|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1995 - 1999
//
// File: certstr.cpp
//
// Contents: Certificate String and Unicode Helper APIs
//
// Functions:
// CertRDNValueToStrA
// CertRDNValueToStrW
// UnicodeNameValueEncodeEx
// UnicodeNameValueDecodeEx
// UnicodeNameInfoEncodeEx
// UnicodeNameInfoDecodeEx
// CertNameToStrW
// CertNameToStrA
// CertStrToNameW
// CertStrToNameA
// CertGetNameStringW
// CertGetNameStringA
//
// Note:
// Linked into xenroll.dll. xenroll.dll must be able to work with
// crypt32.dll 3.02 which doesn't export CryptEncodeObjectEx.
// xenroll.dll only calls CertNameToStrW.
//
// History: 24-Mar-96 philh created
//--------------------------------------------------------------------------
#include "global.hxx"
#include <dbgdef.h>
// All the *pvInfo extra stuff needs to be aligned
#define INFO_LEN_ALIGN(Len) ((Len + 7) & ~7)
// Unicode Surrogate Pairs map to Universal characters as follows:
// D800 - DBFF : 0000 0000 0000 0000 1101 10YY YYYY YYYY (10 Bits)
// DC00 - DFFF : 0000 0000 0000 0000 1101 11XX XXXX XXXX (10 Bits)
//
// 10000 - 10FFFF : 0000 0000 0000 YYYY YYYY YYXX XXXX XXXX (20 Bits)
// +
// 0000 0000 0000 0001 0000 0000 0000 0000
// Unicode Surrogate Pair Character ranges
#define UNICODE_HIGH_SURROGATE_START 0xD800
#define UNICODE_HIGH_SURROGATE_END 0xDBFF
#define UNICODE_LOW_SURROGATE_START 0xDC00
#define UNICODE_LOW_SURROGATE_END 0xDFFF
// Any Universal characters > 10FFFF map to the following Unicode character
#define UNICODE_REPLACEMENT_CHAR 0xFFFD
// Universal Surrogate Character ranges
#define UNIVERSAL_SURROGATE_START 0x00010000
#define UNIVERSAL_SURROGATE_END 0x0010FFFF
//+-------------------------------------------------------------------------
// Maps an ASN.1 8 bit character string to a new wide-character (Unicode).
//
// If fDisableIE4UTF8 isn't set, the 8 bit character string is initially
// processed as UTF-8 encoded characters.
//
// If fDisableIE4UTF8 is set or the UTF-8 conversion fails, converts to
// wide characters by doing a WCHAR cast.
//--------------------------------------------------------------------------
static int WINAPI Asn1ToWideChar( IN LPCSTR lp8BitStr, IN int cch8Bit, IN BOOL fDisableIE4UTF8, OUT LPWSTR lpWideCharStr, IN int cchWideChar ){ int cchOutWideChar;
if (!fDisableIE4UTF8) { int cchUTF8WideChar;
cchUTF8WideChar = UTF8ToWideChar( lp8BitStr, cch8Bit, lpWideCharStr, cchWideChar ); if (0 < cchUTF8WideChar) return cchUTF8WideChar; }
if (cch8Bit < 0) cch8Bit = strlen(lp8BitStr) + 1; cchOutWideChar = cch8Bit;
if (cchWideChar < 0) goto InvalidParameter; else if (0 == cchWideChar) goto CommonReturn; else if (cchOutWideChar > cchWideChar) goto InsufficientBuffer;
while (cch8Bit--) *lpWideCharStr++ = (unsigned char) *lp8BitStr++;
CommonReturn: return cchOutWideChar;
ErrorReturn: cchOutWideChar = 0; goto CommonReturn;SET_ERROR(InvalidParameter, ERROR_INVALID_PARAMETER)SET_ERROR(InsufficientBuffer, ERROR_INSUFFICIENT_BUFFER)}
//+-------------------------------------------------------------------------
// Maps a wide-character (Unicode) string to a new ASN.1 8 bit character
// string.
//--------------------------------------------------------------------------
static inline void WideCharToAsn1( IN LPCWSTR lpWideCharStr, IN DWORD cchWideChar, OUT LPSTR lp8BitStr ){ while (cchWideChar--) *lp8BitStr++ = (unsigned char) (*lpWideCharStr++ & 0xFF);}
static void *AllocAndDecodeObject( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN const BYTE *pbEncoded, IN DWORD cbEncoded, IN DWORD dwFlags, OUT OPTIONAL DWORD *pcbStructInfo = NULL ){ DWORD cbStructInfo; void *pvStructInfo;
if (!CryptDecodeObjectEx( dwCertEncodingType, lpszStructType, pbEncoded, cbEncoded, dwFlags | CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, &PkiDecodePara, (void *) &pvStructInfo, &cbStructInfo )) goto ErrorReturn;
CommonReturn: if (pcbStructInfo) *pcbStructInfo = cbStructInfo; return pvStructInfo;ErrorReturn: pvStructInfo = NULL; cbStructInfo = 0; goto CommonReturn;}
typedef BOOL (WINAPI *PFN_NESTED_DECODE_INFO_EX_CALLBACK)( IN void *pvDecodeInfo, IN DWORD dwFlags, IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, OUT OPTIONAL void *pvStructInfo, IN OUT LONG *plRemainExtra );
static BOOL WINAPI NestedDecodeAndAllocInfoEx( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN const BYTE *pbEncoded, IN DWORD cbEncoded, IN DWORD dwFlags, IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, IN PFN_NESTED_DECODE_INFO_EX_CALLBACK pfnDecodeInfoExCallback, OUT OPTIONAL void *pvStructInfo, IN OUT DWORD *pcbStructInfo ){ BOOL fResult; LONG lRemainExtra; DWORD cbStructInfo; void *pvDecodeInfo = NULL; DWORD cbDecodeInfo;
if (NULL == pvStructInfo || (dwFlags & CRYPT_DECODE_ALLOC_FLAG)) { cbStructInfo = 0; lRemainExtra = 0; } else { cbStructInfo = *pcbStructInfo; lRemainExtra = (LONG) cbStructInfo; }
if (!CryptDecodeObjectEx( dwCertEncodingType, lpszStructType, pbEncoded, cbEncoded, CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, &PkiDecodePara, (void *) &pvDecodeInfo, &cbDecodeInfo )) goto DecodeObjectError;
if (!pfnDecodeInfoExCallback( pvDecodeInfo, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, pDecodePara, pvStructInfo, &lRemainExtra )) goto DecodeCallbackError;
if (dwFlags & CRYPT_DECODE_ALLOC_FLAG) { void *pv; PFN_CRYPT_ALLOC pfnAlloc = PkiGetDecodeAllocFunction(pDecodePara);
assert(0 > lRemainExtra); lRemainExtra = -lRemainExtra; cbStructInfo = (DWORD) lRemainExtra;
if (NULL == (pv = pfnAlloc(cbStructInfo))) goto OutOfMemory; if (!pfnDecodeInfoExCallback( pvDecodeInfo, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, pDecodePara, pv, &lRemainExtra )) { PFN_CRYPT_FREE pfnFree = PkiGetDecodeFreeFunction(pDecodePara); pfnFree(pv); goto DecodeCallbackError; } *((void **) pvStructInfo) = pv; assert(0 <= lRemainExtra); }
if (0 <= lRemainExtra) { cbStructInfo -= (DWORD) lRemainExtra; } else { cbStructInfo += (DWORD) -lRemainExtra; if (pvStructInfo) { SetLastError((DWORD) ERROR_MORE_DATA); fResult = FALSE; goto CommonReturn; } }
fResult = TRUE;CommonReturn: *pcbStructInfo = cbStructInfo; PkiFree(pvDecodeInfo); return fResult;
ErrorReturn: if (dwFlags & CRYPT_DECODE_ALLOC_FLAG) *((void **) pvStructInfo) = NULL; cbStructInfo = 0; fResult = FALSE; goto CommonReturn;TRACE_ERROR(DecodeObjectError)TRACE_ERROR(DecodeCallbackError)TRACE_ERROR(OutOfMemory)}
//+-------------------------------------------------------------------------
// Convert a Name Value to a null terminated char string
//
// Returns the number of bytes converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char).
//
// If psz != NULL && csz != 0, returned psz is always NULL terminated.
//
// Note: csz includes the NULL char.
//--------------------------------------------------------------------------
DWORDWINAPICertRDNValueToStrA( IN DWORD dwValueType, IN PCERT_RDN_VALUE_BLOB pValue, OUT OPTIONAL LPSTR psz, IN DWORD csz ){ DWORD cszOut = 0; LPWSTR pwsz = NULL; DWORD cwsz;
if (psz == NULL) csz = 0;
cwsz = CertRDNValueToStrW( dwValueType, pValue, NULL, // pwsz
0 // cwsz
); if (pwsz = (LPWSTR) PkiNonzeroAlloc(cwsz * sizeof(WCHAR))) { CertRDNValueToStrW( dwValueType, pValue, pwsz, cwsz );
int cchMultiByte; cchMultiByte = WideCharToMultiByte( CP_ACP, 0, // dwFlags
pwsz, -1, // Null terminated
psz, (int) csz, NULL, // lpDefaultChar
NULL // lpfUsedDefaultChar
); if (cchMultiByte < 1) cszOut = 0; else // Subtract off the trailing null terminator
cszOut = (DWORD) cchMultiByte - 1;
PkiFree(pwsz); }
if (csz != 0) { // Always NULL terminate
*(psz + cszOut) = '\0'; } return cszOut + 1;}
DWORDWINAPIGetSurrogatePairCountFromUniversalString( IN DWORD *pdw, IN DWORD cdw ){ DWORD cSP = 0;
for ( ; cdw > 0; cdw--, pdw++) { DWORD dw = *pdw; if (dw >= UNIVERSAL_SURROGATE_START && dw <= UNIVERSAL_SURROGATE_END) cSP++; }
return cSP;}
//+-------------------------------------------------------------------------
// Convert a Name Value to a null terminated WCHAR string
//
// Returns the number of WCHARs converted including the terminating null
// WCHAR. If pwsz is NULL or cwsz is 0, returns the required size of the
// destination string (including the terminating null WCHAR).
//
// If pwsz != NULL && cwsz != 0, returned pwsz is always NULL terminated.
//
// Note: cwsz includes the NULL WCHAR.
//--------------------------------------------------------------------------
DWORDWINAPICertRDNValueToStrW( IN DWORD dwValueType, IN PCERT_RDN_VALUE_BLOB pValue, OUT OPTIONAL LPWSTR pwsz, IN DWORD cwsz ){ BOOL fDisableIE4UTF8; DWORD cwszOut = 0;
if (pwsz == NULL) cwsz = 0;
fDisableIE4UTF8 = (0 != (dwValueType & CERT_RDN_DISABLE_IE4_UTF8_FLAG)); dwValueType &= CERT_RDN_TYPE_MASK;
if (dwValueType == CERT_RDN_UNICODE_STRING || dwValueType == CERT_RDN_UTF8_STRING) { cwszOut = pValue->cbData / sizeof(WCHAR); if (cwsz > 0) { cwszOut = min(cwszOut, cwsz - 1); if (cwszOut) memcpy((BYTE *) pwsz, pValue->pbData, cwszOut * sizeof(WCHAR)); } } else if (dwValueType == CERT_RDN_UNIVERSAL_STRING) { // 4 byte string. Characters < 0x10000 are converted directly to
// Unicode. Characters within 0x10000 .. 0x10FFFF are mapped
// to a surrogate pair. Any character > 0x10FFFF is mapped to
// the replacement character, 0xFFFD.
DWORD *pdwIn = (DWORD *) pValue->pbData; DWORD cdwIn = pValue->cbData / sizeof(DWORD);
cwszOut = cdwIn + GetSurrogatePairCountFromUniversalString(pdwIn, cdwIn); if (cwsz > 0) { DWORD cOut; LPWSTR pwszOut;
cwszOut = min(cwszOut, cwsz - 1); cOut = cwszOut; pwszOut = pwsz; for ( ; cdwIn > 0 && cOut > 0; cdwIn--, cOut--) { DWORD dw = *pdwIn++; if (dw < UNIVERSAL_SURROGATE_START) *pwszOut++ = (WCHAR) dw; else if (dw <= UNIVERSAL_SURROGATE_END) { if (cOut > 1) { // Surrogate pair contains 20 bits.
DWORD dw20Bits;
dw20Bits = dw - UNIVERSAL_SURROGATE_START; assert(dw20Bits <= 0xFFFFF); *pwszOut++ = (WCHAR) (UNICODE_HIGH_SURROGATE_START + (dw20Bits >> 10)); *pwszOut++ = (WCHAR) (UNICODE_LOW_SURROGATE_START + (dw20Bits & 0x3FF)); cOut--; } else *pwszOut++ = UNICODE_REPLACEMENT_CHAR; } else *pwszOut++ = UNICODE_REPLACEMENT_CHAR; } } } else { // Treat as a 8 bit character string
if (cwsz != 1) { int cchWideChar;
if (cwsz == 0) cchWideChar = 0; else cchWideChar = cwsz - 1;
if (dwValueType != CERT_RDN_T61_STRING) fDisableIE4UTF8 = TRUE; cchWideChar = Asn1ToWideChar( (LPSTR) pValue->pbData, pValue->cbData, fDisableIE4UTF8, pwsz, cchWideChar ); if (cchWideChar <= 0) cwszOut = 0; else cwszOut = (DWORD) cchWideChar; } }
if (cwsz != 0) { // Always NULL terminate
*(pwsz + cwszOut) = L'\0'; } return cwszOut + 1;}
//+-------------------------------------------------------------------------
// Wide Character functions
//
// Needed, since we don't link with 'C' runtime
//--------------------------------------------------------------------------
static inline BOOL IsSpaceW(WCHAR wc){ return wc == L' ' || (wc >= 0x09 && wc <= 0x0d);}static BOOL IsInStrW(LPCWSTR pwszList, WCHAR wc){ WCHAR wcList; while (wcList = *pwszList++) if (wc == wcList) return TRUE; return FALSE;}
//+-------------------------------------------------------------------------
// Checks if an ASN.1 numeric character
//--------------------------------------------------------------------------
static inline BOOL IsNumericW(WCHAR wc){ return (wc >= L'0' && wc <= L'9') || wc == L' ';}
//+-------------------------------------------------------------------------
// Checks if an ASN.1 printable character
//--------------------------------------------------------------------------
static inline BOOL IsPrintableW(WCHAR wc){ return (wc >= L'A' && wc <= L'Z') || (wc >= L'a' && wc <= L'z') || IsNumericW(wc) || IsInStrW(L"\'()+,-./:=?", wc);}
//+-------------------------------------------------------------------------
// Returns 0 if the unicode character string doesn't contain any invalid
// characters. Otherwise, returns CRYPT_E_INVALID_NUMERIC_STRING,
// CRYPT_E_INVALID_PRINTABLE_STRING or CRYPT_E_INVALID_IA5_STRING with
// *pdwErrLocation updated with the index of the first invalid character.
//--------------------------------------------------------------------------
static DWORD CheckUnicodeValueType( IN DWORD dwValueType, IN LPCWSTR pwszAttr, IN DWORD cchAttr, OUT DWORD *pdwErrLocation ){ DWORD i; DWORD dwErr;
assert(dwValueType & CERT_RDN_TYPE_MASK); *pdwErrLocation = 0;
dwErr = 0; for (i = 0; i < cchAttr; i++) { WCHAR wc = pwszAttr[i];
switch (dwValueType & CERT_RDN_TYPE_MASK) { case CERT_RDN_NUMERIC_STRING: if (!IsNumericW(wc)) dwErr = (DWORD) CRYPT_E_INVALID_NUMERIC_STRING; break; case CERT_RDN_PRINTABLE_STRING: if (!IsPrintableW(wc)) dwErr = (DWORD) CRYPT_E_INVALID_PRINTABLE_STRING; break; case CERT_RDN_IA5_STRING: if (wc > 0x7F) dwErr = (DWORD) CRYPT_E_INVALID_IA5_STRING; break; default: return 0; }
if (0 != dwErr) { assert(i <= CERT_UNICODE_VALUE_ERR_INDEX_MASK); *pdwErrLocation = i & CERT_UNICODE_VALUE_ERR_INDEX_MASK; return dwErr; } }
return 0;}
//+-------------------------------------------------------------------------
// Set/Free/Get CERT_RDN attribute value. The values are unicode.
//+-------------------------------------------------------------------------
static BOOL SetUnicodeRDNAttributeValue( IN DWORD dwValueType, IN PCERT_RDN_VALUE_BLOB pSrcValue, IN BOOL fDisableCheckType, OUT PCERT_RDN_VALUE_BLOB pDstValue, OUT OPTIONAL DWORD *pdwErrLocation ){ BOOL fResult; LPCWSTR pwszAttr; DWORD cchAttr; DWORD dwErr;
if (pdwErrLocation) *pdwErrLocation = 0;
dwValueType &= CERT_RDN_TYPE_MASK;
memset(pDstValue, 0, sizeof(CERT_RDN_VALUE_BLOB)); if (CERT_RDN_ANY_TYPE == dwValueType) goto InvalidArg; assert(IS_CERT_RDN_CHAR_STRING(dwValueType));
pwszAttr = pSrcValue->pbData ? (LPCWSTR) pSrcValue->pbData : L""; cchAttr = (DWORD)( pSrcValue->cbData ? pSrcValue->cbData / sizeof(WCHAR) : wcslen(pwszAttr) );
// Update Destination Value
if (cchAttr) { switch (dwValueType) { case CERT_RDN_UNICODE_STRING: case CERT_RDN_UTF8_STRING: // Use source. No allocation or copy required
pDstValue->pbData = (BYTE *) pwszAttr; pDstValue->cbData = cchAttr * sizeof(WCHAR); break; case CERT_RDN_UNIVERSAL_STRING: // Update the "low" 16 bits of each 32 bit integer with
// the UNICODE character. Also handle surrogate pairs.
{ DWORD cdw = cchAttr; DWORD cbData = cdw * sizeof(DWORD); DWORD *pdwDst; LPCWSTR pwszSrc = pwszAttr;
if (NULL == (pdwDst = (DWORD *) PkiNonzeroAlloc(cbData))) goto OutOfMemory; pDstValue->pbData = (BYTE *) pdwDst; for ( ; cdw > 0; cdw--) { WCHAR wc = *pwszSrc++; WCHAR wc2;
if (wc >= UNICODE_HIGH_SURROGATE_START && wc <= UNICODE_HIGH_SURROGATE_END && cdw > 1 && (wc2 = *pwszSrc) >= UNICODE_LOW_SURROGATE_START && wc2 <= UNICODE_LOW_SURROGATE_END) { pwszSrc++; cdw--; cbData -= sizeof(DWORD);
*pdwDst++ = (((DWORD)(wc - UNICODE_HIGH_SURROGATE_START)) << 10) + ((DWORD)(wc2 - UNICODE_LOW_SURROGATE_START)) + UNIVERSAL_SURROGATE_START; } else *pdwDst++ = ((DWORD) wc) & 0xFFFF; } pDstValue->cbData = cbData; } break; default: // Convert each unicode character to 8 Bit character
{ BYTE *pbDst;
if (pdwErrLocation && !fDisableCheckType) { // Check that the unicode string doesn't contain any
// invalid dwValueType characters.
if (0 != (dwErr = CheckUnicodeValueType( dwValueType, pwszAttr, cchAttr, pdwErrLocation ))) goto InvalidUnicodeValueType; }
if (NULL == (pbDst = (BYTE *) PkiNonzeroAlloc(cchAttr))) goto OutOfMemory; pDstValue->pbData = pbDst; pDstValue->cbData = cchAttr;
WideCharToAsn1( pwszAttr, cchAttr, (LPSTR) pbDst ); } } }
fResult = TRUE;CommonReturn: return fResult;ErrorReturn: fResult = FALSE; goto CommonReturn;SET_ERROR(InvalidArg, E_INVALIDARG)SET_ERROR_VAR(InvalidUnicodeValueType, dwErr)TRACE_ERROR(OutOfMemory)}
static void FreeUnicodeRDNAttributeValue( IN DWORD dwValueType, IN OUT PCERT_RDN_VALUE_BLOB pValue ){ switch (dwValueType & CERT_RDN_TYPE_MASK) { case CERT_RDN_UNICODE_STRING: case CERT_RDN_UTF8_STRING: case CERT_RDN_ENCODED_BLOB: case CERT_RDN_OCTET_STRING: break; default: PkiFree(pValue->pbData); }}
static BOOL GetUnicodeRDNAttributeValue( IN DWORD dwValueType, IN PCERT_RDN_VALUE_BLOB pSrcValue, IN DWORD dwFlags, OUT PCERT_RDN_VALUE_BLOB pDstValue, IN OUT BYTE **ppbExtra, IN OUT LONG *plRemainExtra ){ BOOL fResult; LONG lRemainExtra = *plRemainExtra; BYTE *pbExtra = *ppbExtra; LONG lAlignExtra; DWORD cbData; BYTE *pbSrcData; BOOL fDisableIE4UTF8;
// Get Unicode value length
cbData = pSrcValue->cbData; pbSrcData = pSrcValue->pbData;
fDisableIE4UTF8 = (0 != (dwFlags & CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG));
assert(0 == (dwValueType & ~CERT_RDN_TYPE_MASK)); dwValueType &= CERT_RDN_TYPE_MASK;
switch (dwValueType) { case CERT_RDN_UNICODE_STRING: case CERT_RDN_UTF8_STRING: case CERT_RDN_ENCODED_BLOB: case CERT_RDN_OCTET_STRING: // The above cbData
break; case CERT_RDN_UNIVERSAL_STRING: // 4 byte string. Characters < 0x10000 are converted directly to
// Unicode. Characters within 0x10000 .. 0x10FFFF are mapped
// to surrogate pair. Any character > 0x10FFFF is mapped to
// the replacement character, 0xFFFD.
cbData = (cbData / 4) * sizeof(WCHAR); cbData += GetSurrogatePairCountFromUniversalString( (DWORD *) pbSrcData, cbData / sizeof(WCHAR)) * sizeof(WCHAR); break; default: // Length of resultant WideChar
if (cbData) { int cchWideChar;
if (dwValueType != CERT_RDN_T61_STRING) fDisableIE4UTF8 = TRUE; cchWideChar = Asn1ToWideChar( (LPSTR) pbSrcData, cbData, fDisableIE4UTF8, NULL, // lpWideCharStr
0 // cchWideChar
); if (cchWideChar <= 0) goto Asn1ToWideCharError; cbData = cchWideChar * sizeof(WCHAR); } }
// Note, +sizeof(WCHAR) is unicode value's NULL terminator
lAlignExtra = INFO_LEN_ALIGN(cbData + sizeof(WCHAR)); lRemainExtra -= lAlignExtra; if (lRemainExtra >= 0) { pDstValue->pbData = pbExtra; pDstValue->cbData = cbData;
switch (dwValueType) { case CERT_RDN_UNICODE_STRING: case CERT_RDN_UTF8_STRING: case CERT_RDN_ENCODED_BLOB: case CERT_RDN_OCTET_STRING: if (cbData) memcpy(pbExtra, pbSrcData, cbData); break; case CERT_RDN_UNIVERSAL_STRING: // Convert Universal to Unicode. See above comments.
{ DWORD cdw = pSrcValue->cbData / sizeof (DWORD); DWORD *pdwSrc = (DWORD *) pbSrcData; LPWSTR pwszDst = (LPWSTR) pbExtra; for ( ; cdw > 0; cdw--) { DWORD dw = *pdwSrc++;
if (dw < UNIVERSAL_SURROGATE_START) *pwszDst++ = (WCHAR) dw; else if (dw <= UNIVERSAL_SURROGATE_END) { // Surrogate pair contains 20 bits.
DWORD dw20Bits; dw20Bits = dw - UNIVERSAL_SURROGATE_START; assert(dw20Bits <= 0xFFFFF); *pwszDst++ = (WCHAR) (UNICODE_HIGH_SURROGATE_START + (dw20Bits >> 10)); *pwszDst++ = (WCHAR) (UNICODE_LOW_SURROGATE_START + (dw20Bits & 0x3FF)); } else *pwszDst++ = UNICODE_REPLACEMENT_CHAR; }
assert(pbExtra + cbData == (BYTE *) pwszDst); } break; default: // Convert UTF8 to unicode
if (cbData) { int cchWideChar; cchWideChar = Asn1ToWideChar( (LPSTR) pbSrcData, pSrcValue->cbData, fDisableIE4UTF8, (LPWSTR) pbExtra, cbData / sizeof(WCHAR) ); if (cchWideChar > 0) { if (((DWORD) cchWideChar * sizeof(WCHAR)) <= cbData) { pDstValue->cbData = cchWideChar * sizeof(WCHAR); *((LPWSTR) pbExtra + cchWideChar) = L'\0'; } } else { assert(0); goto Asn1ToWideCharError; } } } // Ensure NULL termination
memset(pbExtra + cbData, 0, sizeof(WCHAR)); pbExtra += lAlignExtra; }
*plRemainExtra = lRemainExtra; *ppbExtra = pbExtra; fResult = TRUE;CommonReturn: return fResult;ErrorReturn: fResult = FALSE; goto CommonReturn;TRACE_ERROR(Asn1ToWideCharError)}
//+-------------------------------------------------------------------------
// Encode the "UNICODE" Name Value
//--------------------------------------------------------------------------
BOOL WINAPI UnicodeNameValueEncodeEx( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN PCERT_NAME_VALUE pInfo, IN DWORD dwFlags, IN OPTIONAL PCRYPT_ENCODE_PARA pEncodePara, OUT OPTIONAL void *pvEncoded, IN OUT DWORD *pcbEncoded ){ BOOL fResult; DWORD dwValueType; CERT_NAME_VALUE DstInfo; DWORD dwErrLocation; BOOL fDisableCheckType;
if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) *((void **) pvEncoded) = NULL;
dwValueType = pInfo->dwValueType; if (!IS_CERT_RDN_CHAR_STRING(dwValueType)) { *pcbEncoded = 0; SetLastError((DWORD) CRYPT_E_NOT_CHAR_STRING); return FALSE; }
DstInfo.dwValueType = dwValueType & CERT_RDN_TYPE_MASK; fDisableCheckType = (0 != (dwFlags & CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG) || 0 != (dwValueType & CERT_RDN_DISABLE_CHECK_TYPE_FLAG)); if (!SetUnicodeRDNAttributeValue(dwValueType, &pInfo->Value, fDisableCheckType, &DstInfo.Value, &dwErrLocation)) { fResult = FALSE; *pcbEncoded = dwErrLocation; goto CommonReturn; }
fResult = CryptEncodeObjectEx( dwCertEncodingType, X509_NAME_VALUE, &DstInfo, dwFlags & ~CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG, pEncodePara, pvEncoded, pcbEncoded );
CommonReturn: FreeUnicodeRDNAttributeValue(dwValueType, &DstInfo.Value); return fResult;}
//+-------------------------------------------------------------------------
// Decode the "UNICODE" Name Value
//--------------------------------------------------------------------------
BOOL WINAPI UnicodeNameValueDecodeExCallback( IN void *pvDecodeInfo, IN DWORD dwFlags, IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, OUT OPTIONAL void *pvStructInfo, IN OUT LONG *plRemainExtra ){ BOOL fResult; PCERT_NAME_VALUE pNameValue = (PCERT_NAME_VALUE) pvDecodeInfo; PCERT_NAME_VALUE pInfo = (PCERT_NAME_VALUE) pvStructInfo; LONG lRemainExtra = *plRemainExtra; BYTE *pbExtra;
PCERT_RDN_VALUE_BLOB pValue;
if (!IS_CERT_RDN_CHAR_STRING(pNameValue->dwValueType)) goto NotCharString;
lRemainExtra -= sizeof(CERT_NAME_VALUE); if (lRemainExtra < 0) { pbExtra = NULL; pValue = NULL; } else { pbExtra = (BYTE *) pInfo + sizeof(CERT_NAME_VALUE); pInfo->dwValueType = pNameValue->dwValueType; pValue = &pInfo->Value; }
if (!GetUnicodeRDNAttributeValue( pNameValue->dwValueType, &pNameValue->Value, dwFlags, pValue, &pbExtra, &lRemainExtra )) goto DecodeError;
fResult = TRUE;CommonReturn: *plRemainExtra = lRemainExtra; return fResult;
ErrorReturn: fResult = FALSE; goto CommonReturn;SET_ERROR(NotCharString, CRYPT_E_NOT_CHAR_STRING)TRACE_ERROR(DecodeError)}
BOOL WINAPI UnicodeNameValueDecodeEx( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN const BYTE *pbEncoded, IN DWORD cbEncoded, IN DWORD dwFlags, IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, OUT OPTIONAL void *pvStructInfo, IN OUT DWORD *pcbStructInfo ){ return NestedDecodeAndAllocInfoEx( dwCertEncodingType, X509_NAME_VALUE, pbEncoded, cbEncoded, dwFlags, pDecodePara, UnicodeNameValueDecodeExCallback, pvStructInfo, pcbStructInfo );}
//+-------------------------------------------------------------------------
// Default ordered list of acceptable RDN attribute value types. Used when
// OIDInfo's ExtraInfo.cbData == 0. Or when ExtraInfo contains an empty
// list.
//--------------------------------------------------------------------------
static const DWORD rgdwDefaultValueType[] = { CERT_RDN_PRINTABLE_STRING, CERT_RDN_UNICODE_STRING, 0};
//+-------------------------------------------------------------------------
// Default X500 OID Information entry
//--------------------------------------------------------------------------
static CCRYPT_OID_INFO DefaultX500Info = { sizeof(CCRYPT_OID_INFO), // cbSize
"", // pszOID
L"", // pwszName
0, // dwLength
0, NULL // ExtraInfo
};
// Please update the following if you add a new entry to the RDNAttrTable in
// oidinfo.cpp with a longer pwszName
#define MAX_X500_KEY_LEN 64
//+-------------------------------------------------------------------------
// Checks if character needs to be quoted
//
// Defined in RFC1779
//--------------------------------------------------------------------------
static inline BOOL IsQuotedW(WCHAR wc){ return IsInStrW(L",+=\"\n<>#;", wc);}
//+-------------------------------------------------------------------------
// Checks if "decoded" unicode RDN value needs to be quoted
//--------------------------------------------------------------------------
static BOOL IsQuotedUnicodeRDNValue(PCERT_RDN_VALUE_BLOB pValue){ LPCWSTR pwszValue = (LPCWSTR) pValue->pbData; DWORD cchValue = pValue->cbData / sizeof(WCHAR); if (0 == cchValue) return TRUE;
// First or Last character is whitespace
if (IsSpaceW(pwszValue[0]) || IsSpaceW(pwszValue[cchValue - 1])) return TRUE;
for ( ; cchValue > 0; cchValue--, pwszValue++) if (IsQuotedW(*pwszValue)) return TRUE; return FALSE;}
//+-------------------------------------------------------------------------
// Get the first dwValueType from the attribute's ordered list that is
// an acceptable type for the input attribute character string.
//
// If no type is acceptable, update the *pdwErrLocation with the first
// bad character position using the last type in the list.
//--------------------------------------------------------------------------
static DWORD GetUnicodeValueType( IN PCCRYPT_OID_INFO pX500Info, IN LPCWSTR pwszAttr, IN DWORD cchAttr, IN DWORD dwUnicodeFlags, OUT DWORD *pdwErrLocation ){ DWORD dwValueType; const DWORD *pdwValueType; DWORD cValueType; DWORD dwErr = (DWORD) E_UNEXPECTED; DWORD i;
pdwValueType = (DWORD *) pX500Info->ExtraInfo.pbData; cValueType = pX500Info->ExtraInfo.cbData / sizeof(DWORD); // Need at least two entries: a dwValueType and a 0 terminator. Otherwise,
// use default value types.
if (2 > cValueType || 0 == pdwValueType[0]) { pdwValueType = rgdwDefaultValueType; cValueType = sizeof(rgdwDefaultValueType) / sizeof(DWORD); }
*pdwErrLocation = 0; for (i = 0; i < cValueType && 0 != (dwValueType = pdwValueType[i]); i++) { if (CERT_RDN_UNICODE_STRING == dwValueType) { if (dwUnicodeFlags & CERT_RDN_ENABLE_T61_UNICODE_FLAG) { DWORD j; BOOL fT61;
fT61 = TRUE; for (j = 0; j < cchAttr; j++) { if (pwszAttr[j] > 0xFF) { fT61 = FALSE; break; } } if (fT61) return CERT_RDN_T61_STRING; }
if (dwUnicodeFlags & CERT_RDN_ENABLE_UTF8_UNICODE_FLAG) return CERT_RDN_UTF8_STRING; else return CERT_RDN_UNICODE_STRING; } dwErr = CheckUnicodeValueType( dwValueType, pwszAttr, cchAttr, pdwErrLocation );
if (0 == dwErr) return dwValueType; }
assert(dwErr); SetLastError(dwErr);
return 0;}
//+-------------------------------------------------------------------------
// Get an acceptable dwValueType associated with the OID for the input
// attribute character string.
//
// If no type is acceptable, update the *pdwErrLocation with the indices
// of the RDN, RDNAttribute, and character string.
//--------------------------------------------------------------------------
static DWORD GetUnicodeX500OIDValueType( IN LPCSTR pszObjId, IN LPCWSTR pwszAttr, IN DWORD cchAttr, IN DWORD dwRDNIndex, IN DWORD dwAttrIndex, IN DWORD dwUnicodeFlags, OUT DWORD *pdwErrLocation ){ PCCRYPT_OID_INFO pX500Info; DWORD dwValueType;
assert(pszObjId); if (NULL == pszObjId) pszObjId = "";
// Attempt to find the OID in the table. If OID isn't found,
// use default
if (NULL == (pX500Info = CryptFindOIDInfo( CRYPT_OID_INFO_OID_KEY, (void *) pszObjId, CRYPT_RDN_ATTR_OID_GROUP_ID ))) pX500Info = &DefaultX500Info;
if (0 == (dwValueType = GetUnicodeValueType( pX500Info, pwszAttr, cchAttr, dwUnicodeFlags, pdwErrLocation ))) { // Include the dwRDNIndex and dwAttrIndex in the error location.
assert(dwRDNIndex <= CERT_UNICODE_RDN_ERR_INDEX_MASK); assert(dwAttrIndex <= CERT_UNICODE_ATTR_ERR_INDEX_MASK); *pdwErrLocation |= ((dwRDNIndex & CERT_UNICODE_RDN_ERR_INDEX_MASK) << CERT_UNICODE_RDN_ERR_INDEX_SHIFT) | ((dwAttrIndex & CERT_UNICODE_ATTR_ERR_INDEX_MASK) << CERT_UNICODE_ATTR_ERR_INDEX_SHIFT); } return dwValueType;}
//+-------------------------------------------------------------------------
// Set/Free/Get CERT_RDN_ATTR. The values are unicode.
//--------------------------------------------------------------------------
static BOOL SetUnicodeRDNAttribute( IN PCERT_RDN_ATTR pSrcRDNAttr, IN DWORD dwRDNIndex, IN DWORD dwAttrIndex, IN DWORD dwFlags, IN OUT PCERT_RDN_ATTR pDstRDNAttr, OUT DWORD *pdwErrLocation ){ BOOL fResult; DWORD dwValueType = pSrcRDNAttr->dwValueType; PCERT_RDN_VALUE_BLOB pSrcValue; LPCWSTR pwszAttr; DWORD cchAttr; DWORD dwErr;
DWORD dwUnicodeFlags; BOOL fDisableCheckType;
dwUnicodeFlags = 0; if ((dwFlags & CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG) || (dwValueType & CERT_RDN_ENABLE_T61_UNICODE_FLAG)) dwUnicodeFlags |= CERT_RDN_ENABLE_T61_UNICODE_FLAG; if ((dwFlags & CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG) || (dwValueType & CERT_RDN_ENABLE_UTF8_UNICODE_FLAG)) dwUnicodeFlags |= CERT_RDN_ENABLE_UTF8_UNICODE_FLAG;
fDisableCheckType = (0 != (dwFlags & CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG) || 0 != (dwValueType & CERT_RDN_DISABLE_CHECK_TYPE_FLAG));
dwValueType &= CERT_RDN_TYPE_MASK;
*pdwErrLocation = 0; if (CERT_RDN_ENCODED_BLOB == dwValueType || CERT_RDN_OCTET_STRING == dwValueType) { // No unicode conversion on this type
memcpy(pDstRDNAttr, pSrcRDNAttr, sizeof(CERT_RDN_ATTR)); return TRUE; }
pSrcValue = &pSrcRDNAttr->Value; pwszAttr = pSrcValue->pbData ? (LPCWSTR) pSrcValue->pbData : L""; cchAttr = (DWORD)( pSrcValue->cbData ? pSrcValue->cbData / sizeof(WCHAR) : wcslen(pwszAttr) );
if (0 == dwValueType) { if (0 == (dwValueType = GetUnicodeX500OIDValueType( pSrcRDNAttr->pszObjId, pwszAttr, cchAttr, dwRDNIndex, dwAttrIndex, dwUnicodeFlags, pdwErrLocation ))) goto GetValueTypeError; } else if (!fDisableCheckType) { if (0 != (dwErr = CheckUnicodeValueType( dwValueType, pwszAttr, cchAttr, pdwErrLocation ))) { // Include the dwRDNIndex and dwAttrIndex in the error location.
assert(dwRDNIndex <= CERT_UNICODE_RDN_ERR_INDEX_MASK); assert(dwAttrIndex <= CERT_UNICODE_ATTR_ERR_INDEX_MASK); *pdwErrLocation |= ((dwRDNIndex & CERT_UNICODE_RDN_ERR_INDEX_MASK) << CERT_UNICODE_RDN_ERR_INDEX_SHIFT) | ((dwAttrIndex & CERT_UNICODE_ATTR_ERR_INDEX_MASK) << CERT_UNICODE_ATTR_ERR_INDEX_SHIFT); goto InvalidUnicodeValueType; } }
pDstRDNAttr->pszObjId = pSrcRDNAttr->pszObjId; pDstRDNAttr->dwValueType = dwValueType;
if (!SetUnicodeRDNAttributeValue( dwValueType, pSrcValue, TRUE, // fDisableCheckType
&pDstRDNAttr->Value, NULL // OPTIONAL pdwErrLocation
)) goto SetUnicodeRDNAttributeValueError;
fResult = TRUE;CommonReturn: return fResult;ErrorReturn: fResult = FALSE; goto CommonReturn;TRACE_ERROR(GetValueTypeError)SET_ERROR_VAR(InvalidUnicodeValueType, dwErr)TRACE_ERROR(SetUnicodeRDNAttributeValueError)}
static void FreeUnicodeRDNAttribute( IN OUT PCERT_RDN_ATTR pRDNAttr ){ FreeUnicodeRDNAttributeValue(pRDNAttr->dwValueType, &pRDNAttr->Value);}
static BOOL GetUnicodeRDNAttribute( IN PCERT_RDN_ATTR pSrcRDNAttr, IN DWORD dwFlags, OUT PCERT_RDN_ATTR pDstRDNAttr, IN OUT BYTE **ppbExtra, IN OUT LONG *plRemainExtra ){ LONG lAlignExtra; DWORD cbObjId; DWORD dwValueType; PCERT_RDN_VALUE_BLOB pDstValue;
// Get Object Identifier length
if (pSrcRDNAttr->pszObjId) cbObjId = strlen(pSrcRDNAttr->pszObjId) + 1; else cbObjId = 0;
dwValueType = pSrcRDNAttr->dwValueType;
lAlignExtra = INFO_LEN_ALIGN(cbObjId); *plRemainExtra -= lAlignExtra; if (*plRemainExtra >= 0) { if(cbObjId) { pDstRDNAttr->pszObjId = (LPSTR) *ppbExtra; memcpy(*ppbExtra, pSrcRDNAttr->pszObjId, cbObjId); } else pDstRDNAttr->pszObjId = NULL; *ppbExtra += lAlignExtra;
pDstRDNAttr->dwValueType = dwValueType; pDstValue = &pDstRDNAttr->Value; } else pDstValue = NULL;
return GetUnicodeRDNAttributeValue( dwValueType, &pSrcRDNAttr->Value, dwFlags, pDstValue, ppbExtra, plRemainExtra );}
//+-------------------------------------------------------------------------
// Decode the "UNICODE" Name Info
//--------------------------------------------------------------------------
BOOL WINAPI UnicodeNameInfoDecodeExCallback( IN void *pvDecodeInfo, IN DWORD dwFlags, IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, OUT OPTIONAL void *pvStructInfo, IN OUT LONG *plRemainExtra ){ BOOL fResult; PCERT_NAME_INFO pNameInfo = (PCERT_NAME_INFO) pvDecodeInfo; PCERT_NAME_INFO pInfo = (PCERT_NAME_INFO) pvStructInfo; BYTE *pbExtra; LONG lRemainExtra = *plRemainExtra; LONG lAlignExtra;
DWORD cRDN, cAttr; PCERT_RDN pSrcRDN, pDstRDN; PCERT_RDN_ATTR pSrcAttr, pDstAttr;
// for lRemainExtra < 0, LENGTH_ONLY calculation
lRemainExtra -= sizeof(CERT_NAME_INFO); if (lRemainExtra < 0) pbExtra = NULL; else pbExtra = (BYTE *) pInfo + sizeof(CERT_NAME_INFO);
cRDN = pNameInfo->cRDN; pSrcRDN = pNameInfo->rgRDN; lAlignExtra = INFO_LEN_ALIGN(cRDN * sizeof(CERT_RDN)); lRemainExtra -= lAlignExtra; if (lRemainExtra >= 0) { pInfo->cRDN = cRDN; pDstRDN = (PCERT_RDN) pbExtra; pInfo->rgRDN = pDstRDN; pbExtra += lAlignExtra; } else pDstRDN = NULL;
// Array of RDNs
for (; cRDN > 0; cRDN--, pSrcRDN++, pDstRDN++) { cAttr = pSrcRDN->cRDNAttr; pSrcAttr = pSrcRDN->rgRDNAttr; lAlignExtra = INFO_LEN_ALIGN(cAttr * sizeof(CERT_RDN_ATTR)); lRemainExtra -= lAlignExtra; if (lRemainExtra >= 0) { pDstRDN->cRDNAttr = cAttr; pDstAttr = (PCERT_RDN_ATTR) pbExtra; pDstRDN->rgRDNAttr = pDstAttr; pbExtra += lAlignExtra; } else pDstAttr = NULL;
// Array of attribute/values
for (; cAttr > 0; cAttr--, pSrcAttr++, pDstAttr++) // We're now ready to get the attribute/value stuff
if (!GetUnicodeRDNAttribute(pSrcAttr, dwFlags, pDstAttr, &pbExtra, &lRemainExtra)) goto DecodeError; }
fResult = TRUE;CommonReturn: *plRemainExtra = lRemainExtra; return fResult;
ErrorReturn: fResult = FALSE; goto CommonReturn;TRACE_ERROR(DecodeError)}
BOOL WINAPI UnicodeNameInfoDecodeEx( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN const BYTE *pbEncoded, IN DWORD cbEncoded, IN DWORD dwFlags, IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, OUT OPTIONAL void *pvStructInfo, IN OUT DWORD *pcbStructInfo ){ return NestedDecodeAndAllocInfoEx( dwCertEncodingType, X509_NAME, pbEncoded, cbEncoded, dwFlags, pDecodePara, UnicodeNameInfoDecodeExCallback, pvStructInfo, pcbStructInfo );}
//+-------------------------------------------------------------------------
// Encode the "UNICODE" Name Info
//--------------------------------------------------------------------------
static void FreeUnicodeNameInfo( PCERT_NAME_INFO pInfo ){ PCERT_RDN pRDN = pInfo->rgRDN; if (pRDN) { DWORD cRDN = pInfo->cRDN; for ( ; cRDN > 0; cRDN--, pRDN++) { PCERT_RDN_ATTR pAttr = pRDN->rgRDNAttr; if (pAttr) { DWORD cAttr = pRDN->cRDNAttr; for ( ; cAttr > 0; cAttr--, pAttr++) FreeUnicodeRDNAttribute(pAttr); PkiFree(pRDN->rgRDNAttr); } } PkiFree(pInfo->rgRDN); }}
static BOOL SetUnicodeNameInfo( IN PCERT_NAME_INFO pSrcInfo, IN DWORD dwFlags, OUT PCERT_NAME_INFO pDstInfo, OUT DWORD *pdwErrLocation ){ BOOL fResult; DWORD cRDN, cAttr; DWORD i, j; PCERT_RDN pSrcRDN; PCERT_RDN_ATTR pSrcAttr; PCERT_RDN pDstRDN = NULL; PCERT_RDN_ATTR pDstAttr = NULL;
*pdwErrLocation = 0;
cRDN = pSrcInfo->cRDN; pSrcRDN = pSrcInfo->rgRDN; pDstInfo->cRDN = cRDN; pDstInfo->rgRDN = NULL; if (cRDN > 0) { if (NULL == (pDstRDN = (PCERT_RDN) PkiZeroAlloc( cRDN * sizeof(CERT_RDN)))) goto OutOfMemory; pDstInfo->rgRDN = pDstRDN; }
// Array of RDNs
for (i = 0; i < cRDN; i++, pSrcRDN++, pDstRDN++) { cAttr = pSrcRDN->cRDNAttr; pSrcAttr = pSrcRDN->rgRDNAttr; pDstRDN->cRDNAttr = cAttr;
if (cAttr > 0) { if (NULL == (pDstAttr = (PCERT_RDN_ATTR) PkiZeroAlloc(cAttr * sizeof(CERT_RDN_ATTR)))) goto OutOfMemory; pDstRDN->rgRDNAttr = pDstAttr; }
// Array of attribute/values
for (j = 0; j < cAttr; j++, pSrcAttr++, pDstAttr++) { // We're now ready to convert the unicode string
if (!SetUnicodeRDNAttribute(pSrcAttr, i, j, dwFlags, pDstAttr, pdwErrLocation)) goto SetUnicodeRDNAttributeError; } }
fResult = TRUE;CommonReturn: return fResult;ErrorReturn: fResult = FALSE; goto CommonReturn;TRACE_ERROR(OutOfMemory)TRACE_ERROR(SetUnicodeRDNAttributeError)}
BOOL WINAPI UnicodeNameInfoEncodeEx( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN PCERT_NAME_INFO pInfo, IN DWORD dwFlags, IN OPTIONAL PCRYPT_ENCODE_PARA pEncodePara, OUT OPTIONAL void *pvEncoded, IN OUT DWORD *pcbEncoded ){ BOOL fResult; CERT_NAME_INFO DstInfo; DWORD dwErrLocation; if (!SetUnicodeNameInfo(pInfo, dwFlags, &DstInfo, &dwErrLocation)) { if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG) *((void **) pvEncoded) = NULL; *pcbEncoded = dwErrLocation; fResult = FALSE; goto CommonReturn; }
fResult = CryptEncodeObjectEx( dwCertEncodingType, X509_NAME, &DstInfo, dwFlags, pEncodePara, pvEncoded, pcbEncoded );
CommonReturn: FreeUnicodeNameInfo(&DstInfo); return fResult;}
static BOOL WINAPI UnicodeNameInfoEncode( IN DWORD dwCertEncodingType, IN LPCSTR lpszStructType, IN PCERT_NAME_INFO pInfo, OUT OPTIONAL BYTE *pbEncoded, IN OUT DWORD *pcbEncoded ){ BOOL fResult; CERT_NAME_INFO DstInfo; DWORD dwErrLocation; if (!SetUnicodeNameInfo(pInfo, 0, &DstInfo, &dwErrLocation)) { *pcbEncoded = dwErrLocation; fResult = FALSE; goto CommonReturn; }
fResult = CryptEncodeObject( dwCertEncodingType, X509_NAME, &DstInfo, pbEncoded, pcbEncoded );
CommonReturn: FreeUnicodeNameInfo(&DstInfo); return fResult;}
static void PutStrW(LPCWSTR pwszPut, LPWSTR *ppwsz, DWORD *pcwsz, DWORD *pcwszOut, BOOL fQuote = FALSE){ WCHAR wc; while (wc = *pwszPut++) { if (L'\"' == wc && fQuote) PutStrW(L"\"", ppwsz, pcwsz, pcwszOut, FALSE); if (*pcwsz != 1) { if (*pcwsz) { **ppwsz = wc; *ppwsz += 1; *pcwsz -= 1; } *pcwszOut += 1; } // else
// Always reserve space for the NULL terminator.
}}
static void PutOIDStrW( IN DWORD dwStrType, IN LPCSTR pszObjId, IN OUT LPWSTR *ppwsz, IN OUT DWORD *pcwsz, IN OUT DWORD *pcwszOut ){ // Eliminate the upper flags before switching
switch (dwStrType & 0xFFFF) { case CERT_X500_NAME_STR: { PCCRYPT_OID_INFO pX500Info; if (pX500Info = CryptFindOIDInfo( CRYPT_OID_INFO_OID_KEY, (void *) pszObjId, CRYPT_RDN_ATTR_OID_GROUP_ID )) { if (*pX500Info->pwszName) { PutStrW(pX500Info->pwszName, ppwsz, pcwsz, pcwszOut); PutStrW(L"=", ppwsz, pcwsz, pcwszOut); return; } } PutStrW(L"OID.", ppwsz, pcwsz, pcwszOut); } // Fall through
case CERT_OID_NAME_STR: { int cchWideChar; cchWideChar = MultiByteToWideChar( CP_ACP, 0, // dwFlags
pszObjId, -1, // null terminated
*ppwsz, *pcwsz) - 1; if (cchWideChar > 0) { if (*pcwsz) { assert(*pcwsz > (DWORD)cchWideChar); *pcwsz -= cchWideChar; *ppwsz += cchWideChar; } *pcwszOut += cchWideChar; } PutStrW(L"=", ppwsz, pcwsz, pcwszOut); } break; case CERT_SIMPLE_NAME_STR: default: break; }}
static void PutHexW( IN PCERT_RDN_VALUE_BLOB pValue, IN OUT LPWSTR *ppwsz, IN OUT DWORD *pcwsz, IN OUT DWORD *pcwszOut ){ WCHAR wszHex[3]; BYTE *pb = pValue->pbData; DWORD cb = pValue->cbData;
PutStrW(L"#", ppwsz, pcwsz, pcwszOut); wszHex[2] = L'\0';
for ( ; cb > 0; cb--, pb++) { int b; b = (*pb >> 4) & 0x0F; wszHex[0] = (WCHAR)( (b <= 9) ? b + L'0' : (b - 10) + L'A'); b = *pb & 0x0F; wszHex[1] = (WCHAR)( (b <= 9) ? b + L'0' : (b - 10) + L'A'); PutStrW(wszHex, ppwsz, pcwsz, pcwszOut); }}
static void ReverseNameInfo( IN PCERT_NAME_INFO pInfo ){ DWORD cRDN; PCERT_RDN pLo; PCERT_RDN pHi; CERT_RDN Tmp;
cRDN = pInfo->cRDN; if (0 == cRDN) return;
pLo = pInfo->rgRDN; pHi = pInfo->rgRDN + cRDN - 1; for ( ; pLo < pHi; pHi--, pLo++) { Tmp = *pHi; *pHi = *pLo; *pLo = Tmp; }}
//+-------------------------------------------------------------------------
// Convert the decoded certificate name info to a null terminated WCHAR
// string.
//
// Note, if CERT_NAME_STR_REVERSE_FLAG is set, reverses the decoded
// name info RDNs
//--------------------------------------------------------------------------
static DWORD WINAPI CertNameInfoToStrW( IN DWORD dwCertEncodingType, IN PCERT_NAME_INFO pInfo, IN DWORD dwStrType, OUT OPTIONAL LPWSTR pwsz, IN DWORD cwsz ){ DWORD cwszOut = 0;
LPCWSTR pwszRDNSeparator; LPCWSTR pwszMultiValueSeparator; BOOL fEnableQuoting;
if (dwStrType & CERT_NAME_STR_SEMICOLON_FLAG) pwszRDNSeparator = L"; "; else if (dwStrType & CERT_NAME_STR_CRLF_FLAG) pwszRDNSeparator = L"\r\n"; else pwszRDNSeparator = L", ";
if (dwStrType & CERT_NAME_STR_NO_PLUS_FLAG) pwszMultiValueSeparator = L" "; else pwszMultiValueSeparator = L" + ";
if (dwStrType & CERT_NAME_STR_NO_QUOTING_FLAG) fEnableQuoting = FALSE; else fEnableQuoting = TRUE;
if (pwsz == NULL) cwsz = 0;
if (pInfo) { DWORD cRDN; PCERT_RDN pRDN;
if (dwStrType & CERT_NAME_STR_REVERSE_FLAG) ReverseNameInfo(pInfo);
cRDN = pInfo->cRDN; pRDN = pInfo->rgRDN; if (0 == cRDN) SetLastError((DWORD) CRYPT_E_NOT_FOUND); for ( ; cRDN > 0; cRDN--, pRDN++) { DWORD cAttr = pRDN->cRDNAttr; PCERT_RDN_ATTR pAttr = pRDN->rgRDNAttr; for ( ; cAttr > 0; cAttr--, pAttr++) { BOOL fQuote; PutOIDStrW(dwStrType, pAttr->pszObjId, &pwsz, &cwsz, &cwszOut);
if (CERT_RDN_ENCODED_BLOB == pAttr->dwValueType || CERT_RDN_OCTET_STRING == pAttr->dwValueType) PutHexW(&pAttr->Value, &pwsz, &cwsz, &cwszOut); else { fQuote = fEnableQuoting && IsQuotedUnicodeRDNValue( &pAttr->Value); if (fQuote) PutStrW(L"\"", &pwsz, &cwsz, &cwszOut); PutStrW((LPCWSTR) pAttr->Value.pbData, &pwsz, &cwsz, &cwszOut, fQuote); if (fQuote) PutStrW(L"\"", &pwsz, &cwsz, &cwszOut); }
if (cAttr > 1) PutStrW(pwszMultiValueSeparator, &pwsz, &cwsz, &cwszOut); } if (cRDN > 1) PutStrW(pwszRDNSeparator, &pwsz, &cwsz, &cwszOut); } }
if (cwsz != 0) { // Always NULL terminate
*pwsz = L'\0'; }
return cwszOut + 1;}
//+-------------------------------------------------------------------------
// Convert the certificate name blob to a null terminated WCHAR string.
//--------------------------------------------------------------------------
DWORDWINAPICertNameToStrW( IN DWORD dwCertEncodingType, IN PCERT_NAME_BLOB pName, IN DWORD dwStrType, OUT OPTIONAL LPWSTR pwsz, IN DWORD cwsz ){ DWORD cwszOut; PCERT_NAME_INFO pInfo; pInfo = (PCERT_NAME_INFO) AllocAndDecodeObject( dwCertEncodingType, X509_UNICODE_NAME, pName->pbData, pName->cbData, (dwStrType & CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG) ? CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG : 0 );
// Note, decoded name info RDNs may be reversed
cwszOut = CertNameInfoToStrW( dwCertEncodingType, pInfo, dwStrType, pwsz, cwsz );
PkiFree(pInfo); return cwszOut;}
//+-------------------------------------------------------------------------
// Convert the Unicode string to Ascii
//--------------------------------------------------------------------------
static DWORD ConvertUnicodeStringToAscii( IN LPWSTR pwsz, IN DWORD cwsz, OUT OPTIONAL LPSTR psz, IN DWORD csz ){ DWORD cszOut = 0;
if (psz == NULL) csz = 0;
if (pwsz) { int cchMultiByte; cchMultiByte = WideCharToMultiByte( CP_ACP, 0, // dwFlags
pwsz, -1, // Null terminated
psz, (int) csz, NULL, // lpDefaultChar
NULL // lpfUsedDefaultChar
); if (cchMultiByte < 1) cszOut = 0; else // Subtract off the trailing null terminator
cszOut = (DWORD) cchMultiByte - 1; }
if (csz != 0) { // Always NULL terminate
*(psz + cszOut) = '\0'; } return cszOut + 1;}
//+-------------------------------------------------------------------------
// Convert the certificate name blob to a null terminated char string.
//--------------------------------------------------------------------------
DWORDWINAPICertNameToStrA( IN DWORD dwCertEncodingType, IN PCERT_NAME_BLOB pName, IN DWORD dwStrType, OUT OPTIONAL LPSTR psz, IN DWORD csz ){ DWORD cszOut; LPWSTR pwsz = NULL; DWORD cwsz;
cwsz = CertNameToStrW( dwCertEncodingType, pName, dwStrType, NULL, // pwsz
0 // cwsz
); if (pwsz = (LPWSTR) PkiNonzeroAlloc(cwsz * sizeof(WCHAR))) CertNameToStrW( dwCertEncodingType, pName, dwStrType, pwsz, cwsz ); cszOut = ConvertUnicodeStringToAscii(pwsz, cwsz, psz, csz);
PkiFree(pwsz); return cszOut;}
//+-------------------------------------------------------------------------
// Map the attribute key (for example "CN") to its Object Identifier
// (for example, "2.5.4.3").
//
// The input pwcKey isn't NULL terminated. cchKey > 0.
//
// Returns NULL if unable to find a matching attribute key.
//--------------------------------------------------------------------------
static LPCSTR X500KeyToOID(IN LPCWSTR pwcKey, IN DWORD cchKey){ PCCRYPT_OID_INFO pX500Info; WCHAR wszKey[MAX_X500_KEY_LEN + 1];
if (cchKey > MAX_X500_KEY_LEN) return NULL; assert(cchKey > 0);
// Null terminate the input Key
memcpy(wszKey, pwcKey, cchKey * sizeof(WCHAR)); wszKey[cchKey] = L'\0';
if (pX500Info = CryptFindOIDInfo( CRYPT_OID_INFO_NAME_KEY, wszKey, CRYPT_RDN_ATTR_OID_GROUP_ID )) { if (*pX500Info->pszOID) return pX500Info->pszOID; } return NULL;}
//+-------------------------------------------------------------------------
// Checks if a digit
//--------------------------------------------------------------------------
static inline BOOL IsDigitA(char c){ return c >= '0' && c <= '9';}
#define X500_OID_PREFIX_A "OID."
#define X500_OID_PREFIX_LEN strlen(X500_OID_PREFIX_A)
#define NO_LOCALE MAKELCID(MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), SORT_DEFAULT)
//+-------------------------------------------------------------------------
// Check for the case insensitive leading "OID." If present, skip past
// it. Check that the remaining string contains only digits or a dot (".").
// Also, don't allow consecutive dots.
//
// Returns NULL for an invalid OID.
//--------------------------------------------------------------------------
static LPCSTR GetX500OID(IN LPCSTR pszObjId){ LPCSTR psz; char c; BOOL fDot;
if (strlen(pszObjId) > X500_OID_PREFIX_LEN && 2 == CompareStringA(NO_LOCALE, NORM_IGNORECASE, X500_OID_PREFIX_A, X500_OID_PREFIX_LEN, pszObjId, X500_OID_PREFIX_LEN)) pszObjId += X500_OID_PREFIX_LEN;
// Verify the OID to have only digits and dots
psz = pszObjId; fDot = FALSE; while (c = *psz++) { if (c == '.') { if (fDot) return NULL; fDot = TRUE; } else { if (!IsDigitA(c)) return NULL; fDot = FALSE; } } return pszObjId;}
//+-------------------------------------------------------------------------
// Convert the the hex string, for example, #AB01, to binary.
//
// The input string is assumed to have the leading #. Ignores embedded
// whitespace.
//
// The returned binary is allocated in pValue->pbData.
//--------------------------------------------------------------------------
static BOOL GetAndAllocHexW( IN LPCWSTR pwszToken, IN DWORD cchToken, OUT PCERT_RDN_VALUE_BLOB pValue ){ BOOL fResult; BYTE *pb; DWORD cb; BOOL fUpperNibble;
pValue->pbData = NULL; pValue->cbData = 0;
// Advance past #
cchToken--; pwszToken++; if (0 == cchToken) goto NoHex;
if (NULL == (pb = (BYTE *) PkiNonzeroAlloc(cchToken / 2 + 1))) goto OutOfMemory; pValue->pbData = pb;
fUpperNibble = TRUE; cb = 0; while (cchToken--) { BYTE b; WCHAR wc = *pwszToken++; // only convert ascii hex characters 0..9, a..f, A..F
// ignore whitespace
if (wc >= L'0' && wc <= L'9') b = (BYTE) (wc - L'0'); else if (wc >= L'a' && wc <= L'f') b = (BYTE) (10 + wc - L'a'); else if (wc >= L'A' && wc <= L'F') b = (BYTE) (10 + wc - L'A'); else if (IsSpaceW(wc)) continue; else goto InvalidHex;
if (fUpperNibble) { *pb = (BYTE)( b << 4 ); cb++; fUpperNibble = FALSE; } else { *pb = (BYTE)( *pb | b); pb++; fUpperNibble = TRUE; } } if (cb == 0) { PkiFree(pValue->pbData); pValue->pbData = NULL; } pValue->cbData = cb;
fResult = TRUE;CommonReturn: return fResult;ErrorReturn: fResult = FALSE; PkiFree(pValue->pbData); pValue->pbData = NULL; goto CommonReturn;TRACE_ERROR(OutOfMemory)SET_ERROR(NoHex, CRYPT_E_INVALID_X500_STRING)SET_ERROR(InvalidHex, CRYPT_E_INVALID_X500_STRING)}
#define X500_QUOTED_FLAG 0x1
#define X500_EMBEDDED_QUOTE_FLAG 0x2
//+-------------------------------------------------------------------------
// Get the next key or value token.
//
// Handles quoted tokens.
//
// Upon return *ppwsz points at the delimiter or error location
//--------------------------------------------------------------------------
static BOOL GetX500Token( IN OUT LPCWSTR *ppwsz, IN LPCWSTR pwszDelimiter, IN BOOL fEnableQuoting, OUT LPCWSTR *ppwszToken, OUT DWORD *pcchToken, OUT DWORD *pdwFlags ){ BOOL fResult; LPCWSTR pwsz = *ppwsz; LPCWSTR pwszStart = NULL; LPCWSTR pwszEnd = NULL; DWORD dwQuote = 0; // 1 - after leading ", 2 - after trailing "
*pdwFlags = 0; while (TRUE) { WCHAR wc = *pwsz; if (0 == dwQuote) { // No quotes so far. Or quoting not enabled.
if (fEnableQuoting && L'\"' == wc) { if (NULL == pwszStart) { pwszStart = pwsz + 1; dwQuote = 1; *pdwFlags |= X500_QUOTED_FLAG; } else // Quote after non whitespace
goto ErrorReturn; } else { if (L'\0' == wc || IsInStrW(pwszDelimiter, wc)) { // Hit a delimiter (including the null terminator)
if (pwszStart) *pcchToken = (DWORD)(pwszEnd - pwszStart) + 1; else *pcchToken = 0; break; }
if (!IsSpaceW(wc)) { pwszEnd = pwsz; if (NULL == pwszStart) pwszStart = pwsz; } } } else if (1 == dwQuote) { // After first quote
if (L'\0' == wc) { // Point to first quote
pwsz = pwszStart - 1; goto ErrorReturn; } else if (L'\"' == wc) { if (L'\"' == *(pwsz + 1)) { *pdwFlags |= X500_EMBEDDED_QUOTE_FLAG; // Skip double quote
pwsz++; } else { *pcchToken = (DWORD)(pwsz - pwszStart); dwQuote++; } } } else { // After second quote
if (L'\0' == wc || IsInStrW(pwszDelimiter, wc)) break; else if (!IsSpaceW(wc)) goto ErrorReturn; } pwsz++; }
fResult = TRUE;CommonReturn: *ppwszToken = pwszStart; *ppwsz = pwsz; return fResult;
ErrorReturn: pwszStart = NULL; *pcchToken = 0; fResult = FALSE; goto CommonReturn;}
//+-------------------------------------------------------------------------
// Convert the null terminated X500 WCHAR string to an encoded
// certificate name.
//--------------------------------------------------------------------------
BOOLWINAPICertStrToNameW( IN DWORD dwCertEncodingType, IN LPCWSTR pwszX500, IN DWORD dwStrType, IN OPTIONAL void *pvReserved, OUT BYTE *pbEncoded, IN OUT DWORD *pcbEncoded, OUT OPTIONAL LPCWSTR *ppwszError ){
typedef struct _X500_ATTR_AUX { LPSTR pszAllocObjId; LPCWSTR pwszValue; BYTE *pbAllocValue; BOOL fNewRDN;} X500_ATTR_AUX, *PX500_ATTR_AUX;#define X500_ATTR_ALLOC_COUNT 20
BOOL fResult; CERT_NAME_INFO NameInfo; PCERT_RDN pRDN = NULL; PCERT_RDN_ATTR pAttr = NULL; PX500_ATTR_AUX pAux = NULL;
DWORD cRDN = 0; DWORD cAttr = 0; DWORD iRDN; DWORD iAttr; DWORD cAllocAttr; BOOL fNewRDN; DWORD dwValueType;
WCHAR wszSeparators[8]; BOOL fEnableQuoting; LPCWSTR pwszError = NULL; LPCWSTR pwszStartX500 = pwszX500;
dwValueType = 0; if (dwStrType & CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG) dwValueType |= CERT_RDN_ENABLE_T61_UNICODE_FLAG; if (dwStrType & CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG) dwValueType |= CERT_RDN_ENABLE_UTF8_UNICODE_FLAG;
// Check for an empty Name.
if (NULL == pwszX500 || L'\0' == *pwszX500) { NameInfo.cRDN = 0; NameInfo.rgRDN = NULL;
if (ppwszError) *ppwszError = NULL;
return CryptEncodeObject( dwCertEncodingType, X509_NAME, &NameInfo, pbEncoded, pcbEncoded ); }
if (dwStrType & CERT_NAME_STR_SEMICOLON_FLAG) wcscpy(wszSeparators, L";"); else if (dwStrType & CERT_NAME_STR_COMMA_FLAG) wcscpy(wszSeparators, L","); else if (dwStrType & CERT_NAME_STR_CRLF_FLAG) wcscpy(wszSeparators, L"\r\n"); else wcscpy(wszSeparators, L",;"); if (!(dwStrType & CERT_NAME_STR_NO_PLUS_FLAG)) wcscat(wszSeparators, L"+");
if (dwStrType & CERT_NAME_STR_NO_QUOTING_FLAG) fEnableQuoting = FALSE; else fEnableQuoting = TRUE;
// Eliminate the upper flags before switching
switch (dwStrType & 0xFFFF) { case 0: case CERT_OID_NAME_STR: case CERT_X500_NAME_STR: break; case CERT_SIMPLE_NAME_STR: default: goto InvalidArg; }
// Do initial allocations of Attrs, and Auxs
if (NULL == (pAttr = (PCERT_RDN_ATTR) PkiNonzeroAlloc( sizeof(CERT_RDN_ATTR) * X500_ATTR_ALLOC_COUNT)) || NULL == (pAux = (PX500_ATTR_AUX) PkiNonzeroAlloc( sizeof(X500_ATTR_AUX) * X500_ATTR_ALLOC_COUNT))) goto OutOfMemory; cAllocAttr = X500_ATTR_ALLOC_COUNT; fNewRDN = TRUE; while (TRUE) { LPCWSTR pwszToken; DWORD cchToken; DWORD dwTokenFlags; LPCSTR pszObjId;
// Get the key token
if (!GetX500Token( &pwszX500, L"=", // pwszDelimiter
FALSE, // fEnableQuoting
&pwszToken, &cchToken, &dwTokenFlags )) { pwszError = pwszX500; goto X500KeyTokenError; }
if (0 == cchToken) { if (*pwszX500 == L'\0') break; else { pwszError = pwszX500; goto EmptyX500KeyError; } } else if (*pwszX500 == L'\0') { pwszError = pwszToken; goto NoX500KeyEqualError; }
if (cAttr >= cAllocAttr) { PCERT_RDN_ATTR pNewAttr; PX500_ATTR_AUX pNewAux;
assert(cAttr == cAllocAttr); if (NULL == (pNewAttr = (PCERT_RDN_ATTR) PkiRealloc(pAttr, sizeof(CERT_RDN_ATTR) * (cAllocAttr + X500_ATTR_ALLOC_COUNT)))) goto OutOfMemory; pAttr = pNewAttr;
if (NULL == (pNewAux = (PX500_ATTR_AUX) PkiRealloc(pAux, sizeof(X500_ATTR_AUX) * (cAllocAttr + X500_ATTR_ALLOC_COUNT)))) goto OutOfMemory; pAux = pNewAux;
cAllocAttr += X500_ATTR_ALLOC_COUNT; } iAttr = cAttr; cAttr++; memset(&pAttr[iAttr], 0, sizeof(CERT_RDN_ATTR)); memset(&pAux[iAttr], 0, sizeof(X500_ATTR_AUX)); pAux[iAttr].fNewRDN = fNewRDN; if (fNewRDN) cRDN++;
// Convert the Key token to an OID
pszObjId = X500KeyToOID(pwszToken, cchToken); if (NULL == pszObjId) { // Convert to ascii and null terminate
LPSTR pszAllocObjId; DWORD i;
// Convert from unicode to ascii and null terminate
if (NULL == (pszAllocObjId = (LPSTR) PkiNonzeroAlloc( cchToken + 1))) goto OutOfMemory; pAux[iAttr].pszAllocObjId = pszAllocObjId; for (i = 0; i < cchToken; i++) pszAllocObjId[i] = (char) (pwszToken[i] & 0xFF); pszAllocObjId[cchToken] = '\0';
// Skips by leading OID. and validates
pszObjId = GetX500OID(pszAllocObjId); if (NULL == pszObjId) { pwszError = pwszToken; goto InvalidX500Key; } } pAttr[iAttr].pszObjId = (LPSTR) pszObjId; pAttr[iAttr].dwValueType = dwValueType;
// Advance past the Key's "=" delimiter
pwszX500++;
// Get the value token
if (!GetX500Token( &pwszX500, wszSeparators, fEnableQuoting, &pwszToken, &cchToken, &dwTokenFlags )) { pwszError = pwszX500; goto X500ValueTokenError; } if (cchToken) { if (*pwszToken == L'#' && 0 == (dwTokenFlags & X500_QUOTED_FLAG)) { // Convert ascii hex to binary
if (!GetAndAllocHexW(pwszToken, cchToken, &pAttr[iAttr].Value)) { pwszError = pwszToken; goto ConvertHexError; } pAttr[iAttr].dwValueType = CERT_RDN_OCTET_STRING; pAux[iAttr].pbAllocValue = pAttr[iAttr].Value.pbData; } else if (dwTokenFlags & X500_EMBEDDED_QUOTE_FLAG) { // Realloc and remove the double "'s
LPWSTR pwszAlloc; DWORD cchAlloc; DWORD i; if (NULL == (pwszAlloc = (LPWSTR) PkiNonzeroAlloc( cchToken * sizeof(WCHAR)))) goto OutOfMemory; pAux[iAttr].pbAllocValue = (BYTE *) pwszAlloc; cchAlloc = 0; for (i = 0; i < cchToken; i++) { pwszAlloc[cchAlloc++] = pwszToken[i]; if (pwszToken[i] == L'\"') i++; } assert(cchAlloc < cchToken); pAttr[iAttr].Value.pbData = (BYTE *) pwszAlloc; pAttr[iAttr].Value.cbData = cchAlloc * sizeof(WCHAR); } else { pAttr[iAttr].Value.pbData = (BYTE *) pwszToken; pAttr[iAttr].Value.cbData = cchToken * sizeof(WCHAR); }
pAux[iAttr].pwszValue = pwszToken; }
fNewRDN = TRUE; if (*pwszX500 == L'\0') break; else if (*pwszX500 == L'+') fNewRDN = FALSE;
// Advance past the value's delimiter
pwszX500++; }
if (0 == cRDN) { pwszError = pwszStartX500; goto NoRDNError; }
// Allocate array of RDNs and update
if (NULL == (pRDN = (PCERT_RDN) PkiNonzeroAlloc(sizeof(CERT_RDN) * cRDN))) goto OutOfMemory; iRDN = 0; for (iAttr = 0; iAttr < cAttr; iAttr++) { if (pAux[iAttr].fNewRDN) { assert(iRDN < cRDN); pRDN[iRDN].cRDNAttr = 1; pRDN[iRDN].rgRDNAttr = &pAttr[iAttr]; iRDN++; } else { assert(iRDN > 0); pRDN[iRDN - 1].cRDNAttr++;
} } assert(iRDN == cRDN); NameInfo.cRDN = cRDN; NameInfo.rgRDN = pRDN;
if (dwStrType & CERT_NAME_STR_REVERSE_FLAG) ReverseNameInfo(&NameInfo);
// Encode the above built name
fResult = UnicodeNameInfoEncode( dwCertEncodingType, X509_UNICODE_NAME, &NameInfo, pbEncoded, pcbEncoded );
if (!fResult) { DWORD dwErr = GetLastError(); if ((DWORD) CRYPT_E_INVALID_NUMERIC_STRING == dwErr || (DWORD) CRYPT_E_INVALID_PRINTABLE_STRING == dwErr || (DWORD) CRYPT_E_INVALID_IA5_STRING == dwErr) { // *pcbEncoded contains the location of the error
PCERT_RDN_ATTR pErrAttr; DWORD iValue;
if (dwStrType & CERT_NAME_STR_REVERSE_FLAG) { // Reverse back to get the correct location of the error
// relative to the input string
ReverseNameInfo(&NameInfo); fResult = UnicodeNameInfoEncode( dwCertEncodingType, X509_UNICODE_NAME, &NameInfo, pbEncoded, pcbEncoded ); if (fResult) goto UnexpectedReverseEncodeSuccess; dwErr = GetLastError(); if (!( (DWORD) CRYPT_E_INVALID_NUMERIC_STRING == dwErr || (DWORD) CRYPT_E_INVALID_PRINTABLE_STRING == dwErr || (DWORD) CRYPT_E_INVALID_IA5_STRING == dwErr)) goto UnexpectedReverseEncodeError; }
iValue = GET_CERT_UNICODE_VALUE_ERR_INDEX(*pcbEncoded); iRDN = GET_CERT_UNICODE_RDN_ERR_INDEX(*pcbEncoded); iAttr = GET_CERT_UNICODE_ATTR_ERR_INDEX(*pcbEncoded); *pcbEncoded = 0;
assert(iRDN < cRDN); assert(iAttr < pRDN[iRDN].cRDNAttr); pErrAttr = &pRDN[iRDN].rgRDNAttr[iAttr];
assert(pErrAttr->dwValueType != CERT_RDN_OCTET_STRING);
// Index from beginning of pAttr
iAttr = (DWORD)(pErrAttr - pAttr); assert(iAttr < cAttr); assert(iValue < pAttr[iAttr].Value.cbData / sizeof(WCHAR)); pwszError = pAux[iAttr].pwszValue; assert(pwszError); if (pAux[iAttr].pbAllocValue) { // Adjust for embedded quotes where the the second quote
// was removed above before encoding
DWORD i = iValue; assert(pAux[iAttr].pbAllocValue == pAttr[iAttr].Value.pbData); LPCWSTR pwszValue = (LPCWSTR) pAttr[iAttr].Value.pbData; for ( ; i > 0; i--, pwszValue++) if (*pwszValue == L'\"') iValue++; } pwszError += iValue; } }CommonReturn: while (cAttr--) { PkiFree(pAux[cAttr].pszAllocObjId); PkiFree(pAux[cAttr].pbAllocValue); }
PkiFree(pRDN); PkiFree(pAttr); PkiFree(pAux); if (ppwszError) *ppwszError = pwszError; return fResult;ErrorReturn: fResult = FALSE; goto CommonReturn;
SET_ERROR(InvalidArg, E_INVALIDARG)TRACE_ERROR(OutOfMemory)SET_ERROR(X500KeyTokenError, CRYPT_E_INVALID_X500_STRING)SET_ERROR(EmptyX500KeyError, CRYPT_E_INVALID_X500_STRING)SET_ERROR(NoX500KeyEqualError, CRYPT_E_INVALID_X500_STRING)SET_ERROR(InvalidX500Key, CRYPT_E_INVALID_X500_STRING)SET_ERROR(X500ValueTokenError, CRYPT_E_INVALID_X500_STRING)SET_ERROR(ConvertHexError, CRYPT_E_INVALID_X500_STRING)SET_ERROR(NoRDNError, CRYPT_E_INVALID_X500_STRING)SET_ERROR(UnexpectedReverseEncodeSuccess, E_UNEXPECTED)TRACE_ERROR(UnexpectedReverseEncodeError)}
//+-------------------------------------------------------------------------
// Convert the null terminated X500 char string to an encoded
// certificate name.
//--------------------------------------------------------------------------
BOOLWINAPICertStrToNameA( IN DWORD dwCertEncodingType, IN LPCSTR pszX500, IN DWORD dwStrType, IN OPTIONAL void *pvReserved, OUT BYTE *pbEncoded, IN OUT DWORD *pcbEncoded, OUT OPTIONAL LPCSTR *ppszError ){ BOOL fResult; LPWSTR pwszX500 = NULL; LPCWSTR pwszError = NULL;
assert(pszX500); if (NULL == (pwszX500 = MkWStr((LPSTR) pszX500))) goto ErrorReturn; fResult = CertStrToNameW( dwCertEncodingType, pwszX500, dwStrType, pvReserved, pbEncoded, pcbEncoded, &pwszError ); if (ppszError) { // Update multi byte error location
if (pwszError) { // Default to beginning of string
*ppszError = pszX500; if (pwszError > pwszX500) { // After beginning of string. There should be at least 2
// characters.
//
// Need to convert pwszX500 .. pwszError - 1 back to multi byte
// to get the correct multi byte pointer.
int cchError = strlen(pszX500) - 1; // exclude error char
LPSTR pszError; DWORD dwSaveLastError = GetLastError();
assert(cchError); if (pszError = (LPSTR) PkiNonzeroAlloc(cchError)) { // Convert up through the previous multibyte character
cchError = WideCharToMultiByte( CP_ACP, 0, // dwFlags
pwszX500, (int)(pwszError - pwszX500), pszError, cchError, NULL, // lpDefaultChar
NULL // lpfUsedDefaultChar
); if (cchError > 0) *ppszError = pszX500 + cchError; PkiFree(pszError); }
SetLastError(dwSaveLastError); } } else *ppszError = NULL; }
CommonReturn: FreeWStr(pwszX500); return fResult;ErrorReturn: fResult = FALSE; *pcbEncoded = 0; if (ppszError) *ppszError = NULL; goto CommonReturn;}
//==========================================================================
// CertGetNameStrW support functions
//==========================================================================
//+-------------------------------------------------------------------------
// Returns pointer to allocated CERT_NAME_INFO by decoding the name blob.
//
// Returns NULL if cRDN == 0
//--------------------------------------------------------------------------
static PCERT_NAME_INFO AllocAndGetNameInfo( IN DWORD dwCertEncodingType, IN PCERT_NAME_BLOB pName, IN DWORD dwFlags ){ PCERT_NAME_INFO pInfo;
assert(pName); if (0 == pName->cbData) return NULL;
if (NULL == (pInfo = (PCERT_NAME_INFO) AllocAndDecodeObject( dwCertEncodingType, X509_UNICODE_NAME, pName->pbData, pName->cbData, (dwFlags & CERT_NAME_DISABLE_IE4_UTF8_FLAG) ? CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG : 0 ))) return NULL; if (0 == pInfo->cRDN) { PkiFree(pInfo); return NULL; } else return pInfo;}
//+-------------------------------------------------------------------------
// Returns pointer to allocated CERT_NAME_INFO by decoding either the
// Subject or Issuer field in the certificate. CERT_NAME_ISSUER_FLAG is
// set to select the Issuer.
//
// Returns NULL if cRDN == 0
//--------------------------------------------------------------------------
static PCERT_NAME_INFO AllocAndGetCertNameInfo( IN PCCERT_CONTEXT pCertContext, IN DWORD dwFlags ){ PCERT_NAME_BLOB pName;
if (dwFlags & CERT_NAME_ISSUER_FLAG) pName = &pCertContext->pCertInfo->Issuer; else pName = &pCertContext->pCertInfo->Subject;
return AllocAndGetNameInfo(pCertContext->dwCertEncodingType, pName, dwFlags);}
//+-------------------------------------------------------------------------
// Table of Subject and Issuer Alternative Name extension OIDs
//--------------------------------------------------------------------------
static const LPCSTR rgpszSubjectAltOID[] = { szOID_SUBJECT_ALT_NAME2, szOID_SUBJECT_ALT_NAME};#define NUM_SUBJECT_ALT_OID (sizeof(rgpszSubjectAltOID) / \
sizeof(rgpszSubjectAltOID[0]))
static const LPCSTR rgpszIssuerAltOID[] = { szOID_ISSUER_ALT_NAME2, szOID_ISSUER_ALT_NAME};#define NUM_ISSUER_ALT_OID (sizeof(rgpszIssuerAltOID) / \
sizeof(rgpszIssuerAltOID[0]))
//+-------------------------------------------------------------------------
// Returns pointer to allocated CERT_ALT_NAME_INFO by decoding either the
// Subject or Issuer Alternative Extension. CERT_NAME_ISSUER_FLAG is
// set to select the Issuer.
//
// Returns NULL if extension not found or cAltEntry == 0
//--------------------------------------------------------------------------
static PCERT_ALT_NAME_INFO AllocAndGetAltNameInfo( IN PCCERT_CONTEXT pCertContext, IN DWORD dwFlags ){ DWORD cAltOID; const LPCSTR *ppszAltOID;
PCERT_EXTENSION pExt; PCERT_ALT_NAME_INFO pInfo;
if (dwFlags & CERT_NAME_ISSUER_FLAG) { cAltOID = NUM_ISSUER_ALT_OID; ppszAltOID = rgpszIssuerAltOID; } else { cAltOID = NUM_SUBJECT_ALT_OID; ppszAltOID = rgpszSubjectAltOID; }
// Try to find an alternative name extension
pExt = NULL; for ( ; cAltOID > 0; cAltOID--, ppszAltOID++) { if (pExt = CertFindExtension( *ppszAltOID, pCertContext->pCertInfo->cExtension, pCertContext->pCertInfo->rgExtension )) break; }
if (NULL == pExt) return NULL;
if (NULL == (pInfo = (PCERT_ALT_NAME_INFO) AllocAndDecodeObject( pCertContext->dwCertEncodingType, X509_ALTERNATE_NAME, pExt->Value.pbData, pExt->Value.cbData, 0 // dwFlags
))) return NULL; if (0 == pInfo->cAltEntry) { PkiFree(pInfo); return NULL; } else return pInfo;}
//+-------------------------------------------------------------------------
// Returns pointer to allocated CERT_NAME_INFO by decoding the first
// Directory Name choice (if it exists) in the decoded CERT_ALT_NAME_INFO.
//
// Returns NULL if no Directory Name choice or cRDN == 0.
//--------------------------------------------------------------------------
static PCERT_NAME_INFO AllocAndGetAltDirNameInfo( IN DWORD dwCertEncodingType, IN PCERT_ALT_NAME_INFO pAltNameInfo, IN DWORD dwFlags ){ DWORD cEntry; PCERT_ALT_NAME_ENTRY pEntry;
if (NULL == pAltNameInfo) return NULL;
cEntry = pAltNameInfo->cAltEntry; pEntry = pAltNameInfo->rgAltEntry;
for ( ; cEntry > 0; cEntry--, pEntry++) { if (CERT_ALT_NAME_DIRECTORY_NAME == pEntry->dwAltNameChoice) { return AllocAndGetNameInfo(dwCertEncodingType, &pEntry->DirectoryName, dwFlags); } }
return NULL;}
//+-------------------------------------------------------------------------
// First, returns pointer to allocated CERT_ALT_NAME_INFO by decoding either
// the Subject or Issuer Alternative Extension. CERT_NAME_ISSUER_FLAG is
// set to select the Issuer. Returns NULL if extension not found or
// cAltEntry == 0
//
// Then, if able to find the extension, returns pointer to allocated
// CERT_NAME_INFO by decoding the first Directory Name choice (if it exists)
// in the decoded CERT_ALT_NAME_INFO. Returns NULL if no Directory Name
// choice or cRDN == 0.
//--------------------------------------------------------------------------
static PCERT_NAME_INFO AllocAndGetAltDirNameInfo( IN PCCERT_CONTEXT pCertContext, IN DWORD dwFlags, OUT PCERT_ALT_NAME_INFO *ppAltNameInfo ){ PCERT_ALT_NAME_INFO pAltNameInfo; *ppAltNameInfo = pAltNameInfo = AllocAndGetAltNameInfo(pCertContext, dwFlags); if (NULL == pAltNameInfo) return NULL; return AllocAndGetAltDirNameInfo(pCertContext->dwCertEncodingType, pAltNameInfo, dwFlags);}
//+-------------------------------------------------------------------------
// Copy name string. Ensure its NULL terminated.
//--------------------------------------------------------------------------
static void CopyNameStringW( IN LPCWSTR pwszSrc, OUT OPTIONAL LPWSTR pwszNameString, IN DWORD cchNameString, OUT DWORD *pcwszOut ){ PutStrW(pwszSrc, &pwszNameString, &cchNameString, pcwszOut); if (cchNameString != 0) // Always NULL terminate
*pwszNameString = L'\0'; *pcwszOut += 1;}
//+-------------------------------------------------------------------------
// Table of ordered RDN attributes to search for when formatting
// SIMPLE_DISPLAY_TYPE
//--------------------------------------------------------------------------
static const LPCSTR rgpszSimpleDisplayAttrOID[] = { szOID_COMMON_NAME, szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, szOID_RSA_emailAddr, NULL // any
};#define NUM_SIMPLE_DISPLAY_ATTR_OID (sizeof(rgpszSimpleDisplayAttrOID) / \
sizeof(rgpszSimpleDisplayAttrOID[0]))
//+-------------------------------------------------------------------------
// Table of ordered RDN attributes to search for when formatting
// EMAIL_TYPE
//--------------------------------------------------------------------------
static const LPCSTR rgpszEmailAttrOID[] = { szOID_RSA_emailAddr};#define NUM_EMAIL_ATTR_OID (sizeof(rgpszEmailAttrOID) / \
sizeof(rgpszEmailAttrOID[0]))
//+-------------------------------------------------------------------------
// Table of ordered RDN attributes to search for when formatting
// DNS_TYPE
//--------------------------------------------------------------------------
static const LPCSTR rgpszDNSAttrOID[] = { szOID_COMMON_NAME};#define NUM_DNS_ATTR_OID (sizeof(rgpszDNSAttrOID) / \
sizeof(rgpszDNSAttrOID[0]))
// Largest number from above tables
#define MAX_ATTR_OID NUM_SIMPLE_DISPLAY_ATTR_OID
// PCERT_NAME_INFO table count and indices
#define NAME_INFO_CNT 2
#define CERT_NAME_INFO_INDEX 0
#define ALT_DIR_NAME_INFO_INDEX 1
//+-------------------------------------------------------------------------
// Iterate through the list of attributes specified in rgpszAttrOID
// and iterate through the table of decoded names specified in rgpNameInfo
// and find the first occurrence of the attribute.
//--------------------------------------------------------------------------
static BOOL GetAttrStringW( IN DWORD cAttrOID, IN const LPCSTR *rgpszAttrOID, IN PCERT_NAME_INFO rgpNameInfo[NAME_INFO_CNT], OUT OPTIONAL LPWSTR pwszNameString, IN DWORD cchNameString, OUT DWORD *pcwszOut ){ DWORD iOID; PCERT_RDN_ATTR rgpFoundAttr[MAX_ATTR_OID]; DWORD iInfo;
assert(cAttrOID > 0 && cAttrOID <= MAX_ATTR_OID); for (iOID = 0; iOID < cAttrOID; iOID++) rgpFoundAttr[iOID] = NULL;
for (iInfo = 0; iInfo < NAME_INFO_CNT; iInfo++) { PCERT_NAME_INFO pInfo; DWORD cRDN;
if (NULL == (pInfo = rgpNameInfo[iInfo])) continue;
// Search RDNs in reverse order
for (cRDN = pInfo->cRDN; cRDN > 0; cRDN--) { PCERT_RDN pRDN = &pInfo->rgRDN[cRDN - 1]; DWORD cAttr = pRDN->cRDNAttr; PCERT_RDN_ATTR pAttr = pRDN->rgRDNAttr; for ( ; cAttr > 0; cAttr--, pAttr++) { if (CERT_RDN_ENCODED_BLOB == pAttr->dwValueType || CERT_RDN_OCTET_STRING == pAttr->dwValueType) continue;
for (iOID = 0; iOID < cAttrOID; iOID++) { if (NULL == rgpFoundAttr[iOID] && (NULL == rgpszAttrOID[iOID] || 0 == strcmp(rgpszAttrOID[iOID], pAttr->pszObjId))) { rgpFoundAttr[iOID] = pAttr; if (0 == iOID) goto FoundAttr; else break; } } } } }
// iOID == 0 was already found above
assert(NULL == rgpFoundAttr[0]); for (iOID = 1; iOID < cAttrOID; iOID++) { if (rgpFoundAttr[iOID]) break; } if (iOID >= cAttrOID) return FALSE;
FoundAttr: assert(iOID < cAttrOID && rgpFoundAttr[iOID]); CopyNameStringW((LPCWSTR) rgpFoundAttr[iOID]->Value.pbData, pwszNameString, cchNameString, pcwszOut); return TRUE;}
//+-------------------------------------------------------------------------
// Attempt to find the specified choice in the decoded alternative name
// extension.
//--------------------------------------------------------------------------
static BOOL GetAltNameUnicodeStringChoiceW( IN DWORD dwAltNameChoice, IN PCERT_ALT_NAME_INFO pAltNameInfo, OUT OPTIONAL LPWSTR pwszNameString, IN DWORD cchNameString, OUT DWORD *pcwszOut ){ DWORD cEntry; PCERT_ALT_NAME_ENTRY pEntry;
if (NULL == pAltNameInfo) return FALSE;
cEntry = pAltNameInfo->cAltEntry; pEntry = pAltNameInfo->rgAltEntry; for ( ; cEntry > 0; cEntry--, pEntry++) { if (dwAltNameChoice == pEntry->dwAltNameChoice) { // pwszRfc822Name union choice is the same as
// pwszDNSName and pwszURL.
CopyNameStringW(pEntry->pwszRfc822Name, pwszNameString, cchNameString, pcwszOut); return TRUE; } }
return FALSE;}
//+-------------------------------------------------------------------------
// Attempt to find an OTHER_NAME choice in the decoded alternative name
// extension whose pszObjId == szOID_NT_PRINCIPAL_NAME.
//
// The UPN OtherName Value blob is decoded as a X509_UNICODE_ANY_STRING.
//--------------------------------------------------------------------------
static BOOL GetAltNameUPNW( IN PCERT_ALT_NAME_INFO pAltNameInfo, OUT OPTIONAL LPWSTR pwszNameString, IN DWORD cchNameString, OUT DWORD *pcwszOut ){ DWORD cEntry; PCERT_ALT_NAME_ENTRY pEntry;
if (NULL == pAltNameInfo) return FALSE;
cEntry = pAltNameInfo->cAltEntry; pEntry = pAltNameInfo->rgAltEntry; for ( ; cEntry > 0; cEntry--, pEntry++) { if (CERT_ALT_NAME_OTHER_NAME == pEntry->dwAltNameChoice && 0 == strcmp(pEntry->pOtherName->pszObjId, szOID_NT_PRINCIPAL_NAME)) { PCERT_NAME_VALUE pNameValue; if (pNameValue = (PCERT_NAME_VALUE) AllocAndDecodeObject( X509_ASN_ENCODING, X509_UNICODE_ANY_STRING, pEntry->pOtherName->Value.pbData, pEntry->pOtherName->Value.cbData, 0 // dwFlags
)) { BOOL fIsStr = IS_CERT_RDN_CHAR_STRING(pNameValue->dwValueType);
if (fIsStr) CopyNameStringW((LPWSTR) pNameValue->Value.pbData, pwszNameString, cchNameString, pcwszOut); PkiFree(pNameValue);
if (fIsStr) return TRUE; } } }
return FALSE;}
//+-------------------------------------------------------------------------
// Get the subject or issuer name from the certificate and
// according to the specified format type, convert to a null terminated
// WCHAR string.
//
// CERT_NAME_ISSUER_FLAG can be set to get the issuer's name. Otherwise,
// gets the subject's name.
//--------------------------------------------------------------------------
DWORDWINAPICertGetNameStringW( IN PCCERT_CONTEXT pCertContext, IN DWORD dwType, IN DWORD dwFlags, IN void *pvTypePara, OUT OPTIONAL LPWSTR pwszNameString, IN DWORD cchNameString ){ DWORD cwszOut = 0; PCERT_NAME_INFO rgpNameInfo[NAME_INFO_CNT] = { NULL, NULL }; PCERT_ALT_NAME_INFO pAltNameInfo = NULL;
DWORD i; DWORD dwStrType; DWORD dwCertEncodingType;
if (NULL == pwszNameString) cchNameString = 0;
switch (dwType) { case CERT_NAME_EMAIL_TYPE: pAltNameInfo = AllocAndGetAltNameInfo(pCertContext, dwFlags); if (GetAltNameUnicodeStringChoiceW( CERT_ALT_NAME_RFC822_NAME, pAltNameInfo, pwszNameString, cchNameString, &cwszOut )) goto CommonReturn;
rgpNameInfo[CERT_NAME_INFO_INDEX] = AllocAndGetCertNameInfo( pCertContext, dwFlags); if (!GetAttrStringW( NUM_EMAIL_ATTR_OID, rgpszEmailAttrOID, rgpNameInfo, pwszNameString, cchNameString, &cwszOut )) goto NoEmail; break;
case CERT_NAME_DNS_TYPE: pAltNameInfo = AllocAndGetAltNameInfo(pCertContext, dwFlags); if (GetAltNameUnicodeStringChoiceW( CERT_ALT_NAME_DNS_NAME, pAltNameInfo, pwszNameString, cchNameString, &cwszOut )) goto CommonReturn;
rgpNameInfo[CERT_NAME_INFO_INDEX] = AllocAndGetCertNameInfo( pCertContext, dwFlags); if (!GetAttrStringW( NUM_DNS_ATTR_OID, rgpszDNSAttrOID, rgpNameInfo, pwszNameString, cchNameString, &cwszOut )) goto NoDNS; break;
case CERT_NAME_URL_TYPE: pAltNameInfo = AllocAndGetAltNameInfo(pCertContext, dwFlags); if (!GetAltNameUnicodeStringChoiceW( CERT_ALT_NAME_URL, pAltNameInfo, pwszNameString, cchNameString, &cwszOut )) goto NoURL; break;
case CERT_NAME_UPN_TYPE: pAltNameInfo = AllocAndGetAltNameInfo(pCertContext, dwFlags); if (!GetAltNameUPNW( pAltNameInfo, pwszNameString, cchNameString, &cwszOut )) goto NoUPN; break;
case CERT_NAME_RDN_TYPE: dwStrType = pvTypePara ? *((DWORD *) pvTypePara) : 0;
if (dwStrType & CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG) dwFlags |= CERT_NAME_DISABLE_IE4_UTF8_FLAG;
dwCertEncodingType = pCertContext->dwCertEncodingType; if (rgpNameInfo[CERT_NAME_INFO_INDEX] = AllocAndGetCertNameInfo( pCertContext, dwFlags)) // Note, decoded name info RDNs may be reversed
cwszOut = CertNameInfoToStrW( dwCertEncodingType, rgpNameInfo[CERT_NAME_INFO_INDEX], dwStrType, pwszNameString, cchNameString ); else if (rgpNameInfo[ALT_DIR_NAME_INFO_INDEX] = AllocAndGetAltDirNameInfo(pCertContext, dwFlags, &pAltNameInfo)) // Note, decoded name info RDNs may be reversed
cwszOut = CertNameInfoToStrW( dwCertEncodingType, rgpNameInfo[ALT_DIR_NAME_INFO_INDEX], dwStrType, pwszNameString, cchNameString ); else goto NoRDN; break;
case CERT_NAME_ATTR_TYPE: rgpNameInfo[CERT_NAME_INFO_INDEX] = AllocAndGetCertNameInfo( pCertContext, dwFlags); rgpNameInfo[ALT_DIR_NAME_INFO_INDEX] = AllocAndGetAltDirNameInfo( pCertContext, dwFlags, &pAltNameInfo);
if (!GetAttrStringW( 1, // cAttrOID
(const LPCSTR *) &pvTypePara, rgpNameInfo, pwszNameString, cchNameString, &cwszOut )) goto NoAttr; break;
case CERT_NAME_FRIENDLY_DISPLAY_TYPE: { DWORD cbData = 0;
CertGetCertificateContextProperty( pCertContext, CERT_FRIENDLY_NAME_PROP_ID, NULL, // pvData
&cbData ); // Need at least one character, plus the null terminator
if (cbData >= sizeof(WCHAR) * 2) { LPWSTR pwszFriendlyName;
// Ensure the Friendly name is null terminated.
if (pwszFriendlyName = (LPWSTR) PkiZeroAlloc( cbData + sizeof(WCHAR) * 2)) { BOOL fResult;
fResult = CertGetCertificateContextProperty( pCertContext, CERT_FRIENDLY_NAME_PROP_ID, pwszFriendlyName, &cbData ); if (fResult) CopyNameStringW( pwszFriendlyName, pwszNameString, cchNameString, &cwszOut ); PkiFree(pwszFriendlyName); if (fResult) goto CommonReturn; } } } // Fall through
case CERT_NAME_SIMPLE_DISPLAY_TYPE: rgpNameInfo[CERT_NAME_INFO_INDEX] = AllocAndGetCertNameInfo( pCertContext, dwFlags); rgpNameInfo[ALT_DIR_NAME_INFO_INDEX] = AllocAndGetAltDirNameInfo( pCertContext, dwFlags, &pAltNameInfo);
if (GetAttrStringW( NUM_SIMPLE_DISPLAY_ATTR_OID, rgpszSimpleDisplayAttrOID, rgpNameInfo, pwszNameString, cchNameString, &cwszOut )) goto CommonReturn; if (!GetAltNameUnicodeStringChoiceW( CERT_ALT_NAME_RFC822_NAME, pAltNameInfo, pwszNameString, cchNameString, &cwszOut )) goto NoSimpleDisplay; break;
default: goto InvalidType; }
CommonReturn: for (i = 0; i < NAME_INFO_CNT; i++) PkiFree(rgpNameInfo[i]); PkiFree(pAltNameInfo); return cwszOut;
ErrorReturn: if (0 != cchNameString) // Always NULL terminate
*pwszNameString = L'\0'; cwszOut = 1; goto CommonReturn;
SET_ERROR(NoEmail, CRYPT_E_NOT_FOUND)SET_ERROR(NoDNS, CRYPT_E_NOT_FOUND)SET_ERROR(NoURL, CRYPT_E_NOT_FOUND)SET_ERROR(NoUPN, CRYPT_E_NOT_FOUND)SET_ERROR(NoRDN, CRYPT_E_NOT_FOUND)SET_ERROR(NoAttr, CRYPT_E_NOT_FOUND)SET_ERROR(NoSimpleDisplay, CRYPT_E_NOT_FOUND)SET_ERROR(InvalidType, E_INVALIDARG)}
//+-------------------------------------------------------------------------
// Get the subject or issuer name from the certificate and
// according to the specified format type, convert to a null terminated
// char string.
//
// CERT_NAME_ISSUER_FLAG can be set to get the issuer's name. Otherwise,
// gets the subject's name.
//--------------------------------------------------------------------------
DWORDWINAPICertGetNameStringA( IN PCCERT_CONTEXT pCertContext, IN DWORD dwType, IN DWORD dwFlags, IN void *pvTypePara, OUT OPTIONAL LPSTR pszNameString, IN DWORD cchNameString ){ DWORD cszOut; LPWSTR pwsz = NULL; DWORD cwsz;
cwsz = CertGetNameStringW( pCertContext, dwType, dwFlags, pvTypePara, NULL, // pwsz
0 // cwsz
); if (pwsz = (LPWSTR) PkiNonzeroAlloc(cwsz * sizeof(WCHAR))) CertGetNameStringW( pCertContext, dwType, dwFlags, pvTypePara, pwsz, cwsz ); cszOut = ConvertUnicodeStringToAscii(pwsz, cwsz, pszNameString, cchNameString);
PkiFree(pwsz); return cszOut;}
|
