Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
b1571663
Commit
b1571663
authored
Aug 28, 2007
by
Juan Lang
Committed by
Alexandre Julliard
Aug 29, 2007
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
wintrust: Implement pfnCertificateTrust.
parent
5d7bffa5
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
234 additions
and
2 deletions
+234
-2
softpub.c
dlls/wintrust/softpub.c
+140
-0
softpub.c
dlls/wintrust/tests/softpub.c
+92
-0
wintrust.spec
dlls/wintrust/wintrust.spec
+2
-2
No files found.
dlls/wintrust/softpub.c
View file @
b1571663
...
...
@@ -426,3 +426,143 @@ HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
GetLastError
();
return
ret
?
S_OK
:
S_FALSE
;
}
BOOL
WINAPI
SoftpubCheckCert
(
CRYPT_PROVIDER_DATA
*
data
,
DWORD
idxSigner
,
BOOL
fCounterSignerChain
,
DWORD
idxCounterSigner
)
{
BOOL
ret
;
TRACE
(
"(%p, %d, %d, %d)
\n
"
,
data
,
idxSigner
,
fCounterSignerChain
,
idxCounterSigner
);
if
(
fCounterSignerChain
)
{
FIXME
(
"unimplemented for counter signers
\n
"
);
ret
=
FALSE
;
}
else
{
PCERT_SIMPLE_CHAIN
simpleChain
=
data
->
pasSigners
[
idxSigner
].
pChainContext
->
rgpChain
[
0
];
DWORD
i
;
ret
=
TRUE
;
for
(
i
=
0
;
i
<
simpleChain
->
cElement
;
i
++
)
{
/* Set confidence */
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
dwConfidence
=
0
;
/* The last element in the chain doesn't have an issuer, so it
* can't have a valid time (with respect to its issuer)
*/
if
(
i
!=
simpleChain
->
cElement
-
1
&&
!
(
simpleChain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_NOT_TIME_VALID
))
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
dwConfidence
|=
CERT_CONFIDENCE_TIME
;
if
(
!
(
simpleChain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_NOT_TIME_NESTED
))
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
dwConfidence
|=
CERT_CONFIDENCE_TIMENEST
;
if
(
!
(
simpleChain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_NOT_SIGNATURE_VALID
))
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
dwConfidence
|=
CERT_CONFIDENCE_SIG
;
/* Set additional flags */
if
(
!
(
simpleChain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_UNTRUSTED_ROOT
))
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
fTrustedRoot
=
TRUE
;
if
(
simpleChain
->
rgpElement
[
i
]
->
TrustStatus
.
dwInfoStatus
&
CERT_TRUST_IS_SELF_SIGNED
)
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
fSelfSigned
=
TRUE
;
if
(
simpleChain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_CYCLIC
)
data
->
pasSigners
[
idxSigner
].
pasCertChain
[
i
].
fIsCyclic
=
TRUE
;
}
}
return
ret
;
}
static
BOOL
WINTRUST_CopyChain
(
CRYPT_PROVIDER_DATA
*
data
,
DWORD
signerIdx
)
{
BOOL
ret
;
PCERT_SIMPLE_CHAIN
simpleChain
=
data
->
pasSigners
[
signerIdx
].
pChainContext
->
rgpChain
[
0
];
DWORD
i
;
data
->
pasSigners
[
signerIdx
].
pasCertChain
[
0
].
pChainElement
=
simpleChain
->
rgpElement
[
0
];
ret
=
TRUE
;
for
(
i
=
1
;
ret
&&
i
<
simpleChain
->
cElement
;
i
++
)
{
ret
=
data
->
psPfns
->
pfnAddCert2Chain
(
data
,
signerIdx
,
FALSE
,
0
,
simpleChain
->
rgpElement
[
i
]
->
pCertContext
);
if
(
ret
)
data
->
pasSigners
[
signerIdx
].
pasCertChain
[
i
].
pChainElement
=
simpleChain
->
rgpElement
[
i
];
}
return
ret
;
}
HRESULT
WINAPI
WintrustCertificateTrust
(
CRYPT_PROVIDER_DATA
*
data
)
{
BOOL
ret
;
if
(
!
data
->
csSigners
)
{
ret
=
FALSE
;
SetLastError
(
TRUST_E_NOSIGNATURE
);
}
else
{
DWORD
i
;
ret
=
TRUE
;
for
(
i
=
0
;
i
<
data
->
csSigners
;
i
++
)
{
CERT_CHAIN_PARA
chainPara
=
{
sizeof
(
chainPara
),
{
0
}
};
DWORD
flags
;
if
(
data
->
pRequestUsage
)
memcpy
(
&
chainPara
.
RequestedUsage
,
data
->
pRequestUsage
,
sizeof
(
CERT_USAGE_MATCH
));
if
(
data
->
dwProvFlags
&
CPD_REVOCATION_CHECK_END_CERT
)
flags
=
CERT_CHAIN_REVOCATION_CHECK_END_CERT
;
else
if
(
data
->
dwProvFlags
&
CPD_REVOCATION_CHECK_CHAIN
)
flags
=
CERT_CHAIN_REVOCATION_CHECK_CHAIN
;
else
if
(
data
->
dwProvFlags
&
CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
)
flags
=
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
;
else
flags
=
0
;
/* Expect the end certificate for each signer to be the only
* cert in the chain:
*/
if
(
data
->
pasSigners
[
i
].
csCertChain
)
{
/* Create a certificate chain for each signer */
ret
=
CertGetCertificateChain
(
NULL
,
data
->
pasSigners
[
i
].
pasCertChain
[
0
].
pCert
,
NULL
,
/* FIXME: use data->pasSigners[i].sftVerifyAsOf? */
data
->
chStores
?
data
->
pahStores
[
0
]
:
NULL
,
&
chainPara
,
flags
,
NULL
,
&
data
->
pasSigners
[
i
].
pChainContext
);
if
(
ret
)
{
if
(
data
->
pasSigners
[
i
].
pChainContext
->
cChain
!=
1
)
{
FIXME
(
"unimplemented for more than 1 simple chain
\n
"
);
ret
=
FALSE
;
}
else
{
if
((
ret
=
WINTRUST_CopyChain
(
data
,
i
)))
ret
=
data
->
psPfns
->
pfnCertCheckPolicy
(
data
,
i
,
FALSE
,
0
);
}
}
}
}
}
if
(
!
ret
)
data
->
padwTrustStepErrors
[
TRUSTERROR_STEP_FINAL_CERTPROV
]
=
GetLastError
();
return
ret
?
S_OK
:
S_FALSE
;
}
dlls/wintrust/tests/softpub.c
View file @
b1571663
...
...
@@ -304,6 +304,97 @@ static void testObjTrust(SAFE_PROVIDER_FUNCTIONS *funcs, GUID *actionID)
}
}
static
const
BYTE
selfSignedCert
[]
=
{
0x30
,
0x82
,
0x01
,
0x1f
,
0x30
,
0x81
,
0xce
,
0xa0
,
0x03
,
0x02
,
0x01
,
0x02
,
0x02
,
0x10
,
0xeb
,
0x0d
,
0x57
,
0x2a
,
0x9c
,
0x09
,
0xba
,
0xa4
,
0x4a
,
0xb7
,
0x25
,
0x49
,
0xd9
,
0x3e
,
0xb5
,
0x73
,
0x30
,
0x09
,
0x06
,
0x05
,
0x2b
,
0x0e
,
0x03
,
0x02
,
0x1d
,
0x05
,
0x00
,
0x30
,
0x15
,
0x31
,
0x13
,
0x30
,
0x11
,
0x06
,
0x03
,
0x55
,
0x04
,
0x03
,
0x13
,
0x0a
,
0x4a
,
0x75
,
0x61
,
0x6e
,
0x20
,
0x4c
,
0x61
,
0x6e
,
0x67
,
0x00
,
0x30
,
0x1e
,
0x17
,
0x0d
,
0x30
,
0x36
,
0x30
,
0x36
,
0x32
,
0x39
,
0x30
,
0x35
,
0x30
,
0x30
,
0x34
,
0x36
,
0x5a
,
0x17
,
0x0d
,
0x30
,
0x37
,
0x30
,
0x36
,
0x32
,
0x39
,
0x31
,
0x31
,
0x30
,
0x30
,
0x34
,
0x36
,
0x5a
,
0x30
,
0x15
,
0x31
,
0x13
,
0x30
,
0x11
,
0x06
,
0x03
,
0x55
,
0x04
,
0x03
,
0x13
,
0x0a
,
0x4a
,
0x75
,
0x61
,
0x6e
,
0x20
,
0x4c
,
0x61
,
0x6e
,
0x67
,
0x00
,
0x30
,
0x5c
,
0x30
,
0x0d
,
0x06
,
0x09
,
0x2a
,
0x86
,
0x48
,
0x86
,
0xf7
,
0x0d
,
0x01
,
0x01
,
0x01
,
0x05
,
0x00
,
0x03
,
0x4b
,
0x00
,
0x30
,
0x48
,
0x02
,
0x41
,
0x00
,
0xe2
,
0x54
,
0x3a
,
0xa7
,
0x83
,
0xb1
,
0x27
,
0x14
,
0x3e
,
0x59
,
0xbb
,
0xb4
,
0x53
,
0xe6
,
0x1f
,
0xe7
,
0x5d
,
0xf1
,
0x21
,
0x68
,
0xad
,
0x85
,
0x53
,
0xdb
,
0x6b
,
0x1e
,
0xeb
,
0x65
,
0x97
,
0x03
,
0x86
,
0x60
,
0xde
,
0xf3
,
0x6c
,
0x38
,
0x75
,
0xe0
,
0x4c
,
0x61
,
0xbb
,
0xbc
,
0x62
,
0x17
,
0xa9
,
0xcd
,
0x79
,
0x3f
,
0x21
,
0x4e
,
0x96
,
0xcb
,
0x0e
,
0xdc
,
0x61
,
0x94
,
0x30
,
0x18
,
0x10
,
0x6b
,
0xd0
,
0x1c
,
0x10
,
0x79
,
0x02
,
0x03
,
0x01
,
0x00
,
0x01
,
0x30
,
0x09
,
0x06
,
0x05
,
0x2b
,
0x0e
,
0x03
,
0x02
,
0x1d
,
0x05
,
0x00
,
0x03
,
0x41
,
0x00
,
0x25
,
0x90
,
0x53
,
0x34
,
0xd9
,
0x56
,
0x41
,
0x5e
,
0xdb
,
0x7e
,
0x01
,
0x36
,
0xec
,
0x27
,
0x61
,
0x5e
,
0xb7
,
0x4d
,
0x90
,
0x66
,
0xa2
,
0xe1
,
0x9d
,
0x58
,
0x76
,
0xd4
,
0x9c
,
0xba
,
0x2c
,
0x84
,
0xc6
,
0x83
,
0x7a
,
0x22
,
0x0d
,
0x03
,
0x69
,
0x32
,
0x1a
,
0x6d
,
0xcb
,
0x0c
,
0x15
,
0xb3
,
0x6b
,
0xc7
,
0x0a
,
0x8c
,
0xb4
,
0x5c
,
0x34
,
0x78
,
0xe0
,
0x3c
,
0x9c
,
0xe9
,
0xf3
,
0x30
,
0x9f
,
0xa8
,
0x76
,
0x57
,
0x92
,
0x36
};
static
void
testCertTrust
(
SAFE_PROVIDER_FUNCTIONS
*
funcs
,
GUID
*
actionID
)
{
CRYPT_PROVIDER_DATA
data
=
{
0
};
CRYPT_PROVIDER_SGNR
sgnr
=
{
sizeof
(
sgnr
),
{
0
}
};
HRESULT
ret
;
data
.
padwTrustStepErrors
=
funcs
->
pfnAlloc
(
TRUSTERROR_MAX_STEPS
*
sizeof
(
DWORD
));
if
(
!
data
.
padwTrustStepErrors
)
{
skip
(
"pfnAlloc failed
\n
"
);
return
;
}
ret
=
funcs
->
pfnCertificateTrust
(
&
data
);
ok
(
ret
==
S_FALSE
,
"Expected S_FALSE, got %08x
\n
"
,
ret
);
ok
(
data
.
padwTrustStepErrors
[
TRUSTERROR_STEP_FINAL_CERTPROV
]
==
TRUST_E_NOSIGNATURE
,
"Expected TRUST_E_NOSIGNATURE, got %08x
\n
"
,
data
.
padwTrustStepErrors
[
TRUSTERROR_STEP_FINAL_CERTPROV
]);
ret
=
funcs
->
pfnAddSgnr2Chain
(
&
data
,
FALSE
,
0
,
&
sgnr
);
if
(
ret
)
{
PCCERT_CONTEXT
cert
;
/* An empty signer "succeeds," even though there's no cert */
ret
=
funcs
->
pfnCertificateTrust
(
&
data
);
ok
(
ret
==
S_OK
,
"Expected S_OK, got %08x
\n
"
,
ret
);
cert
=
CertCreateCertificateContext
(
X509_ASN_ENCODING
,
selfSignedCert
,
sizeof
(
selfSignedCert
));
if
(
cert
)
{
WINTRUST_DATA
wintrust_data
=
{
0
};
ret
=
funcs
->
pfnAddCert2Chain
(
&
data
,
0
,
FALSE
,
0
,
cert
);
/* If pWintrustData isn't set, crashes attempting to access
* pWintrustData->fdwRevocationChecks
*/
data
.
pWintrustData
=
&
wintrust_data
;
/* If psPfns isn't set, crashes attempting to access
* psPfns->pfnCertCheckPolicy
*/
data
.
psPfns
=
(
CRYPT_PROVIDER_FUNCTIONS
*
)
funcs
;
ret
=
funcs
->
pfnCertificateTrust
(
&
data
);
ok
(
ret
==
S_OK
,
"Expected S_OK, got %08x
\n
"
,
ret
);
ok
(
data
.
csSigners
==
1
,
"Unexpected number of signers %d
\n
"
,
data
.
csSigners
);
ok
(
data
.
pasSigners
[
0
].
pChainContext
!=
NULL
,
"Expected a certificate chain
\n
"
);
ok
(
data
.
pasSigners
[
0
].
csCertChain
==
1
,
"Unexpected number of chain elements %d
\n
"
,
data
.
pasSigners
[
0
].
csCertChain
);
/* pasSigners and pasSigners[0].pasCertChain are guaranteed to be
* initialized, see tests for pfnAddSgnr2Chain and pfnAddCert2Chain
*/
ok
(
!
data
.
pasSigners
[
0
].
pasCertChain
[
0
].
fTrustedRoot
,
"Didn't expect cert to be trusted
\n
"
);
ok
(
data
.
pasSigners
[
0
].
pasCertChain
[
0
].
fSelfSigned
,
"Expected cert to be self-signed
\n
"
);
ok
(
data
.
pasSigners
[
0
].
pasCertChain
[
0
].
dwConfidence
==
(
CERT_CONFIDENCE_SIG
|
CERT_CONFIDENCE_TIMENEST
),
"Expected CERT_CONFIDENCE_SIG | CERT_CONFIDENCE_TIMENEST, got %08x
\n
"
,
data
.
pasSigners
[
0
].
pasCertChain
[
0
].
dwConfidence
);
CertFreeCertificateContext
(
cert
);
}
}
}
START_TEST
(
softpub
)
{
static
GUID
generic_verify_v2
=
WINTRUST_ACTION_GENERIC_VERIFY_V2
;
...
...
@@ -319,5 +410,6 @@ START_TEST(softpub)
test_utils
(
&
funcs
);
testInitialize
(
&
funcs
,
&
generic_verify_v2
);
testObjTrust
(
&
funcs
,
&
generic_verify_v2
);
testCertTrust
(
&
funcs
,
&
generic_verify_v2
);
}
}
dlls/wintrust/wintrust.spec
View file @
b1571663
...
...
@@ -57,7 +57,7 @@
@ stub OfficeInitializePolicy
@ stub OpenPersonalTrustDBDialog
@ stub SoftpubAuthenticode
@ st
ub SoftpubCheckCert
@ st
dcall SoftpubCheckCert(ptr long long long)
@ stub SoftpubCleanup
@ stub SoftpubDefCertInit
@ stdcall SoftpubDllRegisterServer()
...
...
@@ -112,7 +112,7 @@
@ stdcall WinVerifyTrustEx(long ptr ptr)
@ stdcall WintrustAddActionID(ptr long ptr)
@ stdcall WintrustAddDefaultForUsage(ptr ptr)
@ st
ub WintrustCertificateTrust
@ st
dcall WintrustCertificateTrust(ptr)
@ stub WintrustGetDefaultForUsage
@ stdcall WintrustGetRegPolicyFlags(ptr)
@ stdcall WintrustLoadFunctionPointers(ptr ptr)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment