2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 #include "wine/port.h"
24 #define NONAMELESSUNION
25 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
38 #include "wine/debug.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet
);
42 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
44 static const WCHAR cryptNet
[] = { 'c','r','y','p','t','n','e','t','.',
47 /***********************************************************************
48 * DllRegisterServer (CRYPTNET.@)
50 HRESULT WINAPI
DllRegisterServer(void)
53 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING
,
54 CRYPT_OID_VERIFY_REVOCATION_FUNC
, 0, cryptNet
);
55 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
, "Ldap",
56 cryptNet
, "LdapProvOpenStore");
57 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
,
58 CERT_STORE_PROV_LDAP_W
, cryptNet
, "LdapProvOpenStore");
62 /***********************************************************************
63 * DllUnregisterServer (CRYPTNET.@)
65 HRESULT WINAPI
DllUnregisterServer(void)
68 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING
,
69 CRYPT_OID_VERIFY_REVOCATION_FUNC
, cryptNet
);
70 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
, "Ldap");
71 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC
,
72 CERT_STORE_PROV_LDAP_W
);
76 static const char *url_oid_to_str(LPCSTR oid
)
84 #define _x(oid) case LOWORD(oid): return #oid
85 _x(URL_OID_CERTIFICATE_ISSUER
);
86 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT
);
87 _x(URL_OID_CTL_ISSUER
);
88 _x(URL_OID_CTL_NEXT_UPDATE
);
89 _x(URL_OID_CRL_ISSUER
);
90 _x(URL_OID_CERTIFICATE_FRESHEST_CRL
);
91 _x(URL_OID_CRL_FRESHEST_CRL
);
92 _x(URL_OID_CROSS_CERT_DIST_POINT
);
95 snprintf(buf
, sizeof(buf
), "%d", LOWORD(oid
));
103 typedef BOOL (WINAPI
*UrlDllGetObjectUrlFunc
)(LPCSTR
, LPVOID
, DWORD
,
104 PCRYPT_URL_ARRAY
, DWORD
*, PCRYPT_URL_INFO
, DWORD
*, LPVOID
);
106 static BOOL WINAPI
CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid
,
107 LPVOID pvPara
, DWORD dwFlags
, PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
,
108 PCRYPT_URL_INFO pUrlInfo
, DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
110 PCCERT_CONTEXT cert
= pvPara
;
114 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
115 if (dwFlags
&& !(dwFlags
& CRYPT_GET_URL_FROM_EXTENSION
))
117 SetLastError(CRYPT_E_NOT_FOUND
);
120 if ((ext
= CertFindExtension(szOID_AUTHORITY_INFO_ACCESS
,
121 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
123 CERT_AUTHORITY_INFO_ACCESS
*aia
;
126 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_AUTHORITY_INFO_ACCESS
,
127 ext
->Value
.pbData
, ext
->Value
.cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
,
131 DWORD i
, cUrl
, bytesNeeded
= sizeof(CRYPT_URL_ARRAY
);
133 for (i
= 0, cUrl
= 0; i
< aia
->cAccDescr
; i
++)
134 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
135 szOID_PKIX_CA_ISSUERS
))
137 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
==
140 if (aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
)
143 bytesNeeded
+= sizeof(LPWSTR
) +
144 (lstrlenW(aia
->rgAccDescr
[i
].AccessLocation
.u
.
145 pwszURL
) + 1) * sizeof(WCHAR
);
149 FIXME("unsupported alt name type %d\n",
150 aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
);
154 SetLastError(E_INVALIDARG
);
158 *pcbUrlArray
= bytesNeeded
;
159 else if (*pcbUrlArray
< bytesNeeded
)
161 SetLastError(ERROR_MORE_DATA
);
162 *pcbUrlArray
= bytesNeeded
;
169 *pcbUrlArray
= bytesNeeded
;
171 pUrlArray
->rgwszUrl
=
172 (LPWSTR
*)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
));
173 nextUrl
= (LPWSTR
)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
)
174 + cUrl
* sizeof(LPWSTR
));
175 for (i
= 0; i
< aia
->cAccDescr
; i
++)
176 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
177 szOID_PKIX_CA_ISSUERS
))
179 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
180 == CERT_ALT_NAME_URL
)
182 if (aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
)
185 aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
);
186 pUrlArray
->rgwszUrl
[pUrlArray
->cUrl
++] =
188 nextUrl
+= (lstrlenW(nextUrl
) + 1);
197 FIXME("url info: stub\n");
199 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
200 else if (*pcbUrlInfo
< sizeof(CRYPT_URL_INFO
))
202 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
203 SetLastError(ERROR_MORE_DATA
);
208 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
209 memset(pUrlInfo
, 0, sizeof(CRYPT_URL_INFO
));
217 SetLastError(CRYPT_E_NOT_FOUND
);
221 static BOOL
CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB
*value
,
222 PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
, PCRYPT_URL_INFO pUrlInfo
,
226 CRL_DIST_POINTS_INFO
*info
;
229 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_CRL_DIST_POINTS
,
230 value
->pbData
, value
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &info
, &size
);
233 DWORD i
, cUrl
, bytesNeeded
= sizeof(CRYPT_URL_ARRAY
);
235 for (i
= 0, cUrl
= 0; i
< info
->cDistPoint
; i
++)
236 if (info
->rgDistPoint
[i
].DistPointName
.dwDistPointNameChoice
237 == CRL_DIST_POINT_FULL_NAME
)
240 CERT_ALT_NAME_INFO
*name
=
241 &info
->rgDistPoint
[i
].DistPointName
.u
.FullName
;
243 for (j
= 0; j
< name
->cAltEntry
; j
++)
244 if (name
->rgAltEntry
[j
].dwAltNameChoice
==
247 if (name
->rgAltEntry
[j
].u
.pwszURL
)
250 bytesNeeded
+= sizeof(LPWSTR
) +
251 (lstrlenW(name
->rgAltEntry
[j
].u
.pwszURL
) + 1)
258 SetLastError(E_INVALIDARG
);
262 *pcbUrlArray
= bytesNeeded
;
263 else if (*pcbUrlArray
< bytesNeeded
)
265 SetLastError(ERROR_MORE_DATA
);
266 *pcbUrlArray
= bytesNeeded
;
273 *pcbUrlArray
= bytesNeeded
;
275 pUrlArray
->rgwszUrl
=
276 (LPWSTR
*)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
));
277 nextUrl
= (LPWSTR
)((BYTE
*)pUrlArray
+ sizeof(CRYPT_URL_ARRAY
)
278 + cUrl
* sizeof(LPWSTR
));
279 for (i
= 0; i
< info
->cDistPoint
; i
++)
280 if (info
->rgDistPoint
[i
].DistPointName
.dwDistPointNameChoice
281 == CRL_DIST_POINT_FULL_NAME
)
284 CERT_ALT_NAME_INFO
*name
=
285 &info
->rgDistPoint
[i
].DistPointName
.u
.FullName
;
287 for (j
= 0; j
< name
->cAltEntry
; j
++)
288 if (name
->rgAltEntry
[j
].dwAltNameChoice
==
291 if (name
->rgAltEntry
[j
].u
.pwszURL
)
294 name
->rgAltEntry
[j
].u
.pwszURL
);
295 pUrlArray
->rgwszUrl
[pUrlArray
->cUrl
++] =
298 (lstrlenW(name
->rgAltEntry
[j
].u
.pwszURL
) + 1);
307 FIXME("url info: stub\n");
309 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
310 else if (*pcbUrlInfo
< sizeof(CRYPT_URL_INFO
))
312 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
313 SetLastError(ERROR_MORE_DATA
);
318 *pcbUrlInfo
= sizeof(CRYPT_URL_INFO
);
319 memset(pUrlInfo
, 0, sizeof(CRYPT_URL_INFO
));
328 static BOOL WINAPI
CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid
,
329 LPVOID pvPara
, DWORD dwFlags
, PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
,
330 PCRYPT_URL_INFO pUrlInfo
, DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
332 PCCERT_CONTEXT cert
= pvPara
;
336 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
337 if (dwFlags
&& !(dwFlags
& CRYPT_GET_URL_FROM_EXTENSION
))
339 SetLastError(CRYPT_E_NOT_FOUND
);
342 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
343 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
344 ret
= CRYPT_GetUrlFromCRLDistPointsExt(&ext
->Value
, pUrlArray
,
345 pcbUrlArray
, pUrlInfo
, pcbUrlInfo
);
347 SetLastError(CRYPT_E_NOT_FOUND
);
351 /***********************************************************************
352 * CryptGetObjectUrl (CRYPTNET.@)
354 BOOL WINAPI
CryptGetObjectUrl(LPCSTR pszUrlOid
, LPVOID pvPara
, DWORD dwFlags
,
355 PCRYPT_URL_ARRAY pUrlArray
, DWORD
*pcbUrlArray
, PCRYPT_URL_INFO pUrlInfo
,
356 DWORD
*pcbUrlInfo
, LPVOID pvReserved
)
358 UrlDllGetObjectUrlFunc func
= NULL
;
359 HCRYPTOIDFUNCADDR hFunc
= NULL
;
362 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid
),
363 pvPara
, dwFlags
, pUrlArray
, pcbUrlArray
, pUrlInfo
, pcbUrlInfo
, pvReserved
);
365 if (IS_INTOID(pszUrlOid
))
367 switch (LOWORD(pszUrlOid
))
369 case LOWORD(URL_OID_CERTIFICATE_ISSUER
):
370 func
= CRYPT_GetUrlFromCertificateIssuer
;
372 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT
):
373 func
= CRYPT_GetUrlFromCertificateCRLDistPoint
;
376 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid
));
377 SetLastError(ERROR_FILE_NOT_FOUND
);
382 static HCRYPTOIDFUNCSET set
= NULL
;
385 set
= CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC
, 0);
386 CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
, pszUrlOid
, 0,
387 (void **)&func
, &hFunc
);
390 ret
= func(pszUrlOid
, pvPara
, dwFlags
, pUrlArray
, pcbUrlArray
,
391 pUrlInfo
, pcbUrlInfo
, pvReserved
);
393 CryptFreeOIDFunctionAddress(hFunc
, 0);
397 /***********************************************************************
398 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
400 BOOL WINAPI
CryptRetrieveObjectByUrlA(LPCSTR pszURL
, LPCSTR pszObjectOid
,
401 DWORD dwRetrievalFlags
, DWORD dwTimeout
, LPVOID
*ppvObject
,
402 HCRYPTASYNC hAsyncRetrieve
, PCRYPT_CREDENTIALS pCredentials
, LPVOID pvVerify
,
403 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
408 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL
),
409 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, ppvObject
,
410 hAsyncRetrieve
, pCredentials
, pvVerify
, pAuxInfo
);
414 SetLastError(ERROR_INVALID_PARAMETER
);
417 len
= MultiByteToWideChar(CP_ACP
, 0, pszURL
, -1, NULL
, 0);
420 LPWSTR url
= CryptMemAlloc(len
* sizeof(WCHAR
));
424 MultiByteToWideChar(CP_ACP
, 0, pszURL
, -1, url
, len
);
425 ret
= CryptRetrieveObjectByUrlW(url
, pszObjectOid
,
426 dwRetrievalFlags
, dwTimeout
, ppvObject
, hAsyncRetrieve
,
427 pCredentials
, pvVerify
, pAuxInfo
);
431 SetLastError(ERROR_OUTOFMEMORY
);
436 static void WINAPI
CRYPT_FreeBlob(LPCSTR pszObjectOid
,
437 PCRYPT_BLOB_ARRAY pObject
, void *pvFreeContext
)
441 for (i
= 0; i
< pObject
->cBlob
; i
++)
442 CryptMemFree(pObject
->rgBlob
[i
].pbData
);
443 CryptMemFree(pObject
->rgBlob
);
446 static BOOL
CRYPT_GetObjectFromFile(HANDLE hFile
, PCRYPT_BLOB_ARRAY pObject
)
451 if ((ret
= GetFileSizeEx(hFile
, &size
)))
455 WARN("file too big\n");
456 SetLastError(ERROR_INVALID_DATA
);
461 CRYPT_DATA_BLOB blob
;
463 blob
.pbData
= CryptMemAlloc(size
.u
.LowPart
);
466 ret
= ReadFile(hFile
, blob
.pbData
, size
.u
.LowPart
, &blob
.cbData
,
470 pObject
->rgBlob
= CryptMemAlloc(sizeof(CRYPT_DATA_BLOB
));
474 memcpy(pObject
->rgBlob
, &blob
, sizeof(CRYPT_DATA_BLOB
));
478 SetLastError(ERROR_OUTOFMEMORY
);
483 CryptMemFree(blob
.pbData
);
487 SetLastError(ERROR_OUTOFMEMORY
);
495 static BOOL
CRYPT_GetObjectFromCache(LPCWSTR pszURL
, PCRYPT_BLOB_ARRAY pObject
,
496 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
499 INTERNET_CACHE_ENTRY_INFOW
*pCacheInfo
= NULL
;
502 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL
), pObject
, pAuxInfo
);
504 RetrieveUrlCacheEntryFileW(pszURL
, NULL
, &size
, 0);
505 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER
)
508 pCacheInfo
= CryptMemAlloc(size
);
511 SetLastError(ERROR_OUTOFMEMORY
);
515 if ((ret
= RetrieveUrlCacheEntryFileW(pszURL
, pCacheInfo
, &size
, 0)))
519 GetSystemTimeAsFileTime(&ft
);
520 if (CompareFileTime(&pCacheInfo
->ExpireTime
, &ft
) >= 0)
522 HANDLE hFile
= CreateFileW(pCacheInfo
->lpszLocalFileName
, GENERIC_READ
,
523 FILE_SHARE_READ
, NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
525 if (hFile
!= INVALID_HANDLE_VALUE
)
527 if ((ret
= CRYPT_GetObjectFromFile(hFile
, pObject
)))
529 if (pAuxInfo
&& pAuxInfo
->cbSize
>=
530 offsetof(CRYPT_RETRIEVE_AUX_INFO
,
531 pLastSyncTime
) + sizeof(PFILETIME
) &&
532 pAuxInfo
->pLastSyncTime
)
533 memcpy(pAuxInfo
->pLastSyncTime
,
534 &pCacheInfo
->LastSyncTime
,
541 DeleteUrlCacheEntryW(pszURL
);
547 DeleteUrlCacheEntryW(pszURL
);
550 UnlockUrlCacheEntryFileW(pszURL
, 0);
552 CryptMemFree(pCacheInfo
);
553 TRACE("returning %d\n", ret
);
557 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
558 * to NULL-terminated copies of those portions of the URL (to be freed with
561 static BOOL
CRYPT_CrackUrl(LPCWSTR pszURL
, URL_COMPONENTSW
*components
)
565 TRACE("(%s, %p)\n", debugstr_w(pszURL
), components
);
567 memset(components
, 0, sizeof(*components
));
568 components
->dwStructSize
= sizeof(*components
);
569 components
->lpszHostName
= CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH
* sizeof(WCHAR
));
570 components
->dwHostNameLength
= INTERNET_MAX_HOST_NAME_LENGTH
;
571 if (!components
->lpszHostName
)
573 SetLastError(ERROR_OUTOFMEMORY
);
576 components
->lpszUrlPath
= CryptMemAlloc(INTERNET_MAX_PATH_LENGTH
* sizeof(WCHAR
));
577 components
->dwUrlPathLength
= INTERNET_MAX_PATH_LENGTH
;
578 if (!components
->lpszUrlPath
)
580 CryptMemFree(components
->lpszHostName
);
581 SetLastError(ERROR_OUTOFMEMORY
);
585 ret
= InternetCrackUrlW(pszURL
, 0, ICU_DECODE
, components
);
588 switch (components
->nScheme
)
590 case INTERNET_SCHEME_FTP
:
591 if (!components
->nPort
)
592 components
->nPort
= INTERNET_DEFAULT_FTP_PORT
;
594 case INTERNET_SCHEME_HTTP
:
595 if (!components
->nPort
)
596 components
->nPort
= INTERNET_DEFAULT_HTTP_PORT
;
602 TRACE("returning %d\n", ret
);
613 static struct InetContext
*CRYPT_MakeInetContext(DWORD dwTimeout
)
615 struct InetContext
*context
= CryptMemAlloc(sizeof(struct InetContext
));
619 context
->event
= CreateEventW(NULL
, FALSE
, FALSE
, NULL
);
622 CryptMemFree(context
);
627 context
->timeout
= dwTimeout
;
628 context
->error
= ERROR_SUCCESS
;
634 static BOOL
CRYPT_DownloadObject(DWORD dwRetrievalFlags
, HINTERNET hHttp
,
635 struct InetContext
*context
, PCRYPT_BLOB_ARRAY pObject
,
636 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
638 CRYPT_DATA_BLOB object
= { 0, NULL
};
639 DWORD bytesAvailable
;
643 if ((ret
= InternetQueryDataAvailable(hHttp
, &bytesAvailable
, 0, 0)))
648 object
.pbData
= CryptMemRealloc(object
.pbData
,
649 object
.cbData
+ bytesAvailable
);
651 object
.pbData
= CryptMemAlloc(bytesAvailable
);
654 INTERNET_BUFFERSA buffer
= { sizeof(buffer
), 0 };
656 buffer
.dwBufferLength
= bytesAvailable
;
657 buffer
.lpvBuffer
= object
.pbData
+ object
.cbData
;
658 if (!(ret
= InternetReadFileExA(hHttp
, &buffer
, IRF_NO_WAIT
,
659 (DWORD_PTR
)context
)))
661 if (GetLastError() == ERROR_IO_PENDING
)
663 if (WaitForSingleObject(context
->event
,
664 context
->timeout
) == WAIT_TIMEOUT
)
665 SetLastError(ERROR_TIMEOUT
);
666 else if (context
->error
)
667 SetLastError(context
->error
);
673 object
.cbData
+= buffer
.dwBufferLength
;
677 SetLastError(ERROR_OUTOFMEMORY
);
682 else if (GetLastError() == ERROR_IO_PENDING
)
684 if (WaitForSingleObject(context
->event
, context
->timeout
) ==
686 SetLastError(ERROR_TIMEOUT
);
690 } while (ret
&& bytesAvailable
);
693 pObject
->rgBlob
= CryptMemAlloc(sizeof(CRYPT_DATA_BLOB
));
694 if (!pObject
->rgBlob
)
696 CryptMemFree(object
.pbData
);
697 SetLastError(ERROR_OUTOFMEMORY
);
702 pObject
->rgBlob
[0].cbData
= object
.cbData
;
703 pObject
->rgBlob
[0].pbData
= object
.pbData
;
707 TRACE("returning %d\n", ret
);
711 /* Finds the object specified by pszURL in the cache. If it's not found,
712 * creates a new cache entry for the object and writes the object to it.
713 * Sets the expiration time of the cache entry to expires.
715 static void CRYPT_CacheURL(LPCWSTR pszURL
, const CRYPT_BLOB_ARRAY
*pObject
,
716 DWORD dwRetrievalFlags
, FILETIME expires
)
718 WCHAR cacheFileName
[MAX_PATH
];
720 DWORD size
= 0, entryType
;
723 GetUrlCacheEntryInfoW(pszURL
, NULL
, &size
);
724 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER
)
726 INTERNET_CACHE_ENTRY_INFOW
*info
= CryptMemAlloc(size
);
730 ERR("out of memory\n");
734 if (GetUrlCacheEntryInfoW(pszURL
, info
, &size
))
736 lstrcpyW(cacheFileName
, info
->lpszLocalFileName
);
737 /* Check if the existing cache entry is up to date. If it isn't,
738 * remove the existing cache entry, and create a new one with the
741 GetSystemTimeAsFileTime(&ft
);
742 if (CompareFileTime(&info
->ExpireTime
, &ft
) < 0)
744 DeleteUrlCacheEntryW(pszURL
);
748 info
->ExpireTime
= expires
;
749 SetUrlCacheEntryInfoW(pszURL
, info
, CACHE_ENTRY_EXPTIME_FC
);
757 if (!CreateUrlCacheEntryW(pszURL
, pObject
->rgBlob
[0].cbData
, NULL
, cacheFileName
, 0))
760 hCacheFile
= CreateFileW(cacheFileName
, GENERIC_WRITE
, 0,
761 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
762 if(hCacheFile
== INVALID_HANDLE_VALUE
)
765 WriteFile(hCacheFile
, pObject
->rgBlob
[0].pbData
,
766 pObject
->rgBlob
[0].cbData
, &size
, NULL
);
767 CloseHandle(hCacheFile
);
769 if (!(dwRetrievalFlags
& CRYPT_STICKY_CACHE_RETRIEVAL
))
770 entryType
= NORMAL_CACHE_ENTRY
;
772 entryType
= STICKY_CACHE_ENTRY
;
773 memset(&ft
, 0, sizeof(ft
));
774 CommitUrlCacheEntryW(pszURL
, cacheFileName
, expires
, ft
, entryType
,
775 NULL
, 0, NULL
, NULL
);
778 static void CALLBACK
CRYPT_InetStatusCallback(HINTERNET hInt
,
779 DWORD_PTR dwContext
, DWORD status
, void *statusInfo
, DWORD statusInfoLen
)
781 struct InetContext
*context
= (struct InetContext
*)dwContext
;
782 LPINTERNET_ASYNC_RESULT result
;
786 case INTERNET_STATUS_REQUEST_COMPLETE
:
788 context
->error
= result
->dwError
;
789 SetEvent(context
->event
);
793 static BOOL
CRYPT_Connect(const URL_COMPONENTSW
*components
,
794 struct InetContext
*context
, PCRYPT_CREDENTIALS pCredentials
,
795 HINTERNET
*phInt
, HINTERNET
*phHost
)
799 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components
->lpszHostName
),
800 components
->nPort
, context
, pCredentials
, phInt
, phInt
);
803 *phInt
= InternetOpenW(NULL
, INTERNET_OPEN_TYPE_PRECONFIG
, NULL
, NULL
,
804 context
? INTERNET_FLAG_ASYNC
: 0);
810 InternetSetStatusCallbackW(*phInt
, CRYPT_InetStatusCallback
);
811 switch (components
->nScheme
)
813 case INTERNET_SCHEME_FTP
:
814 service
= INTERNET_SERVICE_FTP
;
816 case INTERNET_SCHEME_HTTP
:
817 service
= INTERNET_SERVICE_HTTP
;
822 /* FIXME: use pCredentials for username/password */
823 *phHost
= InternetConnectW(*phInt
, components
->lpszHostName
,
824 components
->nPort
, NULL
, NULL
, service
, 0, (DWORD_PTR
)context
);
827 InternetCloseHandle(*phInt
);
836 TRACE("returning %d\n", ret
);
840 static BOOL WINAPI
FTP_RetrieveEncodedObjectW(LPCWSTR pszURL
,
841 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
842 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
843 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
844 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
846 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
847 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
848 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
851 pObject
->rgBlob
= NULL
;
852 *ppfnFreeObject
= CRYPT_FreeBlob
;
853 *ppvFreeContext
= NULL
;
857 static const WCHAR x509cacert
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
858 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
859 static const WCHAR x509emailcert
[] = { 'a','p','p','l','i','c','a','t','i','o',
860 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
862 static const WCHAR x509servercert
[] = { 'a','p','p','l','i','c','a','t','i','o',
863 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
865 static const WCHAR x509usercert
[] = { 'a','p','p','l','i','c','a','t','i','o',
866 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
867 static const WCHAR pkcs7cert
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
868 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
870 static const WCHAR pkixCRL
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
871 '/','p','k','i','x','-','c','r','l',0 };
872 static const WCHAR pkcs7CRL
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
873 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
874 static const WCHAR pkcs7sig
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
875 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
876 static const WCHAR pkcs7mime
[] = { 'a','p','p','l','i','c','a','t','i','o','n',
877 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
879 static BOOL WINAPI
HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL
,
880 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
881 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
882 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
883 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
887 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
888 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
889 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
892 pObject
->rgBlob
= NULL
;
893 *ppfnFreeObject
= CRYPT_FreeBlob
;
894 *ppvFreeContext
= NULL
;
896 if (!(dwRetrievalFlags
& CRYPT_WIRE_ONLY_RETRIEVAL
))
897 ret
= CRYPT_GetObjectFromCache(pszURL
, pObject
, pAuxInfo
);
898 if (!ret
&& (!(dwRetrievalFlags
& CRYPT_CACHE_ONLY_RETRIEVAL
) ||
899 (dwRetrievalFlags
& CRYPT_WIRE_ONLY_RETRIEVAL
)))
901 URL_COMPONENTSW components
;
903 if ((ret
= CRYPT_CrackUrl(pszURL
, &components
)))
905 HINTERNET hInt
, hHost
;
906 struct InetContext
*context
= NULL
;
909 context
= CRYPT_MakeInetContext(dwTimeout
);
910 ret
= CRYPT_Connect(&components
, context
, pCredentials
, &hInt
,
914 static LPCWSTR types
[] = { x509cacert
, x509emailcert
,
915 x509servercert
, x509usercert
, pkcs7cert
, pkixCRL
, pkcs7CRL
,
916 pkcs7sig
, pkcs7mime
, NULL
};
917 HINTERNET hHttp
= HttpOpenRequestW(hHost
, NULL
,
918 components
.lpszUrlPath
, NULL
, NULL
, types
,
919 INTERNET_FLAG_NO_COOKIES
| INTERNET_FLAG_NO_UI
,
926 InternetSetOptionW(hHttp
,
927 INTERNET_OPTION_RECEIVE_TIMEOUT
, &dwTimeout
,
929 InternetSetOptionW(hHttp
, INTERNET_OPTION_SEND_TIMEOUT
,
930 &dwTimeout
, sizeof(dwTimeout
));
932 ret
= HttpSendRequestExW(hHttp
, NULL
, NULL
, 0,
934 if (!ret
&& GetLastError() == ERROR_IO_PENDING
)
936 if (WaitForSingleObject(context
->event
,
937 context
->timeout
) == WAIT_TIMEOUT
)
938 SetLastError(ERROR_TIMEOUT
);
943 !(ret
= HttpEndRequestW(hHttp
, NULL
, 0, (DWORD_PTR
)context
)) &&
944 GetLastError() == ERROR_IO_PENDING
)
946 if (WaitForSingleObject(context
->event
,
947 context
->timeout
) == WAIT_TIMEOUT
)
948 SetLastError(ERROR_TIMEOUT
);
953 ret
= CRYPT_DownloadObject(dwRetrievalFlags
, hHttp
,
954 context
, pObject
, pAuxInfo
);
955 if (ret
&& !(dwRetrievalFlags
& CRYPT_DONT_CACHE_RESULT
))
959 DWORD len
= sizeof(st
);
961 if (HttpQueryInfoW(hHttp
, HTTP_QUERY_EXPIRES
| HTTP_QUERY_FLAG_SYSTEMTIME
,
962 &st
, &len
, NULL
) && SystemTimeToFileTime(&st
, &ft
))
963 CRYPT_CacheURL(pszURL
, pObject
, dwRetrievalFlags
, ft
);
965 InternetCloseHandle(hHttp
);
967 InternetCloseHandle(hHost
);
968 InternetCloseHandle(hInt
);
972 CloseHandle(context
->event
);
973 CryptMemFree(context
);
975 CryptMemFree(components
.lpszUrlPath
);
976 CryptMemFree(components
.lpszHostName
);
979 TRACE("returning %d\n", ret
);
983 static BOOL WINAPI
File_RetrieveEncodedObjectW(LPCWSTR pszURL
,
984 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
985 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
986 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
987 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
989 URL_COMPONENTSW components
= { sizeof(components
), 0 };
992 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
993 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, pObject
,
994 ppfnFreeObject
, ppvFreeContext
, hAsyncRetrieve
, pCredentials
, pAuxInfo
);
997 pObject
->rgBlob
= NULL
;
998 *ppfnFreeObject
= CRYPT_FreeBlob
;
999 *ppvFreeContext
= NULL
;
1001 components
.lpszUrlPath
= CryptMemAlloc(INTERNET_MAX_PATH_LENGTH
* sizeof(WCHAR
));
1002 components
.dwUrlPathLength
= INTERNET_MAX_PATH_LENGTH
;
1003 if (!components
.lpszUrlPath
)
1005 SetLastError(ERROR_OUTOFMEMORY
);
1009 ret
= InternetCrackUrlW(pszURL
, 0, ICU_DECODE
, &components
);
1014 /* 3 == lstrlenW(L"c:") + 1 */
1015 path
= CryptMemAlloc((components
.dwUrlPathLength
+ 3) * sizeof(WCHAR
));
1020 /* Try to create the file directly - Wine handles / in pathnames */
1021 lstrcpynW(path
, components
.lpszUrlPath
,
1022 components
.dwUrlPathLength
+ 1);
1023 hFile
= CreateFileW(path
, GENERIC_READ
, FILE_SHARE_READ
,
1024 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1026 if ((hFile
== INVALID_HANDLE_VALUE
) && (lstrlenW(components
.lpszUrlPath
) > 1) && (components
.lpszUrlPath
[1] != ':'))
1028 if (hFile
== INVALID_HANDLE_VALUE
)
1031 /* Try again on the current drive */
1032 GetCurrentDirectoryW(components
.dwUrlPathLength
, path
);
1035 lstrcpynW(path
+ 2, components
.lpszUrlPath
,
1036 components
.dwUrlPathLength
+ 1);
1037 hFile
= CreateFileW(path
, GENERIC_READ
, FILE_SHARE_READ
,
1038 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1040 if (hFile
== INVALID_HANDLE_VALUE
)
1042 /* Try again on the Windows drive */
1043 GetWindowsDirectoryW(path
, components
.dwUrlPathLength
);
1046 lstrcpynW(path
+ 2, components
.lpszUrlPath
,
1047 components
.dwUrlPathLength
+ 1);
1048 hFile
= CreateFileW(path
, GENERIC_READ
, FILE_SHARE_READ
,
1049 NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
1053 if (hFile
!= INVALID_HANDLE_VALUE
)
1055 if ((ret
= CRYPT_GetObjectFromFile(hFile
, pObject
)))
1057 if (pAuxInfo
&& pAuxInfo
->cbSize
>=
1058 offsetof(CRYPT_RETRIEVE_AUX_INFO
,
1059 pLastSyncTime
) + sizeof(PFILETIME
) &&
1060 pAuxInfo
->pLastSyncTime
)
1061 GetFileTime(hFile
, NULL
, NULL
,
1062 pAuxInfo
->pLastSyncTime
);
1072 SetLastError(ERROR_OUTOFMEMORY
);
1076 CryptMemFree(components
.lpszUrlPath
);
1080 typedef BOOL (WINAPI
*SchemeDllRetrieveEncodedObjectW
)(LPCWSTR pwszUrl
,
1081 LPCSTR pszObjectOid
, DWORD dwRetrievalFlags
, DWORD dwTimeout
,
1082 PCRYPT_BLOB_ARRAY pObject
, PFN_FREE_ENCODED_OBJECT_FUNC
*ppfnFreeObject
,
1083 void **ppvFreeContext
, HCRYPTASYNC hAsyncRetrieve
,
1084 PCRYPT_CREDENTIALS pCredentials
, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
);
1086 static BOOL
CRYPT_GetRetrieveFunction(LPCWSTR pszURL
,
1087 SchemeDllRetrieveEncodedObjectW
*pFunc
, HCRYPTOIDFUNCADDR
*phFunc
)
1089 URL_COMPONENTSW components
= { sizeof(components
), 0 };
1092 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL
), pFunc
, phFunc
);
1096 components
.dwSchemeLength
= 1;
1097 ret
= InternetCrackUrlW(pszURL
, 0, 0, &components
);
1100 /* Microsoft always uses CryptInitOIDFunctionSet/
1101 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1102 * reason to do so for builtin schemes.
1104 switch (components
.nScheme
)
1106 case INTERNET_SCHEME_FTP
:
1107 *pFunc
= FTP_RetrieveEncodedObjectW
;
1109 case INTERNET_SCHEME_HTTP
:
1110 *pFunc
= HTTP_RetrieveEncodedObjectW
;
1112 case INTERNET_SCHEME_FILE
:
1113 *pFunc
= File_RetrieveEncodedObjectW
;
1117 int len
= WideCharToMultiByte(CP_ACP
, 0, components
.lpszScheme
,
1118 components
.dwSchemeLength
, NULL
, 0, NULL
, NULL
);
1122 LPSTR scheme
= CryptMemAlloc(len
);
1126 static HCRYPTOIDFUNCSET set
= NULL
;
1129 set
= CryptInitOIDFunctionSet(
1130 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC
, 0);
1131 WideCharToMultiByte(CP_ACP
, 0, components
.lpszScheme
,
1132 components
.dwSchemeLength
, scheme
, len
, NULL
, NULL
);
1133 ret
= CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
,
1134 scheme
, 0, (void **)pFunc
, phFunc
);
1135 CryptMemFree(scheme
);
1139 SetLastError(ERROR_OUTOFMEMORY
);
1148 TRACE("returning %d\n", ret
);
1152 static BOOL WINAPI
CRYPT_CreateBlob(LPCSTR pszObjectOid
,
1153 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1156 CRYPT_BLOB_ARRAY
*context
;
1159 size
= sizeof(CRYPT_BLOB_ARRAY
) + pObject
->cBlob
* sizeof(CRYPT_DATA_BLOB
);
1160 for (i
= 0; i
< pObject
->cBlob
; i
++)
1161 size
+= pObject
->rgBlob
[i
].cbData
;
1162 context
= CryptMemAlloc(size
);
1169 (CRYPT_DATA_BLOB
*)((LPBYTE
)context
+ sizeof(CRYPT_BLOB_ARRAY
));
1171 (LPBYTE
)context
->rgBlob
+ pObject
->cBlob
* sizeof(CRYPT_DATA_BLOB
);
1172 for (i
= 0; i
< pObject
->cBlob
; i
++)
1174 memcpy(nextData
, pObject
->rgBlob
[i
].pbData
,
1175 pObject
->rgBlob
[i
].cbData
);
1176 context
->rgBlob
[i
].pbData
= nextData
;
1177 context
->rgBlob
[i
].cbData
= pObject
->rgBlob
[i
].cbData
;
1178 nextData
+= pObject
->rgBlob
[i
].cbData
;
1181 *ppvContext
= context
;
1187 typedef BOOL (WINAPI
*AddContextToStore
)(HCERTSTORE hCertStore
,
1188 const void *pContext
, DWORD dwAddDisposition
, const void **ppStoreContext
);
1190 static BOOL
decode_base64_blob( const CRYPT_DATA_BLOB
*in
, CRYPT_DATA_BLOB
*out
)
1193 DWORD len
= in
->cbData
;
1195 while (len
&& !in
->pbData
[len
- 1]) len
--;
1196 if (!CryptStringToBinaryA( (char *)in
->pbData
, len
, CRYPT_STRING_BASE64_ANY
,
1197 NULL
, &out
->cbData
, NULL
, NULL
)) return FALSE
;
1199 if (!(out
->pbData
= CryptMemAlloc( out
->cbData
))) return FALSE
;
1200 ret
= CryptStringToBinaryA( (char *)in
->pbData
, len
, CRYPT_STRING_BASE64_ANY
,
1201 out
->pbData
, &out
->cbData
, NULL
, NULL
);
1202 if (!ret
) CryptMemFree( out
->pbData
);
1206 static BOOL
CRYPT_CreateContext(const CRYPT_BLOB_ARRAY
*pObject
,
1207 DWORD dwExpectedContentTypeFlags
, AddContextToStore addFunc
, void **ppvContext
)
1210 CRYPT_DATA_BLOB blob
;
1212 if (!pObject
->cBlob
)
1214 SetLastError(ERROR_INVALID_DATA
);
1218 else if (pObject
->cBlob
== 1)
1220 if (decode_base64_blob(&pObject
->rgBlob
[0], &blob
))
1222 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &blob
,
1223 dwExpectedContentTypeFlags
, CERT_QUERY_FORMAT_FLAG_BINARY
, 0,
1224 NULL
, NULL
, NULL
, NULL
, NULL
, (const void **)ppvContext
);
1225 CryptMemFree(blob
.pbData
);
1229 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &pObject
->rgBlob
[0],
1230 dwExpectedContentTypeFlags
, CERT_QUERY_FORMAT_FLAG_BINARY
, 0,
1231 NULL
, NULL
, NULL
, NULL
, NULL
, (const void **)ppvContext
);
1235 SetLastError(CRYPT_E_NO_MATCH
);
1241 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
1242 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1247 const void *context
;
1249 for (i
= 0; i
< pObject
->cBlob
; i
++)
1251 if (decode_base64_blob(&pObject
->rgBlob
[i
], &blob
))
1253 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &blob
,
1254 dwExpectedContentTypeFlags
, CERT_QUERY_FORMAT_FLAG_BINARY
,
1255 0, NULL
, NULL
, NULL
, NULL
, NULL
, &context
);
1256 CryptMemFree(blob
.pbData
);
1260 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
,
1261 &pObject
->rgBlob
[i
], dwExpectedContentTypeFlags
,
1262 CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
, NULL
, NULL
, NULL
,
1267 if (!addFunc(store
, context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1272 SetLastError(CRYPT_E_NO_MATCH
);
1279 *ppvContext
= store
;
1284 static BOOL WINAPI
CRYPT_CreateCert(LPCSTR pszObjectOid
,
1285 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1287 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CERT
,
1288 (AddContextToStore
)CertAddCertificateContextToStore
, ppvContext
);
1291 static BOOL WINAPI
CRYPT_CreateCRL(LPCSTR pszObjectOid
,
1292 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1294 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CRL
,
1295 (AddContextToStore
)CertAddCRLContextToStore
, ppvContext
);
1298 static BOOL WINAPI
CRYPT_CreateCTL(LPCSTR pszObjectOid
,
1299 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1301 return CRYPT_CreateContext(pObject
, CERT_QUERY_CONTENT_FLAG_CTL
,
1302 (AddContextToStore
)CertAddCTLContextToStore
, ppvContext
);
1305 static BOOL WINAPI
CRYPT_CreatePKCS7(LPCSTR pszObjectOid
,
1306 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1310 if (!pObject
->cBlob
)
1312 SetLastError(ERROR_INVALID_DATA
);
1316 else if (pObject
->cBlob
== 1)
1317 ret
= CryptQueryObject(CERT_QUERY_OBJECT_BLOB
, &pObject
->rgBlob
[0],
1318 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
|
1319 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
, CERT_QUERY_FORMAT_FLAG_BINARY
,
1320 0, NULL
, NULL
, NULL
, ppvContext
, NULL
, NULL
);
1323 FIXME("multiple messages unimplemented\n");
1329 static BOOL WINAPI
CRYPT_CreateAny(LPCSTR pszObjectOid
,
1330 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
)
1334 if (!pObject
->cBlob
)
1336 SetLastError(ERROR_INVALID_DATA
);
1342 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_COLLECTION
, 0, 0,
1343 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1347 HCERTSTORE memStore
= CertOpenStore(CERT_STORE_PROV_MEMORY
, 0, 0,
1348 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
1352 CertAddStoreToCollection(store
, memStore
,
1353 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG
, 0);
1354 CertCloseStore(memStore
, 0);
1358 CertCloseStore(store
, 0);
1367 for (i
= 0; i
< pObject
->cBlob
; i
++)
1369 DWORD contentType
, expectedContentTypes
=
1370 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
|
1371 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
|
1372 CERT_QUERY_CONTENT_FLAG_CERT
|
1373 CERT_QUERY_CONTENT_FLAG_CRL
|
1374 CERT_QUERY_CONTENT_FLAG_CTL
;
1375 HCERTSTORE contextStore
;
1376 const void *context
;
1378 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB
,
1379 &pObject
->rgBlob
[i
], expectedContentTypes
,
1380 CERT_QUERY_FORMAT_FLAG_BINARY
, 0, NULL
, &contentType
, NULL
,
1381 &contextStore
, NULL
, &context
))
1383 switch (contentType
)
1385 case CERT_QUERY_CONTENT_CERT
:
1386 if (!CertAddCertificateContextToStore(store
,
1387 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1389 CertFreeCertificateContext(context
);
1391 case CERT_QUERY_CONTENT_CRL
:
1392 if (!CertAddCRLContextToStore(store
,
1393 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1395 CertFreeCRLContext(context
);
1397 case CERT_QUERY_CONTENT_CTL
:
1398 if (!CertAddCTLContextToStore(store
,
1399 context
, CERT_STORE_ADD_ALWAYS
, NULL
))
1401 CertFreeCTLContext(context
);
1404 CertAddStoreToCollection(store
, contextStore
, 0, 0);
1406 CertCloseStore(contextStore
, 0);
1414 *ppvContext
= store
;
1419 typedef BOOL (WINAPI
*ContextDllCreateObjectContext
)(LPCSTR pszObjectOid
,
1420 DWORD dwRetrievalFlags
, const CRYPT_BLOB_ARRAY
*pObject
, void **ppvContext
);
1422 static BOOL
CRYPT_GetCreateFunction(LPCSTR pszObjectOid
,
1423 ContextDllCreateObjectContext
*pFunc
, HCRYPTOIDFUNCADDR
*phFunc
)
1427 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid
), pFunc
, phFunc
);
1431 if (IS_INTOID(pszObjectOid
))
1433 switch (LOWORD(pszObjectOid
))
1436 *pFunc
= CRYPT_CreateBlob
;
1438 case LOWORD(CONTEXT_OID_CERTIFICATE
):
1439 *pFunc
= CRYPT_CreateCert
;
1441 case LOWORD(CONTEXT_OID_CRL
):
1442 *pFunc
= CRYPT_CreateCRL
;
1444 case LOWORD(CONTEXT_OID_CTL
):
1445 *pFunc
= CRYPT_CreateCTL
;
1447 case LOWORD(CONTEXT_OID_PKCS7
):
1448 *pFunc
= CRYPT_CreatePKCS7
;
1450 case LOWORD(CONTEXT_OID_CAPI2_ANY
):
1451 *pFunc
= CRYPT_CreateAny
;
1457 static HCRYPTOIDFUNCSET set
= NULL
;
1460 set
= CryptInitOIDFunctionSet(
1461 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC
, 0);
1462 ret
= CryptGetOIDFunctionAddress(set
, X509_ASN_ENCODING
, pszObjectOid
,
1463 0, (void **)pFunc
, phFunc
);
1465 TRACE("returning %d\n", ret
);
1469 static BOOL
CRYPT_GetExpiration(const void *object
, const char *pszObjectOid
, FILETIME
*expiration
)
1471 if (!IS_INTOID(pszObjectOid
))
1474 switch (LOWORD(pszObjectOid
)) {
1475 case LOWORD(CONTEXT_OID_CERTIFICATE
):
1476 *expiration
= ((const CERT_CONTEXT
*)object
)->pCertInfo
->NotAfter
;
1478 case LOWORD(CONTEXT_OID_CRL
):
1479 *expiration
= ((const CRL_CONTEXT
*)object
)->pCrlInfo
->NextUpdate
;
1481 case LOWORD(CONTEXT_OID_CTL
):
1482 *expiration
= ((const CTL_CONTEXT
*)object
)->pCtlInfo
->NextUpdate
;
1489 /***********************************************************************
1490 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1492 BOOL WINAPI
CryptRetrieveObjectByUrlW(LPCWSTR pszURL
, LPCSTR pszObjectOid
,
1493 DWORD dwRetrievalFlags
, DWORD dwTimeout
, LPVOID
*ppvObject
,
1494 HCRYPTASYNC hAsyncRetrieve
, PCRYPT_CREDENTIALS pCredentials
, LPVOID pvVerify
,
1495 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
)
1498 SchemeDllRetrieveEncodedObjectW retrieve
;
1499 ContextDllCreateObjectContext create
;
1500 HCRYPTOIDFUNCADDR hRetrieve
= 0, hCreate
= 0;
1502 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL
),
1503 debugstr_a(pszObjectOid
), dwRetrievalFlags
, dwTimeout
, ppvObject
,
1504 hAsyncRetrieve
, pCredentials
, pvVerify
, pAuxInfo
);
1508 SetLastError(ERROR_INVALID_PARAMETER
);
1511 ret
= CRYPT_GetRetrieveFunction(pszURL
, &retrieve
, &hRetrieve
);
1513 ret
= CRYPT_GetCreateFunction(pszObjectOid
, &create
, &hCreate
);
1516 CRYPT_BLOB_ARRAY object
= { 0, NULL
};
1517 PFN_FREE_ENCODED_OBJECT_FUNC freeObject
;
1521 ret
= retrieve(pszURL
, pszObjectOid
, dwRetrievalFlags
, dwTimeout
,
1522 &object
, &freeObject
, &freeContext
, hAsyncRetrieve
, pCredentials
,
1526 ret
= create(pszObjectOid
, dwRetrievalFlags
, &object
, ppvObject
);
1527 if (ret
&& !(dwRetrievalFlags
& CRYPT_DONT_CACHE_RESULT
) &&
1528 CRYPT_GetExpiration(*ppvObject
, pszObjectOid
, &expires
))
1530 CRYPT_CacheURL(pszURL
, &object
, dwRetrievalFlags
, expires
);
1532 freeObject(pszObjectOid
, &object
, freeContext
);
1536 CryptFreeOIDFunctionAddress(hCreate
, 0);
1538 CryptFreeOIDFunctionAddress(hRetrieve
, 0);
1539 TRACE("returning %d\n", ret
);
1543 static DWORD
verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert
,
1544 PCCRL_CONTEXT crl
, DWORD index
, FILETIME
*pTime
,
1545 PCERT_REVOCATION_STATUS pRevStatus
)
1548 PCRL_ENTRY entry
= NULL
;
1550 CertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1553 error
= CRYPT_E_REVOKED
;
1554 pRevStatus
->dwIndex
= index
;
1558 /* Since the CRL was retrieved for the cert being checked, then it's
1559 * guaranteed to be fresh, and the cert is not revoked.
1561 error
= ERROR_SUCCESS
;
1566 static DWORD
verify_cert_revocation_from_dist_points_ext(
1567 const CRYPT_DATA_BLOB
*value
, PCCERT_CONTEXT cert
, DWORD index
,
1568 FILETIME
*pTime
, DWORD dwFlags
, const CERT_REVOCATION_PARA
*pRevPara
,
1569 PCERT_REVOCATION_STATUS pRevStatus
)
1571 DWORD error
= ERROR_SUCCESS
, cbUrlArray
;
1573 if (CRYPT_GetUrlFromCRLDistPointsExt(value
, NULL
, &cbUrlArray
, NULL
, NULL
))
1575 CRYPT_URL_ARRAY
*urlArray
= CryptMemAlloc(cbUrlArray
);
1579 DWORD j
, retrievalFlags
= 0, startTime
, endTime
, timeout
;
1582 ret
= CRYPT_GetUrlFromCRLDistPointsExt(value
, urlArray
,
1583 &cbUrlArray
, NULL
, NULL
);
1584 if (dwFlags
& CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION
)
1585 retrievalFlags
|= CRYPT_CACHE_ONLY_RETRIEVAL
;
1586 if (dwFlags
& CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG
&&
1587 pRevPara
&& pRevPara
->cbSize
>= offsetof(CERT_REVOCATION_PARA
,
1588 dwUrlRetrievalTimeout
) + sizeof(DWORD
))
1590 startTime
= GetTickCount();
1591 endTime
= startTime
+ pRevPara
->dwUrlRetrievalTimeout
;
1592 timeout
= pRevPara
->dwUrlRetrievalTimeout
;
1595 endTime
= timeout
= 0;
1597 error
= GetLastError();
1598 /* continue looping if one was offline; break if revoked or timed out */
1599 for (j
= 0; (!error
|| error
== CRYPT_E_REVOCATION_OFFLINE
) && j
< urlArray
->cUrl
; j
++)
1603 ret
= CryptRetrieveObjectByUrlW(urlArray
->rgwszUrl
[j
],
1604 CONTEXT_OID_CRL
, retrievalFlags
, timeout
, (void **)&crl
,
1605 NULL
, NULL
, NULL
, NULL
);
1608 error
= verify_cert_revocation_with_crl_online(cert
, crl
,
1609 index
, pTime
, pRevStatus
);
1610 if (!error
&& timeout
)
1612 DWORD time
= GetTickCount();
1614 if ((int)(endTime
- time
) <= 0)
1616 error
= ERROR_TIMEOUT
;
1617 pRevStatus
->dwIndex
= index
;
1620 timeout
= endTime
- time
;
1622 CertFreeCRLContext(crl
);
1625 error
= CRYPT_E_REVOCATION_OFFLINE
;
1627 CryptMemFree(urlArray
);
1631 error
= ERROR_OUTOFMEMORY
;
1632 pRevStatus
->dwIndex
= index
;
1637 error
= GetLastError();
1638 pRevStatus
->dwIndex
= index
;
1643 static DWORD
verify_cert_revocation_from_aia_ext(
1644 const CRYPT_DATA_BLOB
*value
, PCCERT_CONTEXT cert
, DWORD index
,
1645 FILETIME
*pTime
, DWORD dwFlags
, PCERT_REVOCATION_PARA pRevPara
,
1646 PCERT_REVOCATION_STATUS pRevStatus
)
1650 CERT_AUTHORITY_INFO_ACCESS
*aia
;
1652 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_AUTHORITY_INFO_ACCESS
,
1653 value
->pbData
, value
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, &aia
, &size
);
1658 for (i
= 0; i
< aia
->cAccDescr
; i
++)
1659 if (!strcmp(aia
->rgAccDescr
[i
].pszAccessMethod
,
1662 if (aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
==
1664 FIXME("OCSP URL = %s\n",
1665 debugstr_w(aia
->rgAccDescr
[i
].AccessLocation
.u
.pwszURL
));
1667 FIXME("unsupported AccessLocation type %d\n",
1668 aia
->rgAccDescr
[i
].AccessLocation
.dwAltNameChoice
);
1671 /* FIXME: lie and pretend OCSP validated the cert */
1672 error
= ERROR_SUCCESS
;
1675 error
= GetLastError();
1679 static DWORD
verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert
,
1680 PCCRL_CONTEXT crl
, DWORD index
, FILETIME
*pTime
,
1681 PCERT_REVOCATION_STATUS pRevStatus
)
1686 valid
= CompareFileTime(pTime
, &crl
->pCrlInfo
->ThisUpdate
);
1689 /* If this CRL is not older than the time being verified, there's no
1690 * way to know whether the certificate was revoked.
1692 TRACE("CRL not old enough\n");
1693 error
= CRYPT_E_REVOCATION_OFFLINE
;
1697 PCRL_ENTRY entry
= NULL
;
1699 CertFindCertificateInCRL(cert
, crl
, 0, NULL
, &entry
);
1702 error
= CRYPT_E_REVOKED
;
1703 pRevStatus
->dwIndex
= index
;
1707 /* Since the CRL was not retrieved for the cert being checked,
1708 * there's no guarantee it's fresh, so the cert *might* be okay,
1709 * but it's safer not to guess.
1711 TRACE("certificate not found\n");
1712 error
= CRYPT_E_REVOCATION_OFFLINE
;
1718 static DWORD
verify_cert_revocation(PCCERT_CONTEXT cert
, DWORD index
,
1719 FILETIME
*pTime
, DWORD dwFlags
, PCERT_REVOCATION_PARA pRevPara
,
1720 PCERT_REVOCATION_STATUS pRevStatus
)
1722 DWORD error
= ERROR_SUCCESS
;
1723 PCERT_EXTENSION ext
;
1725 if ((ext
= CertFindExtension(szOID_CRL_DIST_POINTS
,
1726 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
1727 error
= verify_cert_revocation_from_dist_points_ext(&ext
->Value
, cert
,
1728 index
, pTime
, dwFlags
, pRevPara
, pRevStatus
);
1729 else if ((ext
= CertFindExtension(szOID_AUTHORITY_INFO_ACCESS
,
1730 cert
->pCertInfo
->cExtension
, cert
->pCertInfo
->rgExtension
)))
1731 error
= verify_cert_revocation_from_aia_ext(&ext
->Value
, cert
,
1732 index
, pTime
, dwFlags
, pRevPara
, pRevStatus
);
1735 if (pRevPara
&& pRevPara
->hCrlStore
&& pRevPara
->pIssuerCert
)
1737 PCCRL_CONTEXT crl
= NULL
;
1740 /* If the caller told us about the issuer, make sure the issuer
1741 * can sign CRLs before looking for one.
1743 if ((ext
= CertFindExtension(szOID_KEY_USAGE
,
1744 pRevPara
->pIssuerCert
->pCertInfo
->cExtension
,
1745 pRevPara
->pIssuerCert
->pCertInfo
->rgExtension
)))
1747 CRYPT_BIT_BLOB usage
;
1748 DWORD size
= sizeof(usage
);
1750 if (!CryptDecodeObjectEx(cert
->dwCertEncodingType
, X509_BITS
,
1751 ext
->Value
.pbData
, ext
->Value
.cbData
,
1752 CRYPT_DECODE_NOCOPY_FLAG
, NULL
, &usage
, &size
))
1753 canSignCRLs
= FALSE
;
1754 else if (usage
.cbData
> 2)
1756 /* The key usage extension only defines 9 bits => no more
1757 * than 2 bytes are needed to encode all known usages.
1759 canSignCRLs
= FALSE
;
1763 BYTE usageBits
= usage
.pbData
[usage
.cbData
- 1];
1765 canSignCRLs
= usageBits
& CERT_CRL_SIGN_KEY_USAGE
;
1772 /* If the caller was helpful enough to tell us where to find a
1773 * CRL for the cert, look for one and check it.
1775 crl
= CertFindCRLInStore(pRevPara
->hCrlStore
,
1776 cert
->dwCertEncodingType
,
1777 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG
|
1778 CRL_FIND_ISSUED_BY_AKI_FLAG
,
1779 CRL_FIND_ISSUED_BY
, pRevPara
->pIssuerCert
, NULL
);
1783 error
= verify_cert_revocation_with_crl_offline(cert
, crl
,
1784 index
, pTime
, pRevStatus
);
1785 CertFreeCRLContext(crl
);
1789 TRACE("no CRL found\n");
1790 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1791 pRevStatus
->dwIndex
= index
;
1797 WARN("no CERT_REVOCATION_PARA\n");
1798 else if (!pRevPara
->hCrlStore
)
1799 WARN("no dist points/aia extension and no CRL store\n");
1800 else if (!pRevPara
->pIssuerCert
)
1801 WARN("no dist points/aia extension and no issuer\n");
1802 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1803 pRevStatus
->dwIndex
= index
;
1809 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
{
1811 PCCERT_CONTEXT pIssuerCert
;
1813 HCERTSTORE
*rgCertStore
;
1814 HCERTSTORE hCrlStore
;
1815 LPFILETIME pftTimeToUse
;
1816 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
;
1818 typedef struct _OLD_CERT_REVOCATION_STATUS
{
1823 } OLD_CERT_REVOCATION_STATUS
;
1825 /***********************************************************************
1826 * CertDllVerifyRevocation (CRYPTNET.@)
1828 BOOL WINAPI
CertDllVerifyRevocation(DWORD dwEncodingType
, DWORD dwRevType
,
1829 DWORD cContext
, PVOID rgpvContext
[], DWORD dwFlags
,
1830 PCERT_REVOCATION_PARA pRevPara
, PCERT_REVOCATION_STATUS pRevStatus
)
1834 LPFILETIME pTime
= NULL
;
1836 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType
, dwRevType
,
1837 cContext
, rgpvContext
, dwFlags
, pRevPara
, pRevStatus
);
1839 if (pRevStatus
->cbSize
!= sizeof(OLD_CERT_REVOCATION_STATUS
) &&
1840 pRevStatus
->cbSize
!= sizeof(CERT_REVOCATION_STATUS
))
1842 SetLastError(E_INVALIDARG
);
1847 SetLastError(E_INVALIDARG
);
1850 if (pRevPara
&& pRevPara
->cbSize
>=
1851 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS
))
1852 pTime
= pRevPara
->pftTimeToUse
;
1855 GetSystemTimeAsFileTime(&now
);
1858 memset(&pRevStatus
->dwIndex
, 0, pRevStatus
->cbSize
- sizeof(DWORD
));
1859 if (dwRevType
!= CERT_CONTEXT_REVOCATION_TYPE
)
1860 error
= CRYPT_E_NO_REVOCATION_CHECK
;
1863 for (i
= 0; !error
&& i
< cContext
; i
++)
1864 error
= verify_cert_revocation(rgpvContext
[i
], i
, pTime
, dwFlags
,
1865 pRevPara
, pRevStatus
);
1869 SetLastError(error
);
1870 pRevStatus
->dwError
= error
;
1872 TRACE("returning %d (%08x)\n", !error
, error
);