From 41b3b8e4eb78fdf211b059f005cafbdc728ea83a Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Thu, 3 Dec 2009 11:51:09 -0800
Subject: [PATCH] cryptnet: Add stub for verifying revocation via OCSP.

---
 dlls/cryptnet/cryptnet_main.c | 40 +++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index 10863a21fbb..d4d0e2c6414 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1654,6 +1654,42 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
     return error;
 }
 
+static DWORD verify_cert_revocation_from_aia_ext(
+ const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
+ FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
+ PCERT_REVOCATION_STATUS pRevStatus)
+{
+    BOOL ret;
+    DWORD error, size;
+    CERT_AUTHORITY_INFO_ACCESS *aia;
+
+    ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
+     value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
+    if (ret)
+    {
+        DWORD i;
+
+        for (i = 0; i < aia->cAccDescr; i++)
+            if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
+             szOID_PKIX_OCSP))
+            {
+                if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
+                 CERT_ALT_NAME_URL)
+                    FIXME("OCSP URL = %s\n",
+                     debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
+                else
+                    FIXME("unsupported AccessLocation type %d\n",
+                     aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
+            }
+        LocalFree(aia);
+        /* FIXME: lie and pretend OCSP validated the cert */
+        error = ERROR_SUCCESS;
+    }
+    else
+        error = GetLastError();
+    return error;
+}
+
 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
  FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
  PCERT_REVOCATION_STATUS pRevStatus)
@@ -1665,6 +1701,10 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
      cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
         error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
          index, pTime, dwFlags, pRevPara, pRevStatus);
+    else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
+     cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+        error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
+         index, pTime, dwFlags, pRevPara, pRevStatus);
     else
     {
         if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)