search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whethe...
[wine/multimedia.git] / dlls / crypt32 / crl.c
blob9e7fe9d1080ac0bf6f839ba7182f2db327fd18aa
1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #define NONAMELESSUNION
23 #include "windef.h"
24 #include "winbase.h"
25 #include "wincrypt.h"
26 #include "wine/debug.h"
27 #include "wine/unicode.h"
28 #include "crypt32_private.h"
29
30 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
31
32 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
33 const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
34 {
35 PCRL_CONTEXT crl = NULL;
36 BOOL ret;
37 PCRL_INFO crlInfo = NULL;
38 DWORD size = 0;
39
40 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
41 cbCrlEncoded);
42
43 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
44 {
45 SetLastError(E_INVALIDARG);
46 return NULL;
47 }
48 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
49 pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
50 &crlInfo, &size);
51 if (ret)
52 {
53 BYTE *data = NULL;
54
55 crl = Context_CreateDataContext(sizeof(CRL_CONTEXT));
56 if (!crl)
57 goto end;
58 data = CryptMemAlloc(cbCrlEncoded);
59 if (!data)
60 {
61 CryptMemFree(crl);
62 crl = NULL;
63 goto end;
64 }
65 memcpy(data, pbCrlEncoded, cbCrlEncoded);
66 crl->dwCertEncodingType = dwCertEncodingType;
67 crl->pbCrlEncoded = data;
68 crl->cbCrlEncoded = cbCrlEncoded;
69 crl->pCrlInfo = crlInfo;
70 crl->hCertStore = 0;
71 }
72
73 end:
74 return crl;
75 }
76
77 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
78 DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
79 DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
80 {
81 PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
82 pbCrlEncoded, cbCrlEncoded);
83 BOOL ret;
84
85 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
86 pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
87
88 if (crl)
89 {
90 ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
91 ppCrlContext);
92 CertFreeCRLContext(crl);
93 }
94 else
95 ret = FALSE;
96 return ret;
97 }
98
99 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
100 DWORD dwFlags, const void *pvPara);
101
102 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
103 DWORD dwFlags, const void *pvPara)
104 {
105 return TRUE;
106 }
107
108 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
109 DWORD dwFlags, const void *pvPara)
110 {
111 BOOL ret;
112
113 if (pvPara)
114 {
115 PCCERT_CONTEXT issuer = pvPara;
116
117 ret = CertCompareCertificateName(issuer->dwCertEncodingType,
118 &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
119 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_SIGNATURE_FLAG))
120 ret = CryptVerifyCertificateSignatureEx(0,
121 issuer->dwCertEncodingType,
122 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
123 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
124 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
125 {
126 PCERT_EXTENSION aki = CertFindExtension(
127 szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
128 pCrlContext->pCrlInfo->rgExtension);
129
130 if (aki)
131 {
132 CERT_EXTENSION *ski;
133
134 if ((ski = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER,
135 issuer->pCertInfo->cExtension,
136 issuer->pCertInfo->rgExtension)))
137 {
138 if (aki->Value.cbData == ski->Value.cbData)
139 ret = !memcmp(aki->Value.pbData, ski->Value.pbData,
140 aki->Value.cbData);
141 else
142 ret = FALSE;
143 }
144 else
145 ret = FALSE;
146 }
147 /* else: a CRL without an AKI matches any cert */
148 }
149 }
150 else
151 ret = TRUE;
152 return ret;
153 }
154
155 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
156 DWORD dwFlags, const void *pvPara)
157 {
158 BOOL ret;
159
160 if (pvPara)
161 {
162 PCCRL_CONTEXT crl = pvPara;
163
164 ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
165 &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
166 }
167 else
168 ret = TRUE;
169 return ret;
170 }
171
172 static BOOL compare_crl_issued_for(PCCRL_CONTEXT pCrlContext, DWORD dwType,
173 DWORD dwFlags, const void *pvPara)
174 {
175 const CRL_FIND_ISSUED_FOR_PARA *para = pvPara;
176 BOOL ret;
177
178 ret = CertCompareCertificateName(para->pIssuerCert->dwCertEncodingType,
179 &para->pIssuerCert->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
180 return ret;
181 }
182
183 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
184 DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
185 const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
186 {
187 PCCRL_CONTEXT ret;
188 CrlCompareFunc compare;
189
190 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
191 dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
192
193 switch (dwFindType)
194 {
195 case CRL_FIND_ANY:
196 compare = compare_crl_any;
197 break;
198 case CRL_FIND_ISSUED_BY:
199 compare = compare_crl_issued_by;
200 break;
201 case CRL_FIND_EXISTING:
202 compare = compare_crl_existing;
203 break;
204 case CRL_FIND_ISSUED_FOR:
205 compare = compare_crl_issued_for;
206 break;
207 default:
208 FIXME("find type %08x unimplemented\n", dwFindType);
209 compare = NULL;
210 }
211
212 if (compare)
213 {
214 BOOL matches = FALSE;
215
216 ret = pPrevCrlContext;
217 do {
218 ret = CertEnumCRLsInStore(hCertStore, ret);
219 if (ret)
220 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
221 } while (ret != NULL && !matches);
222 if (!ret)
223 SetLastError(CRYPT_E_NOT_FOUND);
224 }
225 else
226 {
227 SetLastError(CRYPT_E_NOT_FOUND);
228 ret = NULL;
229 }
230 return ret;
231 }
232
233 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
234 PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
235 {
236 static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
237 CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
238 CERT_STORE_DELTA_CRL_FLAG;
239 PCCRL_CONTEXT ret;
240
241 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
242 *pdwFlags);
243
244 if (*pdwFlags & ~supportedFlags)
245 {
246 SetLastError(E_INVALIDARG);
247 return NULL;
248 }
249 if (pIssuerContext)
250 ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
251 0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
252 else
253 ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
254 pPrevCrlContext);
255 if (ret)
256 {
257 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
258 {
259 if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
260 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
261 }
262 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
263 {
264 if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
265 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
266 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
267 NULL))
268 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
269 }
270 }
271 return ret;
272 }
273
274 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
275 {
276 TRACE("(%p)\n", pCrlContext);
277 if (pCrlContext)
278 Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
279 return pCrlContext;
280 }
281
282 static void CrlDataContext_Free(void *context)
283 {
284 PCRL_CONTEXT crlContext = context;
285
286 CryptMemFree(crlContext->pbCrlEncoded);
287 LocalFree(crlContext->pCrlInfo);
288 }
289
290 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
291 {
292 BOOL ret = TRUE;
293
294 TRACE("(%p)\n", pCrlContext);
295
296 if (pCrlContext)
297 ret = Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
298 CrlDataContext_Free);
299 return ret;
300 }
301
302 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
303 DWORD dwPropId)
304 {
305 PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
306 pCRLContext, sizeof(CRL_CONTEXT));
307 DWORD ret;
308
309 TRACE("(%p, %d)\n", pCRLContext, dwPropId);
310
311 if (properties)
312 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
313 else
314 ret = 0;
315 return ret;
316 }
317
318 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
319 DWORD dwFlags, const void *pvData);
320
321 static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
322 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
323 DWORD *pcbData)
324 {
325 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
326 pcbData);
327 if (ret && pvData)
328 {
329 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
330
331 ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
332 }
333 return ret;
334 }
335
336 static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
337 void *pvData, DWORD *pcbData)
338 {
339 PCONTEXT_PROPERTY_LIST properties =
340 Context_GetProperties(context, sizeof(CRL_CONTEXT));
341 BOOL ret;
342 CRYPT_DATA_BLOB blob;
343
344 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
345
346 if (properties)
347 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
348 else
349 ret = FALSE;
350 if (ret)
351 {
352 if (!pvData)
353 *pcbData = blob.cbData;
354 else if (*pcbData < blob.cbData)
355 {
356 SetLastError(ERROR_MORE_DATA);
357 *pcbData = blob.cbData;
358 ret = FALSE;
359 }
360 else
361 {
362 memcpy(pvData, blob.pbData, blob.cbData);
363 *pcbData = blob.cbData;
364 }
365 }
366 else
367 {
368 /* Implicit properties */
369 switch (dwPropId)
370 {
371 case CERT_SHA1_HASH_PROP_ID:
372 ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
373 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
374 pcbData);
375 break;
376 case CERT_MD5_HASH_PROP_ID:
377 ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
378 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
379 pcbData);
380 break;
381 default:
382 SetLastError(CRYPT_E_NOT_FOUND);
383 }
384 }
385 TRACE("returning %d\n", ret);
386 return ret;
387 }
388
389 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
390 DWORD dwPropId, void *pvData, DWORD *pcbData)
391 {
392 BOOL ret;
393
394 TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
395
396 switch (dwPropId)
397 {
398 case 0:
399 case CERT_CERT_PROP_ID:
400 case CERT_CRL_PROP_ID:
401 case CERT_CTL_PROP_ID:
402 SetLastError(E_INVALIDARG);
403 ret = FALSE;
404 break;
405 case CERT_ACCESS_STATE_PROP_ID:
406 if (!pvData)
407 {
408 *pcbData = sizeof(DWORD);
409 ret = TRUE;
410 }
411 else if (*pcbData < sizeof(DWORD))
412 {
413 SetLastError(ERROR_MORE_DATA);
414 *pcbData = sizeof(DWORD);
415 ret = FALSE;
416 }
417 else
418 {
419 if (pCRLContext->hCertStore)
420 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
421 pvData, pcbData);
422 else
423 *(DWORD *)pvData = 0;
424 ret = TRUE;
425 }
426 break;
427 default:
428 ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
429 pcbData);
430 }
431 return ret;
432 }
433
434 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
435 DWORD dwFlags, const void *pvData)
436 {
437 PCONTEXT_PROPERTY_LIST properties =
438 Context_GetProperties(context, sizeof(CRL_CONTEXT));
439 BOOL ret;
440
441 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
442
443 if (!properties)
444 ret = FALSE;
445 else if (!pvData)
446 {
447 ContextPropertyList_RemoveProperty(properties, dwPropId);
448 ret = TRUE;
449 }
450 else
451 {
452 switch (dwPropId)
453 {
454 case CERT_AUTO_ENROLL_PROP_ID:
455 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
456 case CERT_DESCRIPTION_PROP_ID:
457 case CERT_FRIENDLY_NAME_PROP_ID:
458 case CERT_HASH_PROP_ID:
459 case CERT_KEY_IDENTIFIER_PROP_ID:
460 case CERT_MD5_HASH_PROP_ID:
461 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
462 case CERT_PUBKEY_ALG_PARA_PROP_ID:
463 case CERT_PVK_FILE_PROP_ID:
464 case CERT_SIGNATURE_HASH_PROP_ID:
465 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
466 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
467 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
468 case CERT_ENROLLMENT_PROP_ID:
469 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
470 case CERT_RENEWAL_PROP_ID:
471 {
472 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
473
474 ret = ContextPropertyList_SetProperty(properties, dwPropId,
475 blob->pbData, blob->cbData);
476 break;
477 }
478 case CERT_DATE_STAMP_PROP_ID:
479 ret = ContextPropertyList_SetProperty(properties, dwPropId,
480 pvData, sizeof(FILETIME));
481 break;
482 default:
483 FIXME("%d: stub\n", dwPropId);
484 ret = FALSE;
485 }
486 }
487 TRACE("returning %d\n", ret);
488 return ret;
489 }
490
491 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
492 DWORD dwPropId, DWORD dwFlags, const void *pvData)
493 {
494 BOOL ret;
495
496 TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
497
498 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
499 * crashes on most of these, I'll be safer.
500 */
501 switch (dwPropId)
502 {
503 case 0:
504 case CERT_ACCESS_STATE_PROP_ID:
505 case CERT_CERT_PROP_ID:
506 case CERT_CRL_PROP_ID:
507 case CERT_CTL_PROP_ID:
508 SetLastError(E_INVALIDARG);
509 return FALSE;
510 }
511 ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
512 TRACE("returning %d\n", ret);
513 return ret;
514 }
515
516 static BOOL compare_dist_point_name(const CRL_DIST_POINT_NAME *name1,
517 const CRL_DIST_POINT_NAME *name2)
518 {
519 BOOL match;
520
521 if (name1->dwDistPointNameChoice == name2->dwDistPointNameChoice)
522 {
523 match = TRUE;
524 if (name1->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
525 {
526 if (name1->u.FullName.cAltEntry == name2->u.FullName.cAltEntry)
527 {
528 DWORD i;
529
530 for (i = 0; match && i < name1->u.FullName.cAltEntry; i++)
531 {
532 const CERT_ALT_NAME_ENTRY *entry1 =
533 &name1->u.FullName.rgAltEntry[i];
534 const CERT_ALT_NAME_ENTRY *entry2 =
535 &name2->u.FullName.rgAltEntry[i];
536
537 if (entry1->dwAltNameChoice == entry2->dwAltNameChoice)
538 {
539 switch (entry1->dwAltNameChoice)
540 {
541 case CERT_ALT_NAME_URL:
542 match = !strcmpiW(entry1->u.pwszURL,
543 entry2->u.pwszURL);
544 break;
545 case CERT_ALT_NAME_DIRECTORY_NAME:
546 match = (entry1->u.DirectoryName.cbData ==
547 entry2->u.DirectoryName.cbData) &&
548 !memcmp(entry1->u.DirectoryName.pbData,
549 entry2->u.DirectoryName.pbData,
550 entry1->u.DirectoryName.cbData);
551 break;
552 default:
553 FIXME("unimplemented for type %d\n",
554 entry1->dwAltNameChoice);
555 match = FALSE;
556 }
557 }
558 else
559 match = FALSE;
560 }
561 }
562 else
563 match = FALSE;
564 }
565 }
566 else
567 match = FALSE;
568 return match;
569 }
570
571 static BOOL match_dist_point_with_issuing_dist_point(
572 const CRL_DIST_POINT *distPoint, const CRL_ISSUING_DIST_POINT *idp)
573 {
574 BOOL match;
575
576 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
577 * CRL distribution points by reasons, it doesn't preclude doing so.
578 * "This profile RECOMMENDS against segmenting CRLs by reason code."
579 * If the issuing distribution point for this CRL is only valid for
580 * some reasons, only match if the reasons covered also match the
581 * reasons in the CRL distribution point.
582 */
583 if (idp->OnlySomeReasonFlags.cbData)
584 {
585 if (idp->OnlySomeReasonFlags.cbData == distPoint->ReasonFlags.cbData)
586 {
587 DWORD i;
588
589 match = TRUE;
590 for (i = 0; match && i < distPoint->ReasonFlags.cbData; i++)
591 if (idp->OnlySomeReasonFlags.pbData[i] !=
592 distPoint->ReasonFlags.pbData[i])
593 match = FALSE;
594 }
595 else
596 match = FALSE;
597 }
598 else
599 match = TRUE;
600 if (match)
601 match = compare_dist_point_name(&idp->DistPointName,
602 &distPoint->DistPointName);
603 return match;
604 }
605
606 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
607 PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
608 {
609 PCERT_EXTENSION ext;
610 BOOL ret;
611
612 TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
613
614 if (!pCert)
615 return TRUE;
616
617 if ((ext = CertFindExtension(szOID_ISSUING_DIST_POINT,
618 pCrl->pCrlInfo->cExtension, pCrl->pCrlInfo->rgExtension)))
619 {
620 CRL_ISSUING_DIST_POINT *idp;
621 DWORD size;
622
623 if ((ret = CryptDecodeObjectEx(pCrl->dwCertEncodingType,
624 X509_ISSUING_DIST_POINT, ext->Value.pbData, ext->Value.cbData,
625 CRYPT_DECODE_ALLOC_FLAG, NULL, &idp, &size)))
626 {
627 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
628 pCert->pCertInfo->cExtension, pCert->pCertInfo->rgExtension)))
629 {
630 CRL_DIST_POINTS_INFO *distPoints;
631
632 if ((ret = CryptDecodeObjectEx(pCert->dwCertEncodingType,
633 X509_CRL_DIST_POINTS, ext->Value.pbData, ext->Value.cbData,
634 CRYPT_DECODE_ALLOC_FLAG, NULL, &distPoints, &size)))
635 {
636 DWORD i;
637
638 ret = FALSE;
639 for (i = 0; !ret && i < distPoints->cDistPoint; i++)
640 ret = match_dist_point_with_issuing_dist_point(
641 &distPoints->rgDistPoint[i], idp);
642 if (!ret)
643 SetLastError(CRYPT_E_NO_MATCH);
644 LocalFree(distPoints);
645 }
646 }
647 else
648 {
649 /* no CRL dist points extension in cert, can't match the CRL
650 * (which has an issuing dist point extension)
651 */
652 ret = FALSE;
653 SetLastError(CRYPT_E_NO_MATCH);
654 }
655 LocalFree(idp);
656 }
657 }
658 else
659 ret = TRUE;
660 return ret;
661 }
662
663 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
664 {
665 DWORD i;
666 PCRL_ENTRY entry = NULL;
667
668 for (i = 0; !entry && i < crl->cCRLEntry; i++)
669 if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
670 &cert->SerialNumber))
671 entry = &crl->rgCRLEntry[i];
672 return entry;
673 }
674
675 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
676 PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
677 PCRL_ENTRY *ppCrlEntry)
678 {
679 TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
680 ppCrlEntry);
681
682 *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
683 pCrlContext->pCrlInfo);
684 return TRUE;
685 }
686
687 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
688 PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
689 {
690 DWORD i;
691 PCRL_ENTRY entry = NULL;
692
693 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
694 rgpCrlInfo);
695
696 for (i = 0; !entry && i < cCrlInfo; i++)
697 entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
698 return entry == NULL;
699 }
700
701 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
702 PCRL_INFO pCrlInfo)
703 {
704 FILETIME fileTime;
705 LONG ret;
706
707 if (!pTimeToVerify)
708 {
709 GetSystemTimeAsFileTime(&fileTime);
710 pTimeToVerify = &fileTime;
711 }
712 if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
713 {
714 ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
715 if (ret < 0)
716 ret = 0;
717 }
718 return ret;
719 }
Maarten's multimedia branch