//+-------------------------------------------------------------------------
//
//  Microsoft Windows
//
//  Copyright (C) Microsoft Corporation, 1997 - 1999
//
//  File:       usagutil.cpp
//
//--------------------------------------------------------------------------

#include "global.hxx"
#include <dbgdef.h>

extern HINSTANCE        HinstDll;

//BOOL CertifiateValidForEnhancedKeyUsage(LPCSTR szEku, PCCERT_CONTEXT pCert);
//BOOL CertifiateValidForEnhancedKeyUsageWithChain(LPCSTR szEku, PCCERT_CONTEXT pCert); 


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL OIDinArray(LPCSTR pszOID, LPSTR *rgszOIDArray, DWORD cOIDs)
{
    DWORD i;

    for (i=0; i<cOIDs; i++)
    {
        if (strcmp(pszOID, rgszOIDArray[i]) == 0)
        {
            return TRUE;
        }
    }
    return FALSE;
}


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL OIDInUsages(PCERT_ENHKEY_USAGE pUsage, LPCSTR pszOID)
{
    DWORD i; 

    // check every extension
    for(i=0; i<pUsage->cUsageIdentifier; i++) 
    {
        if(!strcmp(pUsage->rgpszUsageIdentifier[i], pszOID))
            break;
    }
    
    return (i < pUsage->cUsageIdentifier);
}


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
static BOOL UsageExists(PCCRYPT_OID_INFO *pCryptOIDInfo, LPSTR pszOID)
{
    int i = 0;
    
    while (pCryptOIDInfo[i] != NULL)
    {
        if (strcmp(pCryptOIDInfo[i]->pszOID, pszOID) == 0)
        {
            return TRUE;
        }
        i++;
    }

    return FALSE;
}


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
static BOOL WINAPI AddNewOIDToArray(IN LPTSTR pNewOID, IN LPTSTR ** pppOIDs, IN DWORD * pdwOIDs)
{
    LPTSTR * ppNewOIDs;
    DWORD    cNumOIDs = *pdwOIDs;

    for (DWORD i = 0; i < cNumOIDs; i++)
    {
        if (0 == strcmp(pNewOID, (*pppOIDs)[i]))
        {
            return TRUE;
        }
    }

    if (0 == cNumOIDs)
        ppNewOIDs = (LPTSTR *) malloc(sizeof(LPSTR));
    else
        ppNewOIDs = (LPTSTR *) realloc(*pppOIDs, (cNumOIDs + 1) * sizeof(LPSTR));
  
    if (ppNewOIDs)
    {
        if (NULL == (ppNewOIDs[cNumOIDs] = (LPSTR) malloc(strlen(pNewOID) + 1)))
        {
            free(ppNewOIDs);
            return FALSE;
        }
        strcpy(ppNewOIDs[cNumOIDs], pNewOID);
        
        *pppOIDs = ppNewOIDs;
        *pdwOIDs = cNumOIDs + 1;
    }

    return TRUE;
}

//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL AllocAndReturnKeyUsageList(PCRYPT_PROVIDER_CERT pCryptProviderCert, LPSTR **pKeyUsageOIDs, DWORD *numOIDs)
{
    BOOL  fRet = TRUE;
    DWORD i, j = 0;
    PCERT_CHAIN_ELEMENT pChainElement = pCryptProviderCert->pChainElement;
    
    *numOIDs = 0;
    *pKeyUsageOIDs = NULL;

    if (!pChainElement)
    {
        goto ErrorCleanUp;
    }

    //
    // For NULL usages, use
    //
    //  szOID_ANY_CERT_POLICY        = good for all issuance usages (maps to "All issuance purposes")
    //  szOID_ANY_APPLICATION_POLICY = good for all application usages (maps to "All application purposes")
    //
    if (!pChainElement->pIssuanceUsage)
    {
        //
        // Good for all issuance usages.
        //
        if (!AddNewOIDToArray(szOID_ANY_CERT_POLICY, pKeyUsageOIDs, numOIDs))
        {
            goto ErrorCleanUp;
        }
    }
    else
    {
        for (i = 0; i < pChainElement->pIssuanceUsage->cUsageIdentifier; i++)
        {
            if (!AddNewOIDToArray(pChainElement->pIssuanceUsage->rgpszUsageIdentifier[i], pKeyUsageOIDs, numOIDs))
            {
                goto ErrorCleanUp;
            }
        }
    }

    if (!pChainElement->pApplicationUsage)
    {
        //
        // Good for all application usages.
        //
        if (!AddNewOIDToArray(szOID_ANY_APPLICATION_POLICY, pKeyUsageOIDs, numOIDs))
        {
            goto ErrorCleanUp;
        }
    }
    else
    {
        for (i = 0; i < pChainElement->pApplicationUsage->cUsageIdentifier; i++)
        {
            if (!AddNewOIDToArray(pChainElement->pApplicationUsage->rgpszUsageIdentifier[i], pKeyUsageOIDs, numOIDs))
            {
                goto ErrorCleanUp;
            }
        }
    }
   
CleanUp:
    
    return(fRet);
 
ErrorCleanUp:

    if (*pKeyUsageOIDs != NULL)
    {
        for (i = 0; i < *numOIDs; i++)
        {
            if ((*pKeyUsageOIDs)[i])
                free((*pKeyUsageOIDs)[i]); 
        }

        *numOIDs = 0;

        free(*pKeyUsageOIDs);
        *pKeyUsageOIDs = NULL;
    }
    fRet = FALSE;
    goto CleanUp;
}

//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL AllocAndReturnEKUList(PCCERT_CONTEXT pCert, LPSTR **pKeyUsageOIDs, DWORD *numOIDs)
{
    BOOL                fRet               = TRUE;
    DWORD               cbExtensionUsage   = 0;
    PCERT_ENHKEY_USAGE  pExtensionUsage    = NULL;
    DWORD               cbPropertyUsage    = 0;
    PCERT_ENHKEY_USAGE  pPropertyUsage     = NULL;
    DWORD               i;
    DWORD               numPropUsages = 0;
    
    //
    // get all of the usages from extensions
    //
    if(!CertGetEnhancedKeyUsage (
                pCert,
                CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG,
                NULL,
                &cbExtensionUsage
                )                                                                   ||
        (pExtensionUsage = (PCERT_ENHKEY_USAGE) malloc(cbExtensionUsage)) == NULL   ||
        !CertGetEnhancedKeyUsage (
                pCert,
                CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG,
                pExtensionUsage,
                &cbExtensionUsage
                ) ) {

        // if not found, then we mean everything is OK                
        if( GetLastError() == CRYPT_E_NOT_FOUND) {
            if(pExtensionUsage != NULL)
                free(pExtensionUsage);
            pExtensionUsage = NULL;
        }
        else
            goto ErrorCleanUp;
    }

    //
    // get all of the usages from properties
    //
    if(!CertGetEnhancedKeyUsage (
                pCert,
                CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG,
                NULL,
                &cbPropertyUsage
                )                                                                   ||
        (pPropertyUsage = (PCERT_ENHKEY_USAGE) malloc(cbPropertyUsage)) == NULL   ||
        !CertGetEnhancedKeyUsage (
                pCert,
                CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG,
                pPropertyUsage,
                &cbPropertyUsage
                ) ) {

        // if not found, then we mean everything is OK                
        if( GetLastError() == CRYPT_E_NOT_FOUND) {
            if(pPropertyUsage != NULL)
                free(pPropertyUsage);
            pPropertyUsage = NULL;
        }
        else
            goto ErrorCleanUp;
    }

    *numOIDs = 0;
    
    //
    // if there are usages in the extensions, then that is the
    // available list, otherwise get the global list and add the properties
    //
    if (pExtensionUsage != NULL)
    {
        *pKeyUsageOIDs = (LPSTR *) malloc(pExtensionUsage->cUsageIdentifier * sizeof(LPSTR));
        if (*pKeyUsageOIDs == NULL)
        {
            goto ErrorCleanUp;
        }

        for(i=0; i<pExtensionUsage->cUsageIdentifier; i++) 
        {
            (*pKeyUsageOIDs)[*numOIDs] = 
                    (LPSTR) malloc(strlen(pExtensionUsage->rgpszUsageIdentifier[i])+1);
            if ((*pKeyUsageOIDs)[*numOIDs] == NULL)
            {
                goto ErrorCleanUp;
            }
            strcpy((*pKeyUsageOIDs)[(*numOIDs)++], pExtensionUsage->rgpszUsageIdentifier[i]);
        }
    }
    else
    {
        PCCRYPT_OID_INFO *pCryptOIDInfo;
        DWORD numUsages = 0;

        //
        // use WTHelperGetKnownUsages to get the default list 
        //
        if (!WTHelperGetKnownUsages(WTH_ALLOC, &pCryptOIDInfo))
        {
            goto ErrorCleanUp;
        }
    
        //
        // count the number of oids
        //
        i = 0;
        while (pCryptOIDInfo[i] != NULL)
        {
            numUsages++;
            i++;
        }

        //
        // if there are properties, then count how many there are that
        // are not already in the global list
        //
        if (pPropertyUsage)
        {
            for(i=0; i<pPropertyUsage->cUsageIdentifier; i++) 
            {
                if (!UsageExists(pCryptOIDInfo, pPropertyUsage->rgpszUsageIdentifier[i]))
                {
                    numPropUsages++;
                }
            }
        }

        *pKeyUsageOIDs = (LPSTR *) malloc((numUsages + numPropUsages) * sizeof(LPSTR));
        if (*pKeyUsageOIDs == NULL)
        {
            goto ErrorCleanUp;
        }

        i = 0;
        while (pCryptOIDInfo[i] != NULL)
        {
            (*pKeyUsageOIDs)[*numOIDs] = 
                    (LPSTR) malloc(strlen(pCryptOIDInfo[i]->pszOID)+1);
            if ((*pKeyUsageOIDs)[*numOIDs] == NULL)
            {
                WTHelperGetKnownUsages(WTH_FREE, &pCryptOIDInfo);
                goto ErrorCleanUp;
            }
            strcpy((*pKeyUsageOIDs)[(*numOIDs)++], pCryptOIDInfo[i]->pszOID);
            i++;
        }
        
        //
        // add the property usages
        //
        if (pPropertyUsage)
        {
            for(i=0; i<pPropertyUsage->cUsageIdentifier; i++) 
            {
                if (!UsageExists(pCryptOIDInfo, pPropertyUsage->rgpszUsageIdentifier[i]))
                {
                    (*pKeyUsageOIDs)[*numOIDs] = 
                            (LPSTR) malloc(strlen(pPropertyUsage->rgpszUsageIdentifier[i])+1);
                    if ((*pKeyUsageOIDs)[*numOIDs] == NULL)
                    {
                        WTHelperGetKnownUsages(WTH_FREE, &pCryptOIDInfo);
                        goto ErrorCleanUp;
                    }
                    strcpy((*pKeyUsageOIDs)[(*numOIDs)++], pPropertyUsage->rgpszUsageIdentifier[i]);
                }
            }   
        }

        WTHelperGetKnownUsages(WTH_FREE, &pCryptOIDInfo);
    }
   
CleanUp:

    if(pExtensionUsage != NULL)
        free(pExtensionUsage);

    if(pPropertyUsage != NULL)
        free(pPropertyUsage);

    if ((*numOIDs == 0) && (*pKeyUsageOIDs != NULL))
    {
        free(*pKeyUsageOIDs);
    }

    return(fRet);
 
ErrorCleanUp:

    if (*pKeyUsageOIDs != NULL)
    {
        for(i=0; i<*numOIDs; i++) 
        {
            free(*pKeyUsageOIDs[i]);  
        }
        *numOIDs = 0;
    }
    fRet = FALSE;
    goto CleanUp;
}


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
void FreeEKUList(LPSTR *pKeyUsageOIDs, DWORD numOIDs)
{
    DWORD i;

    if (*pKeyUsageOIDs != NULL)
    {
        for(i=0; i<numOIDs; i++) 
        {
            free(pKeyUsageOIDs[i]);  
        }
        free(pKeyUsageOIDs);
    }
}



//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL MyGetOIDInfo(LPWSTR string, DWORD stringSize, LPSTR pszObjId)
{   
    PCCRYPT_OID_INFO pOIDInfo;
            
    pOIDInfo = CryptFindOIDInfo(
                CRYPT_OID_INFO_OID_KEY, 
                pszObjId, 
                0);

    if (pOIDInfo != NULL)
    {
        if ((DWORD)wcslen(pOIDInfo->pwszName)+1 <= stringSize)
        {
            wcscpy(string, pOIDInfo->pwszName);
        }
        else
        {
            return FALSE;
        }
    }
    else
    {
        return (MultiByteToWideChar(CP_ACP, 0, pszObjId, -1, string, stringSize) != 0);
    }
    return TRUE;
}


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL fPropertiesDisabled(PCERT_ENHKEY_USAGE pPropertyUsage)
{
    if (pPropertyUsage == NULL)
    {
        return FALSE;
    }
    else if (pPropertyUsage->cUsageIdentifier == 0)
    {
        return TRUE;
    }
    else
    {
        return ((pPropertyUsage->cUsageIdentifier == 1) && 
                (strcmp(szOID_YESNO_TRUST_ATTR, pPropertyUsage->rgpszUsageIdentifier[0]) == 0));
    }
}


//////////////////////////////////////////////////////////////////////////////////////
// 
//////////////////////////////////////////////////////////////////////////////////////
BOOL CertHasEmptyEKUProp(PCCERT_CONTEXT pCertContext)
{
    DWORD               cbPropertyUsage = 0;
    PCERT_ENHKEY_USAGE  pPropertyUsage = NULL;
    BOOL                fRet = FALSE;

    // get the extension usages that are in the cert
    if(!CertGetEnhancedKeyUsage (
                pCertContext,
                CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG,
                NULL,
                &cbPropertyUsage
                )                                                                   ||
        (pPropertyUsage = (PCERT_ENHKEY_USAGE) malloc(cbPropertyUsage)) == NULL   ||
        !CertGetEnhancedKeyUsage (
                pCertContext,
                CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG,
                pPropertyUsage,
                &cbPropertyUsage
                ) ) 
    {
        if(GetLastError() == CRYPT_E_NOT_FOUND)
        {
            return FALSE;
        }
    }

    if (pPropertyUsage == NULL)
    {
        return FALSE;
    }

    if ((pPropertyUsage->cUsageIdentifier == 0) ||
        ((pPropertyUsage->cUsageIdentifier == 1) && (strcmp(szOID_YESNO_TRUST_ATTR, pPropertyUsage->rgpszUsageIdentifier[0]) == 0)))
    {
        fRet = TRUE;
    }

    if (pPropertyUsage != NULL)
    {
        free(pPropertyUsage);
    }

    return fRet;
}


//////////////////////////////////////////////////////////////////////////////////////
// This function will validate the cert for the given oid
//////////////////////////////////////////////////////////////////////////////////////
BOOL ValidateCertForUsage(
                    PCCERT_CONTEXT  pCertContext, 
                    FILETIME        *psftVerifyAsOf,
                    DWORD           cStores,
                    HCERTSTORE *    rghStores,
                    HCERTSTORE      hExtraStore,
                    LPCSTR          pszOID)
{
    WINTRUST_DATA               WTD;
    WINTRUST_CERT_INFO          WTCI;
    CRYPT_PROVIDER_DEFUSAGE     cryptProviderDefUsage;
    GUID                        defaultProviderGUID = WINTRUST_ACTION_GENERIC_CERT_VERIFY;
    BOOL                        fUseDefaultProvider;
    BOOL                        fRet = FALSE;
    HCERTSTORE                  *rghLocalStoreArray;
    DWORD                       i;

    //
    // make one array out of the array of hCertStores plus the extra hCertStore
    //
    if (NULL == (rghLocalStoreArray = (HCERTSTORE *) malloc(sizeof(HCERTSTORE) * (cStores+1))))
    {
        return FALSE;
    }
    i=0;
    while (i<cStores)
    {
        rghLocalStoreArray[i] = rghStores[i];
        i++;
    }
    rghLocalStoreArray[i] = hExtraStore;
    
    //
    // initialize structs that are used with WinVerifyTrust()
    //
    memset(&WTD, 0x00, sizeof(WINTRUST_DATA));
    WTD.cbStruct       = sizeof(WINTRUST_DATA);
    WTD.dwUIChoice     = WTD_UI_NONE;
    WTD.dwUnionChoice  = WTD_CHOICE_CERT;
    WTD.pCert          = &WTCI;

    memset(&WTCI, 0x00, sizeof(WINTRUST_CERT_INFO));
    WTCI.cbStruct          = sizeof(WINTRUST_CERT_INFO);
    WTCI.pcwszDisplayName  = L"CryptUI";
    WTCI.psCertContext     = (CERT_CONTEXT *)pCertContext;  
    WTCI.chStores          = cStores+1;
    WTCI.pahStores         = rghLocalStoreArray;
    WTCI.psftVerifyAsOf    = psftVerifyAsOf;

    fUseDefaultProvider = FALSE;

    if (pszOID != NULL)
    {
        memset(&cryptProviderDefUsage, 0, sizeof(cryptProviderDefUsage));
        cryptProviderDefUsage.cbStruct = sizeof(cryptProviderDefUsage);
        if (!(WintrustGetDefaultForUsage(DWACTION_ALLOCANDFILL, pszOID, &cryptProviderDefUsage)))
        {
            // if we can't get a provider to check trust for this usage, then use the default
            // provider to check usage
            fUseDefaultProvider = TRUE;
        } 
    }
    
    //
    //  this call to WVT will verify the chain and return the data in sWTD.hWVTStateData
    //
    if (fUseDefaultProvider)
    {
        // the default default provider requires the policycallback data to point
        // to the usage oid you are validating for, if usage is "all" then wintrust ignores
        // usage checks
        WTD.pPolicyCallbackData = (pszOID != NULL) ? (void *) pszOID : "all";
        WTD.pSIPClientData = NULL;
        if (SUCCEEDED(WinVerifyTrustEx(NULL, &defaultProviderGUID, &WTD)))
        {
            fRet = TRUE;
        }     
    }
    else
    {
        WTD.pPolicyCallbackData = cryptProviderDefUsage.pDefPolicyCallbackData;
        WTD.pSIPClientData = cryptProviderDefUsage.pDefSIPClientData;
        if (SUCCEEDED(WinVerifyTrustEx(NULL, &cryptProviderDefUsage.gActionID, &WTD)))
        {
            fRet = TRUE;
        }
        WintrustGetDefaultForUsage(DWACTION_FREE, szOID_KP_CTL_USAGE_SIGNING, &cryptProviderDefUsage);
    }

    free(rghLocalStoreArray);
    return fRet;
}