Juan Lang : cryptnet: Add stub for verifying revocation via OCSP. - wine-commits

18 Dec 2009

Module: wine
Branch: master
Commit: 41b3b8e4eb78fdf211b059f005cafbdc728ea83a
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=41b3b8e4eb78fdf211b059f005...
Author: Juan Lang juan.lang@gmail.com
Date:   Thu Dec  3 11:51:09 2009 -0800
cryptnet: Add stub for verifying revocation via OCSP.
---
dlls/cryptnet/cryptnet_main.c |   40 ++++++++++++++++++++++++++++++++++++++++
 1 files changed, 40 insertions(+), 0 deletions(-)

diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index 10863a2..d4d0e2c 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1654,6 +1654,42 @@ static DWORD verify_cert_revocation_from_dist_points_ext(
     return error;
 }
+static DWORD verify_cert_revocation_from_aia_ext(
+ const CRYPT_DATA_BLOB *value, PCCERT_CONTEXT cert, DWORD index,
+ FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
+ PCERT_REVOCATION_STATUS pRevStatus)
+{
+    BOOL ret;
+    DWORD error, size;
+    CERT_AUTHORITY_INFO_ACCESS *aia;
+
+    ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_AUTHORITY_INFO_ACCESS,
+     value->pbData, value->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &aia, &size);
+    if (ret)
+    {
+        DWORD i;
+
+        for (i = 0; i < aia->cAccDescr; i++)
+            if (!strcmp(aia->rgAccDescr[i].pszAccessMethod,
+             szOID_PKIX_OCSP))
+            {
+                if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice ==
+                 CERT_ALT_NAME_URL)
+                    FIXME("OCSP URL = %s\n",
+                     debugstr_w(aia->rgAccDescr[i].AccessLocation.u.pwszURL));
+                else
+                    FIXME("unsupported AccessLocation type %d\n",
+                     aia->rgAccDescr[i].AccessLocation.dwAltNameChoice);
+            }
+        LocalFree(aia);
+        /* FIXME: lie and pretend OCSP validated the cert */
+        error = ERROR_SUCCESS;
+    }
+    else
+        error = GetLastError();
+    return error;
+}
+
 static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
  FILETIME *pTime, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
  PCERT_REVOCATION_STATUS pRevStatus)
@@ -1665,6 +1701,10 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
      cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
         error = verify_cert_revocation_from_dist_points_ext(&ext->Value, cert,
          index, pTime, dwFlags, pRevPara, pRevStatus);
+    else if ((ext = CertFindExtension(szOID_AUTHORITY_INFO_ACCESS,
+     cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+        error = verify_cert_revocation_from_aia_ext(&ext->Value, cert,
+         index, pTime, dwFlags, pRevPara, pRevStatus);
     else
     {
         if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)

    