search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ntdll: Add support for Win 10.
[wine/multimedia.git] / dlls / crypt32 / chain.c
blob056910faaa21fea4638972e74d1a753e54f161a4
1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19 #include <stdarg.h>
20 #define NONAMELESSUNION
21 #include "windef.h"
22 #include "winbase.h"
23 #define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
24 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
25 #include "wincrypt.h"
26 #include "wininet.h"
27 #include "wine/debug.h"
28 #include "wine/unicode.h"
29 #include "crypt32_private.h"
30
31 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
32 WINE_DECLARE_DEBUG_CHANNEL(chain);
33
34 #define DEFAULT_CYCLE_MODULUS 7
35
36 /* This represents a subset of a certificate chain engine: it doesn't include
37 * the "hOther" store described by MSDN, because I'm not sure how that's used.
38 * It also doesn't include the "hTrust" store, because I don't yet implement
39 * CTLs or complex certificate chains.
40 */
41 typedef struct _CertificateChainEngine
42 {
43 LONG ref;
44 HCERTSTORE hRoot;
45 HCERTSTORE hWorld;
46 DWORD dwFlags;
47 DWORD dwUrlRetrievalTimeout;
48 DWORD MaximumCachedCertificates;
49 DWORD CycleDetectionModulus;
50 } CertificateChainEngine;
51
52 static inline void CRYPT_AddStoresToCollection(HCERTSTORE collection,
53 DWORD cStores, HCERTSTORE *stores)
54 {
55 DWORD i;
56
57 for (i = 0; i < cStores; i++)
58 CertAddStoreToCollection(collection, stores[i], 0, 0);
59 }
60
61 static inline void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores)
62 {
63 DWORD i;
64
65 for (i = 0; i < cStores; i++)
66 CertCloseStore(stores[i], 0);
67 }
68
69 static const WCHAR rootW[] = { 'R','o','o','t',0 };
70
71 /* Finds cert in store by comparing the cert's hashes. */
72 static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store,
73 PCCERT_CONTEXT cert)
74 {
75 PCCERT_CONTEXT matching = NULL;
76 BYTE hash[20];
77 DWORD size = sizeof(hash);
78
79 if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash, &size))
80 {
81 CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
82
83 matching = CertFindCertificateInStore(store, cert->dwCertEncodingType,
84 0, CERT_FIND_SHA1_HASH, &blob, NULL);
85 }
86 return matching;
87 }
88
89 static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store)
90 {
91 BOOL ret = TRUE;
92
93 if (store)
94 {
95 HCERTSTORE rootStore = CertOpenSystemStoreW(0, rootW);
96 PCCERT_CONTEXT cert = NULL, check;
97
98 do {
99 cert = CertEnumCertificatesInStore(store, cert);
100 if (cert)
101 {
102 if (!(check = CRYPT_FindCertInStore(rootStore, cert)))
103 ret = FALSE;
104 else
105 CertFreeCertificateContext(check);
106 }
107 } while (ret && cert);
108 if (cert)
109 CertFreeCertificateContext(cert);
110 CertCloseStore(rootStore, 0);
111 }
112 return ret;
113 }
114
115 HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
116 {
117 CertificateChainEngine *engine;
118 HCERTSTORE worldStores[4];
119
120 static const WCHAR caW[] = { 'C','A',0 };
121 static const WCHAR myW[] = { 'M','y',0 };
122 static const WCHAR trustW[] = { 'T','r','u','s','t',0 };
123
124 if(!root) {
125 if(config->cbSize >= sizeof(CERT_CHAIN_ENGINE_CONFIG) && config->hExclusiveRoot)
126 root = CertDuplicateStore(config->hExclusiveRoot);
127 else if (config->hRestrictedRoot)
128 root = CertDuplicateStore(config->hRestrictedRoot);
129 else
130 root = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, rootW);
131 if(!root)
132 return NULL;
133 }
134
135 engine = CryptMemAlloc(sizeof(CertificateChainEngine));
136 if(!engine) {
137 CertCloseStore(root, 0);
138 return NULL;
139 }
140
141 engine->ref = 1;
142 engine->hRoot = root;
143 engine->hWorld = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
144 worldStores[0] = CertDuplicateStore(engine->hRoot);
145 worldStores[1] = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, caW);
146 worldStores[2] = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, myW);
147 worldStores[3] = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, trustW);
148
149 CRYPT_AddStoresToCollection(engine->hWorld, sizeof(worldStores) / sizeof(worldStores[0]), worldStores);
150 CRYPT_AddStoresToCollection(engine->hWorld, config->cAdditionalStore, config->rghAdditionalStore);
151 CRYPT_CloseStores(sizeof(worldStores) / sizeof(worldStores[0]), worldStores);
152
153 engine->dwFlags = config->dwFlags;
154 engine->dwUrlRetrievalTimeout = config->dwUrlRetrievalTimeout;
155 engine->MaximumCachedCertificates = config->MaximumCachedCertificates;
156 if(config->CycleDetectionModulus)
157 engine->CycleDetectionModulus = config->CycleDetectionModulus;
158 else
159 engine->CycleDetectionModulus = DEFAULT_CYCLE_MODULUS;
160
161 return engine;
162 }
163
164 static CertificateChainEngine *default_cu_engine, *default_lm_engine;
165
166 static CertificateChainEngine *get_chain_engine(HCERTCHAINENGINE handle, BOOL allow_default)
167 {
168 const CERT_CHAIN_ENGINE_CONFIG config = { sizeof(config) };
169
170 if(handle == HCCE_CURRENT_USER) {
171 if(!allow_default)
172 return NULL;
173
174 if(!default_cu_engine) {
175 handle = CRYPT_CreateChainEngine(NULL, CERT_SYSTEM_STORE_CURRENT_USER, &config);
176 InterlockedCompareExchangePointer((void**)&default_cu_engine, handle, NULL);
177 if(default_cu_engine != handle)
178 CertFreeCertificateChainEngine(handle);
179 }
180
181 return default_cu_engine;
182 }
183
184 if(handle == HCCE_LOCAL_MACHINE) {
185 if(!allow_default)
186 return NULL;
187
188 if(!default_lm_engine) {
189 handle = CRYPT_CreateChainEngine(NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE, &config);
190 InterlockedCompareExchangePointer((void**)&default_lm_engine, handle, NULL);
191 if(default_lm_engine != handle)
192 CertFreeCertificateChainEngine(handle);
193 }
194
195 return default_lm_engine;
196 }
197
198 return (CertificateChainEngine*)handle;
199 }
200
201 static void free_chain_engine(CertificateChainEngine *engine)
202 {
203 if(!engine || InterlockedDecrement(&engine->ref))
204 return;
205
206 CertCloseStore(engine->hWorld, 0);
207 CertCloseStore(engine->hRoot, 0);
208 CryptMemFree(engine);
209 }
210
211 typedef struct _CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT
212 {
213 DWORD cbSize;
214 HCERTSTORE hRestrictedRoot;
215 HCERTSTORE hRestrictedTrust;
216 HCERTSTORE hRestrictedOther;
217 DWORD cAdditionalStore;
218 HCERTSTORE *rghAdditionalStore;
219 DWORD dwFlags;
220 DWORD dwUrlRetrievalTimeout;
221 DWORD MaximumCachedCertificates;
222 DWORD CycleDetectionModulus;
223 } CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT;
224
225 BOOL WINAPI CertCreateCertificateChainEngine(PCERT_CHAIN_ENGINE_CONFIG pConfig,
226 HCERTCHAINENGINE *phChainEngine)
227 {
228 BOOL ret;
229
230 TRACE("(%p, %p)\n", pConfig, phChainEngine);
231
232 if (pConfig->cbSize != sizeof(CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT)
233 && pConfig->cbSize != sizeof(CERT_CHAIN_ENGINE_CONFIG))
234 {
235 SetLastError(E_INVALIDARG);
236 return FALSE;
237 }
238 ret = CRYPT_CheckRestrictedRoot(pConfig->hRestrictedRoot);
239 if (!ret)
240 {
241 *phChainEngine = NULL;
242 return FALSE;
243 }
244
245 *phChainEngine = CRYPT_CreateChainEngine(NULL, CERT_SYSTEM_STORE_CURRENT_USER, pConfig);
246 return *phChainEngine != NULL;
247 }
248
249 void WINAPI CertFreeCertificateChainEngine(HCERTCHAINENGINE hChainEngine)
250 {
251 TRACE("(%p)\n", hChainEngine);
252 free_chain_engine(get_chain_engine(hChainEngine, FALSE));
253 }
254
255 void default_chain_engine_free(void)
256 {
257 free_chain_engine(default_cu_engine);
258 free_chain_engine(default_lm_engine);
259 }
260
261 typedef struct _CertificateChain
262 {
263 CERT_CHAIN_CONTEXT context;
264 HCERTSTORE world;
265 LONG ref;
266 } CertificateChain;
267
268 BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
269 {
270 PCERT_EXTENSION ext;
271 DWORD size;
272 BOOL ret;
273
274 if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
275 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
276 {
277 CERT_AUTHORITY_KEY_ID2_INFO *info;
278
279 ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
280 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
281 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
282 &info, &size);
283 if (ret)
284 {
285 if (info->AuthorityCertIssuer.cAltEntry &&
286 info->AuthorityCertSerialNumber.cbData)
287 {
288 PCERT_ALT_NAME_ENTRY directoryName = NULL;
289 DWORD i;
290
291 for (i = 0; !directoryName &&
292 i < info->AuthorityCertIssuer.cAltEntry; i++)
293 if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
294 == CERT_ALT_NAME_DIRECTORY_NAME)
295 directoryName =
296 &info->AuthorityCertIssuer.rgAltEntry[i];
297 if (directoryName)
298 {
299 ret = CertCompareCertificateName(cert->dwCertEncodingType,
300 &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
301 && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber,
302 &cert->pCertInfo->SerialNumber);
303 }
304 else
305 {
306 FIXME("no supported name type in authority key id2\n");
307 ret = FALSE;
308 }
309 }
310 else if (info->KeyId.cbData)
311 {
312 ret = CertGetCertificateContextProperty(cert,
313 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
314 if (ret && size == info->KeyId.cbData)
315 {
316 LPBYTE buf = CryptMemAlloc(size);
317
318 if (buf)
319 {
320 CertGetCertificateContextProperty(cert,
321 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
322 ret = !memcmp(buf, info->KeyId.pbData, size);
323 CryptMemFree(buf);
324 }
325 else
326 ret = FALSE;
327 }
328 else
329 ret = FALSE;
330 }
331 LocalFree(info);
332 }
333 }
334 else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
335 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
336 {
337 CERT_AUTHORITY_KEY_ID_INFO *info;
338
339 ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
340 X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
341 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
342 &info, &size);
343 if (ret)
344 {
345 if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
346 {
347 ret = CertCompareCertificateName(cert->dwCertEncodingType,
348 &info->CertIssuer, &cert->pCertInfo->Issuer) &&
349 CertCompareIntegerBlob(&info->CertSerialNumber,
350 &cert->pCertInfo->SerialNumber);
351 }
352 else if (info->KeyId.cbData)
353 {
354 ret = CertGetCertificateContextProperty(cert,
355 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
356 if (ret && size == info->KeyId.cbData)
357 {
358 LPBYTE buf = CryptMemAlloc(size);
359
360 if (buf)
361 {
362 CertGetCertificateContextProperty(cert,
363 CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
364 ret = !memcmp(buf, info->KeyId.pbData, size);
365 CryptMemFree(buf);
366 }
367 else
368 ret = FALSE;
369 }
370 else
371 ret = FALSE;
372 }
373 else
374 ret = FALSE;
375 LocalFree(info);
376 }
377 }
378 else
379 ret = CertCompareCertificateName(cert->dwCertEncodingType,
380 &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
381 return ret;
382 }
383
384 static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
385 {
386 CertFreeCertificateContext(element->pCertContext);
387 CryptMemFree(element);
388 }
389
390 static void CRYPT_CheckSimpleChainForCycles(PCERT_SIMPLE_CHAIN chain)
391 {
392 DWORD i, j, cyclicCertIndex = 0;
393
394 /* O(n^2) - I don't think there's a faster way */
395 for (i = 0; !cyclicCertIndex && i < chain->cElement; i++)
396 for (j = i + 1; !cyclicCertIndex && j < chain->cElement; j++)
397 if (CertCompareCertificate(X509_ASN_ENCODING,
398 chain->rgpElement[i]->pCertContext->pCertInfo,
399 chain->rgpElement[j]->pCertContext->pCertInfo))
400 cyclicCertIndex = j;
401 if (cyclicCertIndex)
402 {
403 chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
404 |= CERT_TRUST_IS_CYCLIC | CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
405 /* Release remaining certs */
406 for (i = cyclicCertIndex + 1; i < chain->cElement; i++)
407 CRYPT_FreeChainElement(chain->rgpElement[i]);
408 /* Truncate chain */
409 chain->cElement = cyclicCertIndex + 1;
410 }
411 }
412
413 /* Checks whether the chain is cyclic by examining the last element's status */
414 static inline BOOL CRYPT_IsSimpleChainCyclic(const CERT_SIMPLE_CHAIN *chain)
415 {
416 if (chain->cElement)
417 return chain->rgpElement[chain->cElement - 1]->TrustStatus.dwErrorStatus
418 & CERT_TRUST_IS_CYCLIC;
419 else
420 return FALSE;
421 }
422
423 static inline void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus,
424 const CERT_TRUST_STATUS *elementStatus)
425 {
426 /* Any error that applies to an element also applies to a chain.. */
427 chainStatus->dwErrorStatus |= elementStatus->dwErrorStatus;
428 /* but the bottom nibble of an element's info status doesn't apply to the
429 * chain.
430 */
431 chainStatus->dwInfoStatus |= (elementStatus->dwInfoStatus & 0xfffffff0);
432 }
433
434 static BOOL CRYPT_AddCertToSimpleChain(const CertificateChainEngine *engine,
435 PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
436 {
437 BOOL ret = FALSE;
438 PCERT_CHAIN_ELEMENT element = CryptMemAlloc(sizeof(CERT_CHAIN_ELEMENT));
439
440 if (element)
441 {
442 if (!chain->cElement)
443 chain->rgpElement = CryptMemAlloc(sizeof(PCERT_CHAIN_ELEMENT));
444 else
445 chain->rgpElement = CryptMemRealloc(chain->rgpElement,
446 (chain->cElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
447 if (chain->rgpElement)
448 {
449 chain->rgpElement[chain->cElement++] = element;
450 memset(element, 0, sizeof(CERT_CHAIN_ELEMENT));
451 element->cbSize = sizeof(CERT_CHAIN_ELEMENT);
452 element->pCertContext = CertDuplicateCertificateContext(cert);
453 if (chain->cElement > 1)
454 chain->rgpElement[chain->cElement - 2]->TrustStatus.dwInfoStatus
455 = subjectInfoStatus;
456 /* FIXME: initialize the rest of element */
457 if (!(chain->cElement % engine->CycleDetectionModulus))
458 {
459 CRYPT_CheckSimpleChainForCycles(chain);
460 /* Reinitialize the element pointer in case the chain is
461 * cyclic, in which case the chain is truncated.
462 */
463 element = chain->rgpElement[chain->cElement - 1];
464 }
465 CRYPT_CombineTrustStatus(&chain->TrustStatus,
466 &element->TrustStatus);
467 ret = TRUE;
468 }
469 else
470 CryptMemFree(element);
471 }
472 return ret;
473 }
474
475 static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
476 {
477 DWORD i;
478
479 for (i = 0; i < chain->cElement; i++)
480 CRYPT_FreeChainElement(chain->rgpElement[i]);
481 CryptMemFree(chain->rgpElement);
482 CryptMemFree(chain);
483 }
484
485 static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
486 PCERT_CHAIN_ELEMENT rootElement)
487 {
488 PCCERT_CONTEXT trustedRoot = CRYPT_FindCertInStore(hRoot,
489 rootElement->pCertContext);
490
491 if (!trustedRoot)
492 rootElement->TrustStatus.dwErrorStatus |=
493 CERT_TRUST_IS_UNTRUSTED_ROOT;
494 else
495 CertFreeCertificateContext(trustedRoot);
496 }
497
498 static void CRYPT_CheckRootCert(HCERTSTORE hRoot,
499 PCERT_CHAIN_ELEMENT rootElement)
500 {
501 PCCERT_CONTEXT root = rootElement->pCertContext;
502
503 if (!CryptVerifyCertificateSignatureEx(0, root->dwCertEncodingType,
504 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)root,
505 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)root, 0, NULL))
506 {
507 TRACE_(chain)("Last certificate's signature is invalid\n");
508 rootElement->TrustStatus.dwErrorStatus |=
509 CERT_TRUST_IS_NOT_SIGNATURE_VALID;
510 }
511 CRYPT_CheckTrustedStatus(hRoot, rootElement);
512 }
513
514 /* Decodes a cert's basic constraints extension (either szOID_BASIC_CONSTRAINTS
515 * or szOID_BASIC_CONSTRAINTS2, whichever is present) into a
516 * CERT_BASIC_CONSTRAINTS2_INFO. If it neither extension is present, sets
517 * constraints->fCA to defaultIfNotSpecified.
518 * Returns FALSE if the extension is present but couldn't be decoded.
519 */
520 static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert,
521 CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified)
522 {
523 BOOL ret = TRUE;
524 PCERT_EXTENSION ext = CertFindExtension(szOID_BASIC_CONSTRAINTS,
525 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
526
527 constraints->fPathLenConstraint = FALSE;
528 if (ext)
529 {
530 CERT_BASIC_CONSTRAINTS_INFO *info;
531 DWORD size = 0;
532
533 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS,
534 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG,
535 NULL, &info, &size);
536 if (ret)
537 {
538 if (info->SubjectType.cbData == 1)
539 constraints->fCA =
540 info->SubjectType.pbData[0] & CERT_CA_SUBJECT_FLAG;
541 LocalFree(info);
542 }
543 }
544 else
545 {
546 ext = CertFindExtension(szOID_BASIC_CONSTRAINTS2,
547 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
548 if (ext)
549 {
550 DWORD size = sizeof(CERT_BASIC_CONSTRAINTS2_INFO);
551
552 ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
553 szOID_BASIC_CONSTRAINTS2, ext->Value.pbData, ext->Value.cbData,
554 0, NULL, constraints, &size);
555 }
556 else
557 constraints->fCA = defaultIfNotSpecified;
558 }
559 return ret;
560 }
561
562 /* Checks element's basic constraints to see if it can act as a CA, with
563 * remainingCAs CAs left in this chain. In general, a cert must include the
564 * basic constraints extension, with the CA flag asserted, in order to be
565 * allowed to be a CA. A V1 or V2 cert, which has no extensions, is also
566 * allowed to be a CA if it's installed locally (in the engine's world store.)
567 * This matches the expected usage in RFC 5280, section 4.2.1.9: a conforming
568 * CA MUST include the basic constraints extension in all certificates that are
569 * used to validate digital signatures on certificates. It also matches
570 * section 6.1.4(k): "If a certificate is a v1 or v2 certificate, then the
571 * application MUST either verify that the certificate is a CA certificate
572 * through out-of-band means or reject the certificate." Rejecting the
573 * certificate prohibits a large number of commonly used certificates, so
574 * accepting locally installed ones is a compromise.
575 * Root certificates are also allowed to be CAs even without a basic
576 * constraints extension. This is implied by RFC 5280, section 6.1: the
577 * root of a certificate chain's only requirement is that it was used to issue
578 * the next certificate in the chain.
579 * Updates chainConstraints with the element's constraints, if:
580 * 1. chainConstraints doesn't have a path length constraint, or
581 * 2. element's path length constraint is smaller than chainConstraints's
582 * Sets *pathLengthConstraintViolated to TRUE if a path length violation
583 * occurs.
584 * Returns TRUE if the element can be a CA, and the length of the remaining
585 * chain is valid.
586 */
587 static BOOL CRYPT_CheckBasicConstraintsForCA(CertificateChainEngine *engine,
588 PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints,
589 DWORD remainingCAs, BOOL isRoot, BOOL *pathLengthConstraintViolated)
590 {
591 BOOL validBasicConstraints, implicitCA = FALSE;
592 CERT_BASIC_CONSTRAINTS2_INFO constraints;
593
594 if (isRoot)
595 implicitCA = TRUE;
596 else if (cert->pCertInfo->dwVersion == CERT_V1 ||
597 cert->pCertInfo->dwVersion == CERT_V2)
598 {
599 BYTE hash[20];
600 DWORD size = sizeof(hash);
601
602 if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID,
603 hash, &size))
604 {
605 CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
606 PCCERT_CONTEXT localCert = CertFindCertificateInStore(
607 engine->hWorld, cert->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
608 &blob, NULL);
609
610 if (localCert)
611 {
612 CertFreeCertificateContext(localCert);
613 implicitCA = TRUE;
614 }
615 }
616 }
617 if ((validBasicConstraints = CRYPT_DecodeBasicConstraints(cert,
618 &constraints, implicitCA)))
619 {
620 chainConstraints->fCA = constraints.fCA;
621 if (!constraints.fCA)
622 {
623 TRACE_(chain)("chain element %d can't be a CA\n", remainingCAs + 1);
624 validBasicConstraints = FALSE;
625 }
626 else if (constraints.fPathLenConstraint)
627 {
628 /* If the element has path length constraints, they apply to the
629 * entire remaining chain.
630 */
631 if (!chainConstraints->fPathLenConstraint ||
632 constraints.dwPathLenConstraint <
633 chainConstraints->dwPathLenConstraint)
634 {
635 TRACE_(chain)("setting path length constraint to %d\n",
636 chainConstraints->dwPathLenConstraint);
637 chainConstraints->fPathLenConstraint = TRUE;
638 chainConstraints->dwPathLenConstraint =
639 constraints.dwPathLenConstraint;
640 }
641 }
642 }
643 if (chainConstraints->fPathLenConstraint &&
644 remainingCAs > chainConstraints->dwPathLenConstraint)
645 {
646 TRACE_(chain)("remaining CAs %d exceed max path length %d\n",
647 remainingCAs, chainConstraints->dwPathLenConstraint);
648 validBasicConstraints = FALSE;
649 *pathLengthConstraintViolated = TRUE;
650 }
651 return validBasicConstraints;
652 }
653
654 static BOOL domain_name_matches(LPCWSTR constraint, LPCWSTR name)
655 {
656 BOOL match;
657
658 /* RFC 5280, section 4.2.1.10:
659 * "For URIs, the constraint applies to the host part of the name...
660 * When the constraint begins with a period, it MAY be expanded with one
661 * or more labels. That is, the constraint ".example.com" is satisfied by
662 * both host.example.com and my.host.example.com. However, the constraint
663 * ".example.com" is not satisfied by "example.com". When the constraint
664 * does not begin with a period, it specifies a host."
665 * and for email addresses,
666 * "To indicate all Internet mail addresses on a particular host, the
667 * constraint is specified as the host name. For example, the constraint
668 * "example.com" is satisfied by any mail address at the host
669 * "example.com". To specify any address within a domain, the constraint
670 * is specified with a leading period (as with URIs)."
671 */
672 if (constraint[0] == '.')
673 {
674 /* Must be strictly greater than, a name can't begin with '.' */
675 if (lstrlenW(name) > lstrlenW(constraint))
676 match = !lstrcmpiW(name + lstrlenW(name) - lstrlenW(constraint),
677 constraint);
678 else
679 {
680 /* name is too short, no match */
681 match = FALSE;
682 }
683 }
684 else
685 match = !lstrcmpiW(name, constraint);
686 return match;
687 }
688
689 static BOOL url_matches(LPCWSTR constraint, LPCWSTR name,
690 DWORD *trustErrorStatus)
691 {
692 BOOL match = FALSE;
693
694 TRACE("%s, %s\n", debugstr_w(constraint), debugstr_w(name));
695
696 if (!constraint)
697 *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS;
698 else if (!name)
699 ; /* no match */
700 else
701 {
702 LPCWSTR colon, authority_end, at, hostname = NULL;
703 /* The maximum length for a hostname is 254 in the DNS, see RFC 1034 */
704 WCHAR hostname_buf[255];
705
706 /* RFC 5280: only the hostname portion of the URL is compared. From
707 * section 4.2.1.10:
708 * "For URIs, the constraint applies to the host part of the name.
709 * The constraint MUST be specified as a fully qualified domain name
710 * and MAY specify a host or a domain."
711 * The format for URIs is in RFC 2396.
712 *
713 * First, remove any scheme that's present. */
714 colon = strchrW(name, ':');
715 if (colon && *(colon + 1) == '/' && *(colon + 2) == '/')
716 name = colon + 3;
717 /* Next, find the end of the authority component. (The authority is
718 * generally just the hostname, but it may contain a username or a port.
719 * Those are removed next.)
720 */
721 authority_end = strchrW(name, '/');
722 if (!authority_end)
723 authority_end = strchrW(name, '?');
724 if (!authority_end)
725 authority_end = name + strlenW(name);
726 /* Remove any port number from the authority. The userinfo portion
727 * of an authority may contain a colon, so stop if a userinfo portion
728 * is found (indicated by '@').
729 */
730 for (colon = authority_end; colon >= name && *colon != ':' &&
731 *colon != '@'; colon--)
732 ;
733 if (*colon == ':')
734 authority_end = colon;
735 /* Remove any username from the authority */
736 if ((at = strchrW(name, '@')))
737 name = at;
738 /* Ignore any path or query portion of the URL. */
739 if (*authority_end)
740 {
741 if (authority_end - name < sizeof(hostname_buf) /
742 sizeof(hostname_buf[0]))
743 {
744 memcpy(hostname_buf, name,
745 (authority_end - name) * sizeof(WCHAR));
746 hostname_buf[authority_end - name] = 0;
747 hostname = hostname_buf;
748 }
749 /* else: Hostname is too long, not a match */
750 }
751 else
752 hostname = name;
753 if (hostname)
754 match = domain_name_matches(constraint, hostname);
755 }
756 return match;
757 }
758
759 static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name,
760 DWORD *trustErrorStatus)
761 {
762 BOOL match = FALSE;
763 LPCWSTR at;
764
765 TRACE("%s, %s\n", debugstr_w(constraint), debugstr_w(name));
766
767 if (!constraint)
768 *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS;
769 else if (!name)
770 ; /* no match */
771 else if (strchrW(constraint, '@'))
772 match = !lstrcmpiW(constraint, name);
773 else
774 {
775 if ((at = strchrW(name, '@')))
776 match = domain_name_matches(constraint, at + 1);
777 else
778 match = !lstrcmpiW(constraint, name);
779 }
780 return match;
781 }
782
783 static BOOL dns_name_matches(LPCWSTR constraint, LPCWSTR name,
784 DWORD *trustErrorStatus)
785 {
786 BOOL match = FALSE;
787
788 TRACE("%s, %s\n", debugstr_w(constraint), debugstr_w(name));
789
790 if (!constraint)
791 *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS;
792 else if (!name)
793 ; /* no match */
794 /* RFC 5280, section 4.2.1.10:
795 * "DNS name restrictions are expressed as host.example.com. Any DNS name
796 * that can be constructed by simply adding zero or more labels to the
797 * left-hand side of the name satisfies the name constraint. For example,
798 * www.host.example.com would satisfy the constraint but host1.example.com
799 * would not."
800 */
801 else if (lstrlenW(name) == lstrlenW(constraint))
802 match = !lstrcmpiW(name, constraint);
803 else if (lstrlenW(name) > lstrlenW(constraint))
804 {
805 match = !lstrcmpiW(name + lstrlenW(name) - lstrlenW(constraint),
806 constraint);
807 if (match)
808 {
809 BOOL dot = FALSE;
810 LPCWSTR ptr;
811
812 /* This only matches if name is a subdomain of constraint, i.e.
813 * there's a '.' between the beginning of the name and the
814 * matching portion of the name.
815 */
816 for (ptr = name + lstrlenW(name) - lstrlenW(constraint);
817 !dot && ptr >= name; ptr--)
818 if (*ptr == '.')
819 dot = TRUE;
820 match = dot;
821 }
822 }
823 /* else: name is too short, no match */
824
825 return match;
826 }
827
828 static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
829 const CRYPT_DATA_BLOB *name, DWORD *trustErrorStatus)
830 {
831 BOOL match = FALSE;
832
833 TRACE("(%d, %p), (%d, %p)\n", constraint->cbData, constraint->pbData,
834 name->cbData, name->pbData);
835
836 /* RFC5280, section 4.2.1.10, iPAddress syntax: either 8 or 32 bytes, for
837 * IPv4 or IPv6 addresses, respectively.
838 */
839 if (constraint->cbData != sizeof(DWORD) * 2 && constraint->cbData != 32)
840 *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS;
841 else if (name->cbData == sizeof(DWORD) &&
842 constraint->cbData == sizeof(DWORD) * 2)
843 {
844 DWORD subnet, mask, addr;
845
846 memcpy(&subnet, constraint->pbData, sizeof(subnet));
847 memcpy(&mask, constraint->pbData + sizeof(subnet), sizeof(mask));
848 memcpy(&addr, name->pbData, sizeof(addr));
849 /* These are really in big-endian order, but for equality matching we
850 * don't need to swap to host order
851 */
852 match = (subnet & mask) == (addr & mask);
853 }
854 else if (name->cbData == 16 && constraint->cbData == 32)
855 {
856 const BYTE *subnet, *mask, *addr;
857 DWORD i;
858
859 subnet = constraint->pbData;
860 mask = constraint->pbData + 16;
861 addr = name->pbData;
862 match = TRUE;
863 for (i = 0; match && i < 16; i++)
864 if ((subnet[i] & mask[i]) != (addr[i] & mask[i]))
865 match = FALSE;
866 }
867 /* else: name is wrong size, no match */
868
869 return match;
870 }
871
872 static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint,
873 const CERT_NAME_BLOB *name)
874 {
875 CERT_NAME_INFO *constraintName;
876 DWORD size;
877 BOOL match = FALSE;
878
879 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, constraint->pbData,
880 constraint->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &constraintName, &size))
881 {
882 DWORD i;
883
884 match = TRUE;
885 for (i = 0; match && i < constraintName->cRDN; i++)
886 match = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
887 CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG,
888 (CERT_NAME_BLOB *)name, &constraintName->rgRDN[i]);
889 LocalFree(constraintName);
890 }
891 return match;
892 }
893
894 static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name,
895 const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present)
896 {
897 BOOL match = FALSE;
898
899 if (name->dwAltNameChoice == constraint->dwAltNameChoice)
900 {
901 if (present)
902 *present = TRUE;
903 switch (constraint->dwAltNameChoice)
904 {
905 case CERT_ALT_NAME_RFC822_NAME:
906 match = rfc822_name_matches(constraint->u.pwszURL,
907 name->u.pwszURL, trustErrorStatus);
908 break;
909 case CERT_ALT_NAME_DNS_NAME:
910 match = dns_name_matches(constraint->u.pwszURL,
911 name->u.pwszURL, trustErrorStatus);
912 break;
913 case CERT_ALT_NAME_URL:
914 match = url_matches(constraint->u.pwszURL,
915 name->u.pwszURL, trustErrorStatus);
916 break;
917 case CERT_ALT_NAME_IP_ADDRESS:
918 match = ip_address_matches(&constraint->u.IPAddress,
919 &name->u.IPAddress, trustErrorStatus);
920 break;
921 case CERT_ALT_NAME_DIRECTORY_NAME:
922 match = directory_name_matches(&constraint->u.DirectoryName,
923 &name->u.DirectoryName);
924 break;
925 default:
926 ERR("name choice %d unsupported in this context\n",
927 constraint->dwAltNameChoice);
928 *trustErrorStatus |=
929 CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT;
930 }
931 }
932 else if (present)
933 *present = FALSE;
934 return match;
935 }
936
937 static BOOL alt_name_matches_excluded_name(const CERT_ALT_NAME_ENTRY *name,
938 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
939 {
940 DWORD i;
941 BOOL match = FALSE;
942
943 for (i = 0; !match && i < nameConstraints->cExcludedSubtree; i++)
944 match = alt_name_matches(name,
945 &nameConstraints->rgExcludedSubtree[i].Base, trustErrorStatus, NULL);
946 return match;
947 }
948
949 static BOOL alt_name_matches_permitted_name(const CERT_ALT_NAME_ENTRY *name,
950 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus,
951 BOOL *present)
952 {
953 DWORD i;
954 BOOL match = FALSE;
955
956 for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
957 match = alt_name_matches(name,
958 &nameConstraints->rgPermittedSubtree[i].Base, trustErrorStatus,
959 present);
960 return match;
961 }
962
963 static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
964 {
965 PCERT_EXTENSION ext;
966
967 ext = CertFindExtension(szOID_SUBJECT_ALT_NAME2,
968 cert->cExtension, cert->rgExtension);
969 if (!ext)
970 ext = CertFindExtension(szOID_SUBJECT_ALT_NAME,
971 cert->cExtension, cert->rgExtension);
972 return ext;
973 }
974
975 static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt,
976 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
977 {
978 CERT_ALT_NAME_INFO *subjectAltName;
979 DWORD size;
980
981 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
982 altNameExt->Value.pbData, altNameExt->Value.cbData,
983 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
984 &subjectAltName, &size))
985 {
986 DWORD i;
987
988 for (i = 0; i < subjectAltName->cAltEntry; i++)
989 {
990 BOOL nameFormPresent;
991
992 /* A name constraint only applies if the name form is present.
993 * From RFC 5280, section 4.2.1.10:
994 * "Restrictions apply only when the specified name form is
995 * present. If no name of the type is in the certificate,
996 * the certificate is acceptable."
997 */
998 if (alt_name_matches_excluded_name(
999 &subjectAltName->rgAltEntry[i], nameConstraints,
1000 trustErrorStatus))
1001 {
1002 TRACE_(chain)("subject alternate name form %d excluded\n",
1003 subjectAltName->rgAltEntry[i].dwAltNameChoice);
1004 *trustErrorStatus |=
1005 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
1006 }
1007 nameFormPresent = FALSE;
1008 if (!alt_name_matches_permitted_name(
1009 &subjectAltName->rgAltEntry[i], nameConstraints,
1010 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1011 {
1012 TRACE_(chain)("subject alternate name form %d not permitted\n",
1013 subjectAltName->rgAltEntry[i].dwAltNameChoice);
1014 *trustErrorStatus |=
1015 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
1016 }
1017 }
1018 LocalFree(subjectAltName);
1019 }
1020 else
1021 *trustErrorStatus |=
1022 CERT_TRUST_INVALID_EXTENSION | CERT_TRUST_INVALID_NAME_CONSTRAINTS;
1023 }
1024
1025 static BOOL rfc822_attr_matches_excluded_name(const CERT_RDN_ATTR *attr,
1026 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
1027 {
1028 DWORD i;
1029 BOOL match = FALSE;
1030
1031 for (i = 0; !match && i < nameConstraints->cExcludedSubtree; i++)
1032 {
1033 const CERT_ALT_NAME_ENTRY *constraint =
1034 &nameConstraints->rgExcludedSubtree[i].Base;
1035
1036 if (constraint->dwAltNameChoice == CERT_ALT_NAME_RFC822_NAME)
1037 match = rfc822_name_matches(constraint->u.pwszRfc822Name,
1038 (LPCWSTR)attr->Value.pbData, trustErrorStatus);
1039 }
1040 return match;
1041 }
1042
1043 static BOOL rfc822_attr_matches_permitted_name(const CERT_RDN_ATTR *attr,
1044 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus,
1045 BOOL *present)
1046 {
1047 DWORD i;
1048 BOOL match = FALSE;
1049
1050 for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
1051 {
1052 const CERT_ALT_NAME_ENTRY *constraint =
1053 &nameConstraints->rgPermittedSubtree[i].Base;
1054
1055 if (constraint->dwAltNameChoice == CERT_ALT_NAME_RFC822_NAME)
1056 {
1057 *present = TRUE;
1058 match = rfc822_name_matches(constraint->u.pwszRfc822Name,
1059 (LPCWSTR)attr->Value.pbData, trustErrorStatus);
1060 }
1061 }
1062 return match;
1063 }
1064
1065 static void compare_subject_with_email_constraints(
1066 const CERT_NAME_BLOB *subjectName,
1067 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
1068 {
1069 CERT_NAME_INFO *name;
1070 DWORD size;
1071
1072 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_UNICODE_NAME,
1073 subjectName->pbData, subjectName->cbData,
1074 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, &name, &size))
1075 {
1076 DWORD i, j;
1077
1078 for (i = 0; i < name->cRDN; i++)
1079 for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
1080 if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId,
1081 szOID_RSA_emailAddr))
1082 {
1083 BOOL nameFormPresent;
1084
1085 /* A name constraint only applies if the name form is
1086 * present. From RFC 5280, section 4.2.1.10:
1087 * "Restrictions apply only when the specified name form is
1088 * present. If no name of the type is in the certificate,
1089 * the certificate is acceptable."
1090 */
1091 if (rfc822_attr_matches_excluded_name(
1092 &name->rgRDN[i].rgRDNAttr[j], nameConstraints,
1093 trustErrorStatus))
1094 {
1095 TRACE_(chain)(
1096 "email address in subject name is excluded\n");
1097 *trustErrorStatus |=
1098 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
1099 }
1100 nameFormPresent = FALSE;
1101 if (!rfc822_attr_matches_permitted_name(
1102 &name->rgRDN[i].rgRDNAttr[j], nameConstraints,
1103 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1104 {
1105 TRACE_(chain)(
1106 "email address in subject name is not permitted\n");
1107 *trustErrorStatus |=
1108 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
1109 }
1110 }
1111 LocalFree(name);
1112 }
1113 else
1114 *trustErrorStatus |=
1115 CERT_TRUST_INVALID_EXTENSION | CERT_TRUST_INVALID_NAME_CONSTRAINTS;
1116 }
1117
1118 static BOOL CRYPT_IsEmptyName(const CERT_NAME_BLOB *name)
1119 {
1120 BOOL empty;
1121
1122 if (!name->cbData)
1123 empty = TRUE;
1124 else if (name->cbData == 2 && name->pbData[1] == 0)
1125 {
1126 /* An empty sequence is also empty */
1127 empty = TRUE;
1128 }
1129 else
1130 empty = FALSE;
1131 return empty;
1132 }
1133
1134 static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
1135 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
1136 {
1137 BOOL hasEmailConstraint = FALSE;
1138 DWORD i;
1139
1140 /* In general, a subject distinguished name only matches a directory name
1141 * constraint. However, an exception exists for email addresses.
1142 * From RFC 5280, section 4.2.1.6:
1143 * "Legacy implementations exist where an electronic mail address is
1144 * embedded in the subject distinguished name as an emailAddress
1145 * attribute [RFC2985]."
1146 * If an email address constraint exists, check that constraint separately.
1147 */
1148 for (i = 0; !hasEmailConstraint && i < nameConstraints->cExcludedSubtree;
1149 i++)
1150 if (nameConstraints->rgExcludedSubtree[i].Base.dwAltNameChoice ==
1151 CERT_ALT_NAME_RFC822_NAME)
1152 hasEmailConstraint = TRUE;
1153 for (i = 0; !hasEmailConstraint && i < nameConstraints->cPermittedSubtree;
1154 i++)
1155 if (nameConstraints->rgPermittedSubtree[i].Base.dwAltNameChoice ==
1156 CERT_ALT_NAME_RFC822_NAME)
1157 hasEmailConstraint = TRUE;
1158 if (hasEmailConstraint)
1159 compare_subject_with_email_constraints(subjectName, nameConstraints,
1160 trustErrorStatus);
1161 for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
1162 {
1163 CERT_ALT_NAME_ENTRY *constraint =
1164 &nameConstraints->rgExcludedSubtree[i].Base;
1165
1166 if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME &&
1167 directory_name_matches(&constraint->u.DirectoryName, subjectName))
1168 {
1169 TRACE_(chain)("subject name is excluded\n");
1170 *trustErrorStatus |=
1171 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
1172 }
1173 }
1174 /* RFC 5280, section 4.2.1.10:
1175 * "Restrictions apply only when the specified name form is present.
1176 * If no name of the type is in the certificate, the certificate is
1177 * acceptable."
1178 * An empty name can't have the name form present, so don't check it.
1179 */
1180 if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName))
1181 {
1182 BOOL match = FALSE, hasDirectoryConstraint = FALSE;
1183
1184 for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
1185 {
1186 CERT_ALT_NAME_ENTRY *constraint =
1187 &nameConstraints->rgPermittedSubtree[i].Base;
1188
1189 if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
1190 {
1191 hasDirectoryConstraint = TRUE;
1192 match = directory_name_matches(&constraint->u.DirectoryName,
1193 subjectName);
1194 }
1195 }
1196 if (hasDirectoryConstraint && !match)
1197 {
1198 TRACE_(chain)("subject name is not permitted\n");
1199 *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
1200 }
1201 }
1202 }
1203
1204 static void CRYPT_CheckNameConstraints(
1205 const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert,
1206 DWORD *trustErrorStatus)
1207 {
1208 CERT_EXTENSION *ext = get_subject_alt_name_ext(cert);
1209
1210 if (ext)
1211 compare_alt_name_with_constraints(ext, nameConstraints,
1212 trustErrorStatus);
1213 /* Name constraints apply to the subject alternative name as well as the
1214 * subject name. From RFC 5280, section 4.2.1.10:
1215 * "Restrictions apply to the subject distinguished name and apply to
1216 * subject alternative names."
1217 */
1218 compare_subject_with_constraints(&cert->Subject, nameConstraints,
1219 trustErrorStatus);
1220 }
1221
1222 /* Gets cert's name constraints, if any. Free with LocalFree. */
1223 static CERT_NAME_CONSTRAINTS_INFO *CRYPT_GetNameConstraints(CERT_INFO *cert)
1224 {
1225 CERT_NAME_CONSTRAINTS_INFO *info = NULL;
1226
1227 CERT_EXTENSION *ext;
1228
1229 if ((ext = CertFindExtension(szOID_NAME_CONSTRAINTS, cert->cExtension,
1230 cert->rgExtension)))
1231 {
1232 DWORD size;
1233
1234 CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME_CONSTRAINTS,
1235 ext->Value.pbData, ext->Value.cbData,
1236 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, &info,
1237 &size);
1238 }
1239 return info;
1240 }
1241
1242 static BOOL CRYPT_IsValidNameConstraint(const CERT_NAME_CONSTRAINTS_INFO *info)
1243 {
1244 DWORD i;
1245 BOOL ret = TRUE;
1246
1247 /* Make sure at least one permitted or excluded subtree is present. From
1248 * RFC 5280, section 4.2.1.10:
1249 * "Conforming CAs MUST NOT issue certificates where name constraints is an
1250 * empty sequence. That is, either the permittedSubtrees field or the
1251 * excludedSubtrees MUST be present."
1252 */
1253 if (!info->cPermittedSubtree && !info->cExcludedSubtree)
1254 {
1255 WARN_(chain)("constraints contain no permitted nor excluded subtree\n");
1256 ret = FALSE;
1257 }
1258 /* Check that none of the constraints specifies a minimum or a maximum.
1259 * See RFC 5280, section 4.2.1.10:
1260 * "Within this profile, the minimum and maximum fields are not used with
1261 * any name forms, thus, the minimum MUST be zero, and maximum MUST be
1262 * absent. However, if an application encounters a critical name
1263 * constraints extension that specifies other values for minimum or
1264 * maximum for a name form that appears in a subsequent certificate, the
1265 * application MUST either process these fields or reject the
1266 * certificate."
1267 * Since it gives no guidance as to how to process these fields, we
1268 * reject any name constraint that contains them.
1269 */
1270 for (i = 0; ret && i < info->cPermittedSubtree; i++)
1271 if (info->rgPermittedSubtree[i].dwMinimum ||
1272 info->rgPermittedSubtree[i].fMaximum)
1273 {
1274 TRACE_(chain)("found a minimum or maximum in permitted subtrees\n");
1275 ret = FALSE;
1276 }
1277 for (i = 0; ret && i < info->cExcludedSubtree; i++)
1278 if (info->rgExcludedSubtree[i].dwMinimum ||
1279 info->rgExcludedSubtree[i].fMaximum)
1280 {
1281 TRACE_(chain)("found a minimum or maximum in excluded subtrees\n");
1282 ret = FALSE;
1283 }
1284 return ret;
1285 }
1286
1287 static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
1288 {
1289 int i, j;
1290
1291 /* Microsoft's implementation appears to violate RFC 3280: according to
1292 * MSDN, the various CERT_TRUST_*_NAME_CONSTRAINT errors are set if a CA's
1293 * name constraint is violated in the end cert. According to RFC 3280,
1294 * the constraints should be checked against every subsequent certificate
1295 * in the chain, not just the end cert.
1296 * Microsoft's implementation also sets the name constraint errors on the
1297 * certs whose constraints were violated, not on the certs that violated
1298 * them.
1299 * In order to be error-compatible with Microsoft's implementation, while
1300 * still adhering to RFC 3280, I use a O(n ^ 2) algorithm to check name
1301 * constraints.
1302 */
1303 for (i = chain->cElement - 1; i > 0; i--)
1304 {
1305 CERT_NAME_CONSTRAINTS_INFO *nameConstraints;
1306
1307 if ((nameConstraints = CRYPT_GetNameConstraints(
1308 chain->rgpElement[i]->pCertContext->pCertInfo)))
1309 {
1310 if (!CRYPT_IsValidNameConstraint(nameConstraints))
1311 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1312 CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT;
1313 else
1314 {
1315 for (j = i - 1; j >= 0; j--)
1316 {
1317 DWORD errorStatus = 0;
1318
1319 /* According to RFC 3280, self-signed certs don't have name
1320 * constraints checked unless they're the end cert.
1321 */
1322 if (j == 0 || !CRYPT_IsCertificateSelfSigned(
1323 chain->rgpElement[j]->pCertContext))
1324 {
1325 CRYPT_CheckNameConstraints(nameConstraints,
1326 chain->rgpElement[j]->pCertContext->pCertInfo,
1327 &errorStatus);
1328 if (errorStatus)
1329 {
1330 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1331 errorStatus;
1332 CRYPT_CombineTrustStatus(&chain->TrustStatus,
1333 &chain->rgpElement[i]->TrustStatus);
1334 }
1335 else
1336 chain->rgpElement[i]->TrustStatus.dwInfoStatus |=
1337 CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS;
1338 }
1339 }
1340 }
1341 LocalFree(nameConstraints);
1342 }
1343 }
1344 }
1345
1346 /* Gets cert's policies info, if any. Free with LocalFree. */
1347 static CERT_POLICIES_INFO *CRYPT_GetPolicies(PCCERT_CONTEXT cert)
1348 {
1349 PCERT_EXTENSION ext;
1350 CERT_POLICIES_INFO *policies = NULL;
1351
1352 ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
1353 cert->pCertInfo->rgExtension);
1354 if (ext)
1355 {
1356 DWORD size;
1357
1358 CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES,
1359 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
1360 &policies, &size);
1361 }
1362 return policies;
1363 }
1364
1365 static void CRYPT_CheckPolicies(const CERT_POLICIES_INFO *policies, CERT_INFO *cert,
1366 DWORD *errorStatus)
1367 {
1368 DWORD i;
1369
1370 for (i = 0; i < policies->cPolicyInfo; i++)
1371 {
1372 /* For now, the only accepted policy identifier is the anyPolicy
1373 * identifier.
1374 * FIXME: the policy identifiers should be compared against the
1375 * cert's certificate policies extension, subject to the policy
1376 * mappings extension, and the policy constraints extension.
1377 * See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11.
1378 */
1379 if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier,
1380 szOID_ANY_CERT_POLICY))
1381 {
1382 FIXME("unsupported policy %s\n",
1383 policies->rgPolicyInfo[i].pszPolicyIdentifier);
1384 *errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS;
1385 }
1386 }
1387 }
1388
1389 static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
1390 {
1391 int i, j;
1392
1393 for (i = chain->cElement - 1; i > 0; i--)
1394 {
1395 CERT_POLICIES_INFO *policies;
1396
1397 if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext)))
1398 {
1399 for (j = i - 1; j >= 0; j--)
1400 {
1401 DWORD errorStatus = 0;
1402
1403 CRYPT_CheckPolicies(policies,
1404 chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus);
1405 if (errorStatus)
1406 {
1407 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1408 errorStatus;
1409 CRYPT_CombineTrustStatus(&chain->TrustStatus,
1410 &chain->rgpElement[i]->TrustStatus);
1411 }
1412 }
1413 LocalFree(policies);
1414 }
1415 }
1416 }
1417
1418 static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name)
1419 {
1420 DWORD len = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, name,
1421 CERT_SIMPLE_NAME_STR, NULL, 0);
1422 LPWSTR str = NULL;
1423
1424 if (len)
1425 {
1426 str = CryptMemAlloc(len * sizeof(WCHAR));
1427 if (str)
1428 cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, name,
1429 CERT_SIMPLE_NAME_STR, str, len);
1430 }
1431 return str;
1432 }
1433
1434 static void dump_alt_name_entry(const CERT_ALT_NAME_ENTRY *entry)
1435 {
1436 LPWSTR str;
1437
1438 switch (entry->dwAltNameChoice)
1439 {
1440 case CERT_ALT_NAME_OTHER_NAME:
1441 TRACE_(chain)("CERT_ALT_NAME_OTHER_NAME, oid = %s\n",
1442 debugstr_a(entry->u.pOtherName->pszObjId));
1443 break;
1444 case CERT_ALT_NAME_RFC822_NAME:
1445 TRACE_(chain)("CERT_ALT_NAME_RFC822_NAME: %s\n",
1446 debugstr_w(entry->u.pwszRfc822Name));
1447 break;
1448 case CERT_ALT_NAME_DNS_NAME:
1449 TRACE_(chain)("CERT_ALT_NAME_DNS_NAME: %s\n",
1450 debugstr_w(entry->u.pwszDNSName));
1451 break;
1452 case CERT_ALT_NAME_DIRECTORY_NAME:
1453 str = name_value_to_str(&entry->u.DirectoryName);
1454 TRACE_(chain)("CERT_ALT_NAME_DIRECTORY_NAME: %s\n", debugstr_w(str));
1455 CryptMemFree(str);
1456 break;
1457 case CERT_ALT_NAME_URL:
1458 TRACE_(chain)("CERT_ALT_NAME_URL: %s\n", debugstr_w(entry->u.pwszURL));
1459 break;
1460 case CERT_ALT_NAME_IP_ADDRESS:
1461 TRACE_(chain)("CERT_ALT_NAME_IP_ADDRESS: %d bytes\n",
1462 entry->u.IPAddress.cbData);
1463 break;
1464 case CERT_ALT_NAME_REGISTERED_ID:
1465 TRACE_(chain)("CERT_ALT_NAME_REGISTERED_ID: %s\n",
1466 debugstr_a(entry->u.pszRegisteredID));
1467 break;
1468 default:
1469 TRACE_(chain)("dwAltNameChoice = %d\n", entry->dwAltNameChoice);
1470 }
1471 }
1472
1473 static void dump_alt_name(LPCSTR type, const CERT_EXTENSION *ext)
1474 {
1475 CERT_ALT_NAME_INFO *name;
1476 DWORD size;
1477
1478 TRACE_(chain)("%s:\n", type);
1479 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
1480 ext->Value.pbData, ext->Value.cbData,
1481 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, &name, &size))
1482 {
1483 DWORD i;
1484
1485 TRACE_(chain)("%d alt name entries:\n", name->cAltEntry);
1486 for (i = 0; i < name->cAltEntry; i++)
1487 dump_alt_name_entry(&name->rgAltEntry[i]);
1488 LocalFree(name);
1489 }
1490 }
1491
1492 static void dump_basic_constraints(const CERT_EXTENSION *ext)
1493 {
1494 CERT_BASIC_CONSTRAINTS_INFO *info;
1495 DWORD size = 0;
1496
1497 if (CryptDecodeObjectEx(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS,
1498 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG,
1499 NULL, &info, &size))
1500 {
1501 TRACE_(chain)("SubjectType: %02x\n", info->SubjectType.pbData[0]);
1502 TRACE_(chain)("%s path length constraint\n",
1503 info->fPathLenConstraint ? "has" : "doesn't have");
1504 TRACE_(chain)("path length=%d\n", info->dwPathLenConstraint);
1505 LocalFree(info);
1506 }
1507 }
1508
1509 static void dump_basic_constraints2(const CERT_EXTENSION *ext)
1510 {
1511 CERT_BASIC_CONSTRAINTS2_INFO constraints;
1512 DWORD size = sizeof(CERT_BASIC_CONSTRAINTS2_INFO);
1513
1514 if (CryptDecodeObjectEx(X509_ASN_ENCODING,
1515 szOID_BASIC_CONSTRAINTS2, ext->Value.pbData, ext->Value.cbData,
1516 0, NULL, &constraints, &size))
1517 {
1518 TRACE_(chain)("basic constraints:\n");
1519 TRACE_(chain)("can%s be a CA\n", constraints.fCA ? "" : "not");
1520 TRACE_(chain)("%s path length constraint\n",
1521 constraints.fPathLenConstraint ? "has" : "doesn't have");
1522 TRACE_(chain)("path length=%d\n", constraints.dwPathLenConstraint);
1523 }
1524 }
1525
1526 static void dump_key_usage(const CERT_EXTENSION *ext)
1527 {
1528 CRYPT_BIT_BLOB usage;
1529 DWORD size = sizeof(usage);
1530
1531 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_BITS, ext->Value.pbData,
1532 ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1533 {
1534 #define trace_usage_bit(bits, bit) \
1535 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
1536 if (usage.cbData)
1537 {
1538 trace_usage_bit(usage.pbData[0], CERT_DIGITAL_SIGNATURE_KEY_USAGE);
1539 trace_usage_bit(usage.pbData[0], CERT_NON_REPUDIATION_KEY_USAGE);
1540 trace_usage_bit(usage.pbData[0], CERT_KEY_ENCIPHERMENT_KEY_USAGE);
1541 trace_usage_bit(usage.pbData[0], CERT_DATA_ENCIPHERMENT_KEY_USAGE);
1542 trace_usage_bit(usage.pbData[0], CERT_KEY_AGREEMENT_KEY_USAGE);
1543 trace_usage_bit(usage.pbData[0], CERT_KEY_CERT_SIGN_KEY_USAGE);
1544 trace_usage_bit(usage.pbData[0], CERT_CRL_SIGN_KEY_USAGE);
1545 trace_usage_bit(usage.pbData[0], CERT_ENCIPHER_ONLY_KEY_USAGE);
1546 }
1547 #undef trace_usage_bit
1548 if (usage.cbData > 1 && usage.pbData[1] & CERT_DECIPHER_ONLY_KEY_USAGE)
1549 TRACE_(chain)("CERT_DECIPHER_ONLY_KEY_USAGE\n");
1550 }
1551 }
1552
1553 static void dump_general_subtree(const CERT_GENERAL_SUBTREE *subtree)
1554 {
1555 dump_alt_name_entry(&subtree->Base);
1556 TRACE_(chain)("dwMinimum = %d, fMaximum = %d, dwMaximum = %d\n",
1557 subtree->dwMinimum, subtree->fMaximum, subtree->dwMaximum);
1558 }
1559
1560 static void dump_name_constraints(const CERT_EXTENSION *ext)
1561 {
1562 CERT_NAME_CONSTRAINTS_INFO *nameConstraints;
1563 DWORD size;
1564
1565 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME_CONSTRAINTS,
1566 ext->Value.pbData, ext->Value.cbData,
1567 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, &nameConstraints,
1568 &size))
1569 {
1570 DWORD i;
1571
1572 TRACE_(chain)("%d permitted subtrees:\n",
1573 nameConstraints->cPermittedSubtree);
1574 for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
1575 dump_general_subtree(&nameConstraints->rgPermittedSubtree[i]);
1576 TRACE_(chain)("%d excluded subtrees:\n",
1577 nameConstraints->cExcludedSubtree);
1578 for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
1579 dump_general_subtree(&nameConstraints->rgExcludedSubtree[i]);
1580 LocalFree(nameConstraints);
1581 }
1582 }
1583
1584 static void dump_cert_policies(const CERT_EXTENSION *ext)
1585 {
1586 CERT_POLICIES_INFO *policies;
1587 DWORD size;
1588
1589 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES,
1590 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
1591 &policies, &size))
1592 {
1593 DWORD i, j;
1594
1595 TRACE_(chain)("%d policies:\n", policies->cPolicyInfo);
1596 for (i = 0; i < policies->cPolicyInfo; i++)
1597 {
1598 TRACE_(chain)("policy identifier: %s\n",
1599 debugstr_a(policies->rgPolicyInfo[i].pszPolicyIdentifier));
1600 TRACE_(chain)("%d policy qualifiers:\n",
1601 policies->rgPolicyInfo[i].cPolicyQualifier);
1602 for (j = 0; j < policies->rgPolicyInfo[i].cPolicyQualifier; j++)
1603 TRACE_(chain)("%s\n", debugstr_a(
1604 policies->rgPolicyInfo[i].rgPolicyQualifier[j].
1605 pszPolicyQualifierId));
1606 }
1607 LocalFree(policies);
1608 }
1609 }
1610
1611 static void dump_enhanced_key_usage(const CERT_EXTENSION *ext)
1612 {
1613 CERT_ENHKEY_USAGE *usage;
1614 DWORD size;
1615
1616 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
1617 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
1618 &usage, &size))
1619 {
1620 DWORD i;
1621
1622 TRACE_(chain)("%d usages:\n", usage->cUsageIdentifier);
1623 for (i = 0; i < usage->cUsageIdentifier; i++)
1624 TRACE_(chain)("%s\n", usage->rgpszUsageIdentifier[i]);
1625 LocalFree(usage);
1626 }
1627 }
1628
1629 static void dump_netscape_cert_type(const CERT_EXTENSION *ext)
1630 {
1631 CRYPT_BIT_BLOB usage;
1632 DWORD size = sizeof(usage);
1633
1634 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_BITS, ext->Value.pbData,
1635 ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1636 {
1637 #define trace_cert_type_bit(bits, bit) \
1638 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
1639 if (usage.cbData)
1640 {
1641 trace_cert_type_bit(usage.pbData[0],
1642 NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE);
1643 trace_cert_type_bit(usage.pbData[0],
1644 NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE);
1645 trace_cert_type_bit(usage.pbData[0], NETSCAPE_SMIME_CERT_TYPE);
1646 trace_cert_type_bit(usage.pbData[0], NETSCAPE_SIGN_CERT_TYPE);
1647 trace_cert_type_bit(usage.pbData[0], NETSCAPE_SSL_CA_CERT_TYPE);
1648 trace_cert_type_bit(usage.pbData[0], NETSCAPE_SMIME_CA_CERT_TYPE);
1649 trace_cert_type_bit(usage.pbData[0], NETSCAPE_SIGN_CA_CERT_TYPE);
1650 }
1651 #undef trace_cert_type_bit
1652 }
1653 }
1654
1655 static void dump_extension(const CERT_EXTENSION *ext)
1656 {
1657 TRACE_(chain)("%s (%scritical)\n", debugstr_a(ext->pszObjId),
1658 ext->fCritical ? "" : "not ");
1659 if (!strcmp(ext->pszObjId, szOID_SUBJECT_ALT_NAME))
1660 dump_alt_name("subject alt name", ext);
1661 else if (!strcmp(ext->pszObjId, szOID_ISSUER_ALT_NAME))
1662 dump_alt_name("issuer alt name", ext);
1663 else if (!strcmp(ext->pszObjId, szOID_BASIC_CONSTRAINTS))
1664 dump_basic_constraints(ext);
1665 else if (!strcmp(ext->pszObjId, szOID_KEY_USAGE))
1666 dump_key_usage(ext);
1667 else if (!strcmp(ext->pszObjId, szOID_SUBJECT_ALT_NAME2))
1668 dump_alt_name("subject alt name 2", ext);
1669 else if (!strcmp(ext->pszObjId, szOID_ISSUER_ALT_NAME2))
1670 dump_alt_name("issuer alt name 2", ext);
1671 else if (!strcmp(ext->pszObjId, szOID_BASIC_CONSTRAINTS2))
1672 dump_basic_constraints2(ext);
1673 else if (!strcmp(ext->pszObjId, szOID_NAME_CONSTRAINTS))
1674 dump_name_constraints(ext);
1675 else if (!strcmp(ext->pszObjId, szOID_CERT_POLICIES))
1676 dump_cert_policies(ext);
1677 else if (!strcmp(ext->pszObjId, szOID_ENHANCED_KEY_USAGE))
1678 dump_enhanced_key_usage(ext);
1679 else if (!strcmp(ext->pszObjId, szOID_NETSCAPE_CERT_TYPE))
1680 dump_netscape_cert_type(ext);
1681 }
1682
1683 static LPCSTR filetime_to_str(const FILETIME *time)
1684 {
1685 char date[80];
1686 char dateFmt[80]; /* sufficient for all versions of LOCALE_SSHORTDATE */
1687 SYSTEMTIME sysTime;
1688
1689 if (!time) return "(null)";
1690
1691 GetLocaleInfoA(LOCALE_SYSTEM_DEFAULT, LOCALE_SSHORTDATE, dateFmt,
1692 sizeof(dateFmt) / sizeof(dateFmt[0]));
1693 FileTimeToSystemTime(time, &sysTime);
1694 GetDateFormatA(LOCALE_SYSTEM_DEFAULT, 0, &sysTime, dateFmt, date,
1695 sizeof(date) / sizeof(date[0]));
1696 return wine_dbg_sprintf("%s", date);
1697 }
1698
1699 static void dump_element(PCCERT_CONTEXT cert)
1700 {
1701 LPWSTR name = NULL;
1702 DWORD len, i;
1703
1704 TRACE_(chain)("%p: version %d\n", cert, cert->pCertInfo->dwVersion);
1705 len = CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE,
1706 CERT_NAME_ISSUER_FLAG, NULL, NULL, 0);
1707 name = CryptMemAlloc(len * sizeof(WCHAR));
1708 if (name)
1709 {
1710 CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE,
1711 CERT_NAME_ISSUER_FLAG, NULL, name, len);
1712 TRACE_(chain)("issued by %s\n", debugstr_w(name));
1713 CryptMemFree(name);
1714 }
1715 len = CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL,
1716 NULL, 0);
1717 name = CryptMemAlloc(len * sizeof(WCHAR));
1718 if (name)
1719 {
1720 CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL,
1721 name, len);
1722 TRACE_(chain)("issued to %s\n", debugstr_w(name));
1723 CryptMemFree(name);
1724 }
1725 TRACE_(chain)("valid from %s to %s\n",
1726 filetime_to_str(&cert->pCertInfo->NotBefore),
1727 filetime_to_str(&cert->pCertInfo->NotAfter));
1728 TRACE_(chain)("%d extensions\n", cert->pCertInfo->cExtension);
1729 for (i = 0; i < cert->pCertInfo->cExtension; i++)
1730 dump_extension(&cert->pCertInfo->rgExtension[i]);
1731 }
1732
1733 static BOOL CRYPT_KeyUsageValid(CertificateChainEngine *engine,
1734 PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, DWORD index)
1735 {
1736 PCERT_EXTENSION ext;
1737 BOOL ret;
1738 BYTE usageBits = 0;
1739
1740 ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
1741 cert->pCertInfo->rgExtension);
1742 if (ext)
1743 {
1744 CRYPT_BIT_BLOB usage;
1745 DWORD size = sizeof(usage);
1746
1747 ret = CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1748 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_NOCOPY_FLAG, NULL,
1749 &usage, &size);
1750 if (!ret)
1751 return FALSE;
1752 else if (usage.cbData > 2)
1753 {
1754 /* The key usage extension only defines 9 bits => no more than 2
1755 * bytes are needed to encode all known usages.
1756 */
1757 return FALSE;
1758 }
1759 else
1760 {
1761 /* The only bit relevant to chain validation is the keyCertSign
1762 * bit, which is always in the least significant byte of the
1763 * key usage bits.
1764 */
1765 usageBits = usage.pbData[usage.cbData - 1];
1766 }
1767 }
1768 if (isCA)
1769 {
1770 if (!ext)
1771 {
1772 /* MS appears to violate RFC 5280, section 4.2.1.3 (Key Usage)
1773 * here. Quoting the RFC:
1774 * "This [key usage] extension MUST appear in certificates that
1775 * contain public keys that are used to validate digital signatures
1776 * on other public key certificates or CRLs."
1777 * MS appears to accept certs that do not contain key usage
1778 * extensions as CA certs. V1 and V2 certificates did not have
1779 * extensions, and many root certificates are V1 certificates, so
1780 * perhaps this is prudent. On the other hand, MS also accepts V3
1781 * certs without key usage extensions. Because some CAs, e.g.
1782 * Certum, also do not include key usage extensions in their
1783 * intermediate certificates, we are forced to accept V3
1784 * certificates without key usage extensions as well.
1785 */
1786 ret = TRUE;
1787 }
1788 else
1789 {
1790 if (!(usageBits & CERT_KEY_CERT_SIGN_KEY_USAGE))
1791 {
1792 WARN_(chain)("keyCertSign not asserted on a CA cert\n");
1793 ret = FALSE;
1794 }
1795 else
1796 ret = TRUE;
1797 }
1798 }
1799 else
1800 {
1801 if (ext && (usageBits & CERT_KEY_CERT_SIGN_KEY_USAGE))
1802 {
1803 WARN_(chain)("keyCertSign asserted on a non-CA cert\n");
1804 ret = FALSE;
1805 }
1806 else
1807 ret = TRUE;
1808 }
1809 return ret;
1810 }
1811
1812 static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
1813 {
1814 BOOL ret = TRUE;
1815 DWORD i;
1816
1817 for (i = 0; ret && i < cert->pCertInfo->cExtension; i++)
1818 {
1819 if (cert->pCertInfo->rgExtension[i].fCritical)
1820 {
1821 LPCSTR oid = cert->pCertInfo->rgExtension[i].pszObjId;
1822
1823 if (!strcmp(oid, szOID_BASIC_CONSTRAINTS))
1824 ret = TRUE;
1825 else if (!strcmp(oid, szOID_BASIC_CONSTRAINTS2))
1826 ret = TRUE;
1827 else if (!strcmp(oid, szOID_NAME_CONSTRAINTS))
1828 ret = TRUE;
1829 else if (!strcmp(oid, szOID_KEY_USAGE))
1830 ret = TRUE;
1831 else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME))
1832 ret = TRUE;
1833 else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
1834 ret = TRUE;
1835 else if (!strcmp(oid, szOID_CERT_POLICIES))
1836 ret = TRUE;
1837 else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE))
1838 ret = TRUE;
1839 else
1840 {
1841 FIXME("unsupported critical extension %s\n",
1842 debugstr_a(oid));
1843 ret = FALSE;
1844 }
1845 }
1846 }
1847 return ret;
1848 }
1849
1850 static BOOL CRYPT_IsCertVersionValid(PCCERT_CONTEXT cert)
1851 {
1852 BOOL ret = TRUE;
1853
1854 /* Checks whether the contents of the cert match the cert's version. */
1855 switch (cert->pCertInfo->dwVersion)
1856 {
1857 case CERT_V1:
1858 /* A V1 cert may not contain unique identifiers. See RFC 5280,
1859 * section 4.1.2.8:
1860 * "These fields MUST only appear if the version is 2 or 3 (Section
1861 * 4.1.2.1). These fields MUST NOT appear if the version is 1."
1862 */
1863 if (cert->pCertInfo->IssuerUniqueId.cbData ||
1864 cert->pCertInfo->SubjectUniqueId.cbData)
1865 ret = FALSE;
1866 /* A V1 cert may not contain extensions. See RFC 5280, section 4.1.2.9:
1867 * "This field MUST only appear if the version is 3 (Section 4.1.2.1)."
1868 */
1869 if (cert->pCertInfo->cExtension)
1870 ret = FALSE;
1871 break;
1872 case CERT_V2:
1873 /* A V2 cert may not contain extensions. See RFC 5280, section 4.1.2.9:
1874 * "This field MUST only appear if the version is 3 (Section 4.1.2.1)."
1875 */
1876 if (cert->pCertInfo->cExtension)
1877 ret = FALSE;
1878 break;
1879 case CERT_V3:
1880 /* Do nothing, all fields are allowed for V3 certs */
1881 break;
1882 default:
1883 WARN_(chain)("invalid cert version %d\n", cert->pCertInfo->dwVersion);
1884 ret = FALSE;
1885 }
1886 return ret;
1887 }
1888
1889 static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
1890 PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
1891 {
1892 PCERT_CHAIN_ELEMENT rootElement = chain->rgpElement[chain->cElement - 1];
1893 int i;
1894 BOOL pathLengthConstraintViolated = FALSE;
1895 CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };
1896
1897 TRACE_(chain)("checking chain with %d elements for time %s\n",
1898 chain->cElement, filetime_to_str(time));
1899 for (i = chain->cElement - 1; i >= 0; i--)
1900 {
1901 BOOL isRoot;
1902
1903 if (TRACE_ON(chain))
1904 dump_element(chain->rgpElement[i]->pCertContext);
1905 if (i == chain->cElement - 1)
1906 isRoot = CRYPT_IsCertificateSelfSigned(
1907 chain->rgpElement[i]->pCertContext);
1908 else
1909 isRoot = FALSE;
1910 if (!CRYPT_IsCertVersionValid(chain->rgpElement[i]->pCertContext))
1911 {
1912 /* MS appears to accept certs whose versions don't match their
1913 * contents, so there isn't an appropriate error code.
1914 */
1915 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1916 CERT_TRUST_INVALID_EXTENSION;
1917 }
1918 if (CertVerifyTimeValidity(time,
1919 chain->rgpElement[i]->pCertContext->pCertInfo) != 0)
1920 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1921 CERT_TRUST_IS_NOT_TIME_VALID;
1922 if (i != 0)
1923 {
1924 /* Check the signature of the cert this issued */
1925 if (!CryptVerifyCertificateSignatureEx(0, X509_ASN_ENCODING,
1926 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
1927 (void *)chain->rgpElement[i - 1]->pCertContext,
1928 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
1929 (void *)chain->rgpElement[i]->pCertContext, 0, NULL))
1930 chain->rgpElement[i - 1]->TrustStatus.dwErrorStatus |=
1931 CERT_TRUST_IS_NOT_SIGNATURE_VALID;
1932 /* Once a path length constraint has been violated, every remaining
1933 * CA cert's basic constraints is considered invalid.
1934 */
1935 if (pathLengthConstraintViolated)
1936 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1937 CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
1938 else if (!CRYPT_CheckBasicConstraintsForCA(engine,
1939 chain->rgpElement[i]->pCertContext, &constraints, i - 1, isRoot,
1940 &pathLengthConstraintViolated))
1941 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1942 CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
1943 else if (constraints.fPathLenConstraint &&
1944 constraints.dwPathLenConstraint)
1945 {
1946 /* This one's valid - decrement max length */
1947 constraints.dwPathLenConstraint--;
1948 }
1949 }
1950 else
1951 {
1952 /* Check whether end cert has a basic constraints extension */
1953 if (!CRYPT_DecodeBasicConstraints(
1954 chain->rgpElement[i]->pCertContext, &constraints, FALSE))
1955 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1956 CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
1957 }
1958 if (!CRYPT_KeyUsageValid(engine, chain->rgpElement[i]->pCertContext,
1959 isRoot, constraints.fCA, i))
1960 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1961 CERT_TRUST_IS_NOT_VALID_FOR_USAGE;
1962 if (CRYPT_IsSimpleChainCyclic(chain))
1963 {
1964 /* If the chain is cyclic, then the path length constraints
1965 * are violated, because the chain is infinitely long.
1966 */
1967 pathLengthConstraintViolated = TRUE;
1968 chain->TrustStatus.dwErrorStatus |=
1969 CERT_TRUST_IS_PARTIAL_CHAIN |
1970 CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
1971 }
1972 /* Check whether every critical extension is supported */
1973 if (!CRYPT_CriticalExtensionsSupported(
1974 chain->rgpElement[i]->pCertContext))
1975 chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1976 CERT_TRUST_INVALID_EXTENSION |
1977 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT;
1978 CRYPT_CombineTrustStatus(&chain->TrustStatus,
1979 &chain->rgpElement[i]->TrustStatus);
1980 }
1981 CRYPT_CheckChainNameConstraints(chain);
1982 CRYPT_CheckChainPolicies(chain);
1983 if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
1984 {
1985 rootElement->TrustStatus.dwInfoStatus |=
1986 CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER;
1987 CRYPT_CheckRootCert(engine->hRoot, rootElement);
1988 }
1989 CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
1990 }
1991
1992 static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, const CERT_CONTEXT *cert,
1993 HCERTSTORE store, DWORD type, void *para, DWORD flags, PCCERT_CONTEXT prev_issuer)
1994 {
1995 CRYPT_URL_ARRAY *urls;
1996 PCCERT_CONTEXT issuer;
1997 DWORD size;
1998 BOOL res;
1999
2000 issuer = CertFindCertificateInStore(store, cert->dwCertEncodingType, 0, type, para, prev_issuer);
2001 if(issuer) {
2002 TRACE("Found in store %p\n", issuer);
2003 return issuer;
2004 }
2005
2006 /* FIXME: For alternate issuers, we don't search world store nor try to retrieve issuer from URL.
2007 * This needs more tests.
2008 */
2009 if(prev_issuer)
2010 return NULL;
2011
2012 if(engine->hWorld) {
2013 issuer = CertFindCertificateInStore(engine->hWorld, cert->dwCertEncodingType, 0, type, para, NULL);
2014 if(issuer) {
2015 TRACE("Found in world %p\n", issuer);
2016 return issuer;
2017 }
2018 }
2019
2020 res = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void*)cert, 0, NULL, &size, NULL, NULL, NULL);
2021 if(!res)
2022 return NULL;
2023
2024 urls = HeapAlloc(GetProcessHeap(), 0, size);
2025 if(!urls)
2026 return NULL;
2027
2028 res = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void*)cert, 0, urls, &size, NULL, NULL, NULL);
2029 if(res)
2030 {
2031 CERT_CONTEXT *new_cert;
2032 HCERTSTORE new_store;
2033 unsigned i;
2034
2035 for(i=0; i < urls->cUrl; i++)
2036 {
2037 TRACE("Trying URL %s\n", debugstr_w(urls->rgwszUrl[i]));
2038
2039 res = CryptRetrieveObjectByUrlW(urls->rgwszUrl[i], CONTEXT_OID_CERTIFICATE,
2040 (flags & CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL) ? CRYPT_CACHE_ONLY_RETRIEVAL : CRYPT_AIA_RETRIEVAL,
2041 0, (void**)&new_cert, NULL, NULL, NULL, NULL);
2042 if(!res)
2043 {
2044 TRACE("CryptRetrieveObjectByUrlW failed: %u\n", GetLastError());
2045 continue;
2046 }
2047
2048 /* FIXME: Use new_cert->hCertStore once cert ref count bug is fixed. */
2049 new_store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
2050 CertAddCertificateContextToStore(new_store, new_cert, CERT_STORE_ADD_NEW, NULL);
2051 issuer = CertFindCertificateInStore(new_store, cert->dwCertEncodingType, 0, type, para, NULL);
2052 CertFreeCertificateContext(new_cert);
2053 CertCloseStore(new_store, 0);
2054 if(issuer)
2055 {
2056 TRACE("Found downloaded issuer %p\n", issuer);
2057 break;
2058 }
2059 }
2060 }
2061
2062 HeapFree(GetProcessHeap(), 0, urls);
2063 return issuer;
2064 }
2065
2066 static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
2067 HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer,
2068 DWORD flags, DWORD *infoStatus)
2069 {
2070 PCCERT_CONTEXT issuer = NULL;
2071 PCERT_EXTENSION ext;
2072 DWORD size;
2073
2074 *infoStatus = 0;
2075 if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
2076 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
2077 {
2078 CERT_AUTHORITY_KEY_ID_INFO *info;
2079 BOOL ret;
2080
2081 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
2082 X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
2083 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
2084 &info, &size);
2085 if (ret)
2086 {
2087 CERT_ID id;
2088
2089 if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
2090 {
2091 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
2092 memcpy(&id.u.IssuerSerialNumber.Issuer, &info->CertIssuer,
2093 sizeof(CERT_NAME_BLOB));
2094 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
2095 &info->CertSerialNumber, sizeof(CRYPT_INTEGER_BLOB));
2096
2097 issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2098 if (issuer)
2099 {
2100 TRACE_(chain)("issuer found by issuer/serial number\n");
2101 *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER;
2102 }
2103 }
2104 else if (info->KeyId.cbData)
2105 {
2106 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
2107
2108 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
2109 issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2110 if (issuer)
2111 {
2112 TRACE_(chain)("issuer found by key id\n");
2113 *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
2114 }
2115 }
2116 LocalFree(info);
2117 }
2118 }
2119 else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
2120 subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
2121 {
2122 CERT_AUTHORITY_KEY_ID2_INFO *info;
2123 BOOL ret;
2124
2125 ret = CryptDecodeObjectEx(subject->dwCertEncodingType,
2126 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
2127 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
2128 &info, &size);
2129 if (ret)
2130 {
2131 CERT_ID id;
2132
2133 if (info->AuthorityCertIssuer.cAltEntry &&
2134 info->AuthorityCertSerialNumber.cbData)
2135 {
2136 PCERT_ALT_NAME_ENTRY directoryName = NULL;
2137 DWORD i;
2138
2139 for (i = 0; !directoryName &&
2140 i < info->AuthorityCertIssuer.cAltEntry; i++)
2141 if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
2142 == CERT_ALT_NAME_DIRECTORY_NAME)
2143 directoryName =
2144 &info->AuthorityCertIssuer.rgAltEntry[i];
2145 if (directoryName)
2146 {
2147 id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
2148 memcpy(&id.u.IssuerSerialNumber.Issuer,
2149 &directoryName->u.DirectoryName, sizeof(CERT_NAME_BLOB));
2150 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
2151 &info->AuthorityCertSerialNumber,
2152 sizeof(CRYPT_INTEGER_BLOB));
2153
2154 issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2155 if (issuer)
2156 {
2157 TRACE_(chain)("issuer found by directory name\n");
2158 *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER;
2159 }
2160 }
2161 else
2162 FIXME("no supported name type in authority key id2\n");
2163 }
2164 else if (info->KeyId.cbData)
2165 {
2166 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
2167 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
2168 issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2169 if (issuer)
2170 {
2171 TRACE_(chain)("issuer found by key id\n");
2172 *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
2173 }
2174 }
2175 LocalFree(info);
2176 }
2177 }
2178 else
2179 {
2180 issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_SUBJECT_NAME,
2181 &subject->pCertInfo->Issuer, flags, prevIssuer);
2182 TRACE_(chain)("issuer found by name\n");
2183 *infoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
2184 }
2185 return issuer;
2186 }
2187
2188 /* Builds a simple chain by finding an issuer for the last cert in the chain,
2189 * until reaching a self-signed cert, or until no issuer can be found.
2190 */
2191 static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine,
2192 HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
2193 {
2194 BOOL ret = TRUE;
2195 PCCERT_CONTEXT cert = chain->rgpElement[chain->cElement - 1]->pCertContext;
2196
2197 while (ret && !CRYPT_IsSimpleChainCyclic(chain) &&
2198 !CRYPT_IsCertificateSelfSigned(cert))
2199 {
2200 PCCERT_CONTEXT issuer = CRYPT_GetIssuer(engine, world, cert, NULL, flags,
2201 &chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus);
2202
2203 if (issuer)
2204 {
2205 ret = CRYPT_AddCertToSimpleChain(engine, chain, issuer,
2206 chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus);
2207 /* CRYPT_AddCertToSimpleChain add-ref's the issuer, so free it to
2208 * close the enumeration that found it
2209 */
2210 CertFreeCertificateContext(issuer);
2211 cert = issuer;
2212 }
2213 else
2214 {
2215 TRACE_(chain)("Couldn't find issuer, halting chain creation\n");
2216 chain->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_PARTIAL_CHAIN;
2217 break;
2218 }
2219 }
2220 return ret;
2221 }
2222
2223 static LPCSTR debugstr_filetime(LPFILETIME pTime)
2224 {
2225 if (!pTime)
2226 return "(nil)";
2227 return wine_dbg_sprintf("%p (%s)", pTime, filetime_to_str(pTime));
2228 }
2229
2230 static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine,
2231 HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags,
2232 PCERT_SIMPLE_CHAIN *ppChain)
2233 {
2234 BOOL ret = FALSE;
2235 PCERT_SIMPLE_CHAIN chain;
2236
2237 TRACE("(%p, %p, %p, %s)\n", engine, world, cert, debugstr_filetime(pTime));
2238
2239 chain = CryptMemAlloc(sizeof(CERT_SIMPLE_CHAIN));
2240 if (chain)
2241 {
2242 memset(chain, 0, sizeof(CERT_SIMPLE_CHAIN));
2243 chain->cbSize = sizeof(CERT_SIMPLE_CHAIN);
2244 ret = CRYPT_AddCertToSimpleChain(engine, chain, cert, 0);
2245 if (ret)
2246 {
2247 ret = CRYPT_BuildSimpleChain(engine, world, flags, chain);
2248 if (ret)
2249 CRYPT_CheckSimpleChain(engine, chain, pTime);
2250 }
2251 if (!ret)
2252 {
2253 CRYPT_FreeSimpleChain(chain);
2254 chain = NULL;
2255 }
2256 *ppChain = chain;
2257 }
2258 return ret;
2259 }
2260
2261 static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine,
2262 PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags,
2263 CertificateChain **ppChain)
2264 {
2265 PCERT_SIMPLE_CHAIN simpleChain = NULL;
2266 HCERTSTORE world;
2267 BOOL ret;
2268
2269 world = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
2270 CERT_STORE_CREATE_NEW_FLAG, NULL);
2271 CertAddStoreToCollection(world, engine->hWorld, 0, 0);
2272 if (hAdditionalStore)
2273 CertAddStoreToCollection(world, hAdditionalStore, 0, 0);
2274 /* FIXME: only simple chains are supported for now, as CTLs aren't
2275 * supported yet.
2276 */
2277 if ((ret = CRYPT_GetSimpleChainForCert(engine, world, cert, pTime, flags, &simpleChain)))
2278 {
2279 CertificateChain *chain = CryptMemAlloc(sizeof(CertificateChain));
2280
2281 if (chain)
2282 {
2283 chain->ref = 1;
2284 chain->world = world;
2285 chain->context.cbSize = sizeof(CERT_CHAIN_CONTEXT);
2286 chain->context.TrustStatus = simpleChain->TrustStatus;
2287 chain->context.cChain = 1;
2288 chain->context.rgpChain = CryptMemAlloc(sizeof(PCERT_SIMPLE_CHAIN));
2289 chain->context.rgpChain[0] = simpleChain;
2290 chain->context.cLowerQualityChainContext = 0;
2291 chain->context.rgpLowerQualityChainContext = NULL;
2292 chain->context.fHasRevocationFreshnessTime = FALSE;
2293 chain->context.dwRevocationFreshnessTime = 0;
2294 }
2295 else
2296 ret = FALSE;
2297 *ppChain = chain;
2298 }
2299 return ret;
2300 }
2301
2302 /* Makes and returns a copy of chain, up to and including element iElement. */
2303 static PCERT_SIMPLE_CHAIN CRYPT_CopySimpleChainToElement(
2304 const CERT_SIMPLE_CHAIN *chain, DWORD iElement)
2305 {
2306 PCERT_SIMPLE_CHAIN copy = CryptMemAlloc(sizeof(CERT_SIMPLE_CHAIN));
2307
2308 if (copy)
2309 {
2310 memset(copy, 0, sizeof(CERT_SIMPLE_CHAIN));
2311 copy->cbSize = sizeof(CERT_SIMPLE_CHAIN);
2312 copy->rgpElement =
2313 CryptMemAlloc((iElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
2314 if (copy->rgpElement)
2315 {
2316 DWORD i;
2317 BOOL ret = TRUE;
2318
2319 memset(copy->rgpElement, 0,
2320 (iElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
2321 for (i = 0; ret && i <= iElement; i++)
2322 {
2323 PCERT_CHAIN_ELEMENT element =
2324 CryptMemAlloc(sizeof(CERT_CHAIN_ELEMENT));
2325
2326 if (element)
2327 {
2328 *element = *chain->rgpElement[i];
2329 element->pCertContext = CertDuplicateCertificateContext(
2330 chain->rgpElement[i]->pCertContext);
2331 /* Reset the trust status of the copied element, it'll get
2332 * rechecked after the new chain is done.
2333 */
2334 memset(&element->TrustStatus, 0, sizeof(CERT_TRUST_STATUS));
2335 copy->rgpElement[copy->cElement++] = element;
2336 }
2337 else
2338 ret = FALSE;
2339 }
2340 if (!ret)
2341 {
2342 for (i = 0; i <= iElement; i++)
2343 CryptMemFree(copy->rgpElement[i]);
2344 CryptMemFree(copy->rgpElement);
2345 CryptMemFree(copy);
2346 copy = NULL;
2347 }
2348 }
2349 else
2350 {
2351 CryptMemFree(copy);
2352 copy = NULL;
2353 }
2354 }
2355 return copy;
2356 }
2357
2358 static void CRYPT_FreeLowerQualityChains(CertificateChain *chain)
2359 {
2360 DWORD i;
2361
2362 for (i = 0; i < chain->context.cLowerQualityChainContext; i++)
2363 CertFreeCertificateChain(chain->context.rgpLowerQualityChainContext[i]);
2364 CryptMemFree(chain->context.rgpLowerQualityChainContext);
2365 chain->context.cLowerQualityChainContext = 0;
2366 chain->context.rgpLowerQualityChainContext = NULL;
2367 }
2368
2369 static void CRYPT_FreeChainContext(CertificateChain *chain)
2370 {
2371 DWORD i;
2372
2373 CRYPT_FreeLowerQualityChains(chain);
2374 for (i = 0; i < chain->context.cChain; i++)
2375 CRYPT_FreeSimpleChain(chain->context.rgpChain[i]);
2376 CryptMemFree(chain->context.rgpChain);
2377 CertCloseStore(chain->world, 0);
2378 CryptMemFree(chain);
2379 }
2380
2381 /* Makes and returns a copy of chain, up to and including element iElement of
2382 * simple chain iChain.
2383 */
2384 static CertificateChain *CRYPT_CopyChainToElement(CertificateChain *chain,
2385 DWORD iChain, DWORD iElement)
2386 {
2387 CertificateChain *copy = CryptMemAlloc(sizeof(CertificateChain));
2388
2389 if (copy)
2390 {
2391 copy->ref = 1;
2392 copy->world = CertDuplicateStore(chain->world);
2393 copy->context.cbSize = sizeof(CERT_CHAIN_CONTEXT);
2394 /* Leave the trust status of the copied chain unset, it'll get
2395 * rechecked after the new chain is done.
2396 */
2397 memset(&copy->context.TrustStatus, 0, sizeof(CERT_TRUST_STATUS));
2398 copy->context.cLowerQualityChainContext = 0;
2399 copy->context.rgpLowerQualityChainContext = NULL;
2400 copy->context.fHasRevocationFreshnessTime = FALSE;
2401 copy->context.dwRevocationFreshnessTime = 0;
2402 copy->context.rgpChain = CryptMemAlloc(
2403 (iChain + 1) * sizeof(PCERT_SIMPLE_CHAIN));
2404 if (copy->context.rgpChain)
2405 {
2406 BOOL ret = TRUE;
2407 DWORD i;
2408
2409 memset(copy->context.rgpChain, 0,
2410 (iChain + 1) * sizeof(PCERT_SIMPLE_CHAIN));
2411 if (iChain)
2412 {
2413 for (i = 0; ret && iChain && i < iChain - 1; i++)
2414 {
2415 copy->context.rgpChain[i] =
2416 CRYPT_CopySimpleChainToElement(chain->context.rgpChain[i],
2417 chain->context.rgpChain[i]->cElement - 1);
2418 if (!copy->context.rgpChain[i])
2419 ret = FALSE;
2420 }
2421 }
2422 else
2423 i = 0;
2424 if (ret)
2425 {
2426 copy->context.rgpChain[i] =
2427 CRYPT_CopySimpleChainToElement(chain->context.rgpChain[i],
2428 iElement);
2429 if (!copy->context.rgpChain[i])
2430 ret = FALSE;
2431 }
2432 if (!ret)
2433 {
2434 CRYPT_FreeChainContext(copy);
2435 copy = NULL;
2436 }
2437 else
2438 copy->context.cChain = iChain + 1;
2439 }
2440 else
2441 {
2442 CryptMemFree(copy);
2443 copy = NULL;
2444 }
2445 }
2446 return copy;
2447 }
2448
2449 static CertificateChain *CRYPT_BuildAlternateContextFromChain(
2450 CertificateChainEngine *engine, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
2451 DWORD flags, CertificateChain *chain)
2452 {
2453 CertificateChain *alternate;
2454
2455 TRACE("(%p, %s, %p, %p)\n", engine, debugstr_filetime(pTime),
2456 hAdditionalStore, chain);
2457
2458 /* Always start with the last "lower quality" chain to ensure a consistent
2459 * order of alternate creation:
2460 */
2461 if (chain->context.cLowerQualityChainContext)
2462 chain = (CertificateChain*)chain->context.rgpLowerQualityChainContext[
2463 chain->context.cLowerQualityChainContext - 1];
2464 /* A chain with only one element can't have any alternates */
2465 if (chain->context.cChain <= 1 && chain->context.rgpChain[0]->cElement <= 1)
2466 alternate = NULL;
2467 else
2468 {
2469 DWORD i, j, infoStatus;
2470 PCCERT_CONTEXT alternateIssuer = NULL;
2471
2472 alternate = NULL;
2473 for (i = 0; !alternateIssuer && i < chain->context.cChain; i++)
2474 for (j = 0; !alternateIssuer &&
2475 j < chain->context.rgpChain[i]->cElement - 1; j++)
2476 {
2477 PCCERT_CONTEXT subject =
2478 chain->context.rgpChain[i]->rgpElement[j]->pCertContext;
2479 PCCERT_CONTEXT prevIssuer = CertDuplicateCertificateContext(
2480 chain->context.rgpChain[i]->rgpElement[j + 1]->pCertContext);
2481
2482 alternateIssuer = CRYPT_GetIssuer(engine, prevIssuer->hCertStore,
2483 subject, prevIssuer, flags, &infoStatus);
2484 }
2485 if (alternateIssuer)
2486 {
2487 i--;
2488 j--;
2489 alternate = CRYPT_CopyChainToElement(chain, i, j);
2490 if (alternate)
2491 {
2492 BOOL ret = CRYPT_AddCertToSimpleChain(engine,
2493 alternate->context.rgpChain[i], alternateIssuer, infoStatus);
2494
2495 /* CRYPT_AddCertToSimpleChain add-ref's the issuer, so free it
2496 * to close the enumeration that found it
2497 */
2498 CertFreeCertificateContext(alternateIssuer);
2499 if (ret)
2500 {
2501 ret = CRYPT_BuildSimpleChain(engine, alternate->world,
2502 flags, alternate->context.rgpChain[i]);
2503 if (ret)
2504 CRYPT_CheckSimpleChain(engine,
2505 alternate->context.rgpChain[i], pTime);
2506 CRYPT_CombineTrustStatus(&alternate->context.TrustStatus,
2507 &alternate->context.rgpChain[i]->TrustStatus);
2508 }
2509 if (!ret)
2510 {
2511 CRYPT_FreeChainContext(alternate);
2512 alternate = NULL;
2513 }
2514 }
2515 }
2516 }
2517 TRACE("%p\n", alternate);
2518 return alternate;
2519 }
2520
2521 #define CHAIN_QUALITY_SIGNATURE_VALID 0x16
2522 #define CHAIN_QUALITY_TIME_VALID 8
2523 #define CHAIN_QUALITY_COMPLETE_CHAIN 4
2524 #define CHAIN_QUALITY_BASIC_CONSTRAINTS 2
2525 #define CHAIN_QUALITY_TRUSTED_ROOT 1
2526
2527 #define CHAIN_QUALITY_HIGHEST \
2528 CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \
2529 CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
2530 CHAIN_QUALITY_TRUSTED_ROOT
2531
2532 #define IS_TRUST_ERROR_SET(TrustStatus, bits) \
2533 (TrustStatus)->dwErrorStatus & (bits)
2534
2535 static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
2536 {
2537 DWORD quality = CHAIN_QUALITY_HIGHEST;
2538
2539 if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2540 CERT_TRUST_IS_UNTRUSTED_ROOT))
2541 quality &= ~CHAIN_QUALITY_TRUSTED_ROOT;
2542 if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2543 CERT_TRUST_INVALID_BASIC_CONSTRAINTS))
2544 quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS;
2545 if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2546 CERT_TRUST_IS_PARTIAL_CHAIN))
2547 quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;
2548 if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2549 CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_NOT_TIME_NESTED))
2550 quality &= ~CHAIN_QUALITY_TIME_VALID;
2551 if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2552 CERT_TRUST_IS_NOT_SIGNATURE_VALID))
2553 quality &= ~CHAIN_QUALITY_SIGNATURE_VALID;
2554 return quality;
2555 }
2556
2557 /* Chooses the highest quality chain among chain and its "lower quality"
2558 * alternate chains. Returns the highest quality chain, with all other
2559 * chains as lower quality chains of it.
2560 */
2561 static CertificateChain *CRYPT_ChooseHighestQualityChain(
2562 CertificateChain *chain)
2563 {
2564 DWORD i;
2565
2566 /* There are always only two chains being considered: chain, and an
2567 * alternate at chain->rgpLowerQualityChainContext[i]. If the alternate
2568 * has a higher quality than chain, the alternate gets assigned the lower
2569 * quality contexts, with chain taking the alternate's place among the
2570 * lower quality contexts.
2571 */
2572 for (i = 0; i < chain->context.cLowerQualityChainContext; i++)
2573 {
2574 CertificateChain *alternate =
2575 (CertificateChain*)chain->context.rgpLowerQualityChainContext[i];
2576
2577 if (CRYPT_ChainQuality(alternate) > CRYPT_ChainQuality(chain))
2578 {
2579 alternate->context.cLowerQualityChainContext =
2580 chain->context.cLowerQualityChainContext;
2581 alternate->context.rgpLowerQualityChainContext =
2582 chain->context.rgpLowerQualityChainContext;
2583 alternate->context.rgpLowerQualityChainContext[i] =
2584 (PCCERT_CHAIN_CONTEXT)chain;
2585 chain->context.cLowerQualityChainContext = 0;
2586 chain->context.rgpLowerQualityChainContext = NULL;
2587 chain = alternate;
2588 }
2589 }
2590 return chain;
2591 }
2592
2593 static BOOL CRYPT_AddAlternateChainToChain(CertificateChain *chain,
2594 const CertificateChain *alternate)
2595 {
2596 BOOL ret;
2597
2598 if (chain->context.cLowerQualityChainContext)
2599 chain->context.rgpLowerQualityChainContext =
2600 CryptMemRealloc(chain->context.rgpLowerQualityChainContext,
2601 (chain->context.cLowerQualityChainContext + 1) *
2602 sizeof(PCCERT_CHAIN_CONTEXT));
2603 else
2604 chain->context.rgpLowerQualityChainContext =
2605 CryptMemAlloc(sizeof(PCCERT_CHAIN_CONTEXT));
2606 if (chain->context.rgpLowerQualityChainContext)
2607 {
2608 chain->context.rgpLowerQualityChainContext[
2609 chain->context.cLowerQualityChainContext++] =
2610 (PCCERT_CHAIN_CONTEXT)alternate;
2611 ret = TRUE;
2612 }
2613 else
2614 ret = FALSE;
2615 return ret;
2616 }
2617
2618 static PCERT_CHAIN_ELEMENT CRYPT_FindIthElementInChain(
2619 const CERT_CHAIN_CONTEXT *chain, DWORD i)
2620 {
2621 DWORD j, iElement;
2622 PCERT_CHAIN_ELEMENT element = NULL;
2623
2624 for (j = 0, iElement = 0; !element && j < chain->cChain; j++)
2625 {
2626 if (iElement + chain->rgpChain[j]->cElement < i)
2627 iElement += chain->rgpChain[j]->cElement;
2628 else
2629 element = chain->rgpChain[j]->rgpElement[i - iElement];
2630 }
2631 return element;
2632 }
2633
2634 typedef struct _CERT_CHAIN_PARA_NO_EXTRA_FIELDS {
2635 DWORD cbSize;
2636 CERT_USAGE_MATCH RequestedUsage;
2637 } CERT_CHAIN_PARA_NO_EXTRA_FIELDS;
2638
2639 static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
2640 LPFILETIME pTime, HCERTSTORE hAdditionalStore,
2641 const CERT_CHAIN_PARA *pChainPara, DWORD chainFlags)
2642 {
2643 DWORD cContext;
2644
2645 if (chainFlags & CERT_CHAIN_REVOCATION_CHECK_END_CERT)
2646 cContext = 1;
2647 else if ((chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN) ||
2648 (chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT))
2649 {
2650 DWORD i;
2651
2652 for (i = 0, cContext = 0; i < chain->cChain; i++)
2653 {
2654 if (i < chain->cChain - 1 ||
2655 chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN)
2656 cContext += chain->rgpChain[i]->cElement;
2657 else
2658 cContext += chain->rgpChain[i]->cElement - 1;
2659 }
2660 }
2661 else
2662 cContext = 0;
2663 if (cContext)
2664 {
2665 DWORD i, j, iContext, revocationFlags;
2666 CERT_REVOCATION_PARA revocationPara = { sizeof(revocationPara), 0 };
2667 CERT_REVOCATION_STATUS revocationStatus =
2668 { sizeof(revocationStatus), 0 };
2669 BOOL ret;
2670
2671 revocationFlags = CERT_VERIFY_REV_CHAIN_FLAG;
2672 if (chainFlags & CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY)
2673 revocationFlags |= CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION;
2674 if (chainFlags & CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT)
2675 revocationFlags |= CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG;
2676 revocationPara.pftTimeToUse = pTime;
2677 if (hAdditionalStore)
2678 {
2679 revocationPara.cCertStore = 1;
2680 revocationPara.rgCertStore = &hAdditionalStore;
2681 revocationPara.hCrlStore = hAdditionalStore;
2682 }
2683 if (pChainPara->cbSize == sizeof(CERT_CHAIN_PARA))
2684 {
2685 revocationPara.dwUrlRetrievalTimeout =
2686 pChainPara->dwUrlRetrievalTimeout;
2687 revocationPara.fCheckFreshnessTime =
2688 pChainPara->fCheckRevocationFreshnessTime;
2689 revocationPara.dwFreshnessTime =
2690 pChainPara->dwRevocationFreshnessTime;
2691 }
2692 for (i = 0, iContext = 0; iContext < cContext && i < chain->cChain; i++)
2693 {
2694 for (j = 0; iContext < cContext &&
2695 j < chain->rgpChain[i]->cElement; j++, iContext++)
2696 {
2697 PCCERT_CONTEXT certToCheck =
2698 chain->rgpChain[i]->rgpElement[j]->pCertContext;
2699
2700 if (j < chain->rgpChain[i]->cElement - 1)
2701 revocationPara.pIssuerCert =
2702 chain->rgpChain[i]->rgpElement[j + 1]->pCertContext;
2703 else
2704 revocationPara.pIssuerCert = NULL;
2705 ret = CertVerifyRevocation(X509_ASN_ENCODING,
2706 CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
2707 revocationFlags, &revocationPara, &revocationStatus);
2708 if (!ret)
2709 {
2710 PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(
2711 chain, iContext);
2712 DWORD error;
2713
2714 switch (revocationStatus.dwError)
2715 {
2716 case CRYPT_E_NO_REVOCATION_CHECK:
2717 case CRYPT_E_NO_REVOCATION_DLL:
2718 case CRYPT_E_NOT_IN_REVOCATION_DATABASE:
2719 /* If the revocation status is unknown, it's assumed
2720 * to be offline too.
2721 */
2722 error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
2723 CERT_TRUST_IS_OFFLINE_REVOCATION;
2724 break;
2725 case CRYPT_E_REVOCATION_OFFLINE:
2726 error = CERT_TRUST_IS_OFFLINE_REVOCATION;
2727 break;
2728 case CRYPT_E_REVOKED:
2729 error = CERT_TRUST_IS_REVOKED;
2730 break;
2731 default:
2732 WARN("unmapped error %08x\n", revocationStatus.dwError);
2733 error = 0;
2734 }
2735 if (element)
2736 {
2737 /* FIXME: set element's pRevocationInfo member */
2738 element->TrustStatus.dwErrorStatus |= error;
2739 }
2740 chain->TrustStatus.dwErrorStatus |= error;
2741 }
2742 }
2743 }
2744 }
2745 }
2746
2747 static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain,
2748 const CERT_CHAIN_PARA *pChainPara)
2749 {
2750 if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA_NO_EXTRA_FIELDS) &&
2751 pChainPara->RequestedUsage.Usage.cUsageIdentifier)
2752 {
2753 PCCERT_CONTEXT endCert;
2754 PCERT_EXTENSION ext;
2755 BOOL validForUsage;
2756
2757 /* A chain, if created, always includes the end certificate */
2758 endCert = chain->rgpChain[0]->rgpElement[0]->pCertContext;
2759 /* The extended key usage extension specifies how a certificate's
2760 * public key may be used. From RFC 5280, section 4.2.1.12:
2761 * "This extension indicates one or more purposes for which the
2762 * certified public key may be used, in addition to or in place of the
2763 * basic purposes indicated in the key usage extension."
2764 * If the extension is present, it only satisfies the requested usage
2765 * if that usage is included in the extension:
2766 * "If the extension is present, then the certificate MUST only be used
2767 * for one of the purposes indicated."
2768 * There is also the special anyExtendedKeyUsage OID, but it doesn't
2769 * have to be respected:
2770 * "Applications that require the presence of a particular purpose
2771 * MAY reject certificates that include the anyExtendedKeyUsage OID
2772 * but not the particular OID expected for the application."
2773 * For now, I'm being more conservative and ignoring the presence of
2774 * the anyExtendedKeyUsage OID.
2775 */
2776 if ((ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
2777 endCert->pCertInfo->cExtension, endCert->pCertInfo->rgExtension)))
2778 {
2779 const CERT_ENHKEY_USAGE *requestedUsage =
2780 &pChainPara->RequestedUsage.Usage;
2781 CERT_ENHKEY_USAGE *usage;
2782 DWORD size;
2783
2784 if (CryptDecodeObjectEx(X509_ASN_ENCODING,
2785 X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
2786 CRYPT_DECODE_ALLOC_FLAG, NULL, &usage, &size))
2787 {
2788 if (pChainPara->RequestedUsage.dwType == USAGE_MATCH_TYPE_AND)
2789 {
2790 DWORD i, j;
2791
2792 /* For AND matches, all usages must be present */
2793 validForUsage = TRUE;
2794 for (i = 0; validForUsage &&
2795 i < requestedUsage->cUsageIdentifier; i++)
2796 {
2797 BOOL match = FALSE;
2798
2799 for (j = 0; !match && j < usage->cUsageIdentifier; j++)
2800 match = !strcmp(usage->rgpszUsageIdentifier[j],
2801 requestedUsage->rgpszUsageIdentifier[i]);
2802 if (!match)
2803 validForUsage = FALSE;
2804 }
2805 }
2806 else
2807 {
2808 DWORD i, j;
2809
2810 /* For OR matches, any matching usage suffices */
2811 validForUsage = FALSE;
2812 for (i = 0; !validForUsage &&
2813 i < requestedUsage->cUsageIdentifier; i++)
2814 {
2815 for (j = 0; !validForUsage &&
2816 j < usage->cUsageIdentifier; j++)
2817 validForUsage =
2818 !strcmp(usage->rgpszUsageIdentifier[j],
2819 requestedUsage->rgpszUsageIdentifier[i]);
2820 }
2821 }
2822 LocalFree(usage);
2823 }
2824 else
2825 validForUsage = FALSE;
2826 }
2827 else
2828 {
2829 /* If the extension isn't present, any interpretation is valid:
2830 * "Certificate using applications MAY require that the extended
2831 * key usage extension be present and that a particular purpose
2832 * be indicated in order for the certificate to be acceptable to
2833 * that application."
2834 * Not all web sites include the extended key usage extension, so
2835 * accept chains without it.
2836 */
2837 TRACE_(chain)("requested usage from certificate with no usages\n");
2838 validForUsage = TRUE;
2839 }
2840 if (!validForUsage)
2841 {
2842 chain->TrustStatus.dwErrorStatus |=
2843 CERT_TRUST_IS_NOT_VALID_FOR_USAGE;
2844 chain->rgpChain[0]->rgpElement[0]->TrustStatus.dwErrorStatus |=
2845 CERT_TRUST_IS_NOT_VALID_FOR_USAGE;
2846 }
2847 }
2848 if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA) &&
2849 pChainPara->RequestedIssuancePolicy.Usage.cUsageIdentifier)
2850 FIXME("unimplemented for RequestedIssuancePolicy\n");
2851 }
2852
2853 static void dump_usage_match(LPCSTR name, const CERT_USAGE_MATCH *usageMatch)
2854 {
2855 if (usageMatch->Usage.cUsageIdentifier)
2856 {
2857 DWORD i;
2858
2859 TRACE_(chain)("%s: %s\n", name,
2860 usageMatch->dwType == USAGE_MATCH_TYPE_AND ? "AND" : "OR");
2861 for (i = 0; i < usageMatch->Usage.cUsageIdentifier; i++)
2862 TRACE_(chain)("%s\n", usageMatch->Usage.rgpszUsageIdentifier[i]);
2863 }
2864 }
2865
2866 static void dump_chain_para(const CERT_CHAIN_PARA *pChainPara)
2867 {
2868 TRACE_(chain)("%d\n", pChainPara->cbSize);
2869 if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA_NO_EXTRA_FIELDS))
2870 dump_usage_match("RequestedUsage", &pChainPara->RequestedUsage);
2871 if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA))
2872 {
2873 dump_usage_match("RequestedIssuancePolicy",
2874 &pChainPara->RequestedIssuancePolicy);
2875 TRACE_(chain)("%d\n", pChainPara->dwUrlRetrievalTimeout);
2876 TRACE_(chain)("%d\n", pChainPara->fCheckRevocationFreshnessTime);
2877 TRACE_(chain)("%d\n", pChainPara->dwRevocationFreshnessTime);
2878 }
2879 }
2880
2881 BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine,
2882 PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
2883 PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved,
2884 PCCERT_CHAIN_CONTEXT* ppChainContext)
2885 {
2886 CertificateChainEngine *engine;
2887 BOOL ret;
2888 CertificateChain *chain = NULL;
2889
2890 TRACE("(%p, %p, %s, %p, %p, %08x, %p, %p)\n", hChainEngine, pCertContext,
2891 debugstr_filetime(pTime), hAdditionalStore, pChainPara, dwFlags,
2892 pvReserved, ppChainContext);
2893
2894 engine = get_chain_engine(hChainEngine, TRUE);
2895 if (!engine)
2896 return FALSE;
2897
2898 if (ppChainContext)
2899 *ppChainContext = NULL;
2900 if (!pChainPara)
2901 {
2902 SetLastError(E_INVALIDARG);
2903 return FALSE;
2904 }
2905 if (!pCertContext->pCertInfo->SignatureAlgorithm.pszObjId)
2906 {
2907 SetLastError(ERROR_INVALID_DATA);
2908 return FALSE;
2909 }
2910
2911 if (TRACE_ON(chain))
2912 dump_chain_para(pChainPara);
2913 /* FIXME: what about HCCE_LOCAL_MACHINE? */
2914 ret = CRYPT_BuildCandidateChainFromCert(engine, pCertContext, pTime,
2915 hAdditionalStore, dwFlags, &chain);
2916 if (ret)
2917 {
2918 CertificateChain *alternate = NULL;
2919 PCERT_CHAIN_CONTEXT pChain;
2920
2921 do {
2922 alternate = CRYPT_BuildAlternateContextFromChain(engine,
2923 pTime, hAdditionalStore, dwFlags, chain);
2924
2925 /* Alternate contexts are added as "lower quality" contexts of
2926 * chain, to avoid loops in alternate chain creation.
2927 * The highest-quality chain is chosen at the end.
2928 */
2929 if (alternate)
2930 ret = CRYPT_AddAlternateChainToChain(chain, alternate);
2931 } while (ret && alternate);
2932 chain = CRYPT_ChooseHighestQualityChain(chain);
2933 if (!(dwFlags & CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS))
2934 CRYPT_FreeLowerQualityChains(chain);
2935 pChain = (PCERT_CHAIN_CONTEXT)chain;
2936 CRYPT_VerifyChainRevocation(pChain, pTime, hAdditionalStore,
2937 pChainPara, dwFlags);
2938 CRYPT_CheckUsages(pChain, pChainPara);
2939 TRACE_(chain)("error status: %08x\n",
2940 pChain->TrustStatus.dwErrorStatus);
2941 if (ppChainContext)
2942 *ppChainContext = pChain;
2943 else
2944 CertFreeCertificateChain(pChain);
2945 }
2946 TRACE("returning %d\n", ret);
2947 return ret;
2948 }
2949
2950 PCCERT_CHAIN_CONTEXT WINAPI CertDuplicateCertificateChain(
2951 PCCERT_CHAIN_CONTEXT pChainContext)
2952 {
2953 CertificateChain *chain = (CertificateChain*)pChainContext;
2954
2955 TRACE("(%p)\n", pChainContext);
2956
2957 if (chain)
2958 InterlockedIncrement(&chain->ref);
2959 return pChainContext;
2960 }
2961
2962 VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
2963 {
2964 CertificateChain *chain = (CertificateChain*)pChainContext;
2965
2966 TRACE("(%p)\n", pChainContext);
2967
2968 if (chain)
2969 {
2970 if (InterlockedDecrement(&chain->ref) == 0)
2971 CRYPT_FreeChainContext(chain);
2972 }
2973 }
2974
2975 PCCERT_CHAIN_CONTEXT WINAPI CertFindChainInStore(HCERTSTORE store,
2976 DWORD certEncodingType, DWORD findFlags, DWORD findType,
2977 const void *findPara, PCCERT_CHAIN_CONTEXT prevChainContext)
2978 {
2979 FIXME("(%p, %08x, %08x, %d, %p, %p): stub\n", store, certEncodingType,
2980 findFlags, findType, findPara, prevChainContext);
2981 return NULL;
2982 }
2983
2984 static void find_element_with_error(PCCERT_CHAIN_CONTEXT chain, DWORD error,
2985 LONG *iChain, LONG *iElement)
2986 {
2987 DWORD i, j;
2988
2989 for (i = 0; i < chain->cChain; i++)
2990 for (j = 0; j < chain->rgpChain[i]->cElement; j++)
2991 if (chain->rgpChain[i]->rgpElement[j]->TrustStatus.dwErrorStatus &
2992 error)
2993 {
2994 *iChain = i;
2995 *iElement = j;
2996 return;
2997 }
2998 }
2999
3000 static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
3001 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3002 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
3003 {
3004 DWORD checks = 0;
3005
3006 if (pPolicyPara)
3007 checks = pPolicyPara->dwFlags;
3008 pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = -1;
3009 pPolicyStatus->dwError = NO_ERROR;
3010 if (pChainContext->TrustStatus.dwErrorStatus &
3011 CERT_TRUST_IS_NOT_SIGNATURE_VALID)
3012 {
3013 pPolicyStatus->dwError = TRUST_E_CERT_SIGNATURE;
3014 find_element_with_error(pChainContext,
3015 CERT_TRUST_IS_NOT_SIGNATURE_VALID, &pPolicyStatus->lChainIndex,
3016 &pPolicyStatus->lElementIndex);
3017 }
3018 else if (pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_CYCLIC)
3019 {
3020 pPolicyStatus->dwError = CERT_E_CHAINING;
3021 find_element_with_error(pChainContext, CERT_TRUST_IS_CYCLIC,
3022 &pPolicyStatus->lChainIndex, &pPolicyStatus->lElementIndex);
3023 /* For a cyclic chain, which element is a cycle isn't meaningful */
3024 pPolicyStatus->lElementIndex = -1;
3025 }
3026 if (!pPolicyStatus->dwError &&
3027 pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_UNTRUSTED_ROOT &&
3028 !(checks & CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG))
3029 {
3030 pPolicyStatus->dwError = CERT_E_UNTRUSTEDROOT;
3031 find_element_with_error(pChainContext,
3032 CERT_TRUST_IS_UNTRUSTED_ROOT, &pPolicyStatus->lChainIndex,
3033 &pPolicyStatus->lElementIndex);
3034 }
3035 if (!pPolicyStatus->dwError &&
3036 pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID)
3037 {
3038 pPolicyStatus->dwError = CERT_E_EXPIRED;
3039 find_element_with_error(pChainContext,
3040 CERT_TRUST_IS_NOT_TIME_VALID, &pPolicyStatus->lChainIndex,
3041 &pPolicyStatus->lElementIndex);
3042 }
3043 if (!pPolicyStatus->dwError &&
3044 pChainContext->TrustStatus.dwErrorStatus &
3045 CERT_TRUST_IS_NOT_VALID_FOR_USAGE &&
3046 !(checks & CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG))
3047 {
3048 pPolicyStatus->dwError = CERT_E_WRONG_USAGE;
3049 find_element_with_error(pChainContext,
3050 CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
3051 &pPolicyStatus->lElementIndex);
3052 }
3053 if (!pPolicyStatus->dwError &&
3054 pChainContext->TrustStatus.dwErrorStatus &
3055 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT &&
3056 !(checks & CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG))
3057 {
3058 pPolicyStatus->dwError = CERT_E_CRITICAL;
3059 find_element_with_error(pChainContext,
3060 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT, &pPolicyStatus->lChainIndex,
3061 &pPolicyStatus->lElementIndex);
3062 }
3063 return TRUE;
3064 }
3065
3066 static BYTE msTestPubKey1[] = {
3067 0x30,0x47,0x02,0x40,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,0xd9,
3068 0x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,0xf7,
3069 0x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,0x5f,
3070 0x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,0x10,
3071 0x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
3072 static BYTE msTestPubKey2[] = {
3073 0x30,0x47,0x02,0x40,0x9c,0x50,0x05,0x1d,0xe2,0x0e,0x4c,0x53,0xd8,0xd9,0xb5,
3074 0xe5,0xfd,0xe9,0xe3,0xad,0x83,0x4b,0x80,0x08,0xd9,0xdc,0xe8,0xe8,0x35,0xf8,
3075 0x11,0xf1,0xe9,0x9b,0x03,0x7a,0x65,0x64,0x76,0x35,0xce,0x38,0x2c,0xf2,0xb6,
3076 0x71,0x9e,0x06,0xd9,0xbf,0xbb,0x31,0x69,0xa3,0xf6,0x30,0xa0,0x78,0x7b,0x18,
3077 0xdd,0x50,0x4d,0x79,0x1e,0xeb,0x61,0xc1,0x02,0x03,0x01,0x00,0x01 };
3078
3079 static void dump_authenticode_extra_chain_policy_para(
3080 AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA *extraPara)
3081 {
3082 if (extraPara)
3083 {
3084 TRACE_(chain)("cbSize = %d\n", extraPara->cbSize);
3085 TRACE_(chain)("dwRegPolicySettings = %08x\n",
3086 extraPara->dwRegPolicySettings);
3087 TRACE_(chain)("pSignerInfo = %p\n", extraPara->pSignerInfo);
3088 }
3089 }
3090
3091 static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID,
3092 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3093 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
3094 {
3095 BOOL ret = verify_base_policy(szPolicyOID, pChainContext, pPolicyPara,
3096 pPolicyStatus);
3097 AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA *extraPara = NULL;
3098
3099 if (pPolicyPara)
3100 extraPara = pPolicyPara->pvExtraPolicyPara;
3101 if (TRACE_ON(chain))
3102 dump_authenticode_extra_chain_policy_para(extraPara);
3103 if (ret && pPolicyStatus->dwError == CERT_E_UNTRUSTEDROOT)
3104 {
3105 CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
3106 BOOL isMSTestRoot = FALSE;
3107 PCCERT_CONTEXT failingCert =
3108 pChainContext->rgpChain[pPolicyStatus->lChainIndex]->
3109 rgpElement[pPolicyStatus->lElementIndex]->pCertContext;
3110 DWORD i;
3111 CRYPT_DATA_BLOB keyBlobs[] = {
3112 { sizeof(msTestPubKey1), msTestPubKey1 },
3113 { sizeof(msTestPubKey2), msTestPubKey2 },
3114 };
3115
3116 /* Check whether the root is an MS test root */
3117 for (i = 0; !isMSTestRoot && i < sizeof(keyBlobs) / sizeof(keyBlobs[0]);
3118 i++)
3119 {
3120 msPubKey.PublicKey.cbData = keyBlobs[i].cbData;
3121 msPubKey.PublicKey.pbData = keyBlobs[i].pbData;
3122 if (CertComparePublicKeyInfo(
3123 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
3124 &failingCert->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
3125 isMSTestRoot = TRUE;
3126 }
3127 if (isMSTestRoot)
3128 pPolicyStatus->dwError = CERT_E_UNTRUSTEDTESTROOT;
3129 }
3130 return ret;
3131 }
3132
3133 static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID,
3134 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3135 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
3136 {
3137 pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = -1;
3138 if (pChainContext->TrustStatus.dwErrorStatus &
3139 CERT_TRUST_INVALID_BASIC_CONSTRAINTS)
3140 {
3141 pPolicyStatus->dwError = TRUST_E_BASIC_CONSTRAINTS;
3142 find_element_with_error(pChainContext,
3143 CERT_TRUST_INVALID_BASIC_CONSTRAINTS, &pPolicyStatus->lChainIndex,
3144 &pPolicyStatus->lElementIndex);
3145 }
3146 else
3147 pPolicyStatus->dwError = NO_ERROR;
3148 return TRUE;
3149 }
3150
3151 static BOOL match_dns_to_subject_alt_name(const CERT_EXTENSION *ext,
3152 LPCWSTR server_name)
3153 {
3154 BOOL matches = FALSE;
3155 CERT_ALT_NAME_INFO *subjectName;
3156 DWORD size;
3157
3158 TRACE_(chain)("%s\n", debugstr_w(server_name));
3159 /* This could be spoofed by the embedded NULL vulnerability, since the
3160 * returned CERT_ALT_NAME_INFO doesn't have a way to indicate the
3161 * encoded length of a name. Fortunately CryptDecodeObjectEx fails if
3162 * the encoded form of the name contains a NULL.
3163 */
3164 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
3165 ext->Value.pbData, ext->Value.cbData,
3166 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
3167 &subjectName, &size))
3168 {
3169 DWORD i;
3170
3171 /* RFC 5280 states that multiple instances of each name type may exist,
3172 * in section 4.2.1.6:
3173 * "Multiple name forms, and multiple instances of each name form,
3174 * MAY be included."
3175 * It doesn't specify the behavior in such cases, but both RFC 2818
3176 * and RFC 2595 explicitly accept a certificate if any name matches.
3177 */
3178 for (i = 0; !matches && i < subjectName->cAltEntry; i++)
3179 {
3180 if (subjectName->rgAltEntry[i].dwAltNameChoice ==
3181 CERT_ALT_NAME_DNS_NAME)
3182 {
3183 TRACE_(chain)("dNSName: %s\n", debugstr_w(
3184 subjectName->rgAltEntry[i].u.pwszDNSName));
3185 if (subjectName->rgAltEntry[i].u.pwszDNSName[0] == '*')
3186 {
3187 LPCWSTR server_name_dot;
3188
3189 /* Matching a wildcard: a wildcard matches a single name
3190 * component, which is terminated by a dot. RFC 1034
3191 * doesn't define whether multiple wildcards are allowed,
3192 * but I will assume that they are not until proven
3193 * otherwise. RFC 1034 also states that 'the "*" label
3194 * always matches at least one whole label and sometimes
3195 * more, but always whole labels.' Native crypt32 does not
3196 * match more than one label with a wildcard, so I do the
3197 * same here. Thus, a wildcard only accepts the first
3198 * label, then requires an exact match of the remaining
3199 * string.
3200 */
3201 server_name_dot = strchrW(server_name, '.');
3202 if (server_name_dot)
3203 {
3204 if (!strcmpiW(server_name_dot,
3205 subjectName->rgAltEntry[i].u.pwszDNSName + 1))
3206 matches = TRUE;
3207 }
3208 }
3209 else if (!strcmpiW(server_name,
3210 subjectName->rgAltEntry[i].u.pwszDNSName))
3211 matches = TRUE;
3212 }
3213 }
3214 LocalFree(subjectName);
3215 }
3216 return matches;
3217 }
3218
3219 static BOOL find_matching_domain_component(const CERT_NAME_INFO *name,
3220 LPCWSTR component)
3221 {
3222 BOOL matches = FALSE;
3223 DWORD i, j;
3224
3225 for (i = 0; !matches && i < name->cRDN; i++)
3226 for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
3227 if (!strcmp(szOID_DOMAIN_COMPONENT,
3228 name->rgRDN[i].rgRDNAttr[j].pszObjId))
3229 {
3230 const CERT_RDN_ATTR *attr;
3231
3232 attr = &name->rgRDN[i].rgRDNAttr[j];
3233 /* Compare with memicmpW rather than strcmpiW in order to avoid
3234 * a match with a string with an embedded NULL. The component
3235 * must match one domain component attribute's entire string
3236 * value with a case-insensitive match.
3237 */
3238 matches = !memicmpW(component, (LPCWSTR)attr->Value.pbData,
3239 attr->Value.cbData / sizeof(WCHAR));
3240 }
3241 return matches;
3242 }
3243
3244 static BOOL match_domain_component(LPCWSTR allowed_component, DWORD allowed_len,
3245 LPCWSTR server_component, DWORD server_len, BOOL allow_wildcards,
3246 BOOL *see_wildcard)
3247 {
3248 LPCWSTR allowed_ptr, server_ptr;
3249 BOOL matches = TRUE;
3250
3251 *see_wildcard = FALSE;
3252
3253 if (server_len < allowed_len)
3254 {
3255 WARN_(chain)("domain component %s too short for %s\n",
3256 debugstr_wn(server_component, server_len),
3257 debugstr_wn(allowed_component, allowed_len));
3258 /* A domain component can't contain a wildcard character, so a domain
3259 * component shorter than the allowed string can't produce a match.
3260 */
3261 return FALSE;
3262 }
3263 for (allowed_ptr = allowed_component, server_ptr = server_component;
3264 matches && allowed_ptr - allowed_component < allowed_len;
3265 allowed_ptr++, server_ptr++)
3266 {
3267 if (*allowed_ptr == '*')
3268 {
3269 if (allowed_ptr - allowed_component < allowed_len - 1)
3270 {
3271 WARN_(chain)("non-wildcard characters after wildcard not supported\n");
3272 matches = FALSE;
3273 }
3274 else if (!allow_wildcards)
3275 {
3276 WARN_(chain)("wildcard after non-wildcard component\n");
3277 matches = FALSE;
3278 }
3279 else
3280 {
3281 /* the preceding characters must have matched, so the rest of
3282 * the component also matches.
3283 */
3284 *see_wildcard = TRUE;
3285 break;
3286 }
3287 }
3288 if (matches)
3289 matches = tolowerW(*allowed_ptr) == tolowerW(*server_ptr);
3290 }
3291 if (matches && server_ptr - server_component < server_len)
3292 {
3293 /* If there are unmatched characters in the server domain component,
3294 * the server domain only matches if the allowed string ended in a '*'.
3295 */
3296 matches = *allowed_ptr == '*';
3297 }
3298 return matches;
3299 }
3300
3301 static BOOL match_common_name(LPCWSTR server_name, const CERT_RDN_ATTR *nameAttr)
3302 {
3303 LPCWSTR allowed = (LPCWSTR)nameAttr->Value.pbData;
3304 LPCWSTR allowed_component = allowed;
3305 DWORD allowed_len = nameAttr->Value.cbData / sizeof(WCHAR);
3306 LPCWSTR server_component = server_name;
3307 DWORD server_len = strlenW(server_name);
3308 BOOL matches = TRUE, allow_wildcards = TRUE;
3309
3310 TRACE_(chain)("CN = %s\n", debugstr_wn(allowed_component, allowed_len));
3311
3312 /* Remove trailing NULLs from the allowed name; while they shouldn't appear
3313 * in a certificate in the first place, they sometimes do, and they should
3314 * be ignored.
3315 */
3316 while (allowed_len && allowed_component[allowed_len - 1] == 0)
3317 allowed_len--;
3318
3319 /* From RFC 2818 (HTTP over TLS), section 3.1:
3320 * "Names may contain the wildcard character * which is considered to match
3321 * any single domain name component or component fragment. E.g.,
3322 * *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com
3323 * but not bar.com."
3324 *
3325 * And from RFC 2595 (Using TLS with IMAP, POP3 and ACAP), section 2.4:
3326 * "A "*" wildcard character MAY be used as the left-most name component in
3327 * the certificate. For example, *.example.com would match a.example.com,
3328 * foo.example.com, etc. but would not match example.com."
3329 *
3330 * There are other protocols which use TLS, and none of them is
3331 * authoritative. This accepts certificates in common usage, e.g.
3332 * *.domain.com matches www.domain.com but not domain.com, and
3333 * www*.domain.com matches www1.domain.com but not mail.domain.com.
3334 */
3335 do {
3336 LPCWSTR allowed_dot, server_dot;
3337
3338 allowed_dot = memchrW(allowed_component, '.',
3339 allowed_len - (allowed_component - allowed));
3340 server_dot = memchrW(server_component, '.',
3341 server_len - (server_component - server_name));
3342 /* The number of components must match */
3343 if ((!allowed_dot && server_dot) || (allowed_dot && !server_dot))
3344 {
3345 if (!allowed_dot)
3346 WARN_(chain)("%s: too many components for CN=%s\n",
3347 debugstr_w(server_name), debugstr_wn(allowed, allowed_len));
3348 else
3349 WARN_(chain)("%s: not enough components for CN=%s\n",
3350 debugstr_w(server_name), debugstr_wn(allowed, allowed_len));
3351 matches = FALSE;
3352 }
3353 else
3354 {
3355 LPCWSTR allowed_end, server_end;
3356 BOOL has_wildcard;
3357
3358 allowed_end = allowed_dot ? allowed_dot : allowed + allowed_len;
3359 server_end = server_dot ? server_dot : server_name + server_len;
3360 matches = match_domain_component(allowed_component,
3361 allowed_end - allowed_component, server_component,
3362 server_end - server_component, allow_wildcards, &has_wildcard);
3363 /* Once a non-wildcard component is seen, no wildcard components
3364 * may follow
3365 */
3366 if (!has_wildcard)
3367 allow_wildcards = FALSE;
3368 if (matches)
3369 {
3370 allowed_component = allowed_dot ? allowed_dot + 1 : allowed_end;
3371 server_component = server_dot ? server_dot + 1 : server_end;
3372 }
3373 }
3374 } while (matches && allowed_component &&
3375 allowed_component - allowed < allowed_len &&
3376 server_component && server_component - server_name < server_len);
3377 TRACE_(chain)("returning %d\n", matches);
3378 return matches;
3379 }
3380
3381 static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name)
3382 {
3383 BOOL matches = FALSE;
3384 CERT_NAME_INFO *name;
3385 DWORD size;
3386
3387 TRACE_(chain)("%s\n", debugstr_w(server_name));
3388 if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_UNICODE_NAME,
3389 cert->pCertInfo->Subject.pbData, cert->pCertInfo->Subject.cbData,
3390 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
3391 &name, &size))
3392 {
3393 /* If the subject distinguished name contains any name components,
3394 * make sure all of them are present.
3395 */
3396 if (CertFindRDNAttr(szOID_DOMAIN_COMPONENT, name))
3397 {
3398 LPCWSTR ptr = server_name;
3399
3400 do {
3401 LPCWSTR dot = strchrW(ptr, '.'), end;
3402 /* 254 is the maximum DNS label length, see RFC 1035 */
3403 WCHAR component[255];
3404 DWORD len;
3405
3406 end = dot ? dot : ptr + strlenW(ptr);
3407 len = end - ptr;
3408 if (len >= sizeof(component) / sizeof(component[0]))
3409 {
3410 WARN_(chain)("domain component %s too long\n",
3411 debugstr_wn(ptr, len));
3412 matches = FALSE;
3413 }
3414 else
3415 {
3416 memcpy(component, ptr, len * sizeof(WCHAR));
3417 component[len] = 0;
3418 matches = find_matching_domain_component(name, component);
3419 }
3420 ptr = dot ? dot + 1 : end;
3421 } while (matches && ptr && *ptr);
3422 }
3423 else
3424 {
3425 DWORD i, j;
3426
3427 /* If the certificate isn't using a DN attribute in the name, make
3428 * make sure at least one common name matches. From RFC 2818,
3429 * section 3.1:
3430 * "If more than one identity of a given type is present in the
3431 * certificate (e.g., more than one dNSName name, a match in any
3432 * one of the set is considered acceptable.)"
3433 */
3434 for (i = 0; !matches && i < name->cRDN; i++)
3435 for (j = 0; !matches && j < name->rgRDN[i].cRDNAttr; j++)
3436 {
3437 PCERT_RDN_ATTR attr = &name->rgRDN[i].rgRDNAttr[j];
3438
3439 if (attr->pszObjId && !strcmp(szOID_COMMON_NAME,
3440 attr->pszObjId))
3441 matches = match_common_name(server_name, attr);
3442 }
3443 }
3444 LocalFree(name);
3445 }
3446 return matches;
3447 }
3448
3449 static void dump_ssl_extra_chain_policy_para(HTTPSPolicyCallbackData *sslPara)
3450 {
3451 if (sslPara)
3452 {
3453 TRACE_(chain)("cbSize = %d\n", sslPara->u.cbSize);
3454 TRACE_(chain)("dwAuthType = %d\n", sslPara->dwAuthType);
3455 TRACE_(chain)("fdwChecks = %08x\n", sslPara->fdwChecks);
3456 TRACE_(chain)("pwszServerName = %s\n",
3457 debugstr_w(sslPara->pwszServerName));
3458 }
3459 }
3460
3461 static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
3462 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3463 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
3464 {
3465 HTTPSPolicyCallbackData *sslPara = NULL;
3466 DWORD checks = 0;
3467
3468 if (pPolicyPara)
3469 sslPara = pPolicyPara->pvExtraPolicyPara;
3470 if (TRACE_ON(chain))
3471 dump_ssl_extra_chain_policy_para(sslPara);
3472 if (sslPara && sslPara->u.cbSize >= sizeof(HTTPSPolicyCallbackData))
3473 checks = sslPara->fdwChecks;
3474 pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = -1;
3475 if (pChainContext->TrustStatus.dwErrorStatus &
3476 CERT_TRUST_IS_NOT_SIGNATURE_VALID)
3477 {
3478 pPolicyStatus->dwError = TRUST_E_CERT_SIGNATURE;
3479 find_element_with_error(pChainContext,
3480 CERT_TRUST_IS_NOT_SIGNATURE_VALID, &pPolicyStatus->lChainIndex,
3481 &pPolicyStatus->lElementIndex);
3482 }
3483 else if (pChainContext->TrustStatus.dwErrorStatus &
3484 CERT_TRUST_IS_UNTRUSTED_ROOT &&
3485 !(checks & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
3486 {
3487 pPolicyStatus->dwError = CERT_E_UNTRUSTEDROOT;
3488 find_element_with_error(pChainContext,
3489 CERT_TRUST_IS_UNTRUSTED_ROOT, &pPolicyStatus->lChainIndex,
3490 &pPolicyStatus->lElementIndex);
3491 }
3492 else if (pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_CYCLIC)
3493 {
3494 pPolicyStatus->dwError = CERT_E_UNTRUSTEDROOT;
3495 find_element_with_error(pChainContext,
3496 CERT_TRUST_IS_CYCLIC, &pPolicyStatus->lChainIndex,
3497 &pPolicyStatus->lElementIndex);
3498 /* For a cyclic chain, which element is a cycle isn't meaningful */
3499 pPolicyStatus->lElementIndex = -1;
3500 }
3501 else if (pChainContext->TrustStatus.dwErrorStatus &
3502 CERT_TRUST_IS_NOT_TIME_VALID &&
3503 !(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
3504 {
3505 pPolicyStatus->dwError = CERT_E_EXPIRED;
3506 find_element_with_error(pChainContext,
3507 CERT_TRUST_IS_NOT_TIME_VALID, &pPolicyStatus->lChainIndex,
3508 &pPolicyStatus->lElementIndex);
3509 }
3510 else if (pChainContext->TrustStatus.dwErrorStatus &
3511 CERT_TRUST_IS_NOT_VALID_FOR_USAGE &&
3512 !(checks & SECURITY_FLAG_IGNORE_WRONG_USAGE))
3513 {
3514 pPolicyStatus->dwError = CERT_E_WRONG_USAGE;
3515 find_element_with_error(pChainContext,
3516 CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
3517 &pPolicyStatus->lElementIndex);
3518 }
3519 else if (pChainContext->TrustStatus.dwErrorStatus &
3520 CERT_TRUST_IS_REVOKED && !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
3521 {
3522 pPolicyStatus->dwError = CERT_E_REVOKED;
3523 find_element_with_error(pChainContext,
3524 CERT_TRUST_IS_REVOKED, &pPolicyStatus->lChainIndex,
3525 &pPolicyStatus->lElementIndex);
3526 }
3527 else if (pChainContext->TrustStatus.dwErrorStatus &
3528 CERT_TRUST_IS_OFFLINE_REVOCATION &&
3529 !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
3530 {
3531 pPolicyStatus->dwError = CERT_E_REVOCATION_FAILURE;
3532 find_element_with_error(pChainContext,
3533 CERT_TRUST_IS_OFFLINE_REVOCATION, &pPolicyStatus->lChainIndex,
3534 &pPolicyStatus->lElementIndex);
3535 }
3536 else if (pChainContext->TrustStatus.dwErrorStatus &
3537 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT)
3538 {
3539 pPolicyStatus->dwError = CERT_E_CRITICAL;
3540 find_element_with_error(pChainContext,
3541 CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT, &pPolicyStatus->lChainIndex,
3542 &pPolicyStatus->lElementIndex);
3543 }
3544 else
3545 pPolicyStatus->dwError = NO_ERROR;
3546 /* We only need bother checking whether the name in the end certificate
3547 * matches if the chain is otherwise okay.
3548 */
3549 if (!pPolicyStatus->dwError && pPolicyPara &&
3550 pPolicyPara->cbSize >= sizeof(CERT_CHAIN_POLICY_PARA))
3551 {
3552 if (sslPara && sslPara->u.cbSize >= sizeof(HTTPSPolicyCallbackData))
3553 {
3554 if (sslPara->dwAuthType == AUTHTYPE_SERVER &&
3555 sslPara->pwszServerName &&
3556 !(checks & SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
3557 {
3558 PCCERT_CONTEXT cert;
3559 PCERT_EXTENSION altNameExt;
3560 BOOL matches;
3561
3562 cert = pChainContext->rgpChain[0]->rgpElement[0]->pCertContext;
3563 altNameExt = get_subject_alt_name_ext(cert->pCertInfo);
3564 /* If the alternate name extension exists, the name it contains
3565 * is bound to the certificate, so make sure the name matches
3566 * it. Otherwise, look for the server name in the subject
3567 * distinguished name. RFC5280, section 4.2.1.6:
3568 * "Whenever such identities are to be bound into a
3569 * certificate, the subject alternative name (or issuer
3570 * alternative name) extension MUST be used; however, a DNS
3571 * name MAY also be represented in the subject field using the
3572 * domainComponent attribute."
3573 */
3574 if (altNameExt)
3575 matches = match_dns_to_subject_alt_name(altNameExt,
3576 sslPara->pwszServerName);
3577 else
3578 matches = match_dns_to_subject_dn(cert,
3579 sslPara->pwszServerName);
3580 if (!matches)
3581 {
3582 pPolicyStatus->dwError = CERT_E_CN_NO_MATCH;
3583 pPolicyStatus->lChainIndex = 0;
3584 pPolicyStatus->lElementIndex = 0;
3585 }
3586 }
3587 }
3588 }
3589 return TRUE;
3590 }
3591
3592 static BYTE msPubKey1[] = {
3593 0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,
3594 0x64,0x9b,0xf5,0x89,0xaf,0x28,0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,
3595 0xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce,0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,
3596 0x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32,0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,
3597 0xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09,0xc9,0x2c,0x6f,0xa6,0xc2,0x60,
3598 0x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2,0x59,0x56,0x24,0xf3,0xe5,
3599 0x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a,0x71,0x50,0x1d,0x2d,
3600 0xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32,0x07,0xe1,0x61,
3601 0x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b,0xd1,0x3e,
3602 0x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1,0x94,
3603 0xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb,
3604 0x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,
3605 0x8e,0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,
3606 0xbd,0x3d,0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,
3607 0x61,0x98,0x65,0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,
3608 0x63,0xa9,0x30,0x40,0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,
3609 0x0b,0x87,0xff,0xc9,0xbe,0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,
3610 0x09,0x88,0x7b,0xcd,0x72,0xbc,0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01 };
3611 static BYTE msPubKey2[] = {
3612 0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,
3613 0x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78,0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,
3614 0x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d,0xa2,0x20,0x3e,0x7c,0x51,0xa2,
3615 0x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79,0xee,0xac,0x76,0xc9,0x54,
3616 0xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3,0xc5,0x6b,0x7a,0x62,
3617 0x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf,0x2d,0x66,0x9a,
3618 0x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1,0x46,0xe7,
3619 0x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3,0x84,
3620 0x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9,
3621 0x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,
3622 0x2b,0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,
3623 0x87,0xf7,0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,
3624 0xbf,0x3a,0xec,0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,
3625 0xcc,0x96,0x09,0x28,0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,
3626 0x3c,0x56,0xff,0x5b,0xfb,0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,
3627 0xb6,0x3b,0x5e,0x16,0x81,0x77,0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,
3628 0xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c,0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,
3629 0xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13,0x85,0xdf,0x02,0x03,0x01,0x00,0x01 };
3630 static BYTE msPubKey3[] = {
3631 0x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,
3632 0x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35,0x08,0x3c,0x75,0x84,0xcd,0xb7,
3633 0x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa,0x91,0x68,0x5a,0x9e,0x94,
3634 0x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94,0x0e,0x58,0xfa,0x04,
3635 0x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b,0x93,0xe5,0x9d,
3636 0x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e,0xe1,0x09,
3637 0x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3,0xae,
3638 0x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7,
3639 0xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,
3640 0xe4,0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,
3641 0x91,0xb4,0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,
3642 0x6d,0xaf,0x90,0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,
3643 0xb7,0xe1,0x11,0x60,0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,
3644 0xd5,0xc3,0x7e,0xe5,0x92,0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,
3645 0xf3,0xb5,0x6e,0xf8,0x9f,0x33,0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,
3646 0xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3,0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,
3647 0x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12,0x33,0x95,0x31,0x99,0xc8,0x35,0x08,
3648 0x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63,0x32,0x59,0x40,0x36,0xc0,0xa5,
3649 0x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58,0xbf,0xef,0x3f,0x53,0x64,
3650 0xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04,0x4d,0x9e,0xd6,0x38,
3651 0x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5,0x4b,0x6f,0xb0,
3652 0x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3,0x61,0xb9,
3653 0x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f,0x28,
3654 0x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc,
3655 0x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,
3656 0xdb,0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,
3657 0xce,0x53,0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,
3658 0x90,0xdf,0x81,0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,
3659 0x31,0xbb,0x06,0x2d,0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,
3660 0xeb,0x15,0xd5,0x24,0xa5,0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,
3661 0x5b,0xfc,0xd1,0x33,0x00,0xf9,0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,
3662 0x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b,0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,
3663 0xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde,0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,
3664 0x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04,0x26,0x7c,0xd4,0x16,0x40,0xe5,
3665 0xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1,0x35,0x02,0x03,0x01,0x00,
3666 0x01 };
3667
3668 static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID,
3669 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3670 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
3671 {
3672 BOOL ret = verify_base_policy(szPolicyOID, pChainContext, pPolicyPara,
3673 pPolicyStatus);
3674
3675 if (ret && !pPolicyStatus->dwError)
3676 {
3677 CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
3678 BOOL isMSRoot = FALSE;
3679 DWORD i;
3680 CRYPT_DATA_BLOB keyBlobs[] = {
3681 { sizeof(msPubKey1), msPubKey1 },
3682 { sizeof(msPubKey2), msPubKey2 },
3683 { sizeof(msPubKey3), msPubKey3 },
3684 };
3685 PCERT_SIMPLE_CHAIN rootChain =
3686 pChainContext->rgpChain[pChainContext->cChain -1 ];
3687 PCCERT_CONTEXT root =
3688 rootChain->rgpElement[rootChain->cElement - 1]->pCertContext;
3689
3690 for (i = 0; !isMSRoot && i < sizeof(keyBlobs) / sizeof(keyBlobs[0]);
3691 i++)
3692 {
3693 msPubKey.PublicKey.cbData = keyBlobs[i].cbData;
3694 msPubKey.PublicKey.pbData = keyBlobs[i].pbData;
3695 if (CertComparePublicKeyInfo(
3696 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
3697 &root->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
3698 isMSRoot = TRUE;
3699 }
3700 if (isMSRoot)
3701 pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = 0;
3702 }
3703 return ret;
3704 }
3705
3706 typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID,
3707 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3708 PCERT_CHAIN_POLICY_STATUS pPolicyStatus);
3709
3710 static void dump_policy_para(PCERT_CHAIN_POLICY_PARA para)
3711 {
3712 if (para)
3713 {
3714 TRACE_(chain)("cbSize = %d\n", para->cbSize);
3715 TRACE_(chain)("dwFlags = %08x\n", para->dwFlags);
3716 TRACE_(chain)("pvExtraPolicyPara = %p\n", para->pvExtraPolicyPara);
3717 }
3718 }
3719
3720 BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID,
3721 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
3722 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
3723 {
3724 static HCRYPTOIDFUNCSET set = NULL;
3725 BOOL ret = FALSE;
3726 CertVerifyCertificateChainPolicyFunc verifyPolicy = NULL;
3727 HCRYPTOIDFUNCADDR hFunc = NULL;
3728
3729 TRACE("(%s, %p, %p, %p)\n", debugstr_a(szPolicyOID), pChainContext,
3730 pPolicyPara, pPolicyStatus);
3731 if (TRACE_ON(chain))
3732 dump_policy_para(pPolicyPara);
3733
3734 if (IS_INTOID(szPolicyOID))
3735 {
3736 switch (LOWORD(szPolicyOID))
3737 {
3738 case LOWORD(CERT_CHAIN_POLICY_BASE):
3739 verifyPolicy = verify_base_policy;
3740 break;
3741 case LOWORD(CERT_CHAIN_POLICY_AUTHENTICODE):
3742 verifyPolicy = verify_authenticode_policy;
3743 break;
3744 case LOWORD(CERT_CHAIN_POLICY_SSL):
3745 verifyPolicy = verify_ssl_policy;
3746 break;
3747 case LOWORD(CERT_CHAIN_POLICY_BASIC_CONSTRAINTS):
3748 verifyPolicy = verify_basic_constraints_policy;
3749 break;
3750 case LOWORD(CERT_CHAIN_POLICY_MICROSOFT_ROOT):
3751 verifyPolicy = verify_ms_root_policy;
3752 break;
3753 default:
3754 FIXME("unimplemented for %d\n", LOWORD(szPolicyOID));
3755 }
3756 }
3757 if (!verifyPolicy)
3758 {
3759 if (!set)
3760 set = CryptInitOIDFunctionSet(
3761 CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC, 0);
3762 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, szPolicyOID, 0,
3763 (void **)&verifyPolicy, &hFunc);
3764 }
3765 if (verifyPolicy)
3766 ret = verifyPolicy(szPolicyOID, pChainContext, pPolicyPara,
3767 pPolicyStatus);
3768 if (hFunc)
3769 CryptFreeOIDFunctionAddress(hFunc, 0);
3770 TRACE("returning %d (%08x)\n", ret, pPolicyStatus->dwError);
3771 return ret;
3772 }
Maarten's multimedia branch