2 * Copyright (C) 2006 Maarten Lankhorst
3 * Copyright 2007 Juan Lang
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 #include "wine/port.h"
24 #define NONAMELESSUNION
25 #define NONAMELESSSTRUCT
26 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
39 #include "wine/debug.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(cryptnet);
43 #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
45 static const WCHAR cryptNet[] = { 'c','r','y','p','t','n','e','t','.',
48 /***********************************************************************
49 * DllRegisterServer (CRYPTNET.@)
51 HRESULT WINAPI DllRegisterServer(void)
54 CryptRegisterDefaultOIDFunction(X509_ASN_ENCODING,
55 CRYPT_OID_VERIFY_REVOCATION_FUNC, 0, cryptNet);
56 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap",
57 cryptNet, "LdapProvOpenStore");
58 CryptRegisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
59 CERT_STORE_PROV_LDAP_W, cryptNet, "LdapProvOpenStore");
63 /***********************************************************************
64 * DllUnregisterServer (CRYPTNET.@)
66 HRESULT WINAPI DllUnregisterServer(void)
69 CryptUnregisterDefaultOIDFunction(X509_ASN_ENCODING,
70 CRYPT_OID_VERIFY_REVOCATION_FUNC, cryptNet);
71 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC, "Ldap");
72 CryptUnregisterOIDFunction(0, CRYPT_OID_OPEN_STORE_PROV_FUNC,
73 CERT_STORE_PROV_LDAP_W);
77 static const char *url_oid_to_str(LPCSTR oid)
85 #define _x(oid) case LOWORD(oid): return #oid
86 _x(URL_OID_CERTIFICATE_ISSUER);
87 _x(URL_OID_CERTIFICATE_CRL_DIST_POINT);
88 _x(URL_OID_CTL_ISSUER);
89 _x(URL_OID_CTL_NEXT_UPDATE);
90 _x(URL_OID_CRL_ISSUER);
91 _x(URL_OID_CERTIFICATE_FRESHEST_CRL);
92 _x(URL_OID_CRL_FRESHEST_CRL);
93 _x(URL_OID_CROSS_CERT_DIST_POINT);
96 snprintf(buf, sizeof(buf), "%d", LOWORD(oid));
104 typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD,
105 PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID);
107 static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid,
108 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
109 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
111 PCCERT_CONTEXT cert = pvPara;
115 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
116 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
118 SetLastError(CRYPT_E_NOT_FOUND);
121 if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
122 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
124 CERT_AUTHORITY_INFO_ACCESS *aia;
127 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
128 ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
132 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
134 for (i = 0, cUrl = 0; i < aia->cAccDescr; i++)
135 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
136 szOID_PKIX_CA_ISSUERS))
138 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
141 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
144 bytesNeeded += sizeof(LPWSTR) +
145 (lstrlenW(aia->rgAccDescr[i].AccessLocation.u.
146 pwszURL) + 1) * sizeof(WCHAR);
150 FIXME("unsupported alt name type %d\n",
151 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
155 SetLastError(E_INVALIDARG);
159 *pcbUrlArray = bytesNeeded;
160 else if (*pcbUrlArray < bytesNeeded)
162 SetLastError(ERROR_MORE_DATA);
163 *pcbUrlArray = bytesNeeded;
170 *pcbUrlArray = bytesNeeded;
172 pUrlArray->rgwszUrl =
173 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
174 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
175 + cUrl * sizeof(LPWSTR));
176 for (i = 0; i < aia->cAccDescr; i++)
177 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
178 szOID_PKIX_CA_ISSUERS))
180 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice
181 == CERT_ALT_NAME_URL)
183 if (aia->rgAccDescr[i].AccessLocation.u.pwszURL)
186 aia->rgAccDescr[i].AccessLocation.u.pwszURL);
187 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
189 nextUrl += (lstrlenW(nextUrl) + 1);
198 FIXME("url info: stub\n");
200 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
201 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
203 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
204 SetLastError(ERROR_MORE_DATA);
209 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
210 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
218 SetLastError(CRYPT_E_NOT_FOUND);
222 static BOOL CRYPT_GetUrlFromCRLDistPointsExt(const CRYPT_DATA_BLOB *value,
223 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
227 CRL_DIST_POINTS_INFO *info;
230 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CRL_DIST_POINTS,
231 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
234 DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY);
236 for (i = 0, cUrl = 0; i < info->cDistPoint; i++)
237 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
238 == CRL_DIST_POINT_FULL_NAME)
241 CERT_ALT_NAME_INFO *name =
242 &info->rgDistPoint[i].DistPointName.u.FullName;
244 for (j = 0; j < name->cAltEntry; j++)
245 if (name->rgAltEntry[j].dwAltNameChoice ==
248 if (name->rgAltEntry[j].u.pwszURL)
251 bytesNeeded += sizeof(LPWSTR) +
252 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1)
259 SetLastError(E_INVALIDARG);
263 *pcbUrlArray = bytesNeeded;
264 else if (*pcbUrlArray < bytesNeeded)
266 SetLastError(ERROR_MORE_DATA);
267 *pcbUrlArray = bytesNeeded;
274 *pcbUrlArray = bytesNeeded;
276 pUrlArray->rgwszUrl =
277 (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY));
278 nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)
279 + cUrl * sizeof(LPWSTR));
280 for (i = 0; i < info->cDistPoint; i++)
281 if (info->rgDistPoint[i].DistPointName.dwDistPointNameChoice
282 == CRL_DIST_POINT_FULL_NAME)
285 CERT_ALT_NAME_INFO *name =
286 &info->rgDistPoint[i].DistPointName.u.FullName;
288 for (j = 0; j < name->cAltEntry; j++)
289 if (name->rgAltEntry[j].dwAltNameChoice ==
292 if (name->rgAltEntry[j].u.pwszURL)
295 name->rgAltEntry[j].u.pwszURL);
296 pUrlArray->rgwszUrl[pUrlArray->cUrl++] =
299 (lstrlenW(name->rgAltEntry[j].u.pwszURL) + 1);
308 FIXME("url info: stub\n");
310 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
311 else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO))
313 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
314 SetLastError(ERROR_MORE_DATA);
319 *pcbUrlInfo = sizeof(CRYPT_URL_INFO);
320 memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO));
329 static BOOL WINAPI CRYPT_GetUrlFromCertificateCRLDistPoint(LPCSTR pszUrlOid,
330 LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray,
331 PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
333 PCCERT_CONTEXT cert = pvPara;
337 /* The only applicable flag is CRYPT_GET_URL_FROM_EXTENSION */
338 if (dwFlags && !(dwFlags & CRYPT_GET_URL_FROM_EXTENSION))
340 SetLastError(CRYPT_E_NOT_FOUND);
343 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
344 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
345 ret = CRYPT_GetUrlFromCRLDistPointsExt(&ext->Value, pUrlArray,
346 pcbUrlArray, pUrlInfo, pcbUrlInfo);
348 SetLastError(CRYPT_E_NOT_FOUND);
352 /***********************************************************************
353 * CryptGetObjectUrl (CRYPTNET.@)
355 BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags,
356 PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo,
357 DWORD *pcbUrlInfo, LPVOID pvReserved)
359 UrlDllGetObjectUrlFunc func = NULL;
360 HCRYPTOIDFUNCADDR hFunc = NULL;
363 TRACE("(%s, %p, %08x, %p, %p, %p, %p, %p)\n", debugstr_a(pszUrlOid),
364 pvPara, dwFlags, pUrlArray, pcbUrlArray, pUrlInfo, pcbUrlInfo, pvReserved);
366 if (IS_INTOID(pszUrlOid))
368 switch (LOWORD(pszUrlOid))
370 case LOWORD(URL_OID_CERTIFICATE_ISSUER):
371 func = CRYPT_GetUrlFromCertificateIssuer;
373 case LOWORD(URL_OID_CERTIFICATE_CRL_DIST_POINT):
374 func = CRYPT_GetUrlFromCertificateCRLDistPoint;
377 FIXME("unimplemented for %s\n", url_oid_to_str(pszUrlOid));
378 SetLastError(ERROR_FILE_NOT_FOUND);
383 static HCRYPTOIDFUNCSET set = NULL;
386 set = CryptInitOIDFunctionSet(URL_OID_GET_OBJECT_URL_FUNC, 0);
387 CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszUrlOid, 0,
388 (void **)&func, &hFunc);
391 ret = func(pszUrlOid, pvPara, dwFlags, pUrlArray, pcbUrlArray,
392 pUrlInfo, pcbUrlInfo, pvReserved);
394 CryptFreeOIDFunctionAddress(hFunc, 0);
398 /***********************************************************************
399 * CryptRetrieveObjectByUrlA (CRYPTNET.@)
401 BOOL WINAPI CryptRetrieveObjectByUrlA(LPCSTR pszURL, LPCSTR pszObjectOid,
402 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
403 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
404 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
409 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_a(pszURL),
410 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
411 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
415 SetLastError(ERROR_INVALID_PARAMETER);
418 len = MultiByteToWideChar(CP_ACP, 0, pszURL, -1, NULL, 0);
421 LPWSTR url = CryptMemAlloc(len * sizeof(WCHAR));
425 MultiByteToWideChar(CP_ACP, 0, pszURL, -1, url, len);
426 ret = CryptRetrieveObjectByUrlW(url, pszObjectOid,
427 dwRetrievalFlags, dwTimeout, ppvObject, hAsyncRetrieve,
428 pCredentials, pvVerify, pAuxInfo);
432 SetLastError(ERROR_OUTOFMEMORY);
437 static void WINAPI CRYPT_FreeBlob(LPCSTR pszObjectOid,
438 PCRYPT_BLOB_ARRAY pObject, void *pvFreeContext)
442 for (i = 0; i < pObject->cBlob; i++)
443 CryptMemFree(pObject->rgBlob[i].pbData);
444 CryptMemFree(pObject->rgBlob);
447 static BOOL CRYPT_GetObjectFromFile(HANDLE hFile, PCRYPT_BLOB_ARRAY pObject)
452 if ((ret = GetFileSizeEx(hFile, &size)))
456 WARN("file too big\n");
457 SetLastError(ERROR_INVALID_DATA);
462 CRYPT_DATA_BLOB blob;
464 blob.pbData = CryptMemAlloc(size.u.LowPart);
467 blob.cbData = size.u.LowPart;
468 ret = ReadFile(hFile, blob.pbData, size.u.LowPart, &blob.cbData,
472 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
476 memcpy(pObject->rgBlob, &blob, sizeof(CRYPT_DATA_BLOB));
480 SetLastError(ERROR_OUTOFMEMORY);
485 CryptMemFree(blob.pbData);
489 SetLastError(ERROR_OUTOFMEMORY);
497 static BOOL CRYPT_GetObjectFromCache(LPCWSTR pszURL, PCRYPT_BLOB_ARRAY pObject,
498 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
501 INTERNET_CACHE_ENTRY_INFOW *pCacheInfo = NULL;
504 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pObject, pAuxInfo);
506 RetrieveUrlCacheEntryFileW(pszURL, NULL, &size, 0);
507 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
510 pCacheInfo = CryptMemAlloc(size);
513 SetLastError(ERROR_OUTOFMEMORY);
517 if ((ret = RetrieveUrlCacheEntryFileW(pszURL, pCacheInfo, &size, 0)))
521 GetSystemTimeAsFileTime(&ft);
522 if (CompareFileTime(&pCacheInfo->ExpireTime, &ft) >= 0)
524 HANDLE hFile = CreateFileW(pCacheInfo->lpszLocalFileName, GENERIC_READ,
525 FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
527 if (hFile != INVALID_HANDLE_VALUE)
529 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
531 if (pAuxInfo && pAuxInfo->cbSize >=
532 offsetof(CRYPT_RETRIEVE_AUX_INFO,
533 pLastSyncTime) + sizeof(PFILETIME) &&
534 pAuxInfo->pLastSyncTime)
535 memcpy(pAuxInfo->pLastSyncTime,
536 &pCacheInfo->LastSyncTime,
543 DeleteUrlCacheEntryW(pszURL);
549 DeleteUrlCacheEntryW(pszURL);
552 UnlockUrlCacheEntryFileW(pszURL, 0);
554 CryptMemFree(pCacheInfo);
555 TRACE("returning %d\n", ret);
559 /* Parses the URL, and sets components' lpszHostName and lpszUrlPath members
560 * to NULL-terminated copies of those portions of the URL (to be freed with
563 static BOOL CRYPT_CrackUrl(LPCWSTR pszURL, URL_COMPONENTSW *components)
567 TRACE("(%s, %p)\n", debugstr_w(pszURL), components);
569 memset(components, 0, sizeof(*components));
570 components->dwStructSize = sizeof(*components);
571 components->lpszHostName = CryptMemAlloc(INTERNET_MAX_HOST_NAME_LENGTH * sizeof(WCHAR));
572 components->dwHostNameLength = INTERNET_MAX_HOST_NAME_LENGTH;
573 if (!components->lpszHostName)
575 SetLastError(ERROR_OUTOFMEMORY);
578 components->lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
579 components->dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
580 if (!components->lpszUrlPath)
582 CryptMemFree(components->lpszHostName);
583 SetLastError(ERROR_OUTOFMEMORY);
587 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, components);
590 switch (components->nScheme)
592 case INTERNET_SCHEME_FTP:
593 if (!components->nPort)
594 components->nPort = INTERNET_DEFAULT_FTP_PORT;
596 case INTERNET_SCHEME_HTTP:
597 if (!components->nPort)
598 components->nPort = INTERNET_DEFAULT_HTTP_PORT;
604 TRACE("returning %d\n", ret);
615 static struct InetContext *CRYPT_MakeInetContext(DWORD dwTimeout)
617 struct InetContext *context = CryptMemAlloc(sizeof(struct InetContext));
621 context->event = CreateEventW(NULL, FALSE, FALSE, NULL);
624 CryptMemFree(context);
629 context->timeout = dwTimeout;
630 context->error = ERROR_SUCCESS;
636 static BOOL CRYPT_DownloadObject(DWORD dwRetrievalFlags, HINTERNET hHttp,
637 struct InetContext *context, PCRYPT_BLOB_ARRAY pObject,
638 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
640 CRYPT_DATA_BLOB object = { 0, NULL };
641 DWORD bytesAvailable;
645 if ((ret = InternetQueryDataAvailable(hHttp, &bytesAvailable, 0, 0)))
650 object.pbData = CryptMemRealloc(object.pbData,
651 object.cbData + bytesAvailable);
653 object.pbData = CryptMemAlloc(bytesAvailable);
656 INTERNET_BUFFERSA buffer = { sizeof(buffer), 0 };
658 buffer.dwBufferLength = bytesAvailable;
659 buffer.lpvBuffer = object.pbData + object.cbData;
660 if (!(ret = InternetReadFileExA(hHttp, &buffer, IRF_NO_WAIT,
661 (DWORD_PTR)context)))
663 if (GetLastError() == ERROR_IO_PENDING)
665 if (WaitForSingleObject(context->event,
666 context->timeout) == WAIT_TIMEOUT)
667 SetLastError(ERROR_TIMEOUT);
668 else if (context->error)
669 SetLastError(context->error);
675 object.cbData += buffer.dwBufferLength;
679 SetLastError(ERROR_OUTOFMEMORY);
684 else if (GetLastError() == ERROR_IO_PENDING)
686 if (WaitForSingleObject(context->event, context->timeout) ==
688 SetLastError(ERROR_TIMEOUT);
692 } while (ret && bytesAvailable);
695 pObject->rgBlob = CryptMemAlloc(sizeof(CRYPT_DATA_BLOB));
696 if (!pObject->rgBlob)
698 CryptMemFree(object.pbData);
699 SetLastError(ERROR_OUTOFMEMORY);
704 pObject->rgBlob[0].cbData = object.cbData;
705 pObject->rgBlob[0].pbData = object.pbData;
709 TRACE("returning %d\n", ret);
713 /* Finds the object specified by pszURL in the cache. If it's not found,
714 * creates a new cache entry for the object and writes the object to it.
715 * Sets the expiration time of the cache entry to expires.
717 static void CRYPT_CacheURL(LPCWSTR pszURL, const CRYPT_BLOB_ARRAY *pObject,
718 DWORD dwRetrievalFlags, FILETIME expires)
720 WCHAR cacheFileName[MAX_PATH];
722 DWORD size = 0, entryType;
725 GetUrlCacheEntryInfoW(pszURL, NULL, &size);
726 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
728 INTERNET_CACHE_ENTRY_INFOW *info = CryptMemAlloc(size);
732 ERR("out of memory\n");
736 if (GetUrlCacheEntryInfoW(pszURL, info, &size))
738 lstrcpyW(cacheFileName, info->lpszLocalFileName);
739 /* Check if the existing cache entry is up to date. If it isn't,
740 * remove the existing cache entry, and create a new one with the
743 GetSystemTimeAsFileTime(&ft);
744 if (CompareFileTime(&info->ExpireTime, &ft) < 0)
746 DeleteUrlCacheEntryW(pszURL);
750 info->ExpireTime = expires;
751 SetUrlCacheEntryInfoW(pszURL, info, CACHE_ENTRY_EXPTIME_FC);
759 if (!CreateUrlCacheEntryW(pszURL, pObject->rgBlob[0].cbData, NULL, cacheFileName, 0))
762 hCacheFile = CreateFileW(cacheFileName, GENERIC_WRITE, 0,
763 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
764 if(hCacheFile == INVALID_HANDLE_VALUE)
767 WriteFile(hCacheFile, pObject->rgBlob[0].pbData,
768 pObject->rgBlob[0].cbData, &size, NULL);
769 CloseHandle(hCacheFile);
771 if (!(dwRetrievalFlags & CRYPT_STICKY_CACHE_RETRIEVAL))
772 entryType = NORMAL_CACHE_ENTRY;
774 entryType = STICKY_CACHE_ENTRY;
775 memset(&ft, 0, sizeof(ft));
776 CommitUrlCacheEntryW(pszURL, cacheFileName, expires, ft, entryType,
777 NULL, 0, NULL, NULL);
780 static void CALLBACK CRYPT_InetStatusCallback(HINTERNET hInt,
781 DWORD_PTR dwContext, DWORD status, void *statusInfo, DWORD statusInfoLen)
783 struct InetContext *context = (struct InetContext *)dwContext;
784 LPINTERNET_ASYNC_RESULT result;
788 case INTERNET_STATUS_REQUEST_COMPLETE:
790 context->error = result->dwError;
791 SetEvent(context->event);
795 static BOOL CRYPT_Connect(const URL_COMPONENTSW *components,
796 struct InetContext *context, PCRYPT_CREDENTIALS pCredentials,
797 HINTERNET *phInt, HINTERNET *phHost)
801 TRACE("(%s:%d, %p, %p, %p, %p)\n", debugstr_w(components->lpszHostName),
802 components->nPort, context, pCredentials, phInt, phInt);
805 *phInt = InternetOpenW(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL,
806 context ? INTERNET_FLAG_ASYNC : 0);
812 InternetSetStatusCallbackW(*phInt, CRYPT_InetStatusCallback);
813 switch (components->nScheme)
815 case INTERNET_SCHEME_FTP:
816 service = INTERNET_SERVICE_FTP;
818 case INTERNET_SCHEME_HTTP:
819 service = INTERNET_SERVICE_HTTP;
824 /* FIXME: use pCredentials for username/password */
825 *phHost = InternetConnectW(*phInt, components->lpszHostName,
826 components->nPort, NULL, NULL, service, 0, (DWORD_PTR)context);
829 InternetCloseHandle(*phInt);
838 TRACE("returning %d\n", ret);
842 static BOOL WINAPI FTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
843 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
844 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
845 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
846 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
848 FIXME("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
849 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
850 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
853 pObject->rgBlob = NULL;
854 *ppfnFreeObject = CRYPT_FreeBlob;
855 *ppvFreeContext = NULL;
859 static const WCHAR x509cacert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
860 '/','x','-','x','5','0','9','-','c','a','-','c','e','r','t',0 };
861 static const WCHAR x509emailcert[] = { 'a','p','p','l','i','c','a','t','i','o',
862 'n','/','x','-','x','5','0','9','-','e','m','a','i','l','-','c','e','r','t',
864 static const WCHAR x509servercert[] = { 'a','p','p','l','i','c','a','t','i','o',
865 'n','/','x','-','x','5','0','9','-','s','e','r','v','e','r','-','c','e','r',
867 static const WCHAR x509usercert[] = { 'a','p','p','l','i','c','a','t','i','o',
868 'n','/','x','-','x','5','0','9','-','u','s','e','r','-','c','e','r','t',0 };
869 static const WCHAR pkcs7cert[] = { 'a','p','p','l','i','c','a','t','i','o','n',
870 '/','x','-','p','k','c','s','7','-','c','e','r','t','i','f','c','a','t','e',
872 static const WCHAR pkixCRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
873 '/','p','k','i','x','-','c','r','l',0 };
874 static const WCHAR pkcs7CRL[] = { 'a','p','p','l','i','c','a','t','i','o','n',
875 '/','x','-','p','k','c','s','7','-','c','r','l',0 };
876 static const WCHAR pkcs7sig[] = { 'a','p','p','l','i','c','a','t','i','o','n',
877 '/','x','-','p','k','c','s','7','-','s','i','g','n','a','t','u','r','e',0 };
878 static const WCHAR pkcs7mime[] = { 'a','p','p','l','i','c','a','t','i','o','n',
879 '/','x','-','p','k','c','s','7','-','m','i','m','e',0 };
881 static BOOL WINAPI HTTP_RetrieveEncodedObjectW(LPCWSTR pszURL,
882 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
883 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
884 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
885 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
889 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
890 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
891 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
894 pObject->rgBlob = NULL;
895 *ppfnFreeObject = CRYPT_FreeBlob;
896 *ppvFreeContext = NULL;
898 if (!(dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL))
899 ret = CRYPT_GetObjectFromCache(pszURL, pObject, pAuxInfo);
900 if (!ret && (!(dwRetrievalFlags & CRYPT_CACHE_ONLY_RETRIEVAL) ||
901 (dwRetrievalFlags & CRYPT_WIRE_ONLY_RETRIEVAL)))
903 URL_COMPONENTSW components;
905 if ((ret = CRYPT_CrackUrl(pszURL, &components)))
907 HINTERNET hInt, hHost;
908 struct InetContext *context = NULL;
911 context = CRYPT_MakeInetContext(dwTimeout);
912 ret = CRYPT_Connect(&components, context, pCredentials, &hInt,
916 static LPCWSTR types[] = { x509cacert, x509emailcert,
917 x509servercert, x509usercert, pkcs7cert, pkixCRL, pkcs7CRL,
918 pkcs7sig, pkcs7mime, NULL };
919 HINTERNET hHttp = HttpOpenRequestW(hHost, NULL,
920 components.lpszUrlPath, NULL, NULL, types,
921 INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI,
928 InternetSetOptionW(hHttp,
929 INTERNET_OPTION_RECEIVE_TIMEOUT, &dwTimeout,
931 InternetSetOptionW(hHttp, INTERNET_OPTION_SEND_TIMEOUT,
932 &dwTimeout, sizeof(dwTimeout));
934 ret = HttpSendRequestExW(hHttp, NULL, NULL, 0,
936 if (!ret && GetLastError() == ERROR_IO_PENDING)
938 if (WaitForSingleObject(context->event,
939 context->timeout) == WAIT_TIMEOUT)
940 SetLastError(ERROR_TIMEOUT);
945 !(ret = HttpEndRequestW(hHttp, NULL, 0, (DWORD_PTR)context)) &&
946 GetLastError() == ERROR_IO_PENDING)
948 if (WaitForSingleObject(context->event,
949 context->timeout) == WAIT_TIMEOUT)
950 SetLastError(ERROR_TIMEOUT);
955 ret = CRYPT_DownloadObject(dwRetrievalFlags, hHttp,
956 context, pObject, pAuxInfo);
957 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT))
960 DWORD len = sizeof(st);
962 if (HttpQueryInfoW(hHttp,
963 HTTP_QUERY_EXPIRES | HTTP_QUERY_FLAG_SYSTEMTIME, &st,
968 SystemTimeToFileTime(&st, &ft);
969 CRYPT_CacheURL(pszURL, pObject, dwRetrievalFlags,
973 InternetCloseHandle(hHttp);
975 InternetCloseHandle(hHost);
976 InternetCloseHandle(hInt);
980 CloseHandle(context->event);
981 CryptMemFree(context);
983 CryptMemFree(components.lpszUrlPath);
984 CryptMemFree(components.lpszHostName);
987 TRACE("returning %d\n", ret);
991 static BOOL WINAPI File_RetrieveEncodedObjectW(LPCWSTR pszURL,
992 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
993 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
994 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
995 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
997 URL_COMPONENTSW components = { sizeof(components), 0 };
1000 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1001 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, pObject,
1002 ppfnFreeObject, ppvFreeContext, hAsyncRetrieve, pCredentials, pAuxInfo);
1005 pObject->rgBlob = NULL;
1006 *ppfnFreeObject = CRYPT_FreeBlob;
1007 *ppvFreeContext = NULL;
1009 components.lpszUrlPath = CryptMemAlloc(INTERNET_MAX_PATH_LENGTH * sizeof(WCHAR));
1010 components.dwUrlPathLength = INTERNET_MAX_PATH_LENGTH;
1011 if (!components.lpszUrlPath)
1013 SetLastError(ERROR_OUTOFMEMORY);
1017 ret = InternetCrackUrlW(pszURL, 0, ICU_DECODE, &components);
1022 /* 3 == lstrlenW(L"c:") + 1 */
1023 path = CryptMemAlloc((components.dwUrlPathLength + 3) * sizeof(WCHAR));
1028 /* Try to create the file directly - Wine handles / in pathnames */
1029 lstrcpynW(path, components.lpszUrlPath,
1030 components.dwUrlPathLength + 1);
1031 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1032 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1033 if (hFile == INVALID_HANDLE_VALUE)
1035 /* Try again on the current drive */
1036 GetCurrentDirectoryW(components.dwUrlPathLength, path);
1039 lstrcpynW(path + 2, components.lpszUrlPath,
1040 components.dwUrlPathLength + 1);
1041 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1042 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1044 if (hFile == INVALID_HANDLE_VALUE)
1046 /* Try again on the Windows drive */
1047 GetWindowsDirectoryW(path, components.dwUrlPathLength);
1050 lstrcpynW(path + 2, components.lpszUrlPath,
1051 components.dwUrlPathLength + 1);
1052 hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
1053 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
1057 if (hFile != INVALID_HANDLE_VALUE)
1059 if ((ret = CRYPT_GetObjectFromFile(hFile, pObject)))
1061 if (pAuxInfo && pAuxInfo->cbSize >=
1062 offsetof(CRYPT_RETRIEVE_AUX_INFO,
1063 pLastSyncTime) + sizeof(PFILETIME) &&
1064 pAuxInfo->pLastSyncTime)
1065 GetFileTime(hFile, NULL, NULL,
1066 pAuxInfo->pLastSyncTime);
1076 SetLastError(ERROR_OUTOFMEMORY);
1080 CryptMemFree(components.lpszUrlPath);
1084 typedef BOOL (WINAPI *SchemeDllRetrieveEncodedObjectW)(LPCWSTR pwszUrl,
1085 LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout,
1086 PCRYPT_BLOB_ARRAY pObject, PFN_FREE_ENCODED_OBJECT_FUNC *ppfnFreeObject,
1087 void **ppvFreeContext, HCRYPTASYNC hAsyncRetrieve,
1088 PCRYPT_CREDENTIALS pCredentials, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo);
1090 static BOOL CRYPT_GetRetrieveFunction(LPCWSTR pszURL,
1091 SchemeDllRetrieveEncodedObjectW *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1093 URL_COMPONENTSW components = { sizeof(components), 0 };
1096 TRACE("(%s, %p, %p)\n", debugstr_w(pszURL), pFunc, phFunc);
1100 components.dwSchemeLength = 1;
1101 ret = InternetCrackUrlW(pszURL, 0, 0, &components);
1104 /* Microsoft always uses CryptInitOIDFunctionSet/
1105 * CryptGetOIDFunctionAddress, but there doesn't seem to be a pressing
1106 * reason to do so for builtin schemes.
1108 switch (components.nScheme)
1110 case INTERNET_SCHEME_FTP:
1111 *pFunc = FTP_RetrieveEncodedObjectW;
1113 case INTERNET_SCHEME_HTTP:
1114 *pFunc = HTTP_RetrieveEncodedObjectW;
1116 case INTERNET_SCHEME_FILE:
1117 *pFunc = File_RetrieveEncodedObjectW;
1121 int len = WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1122 components.dwSchemeLength, NULL, 0, NULL, NULL);
1126 LPSTR scheme = CryptMemAlloc(len);
1130 static HCRYPTOIDFUNCSET set = NULL;
1133 set = CryptInitOIDFunctionSet(
1134 SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC, 0);
1135 WideCharToMultiByte(CP_ACP, 0, components.lpszScheme,
1136 components.dwSchemeLength, scheme, len, NULL, NULL);
1137 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1138 scheme, 0, (void **)pFunc, phFunc);
1139 CryptMemFree(scheme);
1143 SetLastError(ERROR_OUTOFMEMORY);
1152 TRACE("returning %d\n", ret);
1156 static BOOL WINAPI CRYPT_CreateBlob(LPCSTR pszObjectOid,
1157 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1160 CRYPT_BLOB_ARRAY *context;
1163 size = sizeof(CRYPT_BLOB_ARRAY) + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1164 for (i = 0; i < pObject->cBlob; i++)
1165 size += pObject->rgBlob[i].cbData;
1166 context = CryptMemAlloc(size);
1173 (CRYPT_DATA_BLOB *)((LPBYTE)context + sizeof(CRYPT_BLOB_ARRAY));
1175 (LPBYTE)context->rgBlob + pObject->cBlob * sizeof(CRYPT_DATA_BLOB);
1176 for (i = 0; i < pObject->cBlob; i++)
1178 memcpy(nextData, pObject->rgBlob[i].pbData,
1179 pObject->rgBlob[i].cbData);
1180 context->rgBlob[i].pbData = nextData;
1181 context->rgBlob[i].cbData = pObject->rgBlob[i].cbData;
1182 nextData += pObject->rgBlob[i].cbData;
1185 *ppvContext = context;
1191 typedef BOOL (WINAPI *AddContextToStore)(HCERTSTORE hCertStore,
1192 const void *pContext, DWORD dwAddDisposition, const void **ppStoreContext);
1194 static BOOL CRYPT_CreateContext(const CRYPT_BLOB_ARRAY *pObject,
1195 DWORD dwExpectedContentTypeFlags, AddContextToStore addFunc, void **ppvContext)
1199 if (!pObject->cBlob)
1201 SetLastError(ERROR_INVALID_DATA);
1205 else if (pObject->cBlob == 1)
1207 if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1208 dwExpectedContentTypeFlags, CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL,
1209 NULL, NULL, NULL, NULL, (const void **)ppvContext))
1211 SetLastError(CRYPT_E_NO_MATCH);
1217 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1218 CERT_STORE_CREATE_NEW_FLAG, NULL);
1223 const void *context;
1225 for (i = 0; i < pObject->cBlob; i++)
1227 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1228 &pObject->rgBlob[i], dwExpectedContentTypeFlags,
1229 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, NULL, NULL, NULL,
1232 if (!addFunc(store, context, CERT_STORE_ADD_ALWAYS, NULL))
1237 SetLastError(CRYPT_E_NO_MATCH);
1244 *ppvContext = store;
1249 static BOOL WINAPI CRYPT_CreateCert(LPCSTR pszObjectOid,
1250 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1252 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CERT,
1253 (AddContextToStore)CertAddCertificateContextToStore, ppvContext);
1256 static BOOL WINAPI CRYPT_CreateCRL(LPCSTR pszObjectOid,
1257 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1259 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CRL,
1260 (AddContextToStore)CertAddCRLContextToStore, ppvContext);
1263 static BOOL WINAPI CRYPT_CreateCTL(LPCSTR pszObjectOid,
1264 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1266 return CRYPT_CreateContext(pObject, CERT_QUERY_CONTENT_FLAG_CTL,
1267 (AddContextToStore)CertAddCTLContextToStore, ppvContext);
1270 static BOOL WINAPI CRYPT_CreatePKCS7(LPCSTR pszObjectOid,
1271 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1275 if (!pObject->cBlob)
1277 SetLastError(ERROR_INVALID_DATA);
1281 else if (pObject->cBlob == 1)
1282 ret = CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &pObject->rgBlob[0],
1283 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1284 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED, CERT_QUERY_FORMAT_FLAG_BINARY,
1285 0, NULL, NULL, NULL, ppvContext, NULL, NULL);
1288 FIXME("multiple messages unimplemented\n");
1294 static BOOL WINAPI CRYPT_CreateAny(LPCSTR pszObjectOid,
1295 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext)
1299 if (!pObject->cBlob)
1301 SetLastError(ERROR_INVALID_DATA);
1307 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1308 CERT_STORE_CREATE_NEW_FLAG, NULL);
1312 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1313 CERT_STORE_CREATE_NEW_FLAG, NULL);
1317 CertAddStoreToCollection(store, memStore,
1318 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
1319 CertCloseStore(memStore, 0);
1323 CertCloseStore(store, 0);
1332 for (i = 0; i < pObject->cBlob; i++)
1334 DWORD contentType, expectedContentTypes =
1335 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
1336 CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
1337 CERT_QUERY_CONTENT_FLAG_CERT |
1338 CERT_QUERY_CONTENT_FLAG_CRL |
1339 CERT_QUERY_CONTENT_FLAG_CTL;
1340 HCERTSTORE contextStore;
1341 const void *context;
1343 if (CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
1344 &pObject->rgBlob[i], expectedContentTypes,
1345 CERT_QUERY_FORMAT_FLAG_BINARY, 0, NULL, &contentType, NULL,
1346 &contextStore, NULL, &context))
1348 switch (contentType)
1350 case CERT_QUERY_CONTENT_CERT:
1351 if (!CertAddCertificateContextToStore(store,
1352 context, CERT_STORE_ADD_ALWAYS, NULL))
1354 CertFreeCertificateContext(context);
1356 case CERT_QUERY_CONTENT_CRL:
1357 if (!CertAddCRLContextToStore(store,
1358 context, CERT_STORE_ADD_ALWAYS, NULL))
1360 CertFreeCRLContext(context);
1362 case CERT_QUERY_CONTENT_CTL:
1363 if (!CertAddCTLContextToStore(store,
1364 context, CERT_STORE_ADD_ALWAYS, NULL))
1366 CertFreeCTLContext(context);
1369 CertAddStoreToCollection(store, contextStore, 0, 0);
1371 CertCloseStore(contextStore, 0);
1379 *ppvContext = store;
1384 typedef BOOL (WINAPI *ContextDllCreateObjectContext)(LPCSTR pszObjectOid,
1385 DWORD dwRetrievalFlags, const CRYPT_BLOB_ARRAY *pObject, void **ppvContext);
1387 static BOOL CRYPT_GetCreateFunction(LPCSTR pszObjectOid,
1388 ContextDllCreateObjectContext *pFunc, HCRYPTOIDFUNCADDR *phFunc)
1392 TRACE("(%s, %p, %p)\n", debugstr_a(pszObjectOid), pFunc, phFunc);
1396 if (IS_INTOID(pszObjectOid))
1398 switch (LOWORD(pszObjectOid))
1401 *pFunc = CRYPT_CreateBlob;
1403 case LOWORD(CONTEXT_OID_CERTIFICATE):
1404 *pFunc = CRYPT_CreateCert;
1406 case LOWORD(CONTEXT_OID_CRL):
1407 *pFunc = CRYPT_CreateCRL;
1409 case LOWORD(CONTEXT_OID_CTL):
1410 *pFunc = CRYPT_CreateCTL;
1412 case LOWORD(CONTEXT_OID_PKCS7):
1413 *pFunc = CRYPT_CreatePKCS7;
1415 case LOWORD(CONTEXT_OID_CAPI2_ANY):
1416 *pFunc = CRYPT_CreateAny;
1422 static HCRYPTOIDFUNCSET set = NULL;
1425 set = CryptInitOIDFunctionSet(
1426 CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC, 0);
1427 ret = CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING, pszObjectOid,
1428 0, (void **)pFunc, phFunc);
1430 TRACE("returning %d\n", ret);
1434 typedef BOOL (*get_object_expiration_func)(const void *pvContext,
1435 FILETIME *expiration);
1437 static BOOL CRYPT_GetExpirationFromCert(const void *pvObject, FILETIME *expiration)
1439 PCCERT_CONTEXT cert = pvObject;
1441 *expiration = cert->pCertInfo->NotAfter;
1445 static BOOL CRYPT_GetExpirationFromCRL(const void *pvObject, FILETIME *expiration)
1447 PCCRL_CONTEXT cert = pvObject;
1449 *expiration = cert->pCrlInfo->NextUpdate;
1453 static BOOL CRYPT_GetExpirationFromCTL(const void *pvObject, FILETIME *expiration)
1455 PCCTL_CONTEXT cert = pvObject;
1457 *expiration = cert->pCtlInfo->NextUpdate;
1461 static BOOL CRYPT_GetExpirationFunction(LPCSTR pszObjectOid,
1462 get_object_expiration_func *getExpiration)
1466 if (IS_INTOID(pszObjectOid))
1468 switch (LOWORD(pszObjectOid))
1470 case LOWORD(CONTEXT_OID_CERTIFICATE):
1471 *getExpiration = CRYPT_GetExpirationFromCert;
1474 case LOWORD(CONTEXT_OID_CRL):
1475 *getExpiration = CRYPT_GetExpirationFromCRL;
1478 case LOWORD(CONTEXT_OID_CTL):
1479 *getExpiration = CRYPT_GetExpirationFromCTL;
1491 /***********************************************************************
1492 * CryptRetrieveObjectByUrlW (CRYPTNET.@)
1494 BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
1495 DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject,
1496 HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify,
1497 PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
1500 SchemeDllRetrieveEncodedObjectW retrieve;
1501 ContextDllCreateObjectContext create;
1502 HCRYPTOIDFUNCADDR hRetrieve = 0, hCreate = 0;
1504 TRACE("(%s, %s, %08x, %d, %p, %p, %p, %p, %p)\n", debugstr_w(pszURL),
1505 debugstr_a(pszObjectOid), dwRetrievalFlags, dwTimeout, ppvObject,
1506 hAsyncRetrieve, pCredentials, pvVerify, pAuxInfo);
1510 SetLastError(ERROR_INVALID_PARAMETER);
1513 ret = CRYPT_GetRetrieveFunction(pszURL, &retrieve, &hRetrieve);
1515 ret = CRYPT_GetCreateFunction(pszObjectOid, &create, &hCreate);
1518 CRYPT_BLOB_ARRAY object = { 0, NULL };
1519 PFN_FREE_ENCODED_OBJECT_FUNC freeObject;
1522 ret = retrieve(pszURL, pszObjectOid, dwRetrievalFlags, dwTimeout,
1523 &object, &freeObject, &freeContext, hAsyncRetrieve, pCredentials,
1527 get_object_expiration_func getExpiration;
1529 ret = create(pszObjectOid, dwRetrievalFlags, &object, ppvObject);
1530 if (ret && !(dwRetrievalFlags & CRYPT_DONT_CACHE_RESULT) &&
1531 CRYPT_GetExpirationFunction(pszObjectOid, &getExpiration))
1535 if (getExpiration(*ppvObject, &expires))
1536 CRYPT_CacheURL(pszURL, &object, dwRetrievalFlags, expires);
1538 freeObject(pszObjectOid, &object, freeContext);
1542 CryptFreeOIDFunctionAddress(hCreate, 0);
1544 CryptFreeOIDFunctionAddress(hRetrieve, 0);
1545 TRACE("returning %d\n", ret);
1549 static DWORD verify_cert_revocation_with_crl_online(PCCERT_CONTEXT cert,
1550 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1551 PCERT_REVOCATION_STATUS pRevStatus)
1554 PCRL_ENTRY entry = NULL;
1556 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1559 error = CRYPT_E_REVOKED;
1560 pRevStatus->dwIndex = index;
1564 /* Since the CRL was retrieved for the cert being checked, then it's
1565 * guaranteed to be fresh, and the cert is not revoked.
1567 error = ERROR_SUCCESS;
1572 static DWORD verify_cert_revocation_from_dist_points_ext(
1573 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1574 FILETIME *pTime, DWORD dwFlags, const CERT_REVOCATION_PARA *pRevPara,
1575 PCERT_REVOCATION_STATUS pRevStatus)
1577 DWORD error = ERROR_SUCCESS, cbUrlArray;
1579 if (CRYPT_GetUrlFromCRLDistPointsExt(value, NULL, &cbUrlArray, NULL, NULL))
1581 CRYPT_URL_ARRAY *urlArray = CryptMemAlloc(cbUrlArray);
1585 DWORD j, retrievalFlags = 0, startTime, endTime, timeout;
1588 ret = CRYPT_GetUrlFromCRLDistPointsExt(value, urlArray,
1589 &cbUrlArray, NULL, NULL);
1590 if (dwFlags & CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION)
1591 retrievalFlags |= CRYPT_CACHE_ONLY_RETRIEVAL;
1592 if (dwFlags & CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG &&
1593 pRevPara && pRevPara->cbSize >= offsetof(CERT_REVOCATION_PARA,
1594 dwUrlRetrievalTimeout) + sizeof(DWORD))
1596 startTime = GetTickCount();
1597 endTime = startTime + pRevPara->dwUrlRetrievalTimeout;
1598 timeout = pRevPara->dwUrlRetrievalTimeout;
1601 endTime = timeout = 0;
1603 error = GetLastError();
1604 for (j = 0; !error && j < urlArray->cUrl; j++)
1608 ret = CryptRetrieveObjectByUrlW(urlArray->rgwszUrl[j],
1609 CONTEXT_OID_CRL, retrievalFlags, timeout, (void **)&crl,
1610 NULL, NULL, NULL, NULL);
1613 error = verify_cert_revocation_with_crl_online(cert, crl,
1614 index, pTime, pRevStatus);
1615 if (!error && timeout)
1617 DWORD time = GetTickCount();
1619 if ((int)(endTime - time) <= 0)
1621 error = ERROR_TIMEOUT;
1622 pRevStatus->dwIndex = index;
1625 timeout = endTime - time;
1627 CertFreeCRLContext(crl);
1630 error = CRYPT_E_REVOCATION_OFFLINE;
1632 CryptMemFree(urlArray);
1636 error = ERROR_OUTOFMEMORY;
1637 pRevStatus->dwIndex = index;
1642 error = GetLastError();
1643 pRevStatus->dwIndex = index;
1648 static DWORD verify_cert_revocation_from_aia_ext(
1649 const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
1650 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1651 PCERT_REVOCATION_STATUS pRevStatus)
1655 CERT_AUTHORITY_INFO_ACCESS *aia;
1657 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
1658 value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
1663 for (i = 0; i < aia->cAccDescr; i++)
1664 if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
1667 if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
1669 FIXME("OCSP URL = %s\n",
1670 debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
1672 FIXME("unsupported AccessLocation type %d\n",
1673 aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
1676 /* FIXME: lie and pretend OCSP validated the cert */
1677 error = ERROR_SUCCESS;
1680 error = GetLastError();
1684 static DWORD verify_cert_revocation_with_crl_offline(PCCERT_CONTEXT cert,
1685 PCCRL_CONTEXT crl, DWORD index, FILETIME *pTime,
1686 PCERT_REVOCATION_STATUS pRevStatus)
1691 valid = CompareFileTime(pTime, &crl->pCrlInfo->ThisUpdate);
1694 /* If this CRL is not older than the time being verified, there's no
1695 * way to know whether the certificate was revoked.
1697 TRACE("CRL not old enough\n");
1698 error = CRYPT_E_REVOCATION_OFFLINE;
1702 PCRL_ENTRY entry = NULL;
1704 CertFindCertificateInCRL(cert, crl, 0, NULL, &entry);
1707 error = CRYPT_E_REVOKED;
1708 pRevStatus->dwIndex = index;
1712 /* Since the CRL was not retrieved for the cert being checked,
1713 * there's no guarantee it's fresh, so the cert *might* be okay,
1714 * but it's safer not to guess.
1716 TRACE("certificate not found\n");
1717 error = CRYPT_E_REVOCATION_OFFLINE;
1723 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
1724 FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
1725 PCERT_REVOCATION_STATUS pRevStatus)
1727 DWORD error = ERROR_SUCCESS;
1728 PCERT_EXTENSION ext;
1730 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
1731 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1732 error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
1733 index, pTime, dwFlags, pRevPara, pRevStatus);
1734 else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
1735 cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
1736 error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
1737 index, pTime, dwFlags, pRevPara, pRevStatus);
1740 if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
1742 PCCRL_CONTEXT crl = NULL;
1745 /* If the caller told us about the issuer, make sure the issuer
1746 * can sign CRLs before looking for one.
1748 if ((ext = CertFindExtension(szOID_KEY_USAGE,
1749 pRevPara->pIssuerCert->pCertInfo->cExtension,
1750 pRevPara->pIssuerCert->pCertInfo->rgExtension)))
1752 CRYPT_BIT_BLOB usage;
1753 DWORD size = sizeof(usage);
1755 if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_BITS,
1756 ext->Value.pbData, ext->Value.cbData,
1757 CRYPT_DECODE_NOCOPY_FLAG, NULL, &usage, &size))
1758 canSignCRLs = FALSE;
1759 else if (usage.cbData > 2)
1761 /* The key usage extension only defines 9 bits => no more
1762 * than 2 bytes are needed to encode all known usages.
1764 canSignCRLs = FALSE;
1768 BYTE usageBits = usage.pbData[usage.cbData - 1];
1770 canSignCRLs = usageBits & CERT_CRL_SIGN_KEY_USAGE;
1777 /* If the caller was helpful enough to tell us where to find a
1778 * CRL for the cert, look for one and check it.
1780 crl = CertFindCRLInStore(pRevPara->hCrlStore,
1781 cert->dwCertEncodingType,
1782 CRL_FIND_ISSUED_BY_SIGNATURE_FLAG |
1783 CRL_FIND_ISSUED_BY_AKI_FLAG,
1784 CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
1788 error = verify_cert_revocation_with_crl_offline(cert, crl,
1789 index, pTime, pRevStatus);
1790 CertFreeCRLContext(crl);
1794 TRACE("no CRL found\n");
1795 error = CRYPT_E_NO_REVOCATION_CHECK;
1796 pRevStatus->dwIndex = index;
1802 WARN("no CERT_REVOCATION_PARA\n");
1803 else if (!pRevPara->hCrlStore)
1804 WARN("no dist points/aia extension and no CRL store\n");
1805 else if (!pRevPara->pIssuerCert)
1806 WARN("no dist points/aia extension and no issuer\n");
1807 error = CRYPT_E_NO_REVOCATION_CHECK;
1808 pRevStatus->dwIndex = index;
1814 typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
1816 PCCERT_CONTEXT pIssuerCert;
1818 HCERTSTORE *rgCertStore;
1819 HCERTSTORE hCrlStore;
1820 LPFILETIME pftTimeToUse;
1821 } CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
1823 typedef struct _OLD_CERT_REVOCATION_STATUS {
1828 } OLD_CERT_REVOCATION_STATUS, *POLD_CERT_REVOCATION_STATUS;
1830 /***********************************************************************
1831 * CertDllVerifyRevocation (CRYPTNET.@)
1833 BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
1834 DWORD cContext, PVOID rgpvContext[], DWORD dwFlags,
1835 PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
1839 LPFILETIME pTime = NULL;
1841 TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
1842 cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
1844 if (pRevStatus->cbSize != sizeof(OLD_CERT_REVOCATION_STATUS) &&
1845 pRevStatus->cbSize != sizeof(CERT_REVOCATION_STATUS))
1847 SetLastError(E_INVALIDARG);
1852 SetLastError(E_INVALIDARG);
1855 if (pRevPara && pRevPara->cbSize >=
1856 sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
1857 pTime = pRevPara->pftTimeToUse;
1860 GetSystemTimeAsFileTime(&now);
1863 memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
1864 if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
1865 error = CRYPT_E_NO_REVOCATION_CHECK;
1868 for (i = 0; !error && i < cContext; i++)
1869 error = verify_cert_revocation(rgpvContext[i], i, pTime, dwFlags,
1870 pRevPara, pRevStatus);
1874 SetLastError(error);
1875 pRevStatus->dwError = error;
1877 TRACE("returning %d (%08x)\n", !error, error);