Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/src/crypt32/crl.c@ 21311

Visit:

Last change on this file since 21311 was 21311, checked in by vladest, 16 years ago
Added CRYPT32 and MSCMS APIs support
File size: 14.7 KB

Line
1	/*
2	* Copyright 2006 Juan Lang
3	*
4	* This library is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU Lesser General Public
6	* License as published by the Free Software Foundation; either
7	* version 2.1 of the License, or (at your option) any later version.
8	*
9	* This library is distributed in the hope that it will be useful,
10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12	* Lesser General Public License for more details.
13	*
14	* You should have received a copy of the GNU Lesser General Public
15	* License along with this library; if not, write to the Free Software
16	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17	*
18	*/
19
20	#include <assert.h>
21	#include <stdarg.h>
22	#include "windef.h"
23	#include "winbase.h"
24	#include "winerror.h"
25	#include "wincrypt.h"
26	#include "wine/debug.h"
27	#include "crypt32_private.h"
28
29	WINE_DEFAULT_DEBUG_CHANNEL(crypt);
30
31	PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
32	const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
33	{
34	PCRL_CONTEXT crl = NULL;
35	BOOL ret;
36	PCRL_INFO crlInfo = NULL;
37	DWORD size = 0;
38
39	TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
40	cbCrlEncoded);
41
42	if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
43	{
44	SetLastError(E_INVALIDARG);
45	return NULL;
46	}
47	ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
48	pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
49	(BYTE *)&crlInfo, &size);
50	if (ret)
51	{
52	BYTE *data = NULL;
53
54	crl = Context_CreateDataContext(sizeof(CRL_CONTEXT));
55	if (!crl)
56	goto end;
57	data = CryptMemAlloc(cbCrlEncoded);
58	if (!data)
59	{
60	CryptMemFree(crl);
61	crl = NULL;
62	goto end;
63	}
64	memcpy(data, pbCrlEncoded, cbCrlEncoded);
65	crl->dwCertEncodingType = dwCertEncodingType;
66	crl->pbCrlEncoded = data;
67	crl->cbCrlEncoded = cbCrlEncoded;
68	crl->pCrlInfo = crlInfo;
69	crl->hCertStore = 0;
70	}
71
72	end:
73	return (PCCRL_CONTEXT)crl;
74	}
75
76	BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
77	DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
78	DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
79	{
80	PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
81	pbCrlEncoded, cbCrlEncoded);
82	BOOL ret;
83
84	TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
85	pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
86
87	if (crl)
88	{
89	ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
90	ppCrlContext);
91	CertFreeCRLContext(crl);
92	}
93	else
94	ret = FALSE;
95	return ret;
96	}
97
98	typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
99	DWORD dwFlags, const void *pvPara);
100
101	static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
102	DWORD dwFlags, const void *pvPara)
103	{
104	return TRUE;
105	}
106
107	static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
108	DWORD dwFlags, const void *pvPara)
109	{
110	BOOL ret;
111
112	if (pvPara)
113	{
114	PCCERT_CONTEXT issuer = (PCCERT_CONTEXT)pvPara;
115
116	ret = CertCompareCertificateName(issuer->dwCertEncodingType,
117	&issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
118	}
119	else
120	ret = TRUE;
121	return ret;
122	}
123
124	static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
125	DWORD dwFlags, const void *pvPara)
126	{
127	BOOL ret;
128
129	if (pvPara)
130	{
131	PCCRL_CONTEXT crl = (PCCRL_CONTEXT)pvPara;
132
133	ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
134	&pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
135	}
136	else
137	ret = TRUE;
138	return ret;
139	}
140
141	PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
142	DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
143	const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
144	{
145	PCCRL_CONTEXT ret;
146	CrlCompareFunc compare;
147
148	TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
149	dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
150
151	switch (dwFindType)
152	{
153	case CRL_FIND_ANY:
154	compare = compare_crl_any;
155	break;
156	case CRL_FIND_ISSUED_BY:
157	compare = compare_crl_issued_by;
158	break;
159	case CRL_FIND_EXISTING:
160	compare = compare_crl_existing;
161	break;
162	default:
163	FIXME("find type %08x unimplemented\n", dwFindType);
164	compare = NULL;
165	}
166
167	if (compare)
168	{
169	BOOL matches = FALSE;
170
171	ret = pPrevCrlContext;
172	do {
173	ret = CertEnumCRLsInStore(hCertStore, ret);
174	if (ret)
175	matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
176	} while (ret != NULL && !matches);
177	if (!ret)
178	SetLastError(CRYPT_E_NOT_FOUND);
179	}
180	else
181	{
182	SetLastError(CRYPT_E_NOT_FOUND);
183	ret = NULL;
184	}
185	return ret;
186	}
187
188	PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
189	PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
190	{
191	static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG \|
192	CERT_STORE_TIME_VALIDITY_FLAG \| CERT_STORE_BASE_CRL_FLAG \|
193	CERT_STORE_DELTA_CRL_FLAG;
194	PCCRL_CONTEXT ret;
195
196	TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
197	*pdwFlags);
198
199	if (*pdwFlags & ~supportedFlags)
200	{
201	SetLastError(E_INVALIDARG);
202	return NULL;
203	}
204	if (pIssuerContext)
205	ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
206	0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
207	else
208	ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
209	pPrevCrlContext);
210	if (ret)
211	{
212	if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
213	{
214	if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
215	*pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
216	}
217	if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
218	{
219	if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
220	CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
221	CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
222	NULL))
223	*pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
224	}
225	}
226	return ret;
227	}
228
229	PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
230	{
231	TRACE("(%p)\n", pCrlContext);
232	Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
233	return pCrlContext;
234	}
235
236	static void CrlDataContext_Free(void *context)
237	{
238	PCRL_CONTEXT crlContext = (PCRL_CONTEXT)context;
239
240	CryptMemFree(crlContext->pbCrlEncoded);
241	LocalFree(crlContext->pCrlInfo);
242	}
243
244	BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
245	{
246	TRACE("(%p)\n", pCrlContext);
247
248	if (pCrlContext)
249	Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
250	CrlDataContext_Free);
251	return TRUE;
252	}
253
254	DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
255	DWORD dwPropId)
256	{
257	PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
258	(void *)pCRLContext, sizeof(CRL_CONTEXT));
259	DWORD ret;
260
261	TRACE("(%p, %d)\n", pCRLContext, dwPropId);
262
263	if (properties)
264	ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
265	else
266	ret = 0;
267	return ret;
268	}
269
270	static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
271	DWORD dwFlags, const void *pvData);
272
273	static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
274	ALG_ID algID, const BYTE toHash, DWORD toHashLen, void pvData,
275	DWORD *pcbData)
276	{
277	BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
278	pcbData);
279	if (ret)
280	{
281	CRYPT_DATA_BLOB blob = { *pcbData, pvData };
282
283	ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
284	}
285	return ret;
286	}
287
288	static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
289	void pvData, DWORD pcbData)
290	{
291	PCONTEXT_PROPERTY_LIST properties =
292	Context_GetProperties(context, sizeof(CRL_CONTEXT));
293	BOOL ret;
294	CRYPT_DATA_BLOB blob;
295
296	TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
297
298	if (properties)
299	ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
300	else
301	ret = FALSE;
302	if (ret)
303	{
304	if (!pvData)
305	*pcbData = blob.cbData;
306	else if (*pcbData < blob.cbData)
307	{
308	SetLastError(ERROR_MORE_DATA);
309	*pcbData = blob.cbData;
310	ret = FALSE;
311	}
312	else
313	{
314	memcpy(pvData, blob.pbData, blob.cbData);
315	*pcbData = blob.cbData;
316	}
317	}
318	else
319	{
320	/* Implicit properties */
321	switch (dwPropId)
322	{
323	case CERT_SHA1_HASH_PROP_ID:
324	ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
325	context->pbCrlEncoded, context->cbCrlEncoded, pvData,
326	pcbData);
327	break;
328	case CERT_MD5_HASH_PROP_ID:
329	ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
330	context->pbCrlEncoded, context->cbCrlEncoded, pvData,
331	pcbData);
332	break;
333	default:
334	SetLastError(CRYPT_E_NOT_FOUND);
335	}
336	}
337	TRACE("returning %d\n", ret);
338	return ret;
339	}
340
341	BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
342	DWORD dwPropId, void pvData, DWORD pcbData)
343	{
344	BOOL ret;
345
346	TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
347
348	switch (dwPropId)
349	{
350	case 0:
351	case CERT_CERT_PROP_ID:
352	case CERT_CRL_PROP_ID:
353	case CERT_CTL_PROP_ID:
354	SetLastError(E_INVALIDARG);
355	ret = FALSE;
356	break;
357	case CERT_ACCESS_STATE_PROP_ID:
358	if (!pvData)
359	{
360	*pcbData = sizeof(DWORD);
361	ret = TRUE;
362	}
363	else if (*pcbData < sizeof(DWORD))
364	{
365	SetLastError(ERROR_MORE_DATA);
366	*pcbData = sizeof(DWORD);
367	ret = FALSE;
368	}
369	else
370	{
371	if (pCRLContext->hCertStore)
372	ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
373	pvData, pcbData);
374	else
375	(DWORD )pvData = 0;
376	ret = TRUE;
377	}
378	break;
379	default:
380	ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
381	pcbData);
382	}
383	return ret;
384	}
385
386	static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
387	DWORD dwFlags, const void *pvData)
388	{
389	PCONTEXT_PROPERTY_LIST properties =
390	Context_GetProperties(context, sizeof(CRL_CONTEXT));
391	BOOL ret;
392
393	TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
394
395	if (!properties)
396	ret = FALSE;
397	else if (!pvData)
398	{
399	ContextPropertyList_RemoveProperty(properties, dwPropId);
400	ret = TRUE;
401	}
402	else
403	{
404	switch (dwPropId)
405	{
406	case CERT_AUTO_ENROLL_PROP_ID:
407	case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
408	case CERT_DESCRIPTION_PROP_ID:
409	case CERT_FRIENDLY_NAME_PROP_ID:
410	case CERT_HASH_PROP_ID:
411	case CERT_KEY_IDENTIFIER_PROP_ID:
412	case CERT_MD5_HASH_PROP_ID:
413	case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
414	case CERT_PUBKEY_ALG_PARA_PROP_ID:
415	case CERT_PVK_FILE_PROP_ID:
416	case CERT_SIGNATURE_HASH_PROP_ID:
417	case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
418	case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
419	case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
420	case CERT_ENROLLMENT_PROP_ID:
421	case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
422	case CERT_RENEWAL_PROP_ID:
423	{
424	PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
425
426	ret = ContextPropertyList_SetProperty(properties, dwPropId,
427	blob->pbData, blob->cbData);
428	break;
429	}
430	case CERT_DATE_STAMP_PROP_ID:
431	ret = ContextPropertyList_SetProperty(properties, dwPropId,
432	(const BYTE *)pvData, sizeof(FILETIME));
433	break;
434	default:
435	FIXME("%d: stub\n", dwPropId);
436	ret = FALSE;
437	}
438	}
439	TRACE("returning %d\n", ret);
440	return ret;
441	}
442
443	BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
444	DWORD dwPropId, DWORD dwFlags, const void *pvData)
445	{
446	BOOL ret;
447
448	TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
449
450	/* Handle special cases for "read-only"/invalid prop IDs. Windows just
451	* crashes on most of these, I'll be safer.
452	*/
453	switch (dwPropId)
454	{
455	case 0:
456	case CERT_ACCESS_STATE_PROP_ID:
457	case CERT_CERT_PROP_ID:
458	case CERT_CRL_PROP_ID:
459	case CERT_CTL_PROP_ID:
460	SetLastError(E_INVALIDARG);
461	return FALSE;
462	}
463	ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
464	TRACE("returning %d\n", ret);
465	return ret;
466	}
467
468	BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
469	PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
470	{
471	TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
472	return TRUE;
473	}
474
475	static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
476	{
477	DWORD i;
478	PCRL_ENTRY entry = NULL;
479
480	for (i = 0; !entry && i < crl->cCRLEntry; i++)
481	if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
482	&cert->SerialNumber))
483	entry = &crl->rgCRLEntry[i];
484	return entry;
485	}
486
487	BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
488	PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
489	PCRL_ENTRY *ppCrlEntry)
490	{
491	TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
492	ppCrlEntry);
493
494	*ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
495	pCrlContext->pCrlInfo);
496	return TRUE;
497	}
498
499	BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
500	PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
501	{
502	DWORD i;
503	PCRL_ENTRY entry = NULL;
504
505	TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
506	rgpCrlInfo);
507
508	for (i = 0; !entry && i < cCrlInfo; i++)
509	entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
510	return entry == NULL;
511	}
512
513	LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
514	PCRL_INFO pCrlInfo)
515	{
516	FILETIME fileTime;
517	LONG ret;
518
519	if (!pTimeToVerify)
520	{
521	GetSystemTimeAsFileTime(&fileTime);
522	pTimeToVerify = &fileTime;
523	}
524	if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
525	{
526	ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
527	if (ret < 0)
528	ret = 0;
529	}
530	return ret;
531	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: