = FALSE, ret = TRUE;
669
670 if (!info)
671 {
672 ret = CertGetCertificateContextProperty(pCert,
673 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
674 if (ret)
675 {
676 info = HeapAlloc(GetProcessHeap(), 0, size);
677 if (info)
678 {
679 ret = CertGetCertificateContextProperty(pCert,
680 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
681 allocated = TRUE;
682 }
683 else
684 {
685 SetLastError(ERROR_OUTOFMEMORY);
686 ret = FALSE;
687 }
688 }
689 else
690 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
691 }
692 if (ret)
693 {
694 ret = CryptAcquireContextW(phCryptProv, info->pwszContainerName,
695 info->pwszProvName, info->dwProvType, 0);
696 if (ret)
697 {
698 DWORD i;
699
700 for (i = 0; i < info->cProvParam; i++)
701 {
702 CryptSetProvParam(*phCryptProv,
703 info->rgProvParam[i].dwParam, info->rgProvParam[i].pbData,
704 info->rgProvParam[i].dwFlags);
705 }
706 *pdwKeySpec = info->dwKeySpec;
707 }
708 else
709 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
710 }
711 if (allocated)
712 HeapFree(GetProcessHeap(), 0, info);
713 return ret;
714 }
715
716 BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT pCert,
717 DWORD dwFlags, void *pvReserved, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProv,
718 DWORD *pdwKeySpec, BOOL *pfCallerFreeProv)
719 {
720 BOOL ret = FALSE, cache = FALSE;
721 PCRYPT_KEY_PROV_INFO info = NULL;
722 CERT_KEY_CONTEXT keyContext;
723 DWORD size;
724
725 TRACE("(%p, %08x, %p, %p, %p, %p)\n", pCert, dwFlags, pvReserved,
726 phCryptProv, pdwKeySpec, pfCallerFreeProv);
727
728 if (dwFlags & CRYPT_ACQUIRE_USE_PROV_INFO_FLAG)
729 {
730 DWORD size = 0;
731
732 ret = CertGetCertificateContextProperty(pCert,
733 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
734 if (ret)
735 {
736 info = HeapAlloc(GetProcessHeap(), 0, size);
737 ret = CertGetCertificateContextProperty(pCert,
738 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
739 if (ret)
740 cache = info->dwFlags & CERT_SET_KEY_CONTEXT_PROP_ID;
741 }
742 }
743 else if (dwFlags & CRYPT_ACQUIRE_CACHE_FLAG)
744 cache = TRUE;
745 *phCryptProv = 0;
746 if (cache)
747 {
748 size = sizeof(keyContext);
749 ret = CertGetCertificateContextProperty(pCert, CERT_KEY_CONTEXT_PROP_ID,
750 &keyContext, &size);
751 if (ret)
752 {
753 *phCryptProv = keyContext.hCryptProv;
754 if (pdwKeySpec)
755 *pdwKeySpec = keyContext.dwKeySpec;
756 if (pfCallerFreeProv)
757 *pfCallerFreeProv = !cache;
758 }
759 }
760 if (!*phCryptProv)
761 {
762 ret = CRYPT_AcquirePrivateKeyFromProvInfo(pCert, info,
763 &keyContext.hCryptProv, &keyContext.dwKeySpec);
764 if (ret)
765 {
766 *phCryptProv = keyContext.hCryptProv;
767 if (pdwKeySpec)
768 *pdwKeySpec = keyContext.dwKeySpec;
769 if (cache)
770 {
771 keyContext.cbSize = sizeof(keyContext);
772 if (CertSetCertificateContextProperty(pCert,
773 CERT_KEY_CONTEXT_PROP_ID, 0, &keyContext))
774 {
775 if (pfCallerFreeProv)
776 *pfCallerFreeProv = FALSE;
777 }
778 }
779 else
780 {
781 if (pfCallerFreeProv)
782 *pfCallerFreeProv = TRUE;
783 }
784 }
785 }
786 HeapFree(GetProcessHeap(), 0, info);
787 return ret;
788 }
789
790 static BOOL key_prov_info_matches_cert(PCCERT_CONTEXT pCert,
791 const CRYPT_KEY_PROV_INFO *keyProvInfo)
792 {
793 HCRYPTPROV csp;
794 BOOL matches = FALSE;
795
796 if (CryptAcquireContextW(&csp, keyProvInfo->pwszContainerName,
797 keyProvInfo->pwszProvName, keyProvInfo->dwProvType, keyProvInfo->dwFlags))
798 {
799 DWORD size;
800
801 /* Need to sign something to verify the sig. What to sign? Why not
802 * the certificate itself?
803 */
804 if (CryptSignAndEncodeCertificate(csp, AT_SIGNATURE,
805 pCert->dwCertEncodingType, X509_CERT_TO_BE_SIGNED, pCert->pCertInfo,
806 &pCert->pCertInfo->SignatureAlgorithm, NULL, NULL, &size))
807 {
808 BYTE *certEncoded = CryptMemAlloc(size);
809
810 if (certEncoded)
811 {
812 if (CryptSignAndEncodeCertificate(csp, AT_SIGNATURE,
813 pCert->dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
814 pCert->pCertInfo, &pCert->pCertInfo->SignatureAlgorithm,
815 NULL, certEncoded, &size))
816 {
817 if (size == pCert->cbCertEncoded &&
818 !memcmp(certEncoded, pCert->pbCertEncoded, size))
819 matches = TRUE;
820 }
821 CryptMemFree(certEncoded);
822 }
823 }
824 CryptReleaseContext(csp, 0);
825 }
826 return matches;
827 }
828
829 static BOOL container_matches_cert(PCCERT_CONTEXT pCert, LPCSTR container,
830 CRYPT_KEY_PROV_INFO *keyProvInfo)
831 {
832 CRYPT_KEY_PROV_INFO copy;
833 WCHAR containerW[MAX_PATH];
834 BOOL matches = FALSE;
835
836 MultiByteToWideChar(CP_ACP, 0, container, -1,
837 containerW, sizeof(containerW) / sizeof(containerW[0]));
838 /* We make a copy of the CRYPT_KEY_PROV_INFO because the caller expects
839 * keyProvInfo->pwszContainerName to be NULL or a heap-allocated container
840 * name.
841 */
842 copy = *keyProvInfo;
843 copy.pwszContainerName = containerW;
844 matches = key_prov_info_matches_cert(pCert, &copy);
845 if (matches)
846 {
847 keyProvInfo->pwszContainerName =
848 CryptMemAlloc((strlenW(containerW) + 1) * sizeof(WCHAR));
849 if (keyProvInfo->pwszContainerName)
850 {
851 strcpyW(keyProvInfo->pwszContainerName, containerW);
852 keyProvInfo->dwKeySpec = AT_SIGNATURE;
853 }
854 else
855 matches = FALSE;
856 }
857 return matches;
858 }
859
860 /* Searches the provider named keyProvInfo.pwszProvName for a container whose
861 * private key matches pCert's public key. Upon success, updates keyProvInfo
862 * with the matching container's info (free keyProvInfo.pwszContainerName upon
863 * success.)
864 * Returns TRUE if found, FALSE if not.
865 */
866 static BOOL find_key_prov_info_in_provider(PCCERT_CONTEXT pCert,
867 CRYPT_KEY_PROV_INFO *keyProvInfo)
868 {
869 HCRYPTPROV defProvider;
870 BOOL ret, found = FALSE;
871 char containerA[MAX_PATH];
872
873 assert(keyProvInfo->pwszContainerName == NULL);
874 if ((ret = CryptAcquireContextW(&defProvider, NULL,
875 keyProvInfo->pwszProvName, keyProvInfo->dwProvType,
876 keyProvInfo->dwFlags | CRYPT_VERIFYCONTEXT)))
877 {
878 DWORD enumFlags = keyProvInfo->dwFlags | CRYPT_FIRST;
879
880 while (ret && !found)
881 {
882 DWORD size = sizeof(containerA);
883
884 ret = CryptGetProvParam(defProvider, PP_ENUMCONTAINERS,
885 (BYTE *)containerA, &size, enumFlags);
886 if (ret)
887 found = container_matches_cert(pCert, containerA, keyProvInfo);
888 if (enumFlags & CRYPT_FIRST)
889 {
890 enumFlags &= ~CRYPT_FIRST;
891 enumFlags |= CRYPT_NEXT;
892 }
893 }
894 CryptReleaseContext(defProvider, 0);
895 }
896 return found;
897 }
898
899 static BOOL find_matching_provider(PCCERT_CONTEXT pCert, DWORD dwFlags)
900 {
901 BOOL found = FALSE, ret = TRUE;
902 DWORD index = 0, cbProvName = 0;
903 CRYPT_KEY_PROV_INFO keyProvInfo;
904
905 TRACE("(%p, %08x)\n", pCert, dwFlags);
906
907 memset(&keyProvInfo, 0, sizeof(keyProvInfo));
908 while (ret && !found)
909 {
910 DWORD size = 0;
911
912 ret = CryptEnumProvidersW(index, NULL, 0, &keyProvInfo.dwProvType,
913 NULL, &size);
914 if (ret)
915 {
916 if (size <= cbProvName)
917 ret = CryptEnumProvidersW(index, NULL, 0,
918 &keyProvInfo.dwProvType, keyProvInfo.pwszProvName, &size);
919 else
920 {
921 CryptMemFree(keyProvInfo.pwszProvName);
922 keyProvInfo.pwszProvName = CryptMemAlloc(size);
923 if (keyProvInfo.pwszProvName)
924 {
925 cbProvName = size;
926 ret = CryptEnumProvidersW(index, NULL, 0,
927 &keyProvInfo.dwProvType, keyProvInfo.pwszProvName, &size);
928 if (ret)
929 {
930 if (dwFlags & CRYPT_FIND_SILENT_KEYSET_FLAG)
931 keyProvInfo.dwFlags |= CRYPT_SILENT;
932 if (dwFlags & CRYPT_FIND_USER_KEYSET_FLAG ||
933 !(dwFlags & (CRYPT_FIND_USER_KEYSET_FLAG |
934 CRYPT_FIND_MACHINE_KEYSET_FLAG)))
935 {
936 keyProvInfo.dwFlags |= CRYPT_USER_KEYSET;
937 found = find_key_prov_info_in_provider(pCert,
938 &keyProvInfo);
939 }
940 if (!found)
941 {
942 if (dwFlags & CRYPT_FIND_MACHINE_KEYSET_FLAG ||
943 !(dwFlags & (CRYPT_FIND_USER_KEYSET_FLAG |
944 CRYPT_FIND_MACHINE_KEYSET_FLAG)))
945 {
946 keyProvInfo.dwFlags &= ~CRYPT_USER_KEYSET;
947 keyProvInfo.dwFlags |= CRYPT_MACHINE_KEYSET;
948 found = find_key_prov_info_in_provider(pCert,
949 &keyProvInfo);
950 }
951 }
952 }
953 }
954 else
955 ret = FALSE;
956 }
957 index++;
958 }
959 }
960 if (found)
961 CertSetCertificateContextProperty(pCert, CERT_KEY_PROV_INFO_PROP_ID,
962 0, &keyProvInfo);
963 CryptMemFree(keyProvInfo.pwszProvName);
964 CryptMemFree(keyProvInfo.pwszContainerName);
965 return found;
966 }
967
968 static BOOL cert_prov_info_matches_cert(PCCERT_CONTEXT pCert)
969 {
970 BOOL matches = FALSE;
971 DWORD size;
972
973 if (CertGetCertificateContextProperty(pCert, CERT_KEY_PROV_INFO_PROP_ID,
974 NULL, &size))
975 {
976 CRYPT_KEY_PROV_INFO *keyProvInfo = CryptMemAlloc(size);
977
978 if (keyProvInfo)
979 {
980 if (CertGetCertificateContextProperty(pCert,
981 CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size))
982 matches = key_prov_info_matches_cert(pCert, keyProvInfo);
983 CryptMemFree(keyProvInfo);
984 }
985 }
986 return matches;
987 }
988
989 BOOL WINAPI CryptFindCertificateKeyProvInfo(PCCERT_CONTEXT pCert,
990 DWORD dwFlags, void *pvReserved)
991 {
992 BOOL matches = FALSE;
993
994 TRACE("(%p, %08x, %p)\n", pCert, dwFlags, pvReserved);
995
996 matches = cert_prov_info_matches_cert(pCert);
997 if (!matches)
998 matches = find_matching_provider(pCert, dwFlags);
999 return matches;
1000 }
1001
1002 BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType,
1003 PCERT_INFO pCertId1, PCERT_INFO pCertId2)
1004 {
1005 BOOL ret;
1006
1007 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertId1, pCertId2);
1008
1009 ret = CertCompareCertificateName(dwCertEncodingType, &pCertId1->Issuer,
1010 &pCertId2->Issuer) && CertCompareIntegerBlob(&pCertId1->SerialNumber,
1011 &pCertId2->SerialNumber);
1012 TRACE("returning %d\n", ret);
1013 return ret;
1014 }
1015
1016 BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType,
1017 PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
1018 {
1019 BOOL ret;
1020
1021 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertName1, pCertName2);
1022
1023 if (pCertName1->cbData == pCertName2->cbData)
1024 {
1025 if (pCertName1->cbData)
1026 ret = !memcmp(pCertName1->pbData, pCertName2->pbData,
1027 pCertName1->cbData);
1028 else
1029 ret = TRUE;
1030 }
1031 else
1032 ret = FALSE;
1033 TRACE("returning %d\n", ret);
1034 return ret;
1035 }
1036
1037 /* Returns the number of significant bytes in pInt, where a byte is
1038 * insignificant if it's a leading 0 for positive numbers or a leading 0xff
1039 * for negative numbers. pInt is assumed to be little-endian.
1040 */
1041 static DWORD CRYPT_significantBytes(const CRYPT_INTEGER_BLOB *pInt)
1042 {
1043 DWORD ret = pInt->cbData;
1044
1045 while (ret > 1)
1046 {
1047 if (pInt->pbData[ret - 2] <= 0x7f && pInt->pbData[ret - 1] == 0)
1048 ret--;
1049 else if (pInt->pbData[ret - 2] >= 0x80 && pInt->pbData[ret - 1] == 0xff)
1050 ret--;
1051 else
1052 break;
1053 }
1054 return ret;
1055 }
1056
1057 BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1,
1058 PCRYPT_INTEGER_BLOB pInt2)
1059 {
1060 BOOL ret;
1061 DWORD cb1, cb2;
1062
1063 TRACE("(%p, %p)\n", pInt1, pInt2);
1064
1065 cb1 = CRYPT_significantBytes(pInt1);
1066 cb2 = CRYPT_significantBytes(pInt2);
1067 if (cb1 == cb2)
1068 {
1069 if (cb1)
1070 ret = !memcmp(pInt1->pbData, pInt2->pbData, cb1);
1071 else
1072 ret = TRUE;
1073 }
1074 else
1075 ret = FALSE;
1076 TRACE("returning %d\n", ret);
1077 return ret;
1078 }
1079
1080 BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType,
1081 PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
1082 {
1083 BOOL ret;
1084
1085 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pPublicKey1, pPublicKey2);
1086
1087 switch (GET_CERT_ENCODING_TYPE(dwCertEncodingType))
1088 {
1089 case 0: /* Seems to mean "raw binary bits" */
1090 if (pPublicKey1->PublicKey.cbData == pPublicKey2->PublicKey.cbData &&
1091 pPublicKey1->PublicKey.cUnusedBits == pPublicKey2->PublicKey.cUnusedBits)
1092 {
1093 if (pPublicKey2->PublicKey.cbData)
1094 ret = !memcmp(pPublicKey1->PublicKey.pbData,
1095 pPublicKey2->PublicKey.pbData, pPublicKey1->PublicKey.cbData);
1096 else
1097 ret = TRUE;
1098 }
1099 else
1100 ret = FALSE;
1101 break;
1102 default:
1103 WARN("Unknown encoding type %08x\n", dwCertEncodingType);
1104 /* FALLTHROUGH */
1105 case X509_ASN_ENCODING:
1106 {
1107 BLOBHEADER *pblob1, *pblob2;
1108 DWORD length;
1109 ret = FALSE;
1110 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1111 pPublicKey1->PublicKey.pbData, pPublicKey1->PublicKey.cbData,
1112 0, NULL, &length))
1113 {
1114 pblob1 = CryptMemAlloc(length);
1115 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1116 pPublicKey1->PublicKey.pbData, pPublicKey1->PublicKey.cbData,
1117 0, pblob1, &length))
1118 {
1119 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1120 pPublicKey2->PublicKey.pbData, pPublicKey2->PublicKey.cbData,
1121 0, NULL, &length))
1122 {
1123 pblob2 = CryptMemAlloc(length);
1124 if (CryptDecodeObject(dwCertEncodingType, RSA_CSP_PUBLICKEYBLOB,
1125 pPublicKey2->PublicKey.pbData, pPublicKey2->PublicKey.cbData,
1126 0, pblob2, &length))
1127 {
1128 /* The RSAPUBKEY structure directly follows the BLOBHEADER */
1129 RSAPUBKEY *pk1 = (LPVOID)(pblob1 + 1),
1130 *pk2 = (LPVOID)(pblob2 + 1);
1131 ret = (pk1->bitlen == pk2->bitlen) && (pk1->pubexp == pk2->pubexp)
1132 && !memcmp(pk1 + 1, pk2 + 1, pk1->bitlen/8);
1133 }
1134 CryptMemFree(pblob2);
1135 }
1136 }
1137 CryptMemFree(pblob1);
1138 }
1139
1140 break;
1141 }
1142 }
1143 return ret;
1144 }
1145
1146 DWORD WINAPI CertGetPublicKeyLength(DWORD dwCertEncodingType,
1147 PCERT_PUBLIC_KEY_INFO pPublicKey)
1148 {
1149 DWORD len = 0;
1150
1151 TRACE("(%08x, %p)\n", dwCertEncodingType, pPublicKey);
1152
1153 if (GET_CERT_ENCODING_TYPE(dwCertEncodingType) != X509_ASN_ENCODING)
1154 {
1155 SetLastError(ERROR_FILE_NOT_FOUND);
1156 return 0;
1157 }
1158 if (pPublicKey->Algorithm.pszObjId &&
1159 !strcmp(pPublicKey->Algorithm.pszObjId, szOID_RSA_DH))
1160 {
1161 FIXME("unimplemented for DH public keys\n");
1162 SetLastError(CRYPT_E_ASN1_BADTAG);
1163 }
1164 else
1165 {
1166 DWORD size;
1167 PBYTE buf;
1168 BOOL ret = CryptDecodeObjectEx(dwCertEncodingType,
1169 RSA_CSP_PUBLICKEYBLOB, pPublicKey->PublicKey.pbData,
1170 pPublicKey->PublicKey.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
1171 &size);
1172
1173 if (ret)
1174 {
1175 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));
1176
1177 len = rsaPubKey->bitlen;
1178 LocalFree(buf);
1179 }
1180 }
1181 return len;
1182 }
1183
1184 typedef BOOL (*CertCompareFunc)(PCCERT_CONTEXT pCertContext, DWORD dwType,
1185 DWORD dwFlags, const void *pvPara);
1186
1187 static BOOL compare_cert_by_md5_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1188 DWORD dwFlags, const void *pvPara)
1189 {
1190 BOOL ret;
1191 BYTE hash[16];
1192 DWORD size = sizeof(hash);
1193
1194 ret = CertGetCertificateContextProperty(pCertContext,
1195 CERT_MD5_HASH_PROP_ID, hash, &size);
1196 if (ret)
1197 {
1198 const CRYPT_HASH_BLOB *pHash = pvPara;
1199
1200 if (size == pHash->cbData)
1201 ret = !memcmp(pHash->pbData, hash, size);
1202 else
1203 ret = FALSE;
1204 }
1205 return ret;
1206 }
1207
1208 static BOOL compare_cert_by_sha1_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1209 DWORD dwFlags, const void *pvPara)
1210 {
1211 BOOL ret;
1212 BYTE hash[20];
1213 DWORD size = sizeof(hash);
1214
1215 ret = CertGetCertificateContextProperty(pCertContext,
1216 CERT_SHA1_HASH_PROP_ID, hash, &size);
1217 if (ret)
1218 {
1219 const CRYPT_HASH_BLOB *pHash = pvPara;
1220
1221 if (size == pHash->cbData)
1222 ret = !memcmp(pHash->pbData, hash, size);
1223 else
1224 ret = FALSE;
1225 }
1226 return ret;
1227 }
1228
1229 static BOOL compare_cert_by_name(PCCERT_CONTEXT pCertContext, DWORD dwType,
1230 DWORD dwFlags, const void *pvPara)
1231 {
1232 CERT_NAME_BLOB *blob = (CERT_NAME_BLOB *)pvPara, *toCompare;
1233 BOOL ret;
1234
1235 if (dwType & CERT_INFO_SUBJECT_FLAG)
1236 toCompare = &pCertContext->pCertInfo->Subject;
1237 else
1238 toCompare = &pCertContext->pCertInfo->Issuer;
1239 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1240 toCompare, blob);
1241 return ret;
1242 }
1243
1244 static BOOL compare_cert_by_public_key(PCCERT_CONTEXT pCertContext,
1245 DWORD dwType, DWORD dwFlags, const void *pvPara)
1246 {
1247 CERT_PUBLIC_KEY_INFO *publicKey = (CERT_PUBLIC_KEY_INFO *)pvPara;
1248 BOOL ret;
1249
1250 ret = CertComparePublicKeyInfo(pCertContext->dwCertEncodingType,
1251 &pCertContext->pCertInfo->SubjectPublicKeyInfo, publicKey);
1252 return ret;
1253 }
1254
1255 static BOOL compare_cert_by_subject_cert(PCCERT_CONTEXT pCertContext,
1256 DWORD dwType, DWORD dwFlags, const void *pvPara)
1257 {
1258 CERT_INFO *pCertInfo = (CERT_INFO *)pvPara;
1259 BOOL ret;
1260
1261 /* Matching serial number and subject match.. */
1262 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1263 &pCertContext->pCertInfo->Subject, &pCertInfo->Issuer);
1264 if (ret)
1265 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1266 &pCertInfo->SerialNumber);
1267 else
1268 {
1269 /* failing that, if the serial number and issuer match, we match */
1270 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1271 &pCertInfo->SerialNumber);
1272 if (ret)
1273 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1274 &pCertContext->pCertInfo->Issuer, &pCertInfo->Issuer);
1275 }
1276 TRACE("returning %d\n", ret);
1277 return ret;
1278 }
1279
1280 static BOOL compare_cert_by_cert_id(PCCERT_CONTEXT pCertContext, DWORD dwType,
1281 DWORD dwFlags, const void *pvPara)
1282 {
1283 CERT_ID *id = (CERT_ID *)pvPara;
1284 BOOL ret;
1285
1286 switch (id->dwIdChoice)
1287 {
1288 case CERT_ID_ISSUER_SERIAL_NUMBER:
1289 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
1290 &pCertContext->pCertInfo->Issuer, &id->u.IssuerSerialNumber.Issuer);
1291 if (ret)
1292 ret = CertCompareIntegerBlob(&pCertContext->pCertInfo->SerialNumber,
1293 &id->u.IssuerSerialNumber.SerialNumber);
1294 break;
1295 case CERT_ID_SHA1_HASH:
1296 ret = compare_cert_by_sha1_hash(pCertContext, dwType, dwFlags,
1297 &id->u.HashId);
1298 break;
1299 case CERT_ID_KEY_IDENTIFIER:
1300 {
1301 DWORD size = 0;
1302
1303 ret = CertGetCertificateContextProperty(pCertContext,
1304 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
1305 if (ret && size == id->u.KeyId.cbData)
1306 {
1307 LPBYTE buf = CryptMemAlloc(size);
1308
1309 if (buf)
1310 {
1311 CertGetCertificateContextProperty(pCertContext,
1312 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
1313 ret = !memcmp(buf, id->u.KeyId.pbData, size);
1314 CryptMemFree(buf);
1315 }
1316 }
1317 else
1318 ret = FALSE;
1319 break;
1320 }
1321 default:
1322 ret = FALSE;
1323 break;
1324 }
1325 return ret;
1326 }
1327
1328 static BOOL compare_existing_cert(PCCERT_CONTEXT pCertContext, DWORD dwType,
1329 DWORD dwFlags, const void *pvPara)
1330 {
1331 PCCERT_CONTEXT toCompare = pvPara;
1332 return CertCompareCertificate(pCertContext->dwCertEncodingType,
1333 pCertContext->pCertInfo, toCompare->pCertInfo);
1334 }
1335
1336 static BOOL compare_cert_by_signature_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
1337 DWORD dwFlags, const void *pvPara)
1338 {
1339 const CRYPT_HASH_BLOB *hash = pvPara;
1340 DWORD size = 0;
1341 BOOL ret;
1342
1343 ret = CertGetCertificateContextProperty(pCertContext,
1344 CERT_SIGNATURE_HASH_PROP_ID, NULL, &size);
1345 if (ret && size == hash->cbData)
1346 {
1347 LPBYTE buf = CryptMemAlloc(size);
1348
1349 if (buf)
1350 {
1351 CertGetCertificateContextProperty(pCertContext,
1352 CERT_SIGNATURE_HASH_PROP_ID, buf, &size);
1353 ret = !memcmp(buf, hash->pbData, size);
1354 CryptMemFree(buf);
1355 }
1356 }
1357 else
1358 ret = FALSE;
1359 return ret;
1360 }
1361
1362 static inline PCCERT_CONTEXT cert_compare_certs_in_store(HCERTSTORE store,
1363 PCCERT_CONTEXT prev, CertCompareFunc compare, DWORD dwType, DWORD dwFlags,
1364 const void *pvPara)
1365 {
1366 BOOL matches = FALSE;
1367 PCCERT_CONTEXT ret;
1368
1369 ret = prev;
1370 do {
1371 ret = CertEnumCertificatesInStore(store, ret);
1372 if (ret)
1373 matches = compare(ret, dwType, dwFlags, pvPara);
1374 } while (ret != NULL && !matches);
1375 return ret;
1376 }
1377
1378 typedef PCCERT_CONTEXT (*CertFindFunc)(HCERTSTORE store, DWORD dwType,
1379 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev);
1380
1381 static PCCERT_CONTEXT find_cert_any(HCERTSTORE store, DWORD dwType,
1382 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1383 {
1384 return CertEnumCertificatesInStore(store, prev);
1385 }
1386
1387 static PCCERT_CONTEXT find_cert_by_issuer(HCERTSTORE store, DWORD dwType,
1388 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1389 {
1390 BOOL ret;
1391 PCCERT_CONTEXT found = NULL, subject = pvPara;
1392 PCERT_EXTENSION ext;
1393 DWORD size;
1394
1395 if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
1396 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
1397 {
1398 CERT_AUTHORITY_KEY_ID_INFO *info;
1399
1400 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
1401 X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
1402 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1403 &info, &size);
1404 if (ret)
1405 {
1406 CERT_ID id;
1407
1408 if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
1409 {
1410 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1411 memcpy(&id.u.IssuerSerialNumber.Issuer, &info->CertIssuer,
1412 sizeof(CERT_NAME_BLOB));
1413 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
1414 &info->CertSerialNumber, sizeof(CRYPT_INTEGER_BLOB));
1415 }
1416 else if (info->KeyId.cbData)
1417 {
1418 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
1419 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
1420 }
1421 else
1422 ret = FALSE;
1423 if (ret)
1424 found = cert_compare_certs_in_store(store, prev,
1425 compare_cert_by_cert_id, dwType, dwFlags, &id);
1426 LocalFree(info);
1427 }
1428 }
1429 else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
1430 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
1431 {
1432 CERT_AUTHORITY_KEY_ID2_INFO *info;
1433
1434 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
1435 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
1436 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1437 &info, &size);
1438 if (ret)
1439 {
1440 CERT_ID id;
1441
1442 if (info->AuthorityCertIssuer.cAltEntry &&
1443 info->AuthorityCertSerialNumber.cbData)
1444 {
1445 PCERT_ALT_NAME_ENTRY directoryName = NULL;
1446 DWORD i;
1447
1448 for (i = 0; !directoryName &&
1449 i < info->AuthorityCertIssuer.cAltEntry; i++)
1450 if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
1451 == CERT_ALT_NAME_DIRECTORY_NAME)
1452 directoryName =
1453 &info->AuthorityCertIssuer.rgAltEntry[i];
1454 if (directoryName)
1455 {
1456 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1457 memcpy(&id.u.IssuerSerialNumber.Issuer,
1458 &directoryName->u.DirectoryName, sizeof(CERT_NAME_BLOB));
1459 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
1460 &info->AuthorityCertSerialNumber,
1461 sizeof(CRYPT_INTEGER_BLOB));
1462 }
1463 else
1464 {
1465 FIXME("no supported name type in authority key id2\n");
1466 ret = FALSE;
1467 }
1468 }
1469 else if (info->KeyId.cbData)
1470 {
1471 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
1472 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
1473 }
1474 else
1475 ret = FALSE;
1476 if (ret)
1477 found = cert_compare_certs_in_store(store, prev,
1478 compare_cert_by_cert_id, dwType, dwFlags, &id);
1479 LocalFree(info);
1480 }
1481 }
1482 else
1483 found = cert_compare_certs_in_store(store, prev,
1484 compare_cert_by_name, CERT_COMPARE_NAME | CERT_COMPARE_SUBJECT_CERT,
1485 dwFlags, &subject->pCertInfo->Issuer);
1486 return found;
1487 }
1488
1489 static BOOL compare_cert_by_name_str(PCCERT_CONTEXT pCertContext,
1490 DWORD dwType, DWORD dwFlags, const void *pvPara)
1491 {
1492 PCERT_NAME_BLOB name;
1493 DWORD len;
1494 BOOL ret = FALSE;
1495
1496 if (dwType & CERT_INFO_SUBJECT_FLAG)
1497 name = &pCertContext->pCertInfo->Subject;
1498 else
1499 name = &pCertContext->pCertInfo->Issuer;
1500 len = CertNameToStrW(pCertContext->dwCertEncodingType, name,
1501 CERT_SIMPLE_NAME_STR, NULL, 0);
1502 if (len)
1503 {
1504 LPWSTR str = CryptMemAlloc(len * sizeof(WCHAR));
1505
1506 if (str)
1507 {
1508 LPWSTR ptr;
1509
1510 CertNameToStrW(pCertContext->dwCertEncodingType, name,
1511 CERT_SIMPLE_NAME_STR, str, len);
1512 for (ptr = str; *ptr; ptr++)
1513 *ptr = tolowerW(*ptr);
1514 if (strstrW(str, pvPara))
1515 ret = TRUE;
1516 CryptMemFree(str);
1517 }
1518 }
1519 return ret;
1520 }
1521
1522 static PCCERT_CONTEXT find_cert_by_name_str_a(HCERTSTORE store, DWORD dwType,
1523 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1524 {
1525 PCCERT_CONTEXT found = NULL;
1526
1527 TRACE("%s\n", debugstr_a(pvPara));
1528
1529 if (pvPara)
1530 {
1531 int len = MultiByteToWideChar(CP_ACP, 0, pvPara, -1, NULL, 0);
1532 LPWSTR str = CryptMemAlloc(len * sizeof(WCHAR));
1533
1534 if (str)
1535 {
1536 LPWSTR ptr;
1537
1538 MultiByteToWideChar(CP_ACP, 0, pvPara, -1, str, len);
1539 for (ptr = str; *ptr; ptr++)
1540 *ptr = tolowerW(*ptr);
1541 found = cert_compare_certs_in_store(store, prev,
1542 compare_cert_by_name_str, dwType, dwFlags, str);
1543 CryptMemFree(str);
1544 }
1545 }
1546 else
1547 found = find_cert_any(store, dwType, dwFlags, NULL, prev);
1548 return found;
1549 }
1550
1551 static PCCERT_CONTEXT find_cert_by_name_str_w(HCERTSTORE store, DWORD dwType,
1552 DWORD dwFlags, const void *pvPara, PCCERT_CONTEXT prev)
1553 {
1554 PCCERT_CONTEXT found = NULL;
1555
1556 TRACE("%s\n", debugstr_w(pvPara));
1557
1558 if (pvPara)
1559 {
1560 DWORD len = strlenW(pvPara);
1561 LPWSTR str = CryptMemAlloc((len + 1) * sizeof(WCHAR));
1562
1563 if (str)
1564 {
1565 LPCWSTR src;
1566 LPWSTR dst;
1567
1568 for (src = pvPara, dst = str; *src; src++, dst++)
1569 *dst = tolowerW(*src);
1570 *dst = 0;
1571 found = cert_compare_certs_in_store(store, prev,
1572 compare_cert_by_name_str, dwType, dwFlags, str);
1573 CryptMemFree(str);
1574 }
1575 }
1576 else
1577 found = find_cert_any(store, dwType, dwFlags, NULL, prev);
1578 return found;
1579 }
1580
1581 PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore,
1582 DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara,
1583 PCCERT_CONTEXT pPrevCertContext)
1584 {
1585 PCCERT_CONTEXT ret;
1586 CertFindFunc find = NULL;
1587 CertCompareFunc compare = NULL;
1588
1589 TRACE("(%p, %08x, %08x, %08x, %p, %p)\n", hCertStore, dwCertEncodingType,
1590 dwFlags, dwType, pvPara, pPrevCertContext);
1591
1592 switch (dwType >> CERT_COMPARE_SHIFT)
1593 {
1594 case CERT_COMPARE_ANY:
1595 find = find_cert_any;
1596 break;
1597 case CERT_COMPARE_MD5_HASH:
1598 compare = compare_cert_by_md5_hash;
1599 break;
1600 case CERT_COMPARE_SHA1_HASH:
1601 compare = compare_cert_by_sha1_hash;
1602 break;
1603 case CERT_COMPARE_NAME:
1604 compare = compare_cert_by_name;
1605 break;
1606 case CERT_COMPARE_PUBLIC_KEY:
1607 compare = compare_cert_by_public_key;
1608 break;
1609 case CERT_COMPARE_NAME_STR_A:
1610 find = find_cert_by_name_str_a;
1611 break;
1612 case CERT_COMPARE_NAME_STR_W:
1613 find = find_cert_by_name_str_w;
1614 break;
1615 case CERT_COMPARE_SUBJECT_CERT:
1616 compare = compare_cert_by_subject_cert;
1617 break;
1618 case CERT_COMPARE_CERT_ID:
1619 compare = compare_cert_by_cert_id;
1620 break;
1621 case CERT_COMPARE_ISSUER_OF:
1622 find = find_cert_by_issuer;
1623 break;
1624 case CERT_COMPARE_EXISTING:
1625 compare = compare_existing_cert;
1626 break;
1627 case CERT_COMPARE_SIGNATURE_HASH:
1628 compare = compare_cert_by_signature_hash;
1629 break;
1630 default:
1631 FIXME("find type %08x unimplemented\n", dwType);
1632 }
1633
1634 if (find)
1635 ret = find(hCertStore, dwFlags, dwType, pvPara, pPrevCertContext);
1636 else if (compare)
1637 ret = cert_compare_certs_in_store(hCertStore, pPrevCertContext,
1638 compare, dwType, dwFlags, pvPara);
1639 else
1640 ret = NULL;
1641 if (!ret)
1642 SetLastError(CRYPT_E_NOT_FOUND);
1643 TRACE("returning %p\n", ret);
1644 return ret;
1645 }
1646
1647 PCCERT_CONTEXT WINAPI CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore,
1648 DWORD dwCertEncodingType, PCERT_INFO pCertId)
1649 {
1650 TRACE("(%p, %08x, %p)\n", hCertStore, dwCertEncodingType, pCertId);
1651
1652 if (!pCertId)
1653 {
1654 SetLastError(E_INVALIDARG);
1655 return NULL;
1656 }
1657 return CertFindCertificateInStore(hCertStore, dwCertEncodingType, 0,
1658 CERT_FIND_SUBJECT_CERT, pCertId, NULL);
1659 }
1660
1661 BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
1662 PCCERT_CONTEXT pIssuer, DWORD *pdwFlags)
1663 {
1664 static const DWORD supportedFlags = CERT_STORE_REVOCATION_FLAG |
1665 CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG;
1666
1667 if (*pdwFlags & ~supportedFlags)
1668 {
1669 SetLastError(E_INVALIDARG);
1670 return FALSE;
1671 }
1672 if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
1673 {
1674 DWORD flags = 0;
1675 PCCRL_CONTEXT crl = CertGetCRLFromStore(pSubject->hCertStore, pSubject,
1676 NULL, &flags);
1677
1678 /* FIXME: what if the CRL has expired? */
1679 if (crl)
1680 {
1681 if (CertVerifyCRLRevocation(pSubject->dwCertEncodingType,
1682 pSubject->pCertInfo, 1, (PCRL_INFO *)&crl->pCrlInfo))
1683 *pdwFlags &= CERT_STORE_REVOCATION_FLAG;
1684 }
1685 else
1686 *pdwFlags |= CERT_STORE_NO_CRL_FLAG;
1687 }
1688 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
1689 {
1690 if (0 == CertVerifyTimeValidity(NULL, pSubject->pCertInfo))
1691 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
1692 }
1693 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
1694 {
1695 if (CryptVerifyCertificateSignatureEx(0, pSubject->dwCertEncodingType,
1696 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)pSubject,
1697 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuer, 0, NULL))
1698 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
1699 }
1700 return TRUE;
1701 }
1702
1703 PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
1704 PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext,
1705 DWORD *pdwFlags)
1706 {
1707 PCCERT_CONTEXT ret;
1708
1709 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pSubjectContext,
1710 pPrevIssuerContext, *pdwFlags);
1711
1712 if (!pSubjectContext)
1713 {
1714 SetLastError(E_INVALIDARG);
1715 return NULL;
1716 }
1717
1718 ret = CertFindCertificateInStore(hCertStore,
1719 pSubjectContext->dwCertEncodingType, 0, CERT_FIND_ISSUER_OF,
1720 pSubjectContext, pPrevIssuerContext);
1721 if (ret)
1722 {
1723 if (!CertVerifySubjectCertificateContext(pSubjectContext, ret,
1724 pdwFlags))
1725 {
1726 CertFreeCertificateContext(ret);
1727 ret = NULL;
1728 }
1729 }
1730 TRACE("returning %p\n", ret);
1731 return ret;
1732 }
1733
1734 typedef struct _OLD_CERT_REVOCATION_STATUS {
1735 DWORD cbSize;
1736 DWORD dwIndex;
1737 DWORD dwError;
1738 DWORD dwReason;
1739 } OLD_CERT_REVOCATION_STATUS;
1740
1741 typedef BOOL (WINAPI *CertVerifyRevocationFunc)(DWORD, DWORD, DWORD,
1742 void **, DWORD, PCERT_REVOCATION_PARA, PCERT_REVOCATION_STATUS);
1743
1744 BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1745 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1746 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1747 {
1748 BOOL ret;
1749
1750 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1751 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1752
1753 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1754 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1755 {
1756 SetLastError(E_INVALIDARG);
1757 return FALSE;
1758 }
1759 if (cContext)
1760 {
1761 static HCRYPTOIDFUNCSET set = NULL;
1762 DWORD size;
1763
1764 if (!set)
1765 set = CryptInitOIDFunctionSet(CRYPT_OID_VERIFY_REVOCATION_FUNC, 0);
1766 ret = CryptGetDefaultOIDDllList(set, dwEncodingType, NULL, &size);
1767 if (ret)
1768 {
1769 if (size == 1)
1770 {
1771 /* empty list */
1772 SetLastError(CRYPT_E_NO_REVOCATION_DLL);
1773 ret = FALSE;
1774 }
1775 else
1776 {
1777 LPWSTR dllList = CryptMemAlloc(size * sizeof(WCHAR)), ptr;
1778
1779 if (dllList)
1780 {
1781 ret = CryptGetDefaultOIDDllList(set, dwEncodingType,
1782 dllList, &size);
1783 if (ret)
1784 {
1785 for (ptr = dllList; ret && *ptr;
1786 ptr += lstrlenW(ptr) + 1)
1787 {
1788 CertVerifyRevocationFunc func;
1789 HCRYPTOIDFUNCADDR hFunc;
1790
1791 ret = CryptGetDefaultOIDFunctionAddress(set,
1792 dwEncodingType, ptr, 0, (void **)&func, &hFunc);
1793 if (ret)
1794 {
1795 ret = func(dwEncodingType, dwRevType, cContext,
1796 rgpvContext, dwFlags, pRevPara, pRevStatus);
1797 CryptFreeOIDFunctionAddress(hFunc, 0);
1798 }
1799 }
1800 }
1801 CryptMemFree(dllList);
1802 }
1803 else
1804 {
1805 SetLastError(ERROR_OUTOFMEMORY);
1806 ret = FALSE;
1807 }
1808 }
1809 }
1810 }
1811 else
1812 ret = TRUE;
1813 return ret;
1814 }
1815
1816 PCRYPT_ATTRIBUTE WINAPI CertFindAttribute(LPCSTR pszObjId, DWORD cAttr,
1817 CRYPT_ATTRIBUTE rgAttr[])
1818 {
1819 PCRYPT_ATTRIBUTE ret = NULL;
1820 DWORD i;
1821
1822 TRACE("%s %d %p\n", debugstr_a(pszObjId), cAttr, rgAttr);
1823
1824 if (!cAttr)
1825 return NULL;
1826 if (!pszObjId)
1827 {
1828 SetLastError(ERROR_INVALID_PARAMETER);
1829 return NULL;
1830 }
1831
1832 for (i = 0; !ret && i < cAttr; i++)
1833 if (rgAttr[i].pszObjId && !strcmp(pszObjId, rgAttr[i].pszObjId))
1834 ret = &rgAttr[i];
1835 return ret;
1836 }
1837
1838 PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions,
1839 CERT_EXTENSION rgExtensions[])
1840 {
1841 PCERT_EXTENSION ret = NULL;
1842 DWORD i;
1843
1844 TRACE("%s %d %p\n", debugstr_a(pszObjId), cExtensions, rgExtensions);
1845
1846 if (!cExtensions)
1847 return NULL;
1848 if (!pszObjId)
1849 {
1850 SetLastError(ERROR_INVALID_PARAMETER);
1851 return NULL;
1852 }
1853
1854 for (i = 0; !ret && i < cExtensions; i++)
1855 if (rgExtensions[i].pszObjId && !strcmp(pszObjId,
1856 rgExtensions[i].pszObjId))
1857 ret = &rgExtensions[i];
1858 return ret;
1859 }
1860
1861 PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
1862 {
1863 PCERT_RDN_ATTR ret = NULL;
1864 DWORD i, j;
1865
1866 TRACE("%s %p\n", debugstr_a(pszObjId), pName);
1867
1868 if (!pszObjId)
1869 {
1870 SetLastError(ERROR_INVALID_PARAMETER);
1871 return NULL;
1872 }
1873
1874 for (i = 0; !ret && i < pName->cRDN; i++)
1875 for (j = 0; !ret && j < pName->rgRDN[i].cRDNAttr; j++)
1876 if (pName->rgRDN[i].rgRDNAttr[j].pszObjId && !strcmp(pszObjId,
1877 pName->rgRDN[i].rgRDNAttr[j].pszObjId))
1878 ret = &pName->rgRDN[i].rgRDNAttr[j];
1879 return ret;
1880 }
1881
1882 static BOOL find_matching_rdn_attr(DWORD dwFlags, const CERT_NAME_INFO *name,
1883 const CERT_RDN_ATTR *attr)
1884 {
1885 DWORD i, j;
1886 BOOL match = FALSE;
1887
1888 for (i = 0; !match && i < name->cRDN; i++)
1889 {
1890 for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
1891 {
1892 if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId,
1893 attr->pszObjId) &&
1894 name->rgRDN[i].rgRDNAttr[j].dwValueType ==
1895 attr->dwValueType)
1896 {
1897 if (dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG)
1898 {
1899 LPCWSTR nameStr =
1900 (LPCWSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData;
1901 LPCWSTR attrStr = (LPCWSTR)attr->Value.pbData;
1902
1903 if (attr->Value.cbData !=
1904 name->rgRDN[i].rgRDNAttr[j].Value.cbData)
1905 match = FALSE;
1906 else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG)
1907 match = !strncmpiW(nameStr, attrStr,
1908 attr->Value.cbData / sizeof(WCHAR));
1909 else
1910 match = !strncmpW(nameStr, attrStr,
1911 attr->Value.cbData / sizeof(WCHAR));
1912 TRACE("%s : %s => %d\n",
1913 debugstr_wn(nameStr, attr->Value.cbData / sizeof(WCHAR)),
1914 debugstr_wn(attrStr, attr->Value.cbData / sizeof(WCHAR)),
1915 match);
1916 }
1917 else
1918 {
1919 LPCSTR nameStr =
1920 (LPCSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData;
1921 LPCSTR attrStr = (LPCSTR)attr->Value.pbData;
1922
1923 if (attr->Value.cbData !=
1924 name->rgRDN[i].rgRDNAttr[j].Value.cbData)
1925 match = FALSE;
1926 else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG)
1927 match = !strncasecmp(nameStr, attrStr,
1928 attr->Value.cbData);
1929 else
1930 match = !strncmp(nameStr, attrStr, attr->Value.cbData);
1931 TRACE("%s : %s => %d\n",
1932 debugstr_an(nameStr, attr->Value.cbData),
1933 debugstr_an(attrStr, attr->Value.cbData), match);
1934 }
1935 }
1936 }
1937 }
1938 return match;
1939 }
1940
1941 BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType,
1942 DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN)
1943 {
1944 CERT_NAME_INFO *name;
1945 LPCSTR type;
1946 DWORD size;
1947 BOOL ret;
1948
1949 TRACE("(%08x, %08x, %p, %p)\n", dwCertEncodingType, dwFlags, pCertName,
1950 pRDN);
1951
1952 type = dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG ? X509_UNICODE_NAME :
1953 X509_NAME;
1954 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, type, pCertName->pbData,
1955 pCertName->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &name, &size)))
1956 {
1957 DWORD i;
1958
1959 for (i = 0; ret && i < pRDN->cRDNAttr; i++)
1960 ret = find_matching_rdn_attr(dwFlags, name, &pRDN->rgRDNAttr[i]);
1961 if (!ret)
1962 SetLastError(CRYPT_E_NO_MATCH);
1963 LocalFree(name);
1964 }
1965 return ret;
1966 }
1967
1968 LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify,
1969 PCERT_INFO pCertInfo)
1970 {
1971 FILETIME fileTime;
1972 LONG ret;
1973
1974 if (!pTimeToVerify)
1975 {
1976 GetSystemTimeAsFileTime(&fileTime);
1977 pTimeToVerify = &fileTime;
1978 }
1979 if ((ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotBefore)) >= 0)
1980 {
1981 ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotAfter);
1982 if (ret < 0)
1983 ret = 0;
1984 }
1985 return ret;
1986 }
1987
1988 BOOL WINAPI CertVerifyValidityNesting(PCERT_INFO pSubjectInfo,
1989 PCERT_INFO pIssuerInfo)
1990 {
1991 TRACE("(%p, %p)\n", pSubjectInfo, pIssuerInfo);
1992
1993 return CertVerifyTimeValidity(&pSubjectInfo->NotBefore, pIssuerInfo) == 0
1994 && CertVerifyTimeValidity(&pSubjectInfo->NotAfter, pIssuerInfo) == 0;
1995 }
1996
1997 BOOL WINAPI CryptHashCertificate(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid,
1998 DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash,
1999 DWORD *pcbComputedHash)
2000 {
2001 BOOL ret = TRUE;
2002 HCRYPTHASH hHash = 0;
2003
2004 TRACE("(%08lx, %d, %08x, %p, %d, %p, %p)\n", hCryptProv, Algid, dwFlags,
2005 pbEncoded, cbEncoded, pbComputedHash, pcbComputedHash);
2006
2007 if (!hCryptProv)
2008 hCryptProv = CRYPT_GetDefaultProvider();
2009 if (!Algid)
2010 Algid = CALG_SHA1;
2011 if (ret)
2012 {
2013 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
2014 if (ret)
2015 {
2016 ret = CryptHashData(hHash, pbEncoded, cbEncoded, 0);
2017 if (ret)
2018 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2019 pcbComputedHash, 0);
2020 CryptDestroyHash(hHash);
2021 }
2022 }
2023 return ret;
2024 }
2025
2026 BOOL WINAPI CryptHashPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid,
2027 DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
2028 BYTE *pbComputedHash, DWORD *pcbComputedHash)
2029 {
2030 BOOL ret = TRUE;
2031 HCRYPTHASH hHash = 0;
2032
2033 TRACE("(%08lx, %d, %08x, %d, %p, %p, %p)\n", hCryptProv, Algid, dwFlags,
2034 dwCertEncodingType, pInfo, pbComputedHash, pcbComputedHash);
2035
2036 if (!hCryptProv)
2037 hCryptProv = CRYPT_GetDefaultProvider();
2038 if (!Algid)
2039 Algid = CALG_MD5;
2040 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
2041 {
2042 SetLastError(ERROR_FILE_NOT_FOUND);
2043 return FALSE;
2044 }
2045 if (ret)
2046 {
2047 BYTE *buf;
2048 DWORD size = 0;
2049
2050 ret = CRYPT_AsnEncodePubKeyInfoNoNull(dwCertEncodingType,
2051 X509_PUBLIC_KEY_INFO, pInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
2052 (LPBYTE)&buf, &size);
2053 if (ret)
2054 {
2055 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
2056 if (ret)
2057 {
2058 ret = CryptHashData(hHash, buf, size, 0);
2059 if (ret)
2060 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2061 pcbComputedHash, 0);
2062 CryptDestroyHash(hHash);
2063 }
2064 LocalFree(buf);
2065 }
2066 }
2067 return ret;
2068 }
2069
2070 BOOL WINAPI CryptHashToBeSigned(HCRYPTPROV_LEGACY hCryptProv,
2071 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
2072 BYTE *pbComputedHash, DWORD *pcbComputedHash)
2073 {
2074 BOOL ret;
2075 CERT_SIGNED_CONTENT_INFO *info;
2076 DWORD size;
2077
2078 TRACE("(%08lx, %08x, %p, %d, %p, %d)\n", hCryptProv, dwCertEncodingType,
2079 pbEncoded, cbEncoded, pbComputedHash, *pcbComputedHash);
2080
2081 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
2082 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
2083 if (ret)
2084 {
2085 PCCRYPT_OID_INFO oidInfo;
2086 HCRYPTHASH hHash;
2087
2088 if (!hCryptProv)
2089 hCryptProv = CRYPT_GetDefaultProvider();
2090 oidInfo = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2091 info->SignatureAlgorithm.pszObjId, 0);
2092 if (!oidInfo)
2093 {
2094 SetLastError(NTE_BAD_ALGID);
2095 ret = FALSE;
2096 }
2097 else
2098 {
2099 ret = CryptCreateHash(hCryptProv, oidInfo->u.Algid, 0, 0, &hHash);
2100 if (ret)
2101 {
2102 ret = CryptHashData(hHash, info->ToBeSigned.pbData,
2103 info->ToBeSigned.cbData, 0);
2104 if (ret)
2105 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
2106 pcbComputedHash, 0);
2107 CryptDestroyHash(hHash);
2108 }
2109 }
2110 LocalFree(info);
2111 }
2112 return ret;
2113 }
2114
2115 BOOL WINAPI CryptSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv,
2116 DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned,
2117 DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
2118 const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
2119 {
2120 BOOL ret;
2121 PCCRYPT_OID_INFO info;
2122 HCRYPTHASH hHash;
2123
2124 TRACE("(%08lx, %d, %d, %p, %d, %p, %p, %p, %p)\n", hCryptProv,
2125 dwKeySpec, dwCertEncodingType, pbEncodedToBeSigned, cbEncodedToBeSigned,
2126 pSignatureAlgorithm, pvHashAuxInfo, pbSignature, pcbSignature);
2127
2128 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2129 pSignatureAlgorithm->pszObjId, 0);
2130 if (!info)
2131 {
2132 SetLastError(NTE_BAD_ALGID);
2133 return FALSE;
2134 }
2135 if (info->dwGroupId == CRYPT_HASH_ALG_OID_GROUP_ID)
2136 {
2137 if (!hCryptProv)
2138 hCryptProv = CRYPT_GetDefaultProvider();
2139 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
2140 if (ret)
2141 {
2142 ret = CryptHashData(hHash, pbEncodedToBeSigned,
2143 cbEncodedToBeSigned, 0);
2144 if (ret)
2145 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbSignature,
2146 pcbSignature, 0);
2147 CryptDestroyHash(hHash);
2148 }
2149 }
2150 else
2151 {
2152 if (!hCryptProv)
2153 {
2154 SetLastError(ERROR_INVALID_PARAMETER);
2155 ret = FALSE;
2156 }
2157 else
2158 {
2159 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
2160 if (ret)
2161 {
2162 ret = CryptHashData(hHash, pbEncodedToBeSigned,
2163 cbEncodedToBeSigned, 0);
2164 if (ret)
2165 ret = CryptSignHashW(hHash, dwKeySpec, NULL, 0, pbSignature,
2166 pcbSignature);
2167 CryptDestroyHash(hHash);
2168 }
2169 }
2170 }
2171 return ret;
2172 }
2173
2174 BOOL WINAPI CryptSignAndEncodeCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv,
2175 DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
2176 const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
2177 const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD *pcbEncoded)
2178 {
2179 BOOL ret;
2180 DWORD encodedSize, hashSize;
2181
2182 TRACE("(%08lx, %d, %d, %s, %p, %p, %p, %p, %p)\n", hCryptProv, dwKeySpec,
2183 dwCertEncodingType, debugstr_a(lpszStructType), pvStructInfo,
2184 pSignatureAlgorithm, pvHashAuxInfo, pbEncoded, pcbEncoded);
2185
2186 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType, pvStructInfo,
2187 NULL, &encodedSize);
2188 if (ret)
2189 {
2190 PBYTE encoded = CryptMemAlloc(encodedSize);
2191
2192 if (encoded)
2193 {
2194 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType,
2195 pvStructInfo, encoded, &encodedSize);
2196 if (ret)
2197 {
2198 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
2199 dwCertEncodingType, encoded, encodedSize, pSignatureAlgorithm,
2200 pvHashAuxInfo, NULL, &hashSize);
2201 if (ret)
2202 {
2203 PBYTE hash = CryptMemAlloc(hashSize);
2204
2205 if (hash)
2206 {
2207 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
2208 dwCertEncodingType, encoded, encodedSize,
2209 pSignatureAlgorithm, pvHashAuxInfo, hash, &hashSize);
2210 if (ret)
2211 {
2212 CERT_SIGNED_CONTENT_INFO info = { { 0 } };
2213
2214 info.ToBeSigned.cbData = encodedSize;
2215 info.ToBeSigned.pbData = encoded;
2216 info.SignatureAlgorithm = *pSignatureAlgorithm;
2217 info.Signature.cbData = hashSize;
2218 info.Signature.pbData = hash;
2219 info.Signature.cUnusedBits = 0;
2220 ret = CryptEncodeObject(dwCertEncodingType,
2221 X509_CERT, &info, pbEncoded, pcbEncoded);
2222 }
2223 CryptMemFree(hash);
2224 }
2225 }
2226 }
2227 CryptMemFree(encoded);
2228 }
2229 }
2230 return ret;
2231 }
2232
2233 BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV_LEGACY hCryptProv,
2234 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
2235 PCERT_PUBLIC_KEY_INFO pPublicKey)
2236 {
2237 CRYPT_DATA_BLOB blob = { cbEncoded, (BYTE *)pbEncoded };
2238
2239 return CryptVerifyCertificateSignatureEx(hCryptProv, dwCertEncodingType,
2240 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &blob,
2241 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
2242 }
2243
2244 static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv,
2245 DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
2246 const CERT_SIGNED_CONTENT_INFO *signedCert)
2247 {
2248 BOOL ret;
2249 HCRYPTKEY key;
2250 PCCRYPT_OID_INFO info;
2251 ALG_ID pubKeyID, hashID;
2252
2253 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2254 signedCert->SignatureAlgorithm.pszObjId, 0);
2255 if (!info || info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID)
2256 {
2257 SetLastError(NTE_BAD_ALGID);
2258 return FALSE;
2259 }
2260 hashID = info->u.Algid;
2261 if (info->ExtraInfo.cbData >= sizeof(ALG_ID))
2262 pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData;
2263 else
2264 pubKeyID = hashID;
2265 /* Load the default provider if necessary */
2266 if (!hCryptProv)
2267 hCryptProv = CRYPT_GetDefaultProvider();
2268 ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
2269 pubKeyInfo, pubKeyID, 0, NULL, &key);
2270 if (ret)
2271 {
2272 HCRYPTHASH hash;
2273
2274 ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash);
2275 if (ret)
2276 {
2277 ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
2278 signedCert->ToBeSigned.cbData, 0);
2279 if (ret)
2280 ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
2281 signedCert->Signature.cbData, key, NULL, 0);
2282 CryptDestroyHash(hash);
2283 }
2284 CryptDestroyKey(key);
2285 }
2286 return ret;
2287 }
2288
2289 BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv,
2290 DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
2291 DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
2292 {
2293 BOOL ret = TRUE;
2294 CRYPT_DATA_BLOB subjectBlob;
2295
2296 TRACE("(%08lx, %d, %d, %p, %d, %p, %08x, %p)\n", hCryptProv,
2297 dwCertEncodingType, dwSubjectType, pvSubject, dwIssuerType, pvIssuer,
2298 dwFlags, pvReserved);
2299
2300 switch (dwSubjectType)
2301 {
2302 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB:
2303 {
2304 PCRYPT_DATA_BLOB blob = pvSubject;
2305
2306 subjectBlob.pbData = blob->pbData;
2307 subjectBlob.cbData = blob->cbData;
2308 break;
2309 }
2310 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT:
2311 {
2312 PCERT_CONTEXT context = pvSubject;
2313
2314 subjectBlob.pbData = context->pbCertEncoded;
2315 subjectBlob.cbData = context->cbCertEncoded;
2316 break;
2317 }
2318 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL:
2319 {
2320 PCRL_CONTEXT context = pvSubject;
2321
2322 subjectBlob.pbData = context->pbCrlEncoded;
2323 subjectBlob.cbData = context->cbCrlEncoded;
2324 break;
2325 }
2326 default:
2327 SetLastError(E_INVALIDARG);
2328 ret = FALSE;
2329 }
2330
2331 if (ret)
2332 {
2333 PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
2334 DWORD size = 0;
2335
2336 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
2337 subjectBlob.pbData, subjectBlob.cbData,
2338 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
2339 &signedCert, &size);
2340 if (ret)
2341 {
2342 switch (dwIssuerType)
2343 {
2344 case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
2345 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
2346 dwCertEncodingType, pvIssuer,
2347 signedCert);
2348 break;
2349 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
2350 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
2351 dwCertEncodingType,
2352 &((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
2353 signedCert);
2354 break;
2355 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
2356 FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
2357 ret = FALSE;
2358 break;
2359 case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
2360 if (pvIssuer)
2361 {
2362 SetLastError(E_INVALIDARG);
2363 ret = FALSE;
2364 }
2365 else
2366 {
2367 FIXME("unimplemented for NULL signer\n");
2368 SetLastError(E_INVALIDARG);
2369 ret = FALSE;
2370 }
2371 break;
2372 default:
2373 SetLastError(E_INVALIDARG);
2374 ret = FALSE;
2375 }
2376 LocalFree(signedCert);
2377 }
2378 }
2379 return ret;
2380 }
2381
2382 BOOL WINAPI CertGetIntendedKeyUsage(DWORD dwCertEncodingType,
2383 PCERT_INFO pCertInfo, BYTE *pbKeyUsage, DWORD cbKeyUsage)
2384 {
2385 PCERT_EXTENSION ext;
2386 BOOL ret = FALSE;
2387
2388 TRACE("(%08x, %p, %p, %d)\n", dwCertEncodingType, pCertInfo, pbKeyUsage,
2389 cbKeyUsage);
2390
2391 ext = CertFindExtension(szOID_KEY_USAGE, pCertInfo->cExtension,
2392 pCertInfo->rgExtension);
2393 if (ext)
2394 {
2395 CRYPT_BIT_BLOB usage;
2396 DWORD size = sizeof(usage);
2397
2398 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BITS,
2399 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL,
2400 &usage, &size);
2401 if (ret)
2402 {
2403 if (cbKeyUsage < usage.cbData)
2404 ret = FALSE;
2405 else
2406 {
2407 memcpy(pbKeyUsage, usage.pbData, usage.cbData);
2408 if (cbKeyUsage > usage.cbData)
2409 memset(pbKeyUsage + usage.cbData, 0,
2410 cbKeyUsage - usage.cbData);
2411 }
2412 }
2413 }
2414 else
2415 SetLastError(0);
2416 return ret;
2417 }
2418
2419 BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags,
2420 PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
2421 {
2422 PCERT_ENHKEY_USAGE usage = NULL;
2423 DWORD bytesNeeded;
2424 BOOL ret = TRUE;
2425
2426 if (!pCertContext || !pcbUsage)
2427 {
2428 SetLastError(ERROR_INVALID_PARAMETER);
2429 return FALSE;
2430 }
2431
2432 TRACE("(%p, %08x, %p, %d)\n", pCertContext, dwFlags, pUsage, *pcbUsage);
2433
2434 if (!(dwFlags & CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG))
2435 {
2436 DWORD propSize = 0;
2437
2438 if (CertGetCertificateContextProperty(pCertContext,
2439 CERT_ENHKEY_USAGE_PROP_ID, NULL, &propSize))
2440 {
2441 LPBYTE buf = CryptMemAlloc(propSize);
2442
2443 if (buf)
2444 {
2445 if (CertGetCertificateContextProperty(pCertContext,
2446 CERT_ENHKEY_USAGE_PROP_ID, buf, &propSize))
2447 {
2448 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
2449 X509_ENHANCED_KEY_USAGE, buf, propSize,
2450 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
2451 }
2452 CryptMemFree(buf);
2453 }
2454 }
2455 }
2456 if (!usage && !(dwFlags & CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG))
2457 {
2458 PCERT_EXTENSION ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
2459 pCertContext->pCertInfo->cExtension,
2460 pCertContext->pCertInfo->rgExtension);
2461
2462 if (ext)
2463 {
2464 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
2465 X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
2466 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
2467 }
2468 }
2469 if (!usage)
2470 {
2471 /* If a particular location is specified, this should fail. Otherwise
2472 * it should succeed with an empty usage. (This is true on Win2k and
2473 * later, which we emulate.)
2474 */
2475 if (dwFlags)
2476 {
2477 SetLastError(CRYPT_E_NOT_FOUND);
2478 ret = FALSE;
2479 }
2480 else
2481 bytesNeeded = sizeof(CERT_ENHKEY_USAGE);
2482 }
2483
2484 if (ret)
2485 {
2486 if (!pUsage)
2487 *pcbUsage = bytesNeeded;
2488 else if (*pcbUsage < bytesNeeded)
2489 {
2490 SetLastError(ERROR_MORE_DATA);
2491 *pcbUsage = bytesNeeded;
2492 ret = FALSE;
2493 }
2494 else
2495 {
2496 *pcbUsage = bytesNeeded;
2497 if (usage)
2498 {
2499 DWORD i;
2500 LPSTR nextOID = (LPSTR)((LPBYTE)pUsage +
2501 sizeof(CERT_ENHKEY_USAGE) +
2502 usage->cUsageIdentifier * sizeof(LPSTR));
2503
2504 pUsage->cUsageIdentifier = usage->cUsageIdentifier;
2505 pUsage->rgpszUsageIdentifier = (LPSTR *)((LPBYTE)pUsage +
2506 sizeof(CERT_ENHKEY_USAGE));
2507 for (i = 0; i < usage->cUsageIdentifier; i++)
2508 {
2509 pUsage->rgpszUsageIdentifier[i] = nextOID;
2510 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
2511 nextOID += strlen(nextOID) + 1;
2512 }
2513 }
2514 else
2515 pUsage->cUsageIdentifier = 0;
2516 }
2517 }
2518 if (usage)
2519 LocalFree(usage);
2520 TRACE("returning %d\n", ret);
2521 return ret;
2522 }
2523
2524 BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext,
2525 PCERT_ENHKEY_USAGE pUsage)
2526 {
2527 BOOL ret;
2528
2529 TRACE("(%p, %p)\n", pCertContext, pUsage);
2530
2531 if (pUsage)
2532 {
2533 CRYPT_DATA_BLOB blob = { 0, NULL };
2534
2535 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
2536 pUsage, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData, &blob.cbData);
2537 if (ret)
2538 {
2539 ret = CertSetCertificateContextProperty(pCertContext,
2540 CERT_ENHKEY_USAGE_PROP_ID, 0, &blob);
2541 LocalFree(blob.pbData);
2542 }
2543 }
2544 else
2545 ret = CertSetCertificateContextProperty(pCertContext,
2546 CERT_ENHKEY_USAGE_PROP_ID, 0, NULL);
2547 return ret;
2548 }
2549
2550 BOOL WINAPI CertAddEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
2551 LPCSTR pszUsageIdentifier)
2552 {
2553 BOOL ret;
2554 DWORD size;
2555
2556 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
2557
2558 if (CertGetEnhancedKeyUsage(pCertContext,
2559 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size))
2560 {
2561 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(size);
2562
2563 if (usage)
2564 {
2565 ret = CertGetEnhancedKeyUsage(pCertContext,
2566 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, usage, &size);
2567 if (ret)
2568 {
2569 DWORD i;
2570 BOOL exists = FALSE;
2571
2572 /* Make sure usage doesn't already exist */
2573 for (i = 0; !exists && i < usage->cUsageIdentifier; i++)
2574 {
2575 if (!strcmp(usage->rgpszUsageIdentifier[i],
2576 pszUsageIdentifier))
2577 exists = TRUE;
2578 }
2579 if (!exists)
2580 {
2581 PCERT_ENHKEY_USAGE newUsage = CryptMemAlloc(size +
2582 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
2583
2584 if (newUsage)
2585 {
2586 LPSTR nextOID;
2587
2588 newUsage->rgpszUsageIdentifier = (LPSTR *)
2589 ((LPBYTE)newUsage + sizeof(CERT_ENHKEY_USAGE));
2590 nextOID = (LPSTR)((LPBYTE)newUsage->rgpszUsageIdentifier
2591 + (usage->cUsageIdentifier + 1) * sizeof(LPSTR));
2592 for (i = 0; i < usage->cUsageIdentifier; i++)
2593 {
2594 newUsage->rgpszUsageIdentifier[i] = nextOID;
2595 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
2596 nextOID += strlen(nextOID) + 1;
2597 }
2598 newUsage->rgpszUsageIdentifier[i] = nextOID;
2599 strcpy(nextOID, pszUsageIdentifier);
2600 newUsage->cUsageIdentifier = i + 1;
2601 ret = CertSetEnhancedKeyUsage(pCertContext, newUsage);
2602 CryptMemFree(newUsage);
2603 }
2604 else
2605 ret = FALSE;
2606 }
2607 }
2608 CryptMemFree(usage);
2609 }
2610 else
2611 ret = FALSE;
2612 }
2613 else
2614 {
2615 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(sizeof(CERT_ENHKEY_USAGE) +
2616 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
2617
2618 if (usage)
2619 {
2620 usage->rgpszUsageIdentifier =
2621 (LPSTR *)((LPBYTE)usage + sizeof(CERT_ENHKEY_USAGE));
2622 usage->rgpszUsageIdentifier[0] = (LPSTR)((LPBYTE)usage +
2623 sizeof(CERT_ENHKEY_USAGE) + sizeof(LPSTR));
2624 strcpy(usage->rgpszUsageIdentifier[0], pszUsageIdentifier);
2625 usage->cUsageIdentifier = 1;
2626 ret = CertSetEnhancedKeyUsage(pCertContext, usage);
2627 CryptMemFree(usage);
2628 }
2629 else
2630 ret = FALSE;
2631 }
2632 return ret;
2633 }
2634
2635 BOOL WINAPI CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
2636 LPCSTR pszUsageIdentifier)
2637 {
2638 BOOL ret;
2639 DWORD size;
2640 CERT_ENHKEY_USAGE usage;
2641
2642 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
2643
2644 size = sizeof(usage);
2645 ret = CertGetEnhancedKeyUsage(pCertContext,
2646 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, &usage, &size);
2647 if (!ret && GetLastError() == ERROR_MORE_DATA)
2648 {
2649 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
2650
2651 if (pUsage)
2652 {
2653 ret = CertGetEnhancedKeyUsage(pCertContext,
2654 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
2655 if (ret)
2656 {
2657 if (pUsage->cUsageIdentifier)
2658 {
2659 DWORD i;
2660 BOOL found = FALSE;
2661
2662 for (i = 0; i < pUsage->cUsageIdentifier; i++)
2663 {
2664 if (!strcmp(pUsage->rgpszUsageIdentifier[i],
2665 pszUsageIdentifier))
2666 found = TRUE;
2667 if (found && i < pUsage->cUsageIdentifier - 1)
2668 pUsage->rgpszUsageIdentifier[i] =
2669 pUsage->rgpszUsageIdentifier[i + 1];
2670 }
2671 pUsage->cUsageIdentifier--;
2672 /* Remove the usage if it's empty */
2673 if (pUsage->cUsageIdentifier)
2674 ret = CertSetEnhancedKeyUsage(pCertContext, pUsage);
2675 else
2676 ret = CertSetEnhancedKeyUsage(pCertContext, NULL);
2677 }
2678 }
2679 CryptMemFree(pUsage);
2680 }
2681 else
2682 ret = FALSE;
2683 }
2684 else
2685 {
2686 /* it fit in an empty usage, therefore there's nothing to remove */
2687 ret = TRUE;
2688 }
2689 return ret;
2690 }
2691
2692 struct BitField
2693 {
2694 DWORD cIndexes;
2695 DWORD *indexes;
2696 };
2697
2698 #define BITS_PER_DWORD (sizeof(DWORD) * 8)
2699
2700 static void CRYPT_SetBitInField(struct BitField *field, DWORD bit)
2701 {
2702 DWORD indexIndex = bit / BITS_PER_DWORD;
2703
2704 if (indexIndex + 1 > field->cIndexes)
2705 {
2706 if (field->cIndexes)
2707 field->indexes = CryptMemRealloc(field->indexes,
2708 (indexIndex + 1) * sizeof(DWORD));
2709 else
2710 field->indexes = CryptMemAlloc(sizeof(DWORD));
2711 if (field->indexes)
2712 {
2713 field->indexes[indexIndex] = 0;
2714 field->cIndexes = indexIndex + 1;
2715 }
2716 }
2717 if (field->indexes)
2718 field->indexes[indexIndex] |= 1 << (bit % BITS_PER_DWORD);
2719 }
2720
2721 static BOOL CRYPT_IsBitInFieldSet(const struct BitField *field, DWORD bit)
2722 {
2723 BOOL set = FALSE;
2724 DWORD indexIndex = bit / BITS_PER_DWORD;
2725
2726 assert(field->cIndexes);
2727 set = field->indexes[indexIndex] & (1 << (bit % BITS_PER_DWORD));
2728 return set;
2729 }
2730
2731 BOOL WINAPI CertGetValidUsages(DWORD cCerts, PCCERT_CONTEXT *rghCerts,
2732 int *cNumOIDs, LPSTR *rghOIDs, DWORD *pcbOIDs)
2733 {
2734 BOOL ret = TRUE;
2735 DWORD i, cbOIDs = 0;
2736 BOOL allUsagesValid = TRUE;
2737 CERT_ENHKEY_USAGE validUsages = { 0, NULL };
2738
2739 TRACE("(%d, %p, %d, %p, %d)\n", cCerts, rghCerts, *cNumOIDs,
2740 rghOIDs, *pcbOIDs);
2741
2742 for (i = 0; i < cCerts; i++)
2743 {
2744 CERT_ENHKEY_USAGE usage;
2745 DWORD size = sizeof(usage);
2746
2747 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, &usage, &size);
2748 /* Success is deliberately ignored: it implies all usages are valid */
2749 if (!ret && GetLastError() == ERROR_MORE_DATA)
2750 {
2751 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
2752
2753 allUsagesValid = FALSE;
2754 if (pUsage)
2755 {
2756 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, pUsage, &size);
2757 if (ret)
2758 {
2759 if (!validUsages.cUsageIdentifier)
2760 {
2761 DWORD j;
2762
2763 cbOIDs = pUsage->cUsageIdentifier * sizeof(LPSTR);
2764 validUsages.cUsageIdentifier = pUsage->cUsageIdentifier;
2765 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2766 cbOIDs += lstrlenA(pUsage->rgpszUsageIdentifier[j])
2767 + 1;
2768 validUsages.rgpszUsageIdentifier =
2769 CryptMemAlloc(cbOIDs);
2770 if (validUsages.rgpszUsageIdentifier)
2771 {
2772 LPSTR nextOID = (LPSTR)
2773 ((LPBYTE)validUsages.rgpszUsageIdentifier +
2774 validUsages.cUsageIdentifier * sizeof(LPSTR));
2775
2776 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2777 {
2778 validUsages.rgpszUsageIdentifier[j] = nextOID;
2779 lstrcpyA(validUsages.rgpszUsageIdentifier[j],
2780 pUsage->rgpszUsageIdentifier[j]);
2781 nextOID += lstrlenA(nextOID) + 1;
2782 }
2783 }
2784 }
2785 else
2786 {
2787 struct BitField validIndexes = { 0, NULL };
2788 DWORD j, k, numRemoved = 0;
2789
2790 /* Merge: build a bitmap of all the indexes of
2791 * validUsages.rgpszUsageIdentifier that are in pUsage.
2792 */
2793 for (j = 0; j < pUsage->cUsageIdentifier; j++)
2794 {
2795 for (k = 0; k < validUsages.cUsageIdentifier; k++)
2796 {
2797 if (!strcmp(pUsage->rgpszUsageIdentifier[j],
2798 validUsages.rgpszUsageIdentifier[k]))
2799 {
2800 CRYPT_SetBitInField(&validIndexes, k);
2801 break;
2802 }
2803 }
2804 }
2805 /* Merge by removing from validUsages those that are
2806 * not in the bitmap.
2807 */
2808 for (j = 0; j < validUsages.cUsageIdentifier; j++)
2809 {
2810 if (!CRYPT_IsBitInFieldSet(&validIndexes, j))
2811 {
2812 if (j < validUsages.cUsageIdentifier - 1)
2813 {
2814 memmove(&validUsages.rgpszUsageIdentifier[j],
2815 &validUsages.rgpszUsageIdentifier[j +
2816 numRemoved + 1],
2817 (validUsages.cUsageIdentifier - numRemoved
2818 - j - 1) * sizeof(LPSTR));
2819 cbOIDs -= lstrlenA(
2820 validUsages.rgpszUsageIdentifier[j]) + 1 +
2821 sizeof(LPSTR);
2822 validUsages.cUsageIdentifier--;
2823 numRemoved++;
2824 }
2825 else
2826 validUsages.cUsageIdentifier--;
2827 }
2828 }
2829 CryptMemFree(validIndexes.indexes);
2830 }
2831 }
2832 CryptMemFree(pUsage);
2833 }
2834 }
2835 }
2836 ret = TRUE;
2837 if (allUsagesValid)
2838 {
2839 *cNumOIDs = -1;
2840 *pcbOIDs = 0;
2841 }
2842 else
2843 {
2844 *cNumOIDs = validUsages.cUsageIdentifier;
2845 if (!rghOIDs)
2846 *pcbOIDs = cbOIDs;
2847 else if (*pcbOIDs < cbOIDs)
2848 {
2849 *pcbOIDs = cbOIDs;
2850 SetLastError(ERROR_MORE_DATA);
2851 ret = FALSE;
2852 }
2853 else
2854 {
2855 LPSTR nextOID = (LPSTR)((LPBYTE)rghOIDs +
2856 validUsages.cUsageIdentifier * sizeof(LPSTR));
2857
2858 *pcbOIDs = cbOIDs;
2859 for (i = 0; i < validUsages.cUsageIdentifier; i++)
2860 {
2861 rghOIDs[i] = nextOID;
2862 lstrcpyA(nextOID, validUsages.rgpszUsageIdentifier[i]);
2863 nextOID += lstrlenA(nextOID) + 1;
2864 }
2865 }
2866 }
2867 CryptMemFree(validUsages.rgpszUsageIdentifier);
2868 TRACE("cNumOIDs: %d\n", *cNumOIDs);
2869 TRACE("returning %d\n", ret);
2870 return ret;
2871 }
2872
2873 /* Sets the CERT_KEY_PROV_INFO_PROP_ID property of context from pInfo, or, if
2874 * pInfo is NULL, from the attributes of hProv.
2875 */
2876 static void CertContext_SetKeyProvInfo(PCCERT_CONTEXT context,
2877 const CRYPT_KEY_PROV_INFO *pInfo, HCRYPTPROV hProv)
2878 {
2879 CRYPT_KEY_PROV_INFO info = { 0 };
2880 BOOL ret;
2881
2882 if (!pInfo)
2883 {
2884 DWORD size;
2885 int len;
2886
2887 ret = CryptGetProvParam(hProv, PP_CONTAINER, NULL, &size, 0);
2888 if (ret)
2889 {
2890 LPSTR szContainer = CryptMemAlloc(size);
2891
2892 if (szContainer)
2893 {
2894 ret = CryptGetProvParam(hProv, PP_CONTAINER,
2895 (BYTE *)szContainer, &size, 0);
2896 if (ret)
2897 {
2898 len = MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
2899 NULL, 0);
2900 if (len)
2901 {
2902 info.pwszContainerName = CryptMemAlloc(len *
2903 sizeof(WCHAR));
2904 MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
2905 info.pwszContainerName, len);
2906 }
2907 }
2908 CryptMemFree(szContainer);
2909 }
2910 }
2911 ret = CryptGetProvParam(hProv, PP_NAME, NULL, &size, 0);
2912 if (ret)
2913 {
2914 LPSTR szProvider = CryptMemAlloc(size);
2915
2916 if (szProvider)
2917 {
2918 ret = CryptGetProvParam(hProv, PP_NAME, (BYTE *)szProvider,
2919 &size, 0);
2920 if (ret)
2921 {
2922 len = MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
2923 NULL, 0);
2924 if (len)
2925 {
2926 info.pwszProvName = CryptMemAlloc(len *
2927 sizeof(WCHAR));
2928 MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
2929 info.pwszProvName, len);
2930 }
2931 }
2932 CryptMemFree(szProvider);
2933 }
2934 }
2935 size = sizeof(info.dwKeySpec);
2936 /* in case no CRYPT_KEY_PROV_INFO given,
2937 * we always use AT_SIGNATURE key spec
2938 */
2939 info.dwKeySpec = AT_SIGNATURE;
2940 size = sizeof(info.dwProvType);
2941 ret = CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE)&info.dwProvType,
2942 &size, 0);
2943 if (!ret)
2944 info.dwProvType = PROV_RSA_FULL;
2945 pInfo = &info;
2946 }
2947
2948 CertSetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
2949 0, pInfo);
2950
2951 if (pInfo == &info)
2952 {
2953 CryptMemFree(info.pwszContainerName);
2954 CryptMemFree(info.pwszProvName);
2955 }
2956 }
2957
2958 /* Creates a signed certificate context from the unsigned, encoded certificate
2959 * in blob, using the crypto provider hProv and the signature algorithm sigAlgo.
2960 */
2961 static PCCERT_CONTEXT CRYPT_CreateSignedCert(const CRYPT_DER_BLOB *blob,
2962 HCRYPTPROV hProv, DWORD dwKeySpec, PCRYPT_ALGORITHM_IDENTIFIER sigAlgo)
2963 {
2964 PCCERT_CONTEXT context = NULL;
2965 BOOL ret;
2966 DWORD sigSize = 0;
2967
2968 ret = CryptSignCertificate(hProv, dwKeySpec, X509_ASN_ENCODING,
2969 blob->pbData, blob->cbData, sigAlgo, NULL, NULL, &sigSize);
2970 if (ret)
2971 {
2972 LPBYTE sig = CryptMemAlloc(sigSize);
2973
2974 ret = CryptSignCertificate(hProv, dwKeySpec, X509_ASN_ENCODING,
2975 blob->pbData, blob->cbData, sigAlgo, NULL, sig, &sigSize);
2976 if (ret)
2977 {
2978 CERT_SIGNED_CONTENT_INFO signedInfo;
2979 BYTE *encodedSignedCert = NULL;
2980 DWORD encodedSignedCertSize = 0;
2981
2982 signedInfo.ToBeSigned.cbData = blob->cbData;
2983 signedInfo.ToBeSigned.pbData = blob->pbData;
2984 signedInfo.SignatureAlgorithm = *sigAlgo;
2985 signedInfo.Signature.cbData = sigSize;
2986 signedInfo.Signature.pbData = sig;
2987 signedInfo.Signature.cUnusedBits = 0;
2988 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT,
2989 &signedInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
2990 &encodedSignedCert, &encodedSignedCertSize);
2991 if (ret)
2992 {
2993 context = CertCreateCertificateContext(X509_ASN_ENCODING,
2994 encodedSignedCert, encodedSignedCertSize);
2995 LocalFree(encodedSignedCert);
2996 }
2997 }
2998 CryptMemFree(sig);
2999 }
3000 return context;
3001 }
3002
3003 /* Copies data from the parameters into info, where:
3004 * pSerialNumber: The serial number. Must not be NULL.
3005 * pSubjectIssuerBlob: Specifies both the subject and issuer for info.
3006 * Must not be NULL
3007 * pSignatureAlgorithm: Optional.
3008 * pStartTime: The starting time of the certificate. If NULL, the current
3009 * system time is used.
3010 * pEndTime: The ending time of the certificate. If NULL, one year past the
3011 * starting time is used.
3012 * pubKey: The public key of the certificate. Must not be NULL.
3013 * pExtensions: Extensions to be included with the certificate. Optional.
3014 */
3015 static void CRYPT_MakeCertInfo(PCERT_INFO info, const CRYPT_DATA_BLOB *pSerialNumber,
3016 const CERT_NAME_BLOB *pSubjectIssuerBlob,
3017 const CRYPT_ALGORITHM_IDENTIFIER *pSignatureAlgorithm, const SYSTEMTIME *pStartTime,
3018 const SYSTEMTIME *pEndTime, const CERT_PUBLIC_KEY_INFO *pubKey,
3019 const CERT_EXTENSIONS *pExtensions)
3020 {
3021 static CHAR oid[] = szOID_RSA_SHA1RSA;
3022
3023 assert(info);
3024 assert(pSerialNumber);
3025 assert(pSubjectIssuerBlob);
3026 assert(pubKey);
3027
3028 if (pExtensions && pExtensions->cExtension)
3029 info->dwVersion = CERT_V3;
3030 else
3031 info->dwVersion = CERT_V1;
3032 info->SerialNumber.cbData = pSerialNumber->cbData;
3033 info->SerialNumber.pbData = pSerialNumber->pbData;
3034 if (pSignatureAlgorithm)
3035 info->SignatureAlgorithm = *pSignatureAlgorithm;
3036 else
3037 {
3038 info->SignatureAlgorithm.pszObjId = oid;
3039 info->SignatureAlgorithm.Parameters.cbData = 0;
3040 info->SignatureAlgorithm.Parameters.pbData = NULL;
3041 }
3042 info->Issuer.cbData = pSubjectIssuerBlob->cbData;
3043 info->Issuer.pbData = pSubjectIssuerBlob->pbData;
3044 if (pStartTime)
3045 SystemTimeToFileTime(pStartTime, &info->NotBefore);
3046 else
3047 GetSystemTimeAsFileTime(&info->NotBefore);
3048 if (pEndTime)
3049 SystemTimeToFileTime(pEndTime, &info->NotAfter);
3050 else
3051 {
3052 SYSTEMTIME endTime;
3053
3054 if (FileTimeToSystemTime(&info->NotBefore, &endTime))
3055 {
3056 endTime.wYear++;
3057 SystemTimeToFileTime(&endTime, &info->NotAfter);
3058 }
3059 }
3060 info->Subject.cbData = pSubjectIssuerBlob->cbData;
3061 info->Subject.pbData = pSubjectIssuerBlob->pbData;
3062 info->SubjectPublicKeyInfo = *pubKey;
3063 if (pExtensions)
3064 {
3065 info->cExtension = pExtensions->cExtension;
3066 info->rgExtension = pExtensions->rgExtension;
3067 }
3068 else
3069 {
3070 info->cExtension = 0;
3071 info->rgExtension = NULL;
3072 }
3073 }
3074
3075 typedef RPC_STATUS (RPC_ENTRY *UuidCreateFunc)(UUID *);
3076 typedef RPC_STATUS (RPC_ENTRY *UuidToStringFunc)(UUID *, unsigned char **);
3077 typedef RPC_STATUS (RPC_ENTRY *RpcStringFreeFunc)(unsigned char **);
3078
3079 static HCRYPTPROV CRYPT_CreateKeyProv(void)
3080 {
3081 HCRYPTPROV hProv = 0;
3082 HMODULE rpcrt = LoadLibraryA("rpcrt4");
3083
3084 if (rpcrt)
3085 {
3086 UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
3087 "UuidCreate");
3088 UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
3089 "UuidToStringA");
3090 RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
3091 rpcrt, "RpcStringFreeA");
3092
3093 if (uuidCreate && uuidToString && rpcStringFree)
3094 {
3095 UUID uuid;
3096 RPC_STATUS status = uuidCreate(&uuid);
3097
3098 if (status == RPC_S_OK || status == RPC_S_UUID_LOCAL_ONLY)
3099 {
3100 unsigned char *uuidStr;
3101
3102 status = uuidToString(&uuid, &uuidStr);
3103 if (status == RPC_S_OK)
3104 {
3105 BOOL ret = CryptAcquireContextA(&hProv, (LPCSTR)uuidStr,
3106 MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_NEWKEYSET);
3107
3108 if (ret)
3109 {
3110 HCRYPTKEY key;
3111
3112 ret = CryptGenKey(hProv, AT_SIGNATURE, 0, &key);
3113 if (ret)
3114 CryptDestroyKey(key);
3115 }
3116 rpcStringFree(&uuidStr);
3117 }
3118 }
3119 }
3120 FreeLibrary(rpcrt);
3121 }
3122 return hProv;
3123 }
3124
3125 PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv,
3126 PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD dwFlags,
3127 PCRYPT_KEY_PROV_INFO pKeyProvInfo,
3128 PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
3129 PSYSTEMTIME pEndTime, PCERT_EXTENSIONS pExtensions)
3130 {
3131 PCCERT_CONTEXT context = NULL;
3132 BOOL ret, releaseContext = FALSE;
3133 PCERT_PUBLIC_KEY_INFO pubKey = NULL;
3134 DWORD pubKeySize = 0, dwKeySpec;
3135
3136 TRACE("(%08lx, %p, %08x, %p, %p, %p, %p, %p)\n", hProv,
3137 pSubjectIssuerBlob, dwFlags, pKeyProvInfo, pSignatureAlgorithm, pStartTime,
3138 pExtensions, pExtensions);
3139
3140 if(!pSubjectIssuerBlob)
3141 {
3142 SetLastError(ERROR_INVALID_PARAMETER);
3143 return NULL;
3144 }
3145
3146 dwKeySpec = pKeyProvInfo ? pKeyProvInfo->dwKeySpec : AT_SIGNATURE;
3147 if (!hProv)
3148 {
3149 if (!pKeyProvInfo)
3150 {
3151 hProv = CRYPT_CreateKeyProv();
3152 releaseContext = TRUE;
3153 }
3154 else if (pKeyProvInfo->dwFlags & CERT_SET_KEY_PROV_HANDLE_PROP_ID)
3155 {
3156 SetLastError(NTE_BAD_FLAGS);
3157 return NULL;
3158 }
3159 else
3160 {
3161 HCRYPTKEY hKey = 0;
3162 /* acquire the context using the given information*/
3163 ret = CryptAcquireContextW(&hProv,pKeyProvInfo->pwszContainerName,
3164 pKeyProvInfo->pwszProvName,pKeyProvInfo->dwProvType,
3165 pKeyProvInfo->dwFlags);
3166 if (!ret)
3167 {
3168 if(GetLastError() != NTE_BAD_KEYSET)
3169 return NULL;
3170 /* create the key set */
3171 ret = CryptAcquireContextW(&hProv,pKeyProvInfo->pwszContainerName,
3172 pKeyProvInfo->pwszProvName,pKeyProvInfo->dwProvType,
3173 pKeyProvInfo->dwFlags|CRYPT_NEWKEYSET);
3174 if (!ret)
3175 return NULL;
3176 }
3177 /* check if the key is here */
3178 ret = CryptGetUserKey(hProv,dwKeySpec,&hKey);
3179 if(!ret)
3180 {
3181 if (NTE_NO_KEY == GetLastError())
3182 { /* generate the key */
3183 ret = CryptGenKey(hProv,dwKeySpec,0,&hKey);
3184 }
3185 if (!ret)
3186 {
3187 CryptReleaseContext(hProv,0);
3188 SetLastError(NTE_BAD_KEYSET);
3189 return NULL;
3190 }
3191 }
3192 CryptDestroyKey(hKey);
3193 releaseContext = TRUE;
3194 }
3195 }
3196
3197 ret = CryptExportPublicKeyInfo(hProv, dwKeySpec, X509_ASN_ENCODING, NULL,
3198 &pubKeySize);
3199 if (!ret)
3200 goto end;
3201 pubKey = CryptMemAlloc(pubKeySize);
3202 if (pubKey)
3203 {
3204 ret = CryptExportPublicKeyInfo(hProv, dwKeySpec, X509_ASN_ENCODING,
3205 pubKey, &pubKeySize);
3206 if (ret)
3207 {
3208 CERT_INFO info = { 0 };
3209 CRYPT_DER_BLOB blob = { 0, NULL };
3210 BYTE serial[16];
3211 CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
3212
3213 CryptGenRandom(hProv, sizeof(serial), serial);
3214 CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
3215 pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
3216 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
3217 &info, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData,
3218 &blob.cbData);
3219 if (ret)
3220 {
3221 if (!(dwFlags & CERT_CREATE_SELFSIGN_NO_SIGN))
3222 context = CRYPT_CreateSignedCert(&blob, hProv,dwKeySpec,
3223 &info.SignatureAlgorithm);
3224 else
3225 context = CertCreateCertificateContext(X509_ASN_ENCODING,
3226 blob.pbData, blob.cbData);
3227 if (context && !(dwFlags & CERT_CREATE_SELFSIGN_NO_KEY_INFO))
3228 CertContext_SetKeyProvInfo(context, pKeyProvInfo, hProv);
3229 LocalFree(blob.pbData);
3230 }
3231 }
3232 CryptMemFree(pubKey);
3233 }
3234 end:
3235 if (releaseContext)
3236 CryptReleaseContext(hProv, 0);
3237 return context;
3238 }
3239
3240 BOOL WINAPI CertVerifyCTLUsage(DWORD dwEncodingType, DWORD dwSubjectType,
3241 void *pvSubject, PCTL_USAGE pSubjectUsage, DWORD dwFlags,
3242 PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
3243 PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus)
3244 {
3245 FIXME("(0x%x, %d, %p, %p, 0x%x, %p, %p): stub\n", dwEncodingType,
3246 dwSubjectType, pvSubject, pSubjectUsage, dwFlags, pVerifyUsagePara,
3247 pVerifyUsageStatus);
3248 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3249 return FALSE;
3250 }
3251
3252 const void * WINAPI CertCreateContext(DWORD dwContextType, DWORD dwEncodingType,
3253 const BYTE *pbEncoded, DWORD cbEncoded,
3254 DWORD dwFlags, PCERT_CREATE_CONTEXT_PARA pCreatePara)
3255 {
3256 TRACE("(0x%x, 0x%x, %p, %d, 0x%08x, %p)\n", dwContextType, dwEncodingType,
3257 pbEncoded, cbEncoded, dwFlags, pCreatePara);
3258
3259 if (dwFlags)
3260 {
3261 FIXME("dwFlags 0x%08x not handled\n", dwFlags);
3262 return NULL;
3263 }
3264 if (pCreatePara)
3265 {
3266 FIXME("pCreatePara not handled\n");
3267 return NULL;
3268 }
3269
3270 switch (dwContextType)
3271 {
3272 case CERT_STORE_CERTIFICATE_CONTEXT:
3273 return CertCreateCertificateContext(dwEncodingType, pbEncoded, cbEncoded);
3274 case CERT_STORE_CRL_CONTEXT:
3275 return CertCreateCRLContext(dwEncodingType, pbEncoded, cbEncoded);
3276 case CERT_STORE_CTL_CONTEXT:
3277 return CertCreateCTLContext(dwEncodingType, pbEncoded, cbEncoded);
3278 default:
3279 WARN("unknown context type: 0x%x\n", dwContextType);
3280 return NULL;
3281 }
3282 }
Windows API implementation