From 039beff4415cc6b92aa2ed19619f0d66bcfaf1d8 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Mon, 10 Sep 2007 16:12:39 -0700 Subject: [PATCH] crypt32: Implement CertVerifyCertificateChainPolicy for the basic constraints policy. --- dlls/crypt32/chain.c | 19 +++++++++++++++++ dlls/crypt32/tests/chain.c | 43 +++++++++++++------------------------- 2 files changed, 34 insertions(+), 28 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index b716be9b4df..ed231808162 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -1126,6 +1126,22 @@ static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID, return ret; } +static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID, + PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, + PCERT_CHAIN_POLICY_STATUS pPolicyStatus) +{ + pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = -1; + if (pChainContext->TrustStatus.dwErrorStatus & + CERT_TRUST_INVALID_BASIC_CONSTRAINTS) + { + pPolicyStatus->dwError = TRUST_E_BASIC_CONSTRAINTS; + find_element_with_error(pChainContext, + CERT_TRUST_INVALID_BASIC_CONSTRAINTS, &pPolicyStatus->lChainIndex, + &pPolicyStatus->lElementIndex); + } + return TRUE; +} + typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus); @@ -1152,6 +1168,9 @@ BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID, case (int)CERT_CHAIN_POLICY_AUTHENTICODE: verifyPolicy = verify_authenticode_policy; break; + case (int)CERT_CHAIN_POLICY_BASIC_CONSTRAINTS: + verifyPolicy = verify_basic_constraints_policy; + break; default: FIXME("unimplemented for %d\n", LOWORD(szPolicyOID)); } diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 17cab3aac98..e320e79b447 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1783,50 +1783,37 @@ static ChainPolicyCheck authenticodePolicyCheck[] = { static ChainPolicyCheck basicConstraintsPolicyCheck[] = { { { sizeof(chain0) / sizeof(chain0[0]), chain0 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain1) / sizeof(chain1[0]), chain1 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain2) / sizeof(chain2[0]), chain2 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain3) / sizeof(chain3[0]), chain3 }, - { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, - TODO_POLICY }, + { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 }, { { sizeof(chain4) / sizeof(chain4[0]), chain4 }, - { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, - TODO_POLICY }, + { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 }, { { sizeof(chain5) / sizeof(chain5[0]), chain5 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain6) / sizeof(chain6[0]), chain6 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain7) / sizeof(chain7[0]), chain7 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain8) / sizeof(chain8[0]), chain8 }, { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, - TODO_POLICY }, + TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS }, { { sizeof(chain9) / sizeof(chain9[0]), chain9 }, { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, - TODO_POLICY }, + TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS }, { { sizeof(chain10) / sizeof(chain10[0]), chain10 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain11) / sizeof(chain11[0]), chain11 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(chain12) / sizeof(chain12[0]), chain12 }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, { { sizeof(iTunesChain) / sizeof(iTunesChain[0]), iTunesChain }, - { 0, 0, -1, -1, NULL }, - TODO_POLICY }, + { 0, 0, -1, -1, NULL }, 0 }, }; static void checkChainPolicyStatus(LPCSTR policy, ChainPolicyCheck *check,