search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gdiplus: Fix the clipping region calculation.
[wine/multimedia.git] / dlls / cryptnet / cryptnet_main.c
blob31436045a5fe22afa482c4f564feef43404b1fc3
1 /*
2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #include "config.h"
22 #include "wine/port.h"
23
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
27
28 #include <stdio.h>
29 #include <stdarg.h>
30
31 #include "windef.h"
32 #include "winbase.h"
33 #include "winnt.h"
34 #include "winnls.h"
35 #include "wininet.h"
36 #include "objbase.h"
37 #include "wincrypt.h"
38
39 #include "wine/debug.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
42
43 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
44
45 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
46 {
47 TRACE("(0x%p, %d, %p)\n", hinstDLL, fdwReason, lpvReserved);
48
49 switch (fdwReason) {
50 case DLL_PROCESS_ATTACH:
51 DisableThreadLibraryCalls(hinstDLL);
52 break;
53 case DLL_PROCESS_DETACH:
54 /* Do uninitialisation here */
55 break;
56 default: break;
57 }
58 return TRUE;
59 }
60
61 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
62 'd','l','l',0 };
63
64 /***********************************************************************
65 * DllRegisterServer (CRYPTNET.@)
66 */
67 HRESULT WINAPI DllRegisterServer(void)
68 {
69 TRACE("\n");
70 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
71 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
72 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
73 cryptNet, "LdapProvOpenStore");
74 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
75 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
76 return S_OK;
77 }
78
79 /***********************************************************************
80 * DllUnregisterServer (CRYPTNET.@)
81 */
82 HRESULT WINAPI DllUnregisterServer(void)
83 {
84 TRACE("\n");
85 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
86 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
87 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
88 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
89 CERT_STORE_PROV_LDAP_W);
90 return S_OK;
91 }
92
93 static const char *url_oid_to_str(LPCSTR oid)
94 {
95 if (IS_INTOID(oid))
96 {
97 static char buf[10];
98
99 switch (LOWORD(oid))
100 {
101 #define _x(oid) case LOWORD(oid): return #oid
102 _x(URL_OID_CERTIFICATE_ISSUER);
103 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
104 _x(URL_OID_CTL_ISSUER);
105 _x(URL_OID_CTL_NEXT_UPDATE);
106 _x(URL_OID_CRL_ISSUER);
107 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
108 _x(URL_OID_CRL_FRESHEST_CRL);
109 _x(URL_OID_CROSS_CERT_DIST_POINT);
110 #undef _x
111 default:
112 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
113 return buf;
114 }
115 }
116 else
117 return oid;
118 }
119
120 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
121 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
122
123 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
124 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
125 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
126 {
127 PCCERT_CONTEXT cert = pvPara;
128 PCERT_EXTENSION ext;
129 BOOL ret = FALSE;
130
131 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
132 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
133 {
134 SetLastError(CRYPT_E_NOT_FOUND);
135 return FALSE;
136 }
137 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
138 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
139 {
140 CERT_AUTHORITY_INFO_ACCESS *aia;
141 DWORD size;
142
143 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
144 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
145 &aia, &size);
146 if (ret)
147 {
148 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
149
150 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
151 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
152 szOID_PKIX_CA_ISSUERS))
153 {
154 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
155 CERT_ALT_NAME_URL)
156 {
157 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
158 {
159 cUrl++;
160 bytesNeeded += sizeof(LPWSTR) +
161 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
162 pwszURL) + 1) * sizeof(WCHAR);
163 }
164 }
165 else
166 FIXME("unsupported alt name type %d\n",
167 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
168 }
169 if (!pcbUrlArray)
170 {
171 SetLastError(E_INVALIDARG);
172 ret = FALSE;
173 }
174 else if (!pUrlArray)
175 *pcbUrlArray = bytesNeeded;
176 else if (*pcbUrlArray < bytesNeeded)
177 {
178 SetLastError(ERROR_MORE_DATA);
179 *pcbUrlArray = bytesNeeded;
180 ret = FALSE;
181 }
182 else
183 {
184 LPWSTR nextUrl;
185
186 *pcbUrlArray = bytesNeeded;
187 pUrlArray->cUrl = 0;
188 pUrlArray->rgwszUrl =
189 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
190 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
191 + cUrl * sizeof(LPWSTR));
192 for (i = 0; i < aia->cAccDescr; i++)
193 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
194 szOID_PKIX_CA_ISSUERS))
195 {
196 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
197 == CERT_ALT_NAME_URL)
198 {
199 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
200 {
201 lstrcpyW(nextUrl,
202 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
203 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
204 nextUrl;
205 nextUrl += (lstrlenW(nextUrl) + 1);
206 }
207 }
208 }
209 }
210 if (ret)
211 {
212 if (pcbUrlInfo)
213 {
214 FIXME("url info: stub\n");
215 if (!pUrlInfo)
216 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
217 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
218 {
219 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
220 SetLastError(ERROR_MORE_DATA);
221 ret = FALSE;
222 }
223 else
224 {
225 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
226 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
227 }
228 }
229 }
230 LocalFree(aia);
231 }
232 }
233 else
234 SetLastError(CRYPT_E_NOT_FOUND);
235 return ret;
236 }
237
238 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
239 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
240 DWORD *pcbUrlInfo)
241 {
242 BOOL ret;
243 CRL_DIST_POINTS_INFO *info;
244 DWORD size;
245
246 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
247 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
248 if (ret)
249 {
250 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
251
252 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
253 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
254 == CRL_DIST_POINT_FULL_NAME)
255 {
256 DWORD j;
257 CERT_ALT_NAME_INFO *name =
258 &info->rgDistPoint[i].DistPointName.u.FullName;
259
260 for (j = 0; j < name->cAltEntry; j++)
261 if (name->rgAltEntry[j].dwAltNameChoice ==
262 CERT_ALT_NAME_URL)
263 {
264 if (name->rgAltEntry[j].u.pwszURL)
265 {
266 cUrl++;
267 bytesNeeded += sizeof(LPWSTR) +
268 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
269 * sizeof(WCHAR);
270 }
271 }
272 }
273 if (!pcbUrlArray)
274 {
275 SetLastError(E_INVALIDARG);
276 ret = FALSE;
277 }
278 else if (!pUrlArray)
279 *pcbUrlArray = bytesNeeded;
280 else if (*pcbUrlArray < bytesNeeded)
281 {
282 SetLastError(ERROR_MORE_DATA);
283 *pcbUrlArray = bytesNeeded;
284 ret = FALSE;
285 }
286 else
287 {
288 LPWSTR nextUrl;
289
290 *pcbUrlArray = bytesNeeded;
291 pUrlArray->cUrl = 0;
292 pUrlArray->rgwszUrl =
293 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
294 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
295 + cUrl * sizeof(LPWSTR));
296 for (i = 0; i < info->cDistPoint; i++)
297 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
298 == CRL_DIST_POINT_FULL_NAME)
299 {
300 DWORD j;
301 CERT_ALT_NAME_INFO *name =
302 &info->rgDistPoint[i].DistPointName.u.FullName;
303
304 for (j = 0; j < name->cAltEntry; j++)
305 if (name->rgAltEntry[j].dwAltNameChoice ==
306 CERT_ALT_NAME_URL)
307 {
308 if (name->rgAltEntry[j].u.pwszURL)
309 {
310 lstrcpyW(nextUrl,
311 name->rgAltEntry[j].u.pwszURL);
312 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
313 nextUrl;
314 nextUrl +=
315 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
316 }
317 }
318 }
319 }
320 if (ret)
321 {
322 if (pcbUrlInfo)
323 {
324 FIXME("url info: stub\n");
325 if (!pUrlInfo)
326 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
327 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
328 {
329 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
330 SetLastError(ERROR_MORE_DATA);
331 ret = FALSE;
332 }
333 else
334 {
335 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
336 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
337 }
338 }
339 }
340 LocalFree(info);
341 }
342 return ret;
343 }
344
345 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
346 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
347 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
348 {
349 PCCERT_CONTEXT cert = pvPara;
350 PCERT_EXTENSION ext;
351 BOOL ret = FALSE;
352
353 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
354 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
355 {
356 SetLastError(CRYPT_E_NOT_FOUND);
357 return FALSE;
358 }
359 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
360 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
361 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
362 pcbUrlArray, pUrlInfo, pcbUrlInfo);
363 else
364 SetLastError(CRYPT_E_NOT_FOUND);
365 return ret;
366 }
367
368 /***********************************************************************
369 * CryptGetObjectUrl (CRYPTNET.@)
370 */
371 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
372 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
373 DWORD *pcbUrlInfo, LPVOID pvReserved)
374 {
375 UrlDllGetObjectUrlFunc func = NULL;
376 HCRYPTOIDFUNCADDR hFunc = NULL;
377 BOOL ret = FALSE;
378
379 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
380 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
381
382 if (IS_INTOID(pszUrlOid))
383 {
384 switch (LOWORD(pszUrlOid))
385 {
386 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
387 func = CRYPT_GetUrlFromCertificateIssuer;
388 break;
389 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
390 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
391 break;
392 default:
393 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
394 SetLastError(ERROR_FILE_NOT_FOUND);
395 }
396 }
397 else
398 {
399 static HCRYPTOIDFUNCSET set = NULL;
400
401 if (!set)
402 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
403 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
404 (void **)&func, &hFunc);
405 }
406 if (func)
407 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
408 pUrlInfo, pcbUrlInfo, pvReserved);
409 if (hFunc)
410 CryptFreeOIDFunctionAddress(hFunc, 0);
411 return ret;
412 }
413
414 /***********************************************************************
415 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
416 */
417 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
418 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
419 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
420 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
421 {
422 BOOL ret = FALSE;
423 int len;
424
425 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
426 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
427 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
428
429 if (!pszURL)
430 {
431 SetLastError(ERROR_INVALID_PARAMETER);
432 return FALSE;
433 }
434 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
435 if (len)
436 {
437 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
438
439 if (url)
440 {
441 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
442 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
443 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
444 pCredentials, pvVerify, pAuxInfo);
445 CryptMemFree(url);
446 }
447 else
448 SetLastError(ERROR_OUTOFMEMORY);
449 }
450 return ret;
451 }
452
453 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
454 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
455 {
456 DWORD i;
457
458 for (i = 0; i < pObject->cBlob; i++)
459 CryptMemFree(pObject->rgBlob[i].pbData);
460 CryptMemFree(pObject->rgBlob);
461 }
462
463 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
464 {
465 BOOL ret;
466 LARGE_INTEGER size;
467
468 if ((ret = GetFileSizeEx(hFile, &size)))
469 {
470 if (size.u.HighPart)
471 {
472 WARN("file too big\n");
473 SetLastError(ERROR_INVALID_DATA);
474 ret = FALSE;
475 }
476 else
477 {
478 CRYPT_DATA_BLOB blob;
479
480 blob.pbData = CryptMemAlloc(size.u.LowPart);
481 if (blob.pbData)
482 {
483 blob.cbData = size.u.LowPart;
484 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
485 NULL);
486 if (ret)
487 {
488 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
489 if (pObject->rgBlob)
490 {
491 pObject->cBlob = 1;
492 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
493 }
494 else
495 {
496 SetLastError(ERROR_OUTOFMEMORY);
497 ret = FALSE;
498 }
499 }
500 if (!ret)
501 CryptMemFree(blob.pbData);
502 }
503 else
504 {
505 SetLastError(ERROR_OUTOFMEMORY);
506 ret = FALSE;
507 }
508 }
509 }
510 return ret;
511 }
512
513 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
514 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
515 {
516 BOOL ret = FALSE;
517 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
518 DWORD size = 0;
519
520 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
521
522 ret = GetUrlCacheEntryInfoW(pszURL, NULL, &size);
523 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
524 {
525 pCacheInfo = CryptMemAlloc(size);
526 if (pCacheInfo)
527 ret = TRUE;
528 else
529 SetLastError(ERROR_OUTOFMEMORY);
530 }
531 if (ret && (ret = GetUrlCacheEntryInfoW(pszURL, pCacheInfo, &size)))
532 {
533 FILETIME ft;
534
535 GetSystemTimeAsFileTime(&ft);
536 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
537 {
538 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName,
539 GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
540
541 if (hFile != INVALID_HANDLE_VALUE)
542 {
543 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
544 {
545 if (pAuxInfo && pAuxInfo->cbSize >=
546 offsetof(CRYPT_RETRIEVE_AUX_INFO,
547 pLastSyncTime) + sizeof(PFILETIME) &&
548 pAuxInfo->pLastSyncTime)
549 memcpy(pAuxInfo->pLastSyncTime,
550 &pCacheInfo->LastSyncTime,
551 sizeof(FILETIME));
552 }
553 CloseHandle(hFile);
554 }
555 else
556 {
557 DeleteUrlCacheEntryW(pszURL);
558 ret = FALSE;
559 }
560 }
561 else
562 {
563 DeleteUrlCacheEntryW(pszURL);
564 ret = FALSE;
565 }
566 }
567 CryptMemFree(pCacheInfo);
568 TRACE("returning %d\n", ret);
569 return ret;
570 }
571
572 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
573 * to NULL-terminated copies of those portions of the URL (to be freed with
574 * CryptMemFree.)
575 */
576 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
577 {
578 BOOL ret;
579
580 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
581
582 memset(components, 0, sizeof(*components));
583 components->dwStructSize = sizeof(*components);
584 components->lpszHostName = CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH * sizeof(WCHAR));
585 components->dwHostNameLength = INTERNET_MAX_HOST_NAME_LENGTH;
586 if (!components->lpszHostName)
587 {
588 SetLastError(ERROR_OUTOFMEMORY);
589 return FALSE;
590 }
591 components->lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
592 components->dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
593 if (!components->lpszUrlPath)
594 {
595 CryptMemFree(components->lpszHostName);
596 SetLastError(ERROR_OUTOFMEMORY);
597 return FALSE;
598 }
599
600 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
601 if (ret)
602 {
603 switch (components->nScheme)
604 {
605 case INTERNET_SCHEME_FTP:
606 if (!components->nPort)
607 components->nPort = INTERNET_DEFAULT_FTP_PORT;
608 break;
609 case INTERNET_SCHEME_HTTP:
610 if (!components->nPort)
611 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
612 break;
613 default:
614 ; /* do nothing */
615 }
616 }
617 TRACE("returning %d\n", ret);
618 return ret;
619 }
620
621 struct InetContext
622 {
623 HANDLE event;
624 DWORD timeout;
625 DWORD error;
626 };
627
628 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
629 {
630 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
631
632 if (context)
633 {
634 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
635 if (!context->event)
636 {
637 CryptMemFree(context);
638 context = NULL;
639 }
640 else
641 {
642 context->timeout = dwTimeout;
643 context->error = ERROR_SUCCESS;
644 }
645 }
646 return context;
647 }
648
649 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
650 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
651 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
652 {
653 CRYPT_DATA_BLOB object = { 0, NULL };
654 DWORD bytesAvailable;
655 BOOL ret;
656
657 do {
658 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
659 {
660 if (bytesAvailable)
661 {
662 if (object.pbData)
663 object.pbData = CryptMemRealloc(object.pbData,
664 object.cbData + bytesAvailable);
665 else
666 object.pbData = CryptMemAlloc(bytesAvailable);
667 if (object.pbData)
668 {
669 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
670
671 buffer.dwBufferLength = bytesAvailable;
672 buffer.lpvBuffer = object.pbData + object.cbData;
673 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
674 (DWORD_PTR)context)))
675 {
676 if (GetLastError() == ERROR_IO_PENDING)
677 {
678 if (WaitForSingleObject(context->event,
679 context->timeout) == WAIT_TIMEOUT)
680 SetLastError(ERROR_TIMEOUT);
681 else if (context->error)
682 SetLastError(context->error);
683 else
684 ret = TRUE;
685 }
686 }
687 if (ret)
688 object.cbData += buffer.dwBufferLength;
689 }
690 else
691 {
692 SetLastError(ERROR_OUTOFMEMORY);
693 ret = FALSE;
694 }
695 }
696 }
697 else if (GetLastError() == ERROR_IO_PENDING)
698 {
699 if (WaitForSingleObject(context->event, context->timeout) ==
700 WAIT_TIMEOUT)
701 SetLastError(ERROR_TIMEOUT);
702 else
703 ret = TRUE;
704 }
705 } while (ret && bytesAvailable);
706 if (ret)
707 {
708 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
709 if (!pObject->rgBlob)
710 {
711 CryptMemFree(object.pbData);
712 SetLastError(ERROR_OUTOFMEMORY);
713 ret = FALSE;
714 }
715 else
716 {
717 pObject->rgBlob[0].cbData = object.cbData;
718 pObject->rgBlob[0].pbData = object.pbData;
719 pObject->cBlob = 1;
720 }
721 }
722 TRACE("returning %d\n", ret);
723 return ret;
724 }
725
726 /* Finds the object specified by pszURL in the cache. If it's not found,
727 * creates a new cache entry for the object and writes the object to it.
728 * Sets the expiration time of the cache entry to expires.
729 */
730 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
731 DWORD dwRetrievalFlags, FILETIME expires)
732 {
733 WCHAR cacheFileName[MAX_PATH];
734 DWORD size = 0;
735 BOOL ret, create = FALSE;
736
737 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
738 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
739 {
740 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
741
742 if (info)
743 {
744 FILETIME ft;
745
746 ret = GetUrlCacheEntryInfoW(pszURL, info, &size);
747 if (ret)
748 lstrcpyW(cacheFileName, info->lpszLocalFileName);
749 /* Check if the existing cache entry is up to date. If it isn't,
750 * remove the existing cache entry, and create a new one with the
751 * new value.
752 */
753 GetSystemTimeAsFileTime(&ft);
754 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
755 {
756 create = TRUE;
757 DeleteUrlCacheEntryW(pszURL);
758 }
759 CryptMemFree(info);
760 }
761 else
762 ret = FALSE;
763 }
764 else
765 {
766 ret = CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL,
767 cacheFileName, 0);
768 create = TRUE;
769 }
770 if (ret)
771 {
772 DWORD entryType;
773 FILETIME ft = { 0 };
774
775 if (create)
776 {
777 HANDLE hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
778 NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
779
780 if (hCacheFile != INVALID_HANDLE_VALUE)
781 {
782 DWORD bytesWritten;
783
784 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
785 pObject->rgBlob[0].cbData, &bytesWritten, NULL);
786 CloseHandle(hCacheFile);
787 }
788 else
789 ret = FALSE;
790 }
791 if (ret)
792 {
793 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
794 entryType = NORMAL_CACHE_ENTRY;
795 else
796 entryType = STICKY_CACHE_ENTRY;
797 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
798 NULL, 0, NULL, NULL);
799 }
800 }
801 }
802
803 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
804 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
805 {
806 struct InetContext *context = (struct InetContext *)dwContext;
807 LPINTERNET_ASYNC_RESULT result;
808
809 switch (status)
810 {
811 case INTERNET_STATUS_REQUEST_COMPLETE:
812 result = statusInfo;
813 context->error = result->dwError;
814 SetEvent(context->event);
815 }
816 }
817
818 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
819 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
820 HINTERNET *phInt, HINTERNET *phHost)
821 {
822 BOOL ret;
823
824 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
825 components->nPort, context, pCredentials, phInt, phInt);
826
827 *phHost = NULL;
828 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL,
829 context ? INTERNET_FLAG_ASYNC : 0);
830 if (*phInt)
831 {
832 DWORD service;
833
834 if (context)
835 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
836 switch (components->nScheme)
837 {
838 case INTERNET_SCHEME_FTP:
839 service = INTERNET_SERVICE_FTP;
840 break;
841 case INTERNET_SCHEME_HTTP:
842 service = INTERNET_SERVICE_HTTP;
843 break;
844 default:
845 service = 0;
846 }
847 /* FIXME: use pCredentials for username/password */
848 *phHost = InternetConnectW(*phInt, components->lpszHostName,
849 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
850 if (!*phHost)
851 {
852 InternetCloseHandle(*phInt);
853 *phInt = NULL;
854 ret = FALSE;
855 }
856 else
857 ret = TRUE;
858 }
859 else
860 ret = FALSE;
861 TRACE("returning %d\n", ret);
862 return ret;
863 }
864
865 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
866 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
867 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
868 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
869 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
870 {
871 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
872 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
873 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
874
875 pObject->cBlob = 0;
876 pObject->rgBlob = NULL;
877 *ppfnFreeObject = CRYPT_FreeBlob;
878 *ppvFreeContext = NULL;
879 return FALSE;
880 }
881
882 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
883 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
884 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
885 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
886 0 };
887 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
888 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
889 't',0 };
890 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
891 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
892 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
893 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
894 's',0 };
895 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
896 '/','p','k','i','x','-','c','r','l',0 };
897 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
898 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
899 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
900 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
901 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
902 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
903
904 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
905 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
906 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
907 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
908 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
909 {
910 BOOL ret = FALSE;
911
912 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
913 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
914 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
915
916 pObject->cBlob = 0;
917 pObject->rgBlob = NULL;
918 *ppfnFreeObject = CRYPT_FreeBlob;
919 *ppvFreeContext = NULL;
920
921 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
922 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
923 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
924 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
925 {
926 URL_COMPONENTSW components;
927
928 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
929 {
930 HINTERNET hInt, hHost;
931 struct InetContext *context = NULL;
932
933 if (dwTimeout)
934 context = CRYPT_MakeInetContext(dwTimeout);
935 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
936 &hHost);
937 if (ret)
938 {
939 static LPCWSTR types[] = { x509cacert, x509emailcert,
940 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
941 pkcs7sig, pkcs7mime, NULL };
942 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
943 components.lpszUrlPath, NULL, NULL, types,
944 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
945 (DWORD_PTR)context);
946
947 if (hHttp)
948 {
949 if (dwTimeout)
950 {
951 InternetSetOptionW(hHttp,
952 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
953 sizeof(dwTimeout));
954 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
955 &dwTimeout, sizeof(dwTimeout));
956 }
957 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
958 (DWORD_PTR)context);
959 if (!ret && GetLastError() == ERROR_IO_PENDING)
960 {
961 if (WaitForSingleObject(context->event,
962 context->timeout) == WAIT_TIMEOUT)
963 SetLastError(ERROR_TIMEOUT);
964 else
965 ret = TRUE;
966 }
967 /* We don't set ret to TRUE in this block to avoid masking
968 * an error from HttpSendRequestExW.
969 */
970 if (ret &&
971 !HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context) &&
972 GetLastError() == ERROR_IO_PENDING)
973 {
974 if (WaitForSingleObject(context->event,
975 context->timeout) == WAIT_TIMEOUT)
976 {
977 SetLastError(ERROR_TIMEOUT);
978 ret = FALSE;
979 }
980 }
981 if (ret)
982 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
983 context, pObject, pAuxInfo);
984 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
985 {
986 SYSTEMTIME st;
987 DWORD len = sizeof(st);
988
989 if (HttpQueryInfoW(hHttp,
990 HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
991 &len, NULL))
992 {
993 FILETIME ft;
994
995 SystemTimeToFileTime(&st, &ft);
996 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
997 ft);
998 }
999 }
1000 InternetCloseHandle(hHttp);
1001 }
1002 InternetCloseHandle(hHost);
1003 InternetCloseHandle(hInt);
1004 }
1005 if (context)
1006 {
1007 CloseHandle(context->event);
1008 CryptMemFree(context);
1009 }
1010 CryptMemFree(components.lpszUrlPath);
1011 CryptMemFree(components.lpszHostName);
1012 }
1013 }
1014 TRACE("returning %d\n", ret);
1015 return ret;
1016 }
1017
1018 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
1019 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1020 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1021 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1022 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1023 {
1024 URL_COMPONENTSW components = { sizeof(components), 0 };
1025 BOOL ret;
1026
1027 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1028 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
1029 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1030
1031 pObject->cBlob = 0;
1032 pObject->rgBlob = NULL;
1033 *ppfnFreeObject = CRYPT_FreeBlob;
1034 *ppvFreeContext = NULL;
1035
1036 components.lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
1037 components.dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
1038 if (!components.lpszUrlPath)
1039 {
1040 SetLastError(ERROR_OUTOFMEMORY);
1041 return FALSE;
1042 }
1043
1044 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1045 if (ret)
1046 {
1047 LPWSTR path;
1048
1049 /* 3 == lstrlenW(L"c:") + 1 */
1050 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1051 if (path)
1052 {
1053 HANDLE hFile;
1054
1055 /* Try to create the file directly - Wine handles / in pathnames */
1056 lstrcpynW(path, components.lpszUrlPath,
1057 components.dwUrlPathLength + 1);
1058 hFile = CreateFileW(path, GENERIC_READ, 0, NULL, OPEN_EXISTING,
1059 FILE_ATTRIBUTE_NORMAL, NULL);
1060 if (hFile == INVALID_HANDLE_VALUE)
1061 {
1062 /* Try again on the current drive */
1063 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1064 if (path[1] == ':')
1065 {
1066 lstrcpynW(path + 2, components.lpszUrlPath,
1067 components.dwUrlPathLength + 1);
1068 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1069 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1070 }
1071 if (hFile == INVALID_HANDLE_VALUE)
1072 {
1073 /* Try again on the Windows drive */
1074 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1075 if (path[1] == ':')
1076 {
1077 lstrcpynW(path + 2, components.lpszUrlPath,
1078 components.dwUrlPathLength + 1);
1079 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1080 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1081 }
1082 }
1083 }
1084 if (hFile != INVALID_HANDLE_VALUE)
1085 {
1086 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1087 {
1088 if (pAuxInfo && pAuxInfo->cbSize >=
1089 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1090 pLastSyncTime) + sizeof(PFILETIME) &&
1091 pAuxInfo->pLastSyncTime)
1092 GetFileTime(hFile, NULL, NULL,
1093 pAuxInfo->pLastSyncTime);
1094 }
1095 CloseHandle(hFile);
1096 }
1097 else
1098 ret = FALSE;
1099 CryptMemFree(path);
1100 }
1101 else
1102 {
1103 SetLastError(ERROR_OUTOFMEMORY);
1104 ret = FALSE;
1105 }
1106 }
1107 CryptMemFree(components.lpszUrlPath);
1108 return ret;
1109 }
1110
1111 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1112 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1113 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1114 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1115 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1116
1117 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1118 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1119 {
1120 URL_COMPONENTSW components = { sizeof(components), 0 };
1121 BOOL ret;
1122
1123 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1124
1125 *pFunc = NULL;
1126 *phFunc = 0;
1127 components.dwSchemeLength = 1;
1128 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1129 if (ret)
1130 {
1131 /* Microsoft always uses CryptInitOIDFunctionSet/
1132 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1133 * reason to do so for builtin schemes.
1134 */
1135 switch (components.nScheme)
1136 {
1137 case INTERNET_SCHEME_FTP:
1138 *pFunc = FTP_RetrieveEncodedObjectW;
1139 break;
1140 case INTERNET_SCHEME_HTTP:
1141 *pFunc = HTTP_RetrieveEncodedObjectW;
1142 break;
1143 case INTERNET_SCHEME_FILE:
1144 *pFunc = File_RetrieveEncodedObjectW;
1145 break;
1146 default:
1147 {
1148 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1149 components.dwSchemeLength, NULL, 0, NULL, NULL);
1150
1151 if (len)
1152 {
1153 LPSTR scheme = CryptMemAlloc(len);
1154
1155 if (scheme)
1156 {
1157 static HCRYPTOIDFUNCSET set = NULL;
1158
1159 if (!set)
1160 set = CryptInitOIDFunctionSet(
1161 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1162 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1163 components.dwSchemeLength, scheme, len, NULL, NULL);
1164 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1165 scheme, 0, (void **)pFunc, phFunc);
1166 CryptMemFree(scheme);
1167 }
1168 else
1169 {
1170 SetLastError(ERROR_OUTOFMEMORY);
1171 ret = FALSE;
1172 }
1173 }
1174 else
1175 ret = FALSE;
1176 }
1177 }
1178 }
1179 TRACE("returning %d\n", ret);
1180 return ret;
1181 }
1182
1183 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1184 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1185 {
1186 DWORD size, i;
1187 CRYPT_BLOB_ARRAY *context;
1188 BOOL ret = FALSE;
1189
1190 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1191 for (i = 0; i < pObject->cBlob; i++)
1192 size += pObject->rgBlob[i].cbData;
1193 context = CryptMemAlloc(size);
1194 if (context)
1195 {
1196 LPBYTE nextData;
1197
1198 context->cBlob = 0;
1199 context->rgBlob =
1200 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1201 nextData =
1202 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1203 for (i = 0; i < pObject->cBlob; i++)
1204 {
1205 memcpy(nextData, pObject->rgBlob[i].pbData,
1206 pObject->rgBlob[i].cbData);
1207 context->rgBlob[i].pbData = nextData;
1208 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1209 nextData += pObject->rgBlob[i].cbData;
1210 context->cBlob++;
1211 }
1212 *ppvContext = context;
1213 ret = TRUE;
1214 }
1215 return ret;
1216 }
1217
1218 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1219 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1220
1221 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1222 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1223 {
1224 BOOL ret = TRUE;
1225
1226 if (!pObject->cBlob)
1227 {
1228 SetLastError(ERROR_INVALID_DATA);
1229 *ppvContext = NULL;
1230 ret = FALSE;
1231 }
1232 else if (pObject->cBlob == 1)
1233 {
1234 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1235 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1236 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1237 {
1238 SetLastError(CRYPT_E_NO_MATCH);
1239 ret = FALSE;
1240 }
1241 }
1242 else
1243 {
1244 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1245 CERT_STORE_CREATE_NEW_FLAG, NULL);
1246
1247 if (store)
1248 {
1249 DWORD i;
1250 const void *context;
1251
1252 for (i = 0; i < pObject->cBlob; i++)
1253 {
1254 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1255 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1256 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1257 NULL, &context))
1258 {
1259 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1260 ret = FALSE;
1261 }
1262 else
1263 {
1264 SetLastError(CRYPT_E_NO_MATCH);
1265 ret = FALSE;
1266 }
1267 }
1268 }
1269 else
1270 ret = FALSE;
1271 *ppvContext = store;
1272 }
1273 return ret;
1274 }
1275
1276 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1277 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1278 {
1279 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1280 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1281 }
1282
1283 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1284 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1285 {
1286 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1287 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1288 }
1289
1290 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1291 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1292 {
1293 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1294 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1295 }
1296
1297 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1298 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1299 {
1300 BOOL ret;
1301
1302 if (!pObject->cBlob)
1303 {
1304 SetLastError(ERROR_INVALID_DATA);
1305 *ppvContext = NULL;
1306 ret = FALSE;
1307 }
1308 else if (pObject->cBlob == 1)
1309 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1310 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1311 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1312 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1313 else
1314 {
1315 FIXME("multiple messages unimplemented\n");
1316 ret = FALSE;
1317 }
1318 return ret;
1319 }
1320
1321 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1322 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1323 {
1324 BOOL ret;
1325
1326 if (!pObject->cBlob)
1327 {
1328 SetLastError(ERROR_INVALID_DATA);
1329 *ppvContext = NULL;
1330 ret = FALSE;
1331 }
1332 else
1333 {
1334 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1335 CERT_STORE_CREATE_NEW_FLAG, NULL);
1336
1337 if (store)
1338 {
1339 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1340 CERT_STORE_CREATE_NEW_FLAG, NULL);
1341
1342 if (memStore)
1343 {
1344 CertAddStoreToCollection(store, memStore,
1345 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1346 CertCloseStore(memStore, 0);
1347 }
1348 else
1349 {
1350 CertCloseStore(store, 0);
1351 store = NULL;
1352 }
1353 }
1354 if (store)
1355 {
1356 DWORD i;
1357
1358 ret = TRUE;
1359 for (i = 0; i < pObject->cBlob; i++)
1360 {
1361 DWORD contentType, expectedContentTypes =
1362 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1363 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1364 CERT_QUERY_CONTENT_FLAG_CERT |
1365 CERT_QUERY_CONTENT_FLAG_CRL |
1366 CERT_QUERY_CONTENT_FLAG_CTL;
1367 HCERTSTORE contextStore;
1368 const void *context;
1369
1370 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1371 &pObject->rgBlob[i], expectedContentTypes,
1372 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1373 &contextStore, NULL, &context))
1374 {
1375 switch (contentType)
1376 {
1377 case CERT_QUERY_CONTENT_CERT:
1378 if (!CertAddCertificateContextToStore(store,
1379 context, CERT_STORE_ADD_ALWAYS, NULL))
1380 ret = FALSE;
1381 CertFreeCertificateContext(context);
1382 break;
1383 case CERT_QUERY_CONTENT_CRL:
1384 if (!CertAddCRLContextToStore(store,
1385 context, CERT_STORE_ADD_ALWAYS, NULL))
1386 ret = FALSE;
1387 CertFreeCRLContext(context);
1388 break;
1389 case CERT_QUERY_CONTENT_CTL:
1390 if (!CertAddCTLContextToStore(store,
1391 context, CERT_STORE_ADD_ALWAYS, NULL))
1392 ret = FALSE;
1393 CertFreeCTLContext(context);
1394 break;
1395 default:
1396 CertAddStoreToCollection(store, contextStore, 0, 0);
1397 }
1398 CertCloseStore(contextStore, 0);
1399 }
1400 else
1401 ret = FALSE;
1402 }
1403 }
1404 else
1405 ret = FALSE;
1406 *ppvContext = store;
1407 }
1408 return ret;
1409 }
1410
1411 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1412 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1413
1414 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1415 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1416 {
1417 BOOL ret = TRUE;
1418
1419 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1420
1421 *pFunc = NULL;
1422 *phFunc = 0;
1423 if (IS_INTOID(pszObjectOid))
1424 {
1425 switch (LOWORD(pszObjectOid))
1426 {
1427 case 0:
1428 *pFunc = CRYPT_CreateBlob;
1429 break;
1430 case LOWORD(CONTEXT_OID_CERTIFICATE):
1431 *pFunc = CRYPT_CreateCert;
1432 break;
1433 case LOWORD(CONTEXT_OID_CRL):
1434 *pFunc = CRYPT_CreateCRL;
1435 break;
1436 case LOWORD(CONTEXT_OID_CTL):
1437 *pFunc = CRYPT_CreateCTL;
1438 break;
1439 case LOWORD(CONTEXT_OID_PKCS7):
1440 *pFunc = CRYPT_CreatePKCS7;
1441 break;
1442 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1443 *pFunc = CRYPT_CreateAny;
1444 break;
1445 }
1446 }
1447 if (!*pFunc)
1448 {
1449 static HCRYPTOIDFUNCSET set = NULL;
1450
1451 if (!set)
1452 set = CryptInitOIDFunctionSet(
1453 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1454 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1455 0, (void **)pFunc, phFunc);
1456 }
1457 TRACE("returning %d\n", ret);
1458 return ret;
1459 }
1460
1461 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1462 FILETIME *expiration);
1463
1464 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1465 {
1466 PCCERT_CONTEXT cert = pvObject;
1467
1468 *expiration = cert->pCertInfo->NotAfter;
1469 return TRUE;
1470 }
1471
1472 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1473 {
1474 PCCRL_CONTEXT cert = pvObject;
1475
1476 *expiration = cert->pCrlInfo->NextUpdate;
1477 return TRUE;
1478 }
1479
1480 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1481 {
1482 PCCTL_CONTEXT cert = pvObject;
1483
1484 *expiration = cert->pCtlInfo->NextUpdate;
1485 return TRUE;
1486 }
1487
1488 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1489 get_object_expiration_func *getExpiration)
1490 {
1491 BOOL ret;
1492
1493 if (IS_INTOID(pszObjectOid))
1494 {
1495 switch (LOWORD(pszObjectOid))
1496 {
1497 case LOWORD(CONTEXT_OID_CERTIFICATE):
1498 *getExpiration = CRYPT_GetExpirationFromCert;
1499 ret = TRUE;
1500 break;
1501 case LOWORD(CONTEXT_OID_CRL):
1502 *getExpiration = CRYPT_GetExpirationFromCRL;
1503 ret = TRUE;
1504 break;
1505 case LOWORD(CONTEXT_OID_CTL):
1506 *getExpiration = CRYPT_GetExpirationFromCTL;
1507 ret = TRUE;
1508 break;
1509 default:
1510 ret = FALSE;
1511 }
1512 }
1513 else
1514 ret = FALSE;
1515 return ret;
1516 }
1517
1518 /***********************************************************************
1519 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1520 */
1521 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1522 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1523 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1524 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1525 {
1526 BOOL ret;
1527 SchemeDllRetrieveEncodedObjectW retrieve;
1528 ContextDllCreateObjectContext create;
1529 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1530
1531 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1532 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1533 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1534
1535 if (!pszURL)
1536 {
1537 SetLastError(ERROR_INVALID_PARAMETER);
1538 return FALSE;
1539 }
1540 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1541 if (ret)
1542 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1543 if (ret)
1544 {
1545 CRYPT_BLOB_ARRAY object = { 0, NULL };
1546 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1547 void *freeContext;
1548
1549 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1550 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1551 pAuxInfo);
1552 if (ret)
1553 {
1554 get_object_expiration_func getExpiration;
1555
1556 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1557 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1558 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1559 {
1560 FILETIME expires;
1561
1562 if (getExpiration(*ppvObject, &expires))
1563 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1564 }
1565 freeObject(pszObjectOid, &object, freeContext);
1566 }
1567 }
1568 if (hCreate)
1569 CryptFreeOIDFunctionAddress(hCreate, 0);
1570 if (hRetrieve)
1571 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1572 TRACE("returning %d\n", ret);
1573 return ret;
1574 }
1575
1576 static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
1577 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1578 PCERT_REVOCATION_STATUS pRevStatus)
1579 {
1580 DWORD error;
1581 PCRL_ENTRY entry = NULL;
1582
1583 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1584 if (entry)
1585 {
1586 error = CRYPT_E_REVOKED;
1587 pRevStatus->dwIndex = index;
1588 }
1589 else
1590 {
1591 /* Since the CRL was retrieved for the cert being checked, then it's
1592 * guaranteed to be fresh, and the cert is not revoked.
1593 */
1594 error = ERROR_SUCCESS;
1595 }
1596 return error;
1597 }
1598
1599 static DWORD verify_cert_revocation_from_dist_points_ext(
1600 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1601 FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
1602 PCERT_REVOCATION_STATUS pRevStatus)
1603 {
1604 DWORD error = ERROR_SUCCESS, cbUrlArray;
1605
1606 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1607 {
1608 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1609
1610 if (urlArray)
1611 {
1612 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1613 BOOL ret;
1614
1615 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1616 &cbUrlArray, NULL, NULL);
1617 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1618 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1619 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1620 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1621 dwUrlRetrievalTimeout) + sizeof(DWORD))
1622 {
1623 startTime = GetTickCount();
1624 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1625 timeout = pRevPara->dwUrlRetrievalTimeout;
1626 }
1627 else
1628 endTime = timeout = 0;
1629 if (!ret)
1630 error = GetLastError();
1631 for (j = 0; !error && j < urlArray->cUrl; j++)
1632 {
1633 PCCRL_CONTEXT crl;
1634
1635 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1636 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1637 NULL, NULL, NULL, NULL);
1638 if (ret)
1639 {
1640 error = verify_cert_revocation_with_crl_online(cert, crl,
1641 index, pTime, pRevStatus);
1642 if (!error && timeout)
1643 {
1644 DWORD time = GetTickCount();
1645
1646 if ((int)(endTime - time) <= 0)
1647 {
1648 error = ERROR_TIMEOUT;
1649 pRevStatus->dwIndex = index;
1650 }
1651 else
1652 timeout = endTime - time;
1653 }
1654 CertFreeCRLContext(crl);
1655 }
1656 else
1657 error = CRYPT_E_REVOCATION_OFFLINE;
1658 }
1659 CryptMemFree(urlArray);
1660 }
1661 else
1662 {
1663 error = ERROR_OUTOFMEMORY;
1664 pRevStatus->dwIndex = index;
1665 }
1666 }
1667 else
1668 {
1669 error = GetLastError();
1670 pRevStatus->dwIndex = index;
1671 }
1672 return error;
1673 }
1674
1675 static DWORD verify_cert_revocation_from_aia_ext(
1676 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1677 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1678 PCERT_REVOCATION_STATUS pRevStatus)
1679 {
1680 BOOL ret;
1681 DWORD error, size;
1682 CERT_AUTHORITY_INFO_ACCESS *aia;
1683
1684 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1685 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1686 if (ret)
1687 {
1688 DWORD i;
1689
1690 for (i = 0; i < aia->cAccDescr; i++)
1691 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1692 szOID_PKIX_OCSP))
1693 {
1694 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1695 CERT_ALT_NAME_URL)
1696 FIXME("OCSP URL = %s\n",
1697 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1698 else
1699 FIXME("unsupported AccessLocation type %d\n",
1700 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1701 }
1702 LocalFree(aia);
1703 /* FIXME: lie and pretend OCSP validated the cert */
1704 error = ERROR_SUCCESS;
1705 }
1706 else
1707 error = GetLastError();
1708 return error;
1709 }
1710
1711 static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
1712 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1713 PCERT_REVOCATION_STATUS pRevStatus)
1714 {
1715 DWORD error;
1716 LONG valid;
1717
1718 valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
1719 if (valid <= 0)
1720 {
1721 /* If this CRL is not older than the time being verified, there's no
1722 * way to know whether the certificate was revoked.
1723 */
1724 TRACE("CRL not old enough\n");
1725 error = CRYPT_E_REVOCATION_OFFLINE;
1726 }
1727 else
1728 {
1729 PCRL_ENTRY entry = NULL;
1730
1731 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1732 if (entry)
1733 {
1734 error = CRYPT_E_REVOKED;
1735 pRevStatus->dwIndex = index;
1736 }
1737 else
1738 {
1739 /* Since the CRL was not retrieved for the cert being checked,
1740 * there's no guarantee it's fresh, so the cert *might* be okay,
1741 * but it's safer not to guess.
1742 */
1743 TRACE("certificate not found\n");
1744 error = CRYPT_E_REVOCATION_OFFLINE;
1745 }
1746 }
1747 return error;
1748 }
1749
1750 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1751 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1752 PCERT_REVOCATION_STATUS pRevStatus)
1753 {
1754 DWORD error = ERROR_SUCCESS;
1755 PCERT_EXTENSION ext;
1756
1757 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1758 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1759 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1760 index, pTime, dwFlags, pRevPara, pRevStatus);
1761 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1762 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1763 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1764 index, pTime, dwFlags, pRevPara, pRevStatus);
1765 else
1766 {
1767 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1768 {
1769 PCCRL_CONTEXT crl = NULL;
1770 BOOL canSignCRLs;
1771
1772 /* If the caller told us about the issuer, make sure the issuer
1773 * can sign CRLs before looking for one.
1774 */
1775 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1776 pRevPara->pIssuerCert->pCertInfo->cExtension,
1777 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1778 {
1779 CRYPT_BIT_BLOB usage;
1780 DWORD size = sizeof(usage);
1781
1782 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1783 ext->Value.pbData, ext->Value.cbData,
1784 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1785 canSignCRLs = FALSE;
1786 else if (usage.cbData > 2)
1787 {
1788 /* The key usage extension only defines 9 bits => no more
1789 * than 2 bytes are needed to encode all known usages.
1790 */
1791 canSignCRLs = FALSE;
1792 }
1793 else
1794 {
1795 BYTE usageBits = usage.pbData[usage.cbData - 1];
1796
1797 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1798 }
1799 }
1800 else
1801 canSignCRLs = TRUE;
1802 if (canSignCRLs)
1803 {
1804 /* If the caller was helpful enough to tell us where to find a
1805 * CRL for the cert, look for one and check it.
1806 */
1807 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1808 cert->dwCertEncodingType,
1809 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1810 CRL_FIND_ISSUED_BY_AKI_FLAG,
1811 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1812 }
1813 if (crl)
1814 {
1815 error = verify_cert_revocation_with_crl_offline(cert, crl,
1816 index, pTime, pRevStatus);
1817 CertFreeCRLContext(crl);
1818 }
1819 else
1820 {
1821 TRACE("no CRL found\n");
1822 error = CRYPT_E_NO_REVOCATION_CHECK;
1823 pRevStatus->dwIndex = index;
1824 }
1825 }
1826 else
1827 {
1828 if (!pRevPara)
1829 WARN("no CERT_REVOCATION_PARA\n");
1830 else if (!pRevPara->hCrlStore)
1831 WARN("no dist points/aia extension and no CRL store\n");
1832 else if (!pRevPara->pIssuerCert)
1833 WARN("no dist points/aia extension and no issuer\n");
1834 error = CRYPT_E_NO_REVOCATION_CHECK;
1835 pRevStatus->dwIndex = index;
1836 }
1837 }
1838 return error;
1839 }
1840
1841 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1842 DWORD cbSize;
1843 PCCERT_CONTEXT pIssuerCert;
1844 DWORD cCertStore;
1845 HCERTSTORE *rgCertStore;
1846 HCERTSTORE hCrlStore;
1847 LPFILETIME pftTimeToUse;
1848 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1849
1850 typedef struct _OLD_CERT_REVOCATION_STATUS {
1851 DWORD cbSize;
1852 DWORD dwIndex;
1853 DWORD dwError;
1854 DWORD dwReason;
1855 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1856
1857 /***********************************************************************
1858 * CertDllVerifyRevocation (CRYPTNET.@)
1859 */
1860 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1861 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1862 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1863 {
1864 DWORD error = 0, i;
1865 FILETIME now;
1866 LPFILETIME pTime = NULL;
1867
1868 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1869 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1870
1871 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1872 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1873 {
1874 SetLastError(E_INVALIDARG);
1875 return FALSE;
1876 }
1877 if (!cContext)
1878 {
1879 SetLastError(E_INVALIDARG);
1880 return FALSE;
1881 }
1882 if (pRevPara && pRevPara->cbSize >=
1883 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1884 pTime = pRevPara->pftTimeToUse;
1885 if (!pTime)
1886 {
1887 GetSystemTimeAsFileTime(&now);
1888 pTime = &now;
1889 }
1890 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1891 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1892 error = CRYPT_E_NO_REVOCATION_CHECK;
1893 else
1894 {
1895 for (i = 0; !error && i < cContext; i++)
1896 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1897 pRevPara, pRevStatus);
1898 }
1899 if (error)
1900 {
1901 SetLastError(error);
1902 pRevStatus->dwError = error;
1903 }
1904 TRACE("returning %d (%08x)\n", !error, error);
1905 return !error;
1906 }
Maarten's multimedia branch