Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

986 lines
34 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// File: gettrst.cpp
//
//--------------------------------------------------------------------------
#include "global.hxx"
#include <dbgdef.h>
#include "wintrustp.h"
#include "crypthlp.h"
extern HINSTANCE HinstDll;
extern HMODULE HmodRichEdit;
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
static BOOL IsUntrustedRootProblem(WINTRUST_DATA *pWTD)
{
CRYPT_PROVIDER_DATA *pProvData = NULL;
CRYPT_PROVIDER_SGNR *pProvSigner = NULL;
CRYPT_PROVIDER_CERT *pCryptProviderCert;
DWORD i;
pProvData = WTHelperProvDataFromStateData(pWTD->hWVTStateData);
pProvSigner = WTHelperGetProvSignerFromChain(pProvData, 0, FALSE, 0);
if (pProvSigner)
{
// get all certs in the chain
for (i=0; i<pProvSigner->csCertChain; i++)
{
pCryptProviderCert = WTHelperGetProvCertFromChain(pProvSigner, i);
if (pCryptProviderCert != NULL)
{
if (pCryptProviderCert->dwError != ERROR_SUCCESS)
{
return FALSE;
}
}
else
{
return FALSE;
}
}
}
else
{
return FALSE;
}
return TRUE;
}
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
static DWORD GetFinalErrorFromChain(PCERT_VIEW_HELPER pviewhelp)
{
int i;
DWORD dwErr = 0;
for (i=((int)pviewhelp->cpCryptProviderCerts)-1; i>= 0; i--)
{
dwErr = pviewhelp->rgpCryptProviderCerts[i]->dwError;
if (((dwErr == CERT_E_UNTRUSTEDROOT) || (dwErr == CERT_E_UNTRUSTEDTESTROOT)) &&
(pviewhelp->fIgnoreUntrustedRoot))
{
dwErr = 0;
}
else if (dwErr != 0)
{
break;
}
}
return dwErr;
}
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
static void GetCertChainErrorString(PCERT_VIEW_HELPER pviewhelp)
{
WCHAR szErrorString[CRYPTUI_MAX_STRING_SIZE];
DWORD i;
DWORD dwChainError;
//
// free the error string if one already exists
//
if (pviewhelp->pwszErrorString != NULL)
{
free(pviewhelp->pwszErrorString);
pviewhelp->pwszErrorString = NULL;
}
// If they ask to be warned about local/remote differences,
// always display this warning
if (pviewhelp->fWarnRemoteTrust)
{
LoadStringU(HinstDll, IDS_WARNREMOTETRUST_ERROR, szErrorString, ARRAYSIZE(szErrorString));
goto StringLoaded;
}
//
// if there was no over all chain error, then the only problem,
// is if there are no usages
//
if (pviewhelp->dwChainError == 0)
{
if (pviewhelp->cUsages == NULL)
{
LoadStringU(HinstDll, IDS_NOVALIDUSAGES_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else
{
return;
}
}
if ((pviewhelp->dwChainError == CERT_E_UNTRUSTEDROOT) ||
(pviewhelp->dwChainError == CERT_E_UNTRUSTEDTESTROOT))
{
//
// if we are ignoring untrusted roots, then just return
//
if (pviewhelp->fIgnoreUntrustedRoot)
{
return;
}
//
// if we are just warning the user about untrusted root AND the root
// cert is in the remote root store then load that string
//
if (pviewhelp->fWarnUntrustedRoot && pviewhelp->fRootInRemoteStore)
{
//
// if this is a root cert then show the error for a root
//
if (pviewhelp->cpCryptProviderCerts == 1 && (pviewhelp->rgpCryptProviderCerts[0])->fSelfSigned)
{
LoadStringU(HinstDll, IDS_WARNUNTRUSTEDROOT_ERROR_ROOTCERT, szErrorString, ARRAYSIZE(szErrorString));
}
else
{
LoadStringU(HinstDll, IDS_WARNUNTRUSTEDROOT_ERROR, szErrorString, ARRAYSIZE(szErrorString));
}
}
else
{
//
// if this is a root cert then show the error for a root
//
if (pviewhelp->cpCryptProviderCerts == 1 && (pviewhelp->rgpCryptProviderCerts[0])->fSelfSigned)
{
LoadStringU(HinstDll, IDS_UNTRUSTEDROOT_ROOTCERT_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else
{
LoadStringU(HinstDll, IDS_UNTRUSTEDROOT_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
}
}
else if (pviewhelp->dwChainError == CERT_E_REVOKED)
{
LoadStringU(HinstDll, IDS_CERTREVOKED_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == TRUST_E_CERT_SIGNATURE)
{
LoadStringU(HinstDll, IDS_CERTBADSIGNATURE_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == CERT_E_EXPIRED)
{
LoadStringU(HinstDll, IDS_CERTEXPIRED_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == CERT_E_VALIDITYPERIODNESTING)
{
LoadStringU(HinstDll, IDS_TIMENESTING_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == CERT_E_WRONG_USAGE)
{
LoadStringU(HinstDll, IDS_WRONG_USAGE_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == TRUST_E_BASIC_CONSTRAINTS)
{
LoadStringU(HinstDll, IDS_BASIC_CONSTRAINTS_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == CERT_E_PURPOSE)
{
LoadStringU(HinstDll, IDS_PURPOSE_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == CERT_E_REVOCATION_FAILURE)
{
LoadStringU(HinstDll, IDS_REVOCATION_FAILURE_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == CERT_E_CHAINING)
{
LoadStringU(HinstDll, IDS_CANTBUILDCHAIN_ERROR_TREE, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError == TRUST_E_EXPLICIT_DISTRUST)
{
LoadStringU(HinstDll, IDS_EXPLICITDISTRUST_ERROR, szErrorString, ARRAYSIZE(szErrorString));
}
else if (pviewhelp->dwChainError != 0)
{
//
// this is not an error we know about, so call the general
// error string function
//
GetUnknownErrorString(&(pviewhelp->pwszErrorString), pviewhelp->dwChainError);
}
StringLoaded:
if (pviewhelp->pwszErrorString == NULL)
{
pviewhelp->pwszErrorString = AllocAndCopyWStr(szErrorString);
}
}
// Returned string must be freed via LocalFree()
LPWSTR
FormatRevocationStatus(
IN PCERT_CHAIN_ELEMENT pElement
)
{
LPWSTR pwszRevStatus = NULL;
UINT ids = IDS_REV_STATUS_UNKNOWN_ERROR;
static const WCHAR wszNoTime[] = L"...";
LPWSTR pwszArg1 = (LPWSTR) wszNoTime;
LPWSTR pwszArg2 = (LPWSTR) wszNoTime;
LPWSTR pwszTime1 = NULL;
LPWSTR pwszTime2 = NULL;
LPWSTR pwszErrStr = NULL;
DWORD dwRevResult;
PCERT_REVOCATION_INFO pRevInfo;
PCERT_REVOCATION_CRL_INFO pCrlInfo;
pRevInfo = pElement->pRevocationInfo;
if (NULL == pRevInfo)
return NULL;
dwRevResult = pRevInfo->dwRevocationResult;
pCrlInfo = pRevInfo->pCrlInfo;
switch (dwRevResult) {
case ERROR_SUCCESS:
ids = IDS_REV_STATUS_OK;
// Fall through
case CRYPT_E_REVOCATION_OFFLINE:
if (pCrlInfo) {
PCCRL_CONTEXT pCrl;
pCrl = pCrlInfo->pDeltaCrlContext;
if (NULL == pCrl)
pCrl = pCrlInfo->pBaseCrlContext;
if (pCrl) {
BOOL fFormatDate;
fFormatDate = FormatDateString(
&pwszTime1,
pCrl->pCrlInfo->ThisUpdate,
TRUE, // fIncludeTime
TRUE, // fLongFormat
NULL // hwnd
);
if (fFormatDate) {
pwszArg1 = pwszTime1;
if (I_CryptIsZeroFileTime(&pCrl->pCrlInfo->NextUpdate))
pwszArg2 = (LPWSTR) wszNoTime;
else {
fFormatDate = FormatDateString(
&pwszTime2,
pCrl->pCrlInfo->NextUpdate,
TRUE, // fIncludeTime
TRUE, // fLongFormat
NULL // hwnd
);
if (fFormatDate)
pwszArg2 = pwszTime2;
}
}
if (fFormatDate) {
switch (dwRevResult) {
case ERROR_SUCCESS:
ids = IDS_REV_STATUS_OK_WITH_CRL;
break;
case CRYPT_E_REVOCATION_OFFLINE:
ids = IDS_REV_STATUS_OFFLINE_WITH_CRL;
break;
}
}
}
}
break;
case CRYPT_E_REVOKED:
if (pCrlInfo && pCrlInfo->pCrlEntry) {
if (FormatDateString(
&pwszTime1,
pCrlInfo->pCrlEntry->RevocationDate,
TRUE, // fIncludeTime
TRUE, // fLongFormat
NULL // hwnd
)) {
ids = IDS_REV_STATUS_REVOKED_ON;
pwszArg1 = pwszTime1;
}
}
break;
default:
break;
}
if (IDS_REV_STATUS_UNKNOWN_ERROR == ids) {
GetUnknownErrorString(&pwszErrStr, dwRevResult);
if (NULL == pwszErrStr)
goto CommonReturn;
pwszArg1 = pwszErrStr;
}
pwszRevStatus = FormatMessageUnicodeIds(ids, pwszArg1, pwszArg2);
CommonReturn:
if (pwszTime1)
free(pwszTime1);
if (pwszTime2)
free(pwszTime2);
if (pwszErrStr)
free(pwszErrStr);
return pwszRevStatus;
}
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
BOOL BuildChain(
PCERT_VIEW_HELPER pviewhelp,
LPSTR pszUsage)
{
CRYPT_PROVIDER_DATA const * pProvData = NULL;
CRYPT_PROVIDER_SGNR * pProvSigner = NULL;
DWORD i;
GUID defaultProviderGUID = WINTRUST_ACTION_GENERIC_CERT_VERIFY;
HRESULT hr = ERROR_SUCCESS;
BOOL fInternalError = FALSE;
DWORD dwStartIndex;
BOOL fRet = TRUE;
PCCRYPTUI_VIEWCERTIFICATE_STRUCTW pcvp = pviewhelp->pcvp;
WCHAR szErrorString[CRYPTUI_MAX_STRING_SIZE];
//
// if there was previous chain state then free that before building
// the new chain
//
if (pviewhelp->fFreeWTD)
{
pviewhelp->sWTD.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrustEx(NULL, &defaultProviderGUID, &(pviewhelp->sWTD));
}
pviewhelp->cpCryptProviderCerts = 0;
pviewhelp->fFreeWTD = FALSE;
//
// initialize structs that are used with WinVerifyTrust()
//
memset(&(pviewhelp->sWTD), 0x00, sizeof(WINTRUST_DATA));
pviewhelp->sWTD.cbStruct = sizeof(WINTRUST_DATA);
pviewhelp->sWTD.dwUIChoice = WTD_UI_NONE;
pviewhelp->sWTD.dwUnionChoice = WTD_CHOICE_CERT;
pviewhelp->sWTD.pCert = &(pviewhelp->sWTCI);
pviewhelp->sWTD.dwProvFlags = (pszUsage == NULL) ? WTD_NO_POLICY_USAGE_FLAG : 0;
if (pcvp->dwFlags & CRYPTUI_ENABLE_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT)
{
pviewhelp->sWTD.dwProvFlags |= WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
}
else if (pcvp->dwFlags & CRYPTUI_ENABLE_REVOCATION_CHECK_END_CERT)
{
pviewhelp->sWTD.dwProvFlags |= WTD_REVOCATION_CHECK_END_CERT;
}
else if (pcvp->dwFlags & CRYPTUI_ENABLE_REVOCATION_CHECK_CHAIN)
{
pviewhelp->sWTD.dwProvFlags |= WTD_REVOCATION_CHECK_CHAIN;
}
else
{
pviewhelp->sWTD.dwProvFlags |= WTD_REVOCATION_CHECK_NONE;
}
memset(&(pviewhelp->sWTCI), 0x00, sizeof(WINTRUST_CERT_INFO));
pviewhelp->sWTCI.cbStruct = sizeof(WINTRUST_CERT_INFO);
pviewhelp->sWTCI.pcwszDisplayName = L"CryptUI";
pviewhelp->sWTCI.psCertContext = (CERT_CONTEXT *)pcvp->pCertContext;
pviewhelp->sWTCI.chStores = pcvp->cStores;
pviewhelp->sWTCI.pahStores = pcvp->rghStores;
pviewhelp->sWTCI.dwFlags |= (pcvp->dwFlags & CRYPTUI_DONT_OPEN_STORES) ? WTCI_DONT_OPEN_STORES : 0;
pviewhelp->sWTCI.dwFlags |= (pcvp->dwFlags & CRYPTUI_ONLY_OPEN_ROOT_STORE) ? WTCI_OPEN_ONLY_ROOT : 0;
//
// if a provider was passed in, then use it to build the chain,
// otherwise use the default provider to build the chain
//
if (pcvp->pCryptProviderData != NULL)
{
pProvData = pcvp->pCryptProviderData;
}
else
{
pviewhelp->sWTD.dwStateAction = WTD_STATEACTION_VERIFY;
//
// the default default provider requires the policycallback data to point
// to the usage oid you are validating for, so set it to the usage passed in
//
pviewhelp->sWTD.pPolicyCallbackData = pszUsage;
pviewhelp->sWTD.pSIPClientData = NULL;
hr = WinVerifyTrustEx(NULL, &defaultProviderGUID, &(pviewhelp->sWTD));
pProvData = WTHelperProvDataFromStateData(pviewhelp->sWTD.hWVTStateData);
if (WTHelperGetProvSignerFromChain((PCRYPT_PROVIDER_DATA) pProvData, 0, FALSE, 0) != NULL)
{
pviewhelp->fFreeWTD = TRUE;
fInternalError = FALSE;
}
else
{
pviewhelp->fFreeWTD = FALSE;
pviewhelp->sWTD.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrustEx(NULL, &defaultProviderGUID, &(pviewhelp->sWTD));
fInternalError = TRUE;
}
}
if (pProvData && !fInternalError)
{
//
// set the chain error in the helper struct
//
pviewhelp->dwChainError = pProvData->dwFinalError;
//
// This is to catch internal WinVerifyTrust errors
//
if ((pviewhelp->dwChainError == 0) && (FAILED(hr)))
{
pviewhelp->dwChainError = (DWORD) hr;
}
//
// if the WinTrust state was passed into the certUI then use that for
// the chain, else, get it from the state that was just built
//
if (pcvp->pCryptProviderData != NULL)
{
pProvSigner = WTHelperGetProvSignerFromChain(
(PCRYPT_PROVIDER_DATA) pProvData,
pcvp->idxSigner,
pcvp->fCounterSigner,
pcvp->idxCounterSigner);
dwStartIndex = pcvp->idxCert;
}
else
{
pProvSigner = WTHelperGetProvSignerFromChain((PCRYPT_PROVIDER_DATA) pProvData, 0, FALSE, 0);
dwStartIndex = 0;
}
if (pProvSigner)
{
//
// get all certs in the chain
//
for (i=dwStartIndex; i<pProvSigner->csCertChain && (i<dwStartIndex+MAX_CERT_CHAIN_LENGTH); i++)
{
pviewhelp->rgpCryptProviderCerts[pviewhelp->cpCryptProviderCerts] = WTHelperGetProvCertFromChain(pProvSigner, i);
if (pviewhelp->rgpCryptProviderCerts[pviewhelp->cpCryptProviderCerts] != NULL)
{
// Note, only modify this property when creating the
// chain for the original end cert. Subsequent CA
// chains won't have the ExtendedErrorInfo.
if ((pcvp->dwFlags & CRYPTUI_TREEVIEW_PAGE_FLAG) == 0)
{
// Either delete or set the
// CERT_EXTENDED_ERROR_INFO_PROP_ID
// This is used in cvdetail.cpp when displaying
// property details
PCRYPT_PROVIDER_CERT pProvCert =
pviewhelp->rgpCryptProviderCerts[
pviewhelp->cpCryptProviderCerts];
LPWSTR pwszExtErrorInfo = NULL; // not allocated
LPWSTR pwszRevStatus = NULL; // LocalAlloc()'ed
if (pProvCert->cbStruct >
offsetof(CRYPT_PROVIDER_CERT, pChainElement)
&&
NULL != pProvCert->pChainElement)
{
pwszExtErrorInfo = (LPWSTR)
pProvCert->pChainElement->pwszExtendedErrorInfo;
pwszRevStatus = FormatRevocationStatus(
pProvCert->pChainElement);
if (NULL == pwszExtErrorInfo)
{
pwszExtErrorInfo = pwszRevStatus;
}
else if (pwszRevStatus)
{
LPWSTR pwszReAlloc;
DWORD cchRevStatus;
DWORD cchExtErrorInfo;
cchRevStatus = wcslen(pwszRevStatus);
cchExtErrorInfo = wcslen(pwszExtErrorInfo);
pwszReAlloc = (LPWSTR) LocalReAlloc(
pwszRevStatus,
(cchRevStatus + cchExtErrorInfo + 1) *
sizeof(WCHAR),
LMEM_MOVEABLE);
if (pwszReAlloc)
{
memcpy(&pwszReAlloc[cchRevStatus],
pwszExtErrorInfo,
(cchExtErrorInfo + 1) * sizeof(WCHAR));
pwszExtErrorInfo = pwszRevStatus =
pwszReAlloc;
}
}
}
if (pwszExtErrorInfo)
{
CRYPT_DATA_BLOB ExtErrorInfoBlob;
ExtErrorInfoBlob.pbData = (BYTE *) pwszExtErrorInfo;
ExtErrorInfoBlob.cbData =
(wcslen(pwszExtErrorInfo) + 1) * sizeof(WCHAR);
CertSetCertificateContextProperty(
pProvCert->pCert,
CERT_EXTENDED_ERROR_INFO_PROP_ID,
CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG,
&ExtErrorInfoBlob
);
}
else
{
CertSetCertificateContextProperty(
pProvCert->pCert,
CERT_EXTENDED_ERROR_INFO_PROP_ID,
CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG,
NULL // pvData, NULL implies delete
);
}
if (pwszRevStatus)
LocalFree(pwszRevStatus);
}
pviewhelp->cpCryptProviderCerts++;
}
}
}
}
CalculateUsages(pviewhelp);
//
// if the cert we are looking at is not the leaf cert, then we can't just take the
// dwFinalError as the overall chain error, so find the over all chain error by
// walking the chain and looking at the errors
//
if ((pcvp->pCryptProviderData != NULL) && (pcvp->idxCert != 0))
{
pviewhelp->dwChainError = GetFinalErrorFromChain(pviewhelp);
}
//
// if we are in the fWarnUntrustedRoot then check to see if the root cert is in the
// remote machine's root store
//
if (pviewhelp->fWarnUntrustedRoot)
{
PCCERT_CONTEXT pCertContext = NULL;
CRYPT_HASH_BLOB cryptHashBlob;
BYTE hash[20];
DWORD cb = 20;
pviewhelp->fRootInRemoteStore = FALSE;
cryptHashBlob.cbData = 20;
cryptHashBlob.pbData = &(hash[0]);
if (CertGetCertificateContextProperty(
pviewhelp->rgpCryptProviderCerts[pviewhelp->cpCryptProviderCerts-1]->pCert,
CERT_SHA1_HASH_PROP_ID,
&(hash[0]),
&cb))
{
pCertContext = CertFindCertificateInStore(
pviewhelp->pcvp->rghStores[0],
X509_ASN_ENCODING || PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SHA1_HASH,
&cryptHashBlob,
NULL);
if (pCertContext != NULL)
{
CertFreeCertificateContext(pCertContext);
pviewhelp->fRootInRemoteStore = TRUE;
}
}
}
//
// get the error string for the whole cert chain
//
if (!fInternalError)
{
GetCertChainErrorString(pviewhelp);
}
else
{
LoadStringU(HinstDll, IDS_INTERNAL_ERROR, szErrorString, ARRAYSIZE(szErrorString));
pviewhelp->pwszErrorString = AllocAndCopyWStr(szErrorString);
}
return TRUE;
}
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
BOOL CalculateUsages(PCERT_VIEW_HELPER pviewhelp)
{
DWORD cLocalArrayOfUsages = 0;
LPSTR * localArrayOfUsages = NULL;
BOOL fLocalUsagesAllocated = FALSE;
DWORD i;
HRESULT hr;
BOOL fRet = TRUE;
PCCRYPTUI_VIEWCERTIFICATE_STRUCTW pcvp = pviewhelp->pcvp;
void *pTemp;
//
// if there are already usages, then clean them up before recalculating them,
// or just return if state was passed into CertUI
//
if (pviewhelp->cUsages != 0)
{
//
// state was passed into the CertUI, so just return
//
if (pcvp->pCryptProviderData != NULL)
{
return TRUE;
}
//
// cleanup usages that were generated prior to this call
//
for (i=0; i<pviewhelp->cUsages; i++)
{
free(pviewhelp->rgUsages[i]);
}
free(pviewhelp->rgUsages);
}
//
// initialize usage variables
//
pviewhelp->cUsages = 0;
pviewhelp->rgUsages = NULL;
//
// if a provider was passed in, then we just look at it for the usage and structure
// passed in for the trust of that usage,
// otherwise we need to look at each usage and validate trust for all of them
//
if (pcvp->pCryptProviderData != NULL)
{
//
// allocate an array of 1 LPSTR
//
if (NULL == (pviewhelp->rgUsages = (LPSTR *) malloc(sizeof(LPSTR))))
{
SetLastError(E_OUTOFMEMORY);
return FALSE;
}
//
// copy either the 1 purpose that was passed in, or the purpose out of WinTrust state
//
if (pcvp->cPurposes == 1)
{
if (NULL == (pviewhelp->rgUsages[0] = (LPSTR) malloc(strlen(pcvp->rgszPurposes[0])+1)))
{
SetLastError(E_OUTOFMEMORY);
return FALSE;
}
strcpy(pviewhelp->rgUsages[0], pcvp->rgszPurposes[0]);
}
else
{
if (NULL == (pviewhelp->rgUsages[0] = (LPSTR) malloc(strlen(pcvp->pCryptProviderData->pszUsageOID)+1)))
{
SetLastError(E_OUTOFMEMORY);
return FALSE;
}
strcpy(pviewhelp->rgUsages[0], pcvp->pCryptProviderData->pszUsageOID);
}
pviewhelp->cUsages = 1;
}
else
{
//
// check to see if usages where passed in, if so, then intersect those with
// available usages in the cert, otherwise, get the available usages in the cert
// and use them as is
//
if (pcvp->cPurposes != 0)
{
//
// get the array of possible usages for the cert chain
//
// DSIE: Switch over to using pChainElement from philh's new chain building code.
AllocAndReturnKeyUsageList(pviewhelp->rgpCryptProviderCerts[0], &localArrayOfUsages, &cLocalArrayOfUsages);
if (cLocalArrayOfUsages != 0)
fLocalUsagesAllocated = TRUE;
//
// for each usage that was passed in check to see if it is in the list of possible usages
//
for (i=0; i<pcvp->cPurposes; i++)
{
if (OIDinArray(pcvp->rgszPurposes[i], localArrayOfUsages, cLocalArrayOfUsages))
{
//
// if an array hasn't yet been allocated, then allocate space for an array of
// 1 LPSTR, otherwise use realloc to add one more element
//
if (pviewhelp->rgUsages == NULL)
{
pviewhelp->rgUsages = (LPSTR *) malloc(sizeof(LPSTR));
}
else
{
pTemp = realloc(pviewhelp->rgUsages, sizeof(LPSTR) * (pviewhelp->cUsages+1));
if (pTemp == NULL)
{
free(pviewhelp->rgUsages);
pviewhelp->rgUsages = NULL;
}
else
{
pviewhelp->rgUsages = (LPSTR *) pTemp;
}
}
if (pviewhelp->rgUsages == NULL)
{
goto ErrorCleanUp;
}
//
// allocate space for the usage string, then copy it, and increment number of usages
//
if (NULL == (pviewhelp->rgUsages[pviewhelp->cUsages] = (LPSTR) malloc(strlen(pcvp->rgszPurposes[i])+1)))
{
SetLastError(E_OUTOFMEMORY);
goto ErrorCleanUp;
}
strcpy(pviewhelp->rgUsages[pviewhelp->cUsages], pcvp->rgszPurposes[i]);
pviewhelp->cUsages++;
}
}
}
else
{
AllocAndReturnKeyUsageList(pviewhelp->rgpCryptProviderCerts[0], &(pviewhelp->rgUsages), &(pviewhelp->cUsages));
}
}
CleanUp:
if (fLocalUsagesAllocated)
{
i = 0;
while ((i < cLocalArrayOfUsages) && (localArrayOfUsages[i] != NULL))
{
free(localArrayOfUsages[i]);
i++;
}
free(localArrayOfUsages);
}
return fRet;
ErrorCleanUp:
if (pviewhelp->rgUsages != NULL)
{
i = 0;
while ((i < pviewhelp->cUsages) && (pviewhelp->rgUsages[i] != NULL))
{
free(pviewhelp->rgUsages[i]);
i++;
}
free(pviewhelp->rgUsages);
}
fRet = FALSE;
goto CleanUp;
}
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
BOOL BuildWinVTrustState(
LPCWSTR szFileName,
CMSG_SIGNER_INFO const *pSignerInfo,
DWORD cStores,
HCERTSTORE *rghStores,
LPCSTR pszOID,
PCERT_VIEWSIGNERINFO_PRIVATE pcvsiPrivate,
CRYPT_PROVIDER_DEFUSAGE *pCryptProviderDefUsage,
WINTRUST_DATA *pWTD)
{
WINTRUST_FILE_INFO WTFI;
WINTRUST_SGNR_INFO WTSI;
HRESULT hr;
GUID defaultProviderGUID = WINTRUST_ACTION_GENERIC_CERT_VERIFY;
//
// initialize structs that are used locally with WinVerifyTrust()
//
memset(pWTD, 0x00, sizeof(WINTRUST_DATA));
pWTD->cbStruct = sizeof(WINTRUST_DATA);
pWTD->dwUIChoice = WTD_UI_NONE;
//
// if the szFileName parameter is non NULL then this for a file,
// otherwise it is for a signer info
//
if (szFileName != NULL)
{
pWTD->dwUnionChoice = WTD_CHOICE_FILE;
pWTD->pFile = &WTFI;
pWTD->pPolicyCallbackData = (void *) pszOID;
memset(&WTFI, 0x00, sizeof(WINTRUST_FILE_INFO));
WTFI.cbStruct = sizeof(WINTRUST_FILE_INFO);
WTFI.pcwszFilePath = szFileName;
}
else
{
pWTD->dwUnionChoice = WTD_CHOICE_SIGNER;
pWTD->pSgnr = &WTSI;
pWTD->pPolicyCallbackData = (void *) pszOID;
memset(&WTSI, 0x00, sizeof(WINTRUST_SGNR_INFO));
WTSI.cbStruct = sizeof(WINTRUST_SGNR_INFO);
WTSI.pcwszDisplayName = L"CryptUI";
WTSI.psSignerInfo = (CMSG_SIGNER_INFO *) pSignerInfo;
WTSI.chStores = cStores;
WTSI.pahStores = rghStores;
//WTSI.pszOID = pszOID;
}
pWTD->pSIPClientData = NULL;
pWTD->dwStateAction = WTD_STATEACTION_VERIFY;
hr = WinVerifyTrustEx(NULL, &defaultProviderGUID, pWTD);
if (hr == ERROR_SUCCESS)
{
pcvsiPrivate->fpCryptProviderDataTrustedUsage = TRUE;
}
else
{
pcvsiPrivate->fpCryptProviderDataTrustedUsage = FALSE;
}
pcvsiPrivate->pCryptProviderData = WTHelperProvDataFromStateData(pWTD->hWVTStateData);
return TRUE;
}
//////////////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////////////
BOOL FreeWinVTrustState(
LPCWSTR szFileName,
CMSG_SIGNER_INFO const *pSignerInfo,
DWORD cStores,
HCERTSTORE *rghStores,
LPCSTR pszOID,
CRYPT_PROVIDER_DEFUSAGE *pCryptProviderDefUsage,
WINTRUST_DATA *pWTD)//,
//BOOL *pfUseDefaultProvider)
{
WINTRUST_FILE_INFO WTFI;
WINTRUST_SGNR_INFO WTSI;
HRESULT hr;
GUID defaultProviderGUID = WINTRUST_ACTION_GENERIC_CERT_VERIFY;
// initialize structs that are used locally with WinVerifyTrust()
memset(pWTD, 0x00, sizeof(WINTRUST_DATA));
pWTD->cbStruct = sizeof(WINTRUST_DATA);
pWTD->dwUIChoice = WTD_UI_NONE;
//
// if the szFileName parameter is non NULL then this for a file,
// otherwise it is for a signer info
//
if (szFileName != NULL)
{
pWTD->dwUnionChoice = WTD_CHOICE_FILE;
pWTD->pFile = &WTFI;
memset(&WTFI, 0x00, sizeof(WINTRUST_FILE_INFO));
WTFI.cbStruct = sizeof(WINTRUST_FILE_INFO);
WTFI.pcwszFilePath = szFileName;
}
else
{
pWTD->dwUnionChoice = WTD_CHOICE_SIGNER;
pWTD->pSgnr = &WTSI;
memset(&WTSI, 0x00, sizeof(WINTRUST_SGNR_INFO));
WTSI.cbStruct = sizeof(WINTRUST_SGNR_INFO);
WTSI.psSignerInfo = (CMSG_SIGNER_INFO *) pSignerInfo;
WTSI.chStores = cStores;
WTSI.pahStores = rghStores;
}
/*if (*pfUseDefaultProvider)
{
pWTD->dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrustEx(NULL, &defaultProviderGUID, pWTD);
}
else
{*/
pWTD->dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrustEx(NULL, &(pCryptProviderDefUsage->gActionID), pWTD);
WintrustGetDefaultForUsage(DWACTION_FREE, pszOID, pCryptProviderDefUsage);
//}
return TRUE;
}