2 * Copyright 2008 Maarten Lankhorst
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 #define WIN32_NO_STATUS
21 #define NONAMELESSUNION
32 //#include "wintrust.h"
34 //#include "objbase.h"
36 #include <cryptuiapi.h>
38 #include <wine/unicode.h>
39 #include <wine/debug.h>
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptdlg
);
43 static HINSTANCE hInstance
;
45 BOOL WINAPI
DllMain(HINSTANCE hinstDLL
, DWORD fdwReason
, LPVOID lpvReserved
)
47 TRACE("(0x%p, %d, %p)\n", hinstDLL
, fdwReason
, lpvReserved
);
51 case DLL_WINE_PREATTACH
:
52 return FALSE
; /* prefer native version */
53 case DLL_PROCESS_ATTACH
:
54 DisableThreadLibraryCalls(hinstDLL
);
57 case DLL_PROCESS_DETACH
:
65 /***********************************************************************
66 * GetFriendlyNameOfCertA (CRYPTDLG.@)
68 DWORD WINAPI
GetFriendlyNameOfCertA(PCCERT_CONTEXT pccert
, LPSTR pchBuffer
,
71 return CertGetNameStringA(pccert
, CERT_NAME_FRIENDLY_DISPLAY_TYPE
, 0, NULL
,
72 pchBuffer
, cchBuffer
);
75 /***********************************************************************
76 * GetFriendlyNameOfCertW (CRYPTDLG.@)
78 DWORD WINAPI
GetFriendlyNameOfCertW(PCCERT_CONTEXT pccert
, LPWSTR pchBuffer
,
81 return CertGetNameStringW(pccert
, CERT_NAME_FRIENDLY_DISPLAY_TYPE
, 0, NULL
,
82 pchBuffer
, cchBuffer
);
85 /***********************************************************************
86 * CertTrustInit (CRYPTDLG.@)
88 HRESULT WINAPI
CertTrustInit(CRYPT_PROVIDER_DATA
*pProvData
)
90 HRESULT ret
= S_FALSE
;
92 TRACE("(%p)\n", pProvData
);
94 if (pProvData
->padwTrustStepErrors
&&
95 !pProvData
->padwTrustStepErrors
[TRUSTERROR_STEP_FINAL_WVTINIT
])
97 TRACE("returning %08x\n", ret
);
101 /***********************************************************************
102 * CertTrustCertPolicy (CRYPTDLG.@)
104 BOOL WINAPI
CertTrustCertPolicy(CRYPT_PROVIDER_DATA
*pProvData
, DWORD idxSigner
, BOOL fCounterSignerChain
, DWORD idxCounterSigner
)
106 FIXME("(%p, %d, %s, %d)\n", pProvData
, idxSigner
, fCounterSignerChain
? "TRUE" : "FALSE", idxCounterSigner
);
110 /***********************************************************************
111 * CertTrustCleanup (CRYPTDLG.@)
113 HRESULT WINAPI
CertTrustCleanup(CRYPT_PROVIDER_DATA
*pProvData
)
115 FIXME("(%p)\n", pProvData
);
119 static BOOL
CRYPTDLG_CheckOnlineCRL(void)
121 static const WCHAR policyFlagsKey
[] = { 'S','o','f','t','w','a','r','e',
122 '\\','M','i','c','r','o','s','o','f','t','\\','C','r','y','p','t','o','g',
123 'r','a','p','h','y','\\','{','7','8','0','1','e','b','d','0','-','c','f',
124 '4','b','-','1','1','d','0','-','8','5','1','f','-','0','0','6','0','9',
125 '7','9','3','8','7','e','a','}',0 };
126 static const WCHAR policyFlags
[] = { 'P','o','l','i','c','y','F','l','a',
131 if (!RegOpenKeyExW(HKEY_LOCAL_MACHINE
, policyFlagsKey
, 0, KEY_READ
, &key
))
133 DWORD type
, flags
, size
= sizeof(flags
);
135 if (!RegQueryValueExW(key
, policyFlags
, NULL
, &type
, (BYTE
*)&flags
,
136 &size
) && type
== REG_DWORD
)
138 /* The flag values aren't defined in any header I'm aware of, but
139 * this value is well documented on the net.
141 if (flags
& 0x00010000)
149 /* Returns TRUE if pCert is not in the Disallowed system store, or FALSE if it
152 static BOOL
CRYPTDLG_IsCertAllowed(PCCERT_CONTEXT pCert
)
156 DWORD size
= sizeof(hash
);
158 if ((ret
= CertGetCertificateContextProperty(pCert
,
159 CERT_SIGNATURE_HASH_PROP_ID
, hash
, &size
)))
161 static const WCHAR disallowedW
[] =
162 { 'D','i','s','a','l','l','o','w','e','d',0 };
163 HCERTSTORE disallowed
= CertOpenStore(CERT_STORE_PROV_SYSTEM_W
,
164 X509_ASN_ENCODING
, 0, CERT_SYSTEM_STORE_CURRENT_USER
, disallowedW
);
168 PCCERT_CONTEXT found
= CertFindCertificateInStore(disallowed
,
169 X509_ASN_ENCODING
, 0, CERT_FIND_SIGNATURE_HASH
, hash
, NULL
);
174 CertFreeCertificateContext(found
);
176 CertCloseStore(disallowed
, 0);
182 static DWORD
CRYPTDLG_TrustStatusToConfidence(DWORD errorStatus
)
184 DWORD confidence
= 0;
187 if (!(errorStatus
& CERT_TRUST_IS_NOT_SIGNATURE_VALID
))
188 confidence
|= CERT_CONFIDENCE_SIG
;
189 if (!(errorStatus
& CERT_TRUST_IS_NOT_TIME_VALID
))
190 confidence
|= CERT_CONFIDENCE_TIME
;
191 if (!(errorStatus
& CERT_TRUST_IS_NOT_TIME_NESTED
))
192 confidence
|= CERT_CONFIDENCE_TIMENEST
;
196 static BOOL
CRYPTDLG_CopyChain(CRYPT_PROVIDER_DATA
*data
,
197 PCCERT_CHAIN_CONTEXT chain
)
200 CRYPT_PROVIDER_SGNR signer
;
201 PCERT_SIMPLE_CHAIN simpleChain
= chain
->rgpChain
[0];
204 memset(&signer
, 0, sizeof(signer
));
205 signer
.cbStruct
= sizeof(signer
);
206 ret
= data
->psPfns
->pfnAddSgnr2Chain(data
, FALSE
, 0, &signer
);
209 CRYPT_PROVIDER_SGNR
*sgnr
= WTHelperGetProvSignerFromChain(data
, 0,
214 sgnr
->dwError
= simpleChain
->TrustStatus
.dwErrorStatus
;
215 sgnr
->pChainContext
= CertDuplicateCertificateChain(chain
);
219 for (i
= 0; ret
&& i
< simpleChain
->cElement
; i
++)
221 ret
= data
->psPfns
->pfnAddCert2Chain(data
, 0, FALSE
, 0,
222 simpleChain
->rgpElement
[i
]->pCertContext
);
225 CRYPT_PROVIDER_CERT
*cert
;
227 if ((cert
= WTHelperGetProvCertFromChain(sgnr
, i
)))
229 CERT_CHAIN_ELEMENT
*element
= simpleChain
->rgpElement
[i
];
231 cert
->dwConfidence
= CRYPTDLG_TrustStatusToConfidence(
232 element
->TrustStatus
.dwErrorStatus
);
233 cert
->dwError
= element
->TrustStatus
.dwErrorStatus
;
234 cert
->pChainElement
= element
;
244 static CERT_VERIFY_CERTIFICATE_TRUST
*CRYPTDLG_GetVerifyData(
245 CRYPT_PROVIDER_DATA
*data
)
247 CERT_VERIFY_CERTIFICATE_TRUST
*pCert
= NULL
;
249 /* This should always be true, but just in case the calling function is
252 if (data
->pWintrustData
->dwUnionChoice
== WTD_CHOICE_BLOB
&&
253 data
->pWintrustData
->u
.pBlob
&& data
->pWintrustData
->u
.pBlob
->cbMemObject
==
254 sizeof(CERT_VERIFY_CERTIFICATE_TRUST
) &&
255 data
->pWintrustData
->u
.pBlob
->pbMemObject
)
256 pCert
= (CERT_VERIFY_CERTIFICATE_TRUST
*)
257 data
->pWintrustData
->u
.pBlob
->pbMemObject
;
261 static HCERTCHAINENGINE
CRYPTDLG_MakeEngine(CERT_VERIFY_CERTIFICATE_TRUST
*cert
)
263 HCERTCHAINENGINE engine
= NULL
;
264 HCERTSTORE root
= NULL
, trust
= NULL
;
267 if (cert
->cRootStores
)
269 root
= CertOpenStore(CERT_STORE_PROV_COLLECTION
, 0, 0,
270 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
273 for (i
= 0; i
< cert
->cRootStores
; i
++)
274 CertAddStoreToCollection(root
, cert
->rghstoreRoots
[i
], 0, 0);
277 if (cert
->cTrustStores
)
279 trust
= CertOpenStore(CERT_STORE_PROV_COLLECTION
, 0, 0,
280 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
283 for (i
= 0; i
< cert
->cTrustStores
; i
++)
284 CertAddStoreToCollection(trust
, cert
->rghstoreTrust
[i
], 0, 0);
287 if (cert
->cRootStores
|| cert
->cStores
|| cert
->cTrustStores
)
289 CERT_CHAIN_ENGINE_CONFIG config
;
291 memset(&config
, 0, sizeof(config
));
292 config
.cbSize
= sizeof(config
);
293 config
.hRestrictedRoot
= root
;
294 config
.hRestrictedTrust
= trust
;
295 config
.cAdditionalStore
= cert
->cStores
;
296 config
.rghAdditionalStore
= cert
->rghstoreCAs
;
297 config
.hRestrictedRoot
= root
;
298 CertCreateCertificateChainEngine(&config
, &engine
);
299 CertCloseStore(root
, 0);
300 CertCloseStore(trust
, 0);
305 /***********************************************************************
306 * CertTrustFinalPolicy (CRYPTDLG.@)
308 HRESULT WINAPI
CertTrustFinalPolicy(CRYPT_PROVIDER_DATA
*data
)
312 CERT_VERIFY_CERTIFICATE_TRUST
*pCert
= CRYPTDLG_GetVerifyData(data
);
314 TRACE("(%p)\n", data
);
316 if (data
->pWintrustData
->dwUIChoice
!= WTD_UI_NONE
)
317 FIXME("unimplemented for UI choice %d\n",
318 data
->pWintrustData
->dwUIChoice
);
322 CERT_CHAIN_PARA chainPara
;
323 HCERTCHAINENGINE engine
;
325 memset(&chainPara
, 0, sizeof(chainPara
));
326 chainPara
.cbSize
= sizeof(chainPara
);
327 if (CRYPTDLG_CheckOnlineCRL())
328 flags
|= CERT_CHAIN_REVOCATION_CHECK_END_CERT
;
329 engine
= CRYPTDLG_MakeEngine(pCert
);
330 GetSystemTimeAsFileTime(&data
->sftSystemTime
);
331 ret
= CRYPTDLG_IsCertAllowed(pCert
->pccert
);
334 PCCERT_CHAIN_CONTEXT chain
;
336 ret
= CertGetCertificateChain(engine
, pCert
->pccert
,
337 &data
->sftSystemTime
, NULL
, &chainPara
, flags
, NULL
, &chain
);
340 if (chain
->cChain
!= 1)
342 FIXME("unimplemented for more than 1 simple chain\n");
343 err
= TRUST_E_SUBJECT_FORM_UNKNOWN
;
346 else if ((ret
= CRYPTDLG_CopyChain(data
, chain
)))
348 if (CertVerifyTimeValidity(&data
->sftSystemTime
,
349 pCert
->pccert
->pCertInfo
))
352 err
= CERT_E_EXPIRED
;
356 err
= TRUST_E_SYSTEM_ERROR
;
357 CertFreeCertificateChain(chain
);
360 err
= TRUST_E_SUBJECT_NOT_TRUSTED
;
362 CertFreeCertificateChainEngine(engine
);
367 err
= TRUST_E_NOSIGNATURE
;
369 /* Oddly, native doesn't set the error in the trust step error location,
370 * probably because this action is more advisory than anything else.
371 * Instead it stores it as the final error, but the function "succeeds" in
375 data
->dwFinalError
= err
;
376 TRACE("returning %d (%08x)\n", S_OK
, data
->dwFinalError
);
380 /***********************************************************************
381 * CertViewPropertiesA (CRYPTDLG.@)
383 BOOL WINAPI
CertViewPropertiesA(CERT_VIEWPROPERTIES_STRUCT_A
*info
)
385 CERT_VIEWPROPERTIES_STRUCT_W infoW
;
389 TRACE("(%p)\n", info
);
391 memcpy(&infoW
, info
, sizeof(infoW
));
394 int len
= MultiByteToWideChar(CP_ACP
, 0, info
->szTitle
, -1, NULL
, 0);
396 title
= HeapAlloc(GetProcessHeap(), 0, len
* sizeof(WCHAR
));
399 MultiByteToWideChar(CP_ACP
, 0, info
->szTitle
, -1, title
, len
);
400 infoW
.szTitle
= title
;
408 ret
= CertViewPropertiesW(&infoW
);
409 HeapFree(GetProcessHeap(), 0, title
);
414 /***********************************************************************
415 * CertViewPropertiesW (CRYPTDLG.@)
417 BOOL WINAPI
CertViewPropertiesW(CERT_VIEWPROPERTIES_STRUCT_W
*info
)
419 static GUID cert_action_verify
= CERT_CERTIFICATE_ACTION_VERIFY
;
420 CERT_VERIFY_CERTIFICATE_TRUST trust
;
421 WINTRUST_BLOB_INFO blob
;
426 TRACE("(%p)\n", info
);
428 memset(&trust
, 0, sizeof(trust
));
429 trust
.cbSize
= sizeof(trust
);
430 trust
.pccert
= info
->pCertContext
;
431 trust
.cRootStores
= info
->cRootStores
;
432 trust
.rghstoreRoots
= info
->rghstoreRoots
;
433 trust
.cStores
= info
->cStores
;
434 trust
.rghstoreCAs
= info
->rghstoreCAs
;
435 trust
.cTrustStores
= info
->cTrustStores
;
436 trust
.rghstoreTrust
= info
->rghstoreTrust
;
437 memset(&blob
, 0, sizeof(blob
));
438 blob
.cbStruct
= sizeof(blob
);
439 blob
.cbMemObject
= sizeof(trust
);
440 blob
.pbMemObject
= (BYTE
*)&trust
;
441 memset(&wtd
, 0, sizeof(wtd
));
442 wtd
.cbStruct
= sizeof(wtd
);
443 wtd
.dwUIChoice
= WTD_UI_NONE
;
444 wtd
.dwUnionChoice
= WTD_CHOICE_BLOB
;
446 wtd
.dwStateAction
= WTD_STATEACTION_VERIFY
;
447 err
= WinVerifyTrust(NULL
, &cert_action_verify
, &wtd
);
448 if (err
== ERROR_SUCCESS
)
450 CRYPTUI_VIEWCERTIFICATE_STRUCTW uiInfo
;
451 BOOL propsChanged
= FALSE
;
453 memset(&uiInfo
, 0, sizeof(uiInfo
));
454 uiInfo
.dwSize
= sizeof(uiInfo
);
455 uiInfo
.hwndParent
= info
->hwndParent
;
457 CRYPTUI_DISABLE_ADDTOSTORE
| CRYPTUI_ENABLE_EDITPROPERTIES
;
458 uiInfo
.szTitle
= info
->szTitle
;
459 uiInfo
.pCertContext
= info
->pCertContext
;
460 uiInfo
.cPurposes
= info
->cArrayPurposes
;
461 uiInfo
.rgszPurposes
= (LPCSTR
*)info
->arrayPurposes
;
462 uiInfo
.u
.hWVTStateData
= wtd
.hWVTStateData
;
463 uiInfo
.fpCryptProviderDataTrustedUsage
= TRUE
;
464 uiInfo
.cPropSheetPages
= info
->cArrayPropSheetPages
;
465 uiInfo
.rgPropSheetPages
= info
->arrayPropSheetPages
;
466 uiInfo
.nStartPage
= info
->nStartPage
;
467 ret
= CryptUIDlgViewCertificateW(&uiInfo
, &propsChanged
);
468 wtd
.dwStateAction
= WTD_STATEACTION_CLOSE
;
469 WinVerifyTrust(NULL
, &cert_action_verify
, &wtd
);
476 static BOOL
CRYPT_FormatHexString(const BYTE
*pbEncoded
, DWORD cbEncoded
,
477 WCHAR
*str
, DWORD
*pcchStr
)
483 charsNeeded
= (cbEncoded
* 3);
488 *pcchStr
= charsNeeded
;
491 else if (*pcchStr
< charsNeeded
)
493 *pcchStr
= charsNeeded
;
494 SetLastError(ERROR_MORE_DATA
);
499 static const WCHAR fmt
[] = { '%','0','2','x',' ',0 };
500 static const WCHAR endFmt
[] = { '%','0','2','x',0 };
504 *pcchStr
= charsNeeded
;
507 for (i
= 0; i
< cbEncoded
; i
++)
509 if (i
< cbEncoded
- 1)
510 ptr
+= sprintfW(ptr
, fmt
, pbEncoded
[i
]);
512 ptr
+= sprintfW(ptr
, endFmt
, pbEncoded
[i
]);
522 static const WCHAR indent
[] = { ' ',' ',' ',' ',' ',0 };
523 static const WCHAR colonCrlf
[] = { ':','\r','\n',0 };
524 static const WCHAR colonSpace
[] = { ':',' ',0 };
525 static const WCHAR crlf
[] = { '\r','\n',0 };
526 static const WCHAR commaSep
[] = { ',',' ',0 };
528 static BOOL
CRYPT_FormatCPS(DWORD dwCertEncodingType
,
529 DWORD dwFormatStrType
, const BYTE
*pbEncoded
, DWORD cbEncoded
,
530 WCHAR
*str
, DWORD
*pcchStr
)
533 DWORD size
, charsNeeded
= 1;
534 CERT_NAME_VALUE
*cpsValue
;
536 if ((ret
= CryptDecodeObjectEx(dwCertEncodingType
, X509_UNICODE_ANY_STRING
,
537 pbEncoded
, cbEncoded
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &cpsValue
, &size
)))
542 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
547 sepLen
= strlenW(sep
);
549 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
551 charsNeeded
+= 3 * strlenW(indent
);
552 if (str
&& *pcchStr
>= charsNeeded
)
554 strcpyW(str
, indent
);
555 str
+= strlenW(indent
);
556 strcpyW(str
, indent
);
557 str
+= strlenW(indent
);
558 strcpyW(str
, indent
);
559 str
+= strlenW(indent
);
562 charsNeeded
+= cpsValue
->Value
.cbData
/ sizeof(WCHAR
);
563 if (str
&& *pcchStr
>= charsNeeded
)
565 strcpyW(str
, (LPWSTR
)cpsValue
->Value
.pbData
);
566 str
+= cpsValue
->Value
.cbData
/ sizeof(WCHAR
);
568 charsNeeded
+= sepLen
;
569 if (str
&& *pcchStr
>= charsNeeded
)
576 *pcchStr
= charsNeeded
;
577 else if (*pcchStr
< charsNeeded
)
579 *pcchStr
= charsNeeded
;
580 SetLastError(ERROR_MORE_DATA
);
584 *pcchStr
= charsNeeded
;
589 static BOOL
CRYPT_FormatUserNotice(DWORD dwCertEncodingType
,
590 DWORD dwFormatStrType
, const BYTE
*pbEncoded
, DWORD cbEncoded
,
591 WCHAR
*str
, DWORD
*pcchStr
)
594 DWORD size
, charsNeeded
= 1;
595 CERT_POLICY_QUALIFIER_USER_NOTICE
*notice
;
597 if ((ret
= CryptDecodeObjectEx(dwCertEncodingType
,
598 X509_PKIX_POLICY_QUALIFIER_USERNOTICE
, pbEncoded
, cbEncoded
,
599 CRYPT_DECODE_ALLOC_FLAG
, NULL
, ¬ice
, &size
)))
601 static const WCHAR numFmt
[] = { '%','d',0 };
602 CERT_POLICY_QUALIFIER_NOTICE_REFERENCE
*pNoticeRef
=
603 notice
->pNoticeReference
;
604 LPCWSTR headingSep
, sep
;
605 DWORD headingSepLen
, sepLen
;
606 LPWSTR noticeRef
, organization
, noticeNum
, noticeText
;
607 DWORD noticeRefLen
, organizationLen
, noticeNumLen
, noticeTextLen
;
608 WCHAR noticeNumStr
[11];
610 noticeRefLen
= LoadStringW(hInstance
, IDS_NOTICE_REF
,
611 (LPWSTR
)¬iceRef
, 0);
612 organizationLen
= LoadStringW(hInstance
, IDS_ORGANIZATION
,
613 (LPWSTR
)&organization
, 0);
614 noticeNumLen
= LoadStringW(hInstance
, IDS_NOTICE_NUM
,
615 (LPWSTR
)¬iceNum
, 0);
616 noticeTextLen
= LoadStringW(hInstance
, IDS_NOTICE_TEXT
,
617 (LPWSTR
)¬iceText
, 0);
618 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
620 headingSep
= colonCrlf
;
625 headingSep
= colonSpace
;
628 sepLen
= strlenW(sep
);
629 headingSepLen
= strlenW(headingSep
);
636 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
638 charsNeeded
+= 3 * strlenW(indent
);
639 if (str
&& *pcchStr
>= charsNeeded
)
641 strcpyW(str
, indent
);
642 str
+= strlenW(indent
);
643 strcpyW(str
, indent
);
644 str
+= strlenW(indent
);
645 strcpyW(str
, indent
);
646 str
+= strlenW(indent
);
649 charsNeeded
+= noticeRefLen
;
650 if (str
&& *pcchStr
>= charsNeeded
)
652 memcpy(str
, noticeRef
, noticeRefLen
* sizeof(WCHAR
));
655 charsNeeded
+= headingSepLen
;
656 if (str
&& *pcchStr
>= charsNeeded
)
658 strcpyW(str
, headingSep
);
659 str
+= headingSepLen
;
661 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
663 charsNeeded
+= 4 * strlenW(indent
);
664 if (str
&& *pcchStr
>= charsNeeded
)
666 strcpyW(str
, indent
);
667 str
+= strlenW(indent
);
668 strcpyW(str
, indent
);
669 str
+= strlenW(indent
);
670 strcpyW(str
, indent
);
671 str
+= strlenW(indent
);
672 strcpyW(str
, indent
);
673 str
+= strlenW(indent
);
676 charsNeeded
+= organizationLen
;
677 if (str
&& *pcchStr
>= charsNeeded
)
679 memcpy(str
, organization
, organizationLen
* sizeof(WCHAR
));
680 str
+= organizationLen
;
682 charsNeeded
+= strlen(pNoticeRef
->pszOrganization
);
683 if (str
&& *pcchStr
>= charsNeeded
)
684 for (src
= pNoticeRef
->pszOrganization
; src
&& *src
;
687 charsNeeded
+= sepLen
;
688 if (str
&& *pcchStr
>= charsNeeded
)
693 for (k
= 0; k
< pNoticeRef
->cNoticeNumbers
; k
++)
695 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
697 charsNeeded
+= 4 * strlenW(indent
);
698 if (str
&& *pcchStr
>= charsNeeded
)
700 strcpyW(str
, indent
);
701 str
+= strlenW(indent
);
702 strcpyW(str
, indent
);
703 str
+= strlenW(indent
);
704 strcpyW(str
, indent
);
705 str
+= strlenW(indent
);
706 strcpyW(str
, indent
);
707 str
+= strlenW(indent
);
710 charsNeeded
+= noticeNumLen
;
711 if (str
&& *pcchStr
>= charsNeeded
)
713 memcpy(str
, noticeNum
, noticeNumLen
* sizeof(WCHAR
));
716 sprintfW(noticeNumStr
, numFmt
, k
+ 1);
717 charsNeeded
+= strlenW(noticeNumStr
);
718 if (str
&& *pcchStr
>= charsNeeded
)
720 strcpyW(str
, noticeNumStr
);
721 str
+= strlenW(noticeNumStr
);
723 charsNeeded
+= sepLen
;
724 if (str
&& *pcchStr
>= charsNeeded
)
731 if (notice
->pszDisplayText
)
733 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
735 charsNeeded
+= 3 * strlenW(indent
);
736 if (str
&& *pcchStr
>= charsNeeded
)
738 strcpyW(str
, indent
);
739 str
+= strlenW(indent
);
740 strcpyW(str
, indent
);
741 str
+= strlenW(indent
);
742 strcpyW(str
, indent
);
743 str
+= strlenW(indent
);
746 charsNeeded
+= noticeTextLen
;
747 if (str
&& *pcchStr
>= charsNeeded
)
749 memcpy(str
, noticeText
, noticeTextLen
* sizeof(WCHAR
));
750 str
+= noticeTextLen
;
752 charsNeeded
+= strlenW(notice
->pszDisplayText
);
753 if (str
&& *pcchStr
>= charsNeeded
)
755 strcpyW(str
, notice
->pszDisplayText
);
756 str
+= strlenW(notice
->pszDisplayText
);
758 charsNeeded
+= sepLen
;
759 if (str
&& *pcchStr
>= charsNeeded
)
767 *pcchStr
= charsNeeded
;
768 else if (*pcchStr
< charsNeeded
)
770 *pcchStr
= charsNeeded
;
771 SetLastError(ERROR_MORE_DATA
);
775 *pcchStr
= charsNeeded
;
780 /***********************************************************************
781 * FormatVerisignExtension (CRYPTDLG.@)
783 BOOL WINAPI
FormatVerisignExtension(DWORD dwCertEncodingType
,
784 DWORD dwFormatType
, DWORD dwFormatStrType
, void *pFormatStruct
,
785 LPCSTR lpszStructType
, const BYTE
*pbEncoded
, DWORD cbEncoded
, void *pbFormat
,
788 CERT_POLICIES_INFO
*policies
;
794 SetLastError(E_INVALIDARG
);
797 if ((ret
= CryptDecodeObjectEx(dwCertEncodingType
, X509_CERT_POLICIES
,
798 pbEncoded
, cbEncoded
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &policies
, &size
)))
800 static const WCHAR numFmt
[] = { '%','d',0 };
801 DWORD charsNeeded
= 1; /* space for NULL terminator */
802 LPCWSTR headingSep
, sep
;
803 DWORD headingSepLen
, sepLen
;
804 WCHAR policyNum
[11], policyQualifierNum
[11];
805 LPWSTR certPolicy
, policyId
, policyQualifierInfo
, policyQualifierId
;
806 LPWSTR cps
, userNotice
, qualifier
;
807 DWORD certPolicyLen
, policyIdLen
, policyQualifierInfoLen
;
808 DWORD policyQualifierIdLen
, cpsLen
, userNoticeLen
, qualifierLen
;
810 LPWSTR str
= pbFormat
;
812 certPolicyLen
= LoadStringW(hInstance
, IDS_CERT_POLICY
,
813 (LPWSTR
)&certPolicy
, 0);
814 policyIdLen
= LoadStringW(hInstance
, IDS_POLICY_ID
, (LPWSTR
)&policyId
,
816 policyQualifierInfoLen
= LoadStringW(hInstance
,
817 IDS_POLICY_QUALIFIER_INFO
, (LPWSTR
)&policyQualifierInfo
, 0);
818 policyQualifierIdLen
= LoadStringW(hInstance
, IDS_POLICY_QUALIFIER_ID
,
819 (LPWSTR
)&policyQualifierId
, 0);
820 cpsLen
= LoadStringW(hInstance
, IDS_CPS
, (LPWSTR
)&cps
, 0);
821 userNoticeLen
= LoadStringW(hInstance
, IDS_USER_NOTICE
,
822 (LPWSTR
)&userNotice
, 0);
823 qualifierLen
= LoadStringW(hInstance
, IDS_QUALIFIER
,
824 (LPWSTR
)&qualifier
, 0);
825 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
827 headingSep
= colonCrlf
;
832 headingSep
= colonSpace
;
835 sepLen
= strlenW(sep
);
836 headingSepLen
= strlenW(headingSep
);
838 for (i
= 0; ret
&& i
< policies
->cPolicyInfo
; i
++)
840 CERT_POLICY_INFO
*policy
= &policies
->rgPolicyInfo
[i
];
844 charsNeeded
+= 1; /* '['*/
845 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
847 sprintfW(policyNum
, numFmt
, i
+ 1);
848 charsNeeded
+= strlenW(policyNum
);
849 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
851 strcpyW(str
, policyNum
);
852 str
+= strlenW(policyNum
);
854 charsNeeded
+= 1; /* ']'*/
855 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
857 charsNeeded
+= certPolicyLen
;
858 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
860 memcpy(str
, certPolicy
, certPolicyLen
* sizeof(WCHAR
));
861 str
+= certPolicyLen
;
863 charsNeeded
+= headingSepLen
;
864 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
866 strcpyW(str
, headingSep
);
867 str
+= headingSepLen
;
869 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
871 charsNeeded
+= strlenW(indent
);
872 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
874 strcpyW(str
, indent
);
875 str
+= strlenW(indent
);
878 charsNeeded
+= policyIdLen
;
879 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
881 memcpy(str
, policyId
, policyIdLen
* sizeof(WCHAR
));
884 charsNeeded
+= strlen(policy
->pszPolicyIdentifier
);
885 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
887 for (src
= policy
->pszPolicyIdentifier
; src
&& *src
;
891 charsNeeded
+= sepLen
;
892 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
897 for (j
= 0; j
< policy
->cPolicyQualifier
; j
++)
899 CERT_POLICY_QUALIFIER_INFO
*qualifierInfo
=
900 &policy
->rgPolicyQualifier
[j
];
903 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
905 charsNeeded
+= strlenW(indent
);
906 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
908 strcpyW(str
, indent
);
909 str
+= strlenW(indent
);
912 charsNeeded
+= 1; /* '['*/
913 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
915 charsNeeded
+= strlenW(policyNum
);
916 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
918 strcpyW(str
, policyNum
);
919 str
+= strlenW(policyNum
);
921 charsNeeded
+= 1; /* ','*/
922 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
924 sprintfW(policyQualifierNum
, numFmt
, j
+ 1);
925 charsNeeded
+= strlenW(policyQualifierNum
);
926 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
928 strcpyW(str
, policyQualifierNum
);
929 str
+= strlenW(policyQualifierNum
);
931 charsNeeded
+= 1; /* ']'*/
932 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
934 charsNeeded
+= policyQualifierInfoLen
;
935 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
937 memcpy(str
, policyQualifierInfo
,
938 policyQualifierInfoLen
* sizeof(WCHAR
));
939 str
+= policyQualifierInfoLen
;
941 charsNeeded
+= headingSepLen
;
942 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
944 strcpyW(str
, headingSep
);
945 str
+= headingSepLen
;
947 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
949 charsNeeded
+= 2 * strlenW(indent
);
950 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
952 strcpyW(str
, indent
);
953 str
+= strlenW(indent
);
954 strcpyW(str
, indent
);
955 str
+= strlenW(indent
);
958 charsNeeded
+= policyQualifierIdLen
;
959 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
961 memcpy(str
, policyQualifierId
,
962 policyQualifierIdLen
* sizeof(WCHAR
));
963 str
+= policyQualifierIdLen
;
965 if (!strcmp(qualifierInfo
->pszPolicyQualifierId
,
966 szOID_PKIX_POLICY_QUALIFIER_CPS
))
968 charsNeeded
+= cpsLen
;
969 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
971 memcpy(str
, cps
, cpsLen
* sizeof(WCHAR
));
975 else if (!strcmp(qualifierInfo
->pszPolicyQualifierId
,
976 szOID_PKIX_POLICY_QUALIFIER_USERNOTICE
))
978 charsNeeded
+= userNoticeLen
;
979 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
981 memcpy(str
, userNotice
, userNoticeLen
* sizeof(WCHAR
));
982 str
+= userNoticeLen
;
987 charsNeeded
+= strlen(qualifierInfo
->pszPolicyQualifierId
);
988 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
990 for (src
= qualifierInfo
->pszPolicyQualifierId
;
991 src
&& *src
; src
++, str
++)
995 charsNeeded
+= sepLen
;
996 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
1001 if (dwFormatStrType
& CRYPT_FORMAT_STR_MULTI_LINE
)
1003 charsNeeded
+= 2 * strlenW(indent
);
1004 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
1006 strcpyW(str
, indent
);
1007 str
+= strlenW(indent
);
1008 strcpyW(str
, indent
);
1009 str
+= strlenW(indent
);
1012 charsNeeded
+= qualifierLen
;
1013 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
1015 memcpy(str
, qualifier
, qualifierLen
* sizeof(WCHAR
));
1016 str
+= qualifierLen
;
1018 charsNeeded
+= headingSepLen
;
1019 if (str
&& *pcbFormat
>= charsNeeded
* sizeof(WCHAR
))
1021 strcpyW(str
, headingSep
);
1022 str
+= headingSepLen
;
1024 /* This if block is deliberately redundant with the same if
1025 * block above, in order to keep the code more readable (the
1026 * code flow follows the order in which the strings are output.)
1028 if (!strcmp(qualifierInfo
->pszPolicyQualifierId
,
1029 szOID_PKIX_POLICY_QUALIFIER_CPS
))
1031 if (!str
|| *pcbFormat
< charsNeeded
* sizeof(WCHAR
))
1033 /* Insufficient space, determine how much is needed. */
1034 ret
= CRYPT_FormatCPS(dwCertEncodingType
,
1035 dwFormatStrType
, qualifierInfo
->Qualifier
.pbData
,
1036 qualifierInfo
->Qualifier
.cbData
, NULL
, &size
);
1038 charsNeeded
+= size
- 1;
1042 sizeRemaining
= *pcbFormat
/ sizeof(WCHAR
);
1043 sizeRemaining
-= str
- (LPWSTR
)pbFormat
;
1044 ret
= CRYPT_FormatCPS(dwCertEncodingType
,
1045 dwFormatStrType
, qualifierInfo
->Qualifier
.pbData
,
1046 qualifierInfo
->Qualifier
.cbData
, str
, &sizeRemaining
);
1047 if (ret
|| GetLastError() == ERROR_MORE_DATA
)
1049 charsNeeded
+= sizeRemaining
- 1;
1050 str
+= sizeRemaining
- 1;
1054 else if (!strcmp(qualifierInfo
->pszPolicyQualifierId
,
1055 szOID_PKIX_POLICY_QUALIFIER_USERNOTICE
))
1057 if (!str
|| *pcbFormat
< charsNeeded
* sizeof(WCHAR
))
1059 /* Insufficient space, determine how much is needed. */
1060 ret
= CRYPT_FormatUserNotice(dwCertEncodingType
,
1061 dwFormatStrType
, qualifierInfo
->Qualifier
.pbData
,
1062 qualifierInfo
->Qualifier
.cbData
, NULL
, &size
);
1064 charsNeeded
+= size
- 1;
1068 sizeRemaining
= *pcbFormat
/ sizeof(WCHAR
);
1069 sizeRemaining
-= str
- (LPWSTR
)pbFormat
;
1070 ret
= CRYPT_FormatUserNotice(dwCertEncodingType
,
1071 dwFormatStrType
, qualifierInfo
->Qualifier
.pbData
,
1072 qualifierInfo
->Qualifier
.cbData
, str
, &sizeRemaining
);
1073 if (ret
|| GetLastError() == ERROR_MORE_DATA
)
1075 charsNeeded
+= sizeRemaining
- 1;
1076 str
+= sizeRemaining
- 1;
1082 if (!str
|| *pcbFormat
< charsNeeded
* sizeof(WCHAR
))
1084 /* Insufficient space, determine how much is needed. */
1085 ret
= CRYPT_FormatHexString(
1086 qualifierInfo
->Qualifier
.pbData
,
1087 qualifierInfo
->Qualifier
.cbData
, NULL
, &size
);
1089 charsNeeded
+= size
- 1;
1093 sizeRemaining
= *pcbFormat
/ sizeof(WCHAR
);
1094 sizeRemaining
-= str
- (LPWSTR
)pbFormat
;
1095 ret
= CRYPT_FormatHexString(
1096 qualifierInfo
->Qualifier
.pbData
,
1097 qualifierInfo
->Qualifier
.cbData
, str
, &sizeRemaining
);
1098 if (ret
|| GetLastError() == ERROR_MORE_DATA
)
1100 charsNeeded
+= sizeRemaining
- 1;
1101 str
+= sizeRemaining
- 1;
1107 LocalFree(policies
);
1111 *pcbFormat
= charsNeeded
* sizeof(WCHAR
);
1112 else if (*pcbFormat
< charsNeeded
* sizeof(WCHAR
))
1114 *pcbFormat
= charsNeeded
* sizeof(WCHAR
);
1115 SetLastError(ERROR_MORE_DATA
);
1119 *pcbFormat
= charsNeeded
* sizeof(WCHAR
);
1125 #define szOID_MICROSOFT_Encryption_Key_Preference "1.3.6.1.4.1.311.16.4"
1127 /***********************************************************************
1128 * DllRegisterServer (CRYPTDLG.@)
1130 HRESULT WINAPI
DllRegisterServer(void)
1132 static WCHAR cryptdlg
[] = { 'c','r','y','p','t','d','l','g','.',
1134 static WCHAR wintrust
[] = { 'w','i','n','t','r','u','s','t','.',
1136 static WCHAR certTrustInit
[] = { 'C','e','r','t','T','r','u','s','t',
1137 'I','n','i','t',0 };
1138 static WCHAR wintrustCertificateTrust
[] = { 'W','i','n','t','r','u','s','t',
1139 'C','e','r','t','i','f','i','c','a','t','e','T','r','u','s','t',0 };
1140 static WCHAR certTrustCertPolicy
[] = { 'C','e','r','t','T','r','u','s','t',
1141 'C','e','r','t','P','o','l','i','c','y',0 };
1142 static WCHAR certTrustFinalPolicy
[] = { 'C','e','r','t','T','r','u','s','t',
1143 'F','i','n','a','l','P','o','l','i','c','y',0 };
1144 static WCHAR certTrustCleanup
[] = { 'C','e','r','t','T','r','u','s','t',
1145 'C','l','e','a','n','u','p',0 };
1146 static const WCHAR cryptDlg
[] = { 'c','r','y','p','t','d','l','g','.',
1148 CRYPT_REGISTER_ACTIONID reg
;
1149 GUID guid
= CERT_CERTIFICATE_ACTION_VERIFY
;
1152 memset(®
, 0, sizeof(reg
));
1153 reg
.cbStruct
= sizeof(reg
);
1154 reg
.sInitProvider
.cbStruct
= sizeof(CRYPT_TRUST_REG_ENTRY
);
1155 reg
.sInitProvider
.pwszDLLName
= cryptdlg
;
1156 reg
.sInitProvider
.pwszFunctionName
= certTrustInit
;
1157 reg
.sCertificateProvider
.cbStruct
= sizeof(CRYPT_TRUST_REG_ENTRY
);
1158 reg
.sCertificateProvider
.pwszDLLName
= wintrust
;
1159 reg
.sCertificateProvider
.pwszFunctionName
= wintrustCertificateTrust
;
1160 reg
.sCertificatePolicyProvider
.cbStruct
= sizeof(CRYPT_TRUST_REG_ENTRY
);
1161 reg
.sCertificatePolicyProvider
.pwszDLLName
= cryptdlg
;
1162 reg
.sCertificatePolicyProvider
.pwszFunctionName
= certTrustCertPolicy
;
1163 reg
.sFinalPolicyProvider
.cbStruct
= sizeof(CRYPT_TRUST_REG_ENTRY
);
1164 reg
.sFinalPolicyProvider
.pwszDLLName
= cryptdlg
;
1165 reg
.sFinalPolicyProvider
.pwszFunctionName
= certTrustFinalPolicy
;
1166 reg
.sCleanupProvider
.cbStruct
= sizeof(CRYPT_TRUST_REG_ENTRY
);
1167 reg
.sCleanupProvider
.pwszDLLName
= cryptdlg
;
1168 reg
.sCleanupProvider
.pwszFunctionName
= certTrustCleanup
;
1169 if (!WintrustAddActionID(&guid
, WT_ADD_ACTION_ID_RET_RESULT_FLAG
, ®
))
1170 hr
= GetLastError();
1171 CryptRegisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_ENCODE_OBJECT_FUNC
,
1172 "1.3.6.1.4.1.311.16.1.1", cryptDlg
, "EncodeAttrSequence");
1173 CryptRegisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_ENCODE_OBJECT_FUNC
,
1174 szOID_MICROSOFT_Encryption_Key_Preference
, cryptDlg
, "EncodeRecipientID");
1175 CryptRegisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_DECODE_OBJECT_FUNC
,
1176 "1.3.6.1.4.1.311.16.1.1", cryptDlg
, "DecodeAttrSequence");
1177 CryptRegisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_DECODE_OBJECT_FUNC
,
1178 szOID_MICROSOFT_Encryption_Key_Preference
, cryptDlg
, "DecodeRecipientID");
1179 CryptRegisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_FORMAT_OBJECT_FUNC
,
1180 szOID_PKIX_KP_EMAIL_PROTECTION
, cryptDlg
, "FormatPKIXEmailProtection");
1181 CryptRegisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_FORMAT_OBJECT_FUNC
,
1182 szOID_CERT_POLICIES
, cryptDlg
, "FormatVerisignExtension");
1186 /***********************************************************************
1187 * DllUnregisterServer (CRYPTDLG.@)
1189 HRESULT WINAPI
DllUnregisterServer(void)
1191 GUID guid
= CERT_CERTIFICATE_ACTION_VERIFY
;
1193 WintrustRemoveActionID(&guid
);
1194 CryptUnregisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_ENCODE_OBJECT_FUNC
,
1195 "1.3.6.1.4.1.311.16.1.1");
1196 CryptUnregisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_ENCODE_OBJECT_FUNC
,
1197 szOID_MICROSOFT_Encryption_Key_Preference
);
1198 CryptUnregisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_DECODE_OBJECT_FUNC
,
1199 "1.3.6.1.4.1.311.16.1.1");
1200 CryptUnregisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_DECODE_OBJECT_FUNC
,
1201 szOID_MICROSOFT_Encryption_Key_Preference
);
1202 CryptUnregisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_FORMAT_OBJECT_FUNC
,
1203 szOID_PKIX_KP_EMAIL_PROTECTION
);
1204 CryptUnregisterOIDFunction(X509_ASN_ENCODING
, CRYPT_OID_FORMAT_OBJECT_FUNC
,
1205 szOID_CERT_POLICIES
);