search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push 0a4ef4c8802fa61eba589064e60bc90a80182312
[wine/hacks.git] / dlls / cryptnet / cryptnet_main.c
blob2306941b37ce7ae10a1c4cd49a83cdd95817ae69
1 /*
2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #include "config.h"
22 #include "wine/port.h"
23
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
27
28 #include <stdio.h>
29 #include <stdarg.h>
30
31 #include "windef.h"
32 #include "winbase.h"
33 #include "winnt.h"
34 #include "winnls.h"
35 #include "wininet.h"
36 #include "objbase.h"
37 #include "wincrypt.h"
38
39 #include "wine/debug.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
42
43 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
44 {
45 TRACE("(0x%p, %d, %p)\n", hinstDLL, fdwReason, lpvReserved);
46
47 switch (fdwReason) {
48 case DLL_PROCESS_ATTACH:
49 DisableThreadLibraryCalls(hinstDLL);
50 break;
51 case DLL_PROCESS_DETACH:
52 /* Do uninitialisation here */
53 break;
54 default: break;
55 }
56 return TRUE;
57 }
58
59 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
60 'd','l','l',0 };
61 static const WCHAR ldapProvOpenStore[] = { 'L','d','a','p','P','r','o','v',
62 'O','p','e','S','t','o','r','e',0 };
63
64 /***********************************************************************
65 * DllRegisterServer (CRYPTNET.@)
66 */
67 HRESULT WINAPI DllRegisterServer(void)
68 {
69 TRACE("\n");
70 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
71 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
72 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
73 cryptNet, "LdapProvOpenStore");
74 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
75 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
76 return S_OK;
77 }
78
79 /***********************************************************************
80 * DllUnregisterServer (CRYPTNET.@)
81 */
82 HRESULT WINAPI DllUnregisterServer(void)
83 {
84 TRACE("\n");
85 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
86 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
87 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
88 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
89 CERT_STORE_PROV_LDAP_W);
90 return S_OK;
91 }
92
93 static const char *url_oid_to_str(LPCSTR oid)
94 {
95 if (HIWORD(oid))
96 return oid;
97 else
98 {
99 static char buf[10];
100
101 switch (LOWORD(oid))
102 {
103 #define _x(oid) case LOWORD(oid): return #oid
104 _x(URL_OID_CERTIFICATE_ISSUER);
105 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
106 _x(URL_OID_CTL_ISSUER);
107 _x(URL_OID_CTL_NEXT_UPDATE);
108 _x(URL_OID_CRL_ISSUER);
109 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
110 _x(URL_OID_CRL_FRESHEST_CRL);
111 _x(URL_OID_CROSS_CERT_DIST_POINT);
112 #undef _x
113 default:
114 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
115 return buf;
116 }
117 }
118 }
119
120 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
121 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
122
123 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
124 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
125 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
126 {
127 PCCERT_CONTEXT cert = pvPara;
128 PCERT_EXTENSION ext;
129 BOOL ret = FALSE;
130
131 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
132 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
133 {
134 SetLastError(CRYPT_E_NOT_FOUND);
135 return FALSE;
136 }
137 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
138 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
139 {
140 CERT_AUTHORITY_INFO_ACCESS *aia;
141 DWORD size;
142
143 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
144 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
145 &aia, &size);
146 if (ret)
147 {
148 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
149
150 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
151 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
152 szOID_PKIX_CA_ISSUERS))
153 {
154 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
155 CERT_ALT_NAME_URL)
156 {
157 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
158 {
159 cUrl++;
160 bytesNeeded += sizeof(LPWSTR) +
161 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
162 pwszURL) + 1) * sizeof(WCHAR);
163 }
164 }
165 else
166 FIXME("unsupported alt name type %d\n",
167 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
168 }
169 if (!pcbUrlArray)
170 {
171 SetLastError(E_INVALIDARG);
172 ret = FALSE;
173 }
174 else if (!pUrlArray)
175 *pcbUrlArray = bytesNeeded;
176 else if (*pcbUrlArray < bytesNeeded)
177 {
178 SetLastError(ERROR_MORE_DATA);
179 *pcbUrlArray = bytesNeeded;
180 ret = FALSE;
181 }
182 else
183 {
184 LPWSTR nextUrl;
185
186 *pcbUrlArray = bytesNeeded;
187 pUrlArray->cUrl = 0;
188 pUrlArray->rgwszUrl =
189 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
190 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
191 + cUrl * sizeof(LPWSTR));
192 for (i = 0; i < aia->cAccDescr; i++)
193 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
194 szOID_PKIX_CA_ISSUERS))
195 {
196 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
197 == CERT_ALT_NAME_URL)
198 {
199 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
200 {
201 lstrcpyW(nextUrl,
202 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
203 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
204 nextUrl;
205 nextUrl += (lstrlenW(nextUrl) + 1);
206 }
207 }
208 }
209 }
210 if (ret)
211 {
212 if (pcbUrlInfo)
213 {
214 FIXME("url info: stub\n");
215 if (!pUrlInfo)
216 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
217 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
218 {
219 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
220 SetLastError(ERROR_MORE_DATA);
221 ret = FALSE;
222 }
223 else
224 {
225 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
226 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
227 }
228 }
229 }
230 LocalFree(aia);
231 }
232 }
233 else
234 SetLastError(CRYPT_E_NOT_FOUND);
235 return ret;
236 }
237
238 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
239 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
240 DWORD *pcbUrlInfo)
241 {
242 BOOL ret;
243 CRL_DIST_POINTS_INFO *info;
244 DWORD size;
245
246 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
247 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
248 if (ret)
249 {
250 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
251
252 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
253 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
254 == CRL_DIST_POINT_FULL_NAME)
255 {
256 DWORD j;
257 CERT_ALT_NAME_INFO *name =
258 &info->rgDistPoint[i].DistPointName.u.FullName;
259
260 for (j = 0; j < name->cAltEntry; j++)
261 if (name->rgAltEntry[j].dwAltNameChoice ==
262 CERT_ALT_NAME_URL)
263 {
264 if (name->rgAltEntry[j].u.pwszURL)
265 {
266 cUrl++;
267 bytesNeeded += sizeof(LPWSTR) +
268 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
269 * sizeof(WCHAR);
270 }
271 }
272 }
273 if (!pcbUrlArray)
274 {
275 SetLastError(E_INVALIDARG);
276 ret = FALSE;
277 }
278 else if (!pUrlArray)
279 *pcbUrlArray = bytesNeeded;
280 else if (*pcbUrlArray < bytesNeeded)
281 {
282 SetLastError(ERROR_MORE_DATA);
283 *pcbUrlArray = bytesNeeded;
284 ret = FALSE;
285 }
286 else
287 {
288 LPWSTR nextUrl;
289
290 *pcbUrlArray = bytesNeeded;
291 pUrlArray->cUrl = 0;
292 pUrlArray->rgwszUrl =
293 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
294 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
295 + cUrl * sizeof(LPWSTR));
296 for (i = 0; i < info->cDistPoint; i++)
297 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
298 == CRL_DIST_POINT_FULL_NAME)
299 {
300 DWORD j;
301 CERT_ALT_NAME_INFO *name =
302 &info->rgDistPoint[i].DistPointName.u.FullName;
303
304 for (j = 0; j < name->cAltEntry; j++)
305 if (name->rgAltEntry[j].dwAltNameChoice ==
306 CERT_ALT_NAME_URL)
307 {
308 if (name->rgAltEntry[j].u.pwszURL)
309 {
310 lstrcpyW(nextUrl,
311 name->rgAltEntry[j].u.pwszURL);
312 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
313 nextUrl;
314 nextUrl +=
315 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
316 }
317 }
318 }
319 }
320 if (ret)
321 {
322 if (pcbUrlInfo)
323 {
324 FIXME("url info: stub\n");
325 if (!pUrlInfo)
326 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
327 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
328 {
329 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
330 SetLastError(ERROR_MORE_DATA);
331 ret = FALSE;
332 }
333 else
334 {
335 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
336 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
337 }
338 }
339 }
340 LocalFree(info);
341 }
342 return ret;
343 }
344
345 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
346 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
347 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
348 {
349 PCCERT_CONTEXT cert = pvPara;
350 PCERT_EXTENSION ext;
351 BOOL ret = FALSE;
352
353 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
354 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
355 {
356 SetLastError(CRYPT_E_NOT_FOUND);
357 return FALSE;
358 }
359 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
360 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
361 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
362 pcbUrlArray, pUrlInfo, pcbUrlInfo);
363 else
364 SetLastError(CRYPT_E_NOT_FOUND);
365 return ret;
366 }
367
368 /***********************************************************************
369 * CryptGetObjectUrl (CRYPTNET.@)
370 */
371 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
372 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
373 DWORD *pcbUrlInfo, LPVOID pvReserved)
374 {
375 UrlDllGetObjectUrlFunc func = NULL;
376 HCRYPTOIDFUNCADDR hFunc = NULL;
377 BOOL ret = FALSE;
378
379 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
380 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
381
382 if (!HIWORD(pszUrlOid))
383 {
384 switch (LOWORD(pszUrlOid))
385 {
386 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
387 func = CRYPT_GetUrlFromCertificateIssuer;
388 break;
389 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
390 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
391 break;
392 default:
393 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
394 SetLastError(ERROR_FILE_NOT_FOUND);
395 }
396 }
397 else
398 {
399 static HCRYPTOIDFUNCSET set = NULL;
400
401 if (!set)
402 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
403 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
404 (void **)&func, &hFunc);
405 }
406 if (func)
407 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
408 pUrlInfo, pcbUrlInfo, pvReserved);
409 if (hFunc)
410 CryptFreeOIDFunctionAddress(hFunc, 0);
411 return ret;
412 }
413
414 /***********************************************************************
415 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
416 */
417 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
418 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
419 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
420 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
421 {
422 BOOL ret = FALSE;
423 int len;
424
425 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
426 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
427 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
428
429 if (!pszURL)
430 {
431 SetLastError(ERROR_INVALID_PARAMETER);
432 return FALSE;
433 }
434 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
435 if (len)
436 {
437 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
438
439 if (url)
440 {
441 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
442 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
443 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
444 pCredentials, pvVerify, pAuxInfo);
445 CryptMemFree(url);
446 }
447 else
448 SetLastError(ERROR_OUTOFMEMORY);
449 }
450 return ret;
451 }
452
453 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
454 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
455 {
456 DWORD i;
457
458 for (i = 0; i < pObject->cBlob; i++)
459 CryptMemFree(pObject->rgBlob[i].pbData);
460 CryptMemFree(pObject->rgBlob);
461 }
462
463 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
464 {
465 BOOL ret;
466 LARGE_INTEGER size;
467
468 if ((ret = GetFileSizeEx(hFile, &size)))
469 {
470 if (size.u.HighPart)
471 {
472 WARN("file too big\n");
473 SetLastError(ERROR_INVALID_DATA);
474 ret = FALSE;
475 }
476 else
477 {
478 CRYPT_DATA_BLOB blob;
479
480 blob.pbData = CryptMemAlloc(size.u.LowPart);
481 if (blob.pbData)
482 {
483 blob.cbData = size.u.LowPart;
484 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
485 NULL);
486 if (ret)
487 {
488 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
489 if (pObject->rgBlob)
490 {
491 pObject->cBlob = 1;
492 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
493 }
494 else
495 {
496 SetLastError(ERROR_OUTOFMEMORY);
497 ret = FALSE;
498 }
499 }
500 if (!ret)
501 CryptMemFree(blob.pbData);
502 }
503 else
504 {
505 SetLastError(ERROR_OUTOFMEMORY);
506 ret = FALSE;
507 }
508 }
509 }
510 return ret;
511 }
512
513 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
514 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
515 {
516 BOOL ret = FALSE;
517 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
518 DWORD size = 0;
519
520 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
521
522 ret = GetUrlCacheEntryInfoW(pszURL, NULL, &size);
523 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
524 {
525 pCacheInfo = CryptMemAlloc(size);
526 if (pCacheInfo)
527 ret = TRUE;
528 else
529 SetLastError(ERROR_OUTOFMEMORY);
530 }
531 if (ret && (ret = GetUrlCacheEntryInfoW(pszURL, pCacheInfo, &size)))
532 {
533 FILETIME ft;
534
535 GetSystemTimeAsFileTime(&ft);
536 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
537 {
538 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName,
539 GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
540
541 if (hFile != INVALID_HANDLE_VALUE)
542 {
543 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
544 {
545 if (pAuxInfo && pAuxInfo->cbSize >=
546 offsetof(CRYPT_RETRIEVE_AUX_INFO,
547 pLastSyncTime) + sizeof(PFILETIME) &&
548 pAuxInfo->pLastSyncTime)
549 memcpy(pAuxInfo->pLastSyncTime,
550 &pCacheInfo->LastSyncTime,
551 sizeof(FILETIME));
552 }
553 CloseHandle(hFile);
554 }
555 else
556 {
557 DeleteUrlCacheEntryW(pszURL);
558 ret = FALSE;
559 }
560 }
561 else
562 {
563 DeleteUrlCacheEntryW(pszURL);
564 ret = FALSE;
565 }
566 }
567 CryptMemFree(pCacheInfo);
568 TRACE("returning %d\n", ret);
569 return ret;
570 }
571
572 /* Parses the URL, and sets components's lpszHostName and lpszUrlPath members
573 * to NULL-terminated copies of those portions of the URL (to be freed with
574 * CryptMemFree.)
575 */
576 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
577 {
578 BOOL ret;
579
580 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
581
582 memset(components, 0, sizeof(*components));
583 components->dwStructSize = sizeof(*components);
584 components->lpszHostName = CryptMemAlloc(MAX_PATH * sizeof(WCHAR));
585 components->dwHostNameLength = MAX_PATH;
586 components->lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
587 components->dwUrlPathLength = 2 * MAX_PATH;
588 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
589 if (ret)
590 {
591 if ((components->dwUrlPathLength == 2 * MAX_PATH - 1) ||
592 (components->dwHostNameLength == MAX_PATH - 1))
593 FIXME("Buffers are too small\n");
594 switch (components->nScheme)
595 {
596 case INTERNET_SCHEME_FTP:
597 if (!components->nPort)
598 components->nPort = INTERNET_DEFAULT_FTP_PORT;
599 break;
600 case INTERNET_SCHEME_HTTP:
601 if (!components->nPort)
602 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
603 break;
604 default:
605 ; /* do nothing */
606 }
607 }
608 TRACE("returning %d\n", ret);
609 return ret;
610 }
611
612 struct InetContext
613 {
614 HANDLE event;
615 DWORD timeout;
616 DWORD error;
617 };
618
619 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
620 {
621 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
622
623 if (context)
624 {
625 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
626 if (!context->event)
627 {
628 CryptMemFree(context);
629 context = NULL;
630 }
631 else
632 {
633 context->timeout = dwTimeout;
634 context->error = ERROR_SUCCESS;
635 }
636 }
637 return context;
638 }
639
640 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
641 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
642 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
643 {
644 CRYPT_DATA_BLOB object = { 0, NULL };
645 DWORD bytesAvailable;
646 BOOL ret;
647
648 do {
649 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
650 {
651 if (bytesAvailable)
652 {
653 if (object.pbData)
654 object.pbData = CryptMemRealloc(object.pbData,
655 object.cbData + bytesAvailable);
656 else
657 object.pbData = CryptMemAlloc(bytesAvailable);
658 if (object.pbData)
659 {
660 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
661
662 buffer.dwBufferLength = bytesAvailable;
663 buffer.lpvBuffer = object.pbData + object.cbData;
664 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
665 (DWORD_PTR)context)))
666 {
667 if (GetLastError() == ERROR_IO_PENDING)
668 {
669 if (WaitForSingleObject(context->event,
670 context->timeout) == WAIT_TIMEOUT)
671 SetLastError(ERROR_TIMEOUT);
672 else if (context->error)
673 SetLastError(context->error);
674 else
675 ret = TRUE;
676 }
677 }
678 if (ret)
679 object.cbData += buffer.dwBufferLength;
680 }
681 else
682 {
683 SetLastError(ERROR_OUTOFMEMORY);
684 ret = FALSE;
685 }
686 }
687 }
688 else if (GetLastError() == ERROR_IO_PENDING)
689 {
690 if (WaitForSingleObject(context->event, context->timeout) ==
691 WAIT_TIMEOUT)
692 SetLastError(ERROR_TIMEOUT);
693 else
694 ret = TRUE;
695 }
696 } while (ret && bytesAvailable);
697 if (ret)
698 {
699 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
700 if (!pObject->rgBlob)
701 {
702 CryptMemFree(object.pbData);
703 SetLastError(ERROR_OUTOFMEMORY);
704 ret = FALSE;
705 }
706 else
707 {
708 pObject->rgBlob[0].cbData = object.cbData;
709 pObject->rgBlob[0].pbData = object.pbData;
710 pObject->cBlob = 1;
711 }
712 }
713 TRACE("returning %d\n", ret);
714 return ret;
715 }
716
717 /* Finds the object specified by pszURL in the cache. If it's not found,
718 * creates a new cache entry for the object and writes the object to it.
719 * Sets the expiration time of the cache entry to expires.
720 */
721 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
722 DWORD dwRetrievalFlags, FILETIME expires)
723 {
724 WCHAR cacheFileName[MAX_PATH];
725 DWORD size = 0;
726 BOOL ret, create = FALSE;
727
728 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
729 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
730 {
731 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
732
733 if (info)
734 {
735 FILETIME ft;
736
737 ret = GetUrlCacheEntryInfoW(pszURL, info, &size);
738 if (ret)
739 lstrcpyW(cacheFileName, info->lpszLocalFileName);
740 /* Check if the existing cache entry is up to date. If it isn't,
741 * overwite it with the new value.
742 */
743 GetSystemTimeAsFileTime(&ft);
744 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
745 create = TRUE;
746 CryptMemFree(info);
747 }
748 else
749 ret = FALSE;
750 }
751 else
752 {
753 ret = CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL,
754 cacheFileName, 0);
755 create = TRUE;
756 }
757 if (ret)
758 {
759 DWORD entryType;
760 FILETIME ft = { 0 };
761
762 if (create)
763 {
764 HANDLE hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
765 NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
766
767 if (hCacheFile != INVALID_HANDLE_VALUE)
768 {
769 DWORD bytesWritten;
770
771 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
772 pObject->rgBlob[0].cbData, &bytesWritten, NULL);
773 CloseHandle(hCacheFile);
774 }
775 else
776 ret = FALSE;
777 }
778 if (ret)
779 {
780 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
781 entryType = NORMAL_CACHE_ENTRY;
782 else
783 entryType = STICKY_CACHE_ENTRY;
784 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
785 NULL, 0, NULL, NULL);
786 }
787 }
788 }
789
790 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
791 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
792 {
793 struct InetContext *context = (struct InetContext *)dwContext;
794 LPINTERNET_ASYNC_RESULT result;
795
796 switch (status)
797 {
798 case INTERNET_STATUS_REQUEST_COMPLETE:
799 result = statusInfo;
800 context->error = result->dwError;
801 SetEvent(context->event);
802 }
803 }
804
805 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
806 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
807 HINTERNET *phInt, HINTERNET *phHost)
808 {
809 BOOL ret;
810
811 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
812 components->nPort, context, pCredentials, phInt, phInt);
813
814 *phHost = NULL;
815 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL,
816 context ? INTERNET_FLAG_ASYNC : 0);
817 if (*phInt)
818 {
819 DWORD service;
820
821 if (context)
822 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
823 switch (components->nScheme)
824 {
825 case INTERNET_SCHEME_FTP:
826 service = INTERNET_SERVICE_FTP;
827 break;
828 case INTERNET_SCHEME_HTTP:
829 service = INTERNET_SERVICE_HTTP;
830 break;
831 default:
832 service = 0;
833 }
834 /* FIXME: use pCredentials for username/password */
835 *phHost = InternetConnectW(*phInt, components->lpszHostName,
836 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
837 if (!*phHost)
838 {
839 InternetCloseHandle(*phInt);
840 *phInt = NULL;
841 ret = FALSE;
842 }
843 else
844 ret = TRUE;
845 }
846 else
847 ret = FALSE;
848 TRACE("returning %d\n", ret);
849 return ret;
850 }
851
852 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
853 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
854 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
855 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
856 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
857 {
858 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
859 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
860 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
861
862 pObject->cBlob = 0;
863 pObject->rgBlob = NULL;
864 *ppfnFreeObject = CRYPT_FreeBlob;
865 *ppvFreeContext = NULL;
866 return FALSE;
867 }
868
869 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
870 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
871 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
872 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
873 0 };
874 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
875 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
876 't',0 };
877 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
878 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
879 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
880 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
881 's',0 };
882 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
883 '/','p','k','i','x','-','c','r','l',0 };
884 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
885 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
886 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
887 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
888 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
889 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
890
891 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
892 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
893 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
894 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
895 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
896 {
897 BOOL ret = FALSE;
898
899 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
900 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
901 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
902
903 pObject->cBlob = 0;
904 pObject->rgBlob = NULL;
905 *ppfnFreeObject = CRYPT_FreeBlob;
906 *ppvFreeContext = NULL;
907
908 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
909 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
910 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
911 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
912 {
913 URL_COMPONENTSW components;
914
915 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
916 {
917 HINTERNET hInt, hHost;
918 struct InetContext *context = NULL;
919
920 if (dwTimeout)
921 context = CRYPT_MakeInetContext(dwTimeout);
922 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
923 &hHost);
924 if (ret)
925 {
926 static LPCWSTR types[] = { x509cacert, x509emailcert,
927 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
928 pkcs7sig, pkcs7mime, NULL };
929 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
930 components.lpszUrlPath, NULL, NULL, types,
931 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
932 (DWORD_PTR)context);
933
934 if (hHttp)
935 {
936 if (dwTimeout)
937 {
938 InternetSetOptionW(hHttp,
939 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
940 sizeof(dwTimeout));
941 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
942 &dwTimeout, sizeof(dwTimeout));
943 }
944 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
945 (DWORD_PTR)context);
946 if (!ret && GetLastError() == ERROR_IO_PENDING)
947 {
948 if (WaitForSingleObject(context->event,
949 context->timeout) == WAIT_TIMEOUT)
950 SetLastError(ERROR_TIMEOUT);
951 else
952 ret = TRUE;
953 }
954 /* We don't set ret to TRUE in this block to avoid masking
955 * an error from HttpSendRequestExW.
956 */
957 if (!HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context) &&
958 GetLastError() == ERROR_IO_PENDING)
959 {
960 if (WaitForSingleObject(context->event,
961 context->timeout) == WAIT_TIMEOUT)
962 {
963 SetLastError(ERROR_TIMEOUT);
964 ret = FALSE;
965 }
966 }
967 if (ret)
968 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
969 context, pObject, pAuxInfo);
970 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
971 {
972 SYSTEMTIME st;
973 DWORD len = sizeof(st);
974
975 if (HttpQueryInfoW(hHttp,
976 HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
977 &len, NULL))
978 {
979 FILETIME ft;
980
981 SystemTimeToFileTime(&st, &ft);
982 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
983 ft);
984 }
985 }
986 InternetCloseHandle(hHttp);
987 }
988 InternetCloseHandle(hHost);
989 InternetCloseHandle(hInt);
990 }
991 if (context)
992 {
993 CloseHandle(context->event);
994 CryptMemFree(context);
995 }
996 CryptMemFree(components.lpszUrlPath);
997 CryptMemFree(components.lpszHostName);
998 }
999 }
1000 TRACE("returning %d\n", ret);
1001 return ret;
1002 }
1003
1004 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
1005 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1006 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1007 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1008 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1009 {
1010 URL_COMPONENTSW components = { sizeof(components), 0 };
1011 BOOL ret;
1012
1013 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1014 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
1015 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1016
1017 pObject->cBlob = 0;
1018 pObject->rgBlob = NULL;
1019 *ppfnFreeObject = CRYPT_FreeBlob;
1020 *ppvFreeContext = NULL;
1021
1022 components.lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
1023 components.dwUrlPathLength = 2 * MAX_PATH;
1024 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1025 if (ret)
1026 {
1027 LPWSTR path;
1028
1029 if (components.dwUrlPathLength == 2 * MAX_PATH - 1)
1030 FIXME("Buffers are too small\n");
1031
1032 /* 3 == lstrlenW(L"c:") + 1 */
1033 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1034 if (path)
1035 {
1036 HANDLE hFile;
1037
1038 /* Try to create the file directly - Wine handles / in pathnames */
1039 lstrcpynW(path, components.lpszUrlPath,
1040 components.dwUrlPathLength + 1);
1041 hFile = CreateFileW(path, GENERIC_READ, 0, NULL, OPEN_EXISTING,
1042 FILE_ATTRIBUTE_NORMAL, NULL);
1043 if (hFile == INVALID_HANDLE_VALUE)
1044 {
1045 /* Try again on the current drive */
1046 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1047 if (path[1] == ':')
1048 {
1049 lstrcpynW(path + 2, components.lpszUrlPath,
1050 components.dwUrlPathLength + 1);
1051 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1052 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1053 }
1054 if (hFile == INVALID_HANDLE_VALUE)
1055 {
1056 /* Try again on the Windows drive */
1057 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1058 if (path[1] == ':')
1059 {
1060 lstrcpynW(path + 2, components.lpszUrlPath,
1061 components.dwUrlPathLength + 1);
1062 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1063 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1064 }
1065 }
1066 }
1067 if (hFile != INVALID_HANDLE_VALUE)
1068 {
1069 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1070 {
1071 if (pAuxInfo && pAuxInfo->cbSize >=
1072 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1073 pLastSyncTime) + sizeof(PFILETIME) &&
1074 pAuxInfo->pLastSyncTime)
1075 GetFileTime(hFile, NULL, NULL,
1076 pAuxInfo->pLastSyncTime);
1077 }
1078 CloseHandle(hFile);
1079 }
1080 else
1081 ret = FALSE;
1082 CryptMemFree(path);
1083 }
1084 }
1085 CryptMemFree(components.lpszUrlPath);
1086 return ret;
1087 }
1088
1089 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1090 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1091 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1092 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1093 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1094
1095 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1096 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1097 {
1098 URL_COMPONENTSW components = { sizeof(components), 0 };
1099 BOOL ret;
1100
1101 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1102
1103 *pFunc = NULL;
1104 *phFunc = 0;
1105 components.dwSchemeLength = 1;
1106 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1107 if (ret)
1108 {
1109 /* Microsoft always uses CryptInitOIDFunctionSet/
1110 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1111 * reason to do so for builtin schemes.
1112 */
1113 switch (components.nScheme)
1114 {
1115 case INTERNET_SCHEME_FTP:
1116 *pFunc = FTP_RetrieveEncodedObjectW;
1117 break;
1118 case INTERNET_SCHEME_HTTP:
1119 *pFunc = HTTP_RetrieveEncodedObjectW;
1120 break;
1121 case INTERNET_SCHEME_FILE:
1122 *pFunc = File_RetrieveEncodedObjectW;
1123 break;
1124 default:
1125 {
1126 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1127 components.dwSchemeLength, NULL, 0, NULL, NULL);
1128
1129 if (len)
1130 {
1131 LPSTR scheme = CryptMemAlloc(len);
1132
1133 if (scheme)
1134 {
1135 static HCRYPTOIDFUNCSET set = NULL;
1136
1137 if (!set)
1138 set = CryptInitOIDFunctionSet(
1139 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1140 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1141 components.dwSchemeLength, scheme, len, NULL, NULL);
1142 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1143 scheme, 0, (void **)pFunc, phFunc);
1144 CryptMemFree(scheme);
1145 }
1146 else
1147 {
1148 SetLastError(ERROR_OUTOFMEMORY);
1149 ret = FALSE;
1150 }
1151 }
1152 else
1153 ret = FALSE;
1154 }
1155 }
1156 }
1157 TRACE("returning %d\n", ret);
1158 return ret;
1159 }
1160
1161 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1162 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1163 {
1164 DWORD size, i;
1165 CRYPT_BLOB_ARRAY *context;
1166 BOOL ret = FALSE;
1167
1168 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1169 for (i = 0; i < pObject->cBlob; i++)
1170 size += pObject->rgBlob[i].cbData;
1171 context = CryptMemAlloc(size);
1172 if (context)
1173 {
1174 LPBYTE nextData;
1175
1176 context->cBlob = 0;
1177 context->rgBlob =
1178 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1179 nextData =
1180 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1181 for (i = 0; i < pObject->cBlob; i++)
1182 {
1183 memcpy(nextData, pObject->rgBlob[i].pbData,
1184 pObject->rgBlob[i].cbData);
1185 context->rgBlob[i].pbData = nextData;
1186 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1187 nextData += pObject->rgBlob[i].cbData;
1188 context->cBlob++;
1189 }
1190 *ppvContext = context;
1191 ret = TRUE;
1192 }
1193 return ret;
1194 }
1195
1196 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1197 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1198
1199 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1200 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1201 {
1202 BOOL ret = TRUE;
1203
1204 if (!pObject->cBlob)
1205 {
1206 SetLastError(ERROR_INVALID_DATA);
1207 *ppvContext = NULL;
1208 ret = FALSE;
1209 }
1210 else if (pObject->cBlob == 1)
1211 {
1212 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1213 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1214 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1215 {
1216 SetLastError(CRYPT_E_NO_MATCH);
1217 ret = FALSE;
1218 }
1219 }
1220 else
1221 {
1222 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1223 CERT_STORE_CREATE_NEW_FLAG, NULL);
1224
1225 if (store)
1226 {
1227 DWORD i;
1228 const void *context;
1229
1230 for (i = 0; i < pObject->cBlob; i++)
1231 {
1232 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1233 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1234 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1235 NULL, &context))
1236 {
1237 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1238 ret = FALSE;
1239 }
1240 else
1241 {
1242 SetLastError(CRYPT_E_NO_MATCH);
1243 ret = FALSE;
1244 }
1245 }
1246 }
1247 else
1248 ret = FALSE;
1249 *ppvContext = store;
1250 }
1251 return ret;
1252 }
1253
1254 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1255 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1256 {
1257 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1258 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1259 }
1260
1261 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1262 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1263 {
1264 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1265 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1266 }
1267
1268 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1269 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1270 {
1271 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1272 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1273 }
1274
1275 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1276 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1277 {
1278 BOOL ret;
1279
1280 if (!pObject->cBlob)
1281 {
1282 SetLastError(ERROR_INVALID_DATA);
1283 *ppvContext = NULL;
1284 ret = FALSE;
1285 }
1286 else if (pObject->cBlob == 1)
1287 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1288 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1289 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1290 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1291 else
1292 {
1293 FIXME("multiple messages unimplemented\n");
1294 ret = FALSE;
1295 }
1296 return ret;
1297 }
1298
1299 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1300 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1301 {
1302 BOOL ret;
1303
1304 if (!pObject->cBlob)
1305 {
1306 SetLastError(ERROR_INVALID_DATA);
1307 *ppvContext = NULL;
1308 ret = FALSE;
1309 }
1310 else
1311 {
1312 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1313 CERT_STORE_CREATE_NEW_FLAG, NULL);
1314
1315 if (store)
1316 {
1317 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1318 CERT_STORE_CREATE_NEW_FLAG, NULL);
1319
1320 if (memStore)
1321 {
1322 CertAddStoreToCollection(store, memStore,
1323 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1324 CertCloseStore(memStore, 0);
1325 }
1326 else
1327 {
1328 CertCloseStore(store, 0);
1329 store = NULL;
1330 }
1331 }
1332 if (store)
1333 {
1334 DWORD i;
1335
1336 ret = TRUE;
1337 for (i = 0; i < pObject->cBlob; i++)
1338 {
1339 DWORD contentType, expectedContentTypes =
1340 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1341 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1342 CERT_QUERY_CONTENT_FLAG_CERT |
1343 CERT_QUERY_CONTENT_FLAG_CRL |
1344 CERT_QUERY_CONTENT_FLAG_CTL;
1345 HCERTSTORE contextStore;
1346 const void *context;
1347
1348 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1349 &pObject->rgBlob[i], expectedContentTypes,
1350 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1351 &contextStore, NULL, &context))
1352 {
1353 switch (contentType)
1354 {
1355 case CERT_QUERY_CONTENT_CERT:
1356 if (!CertAddCertificateContextToStore(store,
1357 context, CERT_STORE_ADD_ALWAYS, NULL))
1358 ret = FALSE;
1359 CertFreeCertificateContext(context);
1360 break;
1361 case CERT_QUERY_CONTENT_CRL:
1362 if (!CertAddCRLContextToStore(store,
1363 context, CERT_STORE_ADD_ALWAYS, NULL))
1364 ret = FALSE;
1365 CertFreeCRLContext(context);
1366 break;
1367 case CERT_QUERY_CONTENT_CTL:
1368 if (!CertAddCTLContextToStore(store,
1369 context, CERT_STORE_ADD_ALWAYS, NULL))
1370 ret = FALSE;
1371 CertFreeCTLContext(context);
1372 break;
1373 default:
1374 CertAddStoreToCollection(store, contextStore, 0, 0);
1375 }
1376 CertCloseStore(contextStore, 0);
1377 }
1378 else
1379 ret = FALSE;
1380 }
1381 }
1382 else
1383 ret = FALSE;
1384 *ppvContext = store;
1385 }
1386 return ret;
1387 }
1388
1389 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1390 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1391
1392 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1393 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1394 {
1395 BOOL ret = TRUE;
1396
1397 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1398
1399 *pFunc = NULL;
1400 *phFunc = 0;
1401 if (!HIWORD(pszObjectOid))
1402 {
1403 switch (LOWORD(pszObjectOid))
1404 {
1405 case 0:
1406 *pFunc = CRYPT_CreateBlob;
1407 break;
1408 case LOWORD(CONTEXT_OID_CERTIFICATE):
1409 *pFunc = CRYPT_CreateCert;
1410 break;
1411 case LOWORD(CONTEXT_OID_CRL):
1412 *pFunc = CRYPT_CreateCRL;
1413 break;
1414 case LOWORD(CONTEXT_OID_CTL):
1415 *pFunc = CRYPT_CreateCTL;
1416 break;
1417 case LOWORD(CONTEXT_OID_PKCS7):
1418 *pFunc = CRYPT_CreatePKCS7;
1419 break;
1420 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1421 *pFunc = CRYPT_CreateAny;
1422 break;
1423 }
1424 }
1425 if (!*pFunc)
1426 {
1427 static HCRYPTOIDFUNCSET set = NULL;
1428
1429 if (!set)
1430 set = CryptInitOIDFunctionSet(
1431 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1432 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1433 0, (void **)pFunc, phFunc);
1434 }
1435 TRACE("returning %d\n", ret);
1436 return ret;
1437 }
1438
1439 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1440 FILETIME *expiration);
1441
1442 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1443 {
1444 PCCERT_CONTEXT cert = pvObject;
1445
1446 *expiration = cert->pCertInfo->NotAfter;
1447 return TRUE;
1448 }
1449
1450 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1451 {
1452 PCCRL_CONTEXT cert = pvObject;
1453
1454 *expiration = cert->pCrlInfo->NextUpdate;
1455 return TRUE;
1456 }
1457
1458 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1459 {
1460 PCCTL_CONTEXT cert = pvObject;
1461
1462 *expiration = cert->pCtlInfo->NextUpdate;
1463 return TRUE;
1464 }
1465
1466 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1467 get_object_expiration_func *getExpiration)
1468 {
1469 BOOL ret;
1470
1471 if (!HIWORD(pszObjectOid))
1472 {
1473 switch (LOWORD(pszObjectOid))
1474 {
1475 case LOWORD(CONTEXT_OID_CERTIFICATE):
1476 *getExpiration = CRYPT_GetExpirationFromCert;
1477 ret = TRUE;
1478 break;
1479 case LOWORD(CONTEXT_OID_CRL):
1480 *getExpiration = CRYPT_GetExpirationFromCRL;
1481 ret = TRUE;
1482 break;
1483 case LOWORD(CONTEXT_OID_CTL):
1484 *getExpiration = CRYPT_GetExpirationFromCTL;
1485 ret = TRUE;
1486 break;
1487 default:
1488 ret = FALSE;
1489 }
1490 }
1491 else
1492 ret = FALSE;
1493 return ret;
1494 }
1495
1496 /***********************************************************************
1497 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1498 */
1499 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1500 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1501 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1502 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1503 {
1504 BOOL ret;
1505 SchemeDllRetrieveEncodedObjectW retrieve;
1506 ContextDllCreateObjectContext create;
1507 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1508
1509 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1510 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1511 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1512
1513 if (!pszURL)
1514 {
1515 SetLastError(ERROR_INVALID_PARAMETER);
1516 return FALSE;
1517 }
1518 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1519 if (ret)
1520 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1521 if (ret)
1522 {
1523 CRYPT_BLOB_ARRAY object = { 0, NULL };
1524 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1525 void *freeContext;
1526
1527 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1528 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1529 pAuxInfo);
1530 if (ret)
1531 {
1532 get_object_expiration_func getExpiration;
1533
1534 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1535 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1536 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1537 {
1538 FILETIME expires;
1539
1540 if (getExpiration(*ppvObject, &expires))
1541 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1542 }
1543 freeObject(pszObjectOid, &object, freeContext);
1544 }
1545 }
1546 if (hCreate)
1547 CryptFreeOIDFunctionAddress(hCreate, 0);
1548 if (hRetrieve)
1549 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1550 TRACE("returning %d\n", ret);
1551 return ret;
1552 }
1553
1554 static DWORD verify_cert_revocation_with_crl(PCCERT_CONTEXT cert,
1555 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1556 PCERT_REVOCATION_STATUS pRevStatus)
1557 {
1558 DWORD error;
1559
1560 if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
1561 {
1562 /* The CRL isn't time valid */
1563 error = CRYPT_E_NO_REVOCATION_CHECK;
1564 }
1565 else
1566 {
1567 PCRL_ENTRY entry = NULL;
1568
1569 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1570 if (entry)
1571 {
1572 error = CRYPT_E_REVOKED;
1573 pRevStatus->dwIndex = index;
1574 }
1575 else
1576 error = ERROR_SUCCESS;
1577 }
1578 return error;
1579 }
1580
1581 static DWORD verify_cert_revocation_from_dist_points_ext(
1582 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1583 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1584 PCERT_REVOCATION_STATUS pRevStatus)
1585 {
1586 DWORD error = ERROR_SUCCESS, cbUrlArray;
1587
1588 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1589 {
1590 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1591
1592 if (urlArray)
1593 {
1594 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1595 BOOL ret;
1596
1597 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1598 &cbUrlArray, NULL, NULL);
1599 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1600 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1601 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1602 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1603 dwUrlRetrievalTimeout) + sizeof(DWORD))
1604 {
1605 startTime = GetTickCount();
1606 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1607 timeout = pRevPara->dwUrlRetrievalTimeout;
1608 }
1609 else
1610 endTime = timeout = 0;
1611 if (!ret)
1612 error = GetLastError();
1613 for (j = 0; !error && j < urlArray->cUrl; j++)
1614 {
1615 PCCRL_CONTEXT crl;
1616
1617 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1618 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1619 NULL, NULL, NULL, NULL);
1620 if (ret)
1621 {
1622 error = verify_cert_revocation_with_crl(cert, crl, index,
1623 pTime, pRevStatus);
1624 if (!error && timeout)
1625 {
1626 DWORD time = GetTickCount();
1627
1628 if ((int)(endTime - time) <= 0)
1629 {
1630 error = ERROR_TIMEOUT;
1631 pRevStatus->dwIndex = index;
1632 }
1633 else
1634 timeout = endTime - time;
1635 }
1636 CertFreeCRLContext(crl);
1637 }
1638 else
1639 error = CRYPT_E_REVOCATION_OFFLINE;
1640 }
1641 CryptMemFree(urlArray);
1642 }
1643 else
1644 {
1645 error = ERROR_OUTOFMEMORY;
1646 pRevStatus->dwIndex = index;
1647 }
1648 }
1649 else
1650 {
1651 error = GetLastError();
1652 pRevStatus->dwIndex = index;
1653 }
1654 return error;
1655 }
1656
1657 static DWORD verify_cert_revocation_from_aia_ext(
1658 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1659 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1660 PCERT_REVOCATION_STATUS pRevStatus)
1661 {
1662 BOOL ret;
1663 DWORD error, size;
1664 CERT_AUTHORITY_INFO_ACCESS *aia;
1665
1666 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1667 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1668 if (ret)
1669 {
1670 DWORD i;
1671
1672 for (i = 0; i < aia->cAccDescr; i++)
1673 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1674 szOID_PKIX_OCSP))
1675 {
1676 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1677 CERT_ALT_NAME_URL)
1678 FIXME("OCSP URL = %s\n",
1679 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1680 else
1681 FIXME("unsupported AccessLocation type %d\n",
1682 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1683 }
1684 LocalFree(aia);
1685 /* FIXME: lie and pretend OCSP validated the cert */
1686 error = ERROR_SUCCESS;
1687 }
1688 else
1689 error = GetLastError();
1690 return error;
1691 }
1692
1693 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1694 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1695 PCERT_REVOCATION_STATUS pRevStatus)
1696 {
1697 DWORD error = ERROR_SUCCESS;
1698 PCERT_EXTENSION ext;
1699
1700 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1701 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1702 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1703 index, pTime, dwFlags, pRevPara, pRevStatus);
1704 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1705 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1706 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1707 index, pTime, dwFlags, pRevPara, pRevStatus);
1708 else
1709 {
1710 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1711 {
1712 PCCRL_CONTEXT crl = NULL;
1713 BOOL canSignCRLs;
1714
1715 /* If the caller told us about the issuer, make sure the issuer
1716 * can sign CRLs before looking for one.
1717 */
1718 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1719 pRevPara->pIssuerCert->pCertInfo->cExtension,
1720 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1721 {
1722 CRYPT_BIT_BLOB usage;
1723 DWORD size = sizeof(usage);
1724
1725 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1726 ext->Value.pbData, ext->Value.cbData,
1727 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1728 canSignCRLs = FALSE;
1729 else if (usage.cbData > 2)
1730 {
1731 /* The key usage extension only defines 9 bits => no more
1732 * than 2 bytes are needed to encode all known usages.
1733 */
1734 canSignCRLs = FALSE;
1735 }
1736 else
1737 {
1738 BYTE usageBits = usage.pbData[usage.cbData - 1];
1739
1740 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1741 }
1742 }
1743 else
1744 canSignCRLs = TRUE;
1745 if (canSignCRLs)
1746 {
1747 /* If the caller was helpful enough to tell us where to find a
1748 * CRL for the cert, look for one and check it.
1749 */
1750 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1751 cert->dwCertEncodingType,
1752 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1753 CRL_FIND_ISSUED_BY_AKI_FLAG,
1754 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1755 }
1756 if (crl)
1757 {
1758 error = verify_cert_revocation_with_crl(cert, crl, index,
1759 pTime, pRevStatus);
1760 CertFreeCRLContext(crl);
1761 }
1762 else
1763 {
1764 error = CRYPT_E_NO_REVOCATION_CHECK;
1765 pRevStatus->dwIndex = index;
1766 }
1767 }
1768 else
1769 {
1770 error = CRYPT_E_NO_REVOCATION_CHECK;
1771 pRevStatus->dwIndex = index;
1772 }
1773 }
1774 return error;
1775 }
1776
1777 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1778 DWORD cbSize;
1779 PCCERT_CONTEXT pIssuerCert;
1780 DWORD cCertStore;
1781 HCERTSTORE *rgCertStore;
1782 HCERTSTORE hCrlStore;
1783 LPFILETIME pftTimeToUse;
1784 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1785
1786 typedef struct _OLD_CERT_REVOCATION_STATUS {
1787 DWORD cbSize;
1788 DWORD dwIndex;
1789 DWORD dwError;
1790 DWORD dwReason;
1791 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1792
1793 /***********************************************************************
1794 * CertDllVerifyRevocation (CRYPTNET.@)
1795 */
1796 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1797 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1798 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1799 {
1800 DWORD error = 0, i;
1801 FILETIME now;
1802 LPFILETIME pTime = NULL;
1803
1804 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1805 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1806
1807 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1808 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1809 {
1810 SetLastError(E_INVALIDARG);
1811 return FALSE;
1812 }
1813 if (!cContext)
1814 {
1815 SetLastError(E_INVALIDARG);
1816 return FALSE;
1817 }
1818 if (pRevPara && pRevPara->cbSize >=
1819 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1820 pTime = pRevPara->pftTimeToUse;
1821 if (!pTime)
1822 {
1823 GetSystemTimeAsFileTime(&now);
1824 pTime = &now;
1825 }
1826 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1827 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1828 error = CRYPT_E_NO_REVOCATION_CHECK;
1829 else
1830 {
1831 for (i = 0; !error && i < cContext; i++)
1832 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1833 pRevPara, pRevStatus);
1834 }
1835 if (error)
1836 {
1837 SetLastError(error);
1838 pRevStatus->dwError = error;
1839 }
1840 TRACE("returning %d (%08x)\n", !error, error);
1841 return !error;
1842 }
useful hacks and other patches not (yet) suitable for mainline