Jacek Caban : crypt32: Added support for retrieving certs by URL.

Alexandre Julliard julliard at winehq.org
Fri Sep 6 12:39:52 CDT 2013


Module: wine
Branch: master
Commit: ba4278a73502916f002e2e81100659f8f632dbc3
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=ba4278a73502916f002e2e81100659f8f632dbc3

Author: Jacek Caban <jacek at codeweavers.com>
Date:   Fri Sep  6 13:09:11 2013 +0200

crypt32: Added support for retrieving certs by URL.

---

 dlls/crypt32/chain.c       |   38 +++++++++++++++++++-------------------
 dlls/crypt32/tests/chain.c |    2 +-
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index bbd0aca..1a83dee 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -1972,7 +1972,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
 }
 
 static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, const CERT_CONTEXT *cert,
-        HCERTSTORE store, DWORD type, void *para, PCCERT_CONTEXT prev_issuer)
+        HCERTSTORE store, DWORD type, void *para, DWORD flags, PCCERT_CONTEXT prev_issuer)
 {
     CRYPT_URL_ARRAY *urls;
     PCCERT_CONTEXT issuer;
@@ -2019,7 +2019,7 @@ static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, con
             TRACE("Trying URL %s\n", debugstr_w(urls->rgwszUrl[i]));
 
             res = CryptRetrieveObjectByUrlW(urls->rgwszUrl[i], CONTEXT_OID_CERTIFICATE,
-             CRYPT_CACHE_ONLY_RETRIEVAL /* FIXME */,
+             (flags & CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL) ? CRYPT_CACHE_ONLY_RETRIEVAL : CRYPT_AIA_RETRIEVAL,
              0, (void**)&new_cert, NULL, NULL, NULL, NULL);
             if(!res)
             {
@@ -2047,7 +2047,7 @@ static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, con
 
 static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
         HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer,
-        DWORD *infoStatus)
+        DWORD flags, DWORD *infoStatus)
 {
     PCCERT_CONTEXT issuer = NULL;
     PCERT_EXTENSION ext;
@@ -2076,7 +2076,7 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
                 memcpy(&id.u.IssuerSerialNumber.SerialNumber,
                  &info->CertSerialNumber, sizeof(CRYPT_INTEGER_BLOB));
 
-                issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, prevIssuer);
+                issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
                 if (issuer)
                 {
                     TRACE_(chain)("issuer found by issuer/serial number\n");
@@ -2088,7 +2088,7 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
                 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
 
                 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
-                issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, prevIssuer);
+                issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
                 if (issuer)
                 {
                     TRACE_(chain)("issuer found by key id\n");
@@ -2133,7 +2133,7 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
                      &info->AuthorityCertSerialNumber,
                      sizeof(CRYPT_INTEGER_BLOB));
 
-                    issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, prevIssuer);
+                    issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
                     if (issuer)
                     {
                         TRACE_(chain)("issuer found by directory name\n");
@@ -2147,7 +2147,7 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
             {
                 id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
                 memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
-                issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, prevIssuer);
+                issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
                 if (issuer)
                 {
                     TRACE_(chain)("issuer found by key id\n");
@@ -2160,7 +2160,7 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
     else
     {
         issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_SUBJECT_NAME,
-         &subject->pCertInfo->Issuer, prevIssuer);
+         &subject->pCertInfo->Issuer, flags, prevIssuer);
         TRACE_(chain)("issuer found by name\n");
         *infoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
     }
@@ -2171,7 +2171,7 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine,
  * until reaching a self-signed cert, or until no issuer can be found.
  */
 static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine,
- HCERTSTORE world, PCERT_SIMPLE_CHAIN chain)
+ HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
 {
     BOOL ret = TRUE;
     PCCERT_CONTEXT cert = chain->rgpElement[chain->cElement - 1]->pCertContext;
@@ -2179,7 +2179,7 @@ static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine,
     while (ret && !CRYPT_IsSimpleChainCyclic(chain) &&
      !CRYPT_IsCertificateSelfSigned(cert))
     {
-        PCCERT_CONTEXT issuer = CRYPT_GetIssuer(engine, world, cert, NULL,
+        PCCERT_CONTEXT issuer = CRYPT_GetIssuer(engine, world, cert, NULL, flags,
          &chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus);
 
         if (issuer)
@@ -2210,7 +2210,7 @@ static LPCSTR debugstr_filetime(LPFILETIME pTime)
 }
 
 static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine,
- HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime,
+ HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags,
  PCERT_SIMPLE_CHAIN *ppChain)
 {
     BOOL ret = FALSE;
@@ -2226,7 +2226,7 @@ static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine,
         ret = CRYPT_AddCertToSimpleChain(engine, chain, cert, 0);
         if (ret)
         {
-            ret = CRYPT_BuildSimpleChain(engine, world, chain);
+            ret = CRYPT_BuildSimpleChain(engine, world, flags, chain);
             if (ret)
                 CRYPT_CheckSimpleChain(engine, chain, pTime);
         }
@@ -2241,7 +2241,7 @@ static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine,
 }
 
 static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine,
- PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
+ PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags,
  CertificateChain **ppChain)
 {
     PCERT_SIMPLE_CHAIN simpleChain = NULL;
@@ -2256,7 +2256,7 @@ static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine,
     /* FIXME: only simple chains are supported for now, as CTLs aren't
      * supported yet.
      */
-    if ((ret = CRYPT_GetSimpleChainForCert(engine, world, cert, pTime, &simpleChain)))
+    if ((ret = CRYPT_GetSimpleChainForCert(engine, world, cert, pTime, flags, &simpleChain)))
     {
         CertificateChain *chain = CryptMemAlloc(sizeof(CertificateChain));
 
@@ -2430,7 +2430,7 @@ static CertificateChain *CRYPT_CopyChainToElement(CertificateChain *chain,
 
 static CertificateChain *CRYPT_BuildAlternateContextFromChain(
  CertificateChainEngine *engine, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
- CertificateChain *chain)
+ DWORD flags, CertificateChain *chain)
 {
     CertificateChain *alternate;
 
@@ -2462,7 +2462,7 @@ static CertificateChain *CRYPT_BuildAlternateContextFromChain(
                  chain->context.rgpChain[i]->rgpElement[j + 1]->pCertContext);
 
                 alternateIssuer = CRYPT_GetIssuer(engine, prevIssuer->hCertStore,
-                 subject, prevIssuer, &infoStatus);
+                 subject, prevIssuer, flags, &infoStatus);
             }
         if (alternateIssuer)
         {
@@ -2481,7 +2481,7 @@ static CertificateChain *CRYPT_BuildAlternateContextFromChain(
                 if (ret)
                 {
                     ret = CRYPT_BuildSimpleChain(engine, alternate->world,
-                     alternate->context.rgpChain[i]);
+                     flags, alternate->context.rgpChain[i]);
                     if (ret)
                         CRYPT_CheckSimpleChain(engine,
                          alternate->context.rgpChain[i], pTime);
@@ -2892,7 +2892,7 @@ BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine,
         dump_chain_para(pChainPara);
     /* FIXME: what about HCCE_LOCAL_MACHINE? */
     ret = CRYPT_BuildCandidateChainFromCert(engine, pCertContext, pTime,
-     hAdditionalStore, &chain);
+     hAdditionalStore, dwFlags, &chain);
     if (ret)
     {
         CertificateChain *alternate = NULL;
@@ -2900,7 +2900,7 @@ BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine,
 
         do {
             alternate = CRYPT_BuildAlternateContextFromChain(engine,
-             pTime, hAdditionalStore, chain);
+             pTime, hAdditionalStore, dwFlags, chain);
 
             /* Alternate contexts are added as "lower quality" contexts of
              * chain, to avoid loops in alternate chain creation.
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 96eafa2..ec53539 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3998,7 +3998,7 @@ static void testGetCertChain(void)
     ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError());
 
     if(chain->TrustStatus.dwErrorStatus == CERT_TRUST_IS_PARTIAL_CHAIN) { /* win2k */
-        todo_wine win_skip("winehq cert reported as partial chain, skipping its tests\n");
+        win_skip("winehq cert reported as partial chain, skipping its tests\n");
         pCertFreeCertificateChain(chain);
         CertCloseStore(store, 0);
         return;




More information about the wine-cvs mailing list