iphlpapi/tests: Fix crash on Vista.
[wine] / dlls / wintrust / softpub.c
1 /*
2  * Copyright 2007 Juan Lang
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17  */
18 #include <stdarg.h>
19
20 #define NONAMELESSUNION
21
22 #include "windef.h"
23 #include "winbase.h"
24 #include "wintrust.h"
25 #include "mssip.h"
26 #include "softpub.h"
27 #include "wine/debug.h"
28
29 WINE_DEFAULT_DEBUG_CHANNEL(wintrust);
30
31 HRESULT WINAPI SoftpubDefCertInit(CRYPT_PROVIDER_DATA *data)
32 {
33     HRESULT ret = S_FALSE;
34
35     TRACE("(%p)\n", data);
36
37     if (data->padwTrustStepErrors &&
38      !data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT])
39         ret = S_OK;
40     TRACE("returning %08x\n", ret);
41     return ret;
42 }
43
44 HRESULT WINAPI SoftpubInitialize(CRYPT_PROVIDER_DATA *data)
45 {
46     HRESULT ret = S_FALSE;
47
48     TRACE("(%p)\n", data);
49
50     if (data->padwTrustStepErrors &&
51      !data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT])
52         ret = S_OK;
53     TRACE("returning %08x\n", ret);
54     return ret;
55 }
56
57 /* Assumes data->pWintrustData->u.pFile exists.  Makes sure a file handle is
58  * open for the file.
59  */
60 static BOOL SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
61 {
62     BOOL ret = TRUE;
63
64     /* PSDK implies that all values should be initialized to NULL, so callers
65      * typically have hFile as NULL rather than INVALID_HANDLE_VALUE.  Check
66      * for both.
67      */
68     if (!data->pWintrustData->u.pFile->hFile ||
69      data->pWintrustData->u.pFile->hFile == INVALID_HANDLE_VALUE)
70     {
71         data->pWintrustData->u.pFile->hFile =
72             CreateFileW(data->pWintrustData->u.pFile->pcwszFilePath, GENERIC_READ,
73           FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
74         if (data->pWintrustData->u.pFile->hFile != INVALID_HANDLE_VALUE)
75             data->fOpenedFile = TRUE;
76         else
77             ret = FALSE;
78     }
79     if (ret)
80         GetFileTime(data->pWintrustData->u.pFile->hFile, &data->sftSystemTime,
81          NULL, NULL);
82     TRACE("returning %d\n", ret);
83     return ret;
84 }
85
86 /* Assumes data->pWintrustData->u.pFile exists.  Sets data->pPDSip->gSubject to
87  * the file's subject GUID.
88  */
89 static BOOL SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
90 {
91     BOOL ret;
92
93     if (!data->pWintrustData->u.pFile->pgKnownSubject)
94     {
95         ret = CryptSIPRetrieveSubjectGuid(
96          data->pWintrustData->u.pFile->pcwszFilePath,
97          data->pWintrustData->u.pFile->hFile,
98          &data->u.pPDSip->gSubject);
99     }
100     else
101     {
102         data->u.pPDSip->gSubject = *data->pWintrustData->u.pFile->pgKnownSubject;
103         ret = TRUE;
104     }
105     TRACE("returning %d\n", ret);
106     return ret;
107 }
108
109 /* Assumes data->u.pPDSip exists, and its gSubject member set.
110  * Allocates data->u.pPDSip->pSip and loads it, if possible.
111  */
112 static BOOL SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
113 {
114     BOOL ret;
115
116     data->u.pPDSip->pSip = data->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO));
117     if (data->u.pPDSip->pSip)
118         ret = CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip);
119     else
120     {
121         SetLastError(ERROR_OUTOFMEMORY);
122         ret = FALSE;
123     }
124     TRACE("returning %d\n", ret);
125     return ret;
126 }
127
128 /* Assumes data->u.pPDSip has been loaded, and data->u.pPDSip->pSip allocated.
129  * Calls data->u.pPDSip->pSip->pfGet to construct data->hMsg.
130  */
131 static BOOL SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data)
132 {
133     BOOL ret;
134     LPBYTE buf = NULL;
135     DWORD size = 0;
136
137     data->u.pPDSip->psSipSubjectInfo =
138      data->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO));
139     if (!data->u.pPDSip->psSipSubjectInfo)
140     {
141         SetLastError(ERROR_OUTOFMEMORY);
142         return FALSE;
143     }
144
145     data->u.pPDSip->psSipSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO);
146     data->u.pPDSip->psSipSubjectInfo->pgSubjectType = &data->u.pPDSip->gSubject;
147     data->u.pPDSip->psSipSubjectInfo->hFile = data->pWintrustData->u.pFile->hFile;
148     data->u.pPDSip->psSipSubjectInfo->pwsFileName =
149      data->pWintrustData->u.pFile->pcwszFilePath;
150     data->u.pPDSip->psSipSubjectInfo->hProv = data->hProv;
151     ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
152      &data->dwEncoding, 0, &size, 0);
153     if (!ret)
154     {
155         SetLastError(TRUST_E_NOSIGNATURE);
156         return FALSE;
157     }
158
159     buf = data->psPfns->pfnAlloc(size);
160     if (!buf)
161     {
162         SetLastError(ERROR_OUTOFMEMORY);
163         return FALSE;
164     }
165
166     ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
167      &data->dwEncoding, 0, &size, buf);
168     if (ret)
169     {
170         data->hMsg = CryptMsgOpenToDecode(data->dwEncoding, 0, 0, data->hProv,
171          NULL, NULL);
172         if (data->hMsg)
173             ret = CryptMsgUpdate(data->hMsg, buf, size, TRUE);
174     }
175
176     data->psPfns->pfnFree(buf);
177     TRACE("returning %d\n", ret);
178     return ret;
179 }
180
181 static BOOL SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
182 {
183     BOOL ret = FALSE;
184     HCERTSTORE store;
185
186     store = CertOpenStore(CERT_STORE_PROV_MSG, data->dwEncoding,
187      data->hProv, CERT_STORE_NO_CRYPT_RELEASE_FLAG, data->hMsg);
188     if (store)
189     {
190         ret = data->psPfns->pfnAddStore2Chain(data, store);
191         CertCloseStore(store, 0);
192     }
193     TRACE("returning %d\n", ret);
194     return ret;
195 }
196
197 static DWORD SOFTPUB_DecodeInnerContent(CRYPT_PROVIDER_DATA *data)
198 {
199     BOOL ret;
200     DWORD size;
201     LPBYTE buf = NULL;
202
203     ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL,
204      &size);
205     if (!ret)
206         goto error;
207     buf = data->psPfns->pfnAlloc(size);
208     if (!buf)
209     {
210         SetLastError(ERROR_OUTOFMEMORY);
211         ret = FALSE;
212         goto error;
213     }
214     ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, buf,
215      &size);
216     if (!ret)
217         goto error;
218     if (!strcmp((LPCSTR)buf, SPC_INDIRECT_DATA_OBJID))
219     {
220         data->psPfns->pfnFree(buf);
221         buf = NULL;
222         ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &size);
223         if (!ret)
224             goto error;
225         buf = data->psPfns->pfnAlloc(size);
226         if (!buf)
227         {
228             SetLastError(ERROR_OUTOFMEMORY);
229             ret = FALSE;
230             goto error;
231         }
232         ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, buf, &size);
233         if (!ret)
234             goto error;
235         ret = CryptDecodeObject(data->dwEncoding,
236          SPC_INDIRECT_DATA_CONTENT_STRUCT, buf, size, 0, NULL, &size);
237         if (!ret)
238             goto error;
239         data->u.pPDSip->psIndirectData = data->psPfns->pfnAlloc(size);
240         if (!data->u.pPDSip->psIndirectData)
241         {
242             SetLastError(ERROR_OUTOFMEMORY);
243             ret = FALSE;
244             goto error;
245         }
246         ret = CryptDecodeObject(data->dwEncoding,
247          SPC_INDIRECT_DATA_CONTENT_STRUCT, buf, size, 0,
248          data->u.pPDSip->psIndirectData, &size);
249     }
250     else
251     {
252         FIXME("unimplemented for OID %s\n", (LPCSTR)buf);
253         SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN);
254         ret = FALSE;
255     }
256
257 error:
258     TRACE("returning %d\n", ret);
259     return ret;
260 }
261
262 HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *data)
263 {
264     BOOL ret;
265
266     TRACE("(%p)\n", data);
267
268     if (!data->padwTrustStepErrors)
269         return S_FALSE;
270
271     switch (data->pWintrustData->dwUnionChoice)
272     {
273     case WTD_CHOICE_CERT:
274         if (data->pWintrustData->u.pCert &&
275          data->pWintrustData->u.pCert->cbStruct == sizeof(WINTRUST_CERT_INFO))
276         {
277             if (data->psPfns)
278             {
279                 CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } };
280                 DWORD i;
281
282                 /* Add a signer with nothing but the time to verify, so we can
283                  * add a cert to it
284                  */
285                 if (data->pWintrustData->u.pCert->psftVerifyAsOf)
286                     data->sftSystemTime = signer.sftVerifyAsOf;
287                 else
288                 {
289                     SYSTEMTIME sysTime;
290
291                     GetSystemTime(&sysTime);
292                     SystemTimeToFileTime(&sysTime, &signer.sftVerifyAsOf);
293                 }
294                 ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, 0, &signer);
295                 if (!ret)
296                     goto error;
297                 ret = data->psPfns->pfnAddCert2Chain(data, 0, FALSE, 0,
298                  data->pWintrustData->u.pCert->psCertContext);
299                 if (!ret)
300                     goto error;
301                 for (i = 0; ret && i < data->pWintrustData->u.pCert->chStores;
302                  i++)
303                     ret = data->psPfns->pfnAddStore2Chain(data,
304                      data->pWintrustData->u.pCert->pahStores[i]);
305             }
306             else
307             {
308                 /* Do nothing!?  See the tests */
309                 ret = TRUE;
310             }
311         }
312         else
313         {
314             SetLastError(ERROR_INVALID_PARAMETER);
315             ret = FALSE;
316         }
317         break;
318     case WTD_CHOICE_FILE:
319         if (!data->pWintrustData->u.pFile)
320         {
321             SetLastError(ERROR_INVALID_PARAMETER);
322             ret = FALSE;
323             goto error;
324         }
325         ret = SOFTPUB_OpenFile(data);
326         if (!ret)
327             goto error;
328         ret = SOFTPUB_GetFileSubject(data);
329         if (!ret)
330             goto error;
331         ret = SOFTPUB_GetSIP(data);
332         if (!ret)
333             goto error;
334         ret = SOFTPUB_GetMessageFromFile(data);
335         if (!ret)
336             goto error;
337         ret = SOFTPUB_CreateStoreFromMessage(data);
338         if (!ret)
339             goto error;
340         ret = SOFTPUB_DecodeInnerContent(data);
341         break;
342     default:
343         FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice);
344         SetLastError(ERROR_INVALID_PARAMETER);
345         ret = FALSE;
346     }
347
348 error:
349     if (!ret)
350         data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
351          GetLastError();
352     TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
353      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]);
354     return ret ? S_OK : S_FALSE;
355 }
356
357 static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data,
358  DWORD signerIdx)
359 {
360     BOOL ret;
361     CMSG_SIGNER_INFO *signerInfo = NULL;
362     DWORD size;
363
364     ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_INFO_PARAM, signerIdx,
365      NULL, &size);
366     if (ret)
367     {
368         signerInfo = data->psPfns->pfnAlloc(size);
369         if (signerInfo)
370         {
371             ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_INFO_PARAM,
372              signerIdx, signerInfo, &size);
373             if (!ret)
374             {
375                 data->psPfns->pfnFree(signerInfo);
376                 signerInfo = NULL;
377             }
378         }
379         else
380             SetLastError(ERROR_OUTOFMEMORY);
381     }
382     return signerInfo;
383 }
384
385 static BOOL WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
386 {
387     BOOL ret;
388     CMSG_SIGNER_INFO *signerInfo = WINTRUST_GetSigner(data, signerIdx);
389
390     if (signerInfo)
391     {
392         CRYPT_PROVIDER_SGNR sgnr = { sizeof(sgnr), { 0 } };
393
394         sgnr.psSigner = signerInfo;
395         sgnr.sftVerifyAsOf = data->sftSystemTime;
396         ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr);
397     }
398     else
399         ret = FALSE;
400     return ret;
401 }
402
403 static CERT_INFO *WINTRUST_GetSignerCertInfo(CRYPT_PROVIDER_DATA *data,
404  DWORD signerIdx)
405 {
406     BOOL ret;
407     CERT_INFO *certInfo = NULL;
408     DWORD size;
409
410     ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_CERT_INFO_PARAM, signerIdx,
411      NULL, &size);
412     if (ret)
413     {
414         certInfo = data->psPfns->pfnAlloc(size);
415         if (certInfo)
416         {
417             ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_CERT_INFO_PARAM,
418              signerIdx, certInfo, &size);
419             if (!ret)
420             {
421                 data->psPfns->pfnFree(certInfo);
422                 certInfo = NULL;
423             }
424         }
425         else
426             SetLastError(ERROR_OUTOFMEMORY);
427     }
428     return certInfo;
429 }
430
431 static BOOL WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
432 {
433     BOOL ret;
434     CERT_INFO *certInfo = WINTRUST_GetSignerCertInfo(data, signerIdx);
435
436     if (certInfo)
437     {
438         PCCERT_CONTEXT subject = CertGetSubjectCertificateFromStore(
439          data->pahStores[0], data->dwEncoding, certInfo);
440
441         if (subject)
442         {
443             CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para = { sizeof(para), 0,
444              signerIdx, CMSG_VERIFY_SIGNER_CERT, (LPVOID)subject };
445
446             ret = CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
447              &para);
448             if (!ret)
449                 SetLastError(TRUST_E_CERT_SIGNATURE);
450             else
451                 data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
452                  subject);
453             CertFreeCertificateContext(subject);
454         }
455         else
456         {
457             SetLastError(TRUST_E_NO_SIGNER_CERT);
458             ret = FALSE;
459         }
460         data->psPfns->pfnFree(certInfo);
461     }
462     else
463         ret = FALSE;
464     return ret;
465 }
466
467 HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
468 {
469     BOOL ret;
470
471     TRACE("(%p)\n", data);
472
473     if (!data->padwTrustStepErrors)
474         return S_FALSE;
475
476     if (data->hMsg)
477     {
478         DWORD signerCount, size;
479
480         size = sizeof(signerCount);
481         ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
482          &signerCount, &size);
483         if (ret)
484         {
485             DWORD i;
486
487             for (i = 0; ret && i < signerCount; i++)
488             {
489                 if ((ret = WINTRUST_SaveSigner(data, i)))
490                     ret = WINTRUST_VerifySigner(data, i);
491             }
492         }
493         else
494             SetLastError(TRUST_E_NOSIGNATURE);
495     }
496     else
497         ret = TRUE;
498     if (!ret)
499         data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
500          GetLastError();
501     return ret ? S_OK : S_FALSE;
502 }
503
504 BOOL WINAPI SoftpubCheckCert(CRYPT_PROVIDER_DATA *data, DWORD idxSigner,
505  BOOL fCounterSignerChain, DWORD idxCounterSigner)
506 {
507     BOOL ret;
508
509     TRACE("(%p, %d, %d, %d)\n", data, idxSigner, fCounterSignerChain,
510      idxCounterSigner);
511
512     if (fCounterSignerChain)
513     {
514         FIXME("unimplemented for counter signers\n");
515         ret = FALSE;
516     }
517     else
518     {
519         PCERT_SIMPLE_CHAIN simpleChain =
520          data->pasSigners[idxSigner].pChainContext->rgpChain[0];
521         DWORD i;
522
523         ret = TRUE;
524         for (i = 0; i < simpleChain->cElement; i++)
525         {
526             /* Set confidence */
527             data->pasSigners[idxSigner].pasCertChain[i].dwConfidence = 0;
528             if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
529              CERT_TRUST_IS_NOT_TIME_VALID))
530                 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence
531                  |= CERT_CONFIDENCE_TIME;
532             if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
533              CERT_TRUST_IS_NOT_TIME_NESTED))
534                 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence
535                  |= CERT_CONFIDENCE_TIMENEST;
536             if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
537              CERT_TRUST_IS_NOT_SIGNATURE_VALID))
538                 data->pasSigners[idxSigner].pasCertChain[i].dwConfidence
539                  |= CERT_CONFIDENCE_SIG;
540             /* Set additional flags */
541             if (!(simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
542              CERT_TRUST_IS_UNTRUSTED_ROOT))
543                 data->pasSigners[idxSigner].pasCertChain[i].fTrustedRoot = TRUE;
544             if (simpleChain->rgpElement[i]->TrustStatus.dwInfoStatus &
545              CERT_TRUST_IS_SELF_SIGNED)
546                 data->pasSigners[idxSigner].pasCertChain[i].fSelfSigned = TRUE;
547             if (simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus &
548              CERT_TRUST_IS_CYCLIC)
549                 data->pasSigners[idxSigner].pasCertChain[i].fIsCyclic = TRUE;
550         }
551     }
552     return ret;
553 }
554
555 static BOOL WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
556 {
557     BOOL ret;
558     PCERT_SIMPLE_CHAIN simpleChain =
559      data->pasSigners[signerIdx].pChainContext->rgpChain[0];
560     DWORD i;
561
562     data->pasSigners[signerIdx].pasCertChain[0].pChainElement =
563      simpleChain->rgpElement[0];
564     ret = TRUE;
565     for (i = 1; ret && i < simpleChain->cElement; i++)
566     {
567         ret = data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
568          simpleChain->rgpElement[i]->pCertContext);
569         if (ret)
570             data->pasSigners[signerIdx].pasCertChain[i].pChainElement =
571              simpleChain->rgpElement[i];
572     }
573     return ret;
574 }
575
576 static void WINTRUST_CreateChainPolicyCreateInfo(
577  const CRYPT_PROVIDER_DATA *data, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO info,
578  PCERT_CHAIN_PARA chainPara)
579 {
580     chainPara->cbSize = sizeof(CERT_CHAIN_PARA);
581     if (data->pRequestUsage)
582         chainPara->RequestedUsage = *data->pRequestUsage;
583     info->u.cbSize = sizeof(WTD_GENERIC_CHAIN_POLICY_CREATE_INFO);
584     info->hChainEngine = NULL;
585     info->pChainPara = chainPara;
586     if (data->dwProvFlags & CPD_REVOCATION_CHECK_END_CERT)
587         info->dwFlags = CERT_CHAIN_REVOCATION_CHECK_END_CERT;
588     else if (data->dwProvFlags & CPD_REVOCATION_CHECK_CHAIN)
589         info->dwFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN;
590     else if (data->dwProvFlags & CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT)
591         info->dwFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
592     else
593         info->dwFlags = 0;
594     info->pvReserved = NULL;
595 }
596
597 static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
598  DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo,
599  PCERT_CHAIN_PARA chainPara)
600 {
601     BOOL ret = TRUE;
602
603     /* Expect the end certificate for each signer to be the only cert in the
604      * chain:
605      */
606     if (data->pasSigners[signer].csCertChain)
607     {
608         /* Create a certificate chain for each signer */
609         ret = CertGetCertificateChain(createInfo->hChainEngine,
610          data->pasSigners[signer].pasCertChain[0].pCert,
611          &data->pasSigners[signer].sftVerifyAsOf,
612          data->chStores ? data->pahStores[0] : NULL,
613          chainPara, createInfo->dwFlags, createInfo->pvReserved,
614          &data->pasSigners[signer].pChainContext);
615         if (ret)
616         {
617             if (data->pasSigners[signer].pChainContext->cChain != 1)
618             {
619                 FIXME("unimplemented for more than 1 simple chain\n");
620                 ret = FALSE;
621             }
622             else
623             {
624                 if ((ret = WINTRUST_CopyChain(data, signer)))
625                     ret = data->psPfns->pfnCertCheckPolicy(data, signer, FALSE,
626                      0);
627             }
628         }
629     }
630     return ret;
631 }
632
633 HRESULT WINAPI WintrustCertificateTrust(CRYPT_PROVIDER_DATA *data)
634 {
635     BOOL ret;
636
637     TRACE("(%p)\n", data);
638
639     if (!data->csSigners)
640     {
641         ret = FALSE;
642         SetLastError(TRUST_E_NOSIGNATURE);
643     }
644     else
645     {
646         DWORD i;
647         WTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo;
648         CERT_CHAIN_PARA chainPara;
649
650         WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara);
651         ret = TRUE;
652         for (i = 0; i < data->csSigners; i++)
653             ret = WINTRUST_CreateChainForSigner(data, i, &createInfo,
654              &chainPara);
655     }
656     if (!ret)
657         data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
658          GetLastError();
659     TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
660      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
661     return ret ? S_OK : S_FALSE;
662 }
663
664 HRESULT WINAPI GenericChainCertificateTrust(CRYPT_PROVIDER_DATA *data)
665 {
666     BOOL ret;
667     WTD_GENERIC_CHAIN_POLICY_DATA *policyData =
668      (WTD_GENERIC_CHAIN_POLICY_DATA *)data->pWintrustData->pPolicyCallbackData;
669
670     TRACE("(%p)\n", data);
671
672     if (policyData && policyData->u.cbSize !=
673      sizeof(WTD_GENERIC_CHAIN_POLICY_CREATE_INFO))
674     {
675         SetLastError(ERROR_INVALID_PARAMETER);
676         ret = FALSE;
677         goto end;
678     }
679     if (!data->csSigners)
680     {
681         ret = FALSE;
682         SetLastError(TRUST_E_NOSIGNATURE);
683     }
684     else
685     {
686         DWORD i;
687         WTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo, *pCreateInfo;
688         CERT_CHAIN_PARA chainPara, *pChainPara;
689
690         if (policyData)
691         {
692             pCreateInfo = policyData->pSignerChainInfo;
693             pChainPara = pCreateInfo->pChainPara;
694         }
695         else
696         {
697             WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara);
698             pChainPara = &chainPara;
699             pCreateInfo = &createInfo;
700         }
701         ret = TRUE;
702         for (i = 0; i < data->csSigners; i++)
703             ret = WINTRUST_CreateChainForSigner(data, i, pCreateInfo,
704              pChainPara);
705     }
706
707 end:
708     if (!ret)
709         data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
710          GetLastError();
711     TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
712      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
713     return ret ? S_OK : S_FALSE;
714 }
715
716 HRESULT WINAPI SoftpubAuthenticode(CRYPT_PROVIDER_DATA *data)
717 {
718     BOOL ret;
719     CERT_CHAIN_POLICY_STATUS policyStatus = { sizeof(policyStatus), 0 };
720
721     TRACE("(%p)\n", data);
722
723     if (data->pWintrustData->dwUIChoice != WTD_UI_NONE)
724         FIXME("unimplemented for UI choice %d\n",
725          data->pWintrustData->dwUIChoice);
726     if (!data->csSigners)
727     {
728         ret = FALSE;
729         policyStatus.dwError = TRUST_E_NOSIGNATURE;
730     }
731     else
732     {
733         DWORD i;
734
735         ret = TRUE;
736         for (i = 0; ret && i < data->csSigners; i++)
737         {
738             CERT_CHAIN_POLICY_PARA policyPara = { sizeof(policyPara), 0 };
739
740             if (data->dwRegPolicySettings & WTPF_TRUSTTEST)
741                 policyPara.dwFlags |= CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG;
742             if (data->dwRegPolicySettings & WTPF_TESTCANBEVALID)
743                 policyPara.dwFlags |= CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG;
744             if (data->dwRegPolicySettings & WTPF_IGNOREEXPIRATION)
745                 policyPara.dwFlags |=
746                  CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG |
747                  CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG |
748                  CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG;
749             if (data->dwRegPolicySettings & WTPF_IGNOREREVOKATION)
750                 policyPara.dwFlags |=
751                  CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG |
752                  CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG |
753                  CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG |
754                  CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG;
755             CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_AUTHENTICODE,
756              data->pasSigners[i].pChainContext, &policyPara, &policyStatus);
757             if (policyStatus.dwError != NO_ERROR)
758                 ret = FALSE;
759         }
760     }
761     if (!ret)
762         data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV] =
763          policyStatus.dwError;
764     TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
765      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV]);
766     return ret ? S_OK : S_FALSE;
767 }
768
769 static HRESULT WINAPI WINTRUST_DefaultPolicy(CRYPT_PROVIDER_DATA *pProvData,
770  DWORD dwStepError, DWORD dwRegPolicySettings, DWORD cSigner,
771  PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO rgpSigner, void *pvPolicyArg)
772 {
773     DWORD i;
774     CERT_CHAIN_POLICY_STATUS policyStatus = { sizeof(policyStatus), 0 };
775
776     for (i = 0; !policyStatus.dwError && i < cSigner; i++)
777     {
778         CERT_CHAIN_POLICY_PARA policyPara = { sizeof(policyPara), 0 };
779
780         if (dwRegPolicySettings & WTPF_IGNOREEXPIRATION)
781             policyPara.dwFlags |=
782              CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG |
783              CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG |
784              CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG;
785         if (dwRegPolicySettings & WTPF_IGNOREREVOKATION)
786             policyPara.dwFlags |=
787              CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG |
788              CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG |
789              CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG |
790              CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG;
791         CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_BASE,
792          rgpSigner[i].pChainContext, &policyPara, &policyStatus);
793     }
794     return policyStatus.dwError;
795 }
796
797 HRESULT WINAPI GenericChainFinalProv(CRYPT_PROVIDER_DATA *data)
798 {
799     HRESULT err = NO_ERROR; /* not a typo, MS confused the types */
800     WTD_GENERIC_CHAIN_POLICY_DATA *policyData =
801      (WTD_GENERIC_CHAIN_POLICY_DATA *)data->pWintrustData->pPolicyCallbackData;
802
803     TRACE("(%p)\n", data);
804
805     if (data->pWintrustData->dwUIChoice != WTD_UI_NONE)
806         FIXME("unimplemented for UI choice %d\n",
807          data->pWintrustData->dwUIChoice);
808     if (!data->csSigners)
809         err = TRUST_E_NOSIGNATURE;
810     else
811     {
812         PFN_WTD_GENERIC_CHAIN_POLICY_CALLBACK policyCallback;
813         void *policyArg;
814         WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *signers = NULL;
815
816         if (policyData)
817         {
818             policyCallback = policyData->pfnPolicyCallback;
819             policyArg = policyData->pvPolicyArg;
820         }
821         else
822         {
823             policyCallback = WINTRUST_DefaultPolicy;
824             policyArg = NULL;
825         }
826         if (data->csSigners)
827         {
828             DWORD i;
829
830             signers = data->psPfns->pfnAlloc(
831              data->csSigners * sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO));
832             if (signers)
833             {
834                 for (i = 0; i < data->csSigners; i++)
835                 {
836                     signers[i].u.cbSize =
837                      sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO);
838                     signers[i].pChainContext =
839                      data->pasSigners[i].pChainContext;
840                     signers[i].dwSignerType = data->pasSigners[i].dwSignerType;
841                     signers[i].pMsgSignerInfo = data->pasSigners[i].psSigner;
842                     signers[i].dwError = data->pasSigners[i].dwError;
843                     if (data->pasSigners[i].csCounterSigners)
844                         FIXME("unimplemented for counter signers\n");
845                     signers[i].cCounterSigner = 0;
846                     signers[i].rgpCounterSigner = NULL;
847                 }
848             }
849             else
850                 err = ERROR_OUTOFMEMORY;
851         }
852         if (!err)
853             err = policyCallback(data, TRUSTERROR_STEP_FINAL_POLICYPROV,
854              data->dwRegPolicySettings, data->csSigners, signers, policyArg);
855         data->psPfns->pfnFree(signers);
856     }
857     if (err)
858         data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV] = err;
859     TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
860      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV]);
861     return err == NO_ERROR ? S_OK : S_FALSE;
862 }
863
864 HRESULT WINAPI SoftpubCleanup(CRYPT_PROVIDER_DATA *data)
865 {
866     DWORD i, j;
867
868     for (i = 0; i < data->csSigners; i++)
869     {
870         for (j = 0; j < data->pasSigners[i].csCertChain; j++)
871             CertFreeCertificateContext(data->pasSigners[i].pasCertChain[j].pCert);
872         data->psPfns->pfnFree(data->pasSigners[i].pasCertChain);
873         data->psPfns->pfnFree(data->pasSigners[i].psSigner);
874         CertFreeCertificateChain(data->pasSigners[i].pChainContext);
875     }
876     data->psPfns->pfnFree(data->pasSigners);
877
878     for (i = 0; i < data->chStores; i++)
879         CertCloseStore(data->pahStores[i], 0);
880     data->psPfns->pfnFree(data->pahStores);
881
882     if (data->u.pPDSip)
883     {
884         data->psPfns->pfnFree(data->u.pPDSip->pSip);
885         data->psPfns->pfnFree(data->u.pPDSip->pCATSip);
886         data->psPfns->pfnFree(data->u.pPDSip->psSipSubjectInfo);
887         data->psPfns->pfnFree(data->u.pPDSip->psSipCATSubjectInfo);
888         data->psPfns->pfnFree(data->u.pPDSip->psIndirectData);
889     }
890
891     CryptMsgClose(data->hMsg);
892
893     if (data->fOpenedFile)
894         CloseHandle(data->pWintrustData->u.pFile->hFile);
895
896     return S_OK;
897 }