archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/activex/xaddroot/rootlist.h

73 lines
2.8 KiB
Raw Permalink Blame History

//+-------------------------------------------------------------------------
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 1999
//
// File: rootlist.h
//
// Contents: Signed List of Trusted Roots Helper Functions
//
// History: 01-Aug-99 philh created
//--------------------------------------------------------------------------
#ifndef __ROOT_LIST_INCLUDED__
#define __ROOT_LIST_INCLUDED__
#include "wincrypt.h"
//+-------------------------------------------------------------------------
// Verify that the encoded CTL contains a signed list of roots. For success,
// return certificate store containing the trusted roots to add or
// remove. Also for success, return certificate context of the signer.
//
// The signature of the CTL is verified. The signer of the CTL is verified
// up to a trusted root containing the predefined Microsoft public key.
// The signer and intermediate certificates must have the
// szOID_ROOT_LIST_SIGNER enhanced key usage extension.
//
// The CTL fields are validated as follows:
// - There is at least one SubjectUsage (really the roots enhanced key usage)
// - If NextUpdate isn't NULL, that the CTL is still time valid
// - Only allow roots identified by their sha1 hash
//
// The following CTL extensions are processed:
// - szOID_ENHANCED_KEY_USAGE - if present, must contain
// szOID_ROOT_LIST_SIGNER usage
// - szOID_REMOVE_CERTIFICATE - integer value, 0 => FALSE (add)
// 1 => TRUE (remove), all other values are invalid
// - szOID_CERT_POLICIES - ignored
//
// If the CTL contains any other critical extensions, then, the
// CTL verification fails.
//
// For a successfully verified CTL:
// - TRUE is returned
// - *pfRemoveRoots is set to FALSE to add roots and is set to TRUE to
// remove roots.
// - *phRootListStore is a certificate store containing only the roots to
// add or remove. *phRootListStore must be closed by calling
// CertCloseStore(). For added roots, the CTL's SubjectUsage field is
// set as CERT_ENHKEY_USAGE_PROP_ID on all of the certificates in the
// store.
// - *ppSignerCert is a pointer to the certificate context of the signer.
// *ppSignerCert must be freed by calling CertFreeCertificateContext().
//
// Otherwise, FALSE is returned with *phRootListStore and *ppSignerCert
// set to NULL.
//--------------------------------------------------------------------------
BOOL
WINAPI
I_CertVerifySignedListOfTrustedRoots(
IN const BYTE *pbCtlEncoded,
IN DWORD cbCtlEncoded,
OUT BOOL *pfRemoveRoots, // FALSE: add, TRUE: remove
OUT HCERTSTORE *phRootListStore,
OUT PCCERT_CONTEXT *ppSignerCert
);
#endif // __ROOT_LIST_INCLUDED__