search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dxgi: Implement IDXGIFactory::GetParent().
[wine/testsucceed.git] / dlls / crypt32 / crl.c
bloba24e6adf8873a0a858d3dd320b8d64de8ea70da3
1 /*
2 * Copyright 2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #define NONAMELESSUNION
23 #include "windef.h"
24 #include "winbase.h"
25 #include "wincrypt.h"
26 #include "wine/debug.h"
27 #include "wine/unicode.h"
28 #include "crypt32_private.h"
29
30 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
31
32 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
33 const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
34 {
35 PCRL_CONTEXT crl = NULL;
36 BOOL ret;
37 PCRL_INFO crlInfo = NULL;
38 DWORD size = 0;
39
40 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
41 cbCrlEncoded);
42
43 if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
44 {
45 SetLastError(E_INVALIDARG);
46 return NULL;
47 }
48 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
49 pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
50 &crlInfo, &size);
51 if (ret)
52 {
53 BYTE *data = NULL;
54
55 crl = Context_CreateDataContext(sizeof(CRL_CONTEXT));
56 if (!crl)
57 goto end;
58 data = CryptMemAlloc(cbCrlEncoded);
59 if (!data)
60 {
61 CryptMemFree(crl);
62 crl = NULL;
63 goto end;
64 }
65 memcpy(data, pbCrlEncoded, cbCrlEncoded);
66 crl->dwCertEncodingType = dwCertEncodingType;
67 crl->pbCrlEncoded = data;
68 crl->cbCrlEncoded = cbCrlEncoded;
69 crl->pCrlInfo = crlInfo;
70 crl->hCertStore = 0;
71 }
72
73 end:
74 return crl;
75 }
76
77 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
78 DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
79 DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
80 {
81 PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
82 pbCrlEncoded, cbCrlEncoded);
83 BOOL ret;
84
85 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
86 pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
87
88 if (crl)
89 {
90 ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
91 ppCrlContext);
92 CertFreeCRLContext(crl);
93 }
94 else
95 ret = FALSE;
96 return ret;
97 }
98
99 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
100 DWORD dwFlags, const void *pvPara);
101
102 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
103 DWORD dwFlags, const void *pvPara)
104 {
105 return TRUE;
106 }
107
108 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
109 DWORD dwFlags, const void *pvPara)
110 {
111 BOOL ret;
112
113 if (pvPara)
114 {
115 PCCERT_CONTEXT issuer = pvPara;
116
117 ret = CertCompareCertificateName(issuer->dwCertEncodingType,
118 &issuer->pCertInfo->Subject, &pCrlContext->pCrlInfo->Issuer);
119 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_SIGNATURE_FLAG))
120 ret = CryptVerifyCertificateSignatureEx(0,
121 issuer->dwCertEncodingType,
122 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
123 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
124 if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
125 {
126 PCERT_EXTENSION ext = CertFindExtension(
127 szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
128 pCrlContext->pCrlInfo->rgExtension);
129
130 if (ext)
131 {
132 CERT_AUTHORITY_KEY_ID2_INFO *info;
133 DWORD size;
134
135 if ((ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
136 X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
137 CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)))
138 {
139 if (info->AuthorityCertIssuer.cAltEntry &&
140 info->AuthorityCertSerialNumber.cbData)
141 {
142 PCERT_ALT_NAME_ENTRY directoryName = NULL;
143 DWORD i;
144
145 for (i = 0; !directoryName &&
146 i < info->AuthorityCertIssuer.cAltEntry; i++)
147 if (info->AuthorityCertIssuer.rgAltEntry[i].
148 dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
149 directoryName =
150 &info->AuthorityCertIssuer.rgAltEntry[i];
151 if (directoryName)
152 {
153 ret = CertCompareCertificateName(
154 issuer->dwCertEncodingType,
155 &issuer->pCertInfo->Subject,
156 &directoryName->u.DirectoryName);
157 if (ret)
158 ret = CertCompareIntegerBlob(
159 &issuer->pCertInfo->SerialNumber,
160 &info->AuthorityCertSerialNumber);
161 }
162 else
163 {
164 FIXME("no supported name type in authority key id2\n");
165 ret = FALSE;
166 }
167 }
168 else if (info->KeyId.cbData)
169 {
170 if ((ext = CertFindExtension(
171 szOID_SUBJECT_KEY_IDENTIFIER,
172 issuer->pCertInfo->cExtension,
173 issuer->pCertInfo->rgExtension)))
174 {
175 if (info->KeyId.cbData == ext->Value.cbData)
176 ret = !memcmp(info->KeyId.pbData,
177 ext->Value.pbData, info->KeyId.cbData);
178 else
179 ret = FALSE;
180 }
181 else
182 ret = FALSE;
183 }
184 else
185 {
186 FIXME("unsupported value for AKI extension\n");
187 ret = FALSE;
188 }
189 LocalFree(info);
190 }
191 }
192 /* else: a CRL without an AKI matches any cert */
193 }
194 }
195 else
196 ret = TRUE;
197 return ret;
198 }
199
200 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
201 DWORD dwFlags, const void *pvPara)
202 {
203 BOOL ret;
204
205 if (pvPara)
206 {
207 PCCRL_CONTEXT crl = pvPara;
208
209 ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
210 &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
211 }
212 else
213 ret = TRUE;
214 return ret;
215 }
216
217 static BOOL compare_crl_issued_for(PCCRL_CONTEXT pCrlContext, DWORD dwType,
218 DWORD dwFlags, const void *pvPara)
219 {
220 const CRL_FIND_ISSUED_FOR_PARA *para = pvPara;
221 BOOL ret;
222
223 ret = CertCompareCertificateName(para->pIssuerCert->dwCertEncodingType,
224 &para->pIssuerCert->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
225 return ret;
226 }
227
228 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
229 DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
230 const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
231 {
232 PCCRL_CONTEXT ret;
233 CrlCompareFunc compare;
234
235 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
236 dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
237
238 switch (dwFindType)
239 {
240 case CRL_FIND_ANY:
241 compare = compare_crl_any;
242 break;
243 case CRL_FIND_ISSUED_BY:
244 compare = compare_crl_issued_by;
245 break;
246 case CRL_FIND_EXISTING:
247 compare = compare_crl_existing;
248 break;
249 case CRL_FIND_ISSUED_FOR:
250 compare = compare_crl_issued_for;
251 break;
252 default:
253 FIXME("find type %08x unimplemented\n", dwFindType);
254 compare = NULL;
255 }
256
257 if (compare)
258 {
259 BOOL matches = FALSE;
260
261 ret = pPrevCrlContext;
262 do {
263 ret = CertEnumCRLsInStore(hCertStore, ret);
264 if (ret)
265 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
266 } while (ret != NULL && !matches);
267 if (!ret)
268 SetLastError(CRYPT_E_NOT_FOUND);
269 }
270 else
271 {
272 SetLastError(CRYPT_E_NOT_FOUND);
273 ret = NULL;
274 }
275 return ret;
276 }
277
278 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
279 PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
280 {
281 static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
282 CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
283 CERT_STORE_DELTA_CRL_FLAG;
284 PCCRL_CONTEXT ret;
285
286 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
287 *pdwFlags);
288
289 if (*pdwFlags & ~supportedFlags)
290 {
291 SetLastError(E_INVALIDARG);
292 return NULL;
293 }
294 if (pIssuerContext)
295 ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
296 0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
297 else
298 ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
299 pPrevCrlContext);
300 if (ret)
301 {
302 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
303 {
304 if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
305 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
306 }
307 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
308 {
309 if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
310 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
311 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
312 NULL))
313 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
314 }
315 }
316 return ret;
317 }
318
319 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
320 {
321 TRACE("(%p)\n", pCrlContext);
322 if (pCrlContext)
323 Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
324 return pCrlContext;
325 }
326
327 static void CrlDataContext_Free(void *context)
328 {
329 PCRL_CONTEXT crlContext = context;
330
331 CryptMemFree(crlContext->pbCrlEncoded);
332 LocalFree(crlContext->pCrlInfo);
333 }
334
335 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
336 {
337 BOOL ret = TRUE;
338
339 TRACE("(%p)\n", pCrlContext);
340
341 if (pCrlContext)
342 ret = Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
343 CrlDataContext_Free);
344 return ret;
345 }
346
347 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
348 DWORD dwPropId)
349 {
350 PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
351 pCRLContext, sizeof(CRL_CONTEXT));
352 DWORD ret;
353
354 TRACE("(%p, %d)\n", pCRLContext, dwPropId);
355
356 if (properties)
357 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
358 else
359 ret = 0;
360 return ret;
361 }
362
363 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
364 DWORD dwFlags, const void *pvData);
365
366 static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
367 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
368 DWORD *pcbData)
369 {
370 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
371 pcbData);
372 if (ret && pvData)
373 {
374 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
375
376 ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
377 }
378 return ret;
379 }
380
381 static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
382 void *pvData, DWORD *pcbData)
383 {
384 PCONTEXT_PROPERTY_LIST properties =
385 Context_GetProperties(context, sizeof(CRL_CONTEXT));
386 BOOL ret;
387 CRYPT_DATA_BLOB blob;
388
389 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
390
391 if (properties)
392 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
393 else
394 ret = FALSE;
395 if (ret)
396 {
397 if (!pvData)
398 *pcbData = blob.cbData;
399 else if (*pcbData < blob.cbData)
400 {
401 SetLastError(ERROR_MORE_DATA);
402 *pcbData = blob.cbData;
403 ret = FALSE;
404 }
405 else
406 {
407 memcpy(pvData, blob.pbData, blob.cbData);
408 *pcbData = blob.cbData;
409 }
410 }
411 else
412 {
413 /* Implicit properties */
414 switch (dwPropId)
415 {
416 case CERT_SHA1_HASH_PROP_ID:
417 ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
418 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
419 pcbData);
420 break;
421 case CERT_MD5_HASH_PROP_ID:
422 ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
423 context->pbCrlEncoded, context->cbCrlEncoded, pvData,
424 pcbData);
425 break;
426 default:
427 SetLastError(CRYPT_E_NOT_FOUND);
428 }
429 }
430 TRACE("returning %d\n", ret);
431 return ret;
432 }
433
434 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
435 DWORD dwPropId, void *pvData, DWORD *pcbData)
436 {
437 BOOL ret;
438
439 TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
440
441 switch (dwPropId)
442 {
443 case 0:
444 case CERT_CERT_PROP_ID:
445 case CERT_CRL_PROP_ID:
446 case CERT_CTL_PROP_ID:
447 SetLastError(E_INVALIDARG);
448 ret = FALSE;
449 break;
450 case CERT_ACCESS_STATE_PROP_ID:
451 if (!pvData)
452 {
453 *pcbData = sizeof(DWORD);
454 ret = TRUE;
455 }
456 else if (*pcbData < sizeof(DWORD))
457 {
458 SetLastError(ERROR_MORE_DATA);
459 *pcbData = sizeof(DWORD);
460 ret = FALSE;
461 }
462 else
463 {
464 if (pCRLContext->hCertStore)
465 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
466 pvData, pcbData);
467 else
468 *(DWORD *)pvData = 0;
469 ret = TRUE;
470 }
471 break;
472 default:
473 ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
474 pcbData);
475 }
476 return ret;
477 }
478
479 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
480 DWORD dwFlags, const void *pvData)
481 {
482 PCONTEXT_PROPERTY_LIST properties =
483 Context_GetProperties(context, sizeof(CRL_CONTEXT));
484 BOOL ret;
485
486 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
487
488 if (!properties)
489 ret = FALSE;
490 else if (!pvData)
491 {
492 ContextPropertyList_RemoveProperty(properties, dwPropId);
493 ret = TRUE;
494 }
495 else
496 {
497 switch (dwPropId)
498 {
499 case CERT_AUTO_ENROLL_PROP_ID:
500 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
501 case CERT_DESCRIPTION_PROP_ID:
502 case CERT_FRIENDLY_NAME_PROP_ID:
503 case CERT_HASH_PROP_ID:
504 case CERT_KEY_IDENTIFIER_PROP_ID:
505 case CERT_MD5_HASH_PROP_ID:
506 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
507 case CERT_PUBKEY_ALG_PARA_PROP_ID:
508 case CERT_PVK_FILE_PROP_ID:
509 case CERT_SIGNATURE_HASH_PROP_ID:
510 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
511 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
512 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
513 case CERT_ENROLLMENT_PROP_ID:
514 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
515 case CERT_RENEWAL_PROP_ID:
516 {
517 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
518
519 ret = ContextPropertyList_SetProperty(properties, dwPropId,
520 blob->pbData, blob->cbData);
521 break;
522 }
523 case CERT_DATE_STAMP_PROP_ID:
524 ret = ContextPropertyList_SetProperty(properties, dwPropId,
525 pvData, sizeof(FILETIME));
526 break;
527 default:
528 FIXME("%d: stub\n", dwPropId);
529 ret = FALSE;
530 }
531 }
532 TRACE("returning %d\n", ret);
533 return ret;
534 }
535
536 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
537 DWORD dwPropId, DWORD dwFlags, const void *pvData)
538 {
539 BOOL ret;
540
541 TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
542
543 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
544 * crashes on most of these, I'll be safer.
545 */
546 switch (dwPropId)
547 {
548 case 0:
549 case CERT_ACCESS_STATE_PROP_ID:
550 case CERT_CERT_PROP_ID:
551 case CERT_CRL_PROP_ID:
552 case CERT_CTL_PROP_ID:
553 SetLastError(E_INVALIDARG);
554 return FALSE;
555 }
556 ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
557 TRACE("returning %d\n", ret);
558 return ret;
559 }
560
561 static BOOL compare_dist_point_name(const CRL_DIST_POINT_NAME *name1,
562 const CRL_DIST_POINT_NAME *name2)
563 {
564 BOOL match;
565
566 if (name1->dwDistPointNameChoice == name2->dwDistPointNameChoice)
567 {
568 match = TRUE;
569 if (name1->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
570 {
571 if (name1->u.FullName.cAltEntry == name2->u.FullName.cAltEntry)
572 {
573 DWORD i;
574
575 for (i = 0; match && i < name1->u.FullName.cAltEntry; i++)
576 {
577 const CERT_ALT_NAME_ENTRY *entry1 =
578 &name1->u.FullName.rgAltEntry[i];
579 const CERT_ALT_NAME_ENTRY *entry2 =
580 &name2->u.FullName.rgAltEntry[i];
581
582 if (entry1->dwAltNameChoice == entry2->dwAltNameChoice)
583 {
584 switch (entry1->dwAltNameChoice)
585 {
586 case CERT_ALT_NAME_URL:
587 match = !strcmpiW(entry1->u.pwszURL,
588 entry2->u.pwszURL);
589 break;
590 case CERT_ALT_NAME_DIRECTORY_NAME:
591 match = (entry1->u.DirectoryName.cbData ==
592 entry2->u.DirectoryName.cbData) &&
593 !memcmp(entry1->u.DirectoryName.pbData,
594 entry2->u.DirectoryName.pbData,
595 entry1->u.DirectoryName.cbData);
596 break;
597 default:
598 FIXME("unimplemented for type %d\n",
599 entry1->dwAltNameChoice);
600 match = FALSE;
601 }
602 }
603 else
604 match = FALSE;
605 }
606 }
607 else
608 match = FALSE;
609 }
610 }
611 else
612 match = FALSE;
613 return match;
614 }
615
616 static BOOL match_dist_point_with_issuing_dist_point(
617 const CRL_DIST_POINT *distPoint, const CRL_ISSUING_DIST_POINT *idp)
618 {
619 BOOL match;
620
621 /* While RFC 5280, section 4.2.1.13 recommends against segmenting
622 * CRL distribution points by reasons, it doesn't preclude doing so.
623 * "This profile RECOMMENDS against segmenting CRLs by reason code."
624 * If the issuing distribution point for this CRL is only valid for
625 * some reasons, only match if the reasons covered also match the
626 * reasons in the CRL distribution point.
627 */
628 if (idp->OnlySomeReasonFlags.cbData)
629 {
630 if (idp->OnlySomeReasonFlags.cbData == distPoint->ReasonFlags.cbData)
631 {
632 DWORD i;
633
634 match = TRUE;
635 for (i = 0; match && i < distPoint->ReasonFlags.cbData; i++)
636 if (idp->OnlySomeReasonFlags.pbData[i] !=
637 distPoint->ReasonFlags.pbData[i])
638 match = FALSE;
639 }
640 else
641 match = FALSE;
642 }
643 else
644 match = TRUE;
645 if (match)
646 match = compare_dist_point_name(&idp->DistPointName,
647 &distPoint->DistPointName);
648 return match;
649 }
650
651 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
652 PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
653 {
654 PCERT_EXTENSION ext;
655 BOOL ret;
656
657 TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
658
659 if (!pCert)
660 return TRUE;
661
662 if ((ext = CertFindExtension(szOID_ISSUING_DIST_POINT,
663 pCrl->pCrlInfo->cExtension, pCrl->pCrlInfo->rgExtension)))
664 {
665 CRL_ISSUING_DIST_POINT *idp;
666 DWORD size;
667
668 if ((ret = CryptDecodeObjectEx(pCrl->dwCertEncodingType,
669 X509_ISSUING_DIST_POINT, ext->Value.pbData, ext->Value.cbData,
670 CRYPT_DECODE_ALLOC_FLAG, NULL, &idp, &size)))
671 {
672 if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS,
673 pCert->pCertInfo->cExtension, pCert->pCertInfo->rgExtension)))
674 {
675 CRL_DIST_POINTS_INFO *distPoints;
676
677 if ((ret = CryptDecodeObjectEx(pCert->dwCertEncodingType,
678 X509_CRL_DIST_POINTS, ext->Value.pbData, ext->Value.cbData,
679 CRYPT_DECODE_ALLOC_FLAG, NULL, &distPoints, &size)))
680 {
681 DWORD i;
682
683 ret = FALSE;
684 for (i = 0; !ret && i < distPoints->cDistPoint; i++)
685 ret = match_dist_point_with_issuing_dist_point(
686 &distPoints->rgDistPoint[i], idp);
687 if (!ret)
688 SetLastError(CRYPT_E_NO_MATCH);
689 LocalFree(distPoints);
690 }
691 }
692 else
693 {
694 /* no CRL dist points extension in cert, can't match the CRL
695 * (which has an issuing dist point extension)
696 */
697 ret = FALSE;
698 SetLastError(CRYPT_E_NO_MATCH);
699 }
700 LocalFree(idp);
701 }
702 }
703 else
704 ret = TRUE;
705 return ret;
706 }
707
708 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
709 {
710 DWORD i;
711 PCRL_ENTRY entry = NULL;
712
713 for (i = 0; !entry && i < crl->cCRLEntry; i++)
714 if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
715 &cert->SerialNumber))
716 entry = &crl->rgCRLEntry[i];
717 return entry;
718 }
719
720 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
721 PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
722 PCRL_ENTRY *ppCrlEntry)
723 {
724 TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
725 ppCrlEntry);
726
727 *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
728 pCrlContext->pCrlInfo);
729 return TRUE;
730 }
731
732 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
733 PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
734 {
735 DWORD i;
736 PCRL_ENTRY entry = NULL;
737
738 TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
739 rgpCrlInfo);
740
741 for (i = 0; !entry && i < cCrlInfo; i++)
742 entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
743 return entry == NULL;
744 }
745
746 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
747 PCRL_INFO pCrlInfo)
748 {
749 FILETIME fileTime;
750 LONG ret;
751
752 if (!pTimeToVerify)
753 {
754 GetSystemTimeAsFileTime(&fileTime);
755 pTimeToVerify = &fileTime;
756 }
757 if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
758 {
759 ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
760 if (ret < 0)
761 ret = 0;
762 }
763 return ret;
764 }
Quick hack tree for wine patches julliard doesn't want to commit