2 * Copyright 2006 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 #include "crypt32_private.h"
22 WINE_DEFAULT_DEBUG_CHANNEL(crypt
);
24 static void CRL_free(context_t
*context
)
26 crl_t
*crl
= (crl_t
*)context
;
28 CryptMemFree(crl
->ctx
.pbCrlEncoded
);
29 LocalFree(crl
->ctx
.pCrlInfo
);
32 static const context_vtbl_t crl_vtbl
;
34 static context_t
*CRL_clone(context_t
*context
, WINECRYPT_CERTSTORE
*store
, BOOL use_link
)
39 crl
= (crl_t
*)Context_CreateLinkContext(sizeof(CRL_CONTEXT
), context
, store
);
43 const crl_t
*cloned
= (const crl_t
*)context
;
47 crl
= (crl_t
*)Context_CreateDataContext(sizeof(CRL_CONTEXT
), &crl_vtbl
, store
);
51 Context_CopyProperties(&crl
->ctx
, &cloned
->ctx
);
53 crl
->ctx
.dwCertEncodingType
= cloned
->ctx
.dwCertEncodingType
;
54 crl
->ctx
.pbCrlEncoded
= CryptMemAlloc(cloned
->ctx
.cbCrlEncoded
);
55 memcpy(crl
->ctx
.pbCrlEncoded
, cloned
->ctx
.pbCrlEncoded
, cloned
->ctx
.cbCrlEncoded
);
56 crl
->ctx
.cbCrlEncoded
= cloned
->ctx
.cbCrlEncoded
;
58 /* FIXME: We don't need to decode the object here, we could just clone crl info. */
59 res
= CryptDecodeObjectEx(crl
->ctx
.dwCertEncodingType
, X509_CERT_CRL_TO_BE_SIGNED
,
60 crl
->ctx
.pbCrlEncoded
, crl
->ctx
.cbCrlEncoded
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
61 &crl
->ctx
.pCrlInfo
, &size
);
63 CertFreeCRLContext(&crl
->ctx
);
68 crl
->ctx
.hCertStore
= store
;
72 static const context_vtbl_t crl_vtbl
= {
77 PCCRL_CONTEXT WINAPI
CertCreateCRLContext(DWORD dwCertEncodingType
,
78 const BYTE
* pbCrlEncoded
, DWORD cbCrlEncoded
)
82 PCRL_INFO crlInfo
= NULL
;
86 TRACE("(%08x, %p, %d)\n", dwCertEncodingType
, pbCrlEncoded
,
89 if ((dwCertEncodingType
& CERT_ENCODING_TYPE_MASK
) != X509_ASN_ENCODING
)
91 SetLastError(E_INVALIDARG
);
94 ret
= CryptDecodeObjectEx(dwCertEncodingType
, X509_CERT_CRL_TO_BE_SIGNED
,
95 pbCrlEncoded
, cbCrlEncoded
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
100 crl
= (crl_t
*)Context_CreateDataContext(sizeof(CRL_CONTEXT
), &crl_vtbl
, &empty_store
);
104 data
= CryptMemAlloc(cbCrlEncoded
);
107 Context_Release(&crl
->base
);
111 memcpy(data
, pbCrlEncoded
, cbCrlEncoded
);
112 crl
->ctx
.dwCertEncodingType
= dwCertEncodingType
;
113 crl
->ctx
.pbCrlEncoded
= data
;
114 crl
->ctx
.cbCrlEncoded
= cbCrlEncoded
;
115 crl
->ctx
.pCrlInfo
= crlInfo
;
116 crl
->ctx
.hCertStore
= &empty_store
;
121 BOOL WINAPI
CertAddEncodedCRLToStore(HCERTSTORE hCertStore
,
122 DWORD dwCertEncodingType
, const BYTE
*pbCrlEncoded
, DWORD cbCrlEncoded
,
123 DWORD dwAddDisposition
, PCCRL_CONTEXT
*ppCrlContext
)
125 PCCRL_CONTEXT crl
= CertCreateCRLContext(dwCertEncodingType
,
126 pbCrlEncoded
, cbCrlEncoded
);
129 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore
, dwCertEncodingType
,
130 pbCrlEncoded
, cbCrlEncoded
, dwAddDisposition
, ppCrlContext
);
134 ret
= CertAddCRLContextToStore(hCertStore
, crl
, dwAddDisposition
,
136 CertFreeCRLContext(crl
);
143 typedef BOOL (*CrlCompareFunc
)(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
144 DWORD dwFlags
, const void *pvPara
);
146 static BOOL
compare_crl_any(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
147 DWORD dwFlags
, const void *pvPara
)
152 static BOOL
compare_crl_issued_by(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
153 DWORD dwFlags
, const void *pvPara
)
159 PCCERT_CONTEXT issuer
= pvPara
;
161 ret
= CertCompareCertificateName(issuer
->dwCertEncodingType
,
162 &issuer
->pCertInfo
->Subject
, &pCrlContext
->pCrlInfo
->Issuer
);
163 if (ret
&& (dwFlags
& CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
))
164 ret
= CryptVerifyCertificateSignatureEx(0,
165 issuer
->dwCertEncodingType
,
166 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL
, (void *)pCrlContext
,
167 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
, (void *)issuer
, 0, NULL
);
168 if (ret
&& (dwFlags
& CRL_FIND_ISSUED_BY_AKI_FLAG
))
170 PCERT_EXTENSION ext
= CertFindExtension(
171 szOID_AUTHORITY_KEY_IDENTIFIER2
, pCrlContext
->pCrlInfo
->cExtension
,
172 pCrlContext
->pCrlInfo
->rgExtension
);
176 CERT_AUTHORITY_KEY_ID2_INFO
*info
;
179 if ((ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
,
180 X509_AUTHORITY_KEY_ID2
, ext
->Value
.pbData
, ext
->Value
.cbData
,
181 CRYPT_DECODE_ALLOC_FLAG
, NULL
, &info
, &size
)))
183 if (info
->AuthorityCertIssuer
.cAltEntry
&&
184 info
->AuthorityCertSerialNumber
.cbData
)
186 PCERT_ALT_NAME_ENTRY directoryName
= NULL
;
189 for (i
= 0; !directoryName
&&
190 i
< info
->AuthorityCertIssuer
.cAltEntry
; i
++)
191 if (info
->AuthorityCertIssuer
.rgAltEntry
[i
].
192 dwAltNameChoice
== CERT_ALT_NAME_DIRECTORY_NAME
)
194 &info
->AuthorityCertIssuer
.rgAltEntry
[i
];
197 ret
= CertCompareCertificateName(
198 issuer
->dwCertEncodingType
,
199 &issuer
->pCertInfo
->Subject
,
200 &directoryName
->u
.DirectoryName
);
202 ret
= CertCompareIntegerBlob(
203 &issuer
->pCertInfo
->SerialNumber
,
204 &info
->AuthorityCertSerialNumber
);
208 FIXME("no supported name type in authority key id2\n");
212 else if (info
->KeyId
.cbData
)
216 ret
= CertGetCertificateContextProperty(issuer
,
217 CERT_KEY_IDENTIFIER_PROP_ID
, NULL
, &size
);
218 if (ret
&& size
== info
->KeyId
.cbData
)
220 LPBYTE buf
= CryptMemAlloc(size
);
224 CertGetCertificateContextProperty(issuer
,
225 CERT_KEY_IDENTIFIER_PROP_ID
, buf
, &size
);
226 ret
= !memcmp(buf
, info
->KeyId
.pbData
, size
);
237 FIXME("unsupported value for AKI extension\n");
243 /* else: a CRL without an AKI matches any cert */
251 static BOOL
compare_crl_existing(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
252 DWORD dwFlags
, const void *pvPara
)
258 PCCRL_CONTEXT crl
= pvPara
;
260 ret
= CertCompareCertificateName(pCrlContext
->dwCertEncodingType
,
261 &pCrlContext
->pCrlInfo
->Issuer
, &crl
->pCrlInfo
->Issuer
);
268 static BOOL
compare_crl_issued_for(PCCRL_CONTEXT pCrlContext
, DWORD dwType
,
269 DWORD dwFlags
, const void *pvPara
)
271 const CRL_FIND_ISSUED_FOR_PARA
*para
= pvPara
;
274 ret
= CertCompareCertificateName(para
->pIssuerCert
->dwCertEncodingType
,
275 ¶
->pIssuerCert
->pCertInfo
->Issuer
, &pCrlContext
->pCrlInfo
->Issuer
);
279 PCCRL_CONTEXT WINAPI
CertFindCRLInStore(HCERTSTORE hCertStore
,
280 DWORD dwCertEncodingType
, DWORD dwFindFlags
, DWORD dwFindType
,
281 const void *pvFindPara
, PCCRL_CONTEXT pPrevCrlContext
)
284 CrlCompareFunc compare
;
286 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore
, dwCertEncodingType
,
287 dwFindFlags
, dwFindType
, pvFindPara
, pPrevCrlContext
);
292 compare
= compare_crl_any
;
294 case CRL_FIND_ISSUED_BY
:
295 compare
= compare_crl_issued_by
;
297 case CRL_FIND_EXISTING
:
298 compare
= compare_crl_existing
;
300 case CRL_FIND_ISSUED_FOR
:
301 compare
= compare_crl_issued_for
;
304 FIXME("find type %08x unimplemented\n", dwFindType
);
310 BOOL matches
= FALSE
;
312 ret
= pPrevCrlContext
;
314 ret
= CertEnumCRLsInStore(hCertStore
, ret
);
316 matches
= compare(ret
, dwFindType
, dwFindFlags
, pvFindPara
);
317 } while (ret
!= NULL
&& !matches
);
319 SetLastError(CRYPT_E_NOT_FOUND
);
323 SetLastError(CRYPT_E_NOT_FOUND
);
329 PCCRL_CONTEXT WINAPI
CertGetCRLFromStore(HCERTSTORE hCertStore
,
330 PCCERT_CONTEXT pIssuerContext
, PCCRL_CONTEXT pPrevCrlContext
, DWORD
*pdwFlags
)
332 static const DWORD supportedFlags
= CERT_STORE_SIGNATURE_FLAG
|
333 CERT_STORE_TIME_VALIDITY_FLAG
| CERT_STORE_BASE_CRL_FLAG
|
334 CERT_STORE_DELTA_CRL_FLAG
;
337 TRACE("(%p, %p, %p, %08x)\n", hCertStore
, pIssuerContext
, pPrevCrlContext
,
340 if (*pdwFlags
& ~supportedFlags
)
342 SetLastError(E_INVALIDARG
);
346 ret
= CertFindCRLInStore(hCertStore
, pIssuerContext
->dwCertEncodingType
,
347 0, CRL_FIND_ISSUED_BY
, pIssuerContext
, pPrevCrlContext
);
349 ret
= CertFindCRLInStore(hCertStore
, 0, 0, CRL_FIND_ANY
, NULL
,
353 if (*pdwFlags
& CERT_STORE_TIME_VALIDITY_FLAG
)
355 if (0 == CertVerifyCRLTimeValidity(NULL
, ret
->pCrlInfo
))
356 *pdwFlags
&= ~CERT_STORE_TIME_VALIDITY_FLAG
;
358 if (*pdwFlags
& CERT_STORE_SIGNATURE_FLAG
)
360 if (CryptVerifyCertificateSignatureEx(0, ret
->dwCertEncodingType
,
361 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL
, (void *)ret
,
362 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
, (void *)pIssuerContext
, 0,
364 *pdwFlags
&= ~CERT_STORE_SIGNATURE_FLAG
;
370 PCCRL_CONTEXT WINAPI
CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext
)
372 TRACE("(%p)\n", pCrlContext
);
374 Context_AddRef(&crl_from_ptr(pCrlContext
)->base
);
378 BOOL WINAPI
CertFreeCRLContext(PCCRL_CONTEXT pCrlContext
)
380 TRACE("(%p)\n", pCrlContext
);
383 Context_Release(&crl_from_ptr(pCrlContext
)->base
);
387 DWORD WINAPI
CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext
,
390 TRACE("(%p, %d)\n", pCRLContext
, dwPropId
);
392 return ContextPropertyList_EnumPropIDs(crl_from_ptr(pCRLContext
)->base
.properties
, dwPropId
);
395 static BOOL
CRLContext_SetProperty(crl_t
*crl
, DWORD dwPropId
,
396 DWORD dwFlags
, const void *pvData
);
398 static BOOL
CRLContext_GetHashProp(crl_t
*crl
, DWORD dwPropId
,
399 ALG_ID algID
, const BYTE
*toHash
, DWORD toHashLen
, void *pvData
,
402 BOOL ret
= CryptHashCertificate(0, algID
, 0, toHash
, toHashLen
, pvData
,
406 CRYPT_DATA_BLOB blob
= { *pcbData
, pvData
};
408 ret
= CRLContext_SetProperty(crl
, dwPropId
, 0, &blob
);
413 static BOOL
CRLContext_GetProperty(crl_t
*crl
, DWORD dwPropId
,
414 void *pvData
, DWORD
*pcbData
)
417 CRYPT_DATA_BLOB blob
;
419 TRACE("(%p, %d, %p, %p)\n", crl
, dwPropId
, pvData
, pcbData
);
421 if (crl
->base
.properties
)
422 ret
= ContextPropertyList_FindProperty(crl
->base
.properties
, dwPropId
, &blob
);
428 *pcbData
= blob
.cbData
;
429 else if (*pcbData
< blob
.cbData
)
431 SetLastError(ERROR_MORE_DATA
);
432 *pcbData
= blob
.cbData
;
437 memcpy(pvData
, blob
.pbData
, blob
.cbData
);
438 *pcbData
= blob
.cbData
;
443 /* Implicit properties */
446 case CERT_SHA1_HASH_PROP_ID
:
447 ret
= CRLContext_GetHashProp(crl
, dwPropId
, CALG_SHA1
,
448 crl
->ctx
.pbCrlEncoded
, crl
->ctx
.cbCrlEncoded
, pvData
,
451 case CERT_MD5_HASH_PROP_ID
:
452 ret
= CRLContext_GetHashProp(crl
, dwPropId
, CALG_MD5
,
453 crl
->ctx
.pbCrlEncoded
, crl
->ctx
.cbCrlEncoded
, pvData
,
457 SetLastError(CRYPT_E_NOT_FOUND
);
460 TRACE("returning %d\n", ret
);
464 BOOL WINAPI
CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext
,
465 DWORD dwPropId
, void *pvData
, DWORD
*pcbData
)
469 TRACE("(%p, %d, %p, %p)\n", pCRLContext
, dwPropId
, pvData
, pcbData
);
474 case CERT_CERT_PROP_ID
:
475 case CERT_CRL_PROP_ID
:
476 case CERT_CTL_PROP_ID
:
477 SetLastError(E_INVALIDARG
);
480 case CERT_ACCESS_STATE_PROP_ID
:
483 *pcbData
= sizeof(DWORD
);
486 else if (*pcbData
< sizeof(DWORD
))
488 SetLastError(ERROR_MORE_DATA
);
489 *pcbData
= sizeof(DWORD
);
494 ret
= CertGetStoreProperty(pCRLContext
->hCertStore
, dwPropId
, pvData
, pcbData
);
498 ret
= CRLContext_GetProperty(crl_from_ptr(pCRLContext
), dwPropId
, pvData
, pcbData
);
503 static BOOL
CRLContext_SetProperty(crl_t
*crl
, DWORD dwPropId
,
504 DWORD dwFlags
, const void *pvData
)
508 TRACE("(%p, %d, %08x, %p)\n", crl
, dwPropId
, dwFlags
, pvData
);
510 if (!crl
->base
.properties
)
514 ContextPropertyList_RemoveProperty(crl
->base
.properties
, dwPropId
);
521 case CERT_AUTO_ENROLL_PROP_ID
:
522 case CERT_CTL_USAGE_PROP_ID
: /* same as CERT_ENHKEY_USAGE_PROP_ID */
523 case CERT_DESCRIPTION_PROP_ID
:
524 case CERT_FRIENDLY_NAME_PROP_ID
:
525 case CERT_HASH_PROP_ID
:
526 case CERT_KEY_IDENTIFIER_PROP_ID
:
527 case CERT_MD5_HASH_PROP_ID
:
528 case CERT_NEXT_UPDATE_LOCATION_PROP_ID
:
529 case CERT_PUBKEY_ALG_PARA_PROP_ID
:
530 case CERT_PVK_FILE_PROP_ID
:
531 case CERT_SIGNATURE_HASH_PROP_ID
:
532 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID
:
533 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID
:
534 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID
:
535 case CERT_ENROLLMENT_PROP_ID
:
536 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID
:
537 case CERT_RENEWAL_PROP_ID
:
539 PCRYPT_DATA_BLOB blob
= (PCRYPT_DATA_BLOB
)pvData
;
541 ret
= ContextPropertyList_SetProperty(crl
->base
.properties
, dwPropId
,
542 blob
->pbData
, blob
->cbData
);
545 case CERT_DATE_STAMP_PROP_ID
:
546 ret
= ContextPropertyList_SetProperty(crl
->base
.properties
, dwPropId
,
547 pvData
, sizeof(FILETIME
));
550 FIXME("%d: stub\n", dwPropId
);
554 TRACE("returning %d\n", ret
);
558 BOOL WINAPI
CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext
,
559 DWORD dwPropId
, DWORD dwFlags
, const void *pvData
)
563 TRACE("(%p, %d, %08x, %p)\n", pCRLContext
, dwPropId
, dwFlags
, pvData
);
565 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
566 * crashes on most of these, I'll be safer.
571 case CERT_ACCESS_STATE_PROP_ID
:
572 case CERT_CERT_PROP_ID
:
573 case CERT_CRL_PROP_ID
:
574 case CERT_CTL_PROP_ID
:
575 SetLastError(E_INVALIDARG
);
578 ret
= CRLContext_SetProperty(crl_from_ptr(pCRLContext
), dwPropId
, dwFlags
, pvData
);
579 TRACE("returning %d\n", ret
);
583 static BOOL
compare_dist_point_name(const CRL_DIST_POINT_NAME
*name1
,
584 const CRL_DIST_POINT_NAME
*name2
)
588 if (name1
->dwDistPointNameChoice
== name2
->dwDistPointNameChoice
)
591 if (name1
->dwDistPointNameChoice
== CRL_DIST_POINT_FULL_NAME
)
593 if (name1
->u
.FullName
.cAltEntry
== name2
->u
.FullName
.cAltEntry
)
597 for (i
= 0; match
&& i
< name1
->u
.FullName
.cAltEntry
; i
++)
599 const CERT_ALT_NAME_ENTRY
*entry1
=
600 &name1
->u
.FullName
.rgAltEntry
[i
];
601 const CERT_ALT_NAME_ENTRY
*entry2
=
602 &name2
->u
.FullName
.rgAltEntry
[i
];
604 if (entry1
->dwAltNameChoice
== entry2
->dwAltNameChoice
)
606 switch (entry1
->dwAltNameChoice
)
608 case CERT_ALT_NAME_URL
:
609 match
= !strcmpiW(entry1
->u
.pwszURL
,
612 case CERT_ALT_NAME_DIRECTORY_NAME
:
613 match
= (entry1
->u
.DirectoryName
.cbData
==
614 entry2
->u
.DirectoryName
.cbData
) &&
615 !memcmp(entry1
->u
.DirectoryName
.pbData
,
616 entry2
->u
.DirectoryName
.pbData
,
617 entry1
->u
.DirectoryName
.cbData
);
620 FIXME("unimplemented for type %d\n",
621 entry1
->dwAltNameChoice
);
638 static BOOL
match_dist_point_with_issuing_dist_point(
639 const CRL_DIST_POINT
*distPoint
, const CRL_ISSUING_DIST_POINT
*idp
)
643 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
644 * CRL distribution points by reasons, it doesn't preclude doing so.
645 * "This profile RECOMMENDS against segmenting CRLs by reason code."
646 * If the issuing distribution point for this CRL is only valid for
647 * some reasons, only match if the reasons covered also match the
648 * reasons in the CRL distribution point.
650 if (idp
->OnlySomeReasonFlags
.cbData
)
652 if (idp
->OnlySomeReasonFlags
.cbData
== distPoint
->ReasonFlags
.cbData
)
657 for (i
= 0; match
&& i
< distPoint
->ReasonFlags
.cbData
; i
++)
658 if (idp
->OnlySomeReasonFlags
.pbData
[i
] !=
659 distPoint
->ReasonFlags
.pbData
[i
])
668 match
= compare_dist_point_name(&idp
->DistPointName
,
669 &distPoint
->DistPointName
);
673 BOOL WINAPI
CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert
,
674 PCCRL_CONTEXT pCrl
, DWORD dwFlags
, void *pvReserved
)
679 TRACE("(%p, %p, %08x, %p)\n", pCert
, pCrl
, dwFlags
, pvReserved
);
684 if ((ext
= CertFindExtension(szOID_ISSUING_DIST_POINT
,
685 pCrl
->pCrlInfo
->cExtension
, pCrl
->pCrlInfo
->rgExtension
)))
687 CRL_ISSUING_DIST_POINT
*idp
;
690 if ((ret
= CryptDecodeObjectEx(pCrl
->dwCertEncodingType
,
691 X509_ISSUING_DIST_POINT
, ext
->Value
.pbData
, ext
->Value
.cbData
,
692 CRYPT_DECODE_ALLOC_FLAG
, NULL
, &idp
, &size
)))
694 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
695 pCert
->pCertInfo
->cExtension
, pCert
->pCertInfo
->rgExtension
)))
697 CRL_DIST_POINTS_INFO
*distPoints
;
699 if ((ret
= CryptDecodeObjectEx(pCert
->dwCertEncodingType
,
700 X509_CRL_DIST_POINTS
, ext
->Value
.pbData
, ext
->Value
.cbData
,
701 CRYPT_DECODE_ALLOC_FLAG
, NULL
, &distPoints
, &size
)))
706 for (i
= 0; !ret
&& i
< distPoints
->cDistPoint
; i
++)
707 ret
= match_dist_point_with_issuing_dist_point(
708 &distPoints
->rgDistPoint
[i
], idp
);
710 SetLastError(CRYPT_E_NO_MATCH
);
711 LocalFree(distPoints
);
716 /* no CRL dist points extension in cert, can't match the CRL
717 * (which has an issuing dist point extension)
720 SetLastError(CRYPT_E_NO_MATCH
);
730 static PCRL_ENTRY
CRYPT_FindCertificateInCRL(PCERT_INFO cert
, const CRL_INFO
*crl
)
733 PCRL_ENTRY entry
= NULL
;
735 for (i
= 0; !entry
&& i
< crl
->cCRLEntry
; i
++)
736 if (CertCompareIntegerBlob(&crl
->rgCRLEntry
[i
].SerialNumber
,
737 &cert
->SerialNumber
))
738 entry
= &crl
->rgCRLEntry
[i
];
742 BOOL WINAPI
CertFindCertificateInCRL(PCCERT_CONTEXT pCert
,
743 PCCRL_CONTEXT pCrlContext
, DWORD dwFlags
, void *pvReserved
,
744 PCRL_ENTRY
*ppCrlEntry
)
746 TRACE("(%p, %p, %08x, %p, %p)\n", pCert
, pCrlContext
, dwFlags
, pvReserved
,
749 *ppCrlEntry
= CRYPT_FindCertificateInCRL(pCert
->pCertInfo
,
750 pCrlContext
->pCrlInfo
);
754 BOOL WINAPI
CertVerifyCRLRevocation(DWORD dwCertEncodingType
,
755 PCERT_INFO pCertId
, DWORD cCrlInfo
, PCRL_INFO rgpCrlInfo
[])
758 PCRL_ENTRY entry
= NULL
;
760 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType
, pCertId
, cCrlInfo
,
763 for (i
= 0; !entry
&& i
< cCrlInfo
; i
++)
764 entry
= CRYPT_FindCertificateInCRL(pCertId
, rgpCrlInfo
[i
]);
765 return entry
== NULL
;
768 LONG WINAPI
CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify
,
776 GetSystemTimeAsFileTime(&fileTime
);
777 pTimeToVerify
= &fileTime
;
779 if ((ret
= CompareFileTime(pTimeToVerify
, &pCrlInfo
->ThisUpdate
)) >= 0)
781 ret
= CompareFileTime(pTimeToVerify
, &pCrlInfo
->NextUpdate
);