cryptnet: Make sure an issuer certificate can sign CRLs before looking for a CRL.
[wine] / dlls / cryptnet / cryptnet_main.c
1 /*
2  * Copyright (C) 2006 Maarten Lankhorst
3  * Copyright 2007 Juan Lang
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18  *
19  */
20
21 #include "config.h"
22 #include "wine/port.h"
23
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
27
28 #include <stdio.h>
29 #include <stdarg.h>
30
31 #include "windef.h"
32 #include "winbase.h"
33 #include "winnt.h"
34 #include "winnls.h"
35 #include "wininet.h"
36 #include "objbase.h"
37 #include "wincrypt.h"
38
39 #include "wine/debug.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
42
43 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
44 {
45    TRACE("(0x%p, %d, %p)\n", hinstDLL, fdwReason, lpvReserved);
46
47    switch (fdwReason) {
48       case DLL_PROCESS_ATTACH:
49          DisableThreadLibraryCalls(hinstDLL);
50          break;
51       case DLL_PROCESS_DETACH:
52          /* Do uninitialisation here */
53          break;
54       default: break;
55    }
56    return TRUE;
57 }
58
59 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
60    'd','l','l',0 };
61 static const WCHAR ldapProvOpenStore[] = { 'L','d','a','p','P','r','o','v',
62    'O','p','e','S','t','o','r','e',0 };
63
64 /***********************************************************************
65  *    DllRegisterServer (CRYPTNET.@)
66  */
67 HRESULT WINAPI DllRegisterServer(void)
68 {
69    TRACE("\n");
70    CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
71     CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
72    CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
73     cryptNet, "LdapProvOpenStore");
74    CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
75     CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
76    return S_OK;
77 }
78
79 /***********************************************************************
80  *    DllUnregisterServer (CRYPTNET.@)
81  */
82 HRESULT WINAPI DllUnregisterServer(void)
83 {
84    TRACE("\n");
85    CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
86     CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
87    CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
88    CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
89     CERT_STORE_PROV_LDAP_W);
90    return S_OK;
91 }
92
93 static const char *url_oid_to_str(LPCSTR oid)
94 {
95     if (HIWORD(oid))
96         return oid;
97     else
98     {
99         static char buf[10];
100
101         switch (LOWORD(oid))
102         {
103 #define _x(oid) case LOWORD(oid): return #oid
104         _x(URL_OID_CERTIFICATE_ISSUER);
105         _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
106         _x(URL_OID_CTL_ISSUER);
107         _x(URL_OID_CTL_NEXT_UPDATE);
108         _x(URL_OID_CRL_ISSUER);
109         _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
110         _x(URL_OID_CRL_FRESHEST_CRL);
111         _x(URL_OID_CROSS_CERT_DIST_POINT);
112 #undef _x
113         default:
114             snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
115             return buf;
116         }
117     }
118 }
119
120 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
121  PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
122
123 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
124  LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
125  PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
126 {
127     PCCERT_CONTEXT cert = pvPara;
128     PCERT_EXTENSION ext;
129     BOOL ret = FALSE;
130
131     /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
132     if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
133     {
134         SetLastError(CRYPT_E_NOT_FOUND);
135         return FALSE;
136     }
137     if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
138      cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
139     {
140         CERT_AUTHORITY_INFO_ACCESS *aia;
141         DWORD size;
142
143         ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
144          ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
145          &aia, &size);
146         if (ret)
147         {
148             DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
149
150             for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
151                 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
152                  szOID_PKIX_CA_ISSUERS))
153                 {
154                     if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
155                      CERT_ALT_NAME_URL)
156                     {
157                         if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
158                         {
159                             cUrl++;
160                             bytesNeeded += sizeof(LPWSTR) +
161                              (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
162                              pwszURL) + 1) * sizeof(WCHAR);
163                         }
164                     }
165                     else
166                         FIXME("unsupported alt name type %d\n",
167                          aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
168                 }
169             if (!pcbUrlArray)
170             {
171                 SetLastError(E_INVALIDARG);
172                 ret = FALSE;
173             }
174             else if (!pUrlArray)
175                 *pcbUrlArray = bytesNeeded;
176             else if (*pcbUrlArray < bytesNeeded)
177             {
178                 SetLastError(ERROR_MORE_DATA);
179                 *pcbUrlArray = bytesNeeded;
180                 ret = FALSE;
181             }
182             else
183             {
184                 LPWSTR nextUrl;
185
186                 *pcbUrlArray = bytesNeeded;
187                 pUrlArray->cUrl = 0;
188                 pUrlArray->rgwszUrl =
189                  (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
190                 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
191                  + cUrl * sizeof(LPWSTR));
192                 for (i = 0; i < aia->cAccDescr; i++)
193                     if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
194                      szOID_PKIX_CA_ISSUERS))
195                     {
196                         if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
197                          == CERT_ALT_NAME_URL)
198                         {
199                             if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
200                             {
201                                 lstrcpyW(nextUrl,
202                                  aia->rgAccDescr[i].AccessLocation.u.pwszURL);
203                                 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
204                                  nextUrl;
205                                 nextUrl += (lstrlenW(nextUrl) + 1);
206                             }
207                         }
208                     }
209             }
210             if (ret)
211             {
212                 if (pcbUrlInfo)
213                 {
214                     FIXME("url info: stub\n");
215                     if (!pUrlInfo)
216                         *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
217                     else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
218                     {
219                         *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
220                         SetLastError(ERROR_MORE_DATA);
221                         ret = FALSE;
222                     }
223                     else
224                     {
225                         *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
226                         memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
227                     }
228                 }
229             }
230             LocalFree(aia);
231         }
232     }
233     else
234         SetLastError(CRYPT_E_NOT_FOUND);
235     return ret;
236 }
237
238 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
239  LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
240  PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
241 {
242     PCCERT_CONTEXT cert = pvPara;
243     PCERT_EXTENSION ext;
244     BOOL ret = FALSE;
245
246     /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
247     if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
248     {
249         SetLastError(CRYPT_E_NOT_FOUND);
250         return FALSE;
251     }
252     if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
253      cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
254     {
255         CRL_DIST_POINTS_INFO *info;
256         DWORD size;
257
258         ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
259          ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
260          &info, &size);
261         if (ret)
262         {
263             DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
264
265             for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
266                 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
267                  == CRL_DIST_POINT_FULL_NAME)
268                 {
269                     DWORD j;
270                     CERT_ALT_NAME_INFO *name =
271                      &info->rgDistPoint[i].DistPointName.u.FullName;
272
273                     for (j = 0; j < name->cAltEntry; j++)
274                         if (name->rgAltEntry[j].dwAltNameChoice ==
275                          CERT_ALT_NAME_URL)
276                         {
277                             if (name->rgAltEntry[j].u.pwszURL)
278                             {
279                                 cUrl++;
280                                 bytesNeeded += sizeof(LPWSTR) +
281                                  (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
282                                  * sizeof(WCHAR);
283                             }
284                         }
285                 }
286             if (!pcbUrlArray)
287             {
288                 SetLastError(E_INVALIDARG);
289                 ret = FALSE;
290             }
291             else if (!pUrlArray)
292                 *pcbUrlArray = bytesNeeded;
293             else if (*pcbUrlArray < bytesNeeded)
294             {
295                 SetLastError(ERROR_MORE_DATA);
296                 *pcbUrlArray = bytesNeeded;
297                 ret = FALSE;
298             }
299             else
300             {
301                 LPWSTR nextUrl;
302
303                 *pcbUrlArray = bytesNeeded;
304                 pUrlArray->cUrl = 0;
305                 pUrlArray->rgwszUrl =
306                  (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
307                 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
308                  + cUrl * sizeof(LPWSTR));
309                 for (i = 0; i < info->cDistPoint; i++)
310                     if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
311                      == CRL_DIST_POINT_FULL_NAME)
312                     {
313                         DWORD j;
314                         CERT_ALT_NAME_INFO *name =
315                          &info->rgDistPoint[i].DistPointName.u.FullName;
316
317                         for (j = 0; j < name->cAltEntry; j++)
318                             if (name->rgAltEntry[j].dwAltNameChoice ==
319                              CERT_ALT_NAME_URL)
320                             {
321                                 if (name->rgAltEntry[j].u.pwszURL)
322                                 {
323                                     lstrcpyW(nextUrl,
324                                      name->rgAltEntry[j].u.pwszURL);
325                                     pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
326                                      nextUrl;
327                                     nextUrl +=
328                                      (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
329                                 }
330                             }
331                     }
332             }
333             if (ret)
334             {
335                 if (pcbUrlInfo)
336                 {
337                     FIXME("url info: stub\n");
338                     if (!pUrlInfo)
339                         *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
340                     else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
341                     {
342                         *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
343                         SetLastError(ERROR_MORE_DATA);
344                         ret = FALSE;
345                     }
346                     else
347                     {
348                         *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
349                         memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
350                     }
351                 }
352             }
353             LocalFree(info);
354         }
355     }
356     else
357         SetLastError(CRYPT_E_NOT_FOUND);
358     return ret;
359 }
360
361 /***********************************************************************
362  *    CryptGetObjectUrl (CRYPTNET.@)
363  */
364 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
365  PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
366  DWORD *pcbUrlInfo, LPVOID pvReserved)
367 {
368     UrlDllGetObjectUrlFunc func = NULL;
369     HCRYPTOIDFUNCADDR hFunc = NULL;
370     BOOL ret = FALSE;
371
372     TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
373      pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
374
375     if (!HIWORD(pszUrlOid))
376     {
377         switch (LOWORD(pszUrlOid))
378         {
379         case LOWORD(URL_OID_CERTIFICATE_ISSUER):
380             func = CRYPT_GetUrlFromCertificateIssuer;
381             break;
382         case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
383             func = CRYPT_GetUrlFromCertificateCRLDistPoint;
384             break;
385         default:
386             FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
387             SetLastError(ERROR_FILE_NOT_FOUND);
388         }
389     }
390     else
391     {
392         static HCRYPTOIDFUNCSET set = NULL;
393
394         if (!set)
395             set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
396         CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
397          (void **)&func, &hFunc);
398     }
399     if (func)
400         ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
401          pUrlInfo, pcbUrlInfo, pvReserved);
402     if (hFunc)
403         CryptFreeOIDFunctionAddress(hFunc, 0);
404     return ret;
405 }
406
407 /***********************************************************************
408  *    CryptRetrieveObjectByUrlA (CRYPTNET.@)
409  */
410 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
411  DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
412  HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
413  PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
414 {
415     BOOL ret = FALSE;
416     int len;
417
418     TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
419      debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
420      hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
421
422     if (!pszURL)
423     {
424         SetLastError(ERROR_INVALID_PARAMETER);
425         return FALSE;
426     }
427     len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
428     if (len)
429     {
430         LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
431
432         if (url)
433         {
434             MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
435             ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
436              dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
437              pCredentials, pvVerify, pAuxInfo);
438             CryptMemFree(url);
439         }
440         else
441             SetLastError(ERROR_OUTOFMEMORY);
442     }
443     return ret;
444 }
445
446 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
447  PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
448 {
449     DWORD i;
450
451     for (i = 0; i < pObject->cBlob; i++)
452         CryptMemFree(pObject->rgBlob[i].pbData);
453     CryptMemFree(pObject->rgBlob);
454 }
455
456 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
457 {
458     BOOL ret;
459     LARGE_INTEGER size;
460
461     if ((ret = GetFileSizeEx(hFile, &size)))
462     {
463         if (size.u.HighPart)
464         {
465             WARN("file too big\n");
466             SetLastError(ERROR_INVALID_DATA);
467             ret = FALSE;
468         }
469         else
470         {
471             CRYPT_DATA_BLOB blob;
472
473             blob.pbData = CryptMemAlloc(size.u.LowPart);
474             if (blob.pbData)
475             {
476                 blob.cbData = size.u.LowPart;
477                 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
478                  NULL);
479                 if (ret)
480                 {
481                     pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
482                     if (pObject->rgBlob)
483                     {
484                         pObject->cBlob = 1;
485                         memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
486                     }
487                     else
488                     {
489                         SetLastError(ERROR_OUTOFMEMORY);
490                         ret = FALSE;
491                     }
492                 }
493                 if (!ret)
494                     CryptMemFree(blob.pbData);
495             }
496             else
497             {
498                 SetLastError(ERROR_OUTOFMEMORY);
499                 ret = FALSE;
500             }
501         }
502     }
503     return ret;
504 }
505
506 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
507  PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
508 {
509     BOOL ret = FALSE;
510     INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
511     DWORD size = 0;
512
513     TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
514
515     ret = GetUrlCacheEntryInfoW(pszURL, NULL, &size);
516     if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
517     {
518         pCacheInfo = CryptMemAlloc(size);
519         if (pCacheInfo)
520             ret = TRUE;
521         else
522             SetLastError(ERROR_OUTOFMEMORY);
523     }
524     if (ret && (ret = GetUrlCacheEntryInfoW(pszURL, pCacheInfo, &size)))
525     {
526         FILETIME ft;
527
528         GetSystemTimeAsFileTime(&ft);
529         if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
530         {
531             HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName,
532              GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
533
534             if (hFile != INVALID_HANDLE_VALUE)
535             {
536                 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
537                 {
538                     if (pAuxInfo && pAuxInfo->cbSize >=
539                      offsetof(CRYPT_RETRIEVE_AUX_INFO,
540                      pLastSyncTime) + sizeof(PFILETIME) &&
541                      pAuxInfo->pLastSyncTime)
542                         memcpy(pAuxInfo->pLastSyncTime,
543                          &pCacheInfo->LastSyncTime,
544                          sizeof(FILETIME));
545                 }
546                 CloseHandle(hFile);
547             }
548             else
549             {
550                 DeleteUrlCacheEntryW(pszURL);
551                 ret = FALSE;
552             }
553         }
554         else
555         {
556             DeleteUrlCacheEntryW(pszURL);
557             ret = FALSE;
558         }
559     }
560     CryptMemFree(pCacheInfo);
561     TRACE("returning %d\n", ret);
562     return ret;
563 }
564
565 /* Parses the URL, and sets components's lpszHostName and lpszUrlPath members
566  * to NULL-terminated copies of those portions of the URL (to be freed with
567  * CryptMemFree.)
568  */
569 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
570 {
571     BOOL ret;
572
573     TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
574
575     memset(components, 0, sizeof(*components));
576     components->dwStructSize = sizeof(*components);
577     components->lpszHostName = CryptMemAlloc(MAX_PATH * sizeof(WCHAR));
578     components->dwHostNameLength = MAX_PATH;
579     components->lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
580     components->dwUrlPathLength = 2 * MAX_PATH;
581     ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
582     if (ret)
583     {
584         if ((components->dwUrlPathLength == 2 * MAX_PATH - 1) ||
585             (components->dwHostNameLength == MAX_PATH - 1))
586             FIXME("Buffers are too small\n");
587         switch (components->nScheme)
588         {
589         case INTERNET_SCHEME_FTP:
590             if (!components->nPort)
591                 components->nPort = INTERNET_DEFAULT_FTP_PORT;
592             break;
593         case INTERNET_SCHEME_HTTP:
594             if (!components->nPort)
595                 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
596             break;
597         default:
598             ; /* do nothing */
599         }
600     }
601     TRACE("returning %d\n", ret);
602     return ret;
603 }
604
605 struct InetContext
606 {
607     HANDLE event;
608     DWORD  timeout;
609     DWORD  error;
610 };
611
612 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
613 {
614     struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
615
616     if (context)
617     {
618         context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
619         if (!context->event)
620         {
621             CryptMemFree(context);
622             context = NULL;
623         }
624         else
625         {
626             context->timeout = dwTimeout;
627             context->error = ERROR_SUCCESS;
628         }
629     }
630     return context;
631 }
632
633 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
634  struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
635  PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
636 {
637     CRYPT_DATA_BLOB object = { 0, NULL };
638     DWORD bytesAvailable;
639     BOOL ret;
640
641     do {
642         if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
643         {
644             if (bytesAvailable)
645             {
646                 if (object.pbData)
647                     object.pbData = CryptMemRealloc(object.pbData,
648                      object.cbData + bytesAvailable);
649                 else
650                     object.pbData = CryptMemAlloc(bytesAvailable);
651                 if (object.pbData)
652                 {
653                     INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
654
655                     buffer.dwBufferLength = bytesAvailable;
656                     buffer.lpvBuffer = object.pbData + object.cbData;
657                     if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
658                      (DWORD_PTR)context)))
659                     {
660                         if (GetLastError() == ERROR_IO_PENDING)
661                         {
662                             if (WaitForSingleObject(context->event,
663                              context->timeout) == WAIT_TIMEOUT)
664                                 SetLastError(ERROR_TIMEOUT);
665                             else if (context->error)
666                                 SetLastError(context->error);
667                             else
668                                 ret = TRUE;
669                         }
670                     }
671                     if (ret)
672                         object.cbData += buffer.dwBufferLength;
673                 }
674                 else
675                 {
676                     SetLastError(ERROR_OUTOFMEMORY);
677                     ret = FALSE;
678                 }
679             }
680         }
681         else if (GetLastError() == ERROR_IO_PENDING)
682         {
683             if (WaitForSingleObject(context->event, context->timeout) ==
684              WAIT_TIMEOUT)
685                 SetLastError(ERROR_TIMEOUT);
686             else
687                 ret = TRUE;
688         }
689     } while (ret && bytesAvailable);
690     if (ret)
691     {
692         pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
693         if (!pObject->rgBlob)
694         {
695             CryptMemFree(object.pbData);
696             SetLastError(ERROR_OUTOFMEMORY);
697             ret = FALSE;
698         }
699         else
700         {
701             pObject->rgBlob[0].cbData = object.cbData;
702             pObject->rgBlob[0].pbData = object.pbData;
703             pObject->cBlob = 1;
704         }
705     }
706     TRACE("returning %d\n", ret);
707     return ret;
708 }
709
710 /* Finds the object specified by pszURL in the cache.  If it's not found,
711  * creates a new cache entry for the object and writes the object to it.
712  * Sets the expiration time of the cache entry to expires.
713  */
714 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
715  DWORD dwRetrievalFlags, FILETIME expires)
716 {
717     WCHAR cacheFileName[MAX_PATH];
718     DWORD size = 0;
719     BOOL ret, create = FALSE;
720
721     GetUrlCacheEntryInfoW(pszURL, NULL, &size);
722     if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
723     {
724         INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
725
726         if (info)
727         {
728             FILETIME ft;
729
730             ret = GetUrlCacheEntryInfoW(pszURL, info, &size);
731             if (ret)
732                 lstrcpyW(cacheFileName, info->lpszLocalFileName);
733             /* Check if the existing cache entry is up to date.  If it isn't,
734              * overwite it with the new value.
735              */
736             GetSystemTimeAsFileTime(&ft);
737             if (CompareFileTime(&info->ExpireTime, &ft) < 0)
738                 create = TRUE;
739             CryptMemFree(info);
740         }
741         else
742             ret = FALSE;
743     }
744     else
745     {
746         ret = CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL,
747          cacheFileName, 0);
748         create = TRUE;
749     }
750     if (ret)
751     {
752         DWORD entryType;
753         FILETIME ft = { 0 };
754
755         if (create)
756         {
757             HANDLE hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
758              NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
759
760             if (hCacheFile != INVALID_HANDLE_VALUE)
761             {
762                 DWORD bytesWritten;
763
764                 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
765                  pObject->rgBlob[0].cbData, &bytesWritten, NULL);
766                 CloseHandle(hCacheFile);
767             }
768             else
769                 ret = FALSE;
770         }
771         if (ret)
772         {
773             if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
774                 entryType = NORMAL_CACHE_ENTRY;
775             else
776                 entryType = STICKY_CACHE_ENTRY;
777             CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
778              NULL, 0, NULL, NULL);
779         }
780     }
781 }
782
783 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
784  DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
785 {
786     struct InetContext *context = (struct InetContext *)dwContext;
787     LPINTERNET_ASYNC_RESULT result;
788
789     switch (status)
790     {
791     case INTERNET_STATUS_REQUEST_COMPLETE:
792         result = statusInfo;
793         context->error = result->dwError;
794         SetEvent(context->event);
795     }
796 }
797
798 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
799  struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
800  HINTERNET *phInt, HINTERNET *phHost)
801 {
802     BOOL ret;
803
804     TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
805      components->nPort, context, pCredentials, phInt, phInt);
806
807     *phHost = NULL;
808     *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL,
809      context ? INTERNET_FLAG_ASYNC : 0);
810     if (*phInt)
811     {
812         DWORD service;
813
814         if (context)
815             InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
816         switch (components->nScheme)
817         {
818         case INTERNET_SCHEME_FTP:
819             service = INTERNET_SERVICE_FTP;
820             break;
821         case INTERNET_SCHEME_HTTP:
822             service = INTERNET_SERVICE_HTTP;
823             break;
824         default:
825             service = 0;
826         }
827         /* FIXME: use pCredentials for username/password */
828         *phHost = InternetConnectW(*phInt, components->lpszHostName,
829          components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
830         if (!*phHost)
831         {
832             InternetCloseHandle(*phInt);
833             *phInt = NULL;
834             ret = FALSE;
835         }
836         else
837             ret = TRUE;
838     }
839     else
840         ret = FALSE;
841     TRACE("returning %d\n", ret);
842     return ret;
843 }
844
845 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
846  LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
847  PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
848  void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
849  PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
850 {
851     FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
852      debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
853      ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
854
855     pObject->cBlob = 0;
856     pObject->rgBlob = NULL;
857     *ppfnFreeObject = CRYPT_FreeBlob;
858     *ppvFreeContext = NULL;
859     return FALSE;
860 }
861
862 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
863  '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
864 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
865  'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
866  0 };
867 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
868  'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
869  't',0 };
870 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
871  'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
872 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
873  '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
874  's',0 };
875 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
876  '/','p','k','i','x','-','c','r','l',0 };
877 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
878  '/','x','-','p','k','c','s','7','-','c','r','l',0 };
879 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
880  '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
881 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
882  '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
883
884 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
885  LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
886  PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
887  void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
888  PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
889 {
890     BOOL ret = FALSE;
891
892     TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
893      debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
894      ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
895
896     pObject->cBlob = 0;
897     pObject->rgBlob = NULL;
898     *ppfnFreeObject = CRYPT_FreeBlob;
899     *ppvFreeContext = NULL;
900
901     if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
902         ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
903     if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
904      (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
905     {
906         URL_COMPONENTSW components;
907
908         if ((ret = CRYPT_CrackUrl(pszURL, &components)))
909         {
910             HINTERNET hInt, hHost;
911             struct InetContext *context = NULL;
912
913             if (dwTimeout)
914                 context = CRYPT_MakeInetContext(dwTimeout);
915             ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
916              &hHost);
917             if (ret)
918             {
919                 static LPCWSTR types[] = { x509cacert, x509emailcert,
920                  x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
921                  pkcs7sig, pkcs7mime, NULL };
922                 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
923                  components.lpszUrlPath, NULL, NULL, types,
924                  INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
925                  (DWORD_PTR)context);
926
927                 if (hHttp)
928                 {
929                     if (dwTimeout)
930                     {
931                         InternetSetOptionW(hHttp,
932                          INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
933                          sizeof(dwTimeout));
934                         InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
935                          &dwTimeout, sizeof(dwTimeout));
936                     }
937                     ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
938                      (DWORD_PTR)context);
939                     if (!ret && GetLastError() == ERROR_IO_PENDING)
940                     {
941                         if (WaitForSingleObject(context->event,
942                          context->timeout) == WAIT_TIMEOUT)
943                             SetLastError(ERROR_TIMEOUT);
944                         else
945                             ret = TRUE;
946                     }
947                     /* We don't set ret to TRUE in this block to avoid masking
948                      * an error from HttpSendRequestExW.
949                      */
950                     if (!HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context) &&
951                      GetLastError() == ERROR_IO_PENDING)
952                     {
953                         if (WaitForSingleObject(context->event,
954                          context->timeout) == WAIT_TIMEOUT)
955                         {
956                             SetLastError(ERROR_TIMEOUT);
957                             ret = FALSE;
958                         }
959                     }
960                     if (ret)
961                         ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
962                          context, pObject, pAuxInfo);
963                     if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
964                     {
965                         SYSTEMTIME st;
966                         DWORD len = sizeof(st);
967
968                         if (HttpQueryInfoW(hHttp,
969                          HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
970                          &len, NULL))
971                         {
972                             FILETIME ft;
973
974                             SystemTimeToFileTime(&st, &ft);
975                             CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
976                              ft);
977                         }
978                     }
979                     InternetCloseHandle(hHttp);
980                 }
981                 InternetCloseHandle(hHost);
982                 InternetCloseHandle(hInt);
983             }
984             if (context)
985             {
986                 CloseHandle(context->event);
987                 CryptMemFree(context);
988             }
989             CryptMemFree(components.lpszUrlPath);
990             CryptMemFree(components.lpszHostName);
991         }
992     }
993     TRACE("returning %d\n", ret);
994     return ret;
995 }
996
997 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
998  LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
999  PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1000  void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1001  PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1002 {
1003     URL_COMPONENTSW components = { sizeof(components), 0 };
1004     BOOL ret;
1005
1006     TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1007      debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
1008      ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1009
1010     pObject->cBlob = 0;
1011     pObject->rgBlob = NULL;
1012     *ppfnFreeObject = CRYPT_FreeBlob;
1013     *ppvFreeContext = NULL;
1014
1015     components.lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
1016     components.dwUrlPathLength = 2 * MAX_PATH;
1017     ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1018     if (ret)
1019     {
1020         LPWSTR path;
1021
1022         if (components.dwUrlPathLength == 2 * MAX_PATH - 1)
1023             FIXME("Buffers are too small\n");
1024
1025         /* 3 == lstrlenW(L"c:") + 1 */
1026         path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1027         if (path)
1028         {
1029             HANDLE hFile;
1030
1031             /* Try to create the file directly - Wine handles / in pathnames */
1032             lstrcpynW(path, components.lpszUrlPath,
1033              components.dwUrlPathLength + 1);
1034             hFile = CreateFileW(path, GENERIC_READ, 0, NULL, OPEN_EXISTING,
1035              FILE_ATTRIBUTE_NORMAL, NULL);
1036             if (hFile == INVALID_HANDLE_VALUE)
1037             {
1038                 /* Try again on the current drive */
1039                 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1040                 if (path[1] == ':')
1041                 {
1042                     lstrcpynW(path + 2, components.lpszUrlPath,
1043                      components.dwUrlPathLength + 1);
1044                     hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1045                      OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1046                 }
1047                 if (hFile == INVALID_HANDLE_VALUE)
1048                 {
1049                     /* Try again on the Windows drive */
1050                     GetWindowsDirectoryW(path, components.dwUrlPathLength);
1051                     if (path[1] == ':')
1052                     {
1053                         lstrcpynW(path + 2, components.lpszUrlPath,
1054                          components.dwUrlPathLength + 1);
1055                         hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1056                          OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1057                     }
1058                 }
1059             }
1060             if (hFile != INVALID_HANDLE_VALUE)
1061             {
1062                 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1063                 {
1064                     if (pAuxInfo && pAuxInfo->cbSize >=
1065                      offsetof(CRYPT_RETRIEVE_AUX_INFO,
1066                      pLastSyncTime) + sizeof(PFILETIME) &&
1067                      pAuxInfo->pLastSyncTime)
1068                         GetFileTime(hFile, NULL, NULL,
1069                          pAuxInfo->pLastSyncTime);
1070                 }
1071                 CloseHandle(hFile);
1072             }
1073             else
1074                 ret = FALSE;
1075             CryptMemFree(path);
1076         }
1077     }
1078     CryptMemFree(components.lpszUrlPath);
1079     return ret;
1080 }
1081
1082 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1083  LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1084  PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1085  void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1086  PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1087
1088 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1089  SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1090 {
1091     URL_COMPONENTSW components = { sizeof(components), 0 };
1092     BOOL ret;
1093
1094     TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1095
1096     *pFunc = NULL;
1097     *phFunc = 0;
1098     components.dwSchemeLength = 1;
1099     ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1100     if (ret)
1101     {
1102         /* Microsoft always uses CryptInitOIDFunctionSet/
1103          * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1104          * reason to do so for builtin schemes.
1105          */
1106         switch (components.nScheme)
1107         {
1108         case INTERNET_SCHEME_FTP:
1109             *pFunc = FTP_RetrieveEncodedObjectW;
1110             break;
1111         case INTERNET_SCHEME_HTTP:
1112             *pFunc = HTTP_RetrieveEncodedObjectW;
1113             break;
1114         case INTERNET_SCHEME_FILE:
1115             *pFunc = File_RetrieveEncodedObjectW;
1116             break;
1117         default:
1118         {
1119             int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1120              components.dwSchemeLength, NULL, 0, NULL, NULL);
1121
1122             if (len)
1123             {
1124                 LPSTR scheme = CryptMemAlloc(len);
1125
1126                 if (scheme)
1127                 {
1128                     static HCRYPTOIDFUNCSET set = NULL;
1129
1130                     if (!set)
1131                         set = CryptInitOIDFunctionSet(
1132                          SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1133                     WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1134                      components.dwSchemeLength, scheme, len, NULL, NULL);
1135                     ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1136                      scheme, 0, (void **)pFunc, phFunc);
1137                     CryptMemFree(scheme);
1138                 }
1139                 else
1140                 {
1141                     SetLastError(ERROR_OUTOFMEMORY);
1142                     ret = FALSE;
1143                 }
1144             }
1145             else
1146                 ret = FALSE;
1147         }
1148         }
1149     }
1150     TRACE("returning %d\n", ret);
1151     return ret;
1152 }
1153
1154 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1155  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1156 {
1157     DWORD size, i;
1158     CRYPT_BLOB_ARRAY *context;
1159     BOOL ret = FALSE;
1160
1161     size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1162     for (i = 0; i < pObject->cBlob; i++)
1163         size += pObject->rgBlob[i].cbData;
1164     context = CryptMemAlloc(size);
1165     if (context)
1166     {
1167         LPBYTE nextData;
1168
1169         context->cBlob = 0;
1170         context->rgBlob =
1171          (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1172         nextData =
1173          (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1174         for (i = 0; i < pObject->cBlob; i++)
1175         {
1176             memcpy(nextData, pObject->rgBlob[i].pbData,
1177              pObject->rgBlob[i].cbData);
1178             context->rgBlob[i].pbData = nextData;
1179             context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1180             nextData += pObject->rgBlob[i].cbData;
1181             context->cBlob++;
1182         }
1183         *ppvContext = context;
1184         ret = TRUE;
1185     }
1186     return ret;
1187 }
1188
1189 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1190  const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1191
1192 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1193  DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1194 {
1195     BOOL ret = TRUE;
1196
1197     if (!pObject->cBlob)
1198     {
1199         SetLastError(ERROR_INVALID_DATA);
1200         *ppvContext = NULL;
1201         ret = FALSE;
1202     }
1203     else if (pObject->cBlob == 1)
1204     {
1205         if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1206          dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1207          NULL, NULL, NULL, NULL, (const void **)ppvContext))
1208         {
1209             SetLastError(CRYPT_E_NO_MATCH);
1210             ret = FALSE;
1211         }
1212     }
1213     else
1214     {
1215         HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1216          CERT_STORE_CREATE_NEW_FLAG, NULL);
1217
1218         if (store)
1219         {
1220             DWORD i;
1221             const void *context;
1222
1223             for (i = 0; i < pObject->cBlob; i++)
1224             {
1225                 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1226                  &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1227                  CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1228                  NULL, &context))
1229                 {
1230                     if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1231                         ret = FALSE;
1232                 }
1233                 else
1234                 {
1235                     SetLastError(CRYPT_E_NO_MATCH);
1236                     ret = FALSE;
1237                 }
1238             }
1239         }
1240         else
1241             ret = FALSE;
1242         *ppvContext = store;
1243     }
1244     return ret;
1245 }
1246
1247 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1248  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1249 {
1250     return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1251      (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1252 }
1253
1254 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1255  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1256 {
1257     return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1258      (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1259 }
1260
1261 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1262  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1263 {
1264     return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1265      (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1266 }
1267
1268 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1269  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1270 {
1271     BOOL ret;
1272
1273     if (!pObject->cBlob)
1274     {
1275         SetLastError(ERROR_INVALID_DATA);
1276         *ppvContext = NULL;
1277         ret = FALSE;
1278     }
1279     else if (pObject->cBlob == 1)
1280         ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1281          CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1282          CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1283          0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1284     else
1285     {
1286         FIXME("multiple messages unimplemented\n");
1287         ret = FALSE;
1288     }
1289     return ret;
1290 }
1291
1292 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1293  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1294 {
1295     BOOL ret;
1296
1297     if (!pObject->cBlob)
1298     {
1299         SetLastError(ERROR_INVALID_DATA);
1300         *ppvContext = NULL;
1301         ret = FALSE;
1302     }
1303     else
1304     {
1305         HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1306          CERT_STORE_CREATE_NEW_FLAG, NULL);
1307
1308         if (store)
1309         {
1310             HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1311              CERT_STORE_CREATE_NEW_FLAG, NULL);
1312
1313             if (memStore)
1314             {
1315                 CertAddStoreToCollection(store, memStore,
1316                  CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1317                 CertCloseStore(memStore, 0);
1318             }
1319             else
1320             {
1321                 CertCloseStore(store, 0);
1322                 store = NULL;
1323             }
1324         }
1325         if (store)
1326         {
1327             DWORD i;
1328
1329             ret = TRUE;
1330             for (i = 0; i < pObject->cBlob; i++)
1331             {
1332                 DWORD contentType, expectedContentTypes =
1333                  CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1334                  CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1335                  CERT_QUERY_CONTENT_FLAG_CERT |
1336                  CERT_QUERY_CONTENT_FLAG_CRL |
1337                  CERT_QUERY_CONTENT_FLAG_CTL;
1338                 HCERTSTORE contextStore;
1339                 const void *context;
1340
1341                 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1342                  &pObject->rgBlob[i], expectedContentTypes,
1343                  CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1344                  &contextStore, NULL, &context))
1345                 {
1346                     switch (contentType)
1347                     {
1348                     case CERT_QUERY_CONTENT_CERT:
1349                         if (!CertAddCertificateContextToStore(store,
1350                          context, CERT_STORE_ADD_ALWAYS, NULL))
1351                             ret = FALSE;
1352                         CertFreeCertificateContext(context);
1353                         break;
1354                     case CERT_QUERY_CONTENT_CRL:
1355                         if (!CertAddCRLContextToStore(store,
1356                          context, CERT_STORE_ADD_ALWAYS, NULL))
1357                              ret = FALSE;
1358                         CertFreeCRLContext(context);
1359                         break;
1360                     case CERT_QUERY_CONTENT_CTL:
1361                         if (!CertAddCTLContextToStore(store,
1362                          context, CERT_STORE_ADD_ALWAYS, NULL))
1363                              ret = FALSE;
1364                         CertFreeCTLContext(context);
1365                         break;
1366                     default:
1367                         CertAddStoreToCollection(store, contextStore, 0, 0);
1368                     }
1369                     CertCloseStore(contextStore, 0);
1370                 }
1371                 else
1372                     ret = FALSE;
1373             }
1374         }
1375         else
1376             ret = FALSE;
1377         *ppvContext = store;
1378     }
1379     return ret;
1380 }
1381
1382 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1383  DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1384
1385 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1386  ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1387 {
1388     BOOL ret = TRUE;
1389
1390     TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1391
1392     *pFunc = NULL;
1393     *phFunc = 0;
1394     if (!HIWORD(pszObjectOid))
1395     {
1396         switch (LOWORD(pszObjectOid))
1397         {
1398         case 0:
1399             *pFunc = CRYPT_CreateBlob;
1400             break;
1401         case LOWORD(CONTEXT_OID_CERTIFICATE):
1402             *pFunc = CRYPT_CreateCert;
1403             break;
1404         case LOWORD(CONTEXT_OID_CRL):
1405             *pFunc = CRYPT_CreateCRL;
1406             break;
1407         case LOWORD(CONTEXT_OID_CTL):
1408             *pFunc = CRYPT_CreateCTL;
1409             break;
1410         case LOWORD(CONTEXT_OID_PKCS7):
1411             *pFunc = CRYPT_CreatePKCS7;
1412             break;
1413         case LOWORD(CONTEXT_OID_CAPI2_ANY):
1414             *pFunc = CRYPT_CreateAny;
1415             break;
1416         }
1417     }
1418     if (!*pFunc)
1419     {
1420         static HCRYPTOIDFUNCSET set = NULL;
1421
1422         if (!set)
1423             set = CryptInitOIDFunctionSet(
1424              CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1425         ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1426          0, (void **)pFunc, phFunc);
1427     }
1428     TRACE("returning %d\n", ret);
1429     return ret;
1430 }
1431
1432 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1433  FILETIME *expiration);
1434
1435 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1436 {
1437     PCCERT_CONTEXT cert = pvObject;
1438
1439     *expiration = cert->pCertInfo->NotAfter;
1440     return TRUE;
1441 }
1442
1443 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1444 {
1445     PCCRL_CONTEXT cert = pvObject;
1446
1447     *expiration = cert->pCrlInfo->NextUpdate;
1448     return TRUE;
1449 }
1450
1451 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1452 {
1453     PCCTL_CONTEXT cert = pvObject;
1454
1455     *expiration = cert->pCtlInfo->NextUpdate;
1456     return TRUE;
1457 }
1458
1459 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1460  get_object_expiration_func *getExpiration)
1461 {
1462     BOOL ret;
1463
1464     if (!HIWORD(pszObjectOid))
1465     {
1466         switch (LOWORD(pszObjectOid))
1467         {
1468         case LOWORD(CONTEXT_OID_CERTIFICATE):
1469             *getExpiration = CRYPT_GetExpirationFromCert;
1470             ret = TRUE;
1471             break;
1472         case LOWORD(CONTEXT_OID_CRL):
1473             *getExpiration = CRYPT_GetExpirationFromCRL;
1474             ret = TRUE;
1475             break;
1476         case LOWORD(CONTEXT_OID_CTL):
1477             *getExpiration = CRYPT_GetExpirationFromCTL;
1478             ret = TRUE;
1479             break;
1480         default:
1481             ret = FALSE;
1482         }
1483     }
1484     else
1485         ret = FALSE;
1486     return ret;
1487 }
1488
1489 /***********************************************************************
1490  *    CryptRetrieveObjectByUrlW (CRYPTNET.@)
1491  */
1492 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1493  DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1494  HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1495  PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1496 {
1497     BOOL ret;
1498     SchemeDllRetrieveEncodedObjectW retrieve;
1499     ContextDllCreateObjectContext create;
1500     HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1501
1502     TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1503      debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1504      hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1505
1506     if (!pszURL)
1507     {
1508         SetLastError(ERROR_INVALID_PARAMETER);
1509         return FALSE;
1510     }
1511     ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1512     if (ret)
1513         ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1514     if (ret)
1515     {
1516         CRYPT_BLOB_ARRAY object = { 0, NULL };
1517         PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1518         void *freeContext;
1519
1520         ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1521          &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1522          pAuxInfo);
1523         if (ret)
1524         {
1525             get_object_expiration_func getExpiration;
1526
1527             ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1528             if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1529              CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1530             {
1531                 FILETIME expires;
1532
1533                 if (getExpiration(*ppvObject, &expires))
1534                     CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1535             }
1536             freeObject(pszObjectOid, &object, freeContext);
1537         }
1538     }
1539     if (hCreate)
1540         CryptFreeOIDFunctionAddress(hCreate, 0);
1541     if (hRetrieve)
1542         CryptFreeOIDFunctionAddress(hRetrieve, 0);
1543     TRACE("returning %d\n", ret);
1544     return ret;
1545 }
1546
1547 static DWORD verify_cert_revocation_with_crl(PCCERT_CONTEXT cert,
1548  PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1549  PCERT_REVOCATION_STATUS pRevStatus)
1550 {
1551     DWORD error;
1552
1553     if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
1554     {
1555         /* The CRL isn't time valid */
1556         error = CRYPT_E_NO_REVOCATION_CHECK;
1557     }
1558     else
1559     {
1560         PCRL_ENTRY entry = NULL;
1561
1562         CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1563         if (entry)
1564         {
1565             error = CRYPT_E_REVOKED;
1566             pRevStatus->dwIndex = index;
1567         }
1568         else
1569             error = ERROR_SUCCESS;
1570     }
1571     return error;
1572 }
1573
1574 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1575  FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1576  PCERT_REVOCATION_STATUS pRevStatus)
1577 {
1578     BOOL ret;
1579     DWORD error = ERROR_SUCCESS, cbUrlArray;
1580
1581     ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT, (void *)cert,
1582      0, NULL, &cbUrlArray, NULL, NULL, NULL);
1583     if (!ret && GetLastError() == CRYPT_E_NOT_FOUND)
1584     {
1585         if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1586         {
1587             PCERT_EXTENSION ext;
1588             PCCRL_CONTEXT crl = NULL;
1589             BOOL canSignCRLs;
1590
1591             /* If the caller told us about the issuer, make sure the issuer
1592              * can sign CRLs before looking for one.
1593              */
1594             if ((ext = CertFindExtension(szOID_KEY_USAGE,
1595              pRevPara->pIssuerCert->pCertInfo->cExtension,
1596              pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1597             {
1598                 CRYPT_BIT_BLOB usage;
1599                 DWORD size = sizeof(usage);
1600
1601                 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1602                  ext->Value.pbData, ext->Value.cbData,
1603                  CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1604                     canSignCRLs = FALSE;
1605                 else if (usage.cbData > 2)
1606                 {
1607                     /* The key usage extension only defines 9 bits => no more
1608                      * than 2 bytes are needed to encode all known usages.
1609                      */
1610                     canSignCRLs = FALSE;
1611                 }
1612                 else
1613                 {
1614                     BYTE usageBits = usage.pbData[usage.cbData - 1];
1615
1616                     canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1617                 }
1618             }
1619             else
1620                 canSignCRLs = TRUE;
1621             if (canSignCRLs)
1622             {
1623                 /* If the caller was helpful enough to tell us where to find a
1624                  * CRL for the cert, look for one and check it.
1625                  */
1626                 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1627                  cert->dwCertEncodingType,
1628                  CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1629                  CRL_FIND_ISSUED_BY_AKI_FLAG,
1630                  CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1631             }
1632             if (crl)
1633             {
1634                 error = verify_cert_revocation_with_crl(cert, crl, index,
1635                  pTime, pRevStatus);
1636                 CertFreeCRLContext(crl);
1637             }
1638             else
1639             {
1640                 error = CRYPT_E_NO_REVOCATION_CHECK;
1641                 pRevStatus->dwIndex = index;
1642             }
1643         }
1644         else
1645         {
1646             error = CRYPT_E_NO_REVOCATION_CHECK;
1647             pRevStatus->dwIndex = index;
1648         }
1649     }
1650     else if (ret)
1651     {
1652         CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1653
1654         if (urlArray)
1655         {
1656             DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1657
1658             ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
1659              (void *)cert, 0, urlArray, &cbUrlArray, NULL, NULL, NULL);
1660             if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1661                 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1662             if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1663              pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1664              dwUrlRetrievalTimeout) + sizeof(DWORD))
1665             {
1666                 startTime = GetTickCount();
1667                 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1668                 timeout = pRevPara->dwUrlRetrievalTimeout;
1669             }
1670             else
1671                 endTime = timeout = 0;
1672             if (!ret)
1673                 error = GetLastError();
1674             for (j = 0; !error && j < urlArray->cUrl; j++)
1675             {
1676                 PCCRL_CONTEXT crl;
1677
1678                 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1679                  CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1680                  NULL, NULL, NULL, NULL);
1681                 if (ret)
1682                 {
1683                     error = verify_cert_revocation_with_crl(cert, crl, index,
1684                      pTime, pRevStatus);
1685                     if (!error && timeout)
1686                     {
1687                         DWORD time = GetTickCount();
1688
1689                         if ((int)(endTime - time) <= 0)
1690                         {
1691                             error = ERROR_TIMEOUT;
1692                             pRevStatus->dwIndex = index;
1693                         }
1694                         else
1695                             timeout = endTime - time;
1696                     }
1697                     CertFreeCRLContext(crl);
1698                 }
1699                 else
1700                     error = CRYPT_E_REVOCATION_OFFLINE;
1701             }
1702             CryptMemFree(urlArray);
1703         }
1704         else
1705         {
1706             error = ERROR_OUTOFMEMORY;
1707             pRevStatus->dwIndex = index;
1708         }
1709     }
1710     else
1711     {
1712         error = GetLastError();
1713         pRevStatus->dwIndex = index;
1714     }
1715     return error;
1716 }
1717
1718 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1719     DWORD                     cbSize;
1720     PCCERT_CONTEXT            pIssuerCert;
1721     DWORD                     cCertStore;
1722     HCERTSTORE               *rgCertStore;
1723     HCERTSTORE                hCrlStore;
1724     LPFILETIME                pftTimeToUse;
1725 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1726
1727 typedef struct _OLD_CERT_REVOCATION_STATUS {
1728     DWORD cbSize;
1729     DWORD dwIndex;
1730     DWORD dwError;
1731     DWORD dwReason;
1732 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1733
1734 /***********************************************************************
1735  *    CertDllVerifyRevocation (CRYPTNET.@)
1736  */
1737 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1738  DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1739  PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1740 {
1741     DWORD error = 0, i;
1742     BOOL ret;
1743     FILETIME now;
1744     LPFILETIME pTime = NULL;
1745
1746     TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1747      cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1748
1749     if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1750      pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1751     {
1752         SetLastError(E_INVALIDARG);
1753         return FALSE;
1754     }
1755     if (!cContext)
1756     {
1757         SetLastError(E_INVALIDARG);
1758         return FALSE;
1759     }
1760     if (pRevPara && pRevPara->cbSize >=
1761      sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1762         pTime = pRevPara->pftTimeToUse;
1763     if (!pTime)
1764     {
1765         GetSystemTimeAsFileTime(&now);
1766         pTime = &now;
1767     }
1768     memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1769     if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1770         error = CRYPT_E_NO_REVOCATION_CHECK;
1771     else
1772     {
1773         for (i = 0; !error && i < cContext; i++)
1774             error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1775              pRevPara, pRevStatus);
1776     }
1777     if (error)
1778     {
1779         SetLastError(error);
1780         pRevStatus->dwError = error;
1781         ret = FALSE;
1782     }
1783     TRACE("returning %d (%08x)\n", ret, error);
1784     return ret;
1785 }