2 * Copyright 2007 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/debug.h"
25 WINE_DEFAULT_DEBUG_CHANNEL(wintrust);
27 HRESULT WINAPI SoftpubInitialize(CRYPT_PROVIDER_DATA *data)
29 HRESULT ret = S_FALSE;
31 TRACE("(%p)\n", data);
33 if (data->padwTrustStepErrors &&
34 !data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT])
36 TRACE("returning %08x\n", ret);
40 /* Assumes data->pWintrustData->pFile exists. Makes sure a file handle is
43 static BOOL SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
47 /* PSDK implies that all values should be initialized to NULL, so callers
48 * typically have hFile as NULL rather than INVALID_HANDLE_VALUE. Check
51 if (!data->pWintrustData->pFile->hFile ||
52 data->pWintrustData->pFile->hFile == INVALID_HANDLE_VALUE)
54 data->pWintrustData->pFile->hFile =
55 CreateFileW(data->pWintrustData->pFile->pcwszFilePath, GENERIC_READ,
56 FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
57 if (data->pWintrustData->pFile->hFile != INVALID_HANDLE_VALUE)
58 data->fOpenedFile = TRUE;
62 TRACE("returning %d\n", ret);
66 /* Assumes data->pWintrustData->pFile exists. Sets data->pPDSip->gSubject to
67 * the file's subject GUID.
69 static BOOL SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
73 if (!data->pWintrustData->pFile->pgKnownSubject)
75 ret = CryptSIPRetrieveSubjectGuid(
76 data->pWintrustData->pFile->pcwszFilePath,
77 data->pWintrustData->pFile->hFile,
78 &data->pPDSip->gSubject);
82 memcpy(&data->pPDSip->gSubject,
83 data->pWintrustData->pFile->pgKnownSubject, sizeof(GUID));
86 TRACE("returning %d\n", ret);
90 /* Assumes data->pPDSip exists, and its gSubject member set.
91 * Allocates data->pPDSip->pSip and loads it, if possible.
93 static BOOL SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
97 data->pPDSip->pSip = data->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO));
98 if (data->pPDSip->pSip)
99 ret = CryptSIPLoad(&data->pPDSip->gSubject, 0, data->pPDSip->pSip);
102 SetLastError(ERROR_OUTOFMEMORY);
105 TRACE("returning %d\n", ret);
109 /* Assumes data->pPDSip has been loaded, and data->pPDSip->pSip allocated.
110 * Calls data->pPDSip->pSip->pfGet to construct data->hMsg.
112 static BOOL SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data)
118 data->pPDSip->psSipSubjectInfo =
119 data->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO));
120 if (!data->pPDSip->psSipSubjectInfo)
122 SetLastError(ERROR_OUTOFMEMORY);
126 data->pPDSip->psSipSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO);
127 data->pPDSip->psSipSubjectInfo->pgSubjectType = &data->pPDSip->gSubject;
128 data->pPDSip->psSipSubjectInfo->hFile = data->pWintrustData->pFile->hFile;
129 data->pPDSip->psSipSubjectInfo->pwsFileName =
130 data->pWintrustData->pFile->pcwszFilePath;
131 data->pPDSip->psSipSubjectInfo->hProv = data->hProv;
132 ret = data->pPDSip->pSip->pfGet(data->pPDSip->psSipSubjectInfo,
133 &data->dwEncoding, 0, &size, 0);
136 SetLastError(TRUST_E_NOSIGNATURE);
140 buf = data->psPfns->pfnAlloc(size);
143 SetLastError(ERROR_OUTOFMEMORY);
147 ret = data->pPDSip->pSip->pfGet(data->pPDSip->psSipSubjectInfo,
148 &data->dwEncoding, 0, &size, buf);
151 data->hMsg = CryptMsgOpenToDecode(data->dwEncoding, 0, 0, data->hProv,
154 ret = CryptMsgUpdate(data->hMsg, buf, size, TRUE);
157 data->psPfns->pfnFree(buf);
158 TRACE("returning %d\n", ret);
162 static BOOL SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
167 store = CertOpenStore(CERT_STORE_PROV_MSG, data->dwEncoding,
168 data->hProv, CERT_STORE_NO_CRYPT_RELEASE_FLAG, data->hMsg);
171 ret = data->psPfns->pfnAddStore2Chain(data, store);
172 CertCloseStore(store, 0);
174 TRACE("returning %d\n", ret);
178 static DWORD SOFTPUB_DecodeInnerContent(CRYPT_PROVIDER_DATA *data)
184 ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL,
188 buf = data->psPfns->pfnAlloc(size);
191 SetLastError(ERROR_OUTOFMEMORY);
195 ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, buf,
199 if (!strcmp((LPCSTR)buf, SPC_INDIRECT_DATA_OBJID))
201 data->psPfns->pfnFree(buf);
203 ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &size);
206 buf = data->psPfns->pfnAlloc(size);
209 SetLastError(ERROR_OUTOFMEMORY);
213 ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, buf, &size);
216 ret = CryptDecodeObject(data->dwEncoding,
217 SPC_INDIRECT_DATA_CONTENT_STRUCT, buf, size, 0, NULL, &size);
220 data->pPDSip->psIndirectData = data->psPfns->pfnAlloc(size);
221 if (!data->pPDSip->psIndirectData)
223 SetLastError(ERROR_OUTOFMEMORY);
227 ret = CryptDecodeObject(data->dwEncoding,
228 SPC_INDIRECT_DATA_CONTENT_STRUCT, buf, size, 0,
229 data->pPDSip->psIndirectData, &size);
233 FIXME("unimplemented for OID %s\n", (LPCSTR)buf);
234 SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN);
239 TRACE("returning %d\n", ret);
243 HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *data)
247 TRACE("(%p)\n", data);
249 if (!data->padwTrustStepErrors)
252 switch (data->pWintrustData->dwUnionChoice)
254 case WTD_CHOICE_CERT:
255 /* Do nothing!? See the tests */
258 case WTD_CHOICE_FILE:
259 if (!data->pWintrustData->pFile)
261 SetLastError(ERROR_INVALID_PARAMETER);
265 ret = SOFTPUB_OpenFile(data);
268 ret = SOFTPUB_GetFileSubject(data);
271 ret = SOFTPUB_GetSIP(data);
274 ret = SOFTPUB_GetMessageFromFile(data);
277 ret = SOFTPUB_CreateStoreFromMessage(data);
280 ret = SOFTPUB_DecodeInnerContent(data);
283 FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice);
284 SetLastError(ERROR_INVALID_PARAMETER);
290 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
292 return ret ? S_OK : S_FALSE;
295 static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data,
299 CMSG_SIGNER_INFO *signerInfo = NULL;
302 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_INFO_PARAM, signerIdx,
306 signerInfo = data->psPfns->pfnAlloc(size);
309 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_INFO_PARAM,
310 signerIdx, signerInfo, &size);
313 data->psPfns->pfnFree(signerInfo);
318 SetLastError(ERROR_OUTOFMEMORY);
323 static BOOL WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
326 CMSG_SIGNER_INFO *signerInfo = WINTRUST_GetSigner(data, signerIdx);
330 CRYPT_PROVIDER_SGNR sgnr = { sizeof(sgnr), { 0 } };
332 sgnr.psSigner = signerInfo;
333 ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr);
340 static CERT_INFO *WINTRUST_GetSignerCertInfo(CRYPT_PROVIDER_DATA *data,
344 CERT_INFO *certInfo = NULL;
347 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_CERT_INFO_PARAM, signerIdx,
351 certInfo = data->psPfns->pfnAlloc(size);
354 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_CERT_INFO_PARAM,
355 signerIdx, certInfo, &size);
358 data->psPfns->pfnFree(certInfo);
363 SetLastError(ERROR_OUTOFMEMORY);
368 static BOOL WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
371 CERT_INFO *certInfo = WINTRUST_GetSignerCertInfo(data, signerIdx);
375 CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para = { sizeof(para), 0, signerIdx,
376 CMSG_VERIFY_SIGNER_CERT, NULL };
378 para.pvSigner = (LPVOID)CertGetSubjectCertificateFromStore(
379 data->pahStores[0], data->dwEncoding, certInfo);
382 ret = CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
385 SetLastError(TRUST_E_CERT_SIGNATURE);
389 SetLastError(TRUST_E_NO_SIGNER_CERT);
392 data->psPfns->pfnFree(certInfo);
399 HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
402 DWORD signerCount, size;
404 TRACE("(%p)\n", data);
406 if (!data->padwTrustStepErrors)
409 size = sizeof(signerCount);
410 ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
411 &signerCount, &size);
416 for (i = 0; ret && i < signerCount; i++)
418 if ((ret = WINTRUST_SaveSigner(data, i)))
419 ret = WINTRUST_VerifySigner(data, i);
423 SetLastError(TRUST_E_NOSIGNATURE);
425 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
427 return ret ? S_OK : S_FALSE;
430 BOOL WINAPI SoftpubCheckCert(CRYPT_PROVIDER_DATA *data, DWORD idxSigner,
431 BOOL fCounterSignerChain, DWORD idxCounterSigner)
435 TRACE("(%p, %d, %d, %d)\n", data, idxSigner, fCounterSignerChain,
438 if (fCounterSignerChain)
440 FIXME("unimplemented for counter signers\n");
445 PCERT_SIMPLE_CHAIN simpleChain =
446 data->pasSigners[idxSigner].pChainContext->rgpChain[0];
450 for (i = 0; i < simpleChain->cElement; i++)
453 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence = 0;
454 /* The last element in the chain doesn't have an issuer, so it
455 * can't have a valid time (with respect to its issuer)
457 if (i != simpleChain->cElement - 1 &&
458 !(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
459 CERT_TRUST_IS_NOT_TIME_VALID))
460 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence
461 |= CERT_CONFIDENCE_TIME;
462 if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
463 CERT_TRUST_IS_NOT_TIME_NESTED))
464 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence
465 |= CERT_CONFIDENCE_TIMENEST;
466 if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
467 CERT_TRUST_IS_NOT_SIGNATURE_VALID))
468 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence
469 |= CERT_CONFIDENCE_SIG;
470 /* Set additional flags */
471 if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
472 CERT_TRUST_IS_UNTRUSTED_ROOT))
473 data->pasSigners[idxSigner].pasCertChain[i].fTrustedRoot = TRUE;
474 if (simpleChain->rgpElement[i]->TrustStatus.dwInfoStatus &
475 CERT_TRUST_IS_SELF_SIGNED)
476 data->pasSigners[idxSigner].pasCertChain[i].fSelfSigned = TRUE;
477 if (simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
478 CERT_TRUST_IS_CYCLIC)
479 data->pasSigners[idxSigner].pasCertChain[i].fIsCyclic = TRUE;
485 static BOOL WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
488 PCERT_SIMPLE_CHAIN simpleChain =
489 data->pasSigners[signerIdx].pChainContext->rgpChain[0];
492 data->pasSigners[signerIdx].pasCertChain[0].pChainElement =
493 simpleChain->rgpElement[0];
495 for (i = 1; ret && i < simpleChain->cElement; i++)
497 ret = data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
498 simpleChain->rgpElement[i]->pCertContext);
500 data->pasSigners[signerIdx].pasCertChain[i].pChainElement =
501 simpleChain->rgpElement[i];
506 HRESULT WINAPI WintrustCertificateTrust(CRYPT_PROVIDER_DATA *data)
510 if (!data->csSigners)
513 SetLastError(TRUST_E_NOSIGNATURE);
520 for (i = 0; i < data->csSigners; i++)
522 CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } };
525 if (data->pRequestUsage)
526 memcpy(&chainPara.RequestedUsage, data->pRequestUsage,
527 sizeof(CERT_USAGE_MATCH));
528 if (data->dwProvFlags & CPD_REVOCATION_CHECK_END_CERT)
529 flags = CERT_CHAIN_REVOCATION_CHECK_END_CERT;
530 else if (data->dwProvFlags & CPD_REVOCATION_CHECK_CHAIN)
531 flags = CERT_CHAIN_REVOCATION_CHECK_CHAIN;
532 else if (data->dwProvFlags & CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT)
533 flags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
536 /* Expect the end certificate for each signer to be the only
539 if (data->pasSigners[i].csCertChain)
541 /* Create a certificate chain for each signer */
542 ret = CertGetCertificateChain(NULL,
543 data->pasSigners[i].pasCertChain[0].pCert,
544 NULL, /* FIXME: use data->pasSigners[i].sftVerifyAsOf? */
545 data->chStores ? data->pahStores[0] : NULL,
546 &chainPara, flags, NULL, &data->pasSigners[i].pChainContext);
549 if (data->pasSigners[i].pChainContext->cChain != 1)
551 FIXME("unimplemented for more than 1 simple chain\n");
556 if ((ret = WINTRUST_CopyChain(data, i)))
557 ret = data->psPfns->pfnCertCheckPolicy(data, i,
565 data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
567 return ret ? S_OK : S_FALSE;
projects / wine / blob