archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pkitrust/softpub/chainprv.cpp

638 lines
22 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: chainprv.cpp
  8. //
  9. // Contents: Microsoft Internet Security Generic Chain Policy Provider
  10. //
  11. // Functions: GenericChainRegisterServer
  12. // GenericChainUnregisterServer
  13. // GenericChainCertificateTrust
  14. // GenericChainFinalProv
  15. //
  16. // History: 21-Feb-1998 philh created
  17. //
  18. //--------------------------------------------------------------------------
  20. #include "global.hxx"
  23. //////////////////////////////////////////////////////////////////////////////
  24. //
  25. // GenericChainRegisterServer
  26. //----------------------------------------------------------------------------
  27. // Register the GenericChain provider
  28. //
  30. STDAPI GenericChainRegisterServer(void)
  31. {
  32. GUID gGenericChainProv = WINTRUST_ACTION_GENERIC_CHAIN_VERIFY;
  33. BOOL fRet;
  34. CRYPT_REGISTER_ACTIONID sRegAID;
  36. fRet = TRUE;
  38. memset(&sRegAID, 0x00, sizeof(CRYPT_REGISTER_ACTIONID));
  40. sRegAID.cbStruct = sizeof(CRYPT_REGISTER_ACTIONID);
  42. // Authenticode initialization provider
  43. sRegAID.sInitProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  44. sRegAID.sInitProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  45. sRegAID.sInitProvider.pwszFunctionName = SP_INIT_FUNCTION;
  47. // Authenticode object provider
  48. sRegAID.sObjectProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  49. sRegAID.sObjectProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  50. sRegAID.sObjectProvider.pwszFunctionName = SP_OBJTRUST_FUNCTION;
  52. // Authenticode signature provider
  53. sRegAID.sSignatureProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  54. sRegAID.sSignatureProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  55. sRegAID.sSignatureProvider.pwszFunctionName = SP_SIGTRUST_FUNCTION;
  57. //------------------------------------------------------------------------
  58. // Our Generic Chain certificate provider (builds the chain)
  59. //+-----------------------------------------------------------------------
  60. sRegAID.sCertificateProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  61. sRegAID.sCertificateProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  62. sRegAID.sCertificateProvider.pwszFunctionName = GENERIC_CHAIN_CERTTRUST_FUNCTION;
  64. // authenticode cert policy
  65. sRegAID.sCertificatePolicyProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  66. sRegAID.sCertificatePolicyProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  67. sRegAID.sCertificatePolicyProvider.pwszFunctionName = SP_CHKCERT_FUNCTION;
  69. //------------------------------------------------------------------------
  70. // Our Generic Chain final provider (chain policy callback)
  71. //+-----------------------------------------------------------------------
  72. sRegAID.sFinalPolicyProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  73. sRegAID.sFinalPolicyProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  74. sRegAID.sFinalPolicyProvider.pwszFunctionName = GENERIC_CHAIN_FINALPOLICY_FUNCTION;
  76. // Authenticode cleanup -- we don't store any data.
  77. sRegAID.sCleanupProvider.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY);
  78. sRegAID.sCleanupProvider.pwszDLLName = SP_POLICY_PROVIDER_DLL_NAME;
  79. sRegAID.sCleanupProvider.pwszFunctionName = SP_CLEANUPPOLICY_FUNCTION;
  81. fRet &= WintrustAddActionID(&gGenericChainProv, 0, &sRegAID);
  82. return((fRet) ? S_OK : S_FALSE);
  83. }
  85. //////////////////////////////////////////////////////////////////////////////
  86. //
  87. // DllUnregisterServer
  88. //----------------------------------------------------------------------------
  89. // unregisters GenericChain provider
  90. //
  92. STDAPI GenericChainUnregisterServer(void)
  93. {
  94. GUID gGenericChainProv = WINTRUST_ACTION_GENERIC_CHAIN_VERIFY;
  96. WintrustRemoveActionID(&gGenericChainProv);
  97. return(S_OK);
  98. }
  100. //////////////////////////////////////////////////////////////////////////////
  101. //
  102. // GenericChainCertificateTrust
  103. //----------------------------------------------------------------------------
  104. // Creates the chains for the signers and counter signers
  105. //
  107. void GenericChainWalkSigner(
  108. IN OUT PCRYPT_PROVIDER_DATA pProvData,
  109. IN OUT PCRYPT_PROVIDER_SGNR pSgnr,
  110. IN PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO pChainInfo
  111. );
  113. HRESULT
  114. WINAPI
  115. GenericChainCertificateTrust(
  116. IN OUT PCRYPT_PROVIDER_DATA pProvData
  117. )
  118. {
  119. HRESULT hr;
  120. WTD_GENERIC_CHAIN_POLICY_DATA DefaultPolicyData;
  121. PWTD_GENERIC_CHAIN_POLICY_DATA pPolicyData;
  123. if (_ISINSTRUCT(CRYPT_PROVIDER_DATA, pProvData->cbStruct,
  124. fRecallWithState) && pProvData->fRecallWithState == TRUE)
  125. return S_OK;
  127. pPolicyData = (PWTD_GENERIC_CHAIN_POLICY_DATA)
  128. pProvData->pWintrustData->pPolicyCallbackData;
  130. if (NULL == pPolicyData) {
  131. memset(&DefaultPolicyData, 0, sizeof(DefaultPolicyData));
  132. DefaultPolicyData.cbSize = sizeof(DefaultPolicyData);
  133. pPolicyData = &DefaultPolicyData;
  134. }
  136. if (!_ISINSTRUCT(WTD_GENERIC_CHAIN_POLICY_DATA,
  137. pPolicyData->cbSize, pvPolicyArg) ||
  138. !_ISINSTRUCT(CRYPT_PROVIDER_DATA, pProvData->cbStruct, dwProvFlags) ||
  139. (pProvData->dwProvFlags & WTD_USE_IE4_TRUST_FLAG)) {
  140. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
  141. ERROR_INVALID_PARAMETER;
  142. return S_FALSE;
  143. }
  145. if (pProvData->csSigners < 1) {
  146. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
  147. TRUST_E_NOSIGNATURE;
  148. return S_FALSE;
  149. }
  151. pProvData->dwProvFlags |= CPD_USE_NT5_CHAIN_FLAG;
  152. hr = S_OK;
  153. //
  154. // loop through all signers
  155. //
  156. for (DWORD i = 0; i < pProvData->csSigners; i++) {
  157. PCRYPT_PROVIDER_SGNR pSgnr;
  159. pSgnr = WTHelperGetProvSignerFromChain(pProvData, i, FALSE, 0);
  160. if (pSgnr->csCertChain < 1) {
  161. pSgnr->dwError = TRUST_E_NO_SIGNER_CERT;
  162. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
  163. TRUST_E_NO_SIGNER_CERT;
  164. hr = S_FALSE;
  165. continue;
  166. }
  168. GenericChainWalkSigner(
  169. pProvData,
  170. pSgnr,
  171. pPolicyData->pSignerChainInfo
  172. );
  174. //
  175. // loop through all counter signers
  176. //
  177. for (DWORD j = 0; j < pSgnr->csCounterSigners; j++) {
  178. PCRYPT_PROVIDER_SGNR pCounterSgnr;
  180. pCounterSgnr = WTHelperGetProvSignerFromChain(
  181. pProvData, i, TRUE, j);
  182. if (pCounterSgnr->csCertChain < 1) {
  183. pCounterSgnr->dwError = TRUST_E_NO_SIGNER_CERT;
  184. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
  185. TRUST_E_COUNTER_SIGNER;
  186. hr = S_FALSE;
  187. continue;
  188. }
  190. GenericChainWalkSigner(
  191. pProvData,
  192. pCounterSgnr,
  193. pPolicyData->pCounterSignerChainInfo
  194. );
  195. }
  196. }
  198. return hr;
  199. }
  202. HCERTSTORE GenericChainGetAdditionalStore(
  203. IN CRYPT_PROVIDER_DATA *pProvData
  204. )
  205. {
  206. if (0 == pProvData->chStores)
  207. return NULL;
  209. if (1 < pProvData->chStores) {
  210. HCERTSTORE hCollectionStore;
  212. if (hCollectionStore = CertOpenStore(
  213. CERT_STORE_PROV_COLLECTION,
  214. 0, // dwEncodingType
  215. 0, // hCryptProv
  216. 0, // dwFlags
  217. NULL // pvPara
  218. )) {
  219. DWORD i;
  220. for (i = 0; i < pProvData->chStores; i++)
  221. CertAddStoreToCollection(
  222. hCollectionStore,
  223. pProvData->pahStores[i],
  224. CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
  225. 0 // dwPriority
  226. );
  227. }
  228. return hCollectionStore;
  229. } else
  230. return CertDuplicateStore(pProvData->pahStores[0]);
  231. }
  233. void GenericChainWalkSigner(
  234. IN OUT PCRYPT_PROVIDER_DATA pProvData,
  235. IN OUT PCRYPT_PROVIDER_SGNR pSgnr,
  236. IN PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO pChainInfo
  237. )
  238. {
  239. DWORD dwSgnrError;
  240. WTD_GENERIC_CHAIN_POLICY_CREATE_INFO DefaultChainInfo;
  241. CERT_CHAIN_PARA ChainPara;
  242. HCERTSTORE hAdditionalStore = NULL;
  243. PCCERT_CHAIN_CONTEXT pChainContext;
  244. PCRYPT_PROVIDER_CERT pCert = NULL;
  246. if (pChainInfo) {
  247. if (!_ISINSTRUCT(WTD_GENERIC_CHAIN_POLICY_CREATE_INFO,
  248. pChainInfo->cbSize, pvReserved)) {
  249. dwSgnrError = ERROR_INVALID_PARAMETER;
  250. goto InvalidParameter;
  251. }
  252. } else {
  253. memset(&ChainPara, 0, sizeof(ChainPara));
  254. ChainPara.cbSize = sizeof(ChainPara);
  256. memset(&DefaultChainInfo, 0, sizeof(DefaultChainInfo));
  257. DefaultChainInfo.cbSize = sizeof(DefaultChainInfo);
  258. DefaultChainInfo.pChainPara = &ChainPara;
  259. pChainInfo = &DefaultChainInfo;
  260. }
  262. hAdditionalStore = GenericChainGetAdditionalStore(pProvData);
  263. pCert = WTHelperGetProvCertFromChain(pSgnr, 0);
  264. if (pCert == NULL)
  265. {
  266. // Not really sure what error to put here
  267. pProvData->dwError = E_UNEXPECTED;
  268. dwSgnrError = E_UNEXPECTED;
  269. goto ErrorReturn;
  270. }
  272. if (!CertGetCertificateChain (
  273. pChainInfo->hChainEngine,
  274. pCert->pCert,
  275. &pSgnr->sftVerifyAsOf,
  276. hAdditionalStore,
  277. pChainInfo->pChainPara,
  278. pChainInfo->dwFlags,
  279. pChainInfo->pvReserved,
  280. &pChainContext
  281. )) {
  282. pProvData->dwError = GetLastError();
  283. dwSgnrError = TRUST_E_SYSTEM_ERROR;
  284. goto GetChainError;
  285. }
  287. pSgnr->pChainContext = pChainContext;
  289. CommonReturn:
  290. if (hAdditionalStore)
  291. CertCloseStore(hAdditionalStore, 0);
  292. return;
  294. ErrorReturn:
  295. pSgnr->dwError = dwSgnrError;
  296. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
  297. dwSgnrError;
  298. goto CommonReturn;
  299. TRACE_ERROR_EX(DBG_SS, InvalidParameter)
  300. TRACE_ERROR_EX(DBG_SS, GetChainError)
  301. }
  304. //////////////////////////////////////////////////////////////////////////////
  305. //
  306. // Final Policy Provider function: GenericChainFinalProv
  307. //----------------------------------------------------------------------------
  308. // Check the outcome of the previous functions and display UI based on this.
  309. //
  312. DWORD GenericChainGetErrorBasedOnStepErrors(
  313. IN PCRYPT_PROVIDER_DATA pProvData
  314. );
  316. HRESULT
  317. WINAPI
  318. GenericChainDefaultPolicyCallback(
  319. IN PCRYPT_PROVIDER_DATA pProvData,
  320. IN DWORD dwStepError,
  321. IN DWORD dwRegPolicySettings,
  322. IN DWORD cSigner,
  323. IN PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *rgpSigner,
  324. IN void *pvPolicyArg
  325. );
  327. HRESULT
  328. WINAPI
  329. GenericChainFinalProv(
  330. IN OUT PCRYPT_PROVIDER_DATA pProvData
  331. )
  332. {
  333. HRESULT hr;
  335. WTD_GENERIC_CHAIN_POLICY_DATA DefaultPolicyData;
  336. PWTD_GENERIC_CHAIN_POLICY_DATA pPolicyData;
  337. DWORD dwStepError;
  338. DWORD cSigner = 0;
  339. DWORD i;
  340. PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *ppSignerInfo = NULL;
  341. PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO pSignerInfo; // not allocated
  342. PFN_WTD_GENERIC_CHAIN_POLICY_CALLBACK pfnPolicyCallback;
  344. pPolicyData = (PWTD_GENERIC_CHAIN_POLICY_DATA)
  345. pProvData->pWintrustData->pPolicyCallbackData;
  346. if (NULL == pPolicyData) {
  347. memset(&DefaultPolicyData, 0, sizeof(DefaultPolicyData));
  348. DefaultPolicyData.cbSize = sizeof(DefaultPolicyData);
  349. pPolicyData = &DefaultPolicyData;
  350. }
  352. if (!_ISINSTRUCT(WTD_GENERIC_CHAIN_POLICY_DATA,
  353. pPolicyData->cbSize, pvPolicyArg) ||
  354. !_ISINSTRUCT(CRYPT_PROVIDER_DATA, pProvData->cbStruct, dwFinalError) ||
  355. (pProvData->dwProvFlags & WTD_USE_IE4_TRUST_FLAG) ||
  356. 0 == (pProvData->dwProvFlags & CPD_USE_NT5_CHAIN_FLAG))
  357. goto InvalidParameter;
  359. dwStepError = GenericChainGetErrorBasedOnStepErrors(pProvData);
  361. cSigner = pProvData->csSigners;
  362. if (0 == cSigner)
  363. goto NoSignature;
  365. if (NULL == (ppSignerInfo =
  366. (PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *) malloc(
  367. sizeof(PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) * cSigner +
  368. sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) * cSigner)))
  369. goto OutOfMemory;
  370. memset(ppSignerInfo, 0,
  371. sizeof(PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) * cSigner +
  372. sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) * cSigner);
  374. //
  375. // Update allocated info for each signer
  376. //
  377. pSignerInfo = (PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO)
  378. &ppSignerInfo[cSigner];
  379. i = 0;
  380. for ( ; i < cSigner; i++, pSignerInfo++) {
  381. CRYPT_PROVIDER_SGNR *pSgnr;
  382. DWORD cCounterSigner;
  384. ppSignerInfo[i] = pSignerInfo;
  385. pSignerInfo->cbSize = sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO);
  387. pSgnr = WTHelperGetProvSignerFromChain(pProvData, i, FALSE, 0);
  388. pSignerInfo->pChainContext = pSgnr->pChainContext;
  389. pSignerInfo->dwSignerType = pSgnr->dwSignerType;
  390. pSignerInfo->pMsgSignerInfo = pSgnr->psSigner;
  391. pSignerInfo->dwError = pSgnr->dwError;
  393. cCounterSigner = pSgnr->csCounterSigners;
  394. if (cCounterSigner) {
  395. DWORD j;
  396. PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *ppCounterSignerInfo;
  397. PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO pCounterSignerInfo;
  399. if (NULL == (ppCounterSignerInfo =
  400. (PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *) malloc(
  401. sizeof(PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) *
  402. cCounterSigner +
  403. sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) *
  404. cCounterSigner)))
  405. goto OutOfMemory;
  406. memset(ppCounterSignerInfo, 0,
  407. sizeof(PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) * cCounterSigner +
  408. sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO) * cCounterSigner);
  409. pSignerInfo->cCounterSigner = cCounterSigner;
  410. pSignerInfo->rgpCounterSigner = ppCounterSignerInfo;
  412. //
  413. // Update allocated info for each counter signer
  414. //
  415. pCounterSignerInfo = (PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO)
  416. &ppCounterSignerInfo[cCounterSigner];
  417. j = 0;
  418. for ( ; j < cCounterSigner; j++, pCounterSignerInfo++) {
  419. PCRYPT_PROVIDER_SGNR pCounterSgnr;
  421. ppCounterSignerInfo[j] = pCounterSignerInfo;
  422. pCounterSignerInfo->cbSize =
  423. sizeof(WTD_GENERIC_CHAIN_POLICY_SIGNER_INFO);
  425. pCounterSgnr = WTHelperGetProvSignerFromChain(pProvData, i,
  426. TRUE, j);
  427. pCounterSignerInfo->pChainContext = pCounterSgnr->pChainContext;
  428. pCounterSignerInfo->dwSignerType = pCounterSgnr->dwSignerType;
  429. pCounterSignerInfo->pMsgSignerInfo = pCounterSgnr->psSigner;
  430. pCounterSignerInfo->dwError = pCounterSgnr->dwError;
  431. }
  432. }
  433. }
  435. if (pPolicyData->pfnPolicyCallback)
  436. pfnPolicyCallback = pPolicyData->pfnPolicyCallback;
  437. else
  438. pfnPolicyCallback = GenericChainDefaultPolicyCallback;
  440. hr = pfnPolicyCallback(
  441. pProvData,
  442. dwStepError,
  443. pProvData->dwRegPolicySettings,
  444. cSigner,
  445. ppSignerInfo,
  446. pPolicyData->pvPolicyArg
  447. );
  449. CommonReturn:
  450. if (ppSignerInfo) {
  451. while (cSigner--) {
  452. pSignerInfo = ppSignerInfo[cSigner];
  453. if (pSignerInfo && pSignerInfo->rgpCounterSigner)
  454. free(pSignerInfo->rgpCounterSigner);
  455. }
  456. free(ppSignerInfo);
  457. }
  458. pProvData->dwFinalError = (DWORD) hr;
  459. return hr;
  461. ErrorReturn:
  462. hr = (HRESULT) GetLastError();
  463. if (S_OK == hr)
  464. hr = E_UNEXPECTED;
  465. goto CommonReturn;
  467. SET_ERROR_EX(DBG_SS, InvalidParameter, ERROR_INVALID_PARAMETER)
  468. SET_ERROR_EX(DBG_SS, OutOfMemory, ERROR_NOT_ENOUGH_MEMORY)
  469. SET_ERROR_EX(DBG_SS, NoSignature, TRUST_E_NOSIGNATURE);
  470. }
  472. DWORD GenericChainGetErrorBasedOnStepErrors(
  473. IN PCRYPT_PROVIDER_DATA pProvData
  474. )
  475. {
  476. //
  477. // initial allocation of the step errors?
  478. //
  479. if (NULL == pProvData->padwTrustStepErrors)
  480. return ERROR_NOT_ENOUGH_MEMORY;
  482. // problem with file
  483. if ((pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FILEIO] != 0) ||
  484. (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_CATALOGFILE] != 0))
  485. {
  486. return(CRYPT_E_FILE_ERROR);
  487. }
  489. //
  490. // did we fail in one of the last steps?
  491. //
  492. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_INITPROV] != 0)
  493. {
  494. return(pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_INITPROV]);
  495. }
  497. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] != 0)
  498. {
  499. return(pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]);
  500. }
  502. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] != 0)
  503. {
  504. return(pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV]);
  505. }
  507. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] != 0)
  508. {
  509. return(pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
  510. }
  512. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTCHKPROV] != 0)
  513. {
  514. return(pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTCHKPROV]);
  515. }
  517. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV] != 0)
  518. {
  519. return(pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_POLICYPROV]);
  520. }
  522. return(ERROR_SUCCESS);
  523. }
  525. HRESULT
  526. WINAPI
  527. GenericChainDefaultPolicyCallback(
  528. IN PCRYPT_PROVIDER_DATA pProvData,
  529. IN DWORD dwStepError,
  530. IN DWORD dwRegPolicySettings,
  531. IN DWORD cSigner,
  532. IN PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO *rgpSigner,
  533. IN void *pvPolicyArg
  534. )
  535. {
  536. HRESULT hr;
  537. DWORD i;
  539. AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA ExtraPolicyPara;
  540. memset(&ExtraPolicyPara, 0, sizeof(ExtraPolicyPara));
  541. ExtraPolicyPara.cbSize = sizeof(ExtraPolicyPara);
  542. ExtraPolicyPara.dwRegPolicySettings = dwRegPolicySettings;
  544. CERT_CHAIN_POLICY_PARA PolicyPara;
  545. memset(&PolicyPara, 0, sizeof(PolicyPara));
  546. PolicyPara.cbSize = sizeof(PolicyPara);
  547. PolicyPara.pvExtraPolicyPara = (void *) &ExtraPolicyPara;
  549. AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS ExtraPolicyStatus;
  550. memset(&ExtraPolicyStatus, 0, sizeof(ExtraPolicyStatus));
  551. ExtraPolicyStatus.cbSize = sizeof(ExtraPolicyStatus);
  553. CERT_CHAIN_POLICY_STATUS PolicyStatus;
  554. memset(&PolicyStatus, 0, sizeof(PolicyStatus));
  555. PolicyStatus.cbSize = sizeof(PolicyStatus);
  556. PolicyStatus.pvExtraPolicyStatus = (void *) &ExtraPolicyStatus;
  558. //
  559. // check the high level error codes.
  560. //
  561. if (0 != dwStepError) {
  562. hr = (HRESULT) dwStepError;
  563. goto CommonReturn;
  564. }
  567. //
  568. // check each signer
  569. //
  570. for (i = 0; i < cSigner; i++) {
  571. PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO pSigner = rgpSigner[i];
  572. ExtraPolicyPara.pSignerInfo = pSigner->pMsgSignerInfo;
  574. if (!CertVerifyCertificateChainPolicy(
  575. CERT_CHAIN_POLICY_AUTHENTICODE,
  576. pSigner->pChainContext,
  577. &PolicyPara,
  578. &PolicyStatus
  579. )) {
  580. hr = TRUST_E_SYSTEM_ERROR;
  581. goto CommonReturn;
  582. }
  584. if (0 != PolicyStatus.dwError) {
  585. hr = (HRESULT) PolicyStatus.dwError;
  586. goto CommonReturn;
  587. }
  589. if (pSigner->cCounterSigner) {
  590. AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA TSExtraPolicyPara;
  591. memset(&TSExtraPolicyPara, 0, sizeof(TSExtraPolicyPara));
  592. TSExtraPolicyPara.cbSize = sizeof(TSExtraPolicyPara);
  593. TSExtraPolicyPara.dwRegPolicySettings = dwRegPolicySettings;
  594. TSExtraPolicyPara.fCommercial = ExtraPolicyStatus.fCommercial;
  596. CERT_CHAIN_POLICY_PARA TSPolicyPara;
  597. memset(&TSPolicyPara, 0, sizeof(TSPolicyPara));
  598. TSPolicyPara.cbSize = sizeof(TSPolicyPara);
  599. TSPolicyPara.pvExtraPolicyPara = (void *) &TSExtraPolicyPara;
  601. CERT_CHAIN_POLICY_STATUS TSPolicyStatus;
  602. memset(&TSPolicyStatus, 0, sizeof(TSPolicyStatus));
  603. TSPolicyStatus.cbSize = sizeof(TSPolicyStatus);
  606. //
  607. // check counter signers
  608. //
  609. for (DWORD j = 0; j < pSigner->cCounterSigner; j++) {
  610. PWTD_GENERIC_CHAIN_POLICY_SIGNER_INFO pCounterSigner =
  611. pSigner->rgpCounterSigner[j];
  613. //
  614. // do we care about this counter signer?
  615. //
  616. if (pCounterSigner->dwSignerType != SGNR_TYPE_TIMESTAMP)
  617. continue;
  619. if (!CertVerifyCertificateChainPolicy(
  620. CERT_CHAIN_POLICY_AUTHENTICODE_TS,
  621. pCounterSigner->pChainContext,
  622. &TSPolicyPara,
  623. &TSPolicyStatus
  624. )) {
  625. hr = TRUST_E_SYSTEM_ERROR;
  626. goto CommonReturn;
  627. } else if (0 != TSPolicyStatus.dwError) {
  628. hr = (HRESULT) TSPolicyStatus.dwError;
  629. goto CommonReturn;
  630. }
  631. }
  632. }
  633. }
  635. hr = S_OK;
  636. CommonReturn:
  637. return hr;
  638. }