[CRYPTNET]
[reactos.git] / reactos / dll / win32 / cryptnet / cryptnet_main.c
1 /*
2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #define WIN32_NO_STATUS
22
23 #include <config.h>
24 //#include "wine/port.h"
25
26 #define NONAMELESSUNION
27 #define NONAMELESSSTRUCT
28 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
29
30 #include <stdio.h>
31 //#include <stdarg.h>
32
33 #include <windef.h>
34 #include <winbase.h>
35 //#include "winnt.h"
36 #include <winnls.h>
37 #include <wininet.h>
38 //#include "objbase.h"
39 #include <wincrypt.h>
40
41 #include <wine/debug.h>
42
43 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
44
45 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
46
47 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
48 'd','l','l',0 };
49
50 /***********************************************************************
51 * DllRegisterServer (CRYPTNET.@)
52 */
53 HRESULT WINAPI DllRegisterServer(void)
54 {
55 TRACE("\n");
56 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
57 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
58 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
59 cryptNet, "LdapProvOpenStore");
60 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
61 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
62 return S_OK;
63 }
64
65 /***********************************************************************
66 * DllUnregisterServer (CRYPTNET.@)
67 */
68 HRESULT WINAPI DllUnregisterServer(void)
69 {
70 TRACE("\n");
71 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
72 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
73 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
74 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
75 CERT_STORE_PROV_LDAP_W);
76 return S_OK;
77 }
78
79 static const char *url_oid_to_str(LPCSTR oid)
80 {
81 if (IS_INTOID(oid))
82 {
83 static char buf[10];
84
85 switch (LOWORD(oid))
86 {
87 #define _x(oid) case LOWORD(oid): return #oid
88 _x(URL_OID_CERTIFICATE_ISSUER);
89 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
90 _x(URL_OID_CTL_ISSUER);
91 _x(URL_OID_CTL_NEXT_UPDATE);
92 _x(URL_OID_CRL_ISSUER);
93 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
94 _x(URL_OID_CRL_FRESHEST_CRL);
95 _x(URL_OID_CROSS_CERT_DIST_POINT);
96 #undef _x
97 default:
98 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
99 return buf;
100 }
101 }
102 else
103 return oid;
104 }
105
106 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
107 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
108
109 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
110 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
111 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
112 {
113 PCCERT_CONTEXT cert = pvPara;
114 PCERT_EXTENSION ext;
115 BOOL ret = FALSE;
116
117 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
118 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
119 {
120 SetLastError(CRYPT_E_NOT_FOUND);
121 return FALSE;
122 }
123 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
124 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
125 {
126 CERT_AUTHORITY_INFO_ACCESS *aia;
127 DWORD size;
128
129 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
130 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
131 &aia, &size);
132 if (ret)
133 {
134 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
135
136 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
137 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
138 szOID_PKIX_CA_ISSUERS))
139 {
140 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
141 CERT_ALT_NAME_URL)
142 {
143 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
144 {
145 cUrl++;
146 bytesNeeded += sizeof(LPWSTR) +
147 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
148 pwszURL) + 1) * sizeof(WCHAR);
149 }
150 }
151 else
152 FIXME("unsupported alt name type %d\n",
153 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
154 }
155 if (!pcbUrlArray)
156 {
157 SetLastError(E_INVALIDARG);
158 ret = FALSE;
159 }
160 else if (!pUrlArray)
161 *pcbUrlArray = bytesNeeded;
162 else if (*pcbUrlArray < bytesNeeded)
163 {
164 SetLastError(ERROR_MORE_DATA);
165 *pcbUrlArray = bytesNeeded;
166 ret = FALSE;
167 }
168 else
169 {
170 LPWSTR nextUrl;
171
172 *pcbUrlArray = bytesNeeded;
173 pUrlArray->cUrl = 0;
174 pUrlArray->rgwszUrl =
175 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
176 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
177 + cUrl * sizeof(LPWSTR));
178 for (i = 0; i < aia->cAccDescr; i++)
179 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
180 szOID_PKIX_CA_ISSUERS))
181 {
182 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
183 == CERT_ALT_NAME_URL)
184 {
185 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
186 {
187 lstrcpyW(nextUrl,
188 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
189 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
190 nextUrl;
191 nextUrl += (lstrlenW(nextUrl) + 1);
192 }
193 }
194 }
195 }
196 if (ret)
197 {
198 if (pcbUrlInfo)
199 {
200 FIXME("url info: stub\n");
201 if (!pUrlInfo)
202 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
203 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
204 {
205 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
206 SetLastError(ERROR_MORE_DATA);
207 ret = FALSE;
208 }
209 else
210 {
211 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
212 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
213 }
214 }
215 }
216 LocalFree(aia);
217 }
218 }
219 else
220 SetLastError(CRYPT_E_NOT_FOUND);
221 return ret;
222 }
223
224 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
225 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
226 DWORD *pcbUrlInfo)
227 {
228 BOOL ret;
229 CRL_DIST_POINTS_INFO *info;
230 DWORD size;
231
232 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
233 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
234 if (ret)
235 {
236 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
237
238 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
239 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
240 == CRL_DIST_POINT_FULL_NAME)
241 {
242 DWORD j;
243 CERT_ALT_NAME_INFO *name =
244 &info->rgDistPoint[i].DistPointName.u.FullName;
245
246 for (j = 0; j < name->cAltEntry; j++)
247 if (name->rgAltEntry[j].dwAltNameChoice ==
248 CERT_ALT_NAME_URL)
249 {
250 if (name->rgAltEntry[j].u.pwszURL)
251 {
252 cUrl++;
253 bytesNeeded += sizeof(LPWSTR) +
254 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
255 * sizeof(WCHAR);
256 }
257 }
258 }
259 if (!pcbUrlArray)
260 {
261 SetLastError(E_INVALIDARG);
262 ret = FALSE;
263 }
264 else if (!pUrlArray)
265 *pcbUrlArray = bytesNeeded;
266 else if (*pcbUrlArray < bytesNeeded)
267 {
268 SetLastError(ERROR_MORE_DATA);
269 *pcbUrlArray = bytesNeeded;
270 ret = FALSE;
271 }
272 else
273 {
274 LPWSTR nextUrl;
275
276 *pcbUrlArray = bytesNeeded;
277 pUrlArray->cUrl = 0;
278 pUrlArray->rgwszUrl =
279 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
280 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
281 + cUrl * sizeof(LPWSTR));
282 for (i = 0; i < info->cDistPoint; i++)
283 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
284 == CRL_DIST_POINT_FULL_NAME)
285 {
286 DWORD j;
287 CERT_ALT_NAME_INFO *name =
288 &info->rgDistPoint[i].DistPointName.u.FullName;
289
290 for (j = 0; j < name->cAltEntry; j++)
291 if (name->rgAltEntry[j].dwAltNameChoice ==
292 CERT_ALT_NAME_URL)
293 {
294 if (name->rgAltEntry[j].u.pwszURL)
295 {
296 lstrcpyW(nextUrl,
297 name->rgAltEntry[j].u.pwszURL);
298 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
299 nextUrl;
300 nextUrl +=
301 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
302 }
303 }
304 }
305 }
306 if (ret)
307 {
308 if (pcbUrlInfo)
309 {
310 FIXME("url info: stub\n");
311 if (!pUrlInfo)
312 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
313 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
314 {
315 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
316 SetLastError(ERROR_MORE_DATA);
317 ret = FALSE;
318 }
319 else
320 {
321 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
322 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
323 }
324 }
325 }
326 LocalFree(info);
327 }
328 return ret;
329 }
330
331 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
332 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
333 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
334 {
335 PCCERT_CONTEXT cert = pvPara;
336 PCERT_EXTENSION ext;
337 BOOL ret = FALSE;
338
339 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
340 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
341 {
342 SetLastError(CRYPT_E_NOT_FOUND);
343 return FALSE;
344 }
345 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
346 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
347 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
348 pcbUrlArray, pUrlInfo, pcbUrlInfo);
349 else
350 SetLastError(CRYPT_E_NOT_FOUND);
351 return ret;
352 }
353
354 /***********************************************************************
355 * CryptGetObjectUrl (CRYPTNET.@)
356 */
357 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
358 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
359 DWORD *pcbUrlInfo, LPVOID pvReserved)
360 {
361 UrlDllGetObjectUrlFunc func = NULL;
362 HCRYPTOIDFUNCADDR hFunc = NULL;
363 BOOL ret = FALSE;
364
365 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
366 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
367
368 if (IS_INTOID(pszUrlOid))
369 {
370 switch (LOWORD(pszUrlOid))
371 {
372 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
373 func = CRYPT_GetUrlFromCertificateIssuer;
374 break;
375 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
376 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
377 break;
378 default:
379 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
380 SetLastError(ERROR_FILE_NOT_FOUND);
381 }
382 }
383 else
384 {
385 static HCRYPTOIDFUNCSET set = NULL;
386
387 if (!set)
388 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
389 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
390 (void **)&func, &hFunc);
391 }
392 if (func)
393 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
394 pUrlInfo, pcbUrlInfo, pvReserved);
395 if (hFunc)
396 CryptFreeOIDFunctionAddress(hFunc, 0);
397 return ret;
398 }
399
400 /***********************************************************************
401 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
402 */
403 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
404 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
405 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
406 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
407 {
408 BOOL ret = FALSE;
409 int len;
410
411 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
412 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
413 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
414
415 if (!pszURL)
416 {
417 SetLastError(ERROR_INVALID_PARAMETER);
418 return FALSE;
419 }
420 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
421 if (len)
422 {
423 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
424
425 if (url)
426 {
427 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
428 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
429 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
430 pCredentials, pvVerify, pAuxInfo);
431 CryptMemFree(url);
432 }
433 else
434 SetLastError(ERROR_OUTOFMEMORY);
435 }
436 return ret;
437 }
438
439 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
440 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
441 {
442 DWORD i;
443
444 for (i = 0; i < pObject->cBlob; i++)
445 CryptMemFree(pObject->rgBlob[i].pbData);
446 CryptMemFree(pObject->rgBlob);
447 }
448
449 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
450 {
451 BOOL ret;
452 LARGE_INTEGER size;
453
454 if ((ret = GetFileSizeEx(hFile, &size)))
455 {
456 if (size.u.HighPart)
457 {
458 WARN("file too big\n");
459 SetLastError(ERROR_INVALID_DATA);
460 ret = FALSE;
461 }
462 else
463 {
464 CRYPT_DATA_BLOB blob;
465
466 blob.pbData = CryptMemAlloc(size.u.LowPart);
467 if (blob.pbData)
468 {
469 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
470 NULL);
471 if (ret)
472 {
473 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
474 if (pObject->rgBlob)
475 {
476 pObject->cBlob = 1;
477 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
478 }
479 else
480 {
481 SetLastError(ERROR_OUTOFMEMORY);
482 ret = FALSE;
483 }
484 }
485 if (!ret)
486 CryptMemFree(blob.pbData);
487 }
488 else
489 {
490 SetLastError(ERROR_OUTOFMEMORY);
491 ret = FALSE;
492 }
493 }
494 }
495 return ret;
496 }
497
498 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
499 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
500 {
501 BOOL ret = FALSE;
502 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
503 DWORD size = 0;
504
505 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
506
507 RetrieveUrlCacheEntryFileW(pszURL, NULL, &size, 0);
508 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
509 return FALSE;
510
511 pCacheInfo = CryptMemAlloc(size);
512 if (!pCacheInfo)
513 {
514 SetLastError(ERROR_OUTOFMEMORY);
515 return FALSE;
516 }
517
518 if ((ret = RetrieveUrlCacheEntryFileW(pszURL, pCacheInfo, &size, 0)))
519 {
520 FILETIME ft;
521
522 GetSystemTimeAsFileTime(&ft);
523 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
524 {
525 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName, GENERIC_READ,
526 FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
527
528 if (hFile != INVALID_HANDLE_VALUE)
529 {
530 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
531 {
532 if (pAuxInfo && pAuxInfo->cbSize >=
533 offsetof(CRYPT_RETRIEVE_AUX_INFO,
534 pLastSyncTime) + sizeof(PFILETIME) &&
535 pAuxInfo->pLastSyncTime)
536 memcpy(pAuxInfo->pLastSyncTime,
537 &pCacheInfo->LastSyncTime,
538 sizeof(FILETIME));
539 }
540 CloseHandle(hFile);
541 }
542 else
543 {
544 DeleteUrlCacheEntryW(pszURL);
545 ret = FALSE;
546 }
547 }
548 else
549 {
550 DeleteUrlCacheEntryW(pszURL);
551 ret = FALSE;
552 }
553 UnlockUrlCacheEntryFileW(pszURL, 0);
554 }
555 CryptMemFree(pCacheInfo);
556 TRACE("returning %d\n", ret);
557 return ret;
558 }
559
560 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
561 * to NULL-terminated copies of those portions of the URL (to be freed with
562 * CryptMemFree.)
563 */
564 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
565 {
566 BOOL ret;
567
568 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
569
570 memset(components, 0, sizeof(*components));
571 components->dwStructSize = sizeof(*components);
572 components->lpszHostName = CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH * sizeof(WCHAR));
573 components->dwHostNameLength = INTERNET_MAX_HOST_NAME_LENGTH;
574 if (!components->lpszHostName)
575 {
576 SetLastError(ERROR_OUTOFMEMORY);
577 return FALSE;
578 }
579 components->lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
580 components->dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
581 if (!components->lpszUrlPath)
582 {
583 CryptMemFree(components->lpszHostName);
584 SetLastError(ERROR_OUTOFMEMORY);
585 return FALSE;
586 }
587
588 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
589 if (ret)
590 {
591 switch (components->nScheme)
592 {
593 case INTERNET_SCHEME_FTP:
594 if (!components->nPort)
595 components->nPort = INTERNET_DEFAULT_FTP_PORT;
596 break;
597 case INTERNET_SCHEME_HTTP:
598 if (!components->nPort)
599 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
600 break;
601 default:
602 ; /* do nothing */
603 }
604 }
605 TRACE("returning %d\n", ret);
606 return ret;
607 }
608
609 struct InetContext
610 {
611 HANDLE event;
612 DWORD timeout;
613 DWORD error;
614 };
615
616 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
617 {
618 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
619
620 if (context)
621 {
622 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
623 if (!context->event)
624 {
625 CryptMemFree(context);
626 context = NULL;
627 }
628 else
629 {
630 context->timeout = dwTimeout;
631 context->error = ERROR_SUCCESS;
632 }
633 }
634 return context;
635 }
636
637 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
638 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
639 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
640 {
641 CRYPT_DATA_BLOB object = { 0, NULL };
642 DWORD bytesAvailable;
643 BOOL ret;
644
645 do {
646 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
647 {
648 if (bytesAvailable)
649 {
650 if (object.pbData)
651 object.pbData = CryptMemRealloc(object.pbData,
652 object.cbData + bytesAvailable);
653 else
654 object.pbData = CryptMemAlloc(bytesAvailable);
655 if (object.pbData)
656 {
657 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
658
659 buffer.dwBufferLength = bytesAvailable;
660 buffer.lpvBuffer = object.pbData + object.cbData;
661 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
662 (DWORD_PTR)context)))
663 {
664 if (GetLastError() == ERROR_IO_PENDING)
665 {
666 if (WaitForSingleObject(context->event,
667 context->timeout) == WAIT_TIMEOUT)
668 SetLastError(ERROR_TIMEOUT);
669 else if (context->error)
670 SetLastError(context->error);
671 else
672 ret = TRUE;
673 }
674 }
675 if (ret)
676 object.cbData += buffer.dwBufferLength;
677 }
678 else
679 {
680 SetLastError(ERROR_OUTOFMEMORY);
681 ret = FALSE;
682 }
683 }
684 }
685 else if (GetLastError() == ERROR_IO_PENDING)
686 {
687 if (WaitForSingleObject(context->event, context->timeout) ==
688 WAIT_TIMEOUT)
689 SetLastError(ERROR_TIMEOUT);
690 else
691 ret = TRUE;
692 }
693 } while (ret && bytesAvailable);
694 if (ret)
695 {
696 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
697 if (!pObject->rgBlob)
698 {
699 CryptMemFree(object.pbData);
700 SetLastError(ERROR_OUTOFMEMORY);
701 ret = FALSE;
702 }
703 else
704 {
705 pObject->rgBlob[0].cbData = object.cbData;
706 pObject->rgBlob[0].pbData = object.pbData;
707 pObject->cBlob = 1;
708 }
709 }
710 TRACE("returning %d\n", ret);
711 return ret;
712 }
713
714 /* Finds the object specified by pszURL in the cache. If it's not found,
715 * creates a new cache entry for the object and writes the object to it.
716 * Sets the expiration time of the cache entry to expires.
717 */
718 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
719 DWORD dwRetrievalFlags, FILETIME expires)
720 {
721 WCHAR cacheFileName[MAX_PATH];
722 HANDLE hCacheFile;
723 DWORD size = 0, entryType;
724 FILETIME ft;
725
726 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
727 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
728 {
729 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
730
731 if (!info)
732 {
733 ERR("out of memory\n");
734 return;
735 }
736
737 if (GetUrlCacheEntryInfoW(pszURL, info, &size))
738 {
739 lstrcpyW(cacheFileName, info->lpszLocalFileName);
740 /* Check if the existing cache entry is up to date. If it isn't,
741 * remove the existing cache entry, and create a new one with the
742 * new value.
743 */
744 GetSystemTimeAsFileTime(&ft);
745 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
746 {
747 DeleteUrlCacheEntryW(pszURL);
748 }
749 else
750 {
751 info->ExpireTime = expires;
752 SetUrlCacheEntryInfoW(pszURL, info, CACHE_ENTRY_EXPTIME_FC);
753 CryptMemFree(info);
754 return;
755 }
756 }
757 CryptMemFree(info);
758 }
759
760 if (!CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL, cacheFileName, 0))
761 return;
762
763 hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
764 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
765 if(hCacheFile == INVALID_HANDLE_VALUE)
766 return;
767
768 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
769 pObject->rgBlob[0].cbData, &size, NULL);
770 CloseHandle(hCacheFile);
771
772 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
773 entryType = NORMAL_CACHE_ENTRY;
774 else
775 entryType = STICKY_CACHE_ENTRY;
776 memset(&ft, 0, sizeof(ft));
777 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
778 NULL, 0, NULL, NULL);
779 }
780
781 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
782 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
783 {
784 struct InetContext *context = (struct InetContext *)dwContext;
785 LPINTERNET_ASYNC_RESULT result;
786
787 switch (status)
788 {
789 case INTERNET_STATUS_REQUEST_COMPLETE:
790 result = statusInfo;
791 context->error = result->dwError;
792 SetEvent(context->event);
793 }
794 }
795
796 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
797 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
798 HINTERNET *phInt, HINTERNET *phHost)
799 {
800 BOOL ret;
801
802 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
803 components->nPort, context, pCredentials, phInt, phInt);
804
805 *phHost = NULL;
806 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL,
807 context ? INTERNET_FLAG_ASYNC : 0);
808 if (*phInt)
809 {
810 DWORD service;
811
812 if (context)
813 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
814 switch (components->nScheme)
815 {
816 case INTERNET_SCHEME_FTP:
817 service = INTERNET_SERVICE_FTP;
818 break;
819 case INTERNET_SCHEME_HTTP:
820 service = INTERNET_SERVICE_HTTP;
821 break;
822 default:
823 service = 0;
824 }
825 /* FIXME: use pCredentials for username/password */
826 *phHost = InternetConnectW(*phInt, components->lpszHostName,
827 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
828 if (!*phHost)
829 {
830 InternetCloseHandle(*phInt);
831 *phInt = NULL;
832 ret = FALSE;
833 }
834 else
835 ret = TRUE;
836 }
837 else
838 ret = FALSE;
839 TRACE("returning %d\n", ret);
840 return ret;
841 }
842
843 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
844 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
845 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
846 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
847 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
848 {
849 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
850 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
851 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
852
853 pObject->cBlob = 0;
854 pObject->rgBlob = NULL;
855 *ppfnFreeObject = CRYPT_FreeBlob;
856 *ppvFreeContext = NULL;
857 return FALSE;
858 }
859
860 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
861 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
862 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
863 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
864 0 };
865 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
866 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
867 't',0 };
868 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
869 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
870 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
871 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
872 's',0 };
873 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
874 '/','p','k','i','x','-','c','r','l',0 };
875 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
876 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
877 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
878 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
879 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
880 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
881
882 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
883 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
884 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
885 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
886 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
887 {
888 BOOL ret = FALSE;
889
890 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
891 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
892 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
893
894 pObject->cBlob = 0;
895 pObject->rgBlob = NULL;
896 *ppfnFreeObject = CRYPT_FreeBlob;
897 *ppvFreeContext = NULL;
898
899 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
900 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
901 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
902 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
903 {
904 URL_COMPONENTSW components;
905
906 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
907 {
908 HINTERNET hInt, hHost;
909 struct InetContext *context = NULL;
910
911 if (dwTimeout)
912 context = CRYPT_MakeInetContext(dwTimeout);
913 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
914 &hHost);
915 if (ret)
916 {
917 static LPCWSTR types[] = { x509cacert, x509emailcert,
918 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
919 pkcs7sig, pkcs7mime, NULL };
920 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
921 components.lpszUrlPath, NULL, NULL, types,
922 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
923 (DWORD_PTR)context);
924
925 if (hHttp)
926 {
927 if (dwTimeout)
928 {
929 InternetSetOptionW(hHttp,
930 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
931 sizeof(dwTimeout));
932 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
933 &dwTimeout, sizeof(dwTimeout));
934 }
935 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
936 (DWORD_PTR)context);
937 if (!ret && GetLastError() == ERROR_IO_PENDING)
938 {
939 if (WaitForSingleObject(context->event,
940 context->timeout) == WAIT_TIMEOUT)
941 SetLastError(ERROR_TIMEOUT);
942 else
943 ret = TRUE;
944 }
945 if (ret &&
946 !(ret = HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context)) &&
947 GetLastError() == ERROR_IO_PENDING)
948 {
949 if (WaitForSingleObject(context->event,
950 context->timeout) == WAIT_TIMEOUT)
951 SetLastError(ERROR_TIMEOUT);
952 else
953 ret = TRUE;
954 }
955 if (ret)
956 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
957 context, pObject, pAuxInfo);
958 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
959 {
960 SYSTEMTIME st;
961 FILETIME ft;
962 DWORD len = sizeof(st);
963
964 if (HttpQueryInfoW(hHttp, HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME,
965 &st, &len, NULL) && SystemTimeToFileTime(&st, &ft))
966 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags, ft);
967 }
968 InternetCloseHandle(hHttp);
969 }
970 InternetCloseHandle(hHost);
971 InternetCloseHandle(hInt);
972 }
973 if (context)
974 {
975 CloseHandle(context->event);
976 CryptMemFree(context);
977 }
978 CryptMemFree(components.lpszUrlPath);
979 CryptMemFree(components.lpszHostName);
980 }
981 }
982 TRACE("returning %d\n", ret);
983 return ret;
984 }
985
986 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
987 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
988 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
989 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
990 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
991 {
992 URL_COMPONENTSW components = { sizeof(components), 0 };
993 BOOL ret;
994
995 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
996 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
997 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
998
999 pObject->cBlob = 0;
1000 pObject->rgBlob = NULL;
1001 *ppfnFreeObject = CRYPT_FreeBlob;
1002 *ppvFreeContext = NULL;
1003
1004 components.lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
1005 components.dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
1006 if (!components.lpszUrlPath)
1007 {
1008 SetLastError(ERROR_OUTOFMEMORY);
1009 return FALSE;
1010 }
1011
1012 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1013 if (ret)
1014 {
1015 LPWSTR path;
1016
1017 /* 3 == lstrlenW(L"c:") + 1 */
1018 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1019 if (path)
1020 {
1021 HANDLE hFile;
1022
1023 /* Try to create the file directly - Wine handles / in pathnames */
1024 lstrcpynW(path, components.lpszUrlPath,
1025 components.dwUrlPathLength + 1);
1026 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1027 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1028 #ifdef __REACTOS__
1029 if ((hFile == INVALID_HANDLE_VALUE) && (lstrlenW(components.lpszUrlPath) > 1) && (components.lpszUrlPath[1] != ':'))
1030 #else
1031 if (hFile == INVALID_HANDLE_VALUE)
1032 #endif
1033 {
1034 /* Try again on the current drive */
1035 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1036 if (path[1] == ':')
1037 {
1038 lstrcpynW(path + 2, components.lpszUrlPath,
1039 components.dwUrlPathLength + 1);
1040 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1041 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1042 }
1043 if (hFile == INVALID_HANDLE_VALUE)
1044 {
1045 /* Try again on the Windows drive */
1046 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1047 if (path[1] == ':')
1048 {
1049 lstrcpynW(path + 2, components.lpszUrlPath,
1050 components.dwUrlPathLength + 1);
1051 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1052 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1053 }
1054 }
1055 }
1056 if (hFile != INVALID_HANDLE_VALUE)
1057 {
1058 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1059 {
1060 if (pAuxInfo && pAuxInfo->cbSize >=
1061 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1062 pLastSyncTime) + sizeof(PFILETIME) &&
1063 pAuxInfo->pLastSyncTime)
1064 GetFileTime(hFile, NULL, NULL,
1065 pAuxInfo->pLastSyncTime);
1066 }
1067 CloseHandle(hFile);
1068 }
1069 else
1070 ret = FALSE;
1071 CryptMemFree(path);
1072 }
1073 else
1074 {
1075 SetLastError(ERROR_OUTOFMEMORY);
1076 ret = FALSE;
1077 }
1078 }
1079 CryptMemFree(components.lpszUrlPath);
1080 return ret;
1081 }
1082
1083 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1084 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1085 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1086 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1087 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1088
1089 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1090 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1091 {
1092 URL_COMPONENTSW components = { sizeof(components), 0 };
1093 BOOL ret;
1094
1095 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1096
1097 *pFunc = NULL;
1098 *phFunc = 0;
1099 components.dwSchemeLength = 1;
1100 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1101 if (ret)
1102 {
1103 /* Microsoft always uses CryptInitOIDFunctionSet/
1104 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1105 * reason to do so for builtin schemes.
1106 */
1107 switch (components.nScheme)
1108 {
1109 case INTERNET_SCHEME_FTP:
1110 *pFunc = FTP_RetrieveEncodedObjectW;
1111 break;
1112 case INTERNET_SCHEME_HTTP:
1113 *pFunc = HTTP_RetrieveEncodedObjectW;
1114 break;
1115 case INTERNET_SCHEME_FILE:
1116 *pFunc = File_RetrieveEncodedObjectW;
1117 break;
1118 default:
1119 {
1120 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1121 components.dwSchemeLength, NULL, 0, NULL, NULL);
1122
1123 if (len)
1124 {
1125 LPSTR scheme = CryptMemAlloc(len);
1126
1127 if (scheme)
1128 {
1129 static HCRYPTOIDFUNCSET set = NULL;
1130
1131 if (!set)
1132 set = CryptInitOIDFunctionSet(
1133 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1134 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1135 components.dwSchemeLength, scheme, len, NULL, NULL);
1136 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1137 scheme, 0, (void **)pFunc, phFunc);
1138 CryptMemFree(scheme);
1139 }
1140 else
1141 {
1142 SetLastError(ERROR_OUTOFMEMORY);
1143 ret = FALSE;
1144 }
1145 }
1146 else
1147 ret = FALSE;
1148 }
1149 }
1150 }
1151 TRACE("returning %d\n", ret);
1152 return ret;
1153 }
1154
1155 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1156 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1157 {
1158 DWORD size, i;
1159 CRYPT_BLOB_ARRAY *context;
1160 BOOL ret = FALSE;
1161
1162 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1163 for (i = 0; i < pObject->cBlob; i++)
1164 size += pObject->rgBlob[i].cbData;
1165 context = CryptMemAlloc(size);
1166 if (context)
1167 {
1168 LPBYTE nextData;
1169
1170 context->cBlob = 0;
1171 context->rgBlob =
1172 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1173 nextData =
1174 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1175 for (i = 0; i < pObject->cBlob; i++)
1176 {
1177 memcpy(nextData, pObject->rgBlob[i].pbData,
1178 pObject->rgBlob[i].cbData);
1179 context->rgBlob[i].pbData = nextData;
1180 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1181 nextData += pObject->rgBlob[i].cbData;
1182 context->cBlob++;
1183 }
1184 *ppvContext = context;
1185 ret = TRUE;
1186 }
1187 return ret;
1188 }
1189
1190 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1191 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1192
1193 static BOOL decode_base64_blob( const CRYPT_DATA_BLOB *in, CRYPT_DATA_BLOB *out )
1194 {
1195 BOOL ret;
1196 DWORD len = in->cbData;
1197
1198 while (len && !in->pbData[len - 1]) len--;
1199 if (!CryptStringToBinaryA( (char *)in->pbData, len, CRYPT_STRING_BASE64_ANY,
1200 NULL, &out->cbData, NULL, NULL )) return FALSE;
1201
1202 if (!(out->pbData = CryptMemAlloc( out->cbData ))) return FALSE;
1203 ret = CryptStringToBinaryA( (char *)in->pbData, len, CRYPT_STRING_BASE64_ANY,
1204 out->pbData, &out->cbData, NULL, NULL );
1205 if (!ret) CryptMemFree( out->pbData );
1206 return ret;
1207 }
1208
1209 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1210 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1211 {
1212 BOOL ret = TRUE;
1213 CRYPT_DATA_BLOB blob;
1214
1215 if (!pObject->cBlob)
1216 {
1217 SetLastError(ERROR_INVALID_DATA);
1218 *ppvContext = NULL;
1219 ret = FALSE;
1220 }
1221 else if (pObject->cBlob == 1)
1222 {
1223 if (decode_base64_blob(&pObject->rgBlob[0], &blob))
1224 {
1225 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
1226 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0,
1227 NULL, NULL, NULL, NULL, NULL, (const void **)ppvContext);
1228 CryptMemFree(blob.pbData);
1229 }
1230 else
1231 {
1232 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1233 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0,
1234 NULL, NULL, NULL, NULL, NULL, (const void **)ppvContext);
1235 }
1236 if (!ret)
1237 {
1238 SetLastError(CRYPT_E_NO_MATCH);
1239 ret = FALSE;
1240 }
1241 }
1242 else
1243 {
1244 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1245 CERT_STORE_CREATE_NEW_FLAG, NULL);
1246
1247 if (store)
1248 {
1249 DWORD i;
1250 const void *context;
1251
1252 for (i = 0; i < pObject->cBlob; i++)
1253 {
1254 if (decode_base64_blob(&pObject->rgBlob[i], &blob))
1255 {
1256 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
1257 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY,
1258 0, NULL, NULL, NULL, NULL, NULL, &context);
1259 CryptMemFree(blob.pbData);
1260 }
1261 else
1262 {
1263 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1264 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1265 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1266 NULL, &context);
1267 }
1268 if (ret)
1269 {
1270 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1271 ret = FALSE;
1272 }
1273 else
1274 {
1275 SetLastError(CRYPT_E_NO_MATCH);
1276 ret = FALSE;
1277 }
1278 }
1279 }
1280 else
1281 ret = FALSE;
1282 *ppvContext = store;
1283 }
1284 return ret;
1285 }
1286
1287 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1288 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1289 {
1290 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1291 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1292 }
1293
1294 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1295 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1296 {
1297 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1298 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1299 }
1300
1301 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1302 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1303 {
1304 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1305 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1306 }
1307
1308 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1309 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1310 {
1311 BOOL ret;
1312
1313 if (!pObject->cBlob)
1314 {
1315 SetLastError(ERROR_INVALID_DATA);
1316 *ppvContext = NULL;
1317 ret = FALSE;
1318 }
1319 else if (pObject->cBlob == 1)
1320 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1321 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1322 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1323 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1324 else
1325 {
1326 FIXME("multiple messages unimplemented\n");
1327 ret = FALSE;
1328 }
1329 return ret;
1330 }
1331
1332 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1333 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1334 {
1335 BOOL ret;
1336
1337 if (!pObject->cBlob)
1338 {
1339 SetLastError(ERROR_INVALID_DATA);
1340 *ppvContext = NULL;
1341 ret = FALSE;
1342 }
1343 else
1344 {
1345 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1346 CERT_STORE_CREATE_NEW_FLAG, NULL);
1347
1348 if (store)
1349 {
1350 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1351 CERT_STORE_CREATE_NEW_FLAG, NULL);
1352
1353 if (memStore)
1354 {
1355 CertAddStoreToCollection(store, memStore,
1356 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1357 CertCloseStore(memStore, 0);
1358 }
1359 else
1360 {
1361 CertCloseStore(store, 0);
1362 store = NULL;
1363 }
1364 }
1365 if (store)
1366 {
1367 DWORD i;
1368
1369 ret = TRUE;
1370 for (i = 0; i < pObject->cBlob; i++)
1371 {
1372 DWORD contentType, expectedContentTypes =
1373 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1374 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1375 CERT_QUERY_CONTENT_FLAG_CERT |
1376 CERT_QUERY_CONTENT_FLAG_CRL |
1377 CERT_QUERY_CONTENT_FLAG_CTL;
1378 HCERTSTORE contextStore;
1379 const void *context;
1380
1381 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1382 &pObject->rgBlob[i], expectedContentTypes,
1383 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1384 &contextStore, NULL, &context))
1385 {
1386 switch (contentType)
1387 {
1388 case CERT_QUERY_CONTENT_CERT:
1389 if (!CertAddCertificateContextToStore(store,
1390 context, CERT_STORE_ADD_ALWAYS, NULL))
1391 ret = FALSE;
1392 CertFreeCertificateContext(context);
1393 break;
1394 case CERT_QUERY_CONTENT_CRL:
1395 if (!CertAddCRLContextToStore(store,
1396 context, CERT_STORE_ADD_ALWAYS, NULL))
1397 ret = FALSE;
1398 CertFreeCRLContext(context);
1399 break;
1400 case CERT_QUERY_CONTENT_CTL:
1401 if (!CertAddCTLContextToStore(store,
1402 context, CERT_STORE_ADD_ALWAYS, NULL))
1403 ret = FALSE;
1404 CertFreeCTLContext(context);
1405 break;
1406 default:
1407 CertAddStoreToCollection(store, contextStore, 0, 0);
1408 }
1409 CertCloseStore(contextStore, 0);
1410 }
1411 else
1412 ret = FALSE;
1413 }
1414 }
1415 else
1416 ret = FALSE;
1417 *ppvContext = store;
1418 }
1419 return ret;
1420 }
1421
1422 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1423 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1424
1425 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1426 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1427 {
1428 BOOL ret = TRUE;
1429
1430 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1431
1432 *pFunc = NULL;
1433 *phFunc = 0;
1434 if (IS_INTOID(pszObjectOid))
1435 {
1436 switch (LOWORD(pszObjectOid))
1437 {
1438 case 0:
1439 *pFunc = CRYPT_CreateBlob;
1440 break;
1441 case LOWORD(CONTEXT_OID_CERTIFICATE):
1442 *pFunc = CRYPT_CreateCert;
1443 break;
1444 case LOWORD(CONTEXT_OID_CRL):
1445 *pFunc = CRYPT_CreateCRL;
1446 break;
1447 case LOWORD(CONTEXT_OID_CTL):
1448 *pFunc = CRYPT_CreateCTL;
1449 break;
1450 case LOWORD(CONTEXT_OID_PKCS7):
1451 *pFunc = CRYPT_CreatePKCS7;
1452 break;
1453 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1454 *pFunc = CRYPT_CreateAny;
1455 break;
1456 }
1457 }
1458 if (!*pFunc)
1459 {
1460 static HCRYPTOIDFUNCSET set = NULL;
1461
1462 if (!set)
1463 set = CryptInitOIDFunctionSet(
1464 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1465 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1466 0, (void **)pFunc, phFunc);
1467 }
1468 TRACE("returning %d\n", ret);
1469 return ret;
1470 }
1471
1472 static BOOL CRYPT_GetExpiration(const void *object, const char *pszObjectOid, FILETIME *expiration)
1473 {
1474 if (!IS_INTOID(pszObjectOid))
1475 return FALSE;
1476
1477 switch (LOWORD(pszObjectOid)) {
1478 case LOWORD(CONTEXT_OID_CERTIFICATE):
1479 *expiration = ((const CERT_CONTEXT*)object)->pCertInfo->NotAfter;
1480 return TRUE;
1481 case LOWORD(CONTEXT_OID_CRL):
1482 *expiration = ((const CRL_CONTEXT*)object)->pCrlInfo->NextUpdate;
1483 return TRUE;
1484 case LOWORD(CONTEXT_OID_CTL):
1485 *expiration = ((const CTL_CONTEXT*)object)->pCtlInfo->NextUpdate;
1486 return TRUE;
1487 }
1488
1489 return FALSE;
1490 }
1491
1492 /***********************************************************************
1493 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1494 */
1495 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1496 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1497 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1498 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1499 {
1500 BOOL ret;
1501 SchemeDllRetrieveEncodedObjectW retrieve;
1502 ContextDllCreateObjectContext create;
1503 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1504
1505 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1506 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1507 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1508
1509 if (!pszURL)
1510 {
1511 SetLastError(ERROR_INVALID_PARAMETER);
1512 return FALSE;
1513 }
1514 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1515 if (ret)
1516 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1517 if (ret)
1518 {
1519 CRYPT_BLOB_ARRAY object = { 0, NULL };
1520 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1521 void *freeContext;
1522 FILETIME expires;
1523
1524 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1525 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1526 pAuxInfo);
1527 if (ret)
1528 {
1529 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1530 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1531 CRYPT_GetExpiration(*ppvObject, pszObjectOid, &expires))
1532 {
1533 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1534 }
1535 freeObject(pszObjectOid, &object, freeContext);
1536 }
1537 }
1538 if (hCreate)
1539 CryptFreeOIDFunctionAddress(hCreate, 0);
1540 if (hRetrieve)
1541 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1542 TRACE("returning %d\n", ret);
1543 return ret;
1544 }
1545
1546 static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
1547 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1548 PCERT_REVOCATION_STATUS pRevStatus)
1549 {
1550 DWORD error;
1551 PCRL_ENTRY entry = NULL;
1552
1553 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1554 if (entry)
1555 {
1556 error = CRYPT_E_REVOKED;
1557 pRevStatus->dwIndex = index;
1558 }
1559 else
1560 {
1561 /* Since the CRL was retrieved for the cert being checked, then it's
1562 * guaranteed to be fresh, and the cert is not revoked.
1563 */
1564 error = ERROR_SUCCESS;
1565 }
1566 return error;
1567 }
1568
1569 static DWORD verify_cert_revocation_from_dist_points_ext(
1570 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1571 FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
1572 PCERT_REVOCATION_STATUS pRevStatus)
1573 {
1574 DWORD error = ERROR_SUCCESS, cbUrlArray;
1575
1576 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1577 {
1578 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1579
1580 if (urlArray)
1581 {
1582 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1583 BOOL ret;
1584
1585 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1586 &cbUrlArray, NULL, NULL);
1587 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1588 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1589 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1590 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1591 dwUrlRetrievalTimeout) + sizeof(DWORD))
1592 {
1593 startTime = GetTickCount();
1594 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1595 timeout = pRevPara->dwUrlRetrievalTimeout;
1596 }
1597 else
1598 endTime = timeout = 0;
1599 if (!ret)
1600 error = GetLastError();
1601 /* continue looping if one was offline; break if revoked or timed out */
1602 for (j = 0; (!error || error == CRYPT_E_REVOCATION_OFFLINE) && j < urlArray->cUrl; j++)
1603 {
1604 PCCRL_CONTEXT crl;
1605
1606 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1607 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1608 NULL, NULL, NULL, NULL);
1609 if (ret)
1610 {
1611 error = verify_cert_revocation_with_crl_online(cert, crl,
1612 index, pTime, pRevStatus);
1613 if (!error && timeout)
1614 {
1615 DWORD time = GetTickCount();
1616
1617 if ((int)(endTime - time) <= 0)
1618 {
1619 error = ERROR_TIMEOUT;
1620 pRevStatus->dwIndex = index;
1621 }
1622 else
1623 timeout = endTime - time;
1624 }
1625 CertFreeCRLContext(crl);
1626 }
1627 else
1628 error = CRYPT_E_REVOCATION_OFFLINE;
1629 }
1630 CryptMemFree(urlArray);
1631 }
1632 else
1633 {
1634 error = ERROR_OUTOFMEMORY;
1635 pRevStatus->dwIndex = index;
1636 }
1637 }
1638 else
1639 {
1640 error = GetLastError();
1641 pRevStatus->dwIndex = index;
1642 }
1643 return error;
1644 }
1645
1646 static DWORD verify_cert_revocation_from_aia_ext(
1647 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1648 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1649 PCERT_REVOCATION_STATUS pRevStatus)
1650 {
1651 BOOL ret;
1652 DWORD error, size;
1653 CERT_AUTHORITY_INFO_ACCESS *aia;
1654
1655 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1656 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1657 if (ret)
1658 {
1659 DWORD i;
1660
1661 for (i = 0; i < aia->cAccDescr; i++)
1662 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1663 szOID_PKIX_OCSP))
1664 {
1665 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1666 CERT_ALT_NAME_URL)
1667 FIXME("OCSP URL = %s\n",
1668 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1669 else
1670 FIXME("unsupported AccessLocation type %d\n",
1671 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1672 }
1673 LocalFree(aia);
1674 /* FIXME: lie and pretend OCSP validated the cert */
1675 error = ERROR_SUCCESS;
1676 }
1677 else
1678 error = GetLastError();
1679 return error;
1680 }
1681
1682 static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
1683 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1684 PCERT_REVOCATION_STATUS pRevStatus)
1685 {
1686 DWORD error;
1687 LONG valid;
1688
1689 valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
1690 if (valid <= 0)
1691 {
1692 /* If this CRL is not older than the time being verified, there's no
1693 * way to know whether the certificate was revoked.
1694 */
1695 TRACE("CRL not old enough\n");
1696 error = CRYPT_E_REVOCATION_OFFLINE;
1697 }
1698 else
1699 {
1700 PCRL_ENTRY entry = NULL;
1701
1702 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1703 if (entry)
1704 {
1705 error = CRYPT_E_REVOKED;
1706 pRevStatus->dwIndex = index;
1707 }
1708 else
1709 {
1710 /* Since the CRL was not retrieved for the cert being checked,
1711 * there's no guarantee it's fresh, so the cert *might* be okay,
1712 * but it's safer not to guess.
1713 */
1714 TRACE("certificate not found\n");
1715 error = CRYPT_E_REVOCATION_OFFLINE;
1716 }
1717 }
1718 return error;
1719 }
1720
1721 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1722 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1723 PCERT_REVOCATION_STATUS pRevStatus)
1724 {
1725 DWORD error = ERROR_SUCCESS;
1726 PCERT_EXTENSION ext;
1727
1728 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1729 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1730 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1731 index, pTime, dwFlags, pRevPara, pRevStatus);
1732 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1733 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1734 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1735 index, pTime, dwFlags, pRevPara, pRevStatus);
1736 else
1737 {
1738 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1739 {
1740 PCCRL_CONTEXT crl = NULL;
1741 BOOL canSignCRLs;
1742
1743 /* If the caller told us about the issuer, make sure the issuer
1744 * can sign CRLs before looking for one.
1745 */
1746 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1747 pRevPara->pIssuerCert->pCertInfo->cExtension,
1748 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1749 {
1750 CRYPT_BIT_BLOB usage;
1751 DWORD size = sizeof(usage);
1752
1753 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1754 ext->Value.pbData, ext->Value.cbData,
1755 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1756 canSignCRLs = FALSE;
1757 else if (usage.cbData > 2)
1758 {
1759 /* The key usage extension only defines 9 bits => no more
1760 * than 2 bytes are needed to encode all known usages.
1761 */
1762 canSignCRLs = FALSE;
1763 }
1764 else
1765 {
1766 BYTE usageBits = usage.pbData[usage.cbData - 1];
1767
1768 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1769 }
1770 }
1771 else
1772 canSignCRLs = TRUE;
1773 if (canSignCRLs)
1774 {
1775 /* If the caller was helpful enough to tell us where to find a
1776 * CRL for the cert, look for one and check it.
1777 */
1778 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1779 cert->dwCertEncodingType,
1780 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1781 CRL_FIND_ISSUED_BY_AKI_FLAG,
1782 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1783 }
1784 if (crl)
1785 {
1786 error = verify_cert_revocation_with_crl_offline(cert, crl,
1787 index, pTime, pRevStatus);
1788 CertFreeCRLContext(crl);
1789 }
1790 else
1791 {
1792 TRACE("no CRL found\n");
1793 error = CRYPT_E_NO_REVOCATION_CHECK;
1794 pRevStatus->dwIndex = index;
1795 }
1796 }
1797 else
1798 {
1799 if (!pRevPara)
1800 WARN("no CERT_REVOCATION_PARA\n");
1801 else if (!pRevPara->hCrlStore)
1802 WARN("no dist points/aia extension and no CRL store\n");
1803 else if (!pRevPara->pIssuerCert)
1804 WARN("no dist points/aia extension and no issuer\n");
1805 error = CRYPT_E_NO_REVOCATION_CHECK;
1806 pRevStatus->dwIndex = index;
1807 }
1808 }
1809 return error;
1810 }
1811
1812 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1813 DWORD cbSize;
1814 PCCERT_CONTEXT pIssuerCert;
1815 DWORD cCertStore;
1816 HCERTSTORE *rgCertStore;
1817 HCERTSTORE hCrlStore;
1818 LPFILETIME pftTimeToUse;
1819 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1820
1821 typedef struct _OLD_CERT_REVOCATION_STATUS {
1822 DWORD cbSize;
1823 DWORD dwIndex;
1824 DWORD dwError;
1825 DWORD dwReason;
1826 } OLD_CERT_REVOCATION_STATUS;
1827
1828 /***********************************************************************
1829 * CertDllVerifyRevocation (CRYPTNET.@)
1830 */
1831 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1832 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1833 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1834 {
1835 DWORD error = 0, i;
1836 FILETIME now;
1837 LPFILETIME pTime = NULL;
1838
1839 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1840 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1841
1842 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1843 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1844 {
1845 SetLastError(E_INVALIDARG);
1846 return FALSE;
1847 }
1848 if (!cContext)
1849 {
1850 SetLastError(E_INVALIDARG);
1851 return FALSE;
1852 }
1853 if (pRevPara && pRevPara->cbSize >=
1854 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1855 pTime = pRevPara->pftTimeToUse;
1856 if (!pTime)
1857 {
1858 GetSystemTimeAsFileTime(&now);
1859 pTime = &now;
1860 }
1861 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1862 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1863 error = CRYPT_E_NO_REVOCATION_CHECK;
1864 else
1865 {
1866 for (i = 0; !error && i < cContext; i++)
1867 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1868 pRevPara, pRevStatus);
1869 }
1870 if (error)
1871 {
1872 SetLastError(error);
1873 pRevStatus->dwError = error;
1874 }
1875 TRACE("returning %d (%08x)\n", !error, error);
1876 return !error;
1877 }