wined3d: Prevent some console spamming.
[wine] / dlls / crypt32 / crl.c
1 /*
2  * Copyright 2006 Juan Lang
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17  *
18  */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #include "windef.h"
23 #include "winbase.h"
24 #include "wincrypt.h"
25 #include "wine/debug.h"
26 #include "crypt32_private.h"
27
28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
29
30 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
31  const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
32 {
33     PCRL_CONTEXT crl = NULL;
34     BOOL ret;
35     PCRL_INFO crlInfo = NULL;
36     DWORD size = 0;
37
38     TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
39      cbCrlEncoded);
40
41     if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
42     {
43         SetLastError(E_INVALIDARG);
44         return NULL;
45     }
46     ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
47      pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
48      (BYTE *)&crlInfo, &size);
49     if (ret)
50     {
51         BYTE *data = NULL;
52
53         crl = (PCRL_CONTEXT)Context_CreateDataContext(sizeof(CRL_CONTEXT));
54         if (!crl)
55             goto end;
56         data = CryptMemAlloc(cbCrlEncoded);
57         if (!data)
58         {
59             CryptMemFree(crl);
60             crl = NULL;
61             goto end;
62         }
63         memcpy(data, pbCrlEncoded, cbCrlEncoded);
64         crl->dwCertEncodingType = dwCertEncodingType;
65         crl->pbCrlEncoded       = data;
66         crl->cbCrlEncoded       = cbCrlEncoded;
67         crl->pCrlInfo           = crlInfo;
68         crl->hCertStore         = 0;
69     }
70
71 end:
72     return (PCCRL_CONTEXT)crl;
73 }
74
75 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
76  DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
77  DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
78 {
79     PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
80      pbCrlEncoded, cbCrlEncoded);
81     BOOL ret;
82
83     TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
84      pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
85
86     if (crl)
87     {
88         ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
89          ppCrlContext);
90         CertFreeCRLContext(crl);
91     }
92     else
93         ret = FALSE;
94     return ret;
95 }
96
97 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
98  DWORD dwFlags, const void *pvPara);
99
100 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
101  DWORD dwFlags, const void *pvPara)
102 {
103     return TRUE;
104 }
105
106 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
107  DWORD dwFlags, const void *pvPara)
108 {
109     BOOL ret;
110
111     if (pvPara)
112     {
113         PCCERT_CONTEXT issuer = (PCCERT_CONTEXT)pvPara;
114
115         ret = CertCompareCertificateName(issuer->dwCertEncodingType,
116          &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
117     }
118     else
119         ret = TRUE;
120     return ret;
121 }
122
123 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
124  DWORD dwFlags, const void *pvPara)
125 {
126     BOOL ret;
127
128     if (pvPara)
129     {
130         PCCRL_CONTEXT crl = (PCCRL_CONTEXT)pvPara;
131
132         ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
133          &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
134     }
135     else
136         ret = TRUE;
137     return ret;
138 }
139
140 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
141  DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
142  const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
143 {
144     PCCRL_CONTEXT ret;
145     CrlCompareFunc compare;
146
147     TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
148          dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
149
150     switch (dwFindType)
151     {
152     case CRL_FIND_ANY:
153         compare = compare_crl_any;
154         break;
155     case CRL_FIND_ISSUED_BY:
156         compare = compare_crl_issued_by;
157         break;
158     case CRL_FIND_EXISTING:
159         compare = compare_crl_existing;
160         break;
161     default:
162         FIXME("find type %08x unimplemented\n", dwFindType);
163         compare = NULL;
164     }
165
166     if (compare)
167     {
168         BOOL matches = FALSE;
169
170         ret = pPrevCrlContext;
171         do {
172             ret = CertEnumCRLsInStore(hCertStore, ret);
173             if (ret)
174                 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
175         } while (ret != NULL && !matches);
176         if (!ret)
177             SetLastError(CRYPT_E_NOT_FOUND);
178     }
179     else
180     {
181         SetLastError(CRYPT_E_NOT_FOUND);
182         ret = NULL;
183     }
184     return ret;
185 }
186
187 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
188  PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
189 {
190     static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
191      CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
192      CERT_STORE_DELTA_CRL_FLAG;
193     PCCRL_CONTEXT ret;
194
195     TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
196      *pdwFlags);
197
198     if (*pdwFlags & ~supportedFlags)
199     {
200         SetLastError(E_INVALIDARG);
201         return NULL;
202     }
203     if (pIssuerContext)
204         ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
205          0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
206     else
207         ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
208          pPrevCrlContext);
209     if (ret)
210     {
211         if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
212         {
213             if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
214                 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
215         }
216         if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
217         {
218             if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
219              CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
220              CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
221              NULL))
222                 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
223         }
224     }
225     return ret;
226 }
227
228 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
229 {
230     TRACE("(%p)\n", pCrlContext);
231     Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
232     return pCrlContext;
233 }
234
235 static void CrlDataContext_Free(void *context)
236 {
237     PCRL_CONTEXT crlContext = (PCRL_CONTEXT)context;
238
239     CryptMemFree(crlContext->pbCrlEncoded);
240     LocalFree(crlContext->pCrlInfo);
241 }
242
243 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
244 {
245     TRACE("(%p)\n", pCrlContext);
246
247     if (pCrlContext)
248         Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
249          CrlDataContext_Free);
250     return TRUE;
251 }
252
253 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
254  DWORD dwPropId)
255 {
256     PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
257      (void *)pCRLContext, sizeof(CRL_CONTEXT));
258     DWORD ret;
259
260     TRACE("(%p, %d)\n", pCRLContext, dwPropId);
261
262     if (properties)
263         ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
264     else
265         ret = 0;
266     return ret;
267 }
268
269 static BOOL WINAPI CRLContext_SetProperty(void *context, DWORD dwPropId,
270  DWORD dwFlags, const void *pvData);
271
272 static BOOL CRLContext_GetHashProp(void *context, DWORD dwPropId,
273  ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
274  DWORD *pcbData)
275 {
276     BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
277      pcbData);
278     if (ret)
279     {
280         CRYPT_DATA_BLOB blob = { *pcbData, pvData };
281
282         ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
283     }
284     return ret;
285 }
286
287 static BOOL WINAPI CRLContext_GetProperty(void *context, DWORD dwPropId,
288  void *pvData, DWORD *pcbData)
289 {
290     PCCRL_CONTEXT pCRLContext = (PCCRL_CONTEXT)context;
291     PCONTEXT_PROPERTY_LIST properties =
292      Context_GetProperties(context, sizeof(CRL_CONTEXT));
293     BOOL ret;
294     CRYPT_DATA_BLOB blob;
295
296     TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
297
298     if (properties)
299         ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
300     else
301         ret = FALSE;
302     if (ret)
303     {
304         if (!pvData)
305             *pcbData = blob.cbData;
306         else if (*pcbData < blob.cbData)
307         {
308             SetLastError(ERROR_MORE_DATA);
309             *pcbData = blob.cbData;
310             ret = FALSE;
311         }
312         else
313         {
314             memcpy(pvData, blob.pbData, blob.cbData);
315             *pcbData = blob.cbData;
316         }
317     }
318     else
319     {
320         /* Implicit properties */
321         switch (dwPropId)
322         {
323         case CERT_SHA1_HASH_PROP_ID:
324             ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
325              pCRLContext->pbCrlEncoded, pCRLContext->cbCrlEncoded, pvData,
326              pcbData);
327             break;
328         case CERT_MD5_HASH_PROP_ID:
329             ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
330              pCRLContext->pbCrlEncoded, pCRLContext->cbCrlEncoded, pvData,
331              pcbData);
332             break;
333         default:
334             SetLastError(CRYPT_E_NOT_FOUND);
335         }
336     }
337     TRACE("returning %d\n", ret);
338     return ret;
339 }
340
341 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
342  DWORD dwPropId, void *pvData, DWORD *pcbData)
343 {
344     BOOL ret;
345
346     TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
347
348     switch (dwPropId)
349     {
350     case 0:
351     case CERT_CERT_PROP_ID:
352     case CERT_CRL_PROP_ID:
353     case CERT_CTL_PROP_ID:
354         SetLastError(E_INVALIDARG);
355         ret = FALSE;
356         break;
357     case CERT_ACCESS_STATE_PROP_ID:
358         if (!pvData)
359         {
360             *pcbData = sizeof(DWORD);
361             ret = TRUE;
362         }
363         else if (*pcbData < sizeof(DWORD))
364         {
365             SetLastError(ERROR_MORE_DATA);
366             *pcbData = sizeof(DWORD);
367             ret = FALSE;
368         }
369         else
370         {
371             if (pCRLContext->hCertStore)
372                 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
373                  pvData, pcbData);
374             else
375                 *(DWORD *)pvData = 0;
376             ret = TRUE;
377         }
378         break;
379     default:
380         ret = CRLContext_GetProperty((void *)pCRLContext, dwPropId, pvData,
381          pcbData);
382     }
383     return ret;
384 }
385
386 static BOOL WINAPI CRLContext_SetProperty(void *context, DWORD dwPropId,
387  DWORD dwFlags, const void *pvData)
388 {
389     PCONTEXT_PROPERTY_LIST properties =
390      Context_GetProperties(context, sizeof(CERT_CONTEXT));
391     BOOL ret;
392
393     TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
394
395     if (!properties)
396         ret = FALSE;
397     else if (!pvData)
398     {
399         ContextPropertyList_RemoveProperty(properties, dwPropId);
400         ret = TRUE;
401     }
402     else
403     {
404         switch (dwPropId)
405         {
406         case CERT_AUTO_ENROLL_PROP_ID:
407         case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
408         case CERT_DESCRIPTION_PROP_ID:
409         case CERT_FRIENDLY_NAME_PROP_ID:
410         case CERT_HASH_PROP_ID:
411         case CERT_KEY_IDENTIFIER_PROP_ID:
412         case CERT_MD5_HASH_PROP_ID:
413         case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
414         case CERT_PUBKEY_ALG_PARA_PROP_ID:
415         case CERT_PVK_FILE_PROP_ID:
416         case CERT_SIGNATURE_HASH_PROP_ID:
417         case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
418         case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
419         case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
420         case CERT_ENROLLMENT_PROP_ID:
421         case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
422         case CERT_RENEWAL_PROP_ID:
423         {
424             PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
425
426             ret = ContextPropertyList_SetProperty(properties, dwPropId,
427              blob->pbData, blob->cbData);
428             break;
429         }
430         case CERT_DATE_STAMP_PROP_ID:
431             ret = ContextPropertyList_SetProperty(properties, dwPropId,
432              (const BYTE *)pvData, sizeof(FILETIME));
433             break;
434         default:
435             FIXME("%d: stub\n", dwPropId);
436             ret = FALSE;
437         }
438     }
439     TRACE("returning %d\n", ret);
440     return ret;
441 }
442
443 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
444  DWORD dwPropId, DWORD dwFlags, const void *pvData)
445 {
446     BOOL ret;
447
448     TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
449
450     /* Handle special cases for "read-only"/invalid prop IDs.  Windows just
451      * crashes on most of these, I'll be safer.
452      */
453     switch (dwPropId)
454     {
455     case 0:
456     case CERT_ACCESS_STATE_PROP_ID:
457     case CERT_CERT_PROP_ID:
458     case CERT_CRL_PROP_ID:
459     case CERT_CTL_PROP_ID:
460         SetLastError(E_INVALIDARG);
461         return FALSE;
462     }
463     ret = CRLContext_SetProperty((void *)pCRLContext, dwPropId, dwFlags,
464      pvData);
465     TRACE("returning %d\n", ret);
466     return ret;
467 }
468
469 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
470  PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
471 {
472     TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
473     return TRUE;
474 }
475
476 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
477 {
478     DWORD i;
479     PCRL_ENTRY entry = NULL;
480
481     for (i = 0; !entry && i < crl->cCRLEntry; i++)
482         if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
483          &cert->SerialNumber))
484             entry = &crl->rgCRLEntry[i];
485     return entry;
486 }
487
488 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
489  PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
490  PCRL_ENTRY *ppCrlEntry)
491 {
492     TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
493      ppCrlEntry);
494
495     *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
496      pCrlContext->pCrlInfo);
497     return TRUE;
498 }
499
500 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
501  PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
502 {
503     DWORD i;
504     PCRL_ENTRY entry = NULL;
505
506     TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
507      rgpCrlInfo);
508
509     for (i = 0; !entry && i < cCrlInfo; i++)
510         entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
511     return entry == NULL;
512 }
513
514 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
515  PCRL_INFO pCrlInfo)
516 {
517     FILETIME fileTime;
518     LONG ret;
519
520     if (!pTimeToVerify)
521     {
522         SYSTEMTIME sysTime;
523
524         GetSystemTime(&sysTime);
525         SystemTimeToFileTime(&sysTime, &fileTime);
526         pTimeToVerify = &fileTime;
527     }
528     if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
529     {
530         ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
531         if (ret < 0)
532             ret = 0;
533     }
534     return ret;
535 }