git.oblomov.eu Git - wine/blob - dlls/crypt32/crl.c

   1 /*
   2  * Copyright 2006 Juan Lang
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  *
  18  */
  19
  20 #include <assert.h>
  21 #include <stdarg.h>
  22 #include "windef.h"
  23 #include "winbase.h"
  24 #include "wincrypt.h"
  25 #include "wine/debug.h"
  26 #include "crypt32_private.h"
  27
  28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
  29
  30 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
  31  const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
  32 {
  33     PCRL_CONTEXT crl = NULL;
  34     BOOL ret;
  35     PCRL_INFO crlInfo = NULL;
  36     DWORD size = 0;
  37
  38     TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
  39      cbCrlEncoded);
  40
  41     if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
  42     {
  43         SetLastError(E_INVALIDARG);
  44         return NULL;
  45     }
  46     ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
  47      pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
  48      &crlInfo, &size);
  49     if (ret)
  50     {
  51         BYTE *data = NULL;
  52
  53         crl = Context_CreateDataContext(sizeof(CRL_CONTEXT));
  54         if (!crl)
  55             goto end;
  56         data = CryptMemAlloc(cbCrlEncoded);
  57         if (!data)
  58         {
  59             CryptMemFree(crl);
  60             crl = NULL;
  61             goto end;
  62         }
  63         memcpy(data, pbCrlEncoded, cbCrlEncoded);
  64         crl->dwCertEncodingType = dwCertEncodingType;
  65         crl->pbCrlEncoded       = data;
  66         crl->cbCrlEncoded       = cbCrlEncoded;
  67         crl->pCrlInfo           = crlInfo;
  68         crl->hCertStore         = 0;
  69     }
  70
  71 end:
  72     return crl;
  73 }
  74
  75 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
  76  DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
  77  DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
  78 {
  79     PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
  80      pbCrlEncoded, cbCrlEncoded);
  81     BOOL ret;
  82
  83     TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
  84      pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
  85
  86     if (crl)
  87     {
  88         ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
  89          ppCrlContext);
  90         CertFreeCRLContext(crl);
  91     }
  92     else
  93         ret = FALSE;
  94     return ret;
  95 }
  96
  97 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
  98  DWORD dwFlags, const void *pvPara);
  99
 100 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 101  DWORD dwFlags, const void *pvPara)
 102 {
 103     return TRUE;
 104 }
 105
 106 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 107  DWORD dwFlags, const void *pvPara)
 108 {
 109     BOOL ret;
 110
 111     if (pvPara)
 112     {
 113         PCCERT_CONTEXT issuer = pvPara;
 114
 115         ret = CertCompareCertificateName(issuer->dwCertEncodingType,
 116          &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
 117     }
 118     else
 119         ret = TRUE;
 120     return ret;
 121 }
 122
 123 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 124  DWORD dwFlags, const void *pvPara)
 125 {
 126     BOOL ret;
 127
 128     if (pvPara)
 129     {
 130         PCCRL_CONTEXT crl = pvPara;
 131
 132         ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
 133          &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
 134     }
 135     else
 136         ret = TRUE;
 137     return ret;
 138 }
 139
 140 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
 141  DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
 142  const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
 143 {
 144     PCCRL_CONTEXT ret;
 145     CrlCompareFunc compare;
 146
 147     TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
 148          dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
 149
 150     switch (dwFindType)
 151     {
 152     case CRL_FIND_ANY:
 153         compare = compare_crl_any;
 154         break;
 155     case CRL_FIND_ISSUED_BY:
 156         compare = compare_crl_issued_by;
 157         break;
 158     case CRL_FIND_EXISTING:
 159         compare = compare_crl_existing;
 160         break;
 161     default:
 162         FIXME("find type %08x unimplemented\n", dwFindType);
 163         compare = NULL;
 164     }
 165
 166     if (compare)
 167     {
 168         BOOL matches = FALSE;
 169
 170         ret = pPrevCrlContext;
 171         do {
 172             ret = CertEnumCRLsInStore(hCertStore, ret);
 173             if (ret)
 174                 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
 175         } while (ret != NULL && !matches);
 176         if (!ret)
 177             SetLastError(CRYPT_E_NOT_FOUND);
 178     }
 179     else
 180     {
 181         SetLastError(CRYPT_E_NOT_FOUND);
 182         ret = NULL;
 183     }
 184     return ret;
 185 }
 186
 187 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
 188  PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
 189 {
 190     static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
 191      CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
 192      CERT_STORE_DELTA_CRL_FLAG;
 193     PCCRL_CONTEXT ret;
 194
 195     TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
 196      *pdwFlags);
 197
 198     if (*pdwFlags & ~supportedFlags)
 199     {
 200         SetLastError(E_INVALIDARG);
 201         return NULL;
 202     }
 203     if (pIssuerContext)
 204         ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
 205          0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
 206     else
 207         ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
 208          pPrevCrlContext);
 209     if (ret)
 210     {
 211         if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
 212         {
 213             if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
 214                 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
 215         }
 216         if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
 217         {
 218             if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
 219              CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
 220              CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
 221              NULL))
 222                 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
 223         }
 224     }
 225     return ret;
 226 }
 227
 228 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
 229 {
 230     TRACE("(%p)\n", pCrlContext);
 231     if (pCrlContext)
 232         Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
 233     return pCrlContext;
 234 }
 235
 236 static void CrlDataContext_Free(void *context)
 237 {
 238     PCRL_CONTEXT crlContext = context;
 239
 240     CryptMemFree(crlContext->pbCrlEncoded);
 241     LocalFree(crlContext->pCrlInfo);
 242 }
 243
 244 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
 245 {
 246     BOOL ret = TRUE;
 247
 248     TRACE("(%p)\n", pCrlContext);
 249
 250     if (pCrlContext)
 251         ret = Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
 252          CrlDataContext_Free);
 253     return ret;
 254 }
 255
 256 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
 257  DWORD dwPropId)
 258 {
 259     PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
 260      pCRLContext, sizeof(CRL_CONTEXT));
 261     DWORD ret;
 262
 263     TRACE("(%p, %d)\n", pCRLContext, dwPropId);
 264
 265     if (properties)
 266         ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
 267     else
 268         ret = 0;
 269     return ret;
 270 }
 271
 272 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
 273                                    DWORD dwFlags, const void *pvData);
 274
 275 static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
 276  ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
 277  DWORD *pcbData)
 278 {
 279     BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
 280      pcbData);
 281     if (ret && pvData)
 282     {
 283         CRYPT_DATA_BLOB blob = { *pcbData, pvData };
 284
 285         ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
 286     }
 287     return ret;
 288 }
 289
 290 static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
 291                                    void *pvData, DWORD *pcbData)
 292 {
 293     PCONTEXT_PROPERTY_LIST properties =
 294      Context_GetProperties(context, sizeof(CRL_CONTEXT));
 295     BOOL ret;
 296     CRYPT_DATA_BLOB blob;
 297
 298     TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
 299
 300     if (properties)
 301         ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
 302     else
 303         ret = FALSE;
 304     if (ret)
 305     {
 306         if (!pvData)
 307             *pcbData = blob.cbData;
 308         else if (*pcbData < blob.cbData)
 309         {
 310             SetLastError(ERROR_MORE_DATA);
 311             *pcbData = blob.cbData;
 312             ret = FALSE;
 313         }
 314         else
 315         {
 316             memcpy(pvData, blob.pbData, blob.cbData);
 317             *pcbData = blob.cbData;
 318         }
 319     }
 320     else
 321     {
 322         /* Implicit properties */
 323         switch (dwPropId)
 324         {
 325         case CERT_SHA1_HASH_PROP_ID:
 326             ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
 327                                          context->pbCrlEncoded, context->cbCrlEncoded, pvData,
 328              pcbData);
 329             break;
 330         case CERT_MD5_HASH_PROP_ID:
 331             ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
 332                                          context->pbCrlEncoded, context->cbCrlEncoded, pvData,
 333              pcbData);
 334             break;
 335         default:
 336             SetLastError(CRYPT_E_NOT_FOUND);
 337         }
 338     }
 339     TRACE("returning %d\n", ret);
 340     return ret;
 341 }
 342
 343 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
 344  DWORD dwPropId, void *pvData, DWORD *pcbData)
 345 {
 346     BOOL ret;
 347
 348     TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
 349
 350     switch (dwPropId)
 351     {
 352     case 0:
 353     case CERT_CERT_PROP_ID:
 354     case CERT_CRL_PROP_ID:
 355     case CERT_CTL_PROP_ID:
 356         SetLastError(E_INVALIDARG);
 357         ret = FALSE;
 358         break;
 359     case CERT_ACCESS_STATE_PROP_ID:
 360         if (!pvData)
 361         {
 362             *pcbData = sizeof(DWORD);
 363             ret = TRUE;
 364         }
 365         else if (*pcbData < sizeof(DWORD))
 366         {
 367             SetLastError(ERROR_MORE_DATA);
 368             *pcbData = sizeof(DWORD);
 369             ret = FALSE;
 370         }
 371         else
 372         {
 373             if (pCRLContext->hCertStore)
 374                 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
 375                  pvData, pcbData);
 376             else
 377                 *(DWORD *)pvData = 0;
 378             ret = TRUE;
 379         }
 380         break;
 381     default:
 382         ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
 383          pcbData);
 384     }
 385     return ret;
 386 }
 387
 388 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
 389  DWORD dwFlags, const void *pvData)
 390 {
 391     PCONTEXT_PROPERTY_LIST properties =
 392      Context_GetProperties(context, sizeof(CRL_CONTEXT));
 393     BOOL ret;
 394
 395     TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
 396
 397     if (!properties)
 398         ret = FALSE;
 399     else if (!pvData)
 400     {
 401         ContextPropertyList_RemoveProperty(properties, dwPropId);
 402         ret = TRUE;
 403     }
 404     else
 405     {
 406         switch (dwPropId)
 407         {
 408         case CERT_AUTO_ENROLL_PROP_ID:
 409         case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
 410         case CERT_DESCRIPTION_PROP_ID:
 411         case CERT_FRIENDLY_NAME_PROP_ID:
 412         case CERT_HASH_PROP_ID:
 413         case CERT_KEY_IDENTIFIER_PROP_ID:
 414         case CERT_MD5_HASH_PROP_ID:
 415         case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
 416         case CERT_PUBKEY_ALG_PARA_PROP_ID:
 417         case CERT_PVK_FILE_PROP_ID:
 418         case CERT_SIGNATURE_HASH_PROP_ID:
 419         case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
 420         case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
 421         case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
 422         case CERT_ENROLLMENT_PROP_ID:
 423         case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
 424         case CERT_RENEWAL_PROP_ID:
 425         {
 426             PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
 427
 428             ret = ContextPropertyList_SetProperty(properties, dwPropId,
 429              blob->pbData, blob->cbData);
 430             break;
 431         }
 432         case CERT_DATE_STAMP_PROP_ID:
 433             ret = ContextPropertyList_SetProperty(properties, dwPropId,
 434              pvData, sizeof(FILETIME));
 435             break;
 436         default:
 437             FIXME("%d: stub\n", dwPropId);
 438             ret = FALSE;
 439         }
 440     }
 441     TRACE("returning %d\n", ret);
 442     return ret;
 443 }
 444
 445 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
 446  DWORD dwPropId, DWORD dwFlags, const void *pvData)
 447 {
 448     BOOL ret;
 449
 450     TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
 451
 452     /* Handle special cases for "read-only"/invalid prop IDs.  Windows just
 453      * crashes on most of these, I'll be safer.
 454      */
 455     switch (dwPropId)
 456     {
 457     case 0:
 458     case CERT_ACCESS_STATE_PROP_ID:
 459     case CERT_CERT_PROP_ID:
 460     case CERT_CRL_PROP_ID:
 461     case CERT_CTL_PROP_ID:
 462         SetLastError(E_INVALIDARG);
 463         return FALSE;
 464     }
 465     ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
 466     TRACE("returning %d\n", ret);
 467     return ret;
 468 }
 469
 470 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
 471  PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
 472 {
 473     TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
 474     return TRUE;
 475 }
 476
 477 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
 478 {
 479     DWORD i;
 480     PCRL_ENTRY entry = NULL;
 481
 482     for (i = 0; !entry && i < crl->cCRLEntry; i++)
 483         if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
 484          &cert->SerialNumber))
 485             entry = &crl->rgCRLEntry[i];
 486     return entry;
 487 }
 488
 489 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
 490  PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
 491  PCRL_ENTRY *ppCrlEntry)
 492 {
 493     TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
 494      ppCrlEntry);
 495
 496     *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
 497      pCrlContext->pCrlInfo);
 498     return TRUE;
 499 }
 500
 501 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
 502  PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
 503 {
 504     DWORD i;
 505     PCRL_ENTRY entry = NULL;
 506
 507     TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
 508      rgpCrlInfo);
 509
 510     for (i = 0; !entry && i < cCrlInfo; i++)
 511         entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
 512     return entry == NULL;
 513 }
 514
 515 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
 516  PCRL_INFO pCrlInfo)
 517 {
 518     FILETIME fileTime;
 519     LONG ret;
 520
 521     if (!pTimeToVerify)
 522     {
 523         GetSystemTimeAsFileTime(&fileTime);
 524         pTimeToVerify = &fileTime;
 525     }
 526     if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
 527     {
 528         ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
 529         if (ret < 0)
 530             ret = 0;
 531     }
 532     return ret;
 533 }