2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 #include "wine/port.h"
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
39 #include "wine/debug.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
43 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
45 TRACE("(0x%p, %d, %p)\n", hinstDLL, fdwReason, lpvReserved);
48 case DLL_PROCESS_ATTACH:
49 DisableThreadLibraryCalls(hinstDLL);
51 case DLL_PROCESS_DETACH:
52 /* Do uninitialisation here */
59 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
61 static const WCHAR ldapProvOpenStore[] = { 'L','d','a','p','P','r','o','v',
62 'O','p','e','S','t','o','r','e',0 };
64 /***********************************************************************
65 * DllRegisterServer (CRYPTNET.@)
67 HRESULT WINAPI DllRegisterServer(void)
70 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
71 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
72 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
73 cryptNet, "LdapProvOpenStore");
74 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
75 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
79 /***********************************************************************
80 * DllUnregisterServer (CRYPTNET.@)
82 HRESULT WINAPI DllUnregisterServer(void)
85 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
86 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
87 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
88 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
89 CERT_STORE_PROV_LDAP_W);
93 static const char *url_oid_to_str(LPCSTR oid)
103 #define _x(oid) case LOWORD(oid): return #oid
104 _x(URL_OID_CERTIFICATE_ISSUER);
105 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
106 _x(URL_OID_CTL_ISSUER);
107 _x(URL_OID_CTL_NEXT_UPDATE);
108 _x(URL_OID_CRL_ISSUER);
109 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
110 _x(URL_OID_CRL_FRESHEST_CRL);
111 _x(URL_OID_CROSS_CERT_DIST_POINT);
114 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
120 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
121 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
123 static LPWSTR name_value_to_str(CERT_NAME_BLOB *name)
125 DWORD len = CertNameToStrW(X509_ASN_ENCODING, name, CERT_SIMPLE_NAME_STR,
131 str = CryptMemAlloc(len * sizeof(WCHAR));
133 CertNameToStrW(X509_ASN_ENCODING, name, CERT_SIMPLE_NAME_STR,
139 static void dump_alt_name_entry(CERT_ALT_NAME_ENTRY *entry)
143 switch (entry->dwAltNameChoice)
145 case CERT_ALT_NAME_OTHER_NAME:
146 TRACE("CERT_ALT_NAME_OTHER_NAME, oid = %s\n",
147 debugstr_a(entry->u.pOtherName->pszObjId));
149 case CERT_ALT_NAME_RFC822_NAME:
150 TRACE("CERT_ALT_NAME_RFC822_NAME: %s\n",
151 debugstr_w(entry->u.pwszRfc822Name));
153 case CERT_ALT_NAME_DNS_NAME:
154 TRACE("CERT_ALT_NAME_DNS_NAME: %s\n",
155 debugstr_w(entry->u.pwszDNSName));
157 case CERT_ALT_NAME_DIRECTORY_NAME:
158 str = name_value_to_str(&entry->u.DirectoryName);
159 TRACE("CERT_ALT_NAME_DIRECTORY_NAME: %s\n", debugstr_w(str));
162 case CERT_ALT_NAME_URL:
163 TRACE("CERT_ALT_NAME_URL: %s\n", debugstr_w(entry->u.pwszURL));
165 case CERT_ALT_NAME_IP_ADDRESS:
166 TRACE("CERT_ALT_NAME_IP_ADDRESS: %d bytes\n",
167 entry->u.IPAddress.cbData);
169 case CERT_ALT_NAME_REGISTERED_ID:
170 TRACE("CERT_ALT_NAME_REGISTERED_ID: %s\n",
171 debugstr_a(entry->u.pszRegisteredID));
174 TRACE("dwAltNameChoice = %d\n", entry->dwAltNameChoice);
178 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
179 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
180 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
182 PCCERT_CONTEXT cert = pvPara;
186 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
187 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
189 SetLastError(CRYPT_E_NOT_FOUND);
192 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
193 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
195 CERT_AUTHORITY_INFO_ACCESS *aia;
198 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
199 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
205 TRACE("%d access descriptions:\n", aia->cAccDescr);
206 for (i = 0; i < aia->cAccDescr; i++)
208 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
211 else if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
212 szOID_PKIX_CA_ISSUERS))
213 TRACE("CA issuers:\n");
214 dump_alt_name_entry(&aia->rgAccDescr[i].AccessLocation);
217 FIXME("authority info access unsupported\n");
218 SetLastError(CRYPT_E_NOT_FOUND);
223 SetLastError(CRYPT_E_NOT_FOUND);
227 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
228 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
229 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
231 PCCERT_CONTEXT cert = pvPara;
235 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
236 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
238 SetLastError(CRYPT_E_NOT_FOUND);
241 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
242 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
244 CRL_DIST_POINTS_INFO *info;
247 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
248 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
252 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
254 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
255 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
256 == CRL_DIST_POINT_FULL_NAME)
259 CERT_ALT_NAME_INFO *name =
260 &info->rgDistPoint[i].DistPointName.u.FullName;
262 for (j = 0; j < name->cAltEntry; j++)
263 if (name->rgAltEntry[j].dwAltNameChoice ==
266 if (name->rgAltEntry[j].u.pwszURL)
269 bytesNeeded += sizeof(LPWSTR) +
270 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
277 SetLastError(E_INVALIDARG);
281 *pcbUrlArray = bytesNeeded;
282 else if (*pcbUrlArray < bytesNeeded)
284 SetLastError(ERROR_MORE_DATA);
285 *pcbUrlArray = bytesNeeded;
292 *pcbUrlArray = bytesNeeded;
294 pUrlArray->rgwszUrl =
295 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
296 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
297 + cUrl * sizeof(LPWSTR));
298 for (i = 0; i < info->cDistPoint; i++)
299 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
300 == CRL_DIST_POINT_FULL_NAME)
303 CERT_ALT_NAME_INFO *name =
304 &info->rgDistPoint[i].DistPointName.u.FullName;
306 for (j = 0; j < name->cAltEntry; j++)
307 if (name->rgAltEntry[j].dwAltNameChoice ==
310 if (name->rgAltEntry[j].u.pwszURL)
313 name->rgAltEntry[j].u.pwszURL);
314 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
317 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
326 FIXME("url info: stub\n");
328 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
329 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
331 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
332 SetLastError(ERROR_MORE_DATA);
337 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
338 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
346 SetLastError(CRYPT_E_NOT_FOUND);
350 /***********************************************************************
351 * CryptGetObjectUrl (CRYPTNET.@)
353 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
354 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
355 DWORD *pcbUrlInfo, LPVOID pvReserved)
357 UrlDllGetObjectUrlFunc func = NULL;
358 HCRYPTOIDFUNCADDR hFunc = NULL;
361 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
362 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
364 if (!HIWORD(pszUrlOid))
366 switch (LOWORD(pszUrlOid))
368 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
369 func = CRYPT_GetUrlFromCertificateIssuer;
371 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
372 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
375 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
376 SetLastError(ERROR_FILE_NOT_FOUND);
381 static HCRYPTOIDFUNCSET set = NULL;
384 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
385 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
386 (void **)&func, &hFunc);
389 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
390 pUrlInfo, pcbUrlInfo, pvReserved);
392 CryptFreeOIDFunctionAddress(hFunc, 0);
396 /***********************************************************************
397 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
399 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
400 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
401 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
402 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
407 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
408 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
409 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
413 SetLastError(ERROR_INVALID_PARAMETER);
416 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
419 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
423 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
424 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
425 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
426 pCredentials, pvVerify, pAuxInfo);
430 SetLastError(ERROR_OUTOFMEMORY);
435 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
436 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
440 for (i = 0; i < pObject->cBlob; i++)
441 CryptMemFree(pObject->rgBlob[i].pbData);
442 CryptMemFree(pObject->rgBlob);
445 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
450 if ((ret = GetFileSizeEx(hFile, &size)))
454 WARN("file too big\n");
455 SetLastError(ERROR_INVALID_DATA);
460 CRYPT_DATA_BLOB blob;
462 blob.pbData = CryptMemAlloc(size.u.LowPart);
465 blob.cbData = size.u.LowPart;
466 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
470 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
474 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
478 SetLastError(ERROR_OUTOFMEMORY);
483 CryptMemFree(blob.pbData);
487 SetLastError(ERROR_OUTOFMEMORY);
495 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
496 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
499 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
502 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
504 ret = GetUrlCacheEntryInfoW(pszURL, NULL, &size);
505 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
507 pCacheInfo = CryptMemAlloc(size);
511 SetLastError(ERROR_OUTOFMEMORY);
513 if (ret && (ret = GetUrlCacheEntryInfoW(pszURL, pCacheInfo, &size)))
517 GetSystemTimeAsFileTime(&ft);
518 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
520 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName,
521 GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
523 if (hFile != INVALID_HANDLE_VALUE)
525 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
527 if (pAuxInfo && pAuxInfo->cbSize >=
528 offsetof(CRYPT_RETRIEVE_AUX_INFO,
529 pLastSyncTime) + sizeof(PFILETIME) &&
530 pAuxInfo->pLastSyncTime)
531 memcpy(pAuxInfo->pLastSyncTime,
532 &pCacheInfo->LastSyncTime,
539 DeleteUrlCacheEntryW(pszURL);
545 DeleteUrlCacheEntryW(pszURL);
549 CryptMemFree(pCacheInfo);
550 TRACE("returning %d\n", ret);
554 /* Parses the URL, and sets components's lpszHostName and lpszUrlPath members
555 * to NULL-terminated copies of those portions of the URL (to be freed with
558 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
562 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
564 memset(components, 0, sizeof(*components));
565 components->dwStructSize = sizeof(*components);
566 components->lpszHostName = CryptMemAlloc(MAX_PATH * sizeof(WCHAR));
567 components->dwHostNameLength = MAX_PATH;
568 components->lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
569 components->dwUrlPathLength = 2 * MAX_PATH;
570 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
573 if ((components->dwUrlPathLength == 2 * MAX_PATH - 1) ||
574 (components->dwHostNameLength == MAX_PATH - 1))
575 FIXME("Buffers are too small\n");
576 switch (components->nScheme)
578 case INTERNET_SCHEME_FTP:
579 if (!components->nPort)
580 components->nPort = INTERNET_DEFAULT_FTP_PORT;
582 case INTERNET_SCHEME_HTTP:
583 if (!components->nPort)
584 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
590 TRACE("returning %d\n", ret);
601 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
603 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
607 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
610 CryptMemFree(context);
615 context->timeout = dwTimeout;
616 context->error = ERROR_SUCCESS;
622 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
623 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
624 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
626 CRYPT_DATA_BLOB object = { 0, NULL };
627 DWORD bytesAvailable;
631 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
636 object.pbData = CryptMemRealloc(object.pbData,
637 object.cbData + bytesAvailable);
639 object.pbData = CryptMemAlloc(bytesAvailable);
642 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
644 buffer.dwBufferLength = bytesAvailable;
645 buffer.lpvBuffer = object.pbData + object.cbData;
646 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
647 (DWORD_PTR)context)))
649 if (GetLastError() == ERROR_IO_PENDING)
651 if (WaitForSingleObject(context->event,
652 context->timeout) == WAIT_TIMEOUT)
653 SetLastError(ERROR_TIMEOUT);
654 else if (context->error)
655 SetLastError(context->error);
661 object.cbData += bytesAvailable;
665 SetLastError(ERROR_OUTOFMEMORY);
670 else if (GetLastError() == ERROR_IO_PENDING)
672 if (WaitForSingleObject(context->event, context->timeout) ==
674 SetLastError(ERROR_TIMEOUT);
678 } while (ret && bytesAvailable);
681 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
682 if (!pObject->rgBlob)
684 CryptMemFree(object.pbData);
685 SetLastError(ERROR_OUTOFMEMORY);
690 pObject->rgBlob[0].cbData = object.cbData;
691 pObject->rgBlob[0].pbData = object.pbData;
695 TRACE("returning %d\n", ret);
699 /* Finds the object specified by pszURL in the cache. If it's not found,
700 * creates a new cache entry for the object and writes the object to it.
701 * Sets the expiration time of the cache entry to expires.
703 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
704 DWORD dwRetrievalFlags, FILETIME expires)
706 WCHAR cacheFileName[MAX_PATH];
708 BOOL ret, create = FALSE;
710 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
711 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
713 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
719 ret = GetUrlCacheEntryInfoW(pszURL, info, &size);
721 lstrcpyW(cacheFileName, info->lpszLocalFileName);
722 /* Check if the existing cache entry is up to date. If it isn't,
723 * overwite it with the new value.
725 GetSystemTimeAsFileTime(&ft);
726 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
735 ret = CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL,
746 HANDLE hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
747 NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
749 if (hCacheFile != INVALID_HANDLE_VALUE)
753 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
754 pObject->rgBlob[0].cbData, &bytesWritten, NULL);
755 CloseHandle(hCacheFile);
762 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
763 entryType = NORMAL_CACHE_ENTRY;
765 entryType = STICKY_CACHE_ENTRY;
766 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
767 NULL, 0, NULL, NULL);
772 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
773 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
775 struct InetContext *context = (struct InetContext *)dwContext;
776 LPINTERNET_ASYNC_RESULT result;
780 case INTERNET_STATUS_REQUEST_COMPLETE:
782 context->error = result->dwError;
783 SetEvent(context->event);
787 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
788 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
789 HINTERNET *phInt, HINTERNET *phHost)
793 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
794 components->nPort, context, pCredentials, phInt, phInt);
797 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL,
798 context ? INTERNET_FLAG_ASYNC : 0);
804 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
805 switch (components->nScheme)
807 case INTERNET_SCHEME_FTP:
808 service = INTERNET_SERVICE_FTP;
810 case INTERNET_SCHEME_HTTP:
811 service = INTERNET_SERVICE_HTTP;
816 /* FIXME: use pCredentials for username/password */
817 *phHost = InternetConnectW(*phInt, components->lpszHostName,
818 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
821 InternetCloseHandle(*phInt);
830 TRACE("returning %d\n", ret);
834 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
835 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
836 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
837 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
838 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
840 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
841 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
842 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
845 pObject->rgBlob = NULL;
846 *ppfnFreeObject = CRYPT_FreeBlob;
847 *ppvFreeContext = NULL;
851 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
852 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
853 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
854 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
856 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
857 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
859 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
860 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
861 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
862 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
864 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
865 '/','p','k','i','x','-','c','r','l',0 };
866 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
867 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
868 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
869 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
870 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
871 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
873 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
874 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
875 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
876 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
877 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
881 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
882 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
883 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
886 pObject->rgBlob = NULL;
887 *ppfnFreeObject = CRYPT_FreeBlob;
888 *ppvFreeContext = NULL;
890 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
891 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
892 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
893 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
895 URL_COMPONENTSW components;
897 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
899 HINTERNET hInt, hHost;
900 struct InetContext *context = NULL;
903 context = CRYPT_MakeInetContext(dwTimeout);
904 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
908 static LPCWSTR types[] = { x509cacert, x509emailcert,
909 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
910 pkcs7sig, pkcs7mime, NULL };
911 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
912 components.lpszUrlPath, NULL, NULL, types,
913 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
920 InternetSetOptionW(hHttp,
921 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
923 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
924 &dwTimeout, sizeof(dwTimeout));
926 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
928 if (!ret && GetLastError() == ERROR_IO_PENDING)
930 if (WaitForSingleObject(context->event,
931 context->timeout) == WAIT_TIMEOUT)
932 SetLastError(ERROR_TIMEOUT);
936 /* We don't set ret to TRUE in this block to avoid masking
937 * an error from HttpSendRequestExW.
939 if (!HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context) &&
940 GetLastError() == ERROR_IO_PENDING)
942 if (WaitForSingleObject(context->event,
943 context->timeout) == WAIT_TIMEOUT)
945 SetLastError(ERROR_TIMEOUT);
950 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
951 context, pObject, pAuxInfo);
952 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
955 DWORD len = sizeof(st);
957 if (HttpQueryInfoW(hHttp,
958 HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
963 SystemTimeToFileTime(&st, &ft);
964 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
968 InternetCloseHandle(hHttp);
970 InternetCloseHandle(hHost);
971 InternetCloseHandle(hInt);
975 CloseHandle(context->event);
976 CryptMemFree(context);
978 CryptMemFree(components.lpszUrlPath);
979 CryptMemFree(components.lpszHostName);
982 TRACE("returning %d\n", ret);
986 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
987 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
988 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
989 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
990 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
992 URL_COMPONENTSW components = { sizeof(components), 0 };
995 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
996 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
997 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1000 pObject->rgBlob = NULL;
1001 *ppfnFreeObject = CRYPT_FreeBlob;
1002 *ppvFreeContext = NULL;
1004 components.lpszUrlPath = CryptMemAlloc(MAX_PATH * 2 * sizeof(WCHAR));
1005 components.dwUrlPathLength = 2 * MAX_PATH;
1006 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1011 if (components.dwUrlPathLength == 2 * MAX_PATH - 1)
1012 FIXME("Buffers are too small\n");
1014 /* 3 == lstrlenW(L"c:") + 1 */
1015 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1020 /* Try to create the file directly - Wine handles / in pathnames */
1021 lstrcpynW(path, components.lpszUrlPath,
1022 components.dwUrlPathLength + 1);
1023 hFile = CreateFileW(path, GENERIC_READ, 0, NULL, OPEN_EXISTING,
1024 FILE_ATTRIBUTE_NORMAL, NULL);
1025 if (hFile == INVALID_HANDLE_VALUE)
1027 /* Try again on the current drive */
1028 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1031 lstrcpynW(path + 2, components.lpszUrlPath,
1032 components.dwUrlPathLength + 1);
1033 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1034 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1036 if (hFile == INVALID_HANDLE_VALUE)
1038 /* Try again on the Windows drive */
1039 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1042 lstrcpynW(path + 2, components.lpszUrlPath,
1043 components.dwUrlPathLength + 1);
1044 hFile = CreateFileW(path, GENERIC_READ, 0, NULL,
1045 OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1049 if (hFile != INVALID_HANDLE_VALUE)
1051 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1053 if (pAuxInfo && pAuxInfo->cbSize >=
1054 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1055 pLastSyncTime) + sizeof(PFILETIME) &&
1056 pAuxInfo->pLastSyncTime)
1057 GetFileTime(hFile, NULL, NULL,
1058 pAuxInfo->pLastSyncTime);
1067 CryptMemFree(components.lpszUrlPath);
1071 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1072 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1073 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1074 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1075 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1077 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1078 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1080 URL_COMPONENTSW components = { sizeof(components), 0 };
1083 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1087 components.dwSchemeLength = 1;
1088 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1091 /* Microsoft always uses CryptInitOIDFunctionSet/
1092 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1093 * reason to do so for builtin schemes.
1095 switch (components.nScheme)
1097 case INTERNET_SCHEME_FTP:
1098 *pFunc = FTP_RetrieveEncodedObjectW;
1100 case INTERNET_SCHEME_HTTP:
1101 *pFunc = HTTP_RetrieveEncodedObjectW;
1103 case INTERNET_SCHEME_FILE:
1104 *pFunc = File_RetrieveEncodedObjectW;
1108 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1109 components.dwSchemeLength, NULL, 0, NULL, NULL);
1113 LPSTR scheme = CryptMemAlloc(len);
1117 static HCRYPTOIDFUNCSET set = NULL;
1120 set = CryptInitOIDFunctionSet(
1121 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1122 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1123 components.dwSchemeLength, scheme, len, NULL, NULL);
1124 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1125 scheme, 0, (void **)pFunc, phFunc);
1126 CryptMemFree(scheme);
1130 SetLastError(ERROR_OUTOFMEMORY);
1139 TRACE("returning %d\n", ret);
1143 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1144 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1147 CRYPT_BLOB_ARRAY *context;
1150 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1151 for (i = 0; i < pObject->cBlob; i++)
1152 size += pObject->rgBlob[i].cbData;
1153 context = CryptMemAlloc(size);
1160 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1162 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1163 for (i = 0; i < pObject->cBlob; i++)
1165 memcpy(nextData, pObject->rgBlob[i].pbData,
1166 pObject->rgBlob[i].cbData);
1167 context->rgBlob[i].pbData = nextData;
1168 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1169 nextData += pObject->rgBlob[i].cbData;
1172 *ppvContext = context;
1178 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1179 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1181 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1182 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1186 if (!pObject->cBlob)
1188 SetLastError(ERROR_INVALID_DATA);
1192 else if (pObject->cBlob == 1)
1194 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1195 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1196 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1198 SetLastError(CRYPT_E_NO_MATCH);
1204 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1205 CERT_STORE_CREATE_NEW_FLAG, NULL);
1210 const void *context;
1212 for (i = 0; i < pObject->cBlob; i++)
1214 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1215 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1216 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1219 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1224 SetLastError(CRYPT_E_NO_MATCH);
1231 *ppvContext = store;
1236 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1237 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1239 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1240 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1243 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1244 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1246 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1247 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1250 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1251 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1253 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1254 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1257 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1258 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1262 if (!pObject->cBlob)
1264 SetLastError(ERROR_INVALID_DATA);
1268 else if (pObject->cBlob == 1)
1269 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1270 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1271 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1272 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1275 FIXME("multiple messages unimplemented\n");
1281 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1282 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1286 if (!pObject->cBlob)
1288 SetLastError(ERROR_INVALID_DATA);
1294 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1295 CERT_STORE_CREATE_NEW_FLAG, NULL);
1299 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1300 CERT_STORE_CREATE_NEW_FLAG, NULL);
1304 CertAddStoreToCollection(store, memStore,
1305 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1306 CertCloseStore(memStore, 0);
1310 CertCloseStore(store, 0);
1319 for (i = 0; i < pObject->cBlob; i++)
1321 DWORD contentType, expectedContentTypes =
1322 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1323 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1324 CERT_QUERY_CONTENT_FLAG_CERT |
1325 CERT_QUERY_CONTENT_FLAG_CRL |
1326 CERT_QUERY_CONTENT_FLAG_CTL;
1327 HCERTSTORE contextStore;
1328 const void *context;
1330 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1331 &pObject->rgBlob[i], expectedContentTypes,
1332 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1333 &contextStore, NULL, &context))
1335 switch (contentType)
1337 case CERT_QUERY_CONTENT_CERT:
1338 if (!CertAddCertificateContextToStore(store,
1339 context, CERT_STORE_ADD_ALWAYS, NULL))
1341 CertFreeCertificateContext(context);
1343 case CERT_QUERY_CONTENT_CRL:
1344 if (!CertAddCRLContextToStore(store,
1345 context, CERT_STORE_ADD_ALWAYS, NULL))
1347 CertFreeCRLContext(context);
1349 case CERT_QUERY_CONTENT_CTL:
1350 if (!CertAddCTLContextToStore(store,
1351 context, CERT_STORE_ADD_ALWAYS, NULL))
1353 CertFreeCTLContext(context);
1356 CertAddStoreToCollection(store, contextStore, 0, 0);
1358 CertCloseStore(contextStore, 0);
1366 *ppvContext = store;
1371 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1372 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1374 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1375 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1379 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1383 if (!HIWORD(pszObjectOid))
1385 switch (LOWORD(pszObjectOid))
1388 *pFunc = CRYPT_CreateBlob;
1390 case LOWORD(CONTEXT_OID_CERTIFICATE):
1391 *pFunc = CRYPT_CreateCert;
1393 case LOWORD(CONTEXT_OID_CRL):
1394 *pFunc = CRYPT_CreateCRL;
1396 case LOWORD(CONTEXT_OID_CTL):
1397 *pFunc = CRYPT_CreateCTL;
1399 case LOWORD(CONTEXT_OID_PKCS7):
1400 *pFunc = CRYPT_CreatePKCS7;
1402 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1403 *pFunc = CRYPT_CreateAny;
1409 static HCRYPTOIDFUNCSET set = NULL;
1412 set = CryptInitOIDFunctionSet(
1413 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1414 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1415 0, (void **)pFunc, phFunc);
1417 TRACE("returning %d\n", ret);
1421 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1422 FILETIME *expiration);
1424 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1426 PCCERT_CONTEXT cert = pvObject;
1428 *expiration = cert->pCertInfo->NotAfter;
1432 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1434 PCCRL_CONTEXT cert = pvObject;
1436 *expiration = cert->pCrlInfo->NextUpdate;
1440 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1442 PCCTL_CONTEXT cert = pvObject;
1444 *expiration = cert->pCtlInfo->NextUpdate;
1448 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1449 get_object_expiration_func *getExpiration)
1453 if (!HIWORD(pszObjectOid))
1455 switch (LOWORD(pszObjectOid))
1457 case LOWORD(CONTEXT_OID_CERTIFICATE):
1458 *getExpiration = CRYPT_GetExpirationFromCert;
1461 case LOWORD(CONTEXT_OID_CRL):
1462 *getExpiration = CRYPT_GetExpirationFromCRL;
1465 case LOWORD(CONTEXT_OID_CTL):
1466 *getExpiration = CRYPT_GetExpirationFromCTL;
1478 /***********************************************************************
1479 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1481 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1482 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1483 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1484 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1487 SchemeDllRetrieveEncodedObjectW retrieve;
1488 ContextDllCreateObjectContext create;
1489 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1491 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1492 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1493 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1497 SetLastError(ERROR_INVALID_PARAMETER);
1500 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1502 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1505 CRYPT_BLOB_ARRAY object = { 0, NULL };
1506 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1509 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1510 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1514 get_object_expiration_func getExpiration;
1516 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1517 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1518 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1522 if (getExpiration(*ppvObject, &expires))
1523 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1525 freeObject(pszObjectOid, &object, freeContext);
1529 CryptFreeOIDFunctionAddress(hCreate, 0);
1531 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1532 TRACE("returning %d\n", ret);
1536 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1538 PCCERT_CONTEXT pIssuerCert;
1540 HCERTSTORE *rgCertStore;
1541 HCERTSTORE hCrlStore;
1542 LPFILETIME pftTimeToUse;
1543 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1545 typedef struct _OLD_CERT_REVOCATION_STATUS {
1550 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1552 /***********************************************************************
1553 * CertDllVerifyRevocation (CRYPTNET.@)
1555 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1556 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1557 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1562 LPFILETIME pTime = NULL;
1564 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1565 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1567 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1568 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1570 SetLastError(E_INVALIDARG);
1575 SetLastError(E_INVALIDARG);
1578 if (pRevPara && pRevPara->cbSize >=
1579 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1580 pTime = pRevPara->pftTimeToUse;
1583 GetSystemTimeAsFileTime(&now);
1586 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1587 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1589 error = CRYPT_E_NO_REVOCATION_CHECK;
1595 for (i = 0; ret && i < cContext; i++)
1599 ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
1600 rgpvContext[i], 0, NULL, &cbUrlArray, NULL, NULL, NULL);
1601 if (!ret && GetLastError() == CRYPT_E_NOT_FOUND)
1603 error = CRYPT_E_NO_REVOCATION_CHECK;
1604 pRevStatus->dwIndex = i;
1608 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1612 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1614 ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT,
1615 rgpvContext[i], 0, urlArray, &cbUrlArray, NULL, NULL,
1617 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1618 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1619 if ((dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG) &&
1621 pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1622 dwUrlRetrievalTimeout) + sizeof(DWORD))
1624 startTime = GetTickCount();
1625 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1626 timeout = pRevPara->dwUrlRetrievalTimeout;
1629 endTime = timeout = 0;
1630 for (j = 0; ret && j < urlArray->cUrl; j++)
1634 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1635 CONTEXT_OID_CRL, retrievalFlags, timeout,
1636 (void **)&crl, NULL, NULL, NULL, NULL);
1639 if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
1641 /* The CRL isn't time valid */
1642 error = CRYPT_E_NO_REVOCATION_CHECK;
1647 PCRL_ENTRY entry = NULL;
1649 CertFindCertificateInCRL(
1650 rgpvContext[i], crl, 0, NULL,
1654 error = CRYPT_E_REVOKED;
1655 pRevStatus->dwIndex = i;
1661 DWORD time = GetTickCount();
1663 if ((int)(endTime - time) <= 0)
1665 error = ERROR_TIMEOUT;
1666 pRevStatus->dwIndex = i;
1670 timeout = endTime - time;
1672 CertFreeCRLContext(crl);
1675 error = CRYPT_E_REVOCATION_OFFLINE;
1677 CryptMemFree(urlArray);
1681 error = ERROR_OUTOFMEMORY;
1682 pRevStatus->dwIndex = i;
1687 pRevStatus->dwIndex = i;
1693 SetLastError(error);
1694 pRevStatus->dwError = error;
1696 TRACE("returning %d (%08x)\n", ret, error);
projects / wine / blob