2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #define WIN32_NO_STATUS
24 //#include "wine/port.h"
26 #define NONAMELESSUNION
27 #define NONAMELESSSTRUCT
28 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
38 //#include "objbase.h"
41 #include <wine/debug.h>
43 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet
);
45 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
47 static const WCHAR cryptNet
[] = { 'c','r','y','p','t','n','e','t','.',
50 /***********************************************************************
51 * DllRegisterServer (CRYPTNET.@)
53 HRESULT WINAPI
DllRegisterServer(void)
56 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING
,
57 CRYPT_OID_VERIFY_REVOCATION_FUNC
, 0, cryptNet
);
58 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
, "Ldap",
59 cryptNet
, "LdapProvOpenStore");
60 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
,
61 CERT_STORE_PROV_LDAP_W
, cryptNet
, "LdapProvOpenStore");
65 /***********************************************************************
66 * DllUnregisterServer (CRYPTNET.@)
68 HRESULT WINAPI
DllUnregisterServer(void)
71 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING
,
72 CRYPT_OID_VERIFY_REVOCATION_FUNC
, cryptNet
);
73 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
, "Ldap");
74 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
,
75 CERT_STORE_PROV_LDAP_W
);
79 static const char *url_oid_to_str(LPCSTR oid
)
87 #define _x(oid) case LOWORD(oid): return #oid
88 _x(URL_OID_CERTIFICATE_ISSUER
);
89 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT
);
90 _x(URL_OID_CTL_ISSUER
);
91 _x(URL_OID_CTL_NEXT_UPDATE
);
92 _x(URL_OID_CRL_ISSUER
);
93 _x(URL_OID_CERTIFICATE_FRESHEST_CRL
);
94 _x(URL_OID_CRL_FRESHEST_CRL
);
95 _x(URL_OID_CROSS_CERT_DIST_POINT
);
98 snprintf(buf
, sizeof(buf
), "%d", LOWORD(oid
));
106 typedef BOOL (WINAPI
*UrlDllGetObjectUrlFunc
)(LPCSTR
, LPVOID
, DWORD
,
107 PCRYPT_URL_ARRAY
, DWORD
*, PCRYPT_URL_INFO
, DWORD
*, LPVOID
);
109 static BOOL WINAPI
CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid
,
110 LPVOID pvPara
, DWORD dwFlags
, PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
,
111 PCRYPT_URL_INFO pUrlInfo
, DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
113 PCCERT_CONTEXT cert
= pvPara
;
117 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
118 if (dwFlags
&& !(dwFlags
& CRYPT_GET_URL_FROM_EXTENSION
))
120 SetLastError(CRYPT_E_NOT_FOUND
);
123 if ((ext
= CertFindExtension(szOID_AUTHORITY_INFO_ACCESS
,
124 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
126 CERT_AUTHORITY_INFO_ACCESS
*aia
;
129 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_AUTHORITY_INFO_ACCESS
,
130 ext
->Value
.pbData
, ext
->Value
.cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
134 DWORD i
, cUrl
, bytesNeeded
= sizeof(CRYPT_URL_ARRAY
);
136 for (i
= 0, cUrl
= 0; i
< aia
->cAccDescr
; i
++)
137 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
138 szOID_PKIX_CA_ISSUERS
))
140 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
==
143 if (aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
)
146 bytesNeeded
+= sizeof(LPWSTR
) +
147 (lstrlenW(aia
->rgAccDescr
[i
].AccessLocation
.u
.
148 pwszURL
) + 1) * sizeof(WCHAR
);
152 FIXME("unsupported alt name type %d\n",
153 aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
);
157 SetLastError(E_INVALIDARG
);
161 *pcbUrlArray
= bytesNeeded
;
162 else if (*pcbUrlArray
< bytesNeeded
)
164 SetLastError(ERROR_MORE_DATA
);
165 *pcbUrlArray
= bytesNeeded
;
172 *pcbUrlArray
= bytesNeeded
;
174 pUrlArray
->rgwszUrl
=
175 (LPWSTR
*)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
));
176 nextUrl
= (LPWSTR
)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
)
177 + cUrl
* sizeof(LPWSTR
));
178 for (i
= 0; i
< aia
->cAccDescr
; i
++)
179 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
180 szOID_PKIX_CA_ISSUERS
))
182 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
183 == CERT_ALT_NAME_URL
)
185 if (aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
)
188 aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
);
189 pUrlArray
->rgwszUrl
[pUrlArray
->cUrl
++] =
191 nextUrl
+= (lstrlenW(nextUrl
) + 1);
200 FIXME("url info: stub\n");
202 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
203 else if (*pcbUrlInfo
< sizeof(CRYPT_URL_INFO
))
205 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
206 SetLastError(ERROR_MORE_DATA
);
211 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
212 memset(pUrlInfo
, 0, sizeof(CRYPT_URL_INFO
));
220 SetLastError(CRYPT_E_NOT_FOUND
);
224 static BOOL
CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB
*value
,
225 PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
, PCRYPT_URL_INFO pUrlInfo
,
229 CRL_DIST_POINTS_INFO
*info
;
232 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_CRL_DIST_POINTS
,
233 value
->pbData
, value
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &info
, &size
);
236 DWORD i
, cUrl
, bytesNeeded
= sizeof(CRYPT_URL_ARRAY
);
238 for (i
= 0, cUrl
= 0; i
< info
->cDistPoint
; i
++)
239 if (info
->rgDistPoint
[i
].DistPointName
.dwDistPointNameChoice
240 == CRL_DIST_POINT_FULL_NAME
)
243 CERT_ALT_NAME_INFO
*name
=
244 &info
->rgDistPoint
[i
].DistPointName
.u
.FullName
;
246 for (j
= 0; j
< name
->cAltEntry
; j
++)
247 if (name
->rgAltEntry
[j
].dwAltNameChoice
==
250 if (name
->rgAltEntry
[j
].u
.pwszURL
)
253 bytesNeeded
+= sizeof(LPWSTR
) +
254 (lstrlenW(name
->rgAltEntry
[j
].u
.pwszURL
) + 1)
261 SetLastError(E_INVALIDARG
);
265 *pcbUrlArray
= bytesNeeded
;
266 else if (*pcbUrlArray
< bytesNeeded
)
268 SetLastError(ERROR_MORE_DATA
);
269 *pcbUrlArray
= bytesNeeded
;
276 *pcbUrlArray
= bytesNeeded
;
278 pUrlArray
->rgwszUrl
=
279 (LPWSTR
*)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
));
280 nextUrl
= (LPWSTR
)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
)
281 + cUrl
* sizeof(LPWSTR
));
282 for (i
= 0; i
< info
->cDistPoint
; i
++)
283 if (info
->rgDistPoint
[i
].DistPointName
.dwDistPointNameChoice
284 == CRL_DIST_POINT_FULL_NAME
)
287 CERT_ALT_NAME_INFO
*name
=
288 &info
->rgDistPoint
[i
].DistPointName
.u
.FullName
;
290 for (j
= 0; j
< name
->cAltEntry
; j
++)
291 if (name
->rgAltEntry
[j
].dwAltNameChoice
==
294 if (name
->rgAltEntry
[j
].u
.pwszURL
)
297 name
->rgAltEntry
[j
].u
.pwszURL
);
298 pUrlArray
->rgwszUrl
[pUrlArray
->cUrl
++] =
301 (lstrlenW(name
->rgAltEntry
[j
].u
.pwszURL
) + 1);
310 FIXME("url info: stub\n");
312 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
313 else if (*pcbUrlInfo
< sizeof(CRYPT_URL_INFO
))
315 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
316 SetLastError(ERROR_MORE_DATA
);
321 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
322 memset(pUrlInfo
, 0, sizeof(CRYPT_URL_INFO
));
331 static BOOL WINAPI
CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid
,
332 LPVOID pvPara
, DWORD dwFlags
, PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
,
333 PCRYPT_URL_INFO pUrlInfo
, DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
335 PCCERT_CONTEXT cert
= pvPara
;
339 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
340 if (dwFlags
&& !(dwFlags
& CRYPT_GET_URL_FROM_EXTENSION
))
342 SetLastError(CRYPT_E_NOT_FOUND
);
345 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
346 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
347 ret
= CRYPT_GetUrlFromCRLDistPointsExt(&ext
->Value
, pUrlArray
,
348 pcbUrlArray
, pUrlInfo
, pcbUrlInfo
);
350 SetLastError(CRYPT_E_NOT_FOUND
);
354 /***********************************************************************
355 * CryptGetObjectUrl (CRYPTNET.@)
357 BOOL WINAPI
CryptGetObjectUrl(LPCSTR pszUrlOid
, LPVOID pvPara
, DWORD dwFlags
,
358 PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
, PCRYPT_URL_INFO pUrlInfo
,
359 DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
361 UrlDllGetObjectUrlFunc func
= NULL
;
362 HCRYPTOIDFUNCADDR hFunc
= NULL
;
365 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid
),
366 pvPara
, dwFlags
, pUrlArray
, pcbUrlArray
, pUrlInfo
, pcbUrlInfo
, pvReserved
);
368 if (IS_INTOID(pszUrlOid
))
370 switch (LOWORD(pszUrlOid
))
372 case LOWORD(URL_OID_CERTIFICATE_ISSUER
):
373 func
= CRYPT_GetUrlFromCertificateIssuer
;
375 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT
):
376 func
= CRYPT_GetUrlFromCertificateCRLDistPoint
;
379 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid
));
380 SetLastError(ERROR_FILE_NOT_FOUND
);
385 static HCRYPTOIDFUNCSET set
= NULL
;
388 set
= CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC
, 0);
389 CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
, pszUrlOid
, 0,
390 (void **)&func
, &hFunc
);
393 ret
= func(pszUrlOid
, pvPara
, dwFlags
, pUrlArray
, pcbUrlArray
,
394 pUrlInfo
, pcbUrlInfo
, pvReserved
);
396 CryptFreeOIDFunctionAddress(hFunc
, 0);
400 /***********************************************************************
401 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
403 BOOL WINAPI
CryptRetrieveObjectByUrlA(LPCSTR pszURL
, LPCSTR pszObjectOid
,
404 DWORD dwRetrievalFlags
, DWORD dwTimeout
, LPVOID
*ppvObject
,
405 HCRYPTASYNC hAsyncRetrieve
, PCRYPT_CREDENTIALS pCredentials
, LPVOID pvVerify
,
406 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
411 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL
),
412 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, ppvObject
,
413 hAsyncRetrieve
, pCredentials
, pvVerify
, pAuxInfo
);
417 SetLastError(ERROR_INVALID_PARAMETER
);
420 len
= MultiByteToWideChar(CP_ACP
, 0, pszURL
, -1, NULL
, 0);
423 LPWSTR url
= CryptMemAlloc(len
* sizeof(WCHAR
));
427 MultiByteToWideChar(CP_ACP
, 0, pszURL
, -1, url
, len
);
428 ret
= CryptRetrieveObjectByUrlW(url
, pszObjectOid
,
429 dwRetrievalFlags
, dwTimeout
, ppvObject
, hAsyncRetrieve
,
430 pCredentials
, pvVerify
, pAuxInfo
);
434 SetLastError(ERROR_OUTOFMEMORY
);
439 static void WINAPI
CRYPT_FreeBlob(LPCSTR pszObjectOid
,
440 PCRYPT_BLOB_ARRAY pObject
, void *pvFreeContext
)
444 for (i
= 0; i
< pObject
->cBlob
; i
++)
445 CryptMemFree(pObject
->rgBlob
[i
].pbData
);
446 CryptMemFree(pObject
->rgBlob
);
449 static BOOL
CRYPT_GetObjectFromFile(HANDLE hFile
, PCRYPT_BLOB_ARRAY pObject
)
454 if ((ret
= GetFileSizeEx(hFile
, &size
)))
458 WARN("file too big\n");
459 SetLastError(ERROR_INVALID_DATA
);
464 CRYPT_DATA_BLOB blob
;
466 blob
.pbData
= CryptMemAlloc(size
.u
.LowPart
);
469 blob
.cbData
= size
.u
.LowPart
;
470 ret
= ReadFile(hFile
, blob
.pbData
, size
.u
.LowPart
, &blob
.cbData
,
474 pObject
->rgBlob
= CryptMemAlloc(sizeof(CRYPT_DATA_BLOB
));
478 memcpy(pObject
->rgBlob
, &blob
, sizeof(CRYPT_DATA_BLOB
));
482 SetLastError(ERROR_OUTOFMEMORY
);
487 CryptMemFree(blob
.pbData
);
491 SetLastError(ERROR_OUTOFMEMORY
);
499 static BOOL
CRYPT_GetObjectFromCache(LPCWSTR pszURL
, PCRYPT_BLOB_ARRAY pObject
,
500 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
503 INTERNET_CACHE_ENTRY_INFOW
*pCacheInfo
= NULL
;
506 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL
), pObject
, pAuxInfo
);
508 RetrieveUrlCacheEntryFileW(pszURL
, NULL
, &size
, 0);
509 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER
)
512 pCacheInfo
= CryptMemAlloc(size
);
515 SetLastError(ERROR_OUTOFMEMORY
);
519 if ((ret
= RetrieveUrlCacheEntryFileW(pszURL
, pCacheInfo
, &size
, 0)))
523 GetSystemTimeAsFileTime(&ft
);
524 if (CompareFileTime(&pCacheInfo
->ExpireTime
, &ft
) >= 0)
526 HANDLE hFile
= CreateFileW(pCacheInfo
->lpszLocalFileName
, GENERIC_READ
,
527 FILE_SHARE_READ
, NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
529 if (hFile
!= INVALID_HANDLE_VALUE
)
531 if ((ret
= CRYPT_GetObjectFromFile(hFile
, pObject
)))
533 if (pAuxInfo
&& pAuxInfo
->cbSize
>=
534 offsetof(CRYPT_RETRIEVE_AUX_INFO
,
535 pLastSyncTime
) + sizeof(PFILETIME
) &&
536 pAuxInfo
->pLastSyncTime
)
537 memcpy(pAuxInfo
->pLastSyncTime
,
538 &pCacheInfo
->LastSyncTime
,
545 DeleteUrlCacheEntryW(pszURL
);
551 DeleteUrlCacheEntryW(pszURL
);
554 UnlockUrlCacheEntryFileW(pszURL
, 0);
556 CryptMemFree(pCacheInfo
);
557 TRACE("returning %d\n", ret
);
561 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
562 * to NULL-terminated copies of those portions of the URL (to be freed with
565 static BOOL
CRYPT_CrackUrl(LPCWSTR pszURL
, URL_COMPONENTSW
*components
)
569 TRACE("(%s, %p)\n", debugstr_w(pszURL
), components
);
571 memset(components
, 0, sizeof(*components
));
572 components
->dwStructSize
= sizeof(*components
);
573 components
->lpszHostName
= CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH
* sizeof(WCHAR
));
574 components
->dwHostNameLength
= INTERNET_MAX_HOST_NAME_LENGTH
;
575 if (!components
->lpszHostName
)
577 SetLastError(ERROR_OUTOFMEMORY
);
580 components
->lpszUrlPath
= CryptMemAlloc(INTERNET_MAX_PATH_LENGTH
* sizeof(WCHAR
));
581 components
->dwUrlPathLength
= INTERNET_MAX_PATH_LENGTH
;
582 if (!components
->lpszUrlPath
)
584 CryptMemFree(components
->lpszHostName
);
585 SetLastError(ERROR_OUTOFMEMORY
);
589 ret
= InternetCrackUrlW(pszURL
, 0, ICU_DECODE
, components
);
592 switch (components
->nScheme
)
594 case INTERNET_SCHEME_FTP
:
595 if (!components
->nPort
)
596 components
->nPort
= INTERNET_DEFAULT_FTP_PORT
;
598 case INTERNET_SCHEME_HTTP
:
599 if (!components
->nPort
)
600 components
->nPort
= INTERNET_DEFAULT_HTTP_PORT
;
606 TRACE("returning %d\n", ret
);
617 static struct InetContext
*CRYPT_MakeInetContext(DWORD dwTimeout
)
619 struct InetContext
*context
= CryptMemAlloc(sizeof(struct InetContext
));
623 context
->event
= CreateEventW(NULL
, FALSE
, FALSE
, NULL
);
626 CryptMemFree(context
);
631 context
->timeout
= dwTimeout
;
632 context
->error
= ERROR_SUCCESS
;
638 static BOOL
CRYPT_DownloadObject(DWORD dwRetrievalFlags
, HINTERNET hHttp
,
639 struct InetContext
*context
, PCRYPT_BLOB_ARRAY pObject
,
640 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
642 CRYPT_DATA_BLOB object
= { 0, NULL
};
643 DWORD bytesAvailable
;
647 if ((ret
= InternetQueryDataAvailable(hHttp
, &bytesAvailable
, 0, 0)))
652 object
.pbData
= CryptMemRealloc(object
.pbData
,
653 object
.cbData
+ bytesAvailable
);
655 object
.pbData
= CryptMemAlloc(bytesAvailable
);
658 INTERNET_BUFFERSA buffer
= { sizeof(buffer
), 0 };
660 buffer
.dwBufferLength
= bytesAvailable
;
661 buffer
.lpvBuffer
= object
.pbData
+ object
.cbData
;
662 if (!(ret
= InternetReadFileExA(hHttp
, &buffer
, IRF_NO_WAIT
,
663 (DWORD_PTR
)context
)))
665 if (GetLastError() == ERROR_IO_PENDING
)
667 if (WaitForSingleObject(context
->event
,
668 context
->timeout
) == WAIT_TIMEOUT
)
669 SetLastError(ERROR_TIMEOUT
);
670 else if (context
->error
)
671 SetLastError(context
->error
);
677 object
.cbData
+= buffer
.dwBufferLength
;
681 SetLastError(ERROR_OUTOFMEMORY
);
686 else if (GetLastError() == ERROR_IO_PENDING
)
688 if (WaitForSingleObject(context
->event
, context
->timeout
) ==
690 SetLastError(ERROR_TIMEOUT
);
694 } while (ret
&& bytesAvailable
);
697 pObject
->rgBlob
= CryptMemAlloc(sizeof(CRYPT_DATA_BLOB
));
698 if (!pObject
->rgBlob
)
700 CryptMemFree(object
.pbData
);
701 SetLastError(ERROR_OUTOFMEMORY
);
706 pObject
->rgBlob
[0].cbData
= object
.cbData
;
707 pObject
->rgBlob
[0].pbData
= object
.pbData
;
711 TRACE("returning %d\n", ret
);
715 /* Finds the object specified by pszURL in the cache. If it's not found,
716 * creates a new cache entry for the object and writes the object to it.
717 * Sets the expiration time of the cache entry to expires.
719 static void CRYPT_CacheURL(LPCWSTR pszURL
, const CRYPT_BLOB_ARRAY
*pObject
,
720 DWORD dwRetrievalFlags
, FILETIME expires
)
722 WCHAR cacheFileName
[MAX_PATH
];
724 DWORD size
= 0, entryType
;
727 GetUrlCacheEntryInfoW(pszURL
, NULL
, &size
);
728 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER
)
730 INTERNET_CACHE_ENTRY_INFOW
*info
= CryptMemAlloc(size
);
734 ERR("out of memory\n");
738 if (GetUrlCacheEntryInfoW(pszURL
, info
, &size
))
740 lstrcpyW(cacheFileName
, info
->lpszLocalFileName
);
741 /* Check if the existing cache entry is up to date. If it isn't,
742 * remove the existing cache entry, and create a new one with the
745 GetSystemTimeAsFileTime(&ft
);
746 if (CompareFileTime(&info
->ExpireTime
, &ft
) < 0)
748 DeleteUrlCacheEntryW(pszURL
);
752 info
->ExpireTime
= expires
;
753 SetUrlCacheEntryInfoW(pszURL
, info
, CACHE_ENTRY_EXPTIME_FC
);
761 if (!CreateUrlCacheEntryW(pszURL
, pObject
->rgBlob
[0].cbData
, NULL
, cacheFileName
, 0))
764 hCacheFile
= CreateFileW(cacheFileName
, GENERIC_WRITE
, 0,
765 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
766 if(hCacheFile
== INVALID_HANDLE_VALUE
)
769 WriteFile(hCacheFile
, pObject
->rgBlob
[0].pbData
,
770 pObject
->rgBlob
[0].cbData
, &size
, NULL
);
771 CloseHandle(hCacheFile
);
773 if (!(dwRetrievalFlags
& CRYPT_STICKY_CACHE_RETRIEVAL
))
774 entryType
= NORMAL_CACHE_ENTRY
;
776 entryType
= STICKY_CACHE_ENTRY
;
777 memset(&ft
, 0, sizeof(ft
));
778 CommitUrlCacheEntryW(pszURL
, cacheFileName
, expires
, ft
, entryType
,
779 NULL
, 0, NULL
, NULL
);
782 static void CALLBACK
CRYPT_InetStatusCallback(HINTERNET hInt
,
783 DWORD_PTR dwContext
, DWORD status
, void *statusInfo
, DWORD statusInfoLen
)
785 struct InetContext
*context
= (struct InetContext
*)dwContext
;
786 LPINTERNET_ASYNC_RESULT result
;
790 case INTERNET_STATUS_REQUEST_COMPLETE
:
792 context
->error
= result
->dwError
;
793 SetEvent(context
->event
);
797 static BOOL
CRYPT_Connect(const URL_COMPONENTSW
*components
,
798 struct InetContext
*context
, PCRYPT_CREDENTIALS pCredentials
,
799 HINTERNET
*phInt
, HINTERNET
*phHost
)
803 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components
->lpszHostName
),
804 components
->nPort
, context
, pCredentials
, phInt
, phInt
);
807 *phInt
= InternetOpenW(NULL
, INTERNET_OPEN_TYPE_PRECONFIG
, NULL
, NULL
,
808 context
? INTERNET_FLAG_ASYNC
: 0);
814 InternetSetStatusCallbackW(*phInt
, CRYPT_InetStatusCallback
);
815 switch (components
->nScheme
)
817 case INTERNET_SCHEME_FTP
:
818 service
= INTERNET_SERVICE_FTP
;
820 case INTERNET_SCHEME_HTTP
:
821 service
= INTERNET_SERVICE_HTTP
;
826 /* FIXME: use pCredentials for username/password */
827 *phHost
= InternetConnectW(*phInt
, components
->lpszHostName
,
828 components
->nPort
, NULL
, NULL
, service
, 0, (DWORD_PTR
)context
);
831 InternetCloseHandle(*phInt
);
840 TRACE("returning %d\n", ret
);
844 static BOOL WINAPI
FTP_RetrieveEncodedObjectW(LPCWSTR pszURL
,
845 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
846 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
847 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
848 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
850 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
851 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
852 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
855 pObject
->rgBlob
= NULL
;
856 *ppfnFreeObject
= CRYPT_FreeBlob
;
857 *ppvFreeContext
= NULL
;
861 static const WCHAR x509cacert
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
862 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
863 static const WCHAR x509emailcert
[] = { 'a','p','p','l','i','c','a','t','i','o',
864 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
866 static const WCHAR x509servercert
[] = { 'a','p','p','l','i','c','a','t','i','o',
867 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
869 static const WCHAR x509usercert
[] = { 'a','p','p','l','i','c','a','t','i','o',
870 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
871 static const WCHAR pkcs7cert
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
872 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
874 static const WCHAR pkixCRL
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
875 '/','p','k','i','x','-','c','r','l',0 };
876 static const WCHAR pkcs7CRL
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
877 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
878 static const WCHAR pkcs7sig
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
879 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
880 static const WCHAR pkcs7mime
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
881 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
883 static BOOL WINAPI
HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL
,
884 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
885 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
886 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
887 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
891 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
892 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
893 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
896 pObject
->rgBlob
= NULL
;
897 *ppfnFreeObject
= CRYPT_FreeBlob
;
898 *ppvFreeContext
= NULL
;
900 if (!(dwRetrievalFlags
& CRYPT_WIRE_ONLY_RETRIEVAL
))
901 ret
= CRYPT_GetObjectFromCache(pszURL
, pObject
, pAuxInfo
);
902 if (!ret
&& (!(dwRetrievalFlags
& CRYPT_CACHE_ONLY_RETRIEVAL
) ||
903 (dwRetrievalFlags
& CRYPT_WIRE_ONLY_RETRIEVAL
)))
905 URL_COMPONENTSW components
;
907 if ((ret
= CRYPT_CrackUrl(pszURL
, &components
)))
909 HINTERNET hInt
, hHost
;
910 struct InetContext
*context
= NULL
;
913 context
= CRYPT_MakeInetContext(dwTimeout
);
914 ret
= CRYPT_Connect(&components
, context
, pCredentials
, &hInt
,
918 static LPCWSTR types
[] = { x509cacert
, x509emailcert
,
919 x509servercert
, x509usercert
, pkcs7cert
, pkixCRL
, pkcs7CRL
,
920 pkcs7sig
, pkcs7mime
, NULL
};
921 HINTERNET hHttp
= HttpOpenRequestW(hHost
, NULL
,
922 components
.lpszUrlPath
, NULL
, NULL
, types
,
923 INTERNET_FLAG_NO_COOKIES
| INTERNET_FLAG_NO_UI
,
930 InternetSetOptionW(hHttp
,
931 INTERNET_OPTION_RECEIVE_TIMEOUT
, &dwTimeout
,
933 InternetSetOptionW(hHttp
, INTERNET_OPTION_SEND_TIMEOUT
,
934 &dwTimeout
, sizeof(dwTimeout
));
936 ret
= HttpSendRequestExW(hHttp
, NULL
, NULL
, 0,
938 if (!ret
&& GetLastError() == ERROR_IO_PENDING
)
940 if (WaitForSingleObject(context
->event
,
941 context
->timeout
) == WAIT_TIMEOUT
)
942 SetLastError(ERROR_TIMEOUT
);
947 !(ret
= HttpEndRequestW(hHttp
, NULL
, 0, (DWORD_PTR
)context
)) &&
948 GetLastError() == ERROR_IO_PENDING
)
950 if (WaitForSingleObject(context
->event
,
951 context
->timeout
) == WAIT_TIMEOUT
)
952 SetLastError(ERROR_TIMEOUT
);
957 ret
= CRYPT_DownloadObject(dwRetrievalFlags
, hHttp
,
958 context
, pObject
, pAuxInfo
);
959 if (ret
&& !(dwRetrievalFlags
& CRYPT_DONT_CACHE_RESULT
))
962 DWORD len
= sizeof(st
);
964 if (HttpQueryInfoW(hHttp
,
965 HTTP_QUERY_EXPIRES
| HTTP_QUERY_FLAG_SYSTEMTIME
, &st
,
970 SystemTimeToFileTime(&st
, &ft
);
971 CRYPT_CacheURL(pszURL
, pObject
, dwRetrievalFlags
,
975 InternetCloseHandle(hHttp
);
977 InternetCloseHandle(hHost
);
978 InternetCloseHandle(hInt
);
982 CloseHandle(context
->event
);
983 CryptMemFree(context
);
985 CryptMemFree(components
.lpszUrlPath
);
986 CryptMemFree(components
.lpszHostName
);
989 TRACE("returning %d\n", ret
);
993 static BOOL WINAPI
File_RetrieveEncodedObjectW(LPCWSTR pszURL
,
994 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
995 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
996 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
997 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
999 URL_COMPONENTSW components
= { sizeof(components
), 0 };
1002 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
1003 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
1004 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
1007 pObject
->rgBlob
= NULL
;
1008 *ppfnFreeObject
= CRYPT_FreeBlob
;
1009 *ppvFreeContext
= NULL
;
1011 components
.lpszUrlPath
= CryptMemAlloc(INTERNET_MAX_PATH_LENGTH
* sizeof(WCHAR
));
1012 components
.dwUrlPathLength
= INTERNET_MAX_PATH_LENGTH
;
1013 if (!components
.lpszUrlPath
)
1015 SetLastError(ERROR_OUTOFMEMORY
);
1019 ret
= InternetCrackUrlW(pszURL
, 0, ICU_DECODE
, &components
);
1024 /* 3 == lstrlenW(L"c:") + 1 */
1025 path
= CryptMemAlloc((components
.dwUrlPathLength
+ 3) * sizeof(WCHAR
));
1030 /* Try to create the file directly - Wine handles / in pathnames */
1031 lstrcpynW(path
, components
.lpszUrlPath
,
1032 components
.dwUrlPathLength
+ 1);
1033 hFile
= CreateFileW(path
, GENERIC_READ
, FILE_SHARE_READ
,
1034 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1035 if (hFile
== INVALID_HANDLE_VALUE
)
1037 /* Try again on the current drive */
1038 GetCurrentDirectoryW(components
.dwUrlPathLength
, path
);
1041 lstrcpynW(path
+ 2, components
.lpszUrlPath
,
1042 components
.dwUrlPathLength
+ 1);
1043 hFile
= CreateFileW(path
, GENERIC_READ
, FILE_SHARE_READ
,
1044 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1046 if (hFile
== INVALID_HANDLE_VALUE
)
1048 /* Try again on the Windows drive */
1049 GetWindowsDirectoryW(path
, components
.dwUrlPathLength
);
1052 lstrcpynW(path
+ 2, components
.lpszUrlPath
,
1053 components
.dwUrlPathLength
+ 1);
1054 hFile
= CreateFileW(path
, GENERIC_READ
, FILE_SHARE_READ
,
1055 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1059 if (hFile
!= INVALID_HANDLE_VALUE
)
1061 if ((ret
= CRYPT_GetObjectFromFile(hFile
, pObject
)))
1063 if (pAuxInfo
&& pAuxInfo
->cbSize
>=
1064 offsetof(CRYPT_RETRIEVE_AUX_INFO
,
1065 pLastSyncTime
) + sizeof(PFILETIME
) &&
1066 pAuxInfo
->pLastSyncTime
)
1067 GetFileTime(hFile
, NULL
, NULL
,
1068 pAuxInfo
->pLastSyncTime
);
1078 SetLastError(ERROR_OUTOFMEMORY
);
1082 CryptMemFree(components
.lpszUrlPath
);
1086 typedef BOOL (WINAPI
*SchemeDllRetrieveEncodedObjectW
)(LPCWSTR pwszUrl
,
1087 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
1088 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
1089 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
1090 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
);
1092 static BOOL
CRYPT_GetRetrieveFunction(LPCWSTR pszURL
,
1093 SchemeDllRetrieveEncodedObjectW
*pFunc
, HCRYPTOIDFUNCADDR
*phFunc
)
1095 URL_COMPONENTSW components
= { sizeof(components
), 0 };
1098 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL
), pFunc
, phFunc
);
1102 components
.dwSchemeLength
= 1;
1103 ret
= InternetCrackUrlW(pszURL
, 0, 0, &components
);
1106 /* Microsoft always uses CryptInitOIDFunctionSet/
1107 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1108 * reason to do so for builtin schemes.
1110 switch (components
.nScheme
)
1112 case INTERNET_SCHEME_FTP
:
1113 *pFunc
= FTP_RetrieveEncodedObjectW
;
1115 case INTERNET_SCHEME_HTTP
:
1116 *pFunc
= HTTP_RetrieveEncodedObjectW
;
1118 case INTERNET_SCHEME_FILE
:
1119 *pFunc
= File_RetrieveEncodedObjectW
;
1123 int len
= WideCharToMultiByte(CP_ACP
, 0, components
.lpszScheme
,
1124 components
.dwSchemeLength
, NULL
, 0, NULL
, NULL
);
1128 LPSTR scheme
= CryptMemAlloc(len
);
1132 static HCRYPTOIDFUNCSET set
= NULL
;
1135 set
= CryptInitOIDFunctionSet(
1136 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC
, 0);
1137 WideCharToMultiByte(CP_ACP
, 0, components
.lpszScheme
,
1138 components
.dwSchemeLength
, scheme
, len
, NULL
, NULL
);
1139 ret
= CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
,
1140 scheme
, 0, (void **)pFunc
, phFunc
);
1141 CryptMemFree(scheme
);
1145 SetLastError(ERROR_OUTOFMEMORY
);
1154 TRACE("returning %d\n", ret
);
1158 static BOOL WINAPI
CRYPT_CreateBlob(LPCSTR pszObjectOid
,
1159 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1162 CRYPT_BLOB_ARRAY
*context
;
1165 size
= sizeof(CRYPT_BLOB_ARRAY
) + pObject
->cBlob
* sizeof(CRYPT_DATA_BLOB
);
1166 for (i
= 0; i
< pObject
->cBlob
; i
++)
1167 size
+= pObject
->rgBlob
[i
].cbData
;
1168 context
= CryptMemAlloc(size
);
1175 (CRYPT_DATA_BLOB
*)((LPBYTE
)context
+ sizeof(CRYPT_BLOB_ARRAY
));
1177 (LPBYTE
)context
->rgBlob
+ pObject
->cBlob
* sizeof(CRYPT_DATA_BLOB
);
1178 for (i
= 0; i
< pObject
->cBlob
; i
++)
1180 memcpy(nextData
, pObject
->rgBlob
[i
].pbData
,
1181 pObject
->rgBlob
[i
].cbData
);
1182 context
->rgBlob
[i
].pbData
= nextData
;
1183 context
->rgBlob
[i
].cbData
= pObject
->rgBlob
[i
].cbData
;
1184 nextData
+= pObject
->rgBlob
[i
].cbData
;
1187 *ppvContext
= context
;
1193 typedef BOOL (WINAPI
*AddContextToStore
)(HCERTSTORE hCertStore
,
1194 const void *pContext
, DWORD dwAddDisposition
, const void **ppStoreContext
);
1196 static BOOL
CRYPT_CreateContext(const CRYPT_BLOB_ARRAY
*pObject
,
1197 DWORD dwExpectedContentTypeFlags
, AddContextToStore addFunc
, void **ppvContext
)
1201 if (!pObject
->cBlob
)
1203 SetLastError(ERROR_INVALID_DATA
);
1207 else if (pObject
->cBlob
== 1)
1209 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &pObject
->rgBlob
[0],
1210 dwExpectedContentTypeFlags
, CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
,
1211 NULL
, NULL
, NULL
, NULL
, (const void **)ppvContext
))
1213 SetLastError(CRYPT_E_NO_MATCH
);
1219 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
1220 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1225 const void *context
;
1227 for (i
= 0; i
< pObject
->cBlob
; i
++)
1229 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB
,
1230 &pObject
->rgBlob
[i
], dwExpectedContentTypeFlags
,
1231 CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
, NULL
, NULL
, NULL
,
1234 if (!addFunc(store
, context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1239 SetLastError(CRYPT_E_NO_MATCH
);
1246 *ppvContext
= store
;
1251 static BOOL WINAPI
CRYPT_CreateCert(LPCSTR pszObjectOid
,
1252 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1254 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CERT
,
1255 (AddContextToStore
)CertAddCertificateContextToStore
, ppvContext
);
1258 static BOOL WINAPI
CRYPT_CreateCRL(LPCSTR pszObjectOid
,
1259 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1261 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CRL
,
1262 (AddContextToStore
)CertAddCRLContextToStore
, ppvContext
);
1265 static BOOL WINAPI
CRYPT_CreateCTL(LPCSTR pszObjectOid
,
1266 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1268 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CTL
,
1269 (AddContextToStore
)CertAddCTLContextToStore
, ppvContext
);
1272 static BOOL WINAPI
CRYPT_CreatePKCS7(LPCSTR pszObjectOid
,
1273 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1277 if (!pObject
->cBlob
)
1279 SetLastError(ERROR_INVALID_DATA
);
1283 else if (pObject
->cBlob
== 1)
1284 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &pObject
->rgBlob
[0],
1285 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
|
1286 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
, CERT_QUERY_FORMAT_FLAG_BINARY
,
1287 0, NULL
, NULL
, NULL
, ppvContext
, NULL
, NULL
);
1290 FIXME("multiple messages unimplemented\n");
1296 static BOOL WINAPI
CRYPT_CreateAny(LPCSTR pszObjectOid
,
1297 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1301 if (!pObject
->cBlob
)
1303 SetLastError(ERROR_INVALID_DATA
);
1309 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_COLLECTION
, 0, 0,
1310 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1314 HCERTSTORE memStore
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
1315 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1319 CertAddStoreToCollection(store
, memStore
,
1320 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG
, 0);
1321 CertCloseStore(memStore
, 0);
1325 CertCloseStore(store
, 0);
1334 for (i
= 0; i
< pObject
->cBlob
; i
++)
1336 DWORD contentType
, expectedContentTypes
=
1337 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
|
1338 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
|
1339 CERT_QUERY_CONTENT_FLAG_CERT
|
1340 CERT_QUERY_CONTENT_FLAG_CRL
|
1341 CERT_QUERY_CONTENT_FLAG_CTL
;
1342 HCERTSTORE contextStore
;
1343 const void *context
;
1345 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB
,
1346 &pObject
->rgBlob
[i
], expectedContentTypes
,
1347 CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
, &contentType
, NULL
,
1348 &contextStore
, NULL
, &context
))
1350 switch (contentType
)
1352 case CERT_QUERY_CONTENT_CERT
:
1353 if (!CertAddCertificateContextToStore(store
,
1354 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1356 CertFreeCertificateContext(context
);
1358 case CERT_QUERY_CONTENT_CRL
:
1359 if (!CertAddCRLContextToStore(store
,
1360 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1362 CertFreeCRLContext(context
);
1364 case CERT_QUERY_CONTENT_CTL
:
1365 if (!CertAddCTLContextToStore(store
,
1366 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1368 CertFreeCTLContext(context
);
1371 CertAddStoreToCollection(store
, contextStore
, 0, 0);
1373 CertCloseStore(contextStore
, 0);
1381 *ppvContext
= store
;
1386 typedef BOOL (WINAPI
*ContextDllCreateObjectContext
)(LPCSTR pszObjectOid
,
1387 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
);
1389 static BOOL
CRYPT_GetCreateFunction(LPCSTR pszObjectOid
,
1390 ContextDllCreateObjectContext
*pFunc
, HCRYPTOIDFUNCADDR
*phFunc
)
1394 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid
), pFunc
, phFunc
);
1398 if (IS_INTOID(pszObjectOid
))
1400 switch (LOWORD(pszObjectOid
))
1403 *pFunc
= CRYPT_CreateBlob
;
1405 case LOWORD(CONTEXT_OID_CERTIFICATE
):
1406 *pFunc
= CRYPT_CreateCert
;
1408 case LOWORD(CONTEXT_OID_CRL
):
1409 *pFunc
= CRYPT_CreateCRL
;
1411 case LOWORD(CONTEXT_OID_CTL
):
1412 *pFunc
= CRYPT_CreateCTL
;
1414 case LOWORD(CONTEXT_OID_PKCS7
):
1415 *pFunc
= CRYPT_CreatePKCS7
;
1417 case LOWORD(CONTEXT_OID_CAPI2_ANY
):
1418 *pFunc
= CRYPT_CreateAny
;
1424 static HCRYPTOIDFUNCSET set
= NULL
;
1427 set
= CryptInitOIDFunctionSet(
1428 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC
, 0);
1429 ret
= CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
, pszObjectOid
,
1430 0, (void **)pFunc
, phFunc
);
1432 TRACE("returning %d\n", ret
);
1436 typedef BOOL (*get_object_expiration_func
)(const void *pvContext
,
1437 FILETIME
*expiration
);
1439 static BOOL
CRYPT_GetExpirationFromCert(const void *pvObject
, FILETIME
*expiration
)
1441 PCCERT_CONTEXT cert
= pvObject
;
1443 *expiration
= cert
->pCertInfo
->NotAfter
;
1447 static BOOL
CRYPT_GetExpirationFromCRL(const void *pvObject
, FILETIME
*expiration
)
1449 PCCRL_CONTEXT cert
= pvObject
;
1451 *expiration
= cert
->pCrlInfo
->NextUpdate
;
1455 static BOOL
CRYPT_GetExpirationFromCTL(const void *pvObject
, FILETIME
*expiration
)
1457 PCCTL_CONTEXT cert
= pvObject
;
1459 *expiration
= cert
->pCtlInfo
->NextUpdate
;
1463 static BOOL
CRYPT_GetExpirationFunction(LPCSTR pszObjectOid
,
1464 get_object_expiration_func
*getExpiration
)
1468 if (IS_INTOID(pszObjectOid
))
1470 switch (LOWORD(pszObjectOid
))
1472 case LOWORD(CONTEXT_OID_CERTIFICATE
):
1473 *getExpiration
= CRYPT_GetExpirationFromCert
;
1476 case LOWORD(CONTEXT_OID_CRL
):
1477 *getExpiration
= CRYPT_GetExpirationFromCRL
;
1480 case LOWORD(CONTEXT_OID_CTL
):
1481 *getExpiration
= CRYPT_GetExpirationFromCTL
;
1493 /***********************************************************************
1494 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1496 BOOL WINAPI
CryptRetrieveObjectByUrlW(LPCWSTR pszURL
, LPCSTR pszObjectOid
,
1497 DWORD dwRetrievalFlags
, DWORD dwTimeout
, LPVOID
*ppvObject
,
1498 HCRYPTASYNC hAsyncRetrieve
, PCRYPT_CREDENTIALS pCredentials
, LPVOID pvVerify
,
1499 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
1502 SchemeDllRetrieveEncodedObjectW retrieve
;
1503 ContextDllCreateObjectContext create
;
1504 HCRYPTOIDFUNCADDR hRetrieve
= 0, hCreate
= 0;
1506 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
1507 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, ppvObject
,
1508 hAsyncRetrieve
, pCredentials
, pvVerify
, pAuxInfo
);
1512 SetLastError(ERROR_INVALID_PARAMETER
);
1515 ret
= CRYPT_GetRetrieveFunction(pszURL
, &retrieve
, &hRetrieve
);
1517 ret
= CRYPT_GetCreateFunction(pszObjectOid
, &create
, &hCreate
);
1520 CRYPT_BLOB_ARRAY object
= { 0, NULL
};
1521 PFN_FREE_ENCODED_OBJECT_FUNC freeObject
;
1524 ret
= retrieve(pszURL
, pszObjectOid
, dwRetrievalFlags
, dwTimeout
,
1525 &object
, &freeObject
, &freeContext
, hAsyncRetrieve
, pCredentials
,
1529 get_object_expiration_func getExpiration
;
1531 ret
= create(pszObjectOid
, dwRetrievalFlags
, &object
, ppvObject
);
1532 if (ret
&& !(dwRetrievalFlags
& CRYPT_DONT_CACHE_RESULT
) &&
1533 CRYPT_GetExpirationFunction(pszObjectOid
, &getExpiration
))
1537 if (getExpiration(*ppvObject
, &expires
))
1538 CRYPT_CacheURL(pszURL
, &object
, dwRetrievalFlags
, expires
);
1540 freeObject(pszObjectOid
, &object
, freeContext
);
1544 CryptFreeOIDFunctionAddress(hCreate
, 0);
1546 CryptFreeOIDFunctionAddress(hRetrieve
, 0);
1547 TRACE("returning %d\n", ret
);
1551 static DWORD
verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert
,
1552 PCCRL_CONTEXT crl
, DWORD index
, FILETIME
*pTime
,
1553 PCERT_REVOCATION_STATUS pRevStatus
)
1556 PCRL_ENTRY entry
= NULL
;
1558 CertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1561 error
= CRYPT_E_REVOKED
;
1562 pRevStatus
->dwIndex
= index
;
1566 /* Since the CRL was retrieved for the cert being checked, then it's
1567 * guaranteed to be fresh, and the cert is not revoked.
1569 error
= ERROR_SUCCESS
;
1574 static DWORD
verify_cert_revocation_from_dist_points_ext(
1575 const CRYPT_DATA_BLOB
*value
, PCCERT_CONTEXT cert
, DWORD index
,
1576 FILETIME
*pTime
, DWORD dwFlags
, const CERT_REVOCATION_PARA
*pRevPara
,
1577 PCERT_REVOCATION_STATUS pRevStatus
)
1579 DWORD error
= ERROR_SUCCESS
, cbUrlArray
;
1581 if (CRYPT_GetUrlFromCRLDistPointsExt(value
, NULL
, &cbUrlArray
, NULL
, NULL
))
1583 CRYPT_URL_ARRAY
*urlArray
= CryptMemAlloc(cbUrlArray
);
1587 DWORD j
, retrievalFlags
= 0, startTime
, endTime
, timeout
;
1590 ret
= CRYPT_GetUrlFromCRLDistPointsExt(value
, urlArray
,
1591 &cbUrlArray
, NULL
, NULL
);
1592 if (dwFlags
& CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION
)
1593 retrievalFlags
|= CRYPT_CACHE_ONLY_RETRIEVAL
;
1594 if (dwFlags
& CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG
&&
1595 pRevPara
&& pRevPara
->cbSize
>= offsetof(CERT_REVOCATION_PARA
,
1596 dwUrlRetrievalTimeout
) + sizeof(DWORD
))
1598 startTime
= GetTickCount();
1599 endTime
= startTime
+ pRevPara
->dwUrlRetrievalTimeout
;
1600 timeout
= pRevPara
->dwUrlRetrievalTimeout
;
1603 endTime
= timeout
= 0;
1605 error
= GetLastError();
1606 for (j
= 0; !error
&& j
< urlArray
->cUrl
; j
++)
1610 ret
= CryptRetrieveObjectByUrlW(urlArray
->rgwszUrl
[j
],
1611 CONTEXT_OID_CRL
, retrievalFlags
, timeout
, (void **)&crl
,
1612 NULL
, NULL
, NULL
, NULL
);
1615 error
= verify_cert_revocation_with_crl_online(cert
, crl
,
1616 index
, pTime
, pRevStatus
);
1617 if (!error
&& timeout
)
1619 DWORD time
= GetTickCount();
1621 if ((int)(endTime
- time
) <= 0)
1623 error
= ERROR_TIMEOUT
;
1624 pRevStatus
->dwIndex
= index
;
1627 timeout
= endTime
- time
;
1629 CertFreeCRLContext(crl
);
1632 error
= CRYPT_E_REVOCATION_OFFLINE
;
1634 CryptMemFree(urlArray
);
1638 error
= ERROR_OUTOFMEMORY
;
1639 pRevStatus
->dwIndex
= index
;
1644 error
= GetLastError();
1645 pRevStatus
->dwIndex
= index
;
1650 static DWORD
verify_cert_revocation_from_aia_ext(
1651 const CRYPT_DATA_BLOB
*value
, PCCERT_CONTEXT cert
, DWORD index
,
1652 FILETIME
*pTime
, DWORD dwFlags
, PCERT_REVOCATION_PARA pRevPara
,
1653 PCERT_REVOCATION_STATUS pRevStatus
)
1657 CERT_AUTHORITY_INFO_ACCESS
*aia
;
1659 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_AUTHORITY_INFO_ACCESS
,
1660 value
->pbData
, value
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &aia
, &size
);
1665 for (i
= 0; i
< aia
->cAccDescr
; i
++)
1666 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
1669 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
==
1671 FIXME("OCSP URL = %s\n",
1672 debugstr_w(aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
));
1674 FIXME("unsupported AccessLocation type %d\n",
1675 aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
);
1678 /* FIXME: lie and pretend OCSP validated the cert */
1679 error
= ERROR_SUCCESS
;
1682 error
= GetLastError();
1686 static DWORD
verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert
,
1687 PCCRL_CONTEXT crl
, DWORD index
, FILETIME
*pTime
,
1688 PCERT_REVOCATION_STATUS pRevStatus
)
1693 valid
= CompareFileTime(pTime
, &crl
->pCrlInfo
->ThisUpdate
);
1696 /* If this CRL is not older than the time being verified, there's no
1697 * way to know whether the certificate was revoked.
1699 TRACE("CRL not old enough\n");
1700 error
= CRYPT_E_REVOCATION_OFFLINE
;
1704 PCRL_ENTRY entry
= NULL
;
1706 CertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1709 error
= CRYPT_E_REVOKED
;
1710 pRevStatus
->dwIndex
= index
;
1714 /* Since the CRL was not retrieved for the cert being checked,
1715 * there's no guarantee it's fresh, so the cert *might* be okay,
1716 * but it's safer not to guess.
1718 TRACE("certificate not found\n");
1719 error
= CRYPT_E_REVOCATION_OFFLINE
;
1725 static DWORD
verify_cert_revocation(PCCERT_CONTEXT cert
, DWORD index
,
1726 FILETIME
*pTime
, DWORD dwFlags
, PCERT_REVOCATION_PARA pRevPara
,
1727 PCERT_REVOCATION_STATUS pRevStatus
)
1729 DWORD error
= ERROR_SUCCESS
;
1730 PCERT_EXTENSION ext
;
1732 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
1733 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
1734 error
= verify_cert_revocation_from_dist_points_ext(&ext
->Value
, cert
,
1735 index
, pTime
, dwFlags
, pRevPara
, pRevStatus
);
1736 else if ((ext
= CertFindExtension(szOID_AUTHORITY_INFO_ACCESS
,
1737 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
1738 error
= verify_cert_revocation_from_aia_ext(&ext
->Value
, cert
,
1739 index
, pTime
, dwFlags
, pRevPara
, pRevStatus
);
1742 if (pRevPara
&& pRevPara
->hCrlStore
&& pRevPara
->pIssuerCert
)
1744 PCCRL_CONTEXT crl
= NULL
;
1747 /* If the caller told us about the issuer, make sure the issuer
1748 * can sign CRLs before looking for one.
1750 if ((ext
= CertFindExtension(szOID_KEY_USAGE
,
1751 pRevPara
->pIssuerCert
->pCertInfo
->cExtension
,
1752 pRevPara
->pIssuerCert
->pCertInfo
->rgExtension
)))
1754 CRYPT_BIT_BLOB usage
;
1755 DWORD size
= sizeof(usage
);
1757 if (!CryptDecodeObjectEx(cert
->dwCertEncodingType
, X509_BITS
,
1758 ext
->Value
.pbData
, ext
->Value
.cbData
,
1759 CRYPT_DECODE_NOCOPY_FLAG
, NULL
, &usage
, &size
))
1760 canSignCRLs
= FALSE
;
1761 else if (usage
.cbData
> 2)
1763 /* The key usage extension only defines 9 bits => no more
1764 * than 2 bytes are needed to encode all known usages.
1766 canSignCRLs
= FALSE
;
1770 BYTE usageBits
= usage
.pbData
[usage
.cbData
- 1];
1772 canSignCRLs
= usageBits
& CERT_CRL_SIGN_KEY_USAGE
;
1779 /* If the caller was helpful enough to tell us where to find a
1780 * CRL for the cert, look for one and check it.
1782 crl
= CertFindCRLInStore(pRevPara
->hCrlStore
,
1783 cert
->dwCertEncodingType
,
1784 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
|
1785 CRL_FIND_ISSUED_BY_AKI_FLAG
,
1786 CRL_FIND_ISSUED_BY
, pRevPara
->pIssuerCert
, NULL
);
1790 error
= verify_cert_revocation_with_crl_offline(cert
, crl
,
1791 index
, pTime
, pRevStatus
);
1792 CertFreeCRLContext(crl
);
1796 TRACE("no CRL found\n");
1797 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1798 pRevStatus
->dwIndex
= index
;
1804 WARN("no CERT_REVOCATION_PARA\n");
1805 else if (!pRevPara
->hCrlStore
)
1806 WARN("no dist points/aia extension and no CRL store\n");
1807 else if (!pRevPara
->pIssuerCert
)
1808 WARN("no dist points/aia extension and no issuer\n");
1809 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1810 pRevStatus
->dwIndex
= index
;
1816 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
{
1818 PCCERT_CONTEXT pIssuerCert
;
1820 HCERTSTORE
*rgCertStore
;
1821 HCERTSTORE hCrlStore
;
1822 LPFILETIME pftTimeToUse
;
1823 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS
;
1825 typedef struct _OLD_CERT_REVOCATION_STATUS
{
1830 } OLD_CERT_REVOCATION_STATUS
, *POLD_CERT_REVOCATION_STATUS
;
1832 /***********************************************************************
1833 * CertDllVerifyRevocation (CRYPTNET.@)
1835 BOOL WINAPI
CertDllVerifyRevocation(DWORD dwEncodingType
, DWORD dwRevType
,
1836 DWORD cContext
, PVOID rgpvContext
[], DWORD dwFlags
,
1837 PCERT_REVOCATION_PARA pRevPara
, PCERT_REVOCATION_STATUS pRevStatus
)
1841 LPFILETIME pTime
= NULL
;
1843 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType
, dwRevType
,
1844 cContext
, rgpvContext
, dwFlags
, pRevPara
, pRevStatus
);
1846 if (pRevStatus
->cbSize
!= sizeof(OLD_CERT_REVOCATION_STATUS
) &&
1847 pRevStatus
->cbSize
!= sizeof(CERT_REVOCATION_STATUS
))
1849 SetLastError(E_INVALIDARG
);
1854 SetLastError(E_INVALIDARG
);
1857 if (pRevPara
&& pRevPara
->cbSize
>=
1858 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
))
1859 pTime
= pRevPara
->pftTimeToUse
;
1862 GetSystemTimeAsFileTime(&now
);
1865 memset(&pRevStatus
->dwIndex
, 0, pRevStatus
->cbSize
- sizeof(DWORD
));
1866 if (dwRevType
!= CERT_CONTEXT_REVOCATION_TYPE
)
1867 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1870 for (i
= 0; !error
&& i
< cContext
; i
++)
1871 error
= verify_cert_revocation(rgpvContext
[i
], i
, pTime
, dwFlags
,
1872 pRevPara
, pRevStatus
);
1876 SetLastError(error
);
1877 pRevStatus
->dwError
= error
;
1879 TRACE("returning %d (%08x)\n", !error
, error
);