archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/activex/xaddroot/rootlist.h

73 lines
2.8 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. // Microsoft Windows
  3. //
  4. // Copyright (C) Microsoft Corporation, 1999 - 1999
  5. //
  6. // File: rootlist.h
  7. //
  8. // Contents: Signed List of Trusted Roots Helper Functions
  9. //
  10. // History: 01-Aug-99 philh created
  11. //--------------------------------------------------------------------------
  13. #ifndef __ROOT_LIST_INCLUDED__
  14. #define __ROOT_LIST_INCLUDED__
  16. #include "wincrypt.h"
  19. //+-------------------------------------------------------------------------
  20. // Verify that the encoded CTL contains a signed list of roots. For success,
  21. // return certificate store containing the trusted roots to add or
  22. // remove. Also for success, return certificate context of the signer.
  23. //
  24. // The signature of the CTL is verified. The signer of the CTL is verified
  25. // up to a trusted root containing the predefined Microsoft public key.
  26. // The signer and intermediate certificates must have the
  27. // szOID_ROOT_LIST_SIGNER enhanced key usage extension.
  28. //
  29. // The CTL fields are validated as follows:
  30. // - There is at least one SubjectUsage (really the roots enhanced key usage)
  31. // - If NextUpdate isn't NULL, that the CTL is still time valid
  32. // - Only allow roots identified by their sha1 hash
  33. //
  34. // The following CTL extensions are processed:
  35. // - szOID_ENHANCED_KEY_USAGE - if present, must contain
  36. // szOID_ROOT_LIST_SIGNER usage
  37. // - szOID_REMOVE_CERTIFICATE - integer value, 0 => FALSE (add)
  38. // 1 => TRUE (remove), all other values are invalid
  39. // - szOID_CERT_POLICIES - ignored
  40. //
  41. // If the CTL contains any other critical extensions, then, the
  42. // CTL verification fails.
  43. //
  44. // For a successfully verified CTL:
  45. // - TRUE is returned
  46. // - *pfRemoveRoots is set to FALSE to add roots and is set to TRUE to
  47. // remove roots.
  48. // - *phRootListStore is a certificate store containing only the roots to
  49. // add or remove. *phRootListStore must be closed by calling
  50. // CertCloseStore(). For added roots, the CTL's SubjectUsage field is
  51. // set as CERT_ENHKEY_USAGE_PROP_ID on all of the certificates in the
  52. // store.
  53. // - *ppSignerCert is a pointer to the certificate context of the signer.
  54. // *ppSignerCert must be freed by calling CertFreeCertificateContext().
  55. //
  56. // Otherwise, FALSE is returned with *phRootListStore and *ppSignerCert
  57. // set to NULL.
  58. //--------------------------------------------------------------------------
  59. BOOL
  60. WINAPI
  61. I_CertVerifySignedListOfTrustedRoots(
  62. IN const BYTE *pbCtlEncoded,
  63. IN DWORD cbCtlEncoded,
  64. OUT BOOL *pfRemoveRoots, // FALSE: add, TRUE: remove
  65. OUT HCERTSTORE *phRootListStore,
  66. OUT PCCERT_CONTEXT *ppSignerCert
  67. );
  73. #endif // __ROOT_LIST_INCLUDED__