crypt32(6/6): Implement CertVerifyCertificateChainPolicy for the
basic constraints policy
Juan Lang
juan.lang at gmail.com
Mon Sep 10 18:15:48 CDT 2007
--Juan
-------------- next part --------------
From 60a7ea3471ec990dbb55eebf3c5dddb749c50ac1 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Mon, 10 Sep 2007 16:12:39 -0700
Subject: [PATCH] Implement CertVerifyCertificateChainPolicy for the basic constraints policy
---
dlls/crypt32/chain.c | 19 +++++++++++++++++++
dlls/crypt32/tests/chain.c | 43 +++++++++++++++----------------------------
2 files changed, 34 insertions(+), 28 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index b716be9..ed23180 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -1126,6 +1126,22 @@ static BOOL WINAPI verify_authenticode_p
return ret;
}
+static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID,
+ PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
+ PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
+{
+ pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = -1;
+ if (pChainContext->TrustStatus.dwErrorStatus &
+ CERT_TRUST_INVALID_BASIC_CONSTRAINTS)
+ {
+ pPolicyStatus->dwError = TRUST_E_BASIC_CONSTRAINTS;
+ find_element_with_error(pChainContext,
+ CERT_TRUST_INVALID_BASIC_CONSTRAINTS, &pPolicyStatus->lChainIndex,
+ &pPolicyStatus->lElementIndex);
+ }
+ return TRUE;
+}
+
typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID,
PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
PCERT_CHAIN_POLICY_STATUS pPolicyStatus);
@@ -1152,6 +1168,9 @@ BOOL WINAPI CertVerifyCertificateChainPo
case (int)CERT_CHAIN_POLICY_AUTHENTICODE:
verifyPolicy = verify_authenticode_policy;
break;
+ case (int)CERT_CHAIN_POLICY_BASIC_CONSTRAINTS:
+ verifyPolicy = verify_basic_constraints_policy;
+ break;
default:
FIXME("unimplemented for %d\n", LOWORD(szPolicyOID));
}
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 17cab3a..e320e79 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1783,50 +1783,37 @@ static ChainPolicyCheck authenticodePoli
static ChainPolicyCheck basicConstraintsPolicyCheck[] = {
{ { sizeof(chain0) / sizeof(chain0[0]), chain0 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain1) / sizeof(chain1[0]), chain1 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain2) / sizeof(chain2[0]), chain2 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain3) / sizeof(chain3[0]), chain3 },
- { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
- TODO_POLICY },
+ { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 },
{ { sizeof(chain4) / sizeof(chain4[0]), chain4 },
- { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
- TODO_POLICY },
+ { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 },
{ { sizeof(chain5) / sizeof(chain5[0]), chain5 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain6) / sizeof(chain6[0]), chain6 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain7) / sizeof(chain7[0]), chain7 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain8) / sizeof(chain8[0]), chain8 },
{ 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
- TODO_POLICY },
+ TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
{ 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
- TODO_POLICY },
+ TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain11) / sizeof(chain11[0]), chain11 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(chain12) / sizeof(chain12[0]), chain12 },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
{ { sizeof(iTunesChain) / sizeof(iTunesChain[0]), iTunesChain },
- { 0, 0, -1, -1, NULL },
- TODO_POLICY },
+ { 0, 0, -1, -1, NULL }, 0 },
};
static void checkChainPolicyStatus(LPCSTR policy, ChainPolicyCheck *check,
--
1.4.1
More information about the wine-patches
mailing list