crypt32: Implement CertVerifyCRLTimeValidity and partially implement CertVerifySubjectCertificateContext.

2006-05-26 09:48:13 -07:00 · 2006-05-26 09:48:13 -07:00 · b29c2335b8
parent dc660a81ed
commit b29c2335b8
5 changed files with 143 additions and 23 deletions
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@ -195,8 +195,7 @@ static BOOL WINAPI CertContext_GetProperty(void *context, DWORD dwPropId,
    TRACE("(%p, %ld, %p, %p)\n", context, dwPropId, pvData, pcbData);

    if (properties)
-        ret = ContextPropertyList_FindProperty(properties, dwPropId,
-         &blob);
+        ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
    else
        ret = FALSE;
    if (ret)
@ -737,44 +736,69 @@ PCCERT_CONTEXT WINAPI CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore,
     CERT_FIND_SUBJECT_CERT, pCertId, NULL);
 }

+BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
+ PCCERT_CONTEXT pIssuer, DWORD *pdwFlags)
+{
+    static const DWORD supportedFlags = CERT_STORE_REVOCATION_FLAG |
+     CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG;
+
+    if (*pdwFlags & ~supportedFlags)
+    {
+        SetLastError(E_INVALIDARG);
+        return FALSE;
+    }
+    if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
+    {
+        PCCRL_CONTEXT crl = CertFindCRLInStore(pSubject->hCertStore,
+         pSubject->dwCertEncodingType, 0, CRL_FIND_ISSUED_BY, pSubject, NULL);
+
+        if (crl)
+        {
+            FIXME("check CRL for subject\n");
+        }
+        else
+            *pdwFlags |= CERT_STORE_NO_CRL_FLAG;
+    }
+    if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
+    {
+        if (0 == CertVerifyTimeValidity(NULL, pSubject->pCertInfo))
+            *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
+    }
+    if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
+    {
+        if (CryptVerifyCertificateSignatureEx(0, pSubject->dwCertEncodingType,
+         CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)pSubject,
+         CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuer, 0, NULL))
+            *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
+    }
+    return TRUE;
+}
+
 PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
 PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext,
 DWORD *pdwFlags)
 {
-    static const DWORD supportedFlags = CERT_STORE_REVOCATION_FLAG |
-     CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG;
    PCCERT_CONTEXT ret;

    TRACE("(%p, %p, %p, %08lx)\n", hCertStore, pSubjectContext,
     pPrevIssuerContext, *pdwFlags);

-    if (*pdwFlags & ~supportedFlags)
+    if (!pSubjectContext)
    {
        SetLastError(E_INVALIDARG);
        return NULL;
    }
+
    ret = CertFindCertificateInStore(hCertStore,
     pSubjectContext->dwCertEncodingType, 0, CERT_FIND_ISSUER_OF,
     pSubjectContext, pPrevIssuerContext);
    if (ret)
    {
-        if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
+        if (!CertVerifySubjectCertificateContext(pSubjectContext, ret,
+         pdwFlags))
        {
-            FIXME("revocation check requires CRL support\n");
-            *pdwFlags |= CERT_STORE_NO_CRL_FLAG;
-        }
-        if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
-        {
-            if (0 == CertVerifyTimeValidity(NULL, pSubjectContext->pCertInfo))
-                *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
-        }
-        if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
-        {
-            if (CryptVerifyCertificateSignatureEx(0,
-             pSubjectContext->dwCertEncodingType,
-             CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)pSubjectContext,
-             CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)ret, 0, NULL))
-                *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
+            CertFreeCertificateContext(ret);
+            ret = NULL;
        }
    }

--- a/dlls/crypt32/crl.c
+++ b/dlls/crypt32/crl.c
@ -443,3 +443,26 @@ BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
    TRACE("returning %d\n", ret);
    return ret;
 }
+
+LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
+ PCRL_INFO pCrlInfo)
+{
+    FILETIME fileTime;
+    LONG ret;
+
+    if (!pTimeToVerify)
+    {
+        SYSTEMTIME sysTime;
+
+        GetSystemTime(&sysTime);
+        SystemTimeToFileTime(&sysTime, &fileTime);
+        pTimeToVerify = &fileTime;
+    }
+    if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
+    {
+        ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
+        if (ret < 0)
+            ret = 0;
+    }
+    return ret;
+}
--- a/dlls/crypt32/crypt32.spec
+++ b/dlls/crypt32/crypt32.spec
@ -81,10 +81,10 @@
@ stub CertStrToNameA
@ stub CertStrToNameW
@ stub CertVerifyCRLRevocation
-@ stub CertVerifyCRLTimeValidity
+@ stdcall CertVerifyCRLTimeValidity(ptr ptr)
@ stub CertVerifyCTLUsage
@ stub CertVerifyRevocation
-@ stub CertVerifySubjectCertificateContext
+@ stdcall CertVerifySubjectCertificateContext(ptr ptr ptr)
@ stdcall CertVerifyTimeValidity(ptr ptr)
@ stub CertVerifyValidityNesting
@ stub CreateFileU
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@ -836,6 +836,73 @@ void testCompareCert(void)
    ok(!ret, "Expected certs not to be equal\n");
 }

+static const BYTE bigCertWithDifferentSubject[] = { 0x30, 0x7a, 0x02, 0x01, 0x02,
+ 0x30, 0x02, 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67,
+ 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
+ 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15,
+ 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x41, 0x6c,
+ 0x65, 0x78, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06,
+ 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+ 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
+ 0x01, 0x01 };
+
+static void testVerifySubjectCert(void)
+{
+    BOOL ret;
+    DWORD flags;
+    PCCERT_CONTEXT context1, context2;
+
+    /* Crashes
+    ret = CertVerifySubjectCertificateContext(NULL, NULL, NULL);
+     */
+    flags = 0;
+    ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+    flags = CERT_STORE_NO_CRL_FLAG;
+    ret = CertVerifySubjectCertificateContext(NULL, NULL, &flags);
+    ok(!ret && GetLastError() == E_INVALIDARG,
+     "Expected E_INVALIDARG, got %08lx\n", GetLastError());
+
+    flags = 0;
+    context1 = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
+     sizeof(bigCert));
+    ret = CertVerifySubjectCertificateContext(NULL, context1, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+    ret = CertVerifySubjectCertificateContext(context1, NULL, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+    ret = CertVerifySubjectCertificateContext(context1, context1, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+
+    context2 = CertCreateCertificateContext(X509_ASN_ENCODING,
+     bigCertWithDifferentSubject, sizeof(bigCertWithDifferentSubject));
+    SetLastError(0xdeadbeef);
+    ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+    flags = CERT_STORE_REVOCATION_FLAG;
+    ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+    ok(flags == (CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG),
+     "Expected CERT_STORE_REVOCATION_FLAG | CERT_STORE_NO_CRL_FLAG, got %08lx\n",
+     flags);
+    flags = CERT_STORE_SIGNATURE_FLAG;
+    ret = CertVerifySubjectCertificateContext(context1, context2, &flags);
+    ok(ret, "CertVerifySubjectCertificateContext failed; %08lx\n",
+     GetLastError());
+    ok(flags == CERT_STORE_SIGNATURE_FLAG,
+     "Expected CERT_STORE_SIGNATURE_FLAG, got %08lx\n", flags);
+    CertFreeCertificateContext(context2);
+
+    CertFreeCertificateContext(context1);
+}
+
 START_TEST(cert)
 {
    init_function_pointers();
@ -847,4 +914,5 @@ START_TEST(cert)
    testCompareIntegerBlob();
    testComparePublicKeyInfo();
    testCompareCert();
+    testVerifySubjectCert();
 }
--- a/include/wincrypt.h
+++ b/include/wincrypt.h
@ -2840,6 +2840,11 @@ PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions,
 CERT_EXTENSION rgExtensions[]);
 PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName);

+BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
+ PCCERT_CONTEXT pIssuer, DWORD *pdwFlags);
+
+LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
+ PCRL_INFO pCrlInfo);
 LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify,
 PCERT_INFO pCertInfo);