You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
515 lines
13 KiB
515 lines
13 KiB
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1996 - 1999
|
|
//
|
|
// File: wthelper.cpp
|
|
//
|
|
// Contents: Microsoft Internet Security Trust Provider
|
|
//
|
|
// Functions: WTHelperGetProvPrivateDataFromChain
|
|
// WTHelperGetProvSignerFromChain
|
|
// WTHelperGetFileHandle
|
|
// WTHelperGetFileName
|
|
// WTHelperOpenKnownStores
|
|
// WTHelperGetProvCertFromChain
|
|
// WTHelperCheckCertUsage
|
|
// WTHelperIsInRootStore
|
|
// WTHelperProvDataFromStateData
|
|
// WTHelperGetAgencyInfo
|
|
//
|
|
// *** local functions ***
|
|
// _FindKeyUsage
|
|
//
|
|
// History: 01-Jun-1997 pberkman created
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
#include "global.hxx"
|
|
#include "pkialloc.h"
|
|
|
|
BOOL _FindKeyUsage(PCERT_ENHKEY_USAGE pUsage, LPCSTR pszRequestedUsageOID);
|
|
|
|
CRYPT_PROVIDER_PRIVDATA * WINAPI WTHelperGetProvPrivateDataFromChain(CRYPT_PROVIDER_DATA *pProvData,
|
|
GUID *pgProviderID)
|
|
{
|
|
if (!(pProvData) ||
|
|
!(pgProviderID))
|
|
{
|
|
return(NULL);
|
|
}
|
|
|
|
for (int i = 0; i < (int)pProvData->csProvPrivData; i++)
|
|
{
|
|
if (memcmp(&pProvData->pasProvPrivData[i].gProviderID, pgProviderID, sizeof(GUID)) == 0)
|
|
{
|
|
return(&pProvData->pasProvPrivData[i]);
|
|
}
|
|
}
|
|
|
|
return(NULL);
|
|
}
|
|
|
|
|
|
CRYPT_PROVIDER_SGNR * WINAPI WTHelperGetProvSignerFromChain(CRYPT_PROVIDER_DATA *pProvData,
|
|
DWORD idxSigner,
|
|
BOOL fCounterSigner,
|
|
DWORD idxCounterSigner)
|
|
{
|
|
if (!(pProvData) ||
|
|
(idxSigner >= pProvData->csSigners))
|
|
{
|
|
return(NULL);
|
|
}
|
|
|
|
if (fCounterSigner)
|
|
{
|
|
if (idxCounterSigner >= pProvData->pasSigners[idxSigner].csCounterSigners)
|
|
{
|
|
return(NULL);
|
|
}
|
|
|
|
return(&pProvData->pasSigners[idxSigner].pasCounterSigners[idxCounterSigner]);
|
|
}
|
|
|
|
return(&pProvData->pasSigners[idxSigner]);
|
|
}
|
|
|
|
CRYPT_PROVIDER_CERT * WINAPI WTHelperGetProvCertFromChain(CRYPT_PROVIDER_SGNR *pSgnr,
|
|
DWORD idxCert)
|
|
{
|
|
if (!(pSgnr) ||
|
|
(idxCert >= pSgnr->csCertChain))
|
|
{
|
|
return(NULL);
|
|
}
|
|
|
|
return(&pSgnr->pasCertChain[idxCert]);
|
|
}
|
|
|
|
HANDLE WINAPI WTHelperGetFileHandle(WINTRUST_DATA *pWintrustData)
|
|
{
|
|
switch (pWintrustData->dwUnionChoice)
|
|
{
|
|
case WTD_CHOICE_FILE:
|
|
return(pWintrustData->pFile->hFile);
|
|
|
|
case WTD_CHOICE_CATALOG:
|
|
return(pWintrustData->pCatalog->hMemberFile);
|
|
}
|
|
|
|
return(INVALID_HANDLE_VALUE);
|
|
}
|
|
|
|
|
|
WCHAR * WINAPI WTHelperGetFileName(WINTRUST_DATA *pWintrustData)
|
|
{
|
|
LPCWSTR pcwszFileName = NULL;
|
|
|
|
switch (pWintrustData->dwUnionChoice)
|
|
{
|
|
case WTD_CHOICE_FILE:
|
|
pcwszFileName = pWintrustData->pFile->pcwszFilePath;
|
|
break;
|
|
|
|
case WTD_CHOICE_CATALOG:
|
|
if (pWintrustData->pCatalog->pcwszCatalogFilePath &&
|
|
pWintrustData->pCatalog->pcwszMemberTag)
|
|
{
|
|
pcwszFileName =
|
|
pWintrustData->pCatalog->pcwszMemberFilePath;
|
|
}
|
|
break;
|
|
|
|
case WTD_CHOICE_CERT:
|
|
if (pWintrustData->pCert->pcwszDisplayName)
|
|
pcwszFileName = pWintrustData->pCert->pcwszDisplayName;
|
|
else
|
|
pcwszFileName = L"Certificate";
|
|
break;
|
|
|
|
case WTD_CHOICE_BLOB:
|
|
if (pWintrustData->pBlob->pcwszDisplayName)
|
|
pcwszFileName = pWintrustData->pBlob->pcwszDisplayName;
|
|
else
|
|
pcwszFileName = L"Blob";
|
|
break;
|
|
|
|
case WTD_CHOICE_SIGNER:
|
|
if (pWintrustData->pSgnr->pcwszDisplayName)
|
|
pcwszFileName = pWintrustData->pSgnr->pcwszDisplayName;
|
|
else
|
|
pcwszFileName = L"Signer";
|
|
break;
|
|
}
|
|
|
|
if (NULL == pcwszFileName)
|
|
{
|
|
pcwszFileName = L"Unspecified Name";
|
|
}
|
|
|
|
return (LPWSTR) pcwszFileName;
|
|
}
|
|
|
|
BOOL WINAPI WTHelperOpenKnownStores(CRYPT_PROVIDER_DATA *pProvData)
|
|
{
|
|
DWORD i;
|
|
DWORD cs;
|
|
HCERTSTORE *pas;
|
|
|
|
if ((pProvData->pWintrustData) &&
|
|
(pProvData->pWintrustData->dwUnionChoice == WTD_CHOICE_CERT) &&
|
|
(_ISINSTRUCT(WINTRUST_CERT_INFO, pProvData->pWintrustData->pCert->cbStruct, dwFlags)))
|
|
{
|
|
HCERTSTORE hStore;
|
|
|
|
if (pProvData->pWintrustData->pCert->dwFlags & WTCI_DONT_OPEN_STORES)
|
|
{
|
|
if (hStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, 0, NULL))
|
|
{
|
|
AddToStoreChain(hStore, &pProvData->chStores, &pProvData->pahStores);
|
|
return(TRUE);
|
|
}
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
if (pProvData->pWintrustData->pCert->dwFlags & WTCI_OPEN_ONLY_ROOT)
|
|
{
|
|
if (hStore = StoreProviderGetStore(pProvData->hProv, WVT_STOREID_ROOT))
|
|
{
|
|
AddToStoreChain(hStore, &pProvData->chStores, &pProvData->pahStores);
|
|
return(TRUE);
|
|
}
|
|
|
|
return(FALSE);
|
|
}
|
|
}
|
|
|
|
cs = 0;
|
|
TrustOpenStores(pProvData->hProv, &cs, NULL, 0);
|
|
|
|
if (cs > 0)
|
|
{
|
|
if (!(pas = new HCERTSTORE[cs]))
|
|
{
|
|
pProvData->dwError = ERROR_NOT_ENOUGH_MEMORY;
|
|
pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_INITPROV] = TRUST_E_SYSTEM_ERROR;
|
|
return(FALSE);
|
|
}
|
|
|
|
if (TrustOpenStores(pProvData->hProv, &cs, pas, 0))
|
|
{
|
|
|
|
for (i = 0; i < cs; i++)
|
|
{
|
|
AddToStoreChain(pas[i], &pProvData->chStores, &pProvData->pahStores);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
cs = 0;
|
|
}
|
|
|
|
delete pas;
|
|
}
|
|
|
|
if (cs > 0)
|
|
{
|
|
return(TRUE);
|
|
}
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
BOOL WINAPI WTHelperGetAgencyInfo(PCCERT_CONTEXT pCert, DWORD *pcbAgencyInfo, SPC_SP_AGENCY_INFO *pAgencyInfo)
|
|
{
|
|
PCERT_EXTENSION pExt;
|
|
|
|
if (!(pCert) || !(pcbAgencyInfo))
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return(FALSE);
|
|
}
|
|
|
|
*pcbAgencyInfo = 0;
|
|
|
|
if (!(pExt = CertFindExtension(SPC_SP_AGENCY_INFO_OBJID, pCert->pCertInfo->cExtension,
|
|
pCert->pCertInfo->rgExtension)))
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
CryptDecodeObject(X509_ASN_ENCODING, SPC_SP_AGENCY_INFO_STRUCT,
|
|
pExt->Value.pbData, pExt->Value.cbData, 0, NULL,
|
|
pcbAgencyInfo);
|
|
|
|
if (*pcbAgencyInfo == 0)
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(pAgencyInfo))
|
|
{
|
|
SetLastError(ERROR_INSUFFICIENT_BUFFER);
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(CryptDecodeObject(X509_ASN_ENCODING, SPC_SP_AGENCY_INFO_STRUCT,
|
|
pExt->Value.pbData, pExt->Value.cbData, 0, pAgencyInfo,
|
|
pcbAgencyInfo)))
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
return(TRUE);
|
|
}
|
|
|
|
BOOL WINAPI WTHelperCheckCertUsage(PCCERT_CONTEXT pCertContext, LPCSTR pszRequestedUsageOID)
|
|
{
|
|
PCERT_ENHKEY_USAGE pUsage;
|
|
DWORD cbUsage;
|
|
|
|
cbUsage = 0;
|
|
|
|
CertGetEnhancedKeyUsage(pCertContext, CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG, NULL, &cbUsage);
|
|
|
|
if (cbUsage > 0)
|
|
{
|
|
if (!(pUsage = (PCERT_ENHKEY_USAGE)new BYTE[cbUsage]))
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(CertGetEnhancedKeyUsage(pCertContext, CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG,
|
|
pUsage, &cbUsage)))
|
|
{
|
|
delete pUsage;
|
|
return(FALSE);
|
|
}
|
|
|
|
//
|
|
// the cert has enhanced key usage extensions, check if we find ours
|
|
//
|
|
if (!(_FindKeyUsage(pUsage, pszRequestedUsageOID)))
|
|
{
|
|
SetLastError(CERT_E_WRONG_USAGE);
|
|
|
|
delete pUsage;
|
|
return(FALSE);
|
|
}
|
|
|
|
delete pUsage;
|
|
}
|
|
|
|
|
|
//
|
|
// OK... either we have NO EXTENSION or we found our OID in the list in the EXTENSION.
|
|
// now, make sure if we have properties that it has been enabled.
|
|
//
|
|
cbUsage = 0;
|
|
CertGetEnhancedKeyUsage(pCertContext, CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &cbUsage);
|
|
|
|
if (cbUsage > 0)
|
|
{
|
|
if (!(pUsage = (PCERT_ENHKEY_USAGE)new BYTE[cbUsage]))
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(CertGetEnhancedKeyUsage(pCertContext, CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG,
|
|
pUsage, &cbUsage)))
|
|
{
|
|
delete pUsage;
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
//
|
|
// the cert has properties, first check if we're disabled
|
|
//
|
|
if (_FindKeyUsage(pUsage, szOID_YESNO_TRUST_ATTR))
|
|
{
|
|
SetLastError(CERT_E_WRONG_USAGE);
|
|
|
|
delete pUsage;
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(_FindKeyUsage(pUsage, pszRequestedUsageOID)))
|
|
{
|
|
SetLastError(CERT_E_WRONG_USAGE);
|
|
|
|
delete pUsage;
|
|
return(FALSE);
|
|
}
|
|
|
|
delete pUsage;
|
|
}
|
|
|
|
return(TRUE);
|
|
}
|
|
|
|
BOOL _FindKeyUsage(PCERT_ENHKEY_USAGE pUsage, LPCSTR pszRequestedUsageOID)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < (int)pUsage->cUsageIdentifier; i++)
|
|
{
|
|
if (strcmp(pUsage->rgpszUsageIdentifier[i], pszRequestedUsageOID) == 0)
|
|
{
|
|
return(TRUE); // OK found it!
|
|
}
|
|
}
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
BOOL WINAPI WTHelperIsInRootStore(CRYPT_PROVIDER_DATA *pProvData, PCCERT_CONTEXT pCertContext)
|
|
{
|
|
if (pProvData->chStores < 1)
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
//
|
|
// check the fast way first!
|
|
//
|
|
if (pCertContext->hCertStore == pProvData->pahStores[0])
|
|
{
|
|
//
|
|
// it's in the root store!
|
|
//
|
|
return(TRUE);
|
|
}
|
|
|
|
//
|
|
// can't do it the fast way -- do it the slow way!
|
|
//
|
|
BYTE *pbHash;
|
|
DWORD cbHash;
|
|
CRYPT_HASH_BLOB sBlob;
|
|
PCCERT_CONTEXT pWorkContext;
|
|
|
|
cbHash = 0;
|
|
|
|
if (!(CertGetCertificateContextProperty(pCertContext, CERT_SHA1_HASH_PROP_ID, NULL, &cbHash)))
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
if (cbHash < 1)
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(pbHash = (BYTE *)WVTNew(cbHash)))
|
|
{
|
|
return(FALSE);
|
|
}
|
|
|
|
if (!(CertGetCertificateContextProperty(pCertContext, CERT_SHA1_HASH_PROP_ID, pbHash, &cbHash)))
|
|
{
|
|
delete pbHash;
|
|
return(FALSE);
|
|
}
|
|
|
|
sBlob.cbData = cbHash;
|
|
sBlob.pbData = pbHash;
|
|
|
|
pWorkContext = CertFindCertificateInStore(pProvData->pahStores[0], pProvData->dwEncoding, 0,
|
|
CERT_FIND_SHA1_HASH, &sBlob, NULL);
|
|
|
|
delete pbHash;
|
|
|
|
if (pWorkContext)
|
|
{
|
|
CertFreeCertificateContext(pWorkContext);
|
|
return(TRUE);
|
|
}
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
|
|
typedef struct _ENUM_OID_INFO_ARG {
|
|
DWORD cOidInfo;
|
|
PCCRYPT_OID_INFO *ppOidInfo;
|
|
} ENUM_OID_INFO_ARG, *PENUM_OID_INFO_ARG;
|
|
|
|
static BOOL WINAPI EnumOidInfoCallback(
|
|
IN PCCRYPT_OID_INFO pOidInfo,
|
|
IN void *pvArg
|
|
)
|
|
{
|
|
PENUM_OID_INFO_ARG pEnumOidInfoArg = (PENUM_OID_INFO_ARG) pvArg;
|
|
|
|
PCCRYPT_OID_INFO *ppNewOidInfo;
|
|
DWORD cOidInfo = pEnumOidInfoArg->cOidInfo;
|
|
|
|
// DSIE: Bug 152473.
|
|
for (DWORD i = 0; i < cOidInfo; i++)
|
|
{
|
|
if (0 == wcscmp(pOidInfo->pwszName, pEnumOidInfoArg->ppOidInfo[i]->pwszName))
|
|
{
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
if (ppNewOidInfo = (PCCRYPT_OID_INFO *) PkiRealloc(
|
|
pEnumOidInfoArg->ppOidInfo,
|
|
(cOidInfo + 2) * sizeof(PCCRYPT_OID_INFO))) {
|
|
ppNewOidInfo[cOidInfo] = pOidInfo;
|
|
ppNewOidInfo[cOidInfo + 1] = NULL;
|
|
pEnumOidInfoArg->cOidInfo = cOidInfo + 1;
|
|
pEnumOidInfoArg->ppOidInfo = ppNewOidInfo;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL WINAPI WTHelperGetKnownUsages(DWORD fdwAction, PCCRYPT_OID_INFO **pppOidInfo)
|
|
{
|
|
|
|
|
|
if (!(pppOidInfo))
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return(FALSE);
|
|
}
|
|
|
|
if (fdwAction == WTH_FREE)
|
|
{
|
|
PkiFree(*pppOidInfo);
|
|
*pppOidInfo = NULL;
|
|
|
|
return(TRUE);
|
|
}
|
|
|
|
if (fdwAction == WTH_ALLOC)
|
|
{
|
|
ENUM_OID_INFO_ARG EnumOidInfoArg;
|
|
memset(&EnumOidInfoArg, 0, sizeof(EnumOidInfoArg));
|
|
|
|
CryptEnumOIDInfo(
|
|
CRYPT_ENHKEY_USAGE_OID_GROUP_ID,
|
|
0, // dwFlags
|
|
&EnumOidInfoArg,
|
|
EnumOidInfoCallback
|
|
);
|
|
|
|
return (NULL != (*pppOidInfo = EnumOidInfoArg.ppOidInfo));
|
|
}
|
|
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
*pppOidInfo = NULL;
|
|
return(FALSE);
|
|
}
|
|
|
|
CRYPT_PROVIDER_DATA * WINAPI WTHelperProvDataFromStateData(HANDLE hStateData)
|
|
{
|
|
return((CRYPT_PROVIDER_DATA *)hStateData);
|
|
}
|