2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 #include "wine/port.h"
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
39 #include "wine/debug.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
43 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
45 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
47 TRACE("(0x%p, %d, %p)\n", hinstDLL, fdwReason, lpvReserved);
50 case DLL_PROCESS_ATTACH:
51 DisableThreadLibraryCalls(hinstDLL);
53 case DLL_PROCESS_DETACH:
54 /* Do uninitialisation here */
61 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
63 static const WCHAR ldapProvOpenStore[] = { 'L','d','a','p','P','r','o','v',
64 'O','p','e','S','t','o','r','e',0 };
66 /***********************************************************************
67 * DllRegisterServer (CRYPTNET.@)
69 HRESULT WINAPI DllRegisterServer(void)
72 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
73 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
74 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
75 cryptNet, "LdapProvOpenStore");
76 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
77 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
81 /***********************************************************************
82 * DllUnregisterServer (CRYPTNET.@)
84 HRESULT WINAPI DllUnregisterServer(void)
87 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
88 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
89 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
90 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
91 CERT_STORE_PROV_LDAP_W);
95 static const char *url_oid_to_str(LPCSTR oid)
103 #define _x(oid) case LOWORD(oid): return #oid
104 _x(URL_OID_CERTIFICATE_ISSUER);
105 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
106 _x(URL_OID_CTL_ISSUER);
107 _x(URL_OID_CTL_NEXT_UPDATE);
108 _x(URL_OID_CRL_ISSUER);
109 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
110 _x(URL_OID_CRL_FRESHEST_CRL);
111 _x(URL_OID_CROSS_CERT_DIST_POINT);
114 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
122 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
123 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
125 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
126 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
127 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
129 PCCERT_CONTEXT cert = pvPara;
133 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
134 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
136 SetLastError(CRYPT_E_NOT_FOUND);
139 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
140 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
142 CERT_AUTHORITY_INFO_ACCESS *aia;
145 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
146 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
150 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
152 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
153 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
154 szOID_PKIX_CA_ISSUERS))
156 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
159 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
162 bytesNeeded += sizeof(LPWSTR) +
163 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
164 pwszURL) + 1) * sizeof(WCHAR);
168 FIXME("unsupported alt name type %d\n",
169 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
173 SetLastError(E_INVALIDARG);
177 *pcbUrlArray = bytesNeeded;
178 else if (*pcbUrlArray < bytesNeeded)
180 SetLastError(ERROR_MORE_DATA);
181 *pcbUrlArray = bytesNeeded;
188 *pcbUrlArray = bytesNeeded;
190 pUrlArray->rgwszUrl =
191 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
192 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
193 + cUrl * sizeof(LPWSTR));
194 for (i = 0; i < aia->cAccDescr; i++)
195 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
196 szOID_PKIX_CA_ISSUERS))
198 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
199 == CERT_ALT_NAME_URL)
201 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
204 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
205 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
207 nextUrl += (lstrlenW(nextUrl) + 1);
216 FIXME("url info: stub\n");
218 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
219 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
221 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
222 SetLastError(ERROR_MORE_DATA);
227 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
228 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
236 SetLastError(CRYPT_E_NOT_FOUND);
240 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
241 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
245 CRL_DIST_POINTS_INFO *info;
248 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
249 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
252 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
254 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
255 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
256 == CRL_DIST_POINT_FULL_NAME)
259 CERT_ALT_NAME_INFO *name =
260 &info->rgDistPoint[i].DistPointName.u.FullName;
262 for (j = 0; j < name->cAltEntry; j++)
263 if (name->rgAltEntry[j].dwAltNameChoice ==
266 if (name->rgAltEntry[j].u.pwszURL)
269 bytesNeeded += sizeof(LPWSTR) +
270 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
277 SetLastError(E_INVALIDARG);
281 *pcbUrlArray = bytesNeeded;
282 else if (*pcbUrlArray < bytesNeeded)
284 SetLastError(ERROR_MORE_DATA);
285 *pcbUrlArray = bytesNeeded;
292 *pcbUrlArray = bytesNeeded;
294 pUrlArray->rgwszUrl =
295 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
296 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
297 + cUrl * sizeof(LPWSTR));
298 for (i = 0; i < info->cDistPoint; i++)
299 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
300 == CRL_DIST_POINT_FULL_NAME)
303 CERT_ALT_NAME_INFO *name =
304 &info->rgDistPoint[i].DistPointName.u.FullName;
306 for (j = 0; j < name->cAltEntry; j++)
307 if (name->rgAltEntry[j].dwAltNameChoice ==
310 if (name->rgAltEntry[j].u.pwszURL)
313 name->rgAltEntry[j].u.pwszURL);
314 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
317 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
326 FIXME("url info: stub\n");
328 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
329 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
331 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
332 SetLastError(ERROR_MORE_DATA);
337 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
338 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
347 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
348 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
349 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
351 PCCERT_CONTEXT cert = pvPara;
355 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
356 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
358 SetLastError(CRYPT_E_NOT_FOUND);
361 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
362 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
363 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
364 pcbUrlArray, pUrlInfo, pcbUrlInfo);
366 SetLastError(CRYPT_E_NOT_FOUND);
370 /***********************************************************************
371 * CryptGetObjectUrl (CRYPTNET.@)
373 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
374 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
375 DWORD *pcbUrlInfo, LPVOID pvReserved)
377 UrlDllGetObjectUrlFunc func = NULL;
378 HCRYPTOIDFUNCADDR hFunc = NULL;
381 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
382 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
384 if (IS_INTOID(pszUrlOid))
386 switch (LOWORD(pszUrlOid))
388 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
389 func = CRYPT_GetUrlFromCertificateIssuer;
391 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
392 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
395 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
396 SetLastError(ERROR_FILE_NOT_FOUND);
401 static HCRYPTOIDFUNCSET set = NULL;
404 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
405 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
406 (void **)&func, &hFunc);
409 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
410 pUrlInfo, pcbUrlInfo, pvReserved);
412 CryptFreeOIDFunctionAddress(hFunc, 0);
416 /***********************************************************************
417 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
419 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
420 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
421 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
422 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
427 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
428 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
429 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
433 SetLastError(ERROR_INVALID_PARAMETER);
436 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
439 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
443 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
444 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
445 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
446 pCredentials, pvVerify, pAuxInfo);
450 SetLastError(ERROR_OUTOFMEMORY);
455 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
456 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
460 for (i = 0; i < pObject->cBlob; i++)
461 CryptMemFree(pObject->rgBlob[i].pbData);
462 CryptMemFree(pObject->rgBlob);
465 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
470 if ((ret = GetFileSizeEx(hFile, &size)))
474 WARN("file too big\n");
475 SetLastError(ERROR_INVALID_DATA);
480 CRYPT_DATA_BLOB blob;
482 blob.pbData = CryptMemAlloc(size.u.LowPart);
485 blob.cbData = size.u.LowPart;
486 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
490 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
494 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
498 SetLastError(ERROR_OUTOFMEMORY);
503 CryptMemFree(blob.pbData);
507 SetLastError(ERROR_OUTOFMEMORY);
515 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
516 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
519 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
522 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
524 ret = GetUrlCacheEntryInfoW(pszURL, NULL, &size);
525 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
527 pCacheInfo = CryptMemAlloc(size);
531 SetLastError(ERROR_OUTOFMEMORY);
533 if (ret && (ret = GetUrlCacheEntryInfoW(pszURL, pCacheInfo, &size)))
537 GetSystemTimeAsFileTime(&ft);
538 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
540 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName,
541 GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
543 if (hFile != INVALID_HANDLE_VALUE)
545 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
547 if (pAuxInfo && pAuxInfo->cbSize >=
548 offsetof(CRYPT_RETRIEVE_AUX_INFO,
549 pLastSyncTime) + sizeof(PFILETIME) &&
550 pAuxInfo->pLastSyncTime)
551 memcpy(pAuxInfo->pLastSyncTime,
552 &pCacheInfo->LastSyncTime,
559 DeleteUrlCacheEntryW(pszURL);
565 DeleteUrlCacheEntryW(pszURL);
569 CryptMemFree(pCacheInfo);
570 TRACE("returning %d\n", ret);
574 /* Parses the URL, and sets components's lpszHostName and lpszUrlPath members
575 * to NULL-terminated copies of those portions of the URL (to be freed with
578 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
582 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
584 memset(components, 0, sizeof(*components));
585 components->dwStructSize = sizeof(*components);
586 components->lpszHostName = CryptMemAlloc(MAX_PATH * sizeof(WCHAR));
587 components->dwHostNameLength = MAX_PATH;
588 components->lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
589 components->dwUrlPathLength = 2 * MAX_PATH;
590 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
593 if ((components->dwUrlPathLength == 2 * MAX_PATH - 1) ||
594 (components->dwHostNameLength == MAX_PATH - 1))
595 FIXME("Buffers are too small\n");
596 switch (components->nScheme)
598 case INTERNET_SCHEME_FTP:
599 if (!components->nPort)
600 components->nPort = INTERNET_DEFAULT_FTP_PORT;
602 case INTERNET_SCHEME_HTTP:
603 if (!components->nPort)
604 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
610 TRACE("returning %d\n", ret);
621 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
623 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
627 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
630 CryptMemFree(context);
635 context->timeout = dwTimeout;
636 context->error = ERROR_SUCCESS;
642 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
643 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
644 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
646 CRYPT_DATA_BLOB object = { 0, NULL };
647 DWORD bytesAvailable;
651 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
656 object.pbData = CryptMemRealloc(object.pbData,
657 object.cbData + bytesAvailable);
659 object.pbData = CryptMemAlloc(bytesAvailable);
662 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
664 buffer.dwBufferLength = bytesAvailable;
665 buffer.lpvBuffer = object.pbData + object.cbData;
666 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
667 (DWORD_PTR)context)))
669 if (GetLastError() == ERROR_IO_PENDING)
671 if (WaitForSingleObject(context->event,
672 context->timeout) == WAIT_TIMEOUT)
673 SetLastError(ERROR_TIMEOUT);
674 else if (context->error)
675 SetLastError(context->error);
681 object.cbData += buffer.dwBufferLength;
685 SetLastError(ERROR_OUTOFMEMORY);
690 else if (GetLastError() == ERROR_IO_PENDING)
692 if (WaitForSingleObject(context->event, context->timeout) ==
694 SetLastError(ERROR_TIMEOUT);
698 } while (ret && bytesAvailable);
701 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
702 if (!pObject->rgBlob)
704 CryptMemFree(object.pbData);
705 SetLastError(ERROR_OUTOFMEMORY);
710 pObject->rgBlob[0].cbData = object.cbData;
711 pObject->rgBlob[0].pbData = object.pbData;
715 TRACE("returning %d\n", ret);
719 /* Finds the object specified by pszURL in the cache. If it's not found,
720 * creates a new cache entry for the object and writes the object to it.
721 * Sets the expiration time of the cache entry to expires.
723 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
724 DWORD dwRetrievalFlags, FILETIME expires)
726 WCHAR cacheFileName[MAX_PATH];
728 BOOL ret, create = FALSE;
730 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
731 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
733 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
739 ret = GetUrlCacheEntryInfoW(pszURL, info, &size);
741 lstrcpyW(cacheFileName, info->lpszLocalFileName);
742 /* Check if the existing cache entry is up to date. If it isn't,
743 * remove the existing cache entry, and create a new one with the
746 GetSystemTimeAsFileTime(&ft);
747 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
750 DeleteUrlCacheEntryW(pszURL);
751 DeleteFileW(cacheFileName);
760 ret = CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL,
771 HANDLE hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
772 NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
774 if (hCacheFile != INVALID_HANDLE_VALUE)
778 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
779 pObject->rgBlob[0].cbData, &bytesWritten, NULL);
780 CloseHandle(hCacheFile);
787 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
788 entryType = NORMAL_CACHE_ENTRY;
790 entryType = STICKY_CACHE_ENTRY;
791 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
792 NULL, 0, NULL, NULL);
797 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
798 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
800 struct InetContext *context = (struct InetContext *)dwContext;
801 LPINTERNET_ASYNC_RESULT result;
805 case INTERNET_STATUS_REQUEST_COMPLETE:
807 context->error = result->dwError;
808 SetEvent(context->event);
812 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
813 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
814 HINTERNET *phInt, HINTERNET *phHost)
818 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
819 components->nPort, context, pCredentials, phInt, phInt);
822 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL,
823 context ? INTERNET_FLAG_ASYNC : 0);
829 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
830 switch (components->nScheme)
832 case INTERNET_SCHEME_FTP:
833 service = INTERNET_SERVICE_FTP;
835 case INTERNET_SCHEME_HTTP:
836 service = INTERNET_SERVICE_HTTP;
841 /* FIXME: use pCredentials for username/password */
842 *phHost = InternetConnectW(*phInt, components->lpszHostName,
843 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
846 InternetCloseHandle(*phInt);
855 TRACE("returning %d\n", ret);
859 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
860 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
861 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
862 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
863 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
865 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
866 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
867 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
870 pObject->rgBlob = NULL;
871 *ppfnFreeObject = CRYPT_FreeBlob;
872 *ppvFreeContext = NULL;
876 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
877 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
878 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
879 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
881 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
882 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
884 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
885 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
886 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
887 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
889 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
890 '/','p','k','i','x','-','c','r','l',0 };
891 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
892 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
893 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
894 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
895 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
896 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
898 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
899 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
900 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
901 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
902 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
906 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
907 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
908 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
911 pObject->rgBlob = NULL;
912 *ppfnFreeObject = CRYPT_FreeBlob;
913 *ppvFreeContext = NULL;
915 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
916 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
917 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
918 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
920 URL_COMPONENTSW components;
922 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
924 HINTERNET hInt, hHost;
925 struct InetContext *context = NULL;
928 context = CRYPT_MakeInetContext(dwTimeout);
929 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
933 static LPCWSTR types[] = { x509cacert, x509emailcert,
934 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
935 pkcs7sig, pkcs7mime, NULL };
936 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
937 components.lpszUrlPath, NULL, NULL, types,
938 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
945 InternetSetOptionW(hHttp,
946 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
948 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
949 &dwTimeout, sizeof(dwTimeout));
951 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
953 if (!ret && GetLastError() == ERROR_IO_PENDING)
955 if (WaitForSingleObject(context->event,
956 context->timeout) == WAIT_TIMEOUT)
957 SetLastError(ERROR_TIMEOUT);
961 /* We don't set ret to TRUE in this block to avoid masking
962 * an error from HttpSendRequestExW.
964 if (!HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context) &&
965 GetLastError() == ERROR_IO_PENDING)
967 if (WaitForSingleObject(context->event,
968 context->timeout) == WAIT_TIMEOUT)
970 SetLastError(ERROR_TIMEOUT);
975 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
976 context, pObject, pAuxInfo);
977 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
980 DWORD len = sizeof(st);
982 if (HttpQueryInfoW(hHttp,
983 HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
988 SystemTimeToFileTime(&st, &ft);
989 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
993 InternetCloseHandle(hHttp);
995 InternetCloseHandle(hHost);
996 InternetCloseHandle(hInt);
1000 CloseHandle(context->event);
1001 CryptMemFree(context);
1003 CryptMemFree(components.lpszUrlPath);
1004 CryptMemFree(components.lpszHostName);
1007 TRACE("returning %d\n", ret);
1011 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
1012 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1013 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1014 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1015 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1017 URL_COMPONENTSW components = { sizeof(components), 0 };
1020 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1021 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
1022 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1025 pObject->rgBlob = NULL;
1026 *ppfnFreeObject = CRYPT_FreeBlob;
1027 *ppvFreeContext = NULL;
1029 components.lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
1030 components.dwUrlPathLength = 2 * MAX_PATH;
1031 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1036 if (components.dwUrlPathLength == 2 * MAX_PATH - 1)
1037 FIXME("Buffers are too small\n");
1039 /* 3 == lstrlenW(L"c:") + 1 */
1040 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1045 /* Try to create the file directly - Wine handles / in pathnames */
1046 lstrcpynW(path, components.lpszUrlPath,
1047 components.dwUrlPathLength + 1);
1048 hFile = CreateFileW(path, GENERIC_READ, 0, NULL, OPEN_EXISTING,
1049 FILE_ATTRIBUTE_NORMAL, NULL);
1050 if (hFile == INVALID_HANDLE_VALUE)
1052 /* Try again on the current drive */
1053 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1056 lstrcpynW(path + 2, components.lpszUrlPath,
1057 components.dwUrlPathLength + 1);
1058 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1059 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1061 if (hFile == INVALID_HANDLE_VALUE)
1063 /* Try again on the Windows drive */
1064 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1067 lstrcpynW(path + 2, components.lpszUrlPath,
1068 components.dwUrlPathLength + 1);
1069 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1070 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1074 if (hFile != INVALID_HANDLE_VALUE)
1076 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1078 if (pAuxInfo && pAuxInfo->cbSize >=
1079 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1080 pLastSyncTime) + sizeof(PFILETIME) &&
1081 pAuxInfo->pLastSyncTime)
1082 GetFileTime(hFile, NULL, NULL,
1083 pAuxInfo->pLastSyncTime);
1092 CryptMemFree(components.lpszUrlPath);
1096 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1097 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1098 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1099 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1100 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1102 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1103 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1105 URL_COMPONENTSW components = { sizeof(components), 0 };
1108 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1112 components.dwSchemeLength = 1;
1113 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1116 /* Microsoft always uses CryptInitOIDFunctionSet/
1117 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1118 * reason to do so for builtin schemes.
1120 switch (components.nScheme)
1122 case INTERNET_SCHEME_FTP:
1123 *pFunc = FTP_RetrieveEncodedObjectW;
1125 case INTERNET_SCHEME_HTTP:
1126 *pFunc = HTTP_RetrieveEncodedObjectW;
1128 case INTERNET_SCHEME_FILE:
1129 *pFunc = File_RetrieveEncodedObjectW;
1133 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1134 components.dwSchemeLength, NULL, 0, NULL, NULL);
1138 LPSTR scheme = CryptMemAlloc(len);
1142 static HCRYPTOIDFUNCSET set = NULL;
1145 set = CryptInitOIDFunctionSet(
1146 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1147 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1148 components.dwSchemeLength, scheme, len, NULL, NULL);
1149 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1150 scheme, 0, (void **)pFunc, phFunc);
1151 CryptMemFree(scheme);
1155 SetLastError(ERROR_OUTOFMEMORY);
1164 TRACE("returning %d\n", ret);
1168 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1169 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1172 CRYPT_BLOB_ARRAY *context;
1175 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1176 for (i = 0; i < pObject->cBlob; i++)
1177 size += pObject->rgBlob[i].cbData;
1178 context = CryptMemAlloc(size);
1185 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1187 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1188 for (i = 0; i < pObject->cBlob; i++)
1190 memcpy(nextData, pObject->rgBlob[i].pbData,
1191 pObject->rgBlob[i].cbData);
1192 context->rgBlob[i].pbData = nextData;
1193 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1194 nextData += pObject->rgBlob[i].cbData;
1197 *ppvContext = context;
1203 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1204 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1206 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1207 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1211 if (!pObject->cBlob)
1213 SetLastError(ERROR_INVALID_DATA);
1217 else if (pObject->cBlob == 1)
1219 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1220 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1221 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1223 SetLastError(CRYPT_E_NO_MATCH);
1229 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1230 CERT_STORE_CREATE_NEW_FLAG, NULL);
1235 const void *context;
1237 for (i = 0; i < pObject->cBlob; i++)
1239 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1240 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1241 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1244 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1249 SetLastError(CRYPT_E_NO_MATCH);
1256 *ppvContext = store;
1261 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1262 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1264 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1265 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1268 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1269 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1271 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1272 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1275 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1276 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1278 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1279 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1282 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1283 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1287 if (!pObject->cBlob)
1289 SetLastError(ERROR_INVALID_DATA);
1293 else if (pObject->cBlob == 1)
1294 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1295 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1296 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1297 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1300 FIXME("multiple messages unimplemented\n");
1306 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1307 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1311 if (!pObject->cBlob)
1313 SetLastError(ERROR_INVALID_DATA);
1319 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1320 CERT_STORE_CREATE_NEW_FLAG, NULL);
1324 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1325 CERT_STORE_CREATE_NEW_FLAG, NULL);
1329 CertAddStoreToCollection(store, memStore,
1330 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1331 CertCloseStore(memStore, 0);
1335 CertCloseStore(store, 0);
1344 for (i = 0; i < pObject->cBlob; i++)
1346 DWORD contentType, expectedContentTypes =
1347 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1348 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1349 CERT_QUERY_CONTENT_FLAG_CERT |
1350 CERT_QUERY_CONTENT_FLAG_CRL |
1351 CERT_QUERY_CONTENT_FLAG_CTL;
1352 HCERTSTORE contextStore;
1353 const void *context;
1355 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1356 &pObject->rgBlob[i], expectedContentTypes,
1357 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1358 &contextStore, NULL, &context))
1360 switch (contentType)
1362 case CERT_QUERY_CONTENT_CERT:
1363 if (!CertAddCertificateContextToStore(store,
1364 context, CERT_STORE_ADD_ALWAYS, NULL))
1366 CertFreeCertificateContext(context);
1368 case CERT_QUERY_CONTENT_CRL:
1369 if (!CertAddCRLContextToStore(store,
1370 context, CERT_STORE_ADD_ALWAYS, NULL))
1372 CertFreeCRLContext(context);
1374 case CERT_QUERY_CONTENT_CTL:
1375 if (!CertAddCTLContextToStore(store,
1376 context, CERT_STORE_ADD_ALWAYS, NULL))
1378 CertFreeCTLContext(context);
1381 CertAddStoreToCollection(store, contextStore, 0, 0);
1383 CertCloseStore(contextStore, 0);
1391 *ppvContext = store;
1396 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1397 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1399 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1400 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1404 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1408 if (IS_INTOID(pszObjectOid))
1410 switch (LOWORD(pszObjectOid))
1413 *pFunc = CRYPT_CreateBlob;
1415 case LOWORD(CONTEXT_OID_CERTIFICATE):
1416 *pFunc = CRYPT_CreateCert;
1418 case LOWORD(CONTEXT_OID_CRL):
1419 *pFunc = CRYPT_CreateCRL;
1421 case LOWORD(CONTEXT_OID_CTL):
1422 *pFunc = CRYPT_CreateCTL;
1424 case LOWORD(CONTEXT_OID_PKCS7):
1425 *pFunc = CRYPT_CreatePKCS7;
1427 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1428 *pFunc = CRYPT_CreateAny;
1434 static HCRYPTOIDFUNCSET set = NULL;
1437 set = CryptInitOIDFunctionSet(
1438 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1439 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1440 0, (void **)pFunc, phFunc);
1442 TRACE("returning %d\n", ret);
1446 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1447 FILETIME *expiration);
1449 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1451 PCCERT_CONTEXT cert = pvObject;
1453 *expiration = cert->pCertInfo->NotAfter;
1457 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1459 PCCRL_CONTEXT cert = pvObject;
1461 *expiration = cert->pCrlInfo->NextUpdate;
1465 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1467 PCCTL_CONTEXT cert = pvObject;
1469 *expiration = cert->pCtlInfo->NextUpdate;
1473 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1474 get_object_expiration_func *getExpiration)
1478 if (IS_INTOID(pszObjectOid))
1480 switch (LOWORD(pszObjectOid))
1482 case LOWORD(CONTEXT_OID_CERTIFICATE):
1483 *getExpiration = CRYPT_GetExpirationFromCert;
1486 case LOWORD(CONTEXT_OID_CRL):
1487 *getExpiration = CRYPT_GetExpirationFromCRL;
1490 case LOWORD(CONTEXT_OID_CTL):
1491 *getExpiration = CRYPT_GetExpirationFromCTL;
1503 /***********************************************************************
1504 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1506 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1507 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1508 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1509 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1512 SchemeDllRetrieveEncodedObjectW retrieve;
1513 ContextDllCreateObjectContext create;
1514 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1516 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1517 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1518 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1522 SetLastError(ERROR_INVALID_PARAMETER);
1525 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1527 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1530 CRYPT_BLOB_ARRAY object = { 0, NULL };
1531 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1534 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1535 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1539 get_object_expiration_func getExpiration;
1541 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1542 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1543 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1547 if (getExpiration(*ppvObject, &expires))
1548 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1550 freeObject(pszObjectOid, &object, freeContext);
1554 CryptFreeOIDFunctionAddress(hCreate, 0);
1556 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1557 TRACE("returning %d\n", ret);
1561 static DWORD verify_cert_revocation_with_crl(PCCERT_CONTEXT cert,
1562 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1563 PCERT_REVOCATION_STATUS pRevStatus)
1567 if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
1569 /* The CRL isn't time valid */
1570 error = CRYPT_E_NO_REVOCATION_CHECK;
1574 PCRL_ENTRY entry = NULL;
1576 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1579 error = CRYPT_E_REVOKED;
1580 pRevStatus->dwIndex = index;
1583 error = ERROR_SUCCESS;
1588 static DWORD verify_cert_revocation_from_dist_points_ext(
1589 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1590 FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
1591 PCERT_REVOCATION_STATUS pRevStatus)
1593 DWORD error = ERROR_SUCCESS, cbUrlArray;
1595 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1597 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1601 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1604 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1605 &cbUrlArray, NULL, NULL);
1606 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1607 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1608 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1609 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1610 dwUrlRetrievalTimeout) + sizeof(DWORD))
1612 startTime = GetTickCount();
1613 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1614 timeout = pRevPara->dwUrlRetrievalTimeout;
1617 endTime = timeout = 0;
1619 error = GetLastError();
1620 for (j = 0; !error && j < urlArray->cUrl; j++)
1624 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1625 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1626 NULL, NULL, NULL, NULL);
1629 error = verify_cert_revocation_with_crl(cert, crl, index,
1631 if (!error && timeout)
1633 DWORD time = GetTickCount();
1635 if ((int)(endTime - time) <= 0)
1637 error = ERROR_TIMEOUT;
1638 pRevStatus->dwIndex = index;
1641 timeout = endTime - time;
1643 CertFreeCRLContext(crl);
1646 error = CRYPT_E_REVOCATION_OFFLINE;
1648 CryptMemFree(urlArray);
1652 error = ERROR_OUTOFMEMORY;
1653 pRevStatus->dwIndex = index;
1658 error = GetLastError();
1659 pRevStatus->dwIndex = index;
1664 static DWORD verify_cert_revocation_from_aia_ext(
1665 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1666 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1667 PCERT_REVOCATION_STATUS pRevStatus)
1671 CERT_AUTHORITY_INFO_ACCESS *aia;
1673 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1674 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1679 for (i = 0; i < aia->cAccDescr; i++)
1680 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1683 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1685 FIXME("OCSP URL = %s\n",
1686 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1688 FIXME("unsupported AccessLocation type %d\n",
1689 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1692 /* FIXME: lie and pretend OCSP validated the cert */
1693 error = ERROR_SUCCESS;
1696 error = GetLastError();
1700 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1701 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1702 PCERT_REVOCATION_STATUS pRevStatus)
1704 DWORD error = ERROR_SUCCESS;
1705 PCERT_EXTENSION ext;
1707 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1708 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1709 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1710 index, pTime, dwFlags, pRevPara, pRevStatus);
1711 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1712 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1713 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1714 index, pTime, dwFlags, pRevPara, pRevStatus);
1717 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1719 PCCRL_CONTEXT crl = NULL;
1722 /* If the caller told us about the issuer, make sure the issuer
1723 * can sign CRLs before looking for one.
1725 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1726 pRevPara->pIssuerCert->pCertInfo->cExtension,
1727 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1729 CRYPT_BIT_BLOB usage;
1730 DWORD size = sizeof(usage);
1732 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1733 ext->Value.pbData, ext->Value.cbData,
1734 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1735 canSignCRLs = FALSE;
1736 else if (usage.cbData > 2)
1738 /* The key usage extension only defines 9 bits => no more
1739 * than 2 bytes are needed to encode all known usages.
1741 canSignCRLs = FALSE;
1745 BYTE usageBits = usage.pbData[usage.cbData - 1];
1747 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1754 /* If the caller was helpful enough to tell us where to find a
1755 * CRL for the cert, look for one and check it.
1757 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1758 cert->dwCertEncodingType,
1759 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1760 CRL_FIND_ISSUED_BY_AKI_FLAG,
1761 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1765 error = verify_cert_revocation_with_crl(cert, crl, index,
1767 CertFreeCRLContext(crl);
1771 error = CRYPT_E_NO_REVOCATION_CHECK;
1772 pRevStatus->dwIndex = index;
1777 error = CRYPT_E_NO_REVOCATION_CHECK;
1778 pRevStatus->dwIndex = index;
1784 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1786 PCCERT_CONTEXT pIssuerCert;
1788 HCERTSTORE *rgCertStore;
1789 HCERTSTORE hCrlStore;
1790 LPFILETIME pftTimeToUse;
1791 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1793 typedef struct _OLD_CERT_REVOCATION_STATUS {
1798 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1800 /***********************************************************************
1801 * CertDllVerifyRevocation (CRYPTNET.@)
1803 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1804 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1805 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1809 LPFILETIME pTime = NULL;
1811 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1812 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1814 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1815 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1817 SetLastError(E_INVALIDARG);
1822 SetLastError(E_INVALIDARG);
1825 if (pRevPara && pRevPara->cbSize >=
1826 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1827 pTime = pRevPara->pftTimeToUse;
1830 GetSystemTimeAsFileTime(&now);
1833 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1834 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1835 error = CRYPT_E_NO_REVOCATION_CHECK;
1838 for (i = 0; !error && i < cContext; i++)
1839 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1840 pRevPara, pRevStatus);
1844 SetLastError(error);
1845 pRevStatus->dwError = error;
1847 TRACE("returning %d (%08x)\n", !error, error);