search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wininet: Support Punycode in RetrieveUrlCacheEntryStream.
[wine/multimedia.git] / dlls / cryptnet / cryptnet_main.c
blobda66e664d4cd888b8b5fe1c32d6986c1cce7569b
1 /*
2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #include "config.h"
22 #include "wine/port.h"
23
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
27
28 #include <stdio.h>
29 #include <stdarg.h>
30
31 #include "windef.h"
32 #include "winbase.h"
33 #include "winnt.h"
34 #include "winnls.h"
35 #include "wininet.h"
36 #include "objbase.h"
37 #include "wincrypt.h"
38
39 #include "wine/debug.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
42
43 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
44
45 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
46 'd','l','l',0 };
47
48 /***********************************************************************
49 * DllRegisterServer (CRYPTNET.@)
50 */
51 HRESULT WINAPI DllRegisterServer(void)
52 {
53 TRACE("\n");
54 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
55 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
56 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
57 cryptNet, "LdapProvOpenStore");
58 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
59 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
60 return S_OK;
61 }
62
63 /***********************************************************************
64 * DllUnregisterServer (CRYPTNET.@)
65 */
66 HRESULT WINAPI DllUnregisterServer(void)
67 {
68 TRACE("\n");
69 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
70 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
71 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
72 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
73 CERT_STORE_PROV_LDAP_W);
74 return S_OK;
75 }
76
77 static const char *url_oid_to_str(LPCSTR oid)
78 {
79 if (IS_INTOID(oid))
80 {
81 static char buf[10];
82
83 switch (LOWORD(oid))
84 {
85 #define _x(oid) case LOWORD(oid): return #oid
86 _x(URL_OID_CERTIFICATE_ISSUER);
87 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
88 _x(URL_OID_CTL_ISSUER);
89 _x(URL_OID_CTL_NEXT_UPDATE);
90 _x(URL_OID_CRL_ISSUER);
91 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
92 _x(URL_OID_CRL_FRESHEST_CRL);
93 _x(URL_OID_CROSS_CERT_DIST_POINT);
94 #undef _x
95 default:
96 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
97 return buf;
98 }
99 }
100 else
101 return oid;
102 }
103
104 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
105 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
106
107 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
108 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
109 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
110 {
111 PCCERT_CONTEXT cert = pvPara;
112 PCERT_EXTENSION ext;
113 BOOL ret = FALSE;
114
115 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
116 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
117 {
118 SetLastError(CRYPT_E_NOT_FOUND);
119 return FALSE;
120 }
121 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
122 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
123 {
124 CERT_AUTHORITY_INFO_ACCESS *aia;
125 DWORD size;
126
127 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
128 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
129 &aia, &size);
130 if (ret)
131 {
132 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
133
134 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
135 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
136 szOID_PKIX_CA_ISSUERS))
137 {
138 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
139 CERT_ALT_NAME_URL)
140 {
141 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
142 {
143 cUrl++;
144 bytesNeeded += sizeof(LPWSTR) +
145 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
146 pwszURL) + 1) * sizeof(WCHAR);
147 }
148 }
149 else
150 FIXME("unsupported alt name type %d\n",
151 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
152 }
153 if (!pcbUrlArray)
154 {
155 SetLastError(E_INVALIDARG);
156 ret = FALSE;
157 }
158 else if (!pUrlArray)
159 *pcbUrlArray = bytesNeeded;
160 else if (*pcbUrlArray < bytesNeeded)
161 {
162 SetLastError(ERROR_MORE_DATA);
163 *pcbUrlArray = bytesNeeded;
164 ret = FALSE;
165 }
166 else
167 {
168 LPWSTR nextUrl;
169
170 *pcbUrlArray = bytesNeeded;
171 pUrlArray->cUrl = 0;
172 pUrlArray->rgwszUrl =
173 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
174 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
175 + cUrl * sizeof(LPWSTR));
176 for (i = 0; i < aia->cAccDescr; i++)
177 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
178 szOID_PKIX_CA_ISSUERS))
179 {
180 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
181 == CERT_ALT_NAME_URL)
182 {
183 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
184 {
185 lstrcpyW(nextUrl,
186 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
187 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
188 nextUrl;
189 nextUrl += (lstrlenW(nextUrl) + 1);
190 }
191 }
192 }
193 }
194 if (ret)
195 {
196 if (pcbUrlInfo)
197 {
198 FIXME("url info: stub\n");
199 if (!pUrlInfo)
200 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
201 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
202 {
203 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
204 SetLastError(ERROR_MORE_DATA);
205 ret = FALSE;
206 }
207 else
208 {
209 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
210 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
211 }
212 }
213 }
214 LocalFree(aia);
215 }
216 }
217 else
218 SetLastError(CRYPT_E_NOT_FOUND);
219 return ret;
220 }
221
222 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
223 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
224 DWORD *pcbUrlInfo)
225 {
226 BOOL ret;
227 CRL_DIST_POINTS_INFO *info;
228 DWORD size;
229
230 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
231 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
232 if (ret)
233 {
234 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
235
236 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
237 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
238 == CRL_DIST_POINT_FULL_NAME)
239 {
240 DWORD j;
241 CERT_ALT_NAME_INFO *name =
242 &info->rgDistPoint[i].DistPointName.u.FullName;
243
244 for (j = 0; j < name->cAltEntry; j++)
245 if (name->rgAltEntry[j].dwAltNameChoice ==
246 CERT_ALT_NAME_URL)
247 {
248 if (name->rgAltEntry[j].u.pwszURL)
249 {
250 cUrl++;
251 bytesNeeded += sizeof(LPWSTR) +
252 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
253 * sizeof(WCHAR);
254 }
255 }
256 }
257 if (!pcbUrlArray)
258 {
259 SetLastError(E_INVALIDARG);
260 ret = FALSE;
261 }
262 else if (!pUrlArray)
263 *pcbUrlArray = bytesNeeded;
264 else if (*pcbUrlArray < bytesNeeded)
265 {
266 SetLastError(ERROR_MORE_DATA);
267 *pcbUrlArray = bytesNeeded;
268 ret = FALSE;
269 }
270 else
271 {
272 LPWSTR nextUrl;
273
274 *pcbUrlArray = bytesNeeded;
275 pUrlArray->cUrl = 0;
276 pUrlArray->rgwszUrl =
277 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
278 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
279 + cUrl * sizeof(LPWSTR));
280 for (i = 0; i < info->cDistPoint; i++)
281 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
282 == CRL_DIST_POINT_FULL_NAME)
283 {
284 DWORD j;
285 CERT_ALT_NAME_INFO *name =
286 &info->rgDistPoint[i].DistPointName.u.FullName;
287
288 for (j = 0; j < name->cAltEntry; j++)
289 if (name->rgAltEntry[j].dwAltNameChoice ==
290 CERT_ALT_NAME_URL)
291 {
292 if (name->rgAltEntry[j].u.pwszURL)
293 {
294 lstrcpyW(nextUrl,
295 name->rgAltEntry[j].u.pwszURL);
296 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
297 nextUrl;
298 nextUrl +=
299 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
300 }
301 }
302 }
303 }
304 if (ret)
305 {
306 if (pcbUrlInfo)
307 {
308 FIXME("url info: stub\n");
309 if (!pUrlInfo)
310 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
311 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
312 {
313 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
314 SetLastError(ERROR_MORE_DATA);
315 ret = FALSE;
316 }
317 else
318 {
319 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
320 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
321 }
322 }
323 }
324 LocalFree(info);
325 }
326 return ret;
327 }
328
329 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
330 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
331 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
332 {
333 PCCERT_CONTEXT cert = pvPara;
334 PCERT_EXTENSION ext;
335 BOOL ret = FALSE;
336
337 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
338 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
339 {
340 SetLastError(CRYPT_E_NOT_FOUND);
341 return FALSE;
342 }
343 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
344 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
345 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
346 pcbUrlArray, pUrlInfo, pcbUrlInfo);
347 else
348 SetLastError(CRYPT_E_NOT_FOUND);
349 return ret;
350 }
351
352 /***********************************************************************
353 * CryptGetObjectUrl (CRYPTNET.@)
354 */
355 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
356 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
357 DWORD *pcbUrlInfo, LPVOID pvReserved)
358 {
359 UrlDllGetObjectUrlFunc func = NULL;
360 HCRYPTOIDFUNCADDR hFunc = NULL;
361 BOOL ret = FALSE;
362
363 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
364 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
365
366 if (IS_INTOID(pszUrlOid))
367 {
368 switch (LOWORD(pszUrlOid))
369 {
370 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
371 func = CRYPT_GetUrlFromCertificateIssuer;
372 break;
373 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
374 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
375 break;
376 default:
377 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
378 SetLastError(ERROR_FILE_NOT_FOUND);
379 }
380 }
381 else
382 {
383 static HCRYPTOIDFUNCSET set = NULL;
384
385 if (!set)
386 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
387 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
388 (void **)&func, &hFunc);
389 }
390 if (func)
391 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
392 pUrlInfo, pcbUrlInfo, pvReserved);
393 if (hFunc)
394 CryptFreeOIDFunctionAddress(hFunc, 0);
395 return ret;
396 }
397
398 /***********************************************************************
399 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
400 */
401 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
402 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
403 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
404 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
405 {
406 BOOL ret = FALSE;
407 int len;
408
409 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
410 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
411 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
412
413 if (!pszURL)
414 {
415 SetLastError(ERROR_INVALID_PARAMETER);
416 return FALSE;
417 }
418 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
419 if (len)
420 {
421 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
422
423 if (url)
424 {
425 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
426 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
427 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
428 pCredentials, pvVerify, pAuxInfo);
429 CryptMemFree(url);
430 }
431 else
432 SetLastError(ERROR_OUTOFMEMORY);
433 }
434 return ret;
435 }
436
437 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
438 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
439 {
440 DWORD i;
441
442 for (i = 0; i < pObject->cBlob; i++)
443 CryptMemFree(pObject->rgBlob[i].pbData);
444 CryptMemFree(pObject->rgBlob);
445 }
446
447 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
448 {
449 BOOL ret;
450 LARGE_INTEGER size;
451
452 if ((ret = GetFileSizeEx(hFile, &size)))
453 {
454 if (size.u.HighPart)
455 {
456 WARN("file too big\n");
457 SetLastError(ERROR_INVALID_DATA);
458 ret = FALSE;
459 }
460 else
461 {
462 CRYPT_DATA_BLOB blob;
463
464 blob.pbData = CryptMemAlloc(size.u.LowPart);
465 if (blob.pbData)
466 {
467 blob.cbData = size.u.LowPart;
468 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
469 NULL);
470 if (ret)
471 {
472 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
473 if (pObject->rgBlob)
474 {
475 pObject->cBlob = 1;
476 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
477 }
478 else
479 {
480 SetLastError(ERROR_OUTOFMEMORY);
481 ret = FALSE;
482 }
483 }
484 if (!ret)
485 CryptMemFree(blob.pbData);
486 }
487 else
488 {
489 SetLastError(ERROR_OUTOFMEMORY);
490 ret = FALSE;
491 }
492 }
493 }
494 return ret;
495 }
496
497 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
498 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
499 {
500 BOOL ret = FALSE;
501 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
502 DWORD size = 0;
503
504 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
505
506 RetrieveUrlCacheEntryFileW(pszURL, NULL, &size, 0);
507 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
508 return FALSE;
509
510 pCacheInfo = CryptMemAlloc(size);
511 if (!pCacheInfo)
512 {
513 SetLastError(ERROR_OUTOFMEMORY);
514 return FALSE;
515 }
516
517 if ((ret = RetrieveUrlCacheEntryFileW(pszURL, pCacheInfo, &size, 0)))
518 {
519 FILETIME ft;
520
521 GetSystemTimeAsFileTime(&ft);
522 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
523 {
524 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName, GENERIC_READ,
525 FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
526
527 if (hFile != INVALID_HANDLE_VALUE)
528 {
529 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
530 {
531 if (pAuxInfo && pAuxInfo->cbSize >=
532 offsetof(CRYPT_RETRIEVE_AUX_INFO,
533 pLastSyncTime) + sizeof(PFILETIME) &&
534 pAuxInfo->pLastSyncTime)
535 memcpy(pAuxInfo->pLastSyncTime,
536 &pCacheInfo->LastSyncTime,
537 sizeof(FILETIME));
538 }
539 CloseHandle(hFile);
540 }
541 else
542 {
543 DeleteUrlCacheEntryW(pszURL);
544 ret = FALSE;
545 }
546 }
547 else
548 {
549 DeleteUrlCacheEntryW(pszURL);
550 ret = FALSE;
551 }
552 UnlockUrlCacheEntryFileW(pszURL, 0);
553 }
554 CryptMemFree(pCacheInfo);
555 TRACE("returning %d\n", ret);
556 return ret;
557 }
558
559 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
560 * to NULL-terminated copies of those portions of the URL (to be freed with
561 * CryptMemFree.)
562 */
563 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
564 {
565 BOOL ret;
566
567 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
568
569 memset(components, 0, sizeof(*components));
570 components->dwStructSize = sizeof(*components);
571 components->lpszHostName = CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH * sizeof(WCHAR));
572 components->dwHostNameLength = INTERNET_MAX_HOST_NAME_LENGTH;
573 if (!components->lpszHostName)
574 {
575 SetLastError(ERROR_OUTOFMEMORY);
576 return FALSE;
577 }
578 components->lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
579 components->dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
580 if (!components->lpszUrlPath)
581 {
582 CryptMemFree(components->lpszHostName);
583 SetLastError(ERROR_OUTOFMEMORY);
584 return FALSE;
585 }
586
587 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
588 if (ret)
589 {
590 switch (components->nScheme)
591 {
592 case INTERNET_SCHEME_FTP:
593 if (!components->nPort)
594 components->nPort = INTERNET_DEFAULT_FTP_PORT;
595 break;
596 case INTERNET_SCHEME_HTTP:
597 if (!components->nPort)
598 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
599 break;
600 default:
601 ; /* do nothing */
602 }
603 }
604 TRACE("returning %d\n", ret);
605 return ret;
606 }
607
608 struct InetContext
609 {
610 HANDLE event;
611 DWORD timeout;
612 DWORD error;
613 };
614
615 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
616 {
617 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
618
619 if (context)
620 {
621 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
622 if (!context->event)
623 {
624 CryptMemFree(context);
625 context = NULL;
626 }
627 else
628 {
629 context->timeout = dwTimeout;
630 context->error = ERROR_SUCCESS;
631 }
632 }
633 return context;
634 }
635
636 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
637 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
638 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
639 {
640 CRYPT_DATA_BLOB object = { 0, NULL };
641 DWORD bytesAvailable;
642 BOOL ret;
643
644 do {
645 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
646 {
647 if (bytesAvailable)
648 {
649 if (object.pbData)
650 object.pbData = CryptMemRealloc(object.pbData,
651 object.cbData + bytesAvailable);
652 else
653 object.pbData = CryptMemAlloc(bytesAvailable);
654 if (object.pbData)
655 {
656 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
657
658 buffer.dwBufferLength = bytesAvailable;
659 buffer.lpvBuffer = object.pbData + object.cbData;
660 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
661 (DWORD_PTR)context)))
662 {
663 if (GetLastError() == ERROR_IO_PENDING)
664 {
665 if (WaitForSingleObject(context->event,
666 context->timeout) == WAIT_TIMEOUT)
667 SetLastError(ERROR_TIMEOUT);
668 else if (context->error)
669 SetLastError(context->error);
670 else
671 ret = TRUE;
672 }
673 }
674 if (ret)
675 object.cbData += buffer.dwBufferLength;
676 }
677 else
678 {
679 SetLastError(ERROR_OUTOFMEMORY);
680 ret = FALSE;
681 }
682 }
683 }
684 else if (GetLastError() == ERROR_IO_PENDING)
685 {
686 if (WaitForSingleObject(context->event, context->timeout) ==
687 WAIT_TIMEOUT)
688 SetLastError(ERROR_TIMEOUT);
689 else
690 ret = TRUE;
691 }
692 } while (ret && bytesAvailable);
693 if (ret)
694 {
695 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
696 if (!pObject->rgBlob)
697 {
698 CryptMemFree(object.pbData);
699 SetLastError(ERROR_OUTOFMEMORY);
700 ret = FALSE;
701 }
702 else
703 {
704 pObject->rgBlob[0].cbData = object.cbData;
705 pObject->rgBlob[0].pbData = object.pbData;
706 pObject->cBlob = 1;
707 }
708 }
709 TRACE("returning %d\n", ret);
710 return ret;
711 }
712
713 /* Finds the object specified by pszURL in the cache. If it's not found,
714 * creates a new cache entry for the object and writes the object to it.
715 * Sets the expiration time of the cache entry to expires.
716 */
717 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
718 DWORD dwRetrievalFlags, FILETIME expires)
719 {
720 WCHAR cacheFileName[MAX_PATH];
721 HANDLE hCacheFile;
722 DWORD size = 0, entryType;
723 FILETIME ft;
724
725 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
726 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
727 {
728 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
729
730 if (!info)
731 {
732 ERR("out of memory\n");
733 return;
734 }
735
736 if (GetUrlCacheEntryInfoW(pszURL, info, &size))
737 {
738 lstrcpyW(cacheFileName, info->lpszLocalFileName);
739 /* Check if the existing cache entry is up to date. If it isn't,
740 * remove the existing cache entry, and create a new one with the
741 * new value.
742 */
743 GetSystemTimeAsFileTime(&ft);
744 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
745 {
746 DeleteUrlCacheEntryW(pszURL);
747 }
748 else
749 {
750 info->ExpireTime = expires;
751 SetUrlCacheEntryInfoW(pszURL, info, CACHE_ENTRY_EXPTIME_FC);
752 CryptMemFree(info);
753 return;
754 }
755 }
756 CryptMemFree(info);
757 }
758
759 if (!CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL, cacheFileName, 0))
760 return;
761
762 hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
763 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
764 if(hCacheFile == INVALID_HANDLE_VALUE)
765 return;
766
767 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
768 pObject->rgBlob[0].cbData, &size, NULL);
769 CloseHandle(hCacheFile);
770
771 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
772 entryType = NORMAL_CACHE_ENTRY;
773 else
774 entryType = STICKY_CACHE_ENTRY;
775 memset(&ft, 0, sizeof(ft));
776 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
777 NULL, 0, NULL, NULL);
778 }
779
780 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
781 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
782 {
783 struct InetContext *context = (struct InetContext *)dwContext;
784 LPINTERNET_ASYNC_RESULT result;
785
786 switch (status)
787 {
788 case INTERNET_STATUS_REQUEST_COMPLETE:
789 result = statusInfo;
790 context->error = result->dwError;
791 SetEvent(context->event);
792 }
793 }
794
795 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
796 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
797 HINTERNET *phInt, HINTERNET *phHost)
798 {
799 BOOL ret;
800
801 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
802 components->nPort, context, pCredentials, phInt, phInt);
803
804 *phHost = NULL;
805 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL,
806 context ? INTERNET_FLAG_ASYNC : 0);
807 if (*phInt)
808 {
809 DWORD service;
810
811 if (context)
812 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
813 switch (components->nScheme)
814 {
815 case INTERNET_SCHEME_FTP:
816 service = INTERNET_SERVICE_FTP;
817 break;
818 case INTERNET_SCHEME_HTTP:
819 service = INTERNET_SERVICE_HTTP;
820 break;
821 default:
822 service = 0;
823 }
824 /* FIXME: use pCredentials for username/password */
825 *phHost = InternetConnectW(*phInt, components->lpszHostName,
826 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
827 if (!*phHost)
828 {
829 InternetCloseHandle(*phInt);
830 *phInt = NULL;
831 ret = FALSE;
832 }
833 else
834 ret = TRUE;
835 }
836 else
837 ret = FALSE;
838 TRACE("returning %d\n", ret);
839 return ret;
840 }
841
842 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
843 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
844 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
845 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
846 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
847 {
848 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
849 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
850 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
851
852 pObject->cBlob = 0;
853 pObject->rgBlob = NULL;
854 *ppfnFreeObject = CRYPT_FreeBlob;
855 *ppvFreeContext = NULL;
856 return FALSE;
857 }
858
859 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
860 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
861 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
862 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
863 0 };
864 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
865 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
866 't',0 };
867 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
868 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
869 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
870 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
871 's',0 };
872 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
873 '/','p','k','i','x','-','c','r','l',0 };
874 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
875 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
876 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
877 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
878 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
879 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
880
881 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
882 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
883 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
884 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
885 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
886 {
887 BOOL ret = FALSE;
888
889 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
890 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
891 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
892
893 pObject->cBlob = 0;
894 pObject->rgBlob = NULL;
895 *ppfnFreeObject = CRYPT_FreeBlob;
896 *ppvFreeContext = NULL;
897
898 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
899 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
900 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
901 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
902 {
903 URL_COMPONENTSW components;
904
905 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
906 {
907 HINTERNET hInt, hHost;
908 struct InetContext *context = NULL;
909
910 if (dwTimeout)
911 context = CRYPT_MakeInetContext(dwTimeout);
912 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
913 &hHost);
914 if (ret)
915 {
916 static LPCWSTR types[] = { x509cacert, x509emailcert,
917 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
918 pkcs7sig, pkcs7mime, NULL };
919 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
920 components.lpszUrlPath, NULL, NULL, types,
921 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
922 (DWORD_PTR)context);
923
924 if (hHttp)
925 {
926 if (dwTimeout)
927 {
928 InternetSetOptionW(hHttp,
929 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
930 sizeof(dwTimeout));
931 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
932 &dwTimeout, sizeof(dwTimeout));
933 }
934 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
935 (DWORD_PTR)context);
936 if (!ret && GetLastError() == ERROR_IO_PENDING)
937 {
938 if (WaitForSingleObject(context->event,
939 context->timeout) == WAIT_TIMEOUT)
940 SetLastError(ERROR_TIMEOUT);
941 else
942 ret = TRUE;
943 }
944 if (ret &&
945 !(ret = HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context)) &&
946 GetLastError() == ERROR_IO_PENDING)
947 {
948 if (WaitForSingleObject(context->event,
949 context->timeout) == WAIT_TIMEOUT)
950 SetLastError(ERROR_TIMEOUT);
951 else
952 ret = TRUE;
953 }
954 if (ret)
955 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
956 context, pObject, pAuxInfo);
957 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
958 {
959 SYSTEMTIME st;
960 FILETIME ft;
961 DWORD len = sizeof(st);
962
963 if (HttpQueryInfoW(hHttp, HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME,
964 &st, &len, NULL) && SystemTimeToFileTime(&st, &ft))
965 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags, ft);
966 }
967 InternetCloseHandle(hHttp);
968 }
969 InternetCloseHandle(hHost);
970 InternetCloseHandle(hInt);
971 }
972 if (context)
973 {
974 CloseHandle(context->event);
975 CryptMemFree(context);
976 }
977 CryptMemFree(components.lpszUrlPath);
978 CryptMemFree(components.lpszHostName);
979 }
980 }
981 TRACE("returning %d\n", ret);
982 return ret;
983 }
984
985 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
986 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
987 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
988 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
989 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
990 {
991 URL_COMPONENTSW components = { sizeof(components), 0 };
992 BOOL ret;
993
994 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
995 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
996 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
997
998 pObject->cBlob = 0;
999 pObject->rgBlob = NULL;
1000 *ppfnFreeObject = CRYPT_FreeBlob;
1001 *ppvFreeContext = NULL;
1002
1003 components.lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
1004 components.dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
1005 if (!components.lpszUrlPath)
1006 {
1007 SetLastError(ERROR_OUTOFMEMORY);
1008 return FALSE;
1009 }
1010
1011 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1012 if (ret)
1013 {
1014 LPWSTR path;
1015
1016 /* 3 == lstrlenW(L"c:") + 1 */
1017 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1018 if (path)
1019 {
1020 HANDLE hFile;
1021
1022 /* Try to create the file directly - Wine handles / in pathnames */
1023 lstrcpynW(path, components.lpszUrlPath,
1024 components.dwUrlPathLength + 1);
1025 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1026 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1027 if (hFile == INVALID_HANDLE_VALUE)
1028 {
1029 /* Try again on the current drive */
1030 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1031 if (path[1] == ':')
1032 {
1033 lstrcpynW(path + 2, components.lpszUrlPath,
1034 components.dwUrlPathLength + 1);
1035 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1036 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1037 }
1038 if (hFile == INVALID_HANDLE_VALUE)
1039 {
1040 /* Try again on the Windows drive */
1041 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1042 if (path[1] == ':')
1043 {
1044 lstrcpynW(path + 2, components.lpszUrlPath,
1045 components.dwUrlPathLength + 1);
1046 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1047 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1048 }
1049 }
1050 }
1051 if (hFile != INVALID_HANDLE_VALUE)
1052 {
1053 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1054 {
1055 if (pAuxInfo && pAuxInfo->cbSize >=
1056 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1057 pLastSyncTime) + sizeof(PFILETIME) &&
1058 pAuxInfo->pLastSyncTime)
1059 GetFileTime(hFile, NULL, NULL,
1060 pAuxInfo->pLastSyncTime);
1061 }
1062 CloseHandle(hFile);
1063 }
1064 else
1065 ret = FALSE;
1066 CryptMemFree(path);
1067 }
1068 else
1069 {
1070 SetLastError(ERROR_OUTOFMEMORY);
1071 ret = FALSE;
1072 }
1073 }
1074 CryptMemFree(components.lpszUrlPath);
1075 return ret;
1076 }
1077
1078 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1079 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1080 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1081 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1082 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1083
1084 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1085 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1086 {
1087 URL_COMPONENTSW components = { sizeof(components), 0 };
1088 BOOL ret;
1089
1090 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1091
1092 *pFunc = NULL;
1093 *phFunc = 0;
1094 components.dwSchemeLength = 1;
1095 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1096 if (ret)
1097 {
1098 /* Microsoft always uses CryptInitOIDFunctionSet/
1099 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1100 * reason to do so for builtin schemes.
1101 */
1102 switch (components.nScheme)
1103 {
1104 case INTERNET_SCHEME_FTP:
1105 *pFunc = FTP_RetrieveEncodedObjectW;
1106 break;
1107 case INTERNET_SCHEME_HTTP:
1108 *pFunc = HTTP_RetrieveEncodedObjectW;
1109 break;
1110 case INTERNET_SCHEME_FILE:
1111 *pFunc = File_RetrieveEncodedObjectW;
1112 break;
1113 default:
1114 {
1115 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1116 components.dwSchemeLength, NULL, 0, NULL, NULL);
1117
1118 if (len)
1119 {
1120 LPSTR scheme = CryptMemAlloc(len);
1121
1122 if (scheme)
1123 {
1124 static HCRYPTOIDFUNCSET set = NULL;
1125
1126 if (!set)
1127 set = CryptInitOIDFunctionSet(
1128 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1129 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1130 components.dwSchemeLength, scheme, len, NULL, NULL);
1131 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1132 scheme, 0, (void **)pFunc, phFunc);
1133 CryptMemFree(scheme);
1134 }
1135 else
1136 {
1137 SetLastError(ERROR_OUTOFMEMORY);
1138 ret = FALSE;
1139 }
1140 }
1141 else
1142 ret = FALSE;
1143 }
1144 }
1145 }
1146 TRACE("returning %d\n", ret);
1147 return ret;
1148 }
1149
1150 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1151 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1152 {
1153 DWORD size, i;
1154 CRYPT_BLOB_ARRAY *context;
1155 BOOL ret = FALSE;
1156
1157 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1158 for (i = 0; i < pObject->cBlob; i++)
1159 size += pObject->rgBlob[i].cbData;
1160 context = CryptMemAlloc(size);
1161 if (context)
1162 {
1163 LPBYTE nextData;
1164
1165 context->cBlob = 0;
1166 context->rgBlob =
1167 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1168 nextData =
1169 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1170 for (i = 0; i < pObject->cBlob; i++)
1171 {
1172 memcpy(nextData, pObject->rgBlob[i].pbData,
1173 pObject->rgBlob[i].cbData);
1174 context->rgBlob[i].pbData = nextData;
1175 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1176 nextData += pObject->rgBlob[i].cbData;
1177 context->cBlob++;
1178 }
1179 *ppvContext = context;
1180 ret = TRUE;
1181 }
1182 return ret;
1183 }
1184
1185 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1186 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1187
1188 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1189 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1190 {
1191 BOOL ret = TRUE;
1192
1193 if (!pObject->cBlob)
1194 {
1195 SetLastError(ERROR_INVALID_DATA);
1196 *ppvContext = NULL;
1197 ret = FALSE;
1198 }
1199 else if (pObject->cBlob == 1)
1200 {
1201 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1202 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1203 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1204 {
1205 SetLastError(CRYPT_E_NO_MATCH);
1206 ret = FALSE;
1207 }
1208 }
1209 else
1210 {
1211 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1212 CERT_STORE_CREATE_NEW_FLAG, NULL);
1213
1214 if (store)
1215 {
1216 DWORD i;
1217 const void *context;
1218
1219 for (i = 0; i < pObject->cBlob; i++)
1220 {
1221 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1222 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1223 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1224 NULL, &context))
1225 {
1226 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1227 ret = FALSE;
1228 }
1229 else
1230 {
1231 SetLastError(CRYPT_E_NO_MATCH);
1232 ret = FALSE;
1233 }
1234 }
1235 }
1236 else
1237 ret = FALSE;
1238 *ppvContext = store;
1239 }
1240 return ret;
1241 }
1242
1243 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1244 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1245 {
1246 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1247 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1248 }
1249
1250 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1251 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1252 {
1253 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1254 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1255 }
1256
1257 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1258 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1259 {
1260 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1261 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1262 }
1263
1264 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1265 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1266 {
1267 BOOL ret;
1268
1269 if (!pObject->cBlob)
1270 {
1271 SetLastError(ERROR_INVALID_DATA);
1272 *ppvContext = NULL;
1273 ret = FALSE;
1274 }
1275 else if (pObject->cBlob == 1)
1276 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1277 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1278 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1279 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1280 else
1281 {
1282 FIXME("multiple messages unimplemented\n");
1283 ret = FALSE;
1284 }
1285 return ret;
1286 }
1287
1288 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1289 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1290 {
1291 BOOL ret;
1292
1293 if (!pObject->cBlob)
1294 {
1295 SetLastError(ERROR_INVALID_DATA);
1296 *ppvContext = NULL;
1297 ret = FALSE;
1298 }
1299 else
1300 {
1301 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1302 CERT_STORE_CREATE_NEW_FLAG, NULL);
1303
1304 if (store)
1305 {
1306 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1307 CERT_STORE_CREATE_NEW_FLAG, NULL);
1308
1309 if (memStore)
1310 {
1311 CertAddStoreToCollection(store, memStore,
1312 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1313 CertCloseStore(memStore, 0);
1314 }
1315 else
1316 {
1317 CertCloseStore(store, 0);
1318 store = NULL;
1319 }
1320 }
1321 if (store)
1322 {
1323 DWORD i;
1324
1325 ret = TRUE;
1326 for (i = 0; i < pObject->cBlob; i++)
1327 {
1328 DWORD contentType, expectedContentTypes =
1329 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1330 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1331 CERT_QUERY_CONTENT_FLAG_CERT |
1332 CERT_QUERY_CONTENT_FLAG_CRL |
1333 CERT_QUERY_CONTENT_FLAG_CTL;
1334 HCERTSTORE contextStore;
1335 const void *context;
1336
1337 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1338 &pObject->rgBlob[i], expectedContentTypes,
1339 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1340 &contextStore, NULL, &context))
1341 {
1342 switch (contentType)
1343 {
1344 case CERT_QUERY_CONTENT_CERT:
1345 if (!CertAddCertificateContextToStore(store,
1346 context, CERT_STORE_ADD_ALWAYS, NULL))
1347 ret = FALSE;
1348 CertFreeCertificateContext(context);
1349 break;
1350 case CERT_QUERY_CONTENT_CRL:
1351 if (!CertAddCRLContextToStore(store,
1352 context, CERT_STORE_ADD_ALWAYS, NULL))
1353 ret = FALSE;
1354 CertFreeCRLContext(context);
1355 break;
1356 case CERT_QUERY_CONTENT_CTL:
1357 if (!CertAddCTLContextToStore(store,
1358 context, CERT_STORE_ADD_ALWAYS, NULL))
1359 ret = FALSE;
1360 CertFreeCTLContext(context);
1361 break;
1362 default:
1363 CertAddStoreToCollection(store, contextStore, 0, 0);
1364 }
1365 CertCloseStore(contextStore, 0);
1366 }
1367 else
1368 ret = FALSE;
1369 }
1370 }
1371 else
1372 ret = FALSE;
1373 *ppvContext = store;
1374 }
1375 return ret;
1376 }
1377
1378 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1379 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1380
1381 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1382 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1383 {
1384 BOOL ret = TRUE;
1385
1386 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1387
1388 *pFunc = NULL;
1389 *phFunc = 0;
1390 if (IS_INTOID(pszObjectOid))
1391 {
1392 switch (LOWORD(pszObjectOid))
1393 {
1394 case 0:
1395 *pFunc = CRYPT_CreateBlob;
1396 break;
1397 case LOWORD(CONTEXT_OID_CERTIFICATE):
1398 *pFunc = CRYPT_CreateCert;
1399 break;
1400 case LOWORD(CONTEXT_OID_CRL):
1401 *pFunc = CRYPT_CreateCRL;
1402 break;
1403 case LOWORD(CONTEXT_OID_CTL):
1404 *pFunc = CRYPT_CreateCTL;
1405 break;
1406 case LOWORD(CONTEXT_OID_PKCS7):
1407 *pFunc = CRYPT_CreatePKCS7;
1408 break;
1409 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1410 *pFunc = CRYPT_CreateAny;
1411 break;
1412 }
1413 }
1414 if (!*pFunc)
1415 {
1416 static HCRYPTOIDFUNCSET set = NULL;
1417
1418 if (!set)
1419 set = CryptInitOIDFunctionSet(
1420 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1421 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1422 0, (void **)pFunc, phFunc);
1423 }
1424 TRACE("returning %d\n", ret);
1425 return ret;
1426 }
1427
1428 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1429 FILETIME *expiration);
1430
1431 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1432 {
1433 PCCERT_CONTEXT cert = pvObject;
1434
1435 *expiration = cert->pCertInfo->NotAfter;
1436 return TRUE;
1437 }
1438
1439 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1440 {
1441 PCCRL_CONTEXT cert = pvObject;
1442
1443 *expiration = cert->pCrlInfo->NextUpdate;
1444 return TRUE;
1445 }
1446
1447 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1448 {
1449 PCCTL_CONTEXT cert = pvObject;
1450
1451 *expiration = cert->pCtlInfo->NextUpdate;
1452 return TRUE;
1453 }
1454
1455 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1456 get_object_expiration_func *getExpiration)
1457 {
1458 BOOL ret;
1459
1460 if (IS_INTOID(pszObjectOid))
1461 {
1462 switch (LOWORD(pszObjectOid))
1463 {
1464 case LOWORD(CONTEXT_OID_CERTIFICATE):
1465 *getExpiration = CRYPT_GetExpirationFromCert;
1466 ret = TRUE;
1467 break;
1468 case LOWORD(CONTEXT_OID_CRL):
1469 *getExpiration = CRYPT_GetExpirationFromCRL;
1470 ret = TRUE;
1471 break;
1472 case LOWORD(CONTEXT_OID_CTL):
1473 *getExpiration = CRYPT_GetExpirationFromCTL;
1474 ret = TRUE;
1475 break;
1476 default:
1477 ret = FALSE;
1478 }
1479 }
1480 else
1481 ret = FALSE;
1482 return ret;
1483 }
1484
1485 /***********************************************************************
1486 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1487 */
1488 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1489 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1490 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1491 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1492 {
1493 BOOL ret;
1494 SchemeDllRetrieveEncodedObjectW retrieve;
1495 ContextDllCreateObjectContext create;
1496 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1497
1498 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1499 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1500 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1501
1502 if (!pszURL)
1503 {
1504 SetLastError(ERROR_INVALID_PARAMETER);
1505 return FALSE;
1506 }
1507 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1508 if (ret)
1509 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1510 if (ret)
1511 {
1512 CRYPT_BLOB_ARRAY object = { 0, NULL };
1513 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1514 void *freeContext;
1515
1516 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1517 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1518 pAuxInfo);
1519 if (ret)
1520 {
1521 get_object_expiration_func getExpiration;
1522
1523 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1524 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1525 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1526 {
1527 FILETIME expires;
1528
1529 if (getExpiration(*ppvObject, &expires))
1530 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1531 }
1532 freeObject(pszObjectOid, &object, freeContext);
1533 }
1534 }
1535 if (hCreate)
1536 CryptFreeOIDFunctionAddress(hCreate, 0);
1537 if (hRetrieve)
1538 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1539 TRACE("returning %d\n", ret);
1540 return ret;
1541 }
1542
1543 static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
1544 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1545 PCERT_REVOCATION_STATUS pRevStatus)
1546 {
1547 DWORD error;
1548 PCRL_ENTRY entry = NULL;
1549
1550 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1551 if (entry)
1552 {
1553 error = CRYPT_E_REVOKED;
1554 pRevStatus->dwIndex = index;
1555 }
1556 else
1557 {
1558 /* Since the CRL was retrieved for the cert being checked, then it's
1559 * guaranteed to be fresh, and the cert is not revoked.
1560 */
1561 error = ERROR_SUCCESS;
1562 }
1563 return error;
1564 }
1565
1566 static DWORD verify_cert_revocation_from_dist_points_ext(
1567 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1568 FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
1569 PCERT_REVOCATION_STATUS pRevStatus)
1570 {
1571 DWORD error = ERROR_SUCCESS, cbUrlArray;
1572
1573 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1574 {
1575 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1576
1577 if (urlArray)
1578 {
1579 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1580 BOOL ret;
1581
1582 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1583 &cbUrlArray, NULL, NULL);
1584 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1585 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1586 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1587 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1588 dwUrlRetrievalTimeout) + sizeof(DWORD))
1589 {
1590 startTime = GetTickCount();
1591 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1592 timeout = pRevPara->dwUrlRetrievalTimeout;
1593 }
1594 else
1595 endTime = timeout = 0;
1596 if (!ret)
1597 error = GetLastError();
1598 for (j = 0; !error && j < urlArray->cUrl; j++)
1599 {
1600 PCCRL_CONTEXT crl;
1601
1602 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1603 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1604 NULL, NULL, NULL, NULL);
1605 if (ret)
1606 {
1607 error = verify_cert_revocation_with_crl_online(cert, crl,
1608 index, pTime, pRevStatus);
1609 if (!error && timeout)
1610 {
1611 DWORD time = GetTickCount();
1612
1613 if ((int)(endTime - time) <= 0)
1614 {
1615 error = ERROR_TIMEOUT;
1616 pRevStatus->dwIndex = index;
1617 }
1618 else
1619 timeout = endTime - time;
1620 }
1621 CertFreeCRLContext(crl);
1622 }
1623 else
1624 error = CRYPT_E_REVOCATION_OFFLINE;
1625 }
1626 CryptMemFree(urlArray);
1627 }
1628 else
1629 {
1630 error = ERROR_OUTOFMEMORY;
1631 pRevStatus->dwIndex = index;
1632 }
1633 }
1634 else
1635 {
1636 error = GetLastError();
1637 pRevStatus->dwIndex = index;
1638 }
1639 return error;
1640 }
1641
1642 static DWORD verify_cert_revocation_from_aia_ext(
1643 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1644 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1645 PCERT_REVOCATION_STATUS pRevStatus)
1646 {
1647 BOOL ret;
1648 DWORD error, size;
1649 CERT_AUTHORITY_INFO_ACCESS *aia;
1650
1651 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1652 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1653 if (ret)
1654 {
1655 DWORD i;
1656
1657 for (i = 0; i < aia->cAccDescr; i++)
1658 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1659 szOID_PKIX_OCSP))
1660 {
1661 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1662 CERT_ALT_NAME_URL)
1663 FIXME("OCSP URL = %s\n",
1664 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1665 else
1666 FIXME("unsupported AccessLocation type %d\n",
1667 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1668 }
1669 LocalFree(aia);
1670 /* FIXME: lie and pretend OCSP validated the cert */
1671 error = ERROR_SUCCESS;
1672 }
1673 else
1674 error = GetLastError();
1675 return error;
1676 }
1677
1678 static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
1679 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1680 PCERT_REVOCATION_STATUS pRevStatus)
1681 {
1682 DWORD error;
1683 LONG valid;
1684
1685 valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
1686 if (valid <= 0)
1687 {
1688 /* If this CRL is not older than the time being verified, there's no
1689 * way to know whether the certificate was revoked.
1690 */
1691 TRACE("CRL not old enough\n");
1692 error = CRYPT_E_REVOCATION_OFFLINE;
1693 }
1694 else
1695 {
1696 PCRL_ENTRY entry = NULL;
1697
1698 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1699 if (entry)
1700 {
1701 error = CRYPT_E_REVOKED;
1702 pRevStatus->dwIndex = index;
1703 }
1704 else
1705 {
1706 /* Since the CRL was not retrieved for the cert being checked,
1707 * there's no guarantee it's fresh, so the cert *might* be okay,
1708 * but it's safer not to guess.
1709 */
1710 TRACE("certificate not found\n");
1711 error = CRYPT_E_REVOCATION_OFFLINE;
1712 }
1713 }
1714 return error;
1715 }
1716
1717 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1718 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1719 PCERT_REVOCATION_STATUS pRevStatus)
1720 {
1721 DWORD error = ERROR_SUCCESS;
1722 PCERT_EXTENSION ext;
1723
1724 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1725 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1726 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1727 index, pTime, dwFlags, pRevPara, pRevStatus);
1728 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1729 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1730 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1731 index, pTime, dwFlags, pRevPara, pRevStatus);
1732 else
1733 {
1734 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1735 {
1736 PCCRL_CONTEXT crl = NULL;
1737 BOOL canSignCRLs;
1738
1739 /* If the caller told us about the issuer, make sure the issuer
1740 * can sign CRLs before looking for one.
1741 */
1742 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1743 pRevPara->pIssuerCert->pCertInfo->cExtension,
1744 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1745 {
1746 CRYPT_BIT_BLOB usage;
1747 DWORD size = sizeof(usage);
1748
1749 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1750 ext->Value.pbData, ext->Value.cbData,
1751 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1752 canSignCRLs = FALSE;
1753 else if (usage.cbData > 2)
1754 {
1755 /* The key usage extension only defines 9 bits => no more
1756 * than 2 bytes are needed to encode all known usages.
1757 */
1758 canSignCRLs = FALSE;
1759 }
1760 else
1761 {
1762 BYTE usageBits = usage.pbData[usage.cbData - 1];
1763
1764 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1765 }
1766 }
1767 else
1768 canSignCRLs = TRUE;
1769 if (canSignCRLs)
1770 {
1771 /* If the caller was helpful enough to tell us where to find a
1772 * CRL for the cert, look for one and check it.
1773 */
1774 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1775 cert->dwCertEncodingType,
1776 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1777 CRL_FIND_ISSUED_BY_AKI_FLAG,
1778 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1779 }
1780 if (crl)
1781 {
1782 error = verify_cert_revocation_with_crl_offline(cert, crl,
1783 index, pTime, pRevStatus);
1784 CertFreeCRLContext(crl);
1785 }
1786 else
1787 {
1788 TRACE("no CRL found\n");
1789 error = CRYPT_E_NO_REVOCATION_CHECK;
1790 pRevStatus->dwIndex = index;
1791 }
1792 }
1793 else
1794 {
1795 if (!pRevPara)
1796 WARN("no CERT_REVOCATION_PARA\n");
1797 else if (!pRevPara->hCrlStore)
1798 WARN("no dist points/aia extension and no CRL store\n");
1799 else if (!pRevPara->pIssuerCert)
1800 WARN("no dist points/aia extension and no issuer\n");
1801 error = CRYPT_E_NO_REVOCATION_CHECK;
1802 pRevStatus->dwIndex = index;
1803 }
1804 }
1805 return error;
1806 }
1807
1808 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1809 DWORD cbSize;
1810 PCCERT_CONTEXT pIssuerCert;
1811 DWORD cCertStore;
1812 HCERTSTORE *rgCertStore;
1813 HCERTSTORE hCrlStore;
1814 LPFILETIME pftTimeToUse;
1815 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1816
1817 typedef struct _OLD_CERT_REVOCATION_STATUS {
1818 DWORD cbSize;
1819 DWORD dwIndex;
1820 DWORD dwError;
1821 DWORD dwReason;
1822 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1823
1824 /***********************************************************************
1825 * CertDllVerifyRevocation (CRYPTNET.@)
1826 */
1827 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1828 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1829 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1830 {
1831 DWORD error = 0, i;
1832 FILETIME now;
1833 LPFILETIME pTime = NULL;
1834
1835 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1836 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1837
1838 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1839 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1840 {
1841 SetLastError(E_INVALIDARG);
1842 return FALSE;
1843 }
1844 if (!cContext)
1845 {
1846 SetLastError(E_INVALIDARG);
1847 return FALSE;
1848 }
1849 if (pRevPara && pRevPara->cbSize >=
1850 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1851 pTime = pRevPara->pftTimeToUse;
1852 if (!pTime)
1853 {
1854 GetSystemTimeAsFileTime(&now);
1855 pTime = &now;
1856 }
1857 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1858 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1859 error = CRYPT_E_NO_REVOCATION_CHECK;
1860 else
1861 {
1862 for (i = 0; !error && i < cContext; i++)
1863 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1864 pRevPara, pRevStatus);
1865 }
1866 if (error)
1867 {
1868 SetLastError(error);
1869 pRevStatus->dwError = error;
1870 }
1871 TRACE("returning %d (%08x)\n", !error, error);
1872 return !error;
1873 }
Maarten's multimedia branch