2 * crypt32 Crypt*Object functions
4 * Copyright 2007 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #define NONAMELESSUNION
28 #include "crypt32_private.h"
30 #include "wine/unicode.h"
31 #include "wine/debug.h"
33 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
35 static BOOL CRYPT_ReadBlobFromFile(LPCWSTR fileName, PCERT_BLOB blob)
40 TRACE("%s\n", debugstr_w(fileName));
42 file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
43 OPEN_EXISTING, 0, NULL);
44 if (file != INVALID_HANDLE_VALUE)
47 blob->cbData = GetFileSize(file, NULL);
50 blob->pbData = CryptMemAlloc(blob->cbData);
55 ret = ReadFile(file, blob->pbData, blob->cbData, &read, NULL);
60 TRACE("returning %d\n", ret);
64 static BOOL CRYPT_QueryContextBlob(const CERT_BLOB *blob,
65 DWORD dwExpectedContentTypeFlags, HCERTSTORE store,
66 DWORD *contentType, const void **ppvContext)
70 if (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CERT)
72 ret = pCertInterface->addEncodedToStore(store, X509_ASN_ENCODING,
73 blob->pbData, blob->cbData, CERT_STORE_ADD_ALWAYS, ppvContext);
74 if (ret && contentType)
75 *contentType = CERT_QUERY_CONTENT_CERT;
77 if (!ret && (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CRL))
79 ret = pCRLInterface->addEncodedToStore(store, X509_ASN_ENCODING,
80 blob->pbData, blob->cbData, CERT_STORE_ADD_ALWAYS, ppvContext);
81 if (ret && contentType)
82 *contentType = CERT_QUERY_CONTENT_CRL;
84 if (!ret && (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CTL))
86 ret = pCTLInterface->addEncodedToStore(store, X509_ASN_ENCODING,
87 blob->pbData, blob->cbData, CERT_STORE_ADD_ALWAYS, ppvContext);
88 if (ret && contentType)
89 *contentType = CERT_QUERY_CONTENT_CTL;
94 static BOOL CRYPT_QueryContextObject(DWORD dwObjectType, const void *pvObject,
95 DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags,
96 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType,
97 HCERTSTORE *phCertStore, const void **ppvContext)
100 const CERT_BLOB *blob;
103 DWORD formatType = 0;
105 switch (dwObjectType)
107 case CERT_QUERY_OBJECT_FILE:
108 /* Cert, CRL, and CTL contexts can't be "embedded" in a file, so
109 * just read the file directly
111 ret = CRYPT_ReadBlobFromFile(pvObject, &fileBlob);
114 case CERT_QUERY_OBJECT_BLOB:
119 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
126 store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
127 CERT_STORE_CREATE_NEW_FLAG, NULL);
128 if (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BINARY)
130 ret = CRYPT_QueryContextBlob(blob, dwExpectedContentTypeFlags, store,
131 pdwContentType, ppvContext);
133 formatType = CERT_QUERY_FORMAT_BINARY;
136 (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED))
138 CRYPT_DATA_BLOB trimmed = { blob->cbData, blob->pbData };
139 CRYPT_DATA_BLOB decoded;
141 while (trimmed.cbData && !trimmed.pbData[trimmed.cbData - 1])
143 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData, trimmed.cbData,
144 CRYPT_STRING_BASE64_ANY, NULL, &decoded.cbData, NULL, NULL);
147 decoded.pbData = CryptMemAlloc(decoded.cbData);
150 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData,
151 trimmed.cbData, CRYPT_STRING_BASE64_ANY, decoded.pbData,
152 &decoded.cbData, NULL, NULL);
155 ret = CRYPT_QueryContextBlob(&decoded,
156 dwExpectedContentTypeFlags, store, pdwContentType,
159 formatType = CERT_QUERY_FORMAT_BASE64_ENCODED;
161 CryptMemFree(decoded.pbData);
169 if (pdwMsgAndCertEncodingType)
170 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
172 *pdwFormatType = formatType;
174 *phCertStore = CertDuplicateStore(store);
176 CertCloseStore(store, 0);
177 if (blob == &fileBlob)
178 CryptMemFree(blob->pbData);
179 TRACE("returning %d\n", ret);
183 static BOOL CRYPT_QuerySerializedContextObject(DWORD dwObjectType,
184 const void *pvObject, DWORD dwExpectedContentTypeFlags,
185 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
186 HCERTSTORE *phCertStore, const void **ppvContext)
189 const CERT_BLOB *blob;
190 const WINE_CONTEXT_INTERFACE *contextInterface = NULL;
195 switch (dwObjectType)
197 case CERT_QUERY_OBJECT_FILE:
198 /* Cert, CRL, and CTL contexts can't be "embedded" in a file, so
199 * just read the file directly
201 ret = CRYPT_ReadBlobFromFile(pvObject, &fileBlob);
204 case CERT_QUERY_OBJECT_BLOB:
209 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
216 context = CRYPT_ReadSerializedElement(blob->pbData, blob->cbData,
217 CERT_STORE_ALL_CONTEXT_FLAG, &contextType);
220 DWORD contentType, certStoreOffset;
225 case CERT_STORE_CERTIFICATE_CONTEXT:
226 contextInterface = pCertInterface;
227 contentType = CERT_QUERY_CONTENT_SERIALIZED_CERT;
228 certStoreOffset = offsetof(CERT_CONTEXT, hCertStore);
229 if (!(dwExpectedContentTypeFlags &
230 CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT))
232 SetLastError(ERROR_INVALID_DATA);
237 case CERT_STORE_CRL_CONTEXT:
238 contextInterface = pCRLInterface;
239 contentType = CERT_QUERY_CONTENT_SERIALIZED_CRL;
240 certStoreOffset = offsetof(CRL_CONTEXT, hCertStore);
241 if (!(dwExpectedContentTypeFlags &
242 CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL))
244 SetLastError(ERROR_INVALID_DATA);
249 case CERT_STORE_CTL_CONTEXT:
250 contextInterface = pCTLInterface;
251 contentType = CERT_QUERY_CONTENT_SERIALIZED_CTL;
252 certStoreOffset = offsetof(CTL_CONTEXT, hCertStore);
253 if (!(dwExpectedContentTypeFlags &
254 CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL))
256 SetLastError(ERROR_INVALID_DATA);
262 SetLastError(ERROR_INVALID_DATA);
266 if (pdwMsgAndCertEncodingType)
267 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
269 *pdwContentType = contentType;
271 *phCertStore = CertDuplicateStore(
272 *(HCERTSTORE *)((const BYTE *)context + certStoreOffset));
274 *ppvContext = contextInterface->duplicate(context);
278 if (contextInterface && context)
279 contextInterface->free(context);
280 if (blob == &fileBlob)
281 CryptMemFree(blob->pbData);
282 TRACE("returning %d\n", ret);
286 static BOOL CRYPT_QuerySerializedStoreFromFile(LPCWSTR fileName,
287 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
288 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
293 TRACE("%s\n", debugstr_w(fileName));
294 file = CreateFileW(fileName, GENERIC_READ, FILE_SHARE_READ, NULL,
295 OPEN_EXISTING, 0, NULL);
296 if (file != INVALID_HANDLE_VALUE)
298 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
299 CERT_STORE_CREATE_NEW_FLAG, NULL);
301 ret = CRYPT_ReadSerializedStoreFromFile(file, store);
304 if (pdwMsgAndCertEncodingType)
305 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
307 *pdwContentType = CERT_QUERY_CONTENT_SERIALIZED_STORE;
309 *phCertStore = CertDuplicateStore(store);
311 CertCloseStore(store, 0);
314 TRACE("returning %d\n", ret);
318 static BOOL CRYPT_QuerySerializedStoreFromBlob(const CRYPT_DATA_BLOB *blob,
319 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
320 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
322 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
323 CERT_STORE_CREATE_NEW_FLAG, NULL);
326 TRACE("(%d, %p)\n", blob->cbData, blob->pbData);
328 ret = CRYPT_ReadSerializedStoreFromBlob(blob, store);
331 if (pdwMsgAndCertEncodingType)
332 *pdwMsgAndCertEncodingType = X509_ASN_ENCODING;
334 *pdwContentType = CERT_QUERY_CONTENT_SERIALIZED_STORE;
336 *phCertStore = CertDuplicateStore(store);
338 CertCloseStore(store, 0);
339 TRACE("returning %d\n", ret);
343 static BOOL CRYPT_QuerySerializedStoreObject(DWORD dwObjectType,
344 const void *pvObject, DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
345 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
347 switch (dwObjectType)
349 case CERT_QUERY_OBJECT_FILE:
350 return CRYPT_QuerySerializedStoreFromFile(pvObject,
351 pdwMsgAndCertEncodingType, pdwContentType, phCertStore, phMsg);
352 case CERT_QUERY_OBJECT_BLOB:
353 return CRYPT_QuerySerializedStoreFromBlob(pvObject,
354 pdwMsgAndCertEncodingType, pdwContentType, phCertStore, phMsg);
356 FIXME("unimplemented for type %d\n", dwObjectType);
357 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
362 static BOOL CRYPT_QuerySignedMessage(const CRYPT_DATA_BLOB *blob,
363 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, HCRYPTMSG *phMsg)
365 DWORD encodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
369 if ((msg = CryptMsgOpenToDecode(encodingType, 0, 0, 0, NULL, NULL)))
371 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
374 DWORD type, len = sizeof(type);
376 ret = CryptMsgGetParam(msg, CMSG_TYPE_PARAM, 0, &type, &len);
379 if (type != CMSG_SIGNED)
381 SetLastError(ERROR_INVALID_DATA);
389 msg = CryptMsgOpenToDecode(encodingType, 0, CMSG_SIGNED, 0, NULL,
393 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
404 if (pdwMsgAndCertEncodingType)
405 *pdwMsgAndCertEncodingType = encodingType;
407 *pdwContentType = CERT_QUERY_CONTENT_PKCS7_SIGNED;
414 static BOOL CRYPT_QueryUnsignedMessage(const CRYPT_DATA_BLOB *blob,
415 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, HCRYPTMSG *phMsg)
417 DWORD encodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
421 if ((msg = CryptMsgOpenToDecode(encodingType, 0, 0, 0, NULL, NULL)))
423 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
426 DWORD type, len = sizeof(type);
428 ret = CryptMsgGetParam(msg, CMSG_TYPE_PARAM, 0, &type, &len);
431 if (type != CMSG_DATA)
433 SetLastError(ERROR_INVALID_DATA);
441 msg = CryptMsgOpenToDecode(encodingType, 0, CMSG_DATA, 0,
445 ret = CryptMsgUpdate(msg, blob->pbData, blob->cbData, TRUE);
456 if (pdwMsgAndCertEncodingType)
457 *pdwMsgAndCertEncodingType = encodingType;
459 *pdwContentType = CERT_QUERY_CONTENT_PKCS7_SIGNED;
466 /* Used to decode non-embedded messages */
467 static BOOL CRYPT_QueryMessageObject(DWORD dwObjectType, const void *pvObject,
468 DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags,
469 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType,
470 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
473 const CERT_BLOB *blob;
475 HCRYPTMSG msg = NULL;
476 DWORD encodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
477 DWORD formatType = 0;
479 TRACE("(%d, %p, %08x, %08x, %p, %p, %p, %p, %p)\n", dwObjectType, pvObject,
480 dwExpectedContentTypeFlags, dwExpectedFormatTypeFlags,
481 pdwMsgAndCertEncodingType, pdwContentType, pdwFormatType, phCertStore,
484 switch (dwObjectType)
486 case CERT_QUERY_OBJECT_FILE:
487 /* This isn't an embedded PKCS7 message, so just read the file
490 ret = CRYPT_ReadBlobFromFile(pvObject, &fileBlob);
493 case CERT_QUERY_OBJECT_BLOB:
498 SetLastError(E_INVALIDARG); /* FIXME: is this the correct error? */
505 if (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BINARY)
507 /* Try it first as a signed message */
508 if (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED)
509 ret = CRYPT_QuerySignedMessage(blob, pdwMsgAndCertEncodingType,
510 pdwContentType, &msg);
511 /* Failing that, try as an unsigned message */
513 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED))
514 ret = CRYPT_QueryUnsignedMessage(blob, pdwMsgAndCertEncodingType,
515 pdwContentType, &msg);
517 formatType = CERT_QUERY_FORMAT_BINARY;
520 (dwExpectedFormatTypeFlags & CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED))
522 CRYPT_DATA_BLOB trimmed = { blob->cbData, blob->pbData };
523 CRYPT_DATA_BLOB decoded;
525 while (trimmed.cbData && !trimmed.pbData[trimmed.cbData - 1])
527 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData, trimmed.cbData,
528 CRYPT_STRING_BASE64_ANY, NULL, &decoded.cbData, NULL, NULL);
531 decoded.pbData = CryptMemAlloc(decoded.cbData);
534 ret = CryptStringToBinaryA((LPSTR)trimmed.pbData,
535 trimmed.cbData, CRYPT_STRING_BASE64_ANY, decoded.pbData,
536 &decoded.cbData, NULL, NULL);
539 /* Try it first as a signed message */
540 if (dwExpectedContentTypeFlags &
541 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED)
542 ret = CRYPT_QuerySignedMessage(&decoded,
543 pdwMsgAndCertEncodingType, pdwContentType, &msg);
544 /* Failing that, try as an unsigned message */
545 if (!ret && (dwExpectedContentTypeFlags &
546 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED))
547 ret = CRYPT_QueryUnsignedMessage(&decoded,
548 pdwMsgAndCertEncodingType, pdwContentType, &msg);
550 formatType = CERT_QUERY_FORMAT_BASE64_ENCODED;
552 CryptMemFree(decoded.pbData);
557 if (!ret && !(blob->cbData % sizeof(WCHAR)))
559 CRYPT_DATA_BLOB decoded;
560 LPWSTR str = (LPWSTR)blob->pbData;
561 DWORD strLen = blob->cbData / sizeof(WCHAR);
563 /* Try again, assuming the input string is UTF-16 base64 */
564 while (strLen && !str[strLen - 1])
566 ret = CryptStringToBinaryW(str, strLen, CRYPT_STRING_BASE64_ANY,
567 NULL, &decoded.cbData, NULL, NULL);
570 decoded.pbData = CryptMemAlloc(decoded.cbData);
573 ret = CryptStringToBinaryW(str, strLen,
574 CRYPT_STRING_BASE64_ANY, decoded.pbData, &decoded.cbData,
578 /* Try it first as a signed message */
579 if (dwExpectedContentTypeFlags &
580 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED)
581 ret = CRYPT_QuerySignedMessage(&decoded,
582 pdwMsgAndCertEncodingType, pdwContentType, &msg);
583 /* Failing that, try as an unsigned message */
584 if (!ret && (dwExpectedContentTypeFlags &
585 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED))
586 ret = CRYPT_QueryUnsignedMessage(&decoded,
587 pdwMsgAndCertEncodingType, pdwContentType, &msg);
589 formatType = CERT_QUERY_FORMAT_BASE64_ENCODED;
591 CryptMemFree(decoded.pbData);
601 *pdwFormatType = formatType;
603 *phCertStore = CertOpenStore(CERT_STORE_PROV_MSG, encodingType, 0,
610 if (blob == &fileBlob)
611 CryptMemFree(blob->pbData);
612 TRACE("returning %d\n", ret);
616 static BOOL CRYPT_QueryEmbeddedMessageObject(DWORD dwObjectType,
617 const void *pvObject, DWORD dwExpectedContentTypeFlags,
618 DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
619 HCERTSTORE *phCertStore, HCRYPTMSG *phMsg)
625 TRACE("%s\n", debugstr_w(pvObject));
627 if (dwObjectType != CERT_QUERY_OBJECT_FILE)
629 WARN("don't know what to do for type %d embedded signed messages\n",
631 SetLastError(E_INVALIDARG);
634 file = CreateFileW(pvObject, GENERIC_READ, FILE_SHARE_READ,
635 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
636 if (file != INVALID_HANDLE_VALUE)
638 ret = CryptSIPRetrieveSubjectGuid(pvObject, file, &subject);
641 SIP_DISPATCH_INFO sip;
643 memset(&sip, 0, sizeof(sip));
644 sip.cbSize = sizeof(sip);
645 ret = CryptSIPLoad(&subject, 0, &sip);
648 SIP_SUBJECTINFO subjectInfo;
652 memset(&subjectInfo, 0, sizeof(subjectInfo));
653 subjectInfo.cbSize = sizeof(subjectInfo);
654 subjectInfo.pgSubjectType = &subject;
655 subjectInfo.hFile = file;
656 subjectInfo.pwsFileName = pvObject;
657 ret = sip.pfGet(&subjectInfo, &encodingType, 0, &blob.cbData,
661 blob.pbData = CryptMemAlloc(blob.cbData);
664 ret = sip.pfGet(&subjectInfo, &encodingType, 0,
665 &blob.cbData, blob.pbData);
668 ret = CRYPT_QueryMessageObject(
669 CERT_QUERY_OBJECT_BLOB, &blob,
670 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED,
671 CERT_QUERY_FORMAT_FLAG_BINARY,
672 pdwMsgAndCertEncodingType, NULL, NULL,
674 if (ret && pdwContentType)
675 *pdwContentType = CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED;
677 CryptMemFree(blob.pbData);
681 SetLastError(ERROR_OUTOFMEMORY);
689 TRACE("returning %d\n", ret);
693 BOOL WINAPI CryptQueryObject(DWORD dwObjectType, const void *pvObject,
694 DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags,
695 DWORD dwFlags, DWORD *pdwMsgAndCertEncodingType, DWORD *pdwContentType,
696 DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg,
697 const void **ppvContext)
699 static const DWORD unimplementedTypes =
700 CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX |
701 CERT_QUERY_CONTENT_FLAG_CERT_PAIR;
704 TRACE("(%08x, %p, %08x, %08x, %08x, %p, %p, %p, %p, %p, %p)\n",
705 dwObjectType, pvObject, dwExpectedContentTypeFlags,
706 dwExpectedFormatTypeFlags, dwFlags, pdwMsgAndCertEncodingType,
707 pdwContentType, pdwFormatType, phCertStore, phMsg, ppvContext);
709 if (dwObjectType != CERT_QUERY_OBJECT_BLOB &&
710 dwObjectType != CERT_QUERY_OBJECT_FILE)
712 WARN("unsupported type %d\n", dwObjectType);
713 SetLastError(E_INVALIDARG);
718 WARN("missing required argument\n");
719 SetLastError(E_INVALIDARG);
722 if (dwExpectedContentTypeFlags & unimplementedTypes)
723 WARN("unimplemented for types %08x\n",
724 dwExpectedContentTypeFlags & unimplementedTypes);
727 *pdwFormatType = CERT_QUERY_FORMAT_BINARY;
736 if ((dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CERT) ||
737 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CRL) ||
738 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_CTL))
740 ret = CRYPT_QueryContextObject(dwObjectType, pvObject,
741 dwExpectedContentTypeFlags, dwExpectedFormatTypeFlags,
742 pdwMsgAndCertEncodingType, pdwContentType, pdwFormatType, phCertStore,
746 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE))
748 ret = CRYPT_QuerySerializedStoreObject(dwObjectType, pvObject,
749 pdwMsgAndCertEncodingType, pdwContentType, phCertStore, phMsg);
752 ((dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT) ||
753 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL) ||
754 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL)))
756 ret = CRYPT_QuerySerializedContextObject(dwObjectType, pvObject,
757 dwExpectedContentTypeFlags, pdwMsgAndCertEncodingType, pdwContentType,
758 phCertStore, ppvContext);
761 ((dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED) ||
762 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED)))
764 ret = CRYPT_QueryMessageObject(dwObjectType, pvObject,
765 dwExpectedContentTypeFlags, dwExpectedFormatTypeFlags,
766 pdwMsgAndCertEncodingType, pdwContentType, pdwFormatType,
770 (dwExpectedContentTypeFlags & CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED))
772 ret = CRYPT_QueryEmbeddedMessageObject(dwObjectType, pvObject,
773 dwExpectedContentTypeFlags, pdwMsgAndCertEncodingType, pdwContentType,
777 SetLastError(CRYPT_E_NO_MATCH);
778 TRACE("returning %d\n", ret);
782 static BOOL WINAPI CRYPT_FormatHexString(DWORD dwCertEncodingType,
783 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
784 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
791 bytesNeeded = (cbEncoded * 3) * sizeof(WCHAR);
793 bytesNeeded = sizeof(WCHAR);
796 *pcbFormat = bytesNeeded;
799 else if (*pcbFormat < bytesNeeded)
801 *pcbFormat = bytesNeeded;
802 SetLastError(ERROR_MORE_DATA);
807 static const WCHAR fmt[] = { '%','0','2','x',' ',0 };
808 static const WCHAR endFmt[] = { '%','0','2','x',0 };
810 LPWSTR ptr = pbFormat;
812 *pcbFormat = bytesNeeded;
815 for (i = 0; i < cbEncoded; i++)
817 if (i < cbEncoded - 1)
818 ptr += sprintfW(ptr, fmt, pbEncoded[i]);
820 ptr += sprintfW(ptr, endFmt, pbEncoded[i]);
830 #define MAX_STRING_RESOURCE_LEN 128
832 static const WCHAR commaSpace[] = { ',',' ',0 };
838 WCHAR str[MAX_STRING_RESOURCE_LEN];
841 static BOOL CRYPT_FormatBits(BYTE bits, const struct BitToString *map,
842 DWORD mapEntries, void *pbFormat, DWORD *pcbFormat, BOOL *first)
844 DWORD bytesNeeded = sizeof(WCHAR);
846 BOOL ret = TRUE, localFirst = *first;
848 for (i = 0; i < mapEntries; i++)
849 if (bits & map[i].bit)
852 bytesNeeded += strlenW(commaSpace) * sizeof(WCHAR);
854 bytesNeeded += strlenW(map[i].str) * sizeof(WCHAR);
859 *pcbFormat = bytesNeeded;
861 else if (*pcbFormat < bytesNeeded)
864 *pcbFormat = bytesNeeded;
865 SetLastError(ERROR_MORE_DATA);
870 LPWSTR str = pbFormat;
873 *pcbFormat = bytesNeeded;
874 for (i = 0; i < mapEntries; i++)
875 if (bits & map[i].bit)
879 strcpyW(str, commaSpace);
880 str += strlenW(commaSpace);
883 strcpyW(str, map[i].str);
884 str += strlenW(map[i].str);
891 static struct BitToString keyUsageByte0Map[] = {
892 { CERT_DIGITAL_SIGNATURE_KEY_USAGE, IDS_DIGITAL_SIGNATURE, { 0 } },
893 { CERT_NON_REPUDIATION_KEY_USAGE, IDS_NON_REPUDIATION, { 0 } },
894 { CERT_KEY_ENCIPHERMENT_KEY_USAGE, IDS_KEY_ENCIPHERMENT, { 0 } },
895 { CERT_DATA_ENCIPHERMENT_KEY_USAGE, IDS_DATA_ENCIPHERMENT, { 0 } },
896 { CERT_KEY_AGREEMENT_KEY_USAGE, IDS_KEY_AGREEMENT, { 0 } },
897 { CERT_KEY_CERT_SIGN_KEY_USAGE, IDS_CERT_SIGN, { 0 } },
898 { CERT_OFFLINE_CRL_SIGN_KEY_USAGE, IDS_OFFLINE_CRL_SIGN, { 0 } },
899 { CERT_CRL_SIGN_KEY_USAGE, IDS_CRL_SIGN, { 0 } },
900 { CERT_ENCIPHER_ONLY_KEY_USAGE, IDS_ENCIPHER_ONLY, { 0 } },
902 static struct BitToString keyUsageByte1Map[] = {
903 { CERT_DECIPHER_ONLY_KEY_USAGE, IDS_DECIPHER_ONLY, { 0 } },
906 static BOOL WINAPI CRYPT_FormatKeyUsage(DWORD dwCertEncodingType,
907 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
908 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
912 CRYPT_BIT_BLOB *bits;
917 SetLastError(E_INVALIDARG);
920 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_KEY_USAGE,
921 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &bits, &size)))
923 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
924 DWORD bytesNeeded = sizeof(WCHAR);
926 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
927 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
928 if (!bits->cbData || bits->cbData > 2)
930 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
932 *pcbFormat = bytesNeeded;
933 else if (*pcbFormat < bytesNeeded)
935 *pcbFormat = bytesNeeded;
936 SetLastError(ERROR_MORE_DATA);
941 LPWSTR str = pbFormat;
943 *pcbFormat = bytesNeeded;
944 strcpyW(str, infoNotAvailable);
949 static BOOL stringsLoaded = FALSE;
957 i < sizeof(keyUsageByte0Map) / sizeof(keyUsageByte0Map[0]);
959 LoadStringW(hInstance, keyUsageByte0Map[i].id,
960 keyUsageByte0Map[i].str, MAX_STRING_RESOURCE_LEN);
962 i < sizeof(keyUsageByte1Map) / sizeof(keyUsageByte1Map[0]);
964 LoadStringW(hInstance, keyUsageByte1Map[i].id,
965 keyUsageByte1Map[i].str, MAX_STRING_RESOURCE_LEN);
966 stringsLoaded = TRUE;
968 CRYPT_FormatBits(bits->pbData[0], keyUsageByte0Map,
969 sizeof(keyUsageByte0Map) / sizeof(keyUsageByte0Map[0]),
970 NULL, &bitStringLen, &first);
971 bytesNeeded += bitStringLen;
972 if (bits->cbData == 2)
974 CRYPT_FormatBits(bits->pbData[1], keyUsageByte1Map,
975 sizeof(keyUsageByte1Map) / sizeof(keyUsageByte1Map[0]),
976 NULL, &bitStringLen, &first);
977 bytesNeeded += bitStringLen;
979 bytesNeeded += 3 * sizeof(WCHAR); /* " (" + ")" */
980 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
981 bits->cbData, NULL, &size);
984 *pcbFormat = bytesNeeded;
985 else if (*pcbFormat < bytesNeeded)
987 *pcbFormat = bytesNeeded;
988 SetLastError(ERROR_MORE_DATA);
993 LPWSTR str = pbFormat;
995 bitStringLen = bytesNeeded;
997 CRYPT_FormatBits(bits->pbData[0], keyUsageByte0Map,
998 sizeof(keyUsageByte0Map) / sizeof(keyUsageByte0Map[0]),
999 str, &bitStringLen, &first);
1000 str += bitStringLen / sizeof(WCHAR) - 1;
1001 if (bits->cbData == 2)
1003 bitStringLen = bytesNeeded;
1004 CRYPT_FormatBits(bits->pbData[1], keyUsageByte1Map,
1005 sizeof(keyUsageByte1Map) / sizeof(keyUsageByte1Map[0]),
1006 str, &bitStringLen, &first);
1007 str += bitStringLen / sizeof(WCHAR) - 1;
1011 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
1012 bits->cbData, str, &size);
1013 str += size / sizeof(WCHAR) - 1;
1023 static const WCHAR crlf[] = { '\r','\n',0 };
1025 static WCHAR subjectTypeHeader[MAX_STRING_RESOURCE_LEN];
1026 static WCHAR subjectTypeCA[MAX_STRING_RESOURCE_LEN];
1027 static WCHAR subjectTypeEndCert[MAX_STRING_RESOURCE_LEN];
1028 static WCHAR pathLengthHeader[MAX_STRING_RESOURCE_LEN];
1030 static BOOL WINAPI CRYPT_FormatBasicConstraints2(DWORD dwCertEncodingType,
1031 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1032 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1036 CERT_BASIC_CONSTRAINTS2_INFO *info;
1041 SetLastError(E_INVALIDARG);
1044 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BASIC_CONSTRAINTS2,
1045 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1047 static const WCHAR pathFmt[] = { '%','d',0 };
1048 static BOOL stringsLoaded = FALSE;
1049 DWORD bytesNeeded = sizeof(WCHAR); /* space for the NULL terminator */
1050 WCHAR pathLength[MAX_STRING_RESOURCE_LEN];
1051 LPCWSTR sep, subjectType;
1054 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1057 sepLen = strlenW(crlf) * sizeof(WCHAR);
1062 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
1067 LoadStringW(hInstance, IDS_SUBJECT_TYPE, subjectTypeHeader,
1068 sizeof(subjectTypeHeader) / sizeof(subjectTypeHeader[0]));
1069 LoadStringW(hInstance, IDS_SUBJECT_TYPE_CA, subjectTypeCA,
1070 sizeof(subjectTypeCA) / sizeof(subjectTypeCA[0]));
1071 LoadStringW(hInstance, IDS_SUBJECT_TYPE_END_CERT,
1073 sizeof(subjectTypeEndCert) / sizeof(subjectTypeEndCert[0]));
1074 LoadStringW(hInstance, IDS_PATH_LENGTH, pathLengthHeader,
1075 sizeof(pathLengthHeader) / sizeof(pathLengthHeader[0]));
1076 stringsLoaded = TRUE;
1078 bytesNeeded += strlenW(subjectTypeHeader) * sizeof(WCHAR);
1080 subjectType = subjectTypeCA;
1082 subjectType = subjectTypeEndCert;
1083 bytesNeeded += strlenW(subjectType) * sizeof(WCHAR);
1084 bytesNeeded += sepLen;
1085 bytesNeeded += strlenW(pathLengthHeader) * sizeof(WCHAR);
1086 if (info->fPathLenConstraint)
1087 sprintfW(pathLength, pathFmt, info->dwPathLenConstraint);
1089 LoadStringW(hInstance, IDS_PATH_LENGTH_NONE, pathLength,
1090 sizeof(pathLength) / sizeof(pathLength[0]));
1091 bytesNeeded += strlenW(pathLength) * sizeof(WCHAR);
1093 *pcbFormat = bytesNeeded;
1094 else if (*pcbFormat < bytesNeeded)
1096 *pcbFormat = bytesNeeded;
1097 SetLastError(ERROR_MORE_DATA);
1102 LPWSTR str = pbFormat;
1104 *pcbFormat = bytesNeeded;
1105 strcpyW(str, subjectTypeHeader);
1106 str += strlenW(subjectTypeHeader);
1107 strcpyW(str, subjectType);
1108 str += strlenW(subjectType);
1110 str += sepLen / sizeof(WCHAR);
1111 strcpyW(str, pathLengthHeader);
1112 str += strlenW(pathLengthHeader);
1113 strcpyW(str, pathLength);
1120 static BOOL CRYPT_FormatHexStringWithPrefix(const CRYPT_DATA_BLOB *blob, int id,
1121 LPWSTR str, DWORD *pcbStr)
1123 WCHAR buf[MAX_STRING_RESOURCE_LEN];
1127 LoadStringW(hInstance, id, buf, sizeof(buf) / sizeof(buf[0]));
1128 CRYPT_FormatHexString(X509_ASN_ENCODING, 0, 0, NULL, NULL,
1129 blob->pbData, blob->cbData, NULL, &bytesNeeded);
1130 bytesNeeded += strlenW(buf) * sizeof(WCHAR);
1133 *pcbStr = bytesNeeded;
1136 else if (*pcbStr < bytesNeeded)
1138 *pcbStr = bytesNeeded;
1139 SetLastError(ERROR_MORE_DATA);
1144 *pcbStr = bytesNeeded;
1146 str += strlenW(str);
1147 bytesNeeded -= strlenW(str) * sizeof(WCHAR);
1148 ret = CRYPT_FormatHexString(X509_ASN_ENCODING, 0, 0, NULL, NULL,
1149 blob->pbData, blob->cbData, str, &bytesNeeded);
1154 static BOOL CRYPT_FormatKeyId(const CRYPT_DATA_BLOB *keyId, LPWSTR str,
1157 return CRYPT_FormatHexStringWithPrefix(keyId, IDS_KEY_ID, str, pcbStr);
1160 static BOOL CRYPT_FormatCertSerialNumber(const CRYPT_DATA_BLOB *serialNum, LPWSTR str,
1163 return CRYPT_FormatHexStringWithPrefix(serialNum, IDS_CERT_SERIAL_NUMBER,
1167 static const WCHAR indent[] = { ' ',' ',' ',' ',' ',0 };
1168 static const WCHAR colonCrlf[] = { ':','\r','\n',0 };
1170 static BOOL CRYPT_FormatAltNameEntry(DWORD dwFormatStrType, DWORD indentLevel,
1171 const CERT_ALT_NAME_ENTRY *entry, LPWSTR str, DWORD *pcbStr)
1174 WCHAR buf[MAX_STRING_RESOURCE_LEN];
1175 WCHAR mask[MAX_STRING_RESOURCE_LEN];
1176 WCHAR ipAddrBuf[32];
1178 DWORD bytesNeeded = sizeof(WCHAR);
1179 DWORD strType = CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG;
1181 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1182 bytesNeeded += indentLevel * strlenW(indent) * sizeof(WCHAR);
1183 switch (entry->dwAltNameChoice)
1185 case CERT_ALT_NAME_RFC822_NAME:
1186 LoadStringW(hInstance, IDS_ALT_NAME_RFC822_NAME, buf,
1187 sizeof(buf) / sizeof(buf[0]));
1188 bytesNeeded += strlenW(entry->u.pwszRfc822Name) * sizeof(WCHAR);
1191 case CERT_ALT_NAME_DNS_NAME:
1192 LoadStringW(hInstance, IDS_ALT_NAME_DNS_NAME, buf,
1193 sizeof(buf) / sizeof(buf[0]));
1194 bytesNeeded += strlenW(entry->u.pwszDNSName) * sizeof(WCHAR);
1197 case CERT_ALT_NAME_DIRECTORY_NAME:
1199 DWORD directoryNameLen;
1201 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1202 strType |= CERT_NAME_STR_CRLF_FLAG;
1203 directoryNameLen = cert_name_to_str_with_indent(X509_ASN_ENCODING,
1204 indentLevel + 1, &entry->u.DirectoryName, strType, NULL, 0);
1205 LoadStringW(hInstance, IDS_ALT_NAME_DIRECTORY_NAME, buf,
1206 sizeof(buf) / sizeof(buf[0]));
1207 bytesNeeded += (directoryNameLen - 1) * sizeof(WCHAR);
1208 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1209 bytesNeeded += strlenW(colonCrlf) * sizeof(WCHAR);
1211 bytesNeeded += sizeof(WCHAR); /* '=' */
1215 case CERT_ALT_NAME_URL:
1216 LoadStringW(hInstance, IDS_ALT_NAME_URL, buf,
1217 sizeof(buf) / sizeof(buf[0]));
1218 bytesNeeded += strlenW(entry->u.pwszURL) * sizeof(WCHAR);
1221 case CERT_ALT_NAME_IP_ADDRESS:
1223 static const WCHAR ipAddrWithMaskFmt[] = { '%','d','.','%','d','.',
1224 '%','d','.','%','d','/','%','d','.','%','d','.','%','d','.','%','d',0
1226 static const WCHAR ipAddrFmt[] = { '%','d','.','%','d','.','%','d',
1229 LoadStringW(hInstance, IDS_ALT_NAME_IP_ADDRESS, buf,
1230 sizeof(buf) / sizeof(buf[0]));
1231 if (entry->u.IPAddress.cbData == 8)
1233 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1235 LoadStringW(hInstance, IDS_ALT_NAME_MASK, mask,
1236 sizeof(mask) / sizeof(mask[0]));
1237 bytesNeeded += strlenW(mask) * sizeof(WCHAR);
1238 sprintfW(ipAddrBuf, ipAddrFmt,
1239 entry->u.IPAddress.pbData[0],
1240 entry->u.IPAddress.pbData[1],
1241 entry->u.IPAddress.pbData[2],
1242 entry->u.IPAddress.pbData[3]);
1243 bytesNeeded += strlenW(ipAddrBuf) * sizeof(WCHAR);
1244 /* indent again, for the mask line */
1245 bytesNeeded += indentLevel * strlenW(indent) * sizeof(WCHAR);
1246 sprintfW(maskBuf, ipAddrFmt,
1247 entry->u.IPAddress.pbData[4],
1248 entry->u.IPAddress.pbData[5],
1249 entry->u.IPAddress.pbData[6],
1250 entry->u.IPAddress.pbData[7]);
1251 bytesNeeded += strlenW(maskBuf) * sizeof(WCHAR);
1252 bytesNeeded += strlenW(crlf) * sizeof(WCHAR);
1256 sprintfW(ipAddrBuf, ipAddrWithMaskFmt,
1257 entry->u.IPAddress.pbData[0],
1258 entry->u.IPAddress.pbData[1],
1259 entry->u.IPAddress.pbData[2],
1260 entry->u.IPAddress.pbData[3],
1261 entry->u.IPAddress.pbData[4],
1262 entry->u.IPAddress.pbData[5],
1263 entry->u.IPAddress.pbData[6],
1264 entry->u.IPAddress.pbData[7]);
1265 bytesNeeded += (strlenW(ipAddrBuf) + 1) * sizeof(WCHAR);
1271 FIXME("unknown IP address format (%d bytes)\n",
1272 entry->u.IPAddress.cbData);
1278 FIXME("unimplemented for %d\n", entry->dwAltNameChoice);
1283 bytesNeeded += strlenW(buf) * sizeof(WCHAR);
1285 *pcbStr = bytesNeeded;
1286 else if (*pcbStr < bytesNeeded)
1288 *pcbStr = bytesNeeded;
1289 SetLastError(ERROR_MORE_DATA);
1296 *pcbStr = bytesNeeded;
1297 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1299 for (i = 0; i < indentLevel; i++)
1301 strcpyW(str, indent);
1302 str += strlenW(indent);
1306 str += strlenW(str);
1307 switch (entry->dwAltNameChoice)
1309 case CERT_ALT_NAME_RFC822_NAME:
1310 case CERT_ALT_NAME_DNS_NAME:
1311 case CERT_ALT_NAME_URL:
1312 strcpyW(str, entry->u.pwszURL);
1314 case CERT_ALT_NAME_DIRECTORY_NAME:
1315 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1317 strcpyW(str, colonCrlf);
1318 str += strlenW(colonCrlf);
1322 cert_name_to_str_with_indent(X509_ASN_ENCODING,
1323 indentLevel + 1, &entry->u.DirectoryName, strType, str,
1324 bytesNeeded / sizeof(WCHAR));
1326 case CERT_ALT_NAME_IP_ADDRESS:
1327 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1329 strcpyW(str, ipAddrBuf);
1330 str += strlenW(ipAddrBuf);
1332 str += strlenW(crlf);
1333 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1335 for (i = 0; i < indentLevel; i++)
1337 strcpyW(str, indent);
1338 str += strlenW(indent);
1342 str += strlenW(mask);
1343 strcpyW(str, maskBuf);
1346 strcpyW(str, ipAddrBuf);
1354 static BOOL CRYPT_FormatAltNameInfo(DWORD dwFormatStrType, DWORD indentLevel,
1355 const CERT_ALT_NAME_INFO *name, LPWSTR str, DWORD *pcbStr)
1357 DWORD i, size, bytesNeeded = 0;
1362 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1365 sepLen = strlenW(crlf) * sizeof(WCHAR);
1370 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
1373 for (i = 0; ret && i < name->cAltEntry; i++)
1375 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, indentLevel,
1376 &name->rgAltEntry[i], NULL, &size);
1379 bytesNeeded += size - sizeof(WCHAR);
1380 if (i < name->cAltEntry - 1)
1381 bytesNeeded += sepLen;
1386 bytesNeeded += sizeof(WCHAR);
1388 *pcbStr = bytesNeeded;
1389 else if (*pcbStr < bytesNeeded)
1391 *pcbStr = bytesNeeded;
1392 SetLastError(ERROR_MORE_DATA);
1397 *pcbStr = bytesNeeded;
1398 for (i = 0; ret && i < name->cAltEntry; i++)
1400 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, indentLevel,
1401 &name->rgAltEntry[i], str, &size);
1404 str += size / sizeof(WCHAR) - 1;
1405 if (i < name->cAltEntry - 1)
1408 str += sepLen / sizeof(WCHAR);
1417 static const WCHAR colonSep[] = { ':',' ',0 };
1419 static BOOL WINAPI CRYPT_FormatAltName(DWORD dwCertEncodingType,
1420 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1421 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1425 CERT_ALT_NAME_INFO *info;
1428 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_ALTERNATE_NAME,
1429 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1431 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 0, info, pbFormat, pcbFormat);
1437 static BOOL CRYPT_FormatCertIssuer(DWORD dwFormatStrType,
1438 const CERT_ALT_NAME_INFO *issuer, LPWSTR str, DWORD *pcbStr)
1440 WCHAR buf[MAX_STRING_RESOURCE_LEN];
1441 DWORD bytesNeeded, sepLen;
1445 LoadStringW(hInstance, IDS_CERT_ISSUER, buf, sizeof(buf) / sizeof(buf[0]));
1446 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 1, issuer, NULL,
1448 bytesNeeded += strlenW(buf) * sizeof(WCHAR);
1449 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1452 sepLen = strlenW(colonCrlf) * sizeof(WCHAR);
1457 sepLen = strlenW(colonSep) * sizeof(WCHAR);
1459 bytesNeeded += sepLen;
1463 *pcbStr = bytesNeeded;
1464 else if (*pcbStr < bytesNeeded)
1466 *pcbStr = bytesNeeded;
1467 SetLastError(ERROR_MORE_DATA);
1472 *pcbStr = bytesNeeded;
1474 bytesNeeded -= strlenW(str) * sizeof(WCHAR);
1475 str += strlenW(str);
1477 str += sepLen / sizeof(WCHAR);
1478 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 1, issuer, str,
1485 static BOOL WINAPI CRYPT_FormatAuthorityKeyId2(DWORD dwCertEncodingType,
1486 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1487 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1490 CERT_AUTHORITY_KEY_ID2_INFO *info;
1496 SetLastError(E_INVALIDARG);
1499 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_AUTHORITY_KEY_ID2,
1500 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1502 DWORD bytesNeeded = sizeof(WCHAR); /* space for the NULL terminator */
1505 BOOL needSeparator = FALSE;
1507 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1510 sepLen = strlenW(crlf) * sizeof(WCHAR);
1515 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
1518 if (info->KeyId.cbData)
1520 needSeparator = TRUE;
1521 ret = CRYPT_FormatKeyId(&info->KeyId, NULL, &size);
1524 /* don't include NULL-terminator more than once */
1525 bytesNeeded += size - sizeof(WCHAR);
1528 if (info->AuthorityCertIssuer.cAltEntry)
1531 bytesNeeded += sepLen;
1532 needSeparator = TRUE;
1533 ret = CRYPT_FormatCertIssuer(dwFormatStrType,
1534 &info->AuthorityCertIssuer, NULL, &size);
1537 /* don't include NULL-terminator more than once */
1538 bytesNeeded += size - sizeof(WCHAR);
1541 if (info->AuthorityCertSerialNumber.cbData)
1544 bytesNeeded += sepLen;
1545 ret = CRYPT_FormatCertSerialNumber(
1546 &info->AuthorityCertSerialNumber, NULL, &size);
1549 /* don't include NULL-terminator more than once */
1550 bytesNeeded += size - sizeof(WCHAR);
1556 *pcbFormat = bytesNeeded;
1557 else if (*pcbFormat < bytesNeeded)
1559 *pcbFormat = bytesNeeded;
1560 SetLastError(ERROR_MORE_DATA);
1565 LPWSTR str = pbFormat;
1567 *pcbFormat = bytesNeeded;
1568 needSeparator = FALSE;
1569 if (info->KeyId.cbData)
1571 needSeparator = TRUE;
1572 /* Overestimate size available, it's already been checked
1576 ret = CRYPT_FormatKeyId(&info->KeyId, str, &size);
1578 str += size / sizeof(WCHAR) - 1;
1580 if (info->AuthorityCertIssuer.cAltEntry)
1585 str += sepLen / sizeof(WCHAR);
1587 needSeparator = TRUE;
1588 /* Overestimate size available, it's already been checked
1592 ret = CRYPT_FormatCertIssuer(dwFormatStrType,
1593 &info->AuthorityCertIssuer, str, &size);
1595 str += size / sizeof(WCHAR) - 1;
1597 if (info->AuthorityCertSerialNumber.cbData)
1602 str += sepLen / sizeof(WCHAR);
1604 /* Overestimate size available, it's already been checked
1608 ret = CRYPT_FormatCertSerialNumber(
1609 &info->AuthorityCertSerialNumber, str, &size);
1618 static WCHAR aia[MAX_STRING_RESOURCE_LEN];
1619 static WCHAR accessMethod[MAX_STRING_RESOURCE_LEN];
1620 static WCHAR ocsp[MAX_STRING_RESOURCE_LEN];
1621 static WCHAR caIssuers[MAX_STRING_RESOURCE_LEN];
1622 static WCHAR unknown[MAX_STRING_RESOURCE_LEN];
1623 static WCHAR accessLocation[MAX_STRING_RESOURCE_LEN];
1625 static BOOL WINAPI CRYPT_FormatAuthorityInfoAccess(DWORD dwCertEncodingType,
1626 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1627 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1630 CERT_AUTHORITY_INFO_ACCESS *info;
1636 SetLastError(E_INVALIDARG);
1639 if ((ret = CryptDecodeObjectEx(dwCertEncodingType,
1640 X509_AUTHORITY_INFO_ACCESS, pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG,
1641 NULL, &info, &size)))
1643 DWORD bytesNeeded = sizeof(WCHAR);
1645 if (!info->cAccDescr)
1647 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
1649 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
1650 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
1651 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
1653 *pcbFormat = bytesNeeded;
1654 else if (*pcbFormat < bytesNeeded)
1656 *pcbFormat = bytesNeeded;
1657 SetLastError(ERROR_MORE_DATA);
1662 *pcbFormat = bytesNeeded;
1663 strcpyW(pbFormat, infoNotAvailable);
1668 static const WCHAR numFmt[] = { '%','d',0 };
1669 static const WCHAR equal[] = { '=',0 };
1670 static BOOL stringsLoaded = FALSE;
1672 LPCWSTR headingSep, accessMethodSep, locationSep;
1673 WCHAR accessDescrNum[11];
1677 LoadStringW(hInstance, IDS_AIA, aia,
1678 sizeof(aia) / sizeof(aia[0]));
1679 LoadStringW(hInstance, IDS_ACCESS_METHOD, accessMethod,
1680 sizeof(accessMethod) / sizeof(accessMethod[0]));
1681 LoadStringW(hInstance, IDS_ACCESS_METHOD_OCSP, ocsp,
1682 sizeof(ocsp) / sizeof(ocsp[0]));
1683 LoadStringW(hInstance, IDS_ACCESS_METHOD_CA_ISSUERS, caIssuers,
1684 sizeof(caIssuers) / sizeof(caIssuers[0]));
1685 LoadStringW(hInstance, IDS_ACCESS_METHOD_UNKNOWN, unknown,
1686 sizeof(unknown) / sizeof(unknown[0]));
1687 LoadStringW(hInstance, IDS_ACCESS_LOCATION, accessLocation,
1688 sizeof(accessLocation) / sizeof(accessLocation[0]));
1689 stringsLoaded = TRUE;
1691 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1694 accessMethodSep = crlf;
1695 locationSep = colonCrlf;
1699 headingSep = colonSep;
1700 accessMethodSep = commaSpace;
1701 locationSep = equal;
1704 for (i = 0; ret && i < info->cAccDescr; i++)
1707 bytesNeeded += sizeof(WCHAR); /* left bracket */
1708 sprintfW(accessDescrNum, numFmt, i + 1);
1709 bytesNeeded += strlenW(accessDescrNum) * sizeof(WCHAR);
1710 bytesNeeded += sizeof(WCHAR); /* right bracket */
1711 bytesNeeded += strlenW(aia) * sizeof(WCHAR);
1712 bytesNeeded += strlenW(headingSep) * sizeof(WCHAR);
1714 bytesNeeded += strlenW(accessMethod) * sizeof(WCHAR);
1715 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1716 bytesNeeded += strlenW(indent) * sizeof(WCHAR);
1717 if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1719 bytesNeeded += strlenW(ocsp) * sizeof(WCHAR);
1720 else if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1721 szOID_PKIX_CA_ISSUERS))
1722 bytesNeeded += strlenW(caIssuers) * sizeof(caIssuers);
1724 bytesNeeded += strlenW(unknown) * sizeof(WCHAR);
1725 bytesNeeded += sizeof(WCHAR); /* space */
1726 bytesNeeded += sizeof(WCHAR); /* left paren */
1727 bytesNeeded += strlen(info->rgAccDescr[i].pszAccessMethod)
1729 bytesNeeded += sizeof(WCHAR); /* right paren */
1730 /* Delimiter between access method and location */
1731 bytesNeeded += strlenW(accessMethodSep) * sizeof(WCHAR);
1732 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1733 bytesNeeded += strlenW(indent) * sizeof(WCHAR);
1734 bytesNeeded += strlenW(accessLocation) * sizeof(WCHAR);
1735 bytesNeeded += strlenW(locationSep) * sizeof(WCHAR);
1736 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, 2,
1737 &info->rgAccDescr[i].AccessLocation, NULL, &size);
1739 bytesNeeded += size - sizeof(WCHAR);
1740 /* Need extra delimiter between access method entries */
1741 if (i < info->cAccDescr - 1)
1742 bytesNeeded += strlenW(accessMethodSep) * sizeof(WCHAR);
1747 *pcbFormat = bytesNeeded;
1748 else if (*pcbFormat < bytesNeeded)
1750 *pcbFormat = bytesNeeded;
1751 SetLastError(ERROR_MORE_DATA);
1756 LPWSTR str = pbFormat;
1757 DWORD altNameEntrySize;
1759 *pcbFormat = bytesNeeded;
1760 for (i = 0; ret && i < info->cAccDescr; i++)
1765 sprintfW(accessDescrNum, numFmt, i + 1);
1766 strcpyW(str, accessDescrNum);
1767 str += strlenW(accessDescrNum);
1770 str += strlenW(aia);
1771 strcpyW(str, headingSep);
1772 str += strlenW(headingSep);
1773 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1775 strcpyW(str, indent);
1776 str += strlenW(indent);
1778 strcpyW(str, accessMethod);
1779 str += strlenW(accessMethod);
1780 if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1784 str += strlenW(ocsp);
1786 else if (!strcmp(info->rgAccDescr[i].pszAccessMethod,
1787 szOID_PKIX_CA_ISSUERS))
1789 strcpyW(str, caIssuers);
1790 str += strlenW(caIssuers);
1794 strcpyW(str, unknown);
1795 str += strlenW(unknown);
1799 for (oidPtr = info->rgAccDescr[i].pszAccessMethod;
1800 *oidPtr; oidPtr++, str++)
1803 strcpyW(str, accessMethodSep);
1804 str += strlenW(accessMethodSep);
1805 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1807 strcpyW(str, indent);
1808 str += strlenW(indent);
1810 strcpyW(str, accessLocation);
1811 str += strlenW(accessLocation);
1812 strcpyW(str, locationSep);
1813 str += strlenW(locationSep);
1814 /* This overestimates the size available, but that
1815 * won't matter since we checked earlier whether enough
1816 * space for the entire string was available.
1818 altNameEntrySize = bytesNeeded;
1819 ret = CRYPT_FormatAltNameEntry(dwFormatStrType, 2,
1820 &info->rgAccDescr[i].AccessLocation, str,
1823 str += altNameEntrySize / sizeof(WCHAR) - 1;
1824 if (i < info->cAccDescr - 1)
1826 strcpyW(str, accessMethodSep);
1827 str += strlenW(accessMethodSep);
1838 static WCHAR keyCompromise[MAX_STRING_RESOURCE_LEN];
1839 static WCHAR caCompromise[MAX_STRING_RESOURCE_LEN];
1840 static WCHAR affiliationChanged[MAX_STRING_RESOURCE_LEN];
1841 static WCHAR superseded[MAX_STRING_RESOURCE_LEN];
1842 static WCHAR operationCeased[MAX_STRING_RESOURCE_LEN];
1843 static WCHAR certificateHold[MAX_STRING_RESOURCE_LEN];
1845 struct reason_map_entry
1851 static struct reason_map_entry reason_map[] = {
1852 { CRL_REASON_KEY_COMPROMISE_FLAG, keyCompromise, IDS_REASON_KEY_COMPROMISE },
1853 { CRL_REASON_CA_COMPROMISE_FLAG, caCompromise, IDS_REASON_CA_COMPROMISE },
1854 { CRL_REASON_AFFILIATION_CHANGED_FLAG, affiliationChanged,
1855 IDS_REASON_AFFILIATION_CHANGED },
1856 { CRL_REASON_SUPERSEDED_FLAG, superseded, IDS_REASON_SUPERSEDED },
1857 { CRL_REASON_CESSATION_OF_OPERATION_FLAG, operationCeased,
1858 IDS_REASON_CESSATION_OF_OPERATION },
1859 { CRL_REASON_CERTIFICATE_HOLD_FLAG, certificateHold,
1860 IDS_REASON_CERTIFICATE_HOLD },
1863 static BOOL CRYPT_FormatReason(DWORD dwFormatStrType,
1864 const CRYPT_BIT_BLOB *reasonFlags, LPWSTR str, DWORD *pcbStr)
1866 static const WCHAR sep[] = { ',',' ',0 };
1867 static const WCHAR bitsFmt[] = { ' ','(','%','0','2','x',')',0 };
1868 static BOOL stringsLoaded = FALSE;
1869 unsigned int i, numReasons = 0;
1871 DWORD bytesNeeded = sizeof(WCHAR);
1876 for (i = 0; i < sizeof(reason_map) / sizeof(reason_map[0]); i++)
1877 LoadStringW(hInstance, reason_map[i].id, reason_map[i].reason,
1878 MAX_STRING_RESOURCE_LEN);
1879 stringsLoaded = TRUE;
1881 /* No need to check reasonFlags->cbData, we already know it's positive.
1882 * Ignore any other bytes, as they're for undefined bits.
1884 for (i = 0; i < sizeof(reason_map) / sizeof(reason_map[0]); i++)
1886 if (reasonFlags->pbData[0] & reason_map[i].reasonBit)
1888 bytesNeeded += strlenW(reason_map[i].reason) * sizeof(WCHAR);
1890 bytesNeeded += strlenW(sep) * sizeof(WCHAR);
1893 sprintfW(bits, bitsFmt, reasonFlags->pbData[0]);
1894 bytesNeeded += strlenW(bits);
1896 *pcbStr = bytesNeeded;
1897 else if (*pcbStr < bytesNeeded)
1899 *pcbStr = bytesNeeded;
1900 SetLastError(ERROR_MORE_DATA);
1905 *pcbStr = bytesNeeded;
1906 for (i = 0; i < sizeof(reason_map) / sizeof(reason_map[0]); i++)
1908 if (reasonFlags->pbData[0] & reason_map[i].reasonBit)
1910 strcpyW(str, reason_map[i].reason);
1911 str += strlenW(reason_map[i].reason);
1912 if (i < sizeof(reason_map) / sizeof(reason_map[0]) - 1 &&
1916 str += strlenW(sep);
1925 static WCHAR crlDistPoint[MAX_STRING_RESOURCE_LEN];
1926 static WCHAR distPointName[MAX_STRING_RESOURCE_LEN];
1927 static WCHAR fullName[MAX_STRING_RESOURCE_LEN];
1928 static WCHAR rdnName[MAX_STRING_RESOURCE_LEN];
1929 static WCHAR reason[MAX_STRING_RESOURCE_LEN];
1930 static WCHAR issuer[MAX_STRING_RESOURCE_LEN];
1932 static BOOL WINAPI CRYPT_FormatCRLDistPoints(DWORD dwCertEncodingType,
1933 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
1934 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
1937 CRL_DIST_POINTS_INFO *info;
1943 SetLastError(E_INVALIDARG);
1946 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CRL_DIST_POINTS,
1947 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
1949 static const WCHAR numFmt[] = { '%','d',0 };
1950 static const WCHAR colon[] = { ':',0 };
1951 static BOOL stringsLoaded = FALSE;
1952 DWORD bytesNeeded = sizeof(WCHAR); /* space for NULL terminator */
1953 BOOL haveAnEntry = FALSE;
1954 LPCWSTR headingSep, nameSep;
1955 WCHAR distPointNum[11];
1960 LoadStringW(hInstance, IDS_CRL_DIST_POINT, crlDistPoint,
1961 sizeof(crlDistPoint) / sizeof(crlDistPoint[0]));
1962 LoadStringW(hInstance, IDS_CRL_DIST_POINT_NAME, distPointName,
1963 sizeof(distPointName) / sizeof(distPointName[0]));
1964 LoadStringW(hInstance, IDS_CRL_DIST_POINT_FULL_NAME, fullName,
1965 sizeof(fullName) / sizeof(fullName[0]));
1966 LoadStringW(hInstance, IDS_CRL_DIST_POINT_RDN_NAME, rdnName,
1967 sizeof(rdnName) / sizeof(rdnName[0]));
1968 LoadStringW(hInstance, IDS_CRL_DIST_POINT_REASON, reason,
1969 sizeof(reason) / sizeof(reason[0]));
1970 LoadStringW(hInstance, IDS_CRL_DIST_POINT_ISSUER, issuer,
1971 sizeof(issuer) / sizeof(issuer[0]));
1972 stringsLoaded = TRUE;
1974 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
1977 nameSep = colonCrlf;
1981 headingSep = colonSep;
1985 for (i = 0; ret && i < info->cDistPoint; i++)
1987 CRL_DIST_POINT *distPoint = &info->rgDistPoint[i];
1989 if (distPoint->DistPointName.dwDistPointNameChoice !=
1990 CRL_DIST_POINT_NO_NAME)
1992 bytesNeeded += strlenW(distPointName) * sizeof(WCHAR);
1993 bytesNeeded += strlenW(nameSep) * sizeof(WCHAR);
1994 if (distPoint->DistPointName.dwDistPointNameChoice ==
1995 CRL_DIST_POINT_FULL_NAME)
1996 bytesNeeded += strlenW(fullName) * sizeof(WCHAR);
1998 bytesNeeded += strlenW(rdnName) * sizeof(WCHAR);
1999 bytesNeeded += strlenW(nameSep) * sizeof(WCHAR);
2000 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2001 bytesNeeded += 2 * strlenW(indent) * sizeof(WCHAR);
2002 /* The indent level (3) is higher than when used as the issuer,
2003 * because the name is subordinate to the name type (full vs.
2006 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 3,
2007 &distPoint->DistPointName.u.FullName, NULL, &size);
2009 bytesNeeded += size - sizeof(WCHAR);
2012 else if (distPoint->ReasonFlags.cbData)
2014 bytesNeeded += strlenW(reason) * sizeof(WCHAR);
2015 ret = CRYPT_FormatReason(dwFormatStrType,
2016 &distPoint->ReasonFlags, NULL, &size);
2018 bytesNeeded += size - sizeof(WCHAR);
2021 else if (distPoint->CRLIssuer.cAltEntry)
2023 bytesNeeded += strlenW(issuer) * sizeof(WCHAR);
2024 bytesNeeded += strlenW(nameSep) * sizeof(WCHAR);
2025 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 2,
2026 &distPoint->CRLIssuer, NULL, &size);
2028 bytesNeeded += size - sizeof(WCHAR);
2033 bytesNeeded += sizeof(WCHAR); /* left bracket */
2034 sprintfW(distPointNum, numFmt, i + 1);
2035 bytesNeeded += strlenW(distPointNum) * sizeof(WCHAR);
2036 bytesNeeded += sizeof(WCHAR); /* right bracket */
2037 bytesNeeded += strlenW(crlDistPoint) * sizeof(WCHAR);
2038 bytesNeeded += strlenW(headingSep) * sizeof(WCHAR);
2039 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2040 bytesNeeded += strlenW(indent) * sizeof(WCHAR);
2045 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
2047 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
2048 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
2049 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
2051 *pcbFormat = bytesNeeded;
2052 else if (*pcbFormat < bytesNeeded)
2054 *pcbFormat = bytesNeeded;
2055 SetLastError(ERROR_MORE_DATA);
2060 *pcbFormat = bytesNeeded;
2061 strcpyW(pbFormat, infoNotAvailable);
2067 *pcbFormat = bytesNeeded;
2068 else if (*pcbFormat < bytesNeeded)
2070 *pcbFormat = bytesNeeded;
2071 SetLastError(ERROR_MORE_DATA);
2076 LPWSTR str = pbFormat;
2078 *pcbFormat = bytesNeeded;
2079 for (i = 0; ret && i < info->cDistPoint; i++)
2081 CRL_DIST_POINT *distPoint = &info->rgDistPoint[i];
2084 sprintfW(distPointNum, numFmt, i + 1);
2085 strcpyW(str, distPointNum);
2086 str += strlenW(distPointNum);
2088 strcpyW(str, crlDistPoint);
2089 str += strlenW(crlDistPoint);
2090 strcpyW(str, headingSep);
2091 str += strlenW(headingSep);
2092 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2094 strcpyW(str, indent);
2095 str += strlenW(indent);
2097 if (distPoint->DistPointName.dwDistPointNameChoice !=
2098 CRL_DIST_POINT_NO_NAME)
2100 DWORD altNameSize = bytesNeeded;
2102 strcpyW(str, distPointName);
2103 str += strlenW(distPointName);
2104 strcpyW(str, nameSep);
2105 str += strlenW(nameSep);
2106 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2108 strcpyW(str, indent);
2109 str += strlenW(indent);
2110 strcpyW(str, indent);
2111 str += strlenW(indent);
2113 if (distPoint->DistPointName.dwDistPointNameChoice ==
2114 CRL_DIST_POINT_FULL_NAME)
2116 strcpyW(str, fullName);
2117 str += strlenW(fullName);
2121 strcpyW(str, rdnName);
2122 str += strlenW(rdnName);
2124 strcpyW(str, nameSep);
2125 str += strlenW(nameSep);
2126 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 3,
2127 &distPoint->DistPointName.u.FullName, str,
2130 str += altNameSize / sizeof(WCHAR) - 1;
2132 else if (distPoint->ReasonFlags.cbData)
2134 DWORD reasonSize = bytesNeeded;
2136 strcpyW(str, reason);
2137 str += strlenW(reason);
2138 ret = CRYPT_FormatReason(dwFormatStrType,
2139 &distPoint->ReasonFlags, str, &reasonSize);
2141 str += reasonSize / sizeof(WCHAR) - 1;
2143 else if (distPoint->CRLIssuer.cAltEntry)
2145 DWORD crlIssuerSize = bytesNeeded;
2147 strcpyW(str, issuer);
2148 str += strlenW(issuer);
2149 strcpyW(str, nameSep);
2150 str += strlenW(nameSep);
2151 ret = CRYPT_FormatAltNameInfo(dwFormatStrType, 2,
2152 &distPoint->CRLIssuer, str,
2155 str += crlIssuerSize / sizeof(WCHAR) - 1;
2165 static BOOL WINAPI CRYPT_FormatEnhancedKeyUsage(DWORD dwCertEncodingType,
2166 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2167 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2170 CERT_ENHKEY_USAGE *usage;
2176 SetLastError(E_INVALIDARG);
2179 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_ENHANCED_KEY_USAGE,
2180 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &usage, &size)))
2182 WCHAR unknown[MAX_STRING_RESOURCE_LEN];
2184 DWORD bytesNeeded = sizeof(WCHAR); /* space for the NULL terminator */
2188 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2191 sepLen = strlenW(crlf) * sizeof(WCHAR);
2196 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
2199 LoadStringW(hInstance, IDS_USAGE_UNKNOWN, unknown,
2200 sizeof(unknown) / sizeof(unknown[0]));
2201 for (i = 0; i < usage->cUsageIdentifier; i++)
2203 PCCRYPT_OID_INFO info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2204 usage->rgpszUsageIdentifier[i], CRYPT_ENHKEY_USAGE_OID_GROUP_ID);
2207 bytesNeeded += strlenW(info->pwszName) * sizeof(WCHAR);
2209 bytesNeeded += strlenW(unknown) * sizeof(WCHAR);
2210 bytesNeeded += sizeof(WCHAR); /* space */
2211 bytesNeeded += sizeof(WCHAR); /* left paren */
2212 bytesNeeded += strlen(usage->rgpszUsageIdentifier[i]) *
2214 bytesNeeded += sizeof(WCHAR); /* right paren */
2215 if (i < usage->cUsageIdentifier - 1)
2216 bytesNeeded += sepLen;
2219 *pcbFormat = bytesNeeded;
2220 else if (*pcbFormat < bytesNeeded)
2222 *pcbFormat = bytesNeeded;
2223 SetLastError(ERROR_MORE_DATA);
2228 LPWSTR str = pbFormat;
2230 *pcbFormat = bytesNeeded;
2231 for (i = 0; i < usage->cUsageIdentifier; i++)
2233 PCCRYPT_OID_INFO info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
2234 usage->rgpszUsageIdentifier[i],
2235 CRYPT_ENHKEY_USAGE_OID_GROUP_ID);
2240 strcpyW(str, info->pwszName);
2241 str += strlenW(info->pwszName);
2245 strcpyW(str, unknown);
2246 str += strlenW(unknown);
2250 for (oidPtr = usage->rgpszUsageIdentifier[i]; *oidPtr; oidPtr++)
2254 if (i < usage->cUsageIdentifier - 1)
2257 str += sepLen / sizeof(WCHAR);
2266 static struct BitToString netscapeCertTypeMap[] = {
2267 { NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE, IDS_NETSCAPE_SSL_CLIENT, { 0 } },
2268 { NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE, IDS_NETSCAPE_SSL_SERVER, { 0 } },
2269 { NETSCAPE_SMIME_CERT_TYPE, IDS_NETSCAPE_SMIME, { 0 } },
2270 { NETSCAPE_SIGN_CERT_TYPE, IDS_NETSCAPE_SIGN, { 0 } },
2271 { NETSCAPE_SSL_CA_CERT_TYPE, IDS_NETSCAPE_SSL_CA, { 0 } },
2272 { NETSCAPE_SMIME_CA_CERT_TYPE, IDS_NETSCAPE_SMIME_CA, { 0 } },
2273 { NETSCAPE_SIGN_CA_CERT_TYPE, IDS_NETSCAPE_SIGN_CA, { 0 } },
2276 static BOOL WINAPI CRYPT_FormatNetscapeCertType(DWORD dwCertEncodingType,
2277 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2278 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2282 CRYPT_BIT_BLOB *bits;
2287 SetLastError(E_INVALIDARG);
2290 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_BITS,
2291 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &bits, &size)))
2293 WCHAR infoNotAvailable[MAX_STRING_RESOURCE_LEN];
2294 DWORD bytesNeeded = sizeof(WCHAR);
2296 LoadStringW(hInstance, IDS_INFO_NOT_AVAILABLE, infoNotAvailable,
2297 sizeof(infoNotAvailable) / sizeof(infoNotAvailable[0]));
2298 if (!bits->cbData || bits->cbData > 1)
2300 bytesNeeded += strlenW(infoNotAvailable) * sizeof(WCHAR);
2302 *pcbFormat = bytesNeeded;
2303 else if (*pcbFormat < bytesNeeded)
2305 *pcbFormat = bytesNeeded;
2306 SetLastError(ERROR_MORE_DATA);
2311 LPWSTR str = pbFormat;
2313 *pcbFormat = bytesNeeded;
2314 strcpyW(str, infoNotAvailable);
2319 static BOOL stringsLoaded = FALSE;
2326 for (i = 0; i < sizeof(netscapeCertTypeMap) /
2327 sizeof(netscapeCertTypeMap[0]); i++)
2328 LoadStringW(hInstance, netscapeCertTypeMap[i].id,
2329 netscapeCertTypeMap[i].str, MAX_STRING_RESOURCE_LEN);
2330 stringsLoaded = TRUE;
2332 CRYPT_FormatBits(bits->pbData[0], netscapeCertTypeMap,
2333 sizeof(netscapeCertTypeMap) / sizeof(netscapeCertTypeMap[0]),
2334 NULL, &bitStringLen, &first);
2335 bytesNeeded += bitStringLen;
2336 bytesNeeded += 3 * sizeof(WCHAR); /* " (" + ")" */
2337 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
2338 bits->cbData, NULL, &size);
2339 bytesNeeded += size;
2341 *pcbFormat = bytesNeeded;
2342 else if (*pcbFormat < bytesNeeded)
2344 *pcbFormat = bytesNeeded;
2345 SetLastError(ERROR_MORE_DATA);
2350 LPWSTR str = pbFormat;
2352 bitStringLen = bytesNeeded;
2354 CRYPT_FormatBits(bits->pbData[0], netscapeCertTypeMap,
2355 sizeof(netscapeCertTypeMap) / sizeof(netscapeCertTypeMap[0]),
2356 str, &bitStringLen, &first);
2357 str += bitStringLen / sizeof(WCHAR) - 1;
2360 CRYPT_FormatHexString(0, 0, 0, NULL, NULL, bits->pbData,
2361 bits->cbData, str, &size);
2362 str += size / sizeof(WCHAR) - 1;
2372 static WCHAR financialCriteria[MAX_STRING_RESOURCE_LEN];
2373 static WCHAR available[MAX_STRING_RESOURCE_LEN];
2374 static WCHAR notAvailable[MAX_STRING_RESOURCE_LEN];
2375 static WCHAR meetsCriteria[MAX_STRING_RESOURCE_LEN];
2376 static WCHAR yes[MAX_STRING_RESOURCE_LEN];
2377 static WCHAR no[MAX_STRING_RESOURCE_LEN];
2379 static BOOL WINAPI CRYPT_FormatSpcFinancialCriteria(DWORD dwCertEncodingType,
2380 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2381 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2384 SPC_FINANCIAL_CRITERIA criteria;
2385 DWORD size = sizeof(criteria);
2390 SetLastError(E_INVALIDARG);
2393 if ((ret = CryptDecodeObjectEx(dwCertEncodingType,
2394 SPC_FINANCIAL_CRITERIA_STRUCT, pbEncoded, cbEncoded, 0, NULL, &criteria,
2397 static BOOL stringsLoaded = FALSE;
2398 DWORD bytesNeeded = sizeof(WCHAR);
2404 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA, financialCriteria,
2405 sizeof(financialCriteria) / sizeof(financialCriteria[0]));
2406 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA_AVAILABLE, available,
2407 sizeof(available) / sizeof(available[0]));
2408 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA_NOT_AVAILABLE,
2409 notAvailable, sizeof(notAvailable) / sizeof(notAvailable[0]));
2410 LoadStringW(hInstance, IDS_FINANCIAL_CRITERIA_MEETS_CRITERIA,
2411 meetsCriteria, sizeof(meetsCriteria) / sizeof(meetsCriteria[0]));
2412 LoadStringW(hInstance, IDS_YES, yes, sizeof(yes) / sizeof(yes[0]));
2413 LoadStringW(hInstance, IDS_NO, no, sizeof(no) / sizeof(no[0]));
2414 stringsLoaded = TRUE;
2416 if (dwFormatStrType & CRYPT_FORMAT_STR_MULTI_LINE)
2419 sepLen = strlenW(crlf) * sizeof(WCHAR);
2424 sepLen = strlenW(commaSpace) * sizeof(WCHAR);
2426 bytesNeeded += strlenW(financialCriteria) * sizeof(WCHAR);
2427 if (criteria.fFinancialInfoAvailable)
2429 bytesNeeded += strlenW(available) * sizeof(WCHAR);
2430 bytesNeeded += sepLen;
2431 bytesNeeded += strlenW(meetsCriteria) * sizeof(WCHAR);
2432 if (criteria.fMeetsCriteria)
2433 bytesNeeded += strlenW(yes) * sizeof(WCHAR);
2435 bytesNeeded += strlenW(no) * sizeof(WCHAR);
2438 bytesNeeded += strlenW(notAvailable) * sizeof(WCHAR);
2440 *pcbFormat = bytesNeeded;
2441 else if (*pcbFormat < bytesNeeded)
2443 *pcbFormat = bytesNeeded;
2444 SetLastError(ERROR_MORE_DATA);
2449 LPWSTR str = pbFormat;
2451 *pcbFormat = bytesNeeded;
2452 strcpyW(str, financialCriteria);
2453 str += strlenW(financialCriteria);
2454 if (criteria.fFinancialInfoAvailable)
2456 strcpyW(str, available);
2457 str += strlenW(available);
2459 str += sepLen / sizeof(WCHAR);
2460 strcpyW(str, meetsCriteria);
2461 str += strlenW(meetsCriteria);
2462 if (criteria.fMeetsCriteria)
2469 strcpyW(str, notAvailable);
2476 static BOOL WINAPI CRYPT_FormatUnicodeString(DWORD dwCertEncodingType,
2477 DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct,
2478 LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat,
2481 CERT_NAME_VALUE *value;
2487 SetLastError(E_INVALIDARG);
2490 if ((ret = CryptDecodeObjectEx(dwCertEncodingType, X509_UNICODE_ANY_STRING,
2491 pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL, &value, &size)))
2494 *pcbFormat = value->Value.cbData;
2495 else if (*pcbFormat < value->Value.cbData)
2497 *pcbFormat = value->Value.cbData;
2498 SetLastError(ERROR_MORE_DATA);
2503 LPWSTR str = pbFormat;
2505 *pcbFormat = value->Value.cbData;
2506 strcpyW(str, (LPWSTR)value->Value.pbData);
2512 typedef BOOL (WINAPI *CryptFormatObjectFunc)(DWORD, DWORD, DWORD, void *,
2513 LPCSTR, const BYTE *, DWORD, void *, DWORD *);
2515 static CryptFormatObjectFunc CRYPT_GetBuiltinFormatFunction(DWORD encodingType,
2516 DWORD formatStrType, LPCSTR lpszStructType)
2518 CryptFormatObjectFunc format = NULL;
2520 if ((encodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
2522 SetLastError(ERROR_FILE_NOT_FOUND);
2525 if (IS_INTOID(lpszStructType))
2527 switch (LOWORD(lpszStructType))
2529 case LOWORD(X509_KEY_USAGE):
2530 format = CRYPT_FormatKeyUsage;
2532 case LOWORD(X509_ALTERNATE_NAME):
2533 format = CRYPT_FormatAltName;
2535 case LOWORD(X509_BASIC_CONSTRAINTS2):
2536 format = CRYPT_FormatBasicConstraints2;
2538 case LOWORD(X509_AUTHORITY_KEY_ID2):
2539 format = CRYPT_FormatAuthorityKeyId2;
2541 case LOWORD(X509_AUTHORITY_INFO_ACCESS):
2542 format = CRYPT_FormatAuthorityInfoAccess;
2544 case LOWORD(X509_CRL_DIST_POINTS):
2545 format = CRYPT_FormatCRLDistPoints;
2547 case LOWORD(X509_ENHANCED_KEY_USAGE):
2548 format = CRYPT_FormatEnhancedKeyUsage;
2550 case LOWORD(SPC_FINANCIAL_CRITERIA_STRUCT):
2551 format = CRYPT_FormatSpcFinancialCriteria;
2555 else if (!strcmp(lpszStructType, szOID_SUBJECT_ALT_NAME))
2556 format = CRYPT_FormatAltName;
2557 else if (!strcmp(lpszStructType, szOID_ISSUER_ALT_NAME))
2558 format = CRYPT_FormatAltName;
2559 else if (!strcmp(lpszStructType, szOID_KEY_USAGE))
2560 format = CRYPT_FormatKeyUsage;
2561 else if (!strcmp(lpszStructType, szOID_SUBJECT_ALT_NAME2))
2562 format = CRYPT_FormatAltName;
2563 else if (!strcmp(lpszStructType, szOID_ISSUER_ALT_NAME2))
2564 format = CRYPT_FormatAltName;
2565 else if (!strcmp(lpszStructType, szOID_BASIC_CONSTRAINTS2))
2566 format = CRYPT_FormatBasicConstraints2;
2567 else if (!strcmp(lpszStructType, szOID_AUTHORITY_INFO_ACCESS))
2568 format = CRYPT_FormatAuthorityInfoAccess;
2569 else if (!strcmp(lpszStructType, szOID_AUTHORITY_KEY_IDENTIFIER2))
2570 format = CRYPT_FormatAuthorityKeyId2;
2571 else if (!strcmp(lpszStructType, szOID_CRL_DIST_POINTS))
2572 format = CRYPT_FormatCRLDistPoints;
2573 else if (!strcmp(lpszStructType, szOID_ENHANCED_KEY_USAGE))
2574 format = CRYPT_FormatEnhancedKeyUsage;
2575 else if (!strcmp(lpszStructType, szOID_NETSCAPE_CERT_TYPE))
2576 format = CRYPT_FormatNetscapeCertType;
2577 else if (!strcmp(lpszStructType, szOID_NETSCAPE_BASE_URL) ||
2578 !strcmp(lpszStructType, szOID_NETSCAPE_REVOCATION_URL) ||
2579 !strcmp(lpszStructType, szOID_NETSCAPE_CA_REVOCATION_URL) ||
2580 !strcmp(lpszStructType, szOID_NETSCAPE_CERT_RENEWAL_URL) ||
2581 !strcmp(lpszStructType, szOID_NETSCAPE_CA_POLICY_URL) ||
2582 !strcmp(lpszStructType, szOID_NETSCAPE_SSL_SERVER_NAME) ||
2583 !strcmp(lpszStructType, szOID_NETSCAPE_COMMENT))
2584 format = CRYPT_FormatUnicodeString;
2585 else if (!strcmp(lpszStructType, SPC_FINANCIAL_CRITERIA_OBJID))
2586 format = CRYPT_FormatSpcFinancialCriteria;
2590 BOOL WINAPI CryptFormatObject(DWORD dwCertEncodingType, DWORD dwFormatType,
2591 DWORD dwFormatStrType, void *pFormatStruct, LPCSTR lpszStructType,
2592 const BYTE *pbEncoded, DWORD cbEncoded, void *pbFormat, DWORD *pcbFormat)
2594 CryptFormatObjectFunc format = NULL;
2595 HCRYPTOIDFUNCADDR hFunc = NULL;
2598 TRACE("(%08x, %d, %08x, %p, %s, %p, %d, %p, %p)\n", dwCertEncodingType,
2599 dwFormatType, dwFormatStrType, pFormatStruct, debugstr_a(lpszStructType),
2600 pbEncoded, cbEncoded, pbFormat, pcbFormat);
2602 if (!(format = CRYPT_GetBuiltinFormatFunction(dwCertEncodingType,
2603 dwFormatStrType, lpszStructType)))
2605 static HCRYPTOIDFUNCSET set = NULL;
2608 set = CryptInitOIDFunctionSet(CRYPT_OID_FORMAT_OBJECT_FUNC, 0);
2609 CryptGetOIDFunctionAddress(set, dwCertEncodingType, lpszStructType, 0,
2610 (void **)&format, &hFunc);
2612 if (!format && (dwCertEncodingType & CERT_ENCODING_TYPE_MASK) ==
2613 X509_ASN_ENCODING && !(dwFormatStrType & CRYPT_FORMAT_STR_NO_HEX))
2614 format = CRYPT_FormatHexString;
2616 ret = format(dwCertEncodingType, dwFormatType, dwFormatStrType,
2617 pFormatStruct, lpszStructType, pbEncoded, cbEncoded, pbFormat,
2620 CryptFreeOIDFunctionAddress(hFunc, 0);