mirror of
git://source.winehq.org/git/wine.git
synced 2024-10-14 23:02:16 +00:00
crypt32: Implement CertVerifyCertificateChainPolicy for the authenticode policy.
This commit is contained in:
parent
b56f0c5b68
commit
5f06293eb1
|
@ -1069,6 +1069,63 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
static BYTE msTestPubKey1[] = {
|
||||
0x30,0x47,0x02,0x40,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,0xd9,
|
||||
0x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,0xf7,
|
||||
0x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,0x5f,
|
||||
0x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,0x10,
|
||||
0x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
|
||||
static BYTE msTestPubKey2[] = {
|
||||
0x30,0x48,0x02,0x41,0x00,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,
|
||||
0xd9,0x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,
|
||||
0xf7,0x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,
|
||||
0x5f,0x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,
|
||||
0x10,0x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
|
||||
static BYTE msTestPubKey3[] = {
|
||||
0x30,0x47,0x02,0x40,0x9c,0x50,0x05,0x1d,0xe2,0x0e,0x4c,0x53,0xd8,0xd9,0xb5,
|
||||
0xe5,0xfd,0xe9,0xe3,0xad,0x83,0x4b,0x80,0x08,0xd9,0xdc,0xe8,0xe8,0x35,0xf8,
|
||||
0x11,0xf1,0xe9,0x9b,0x03,0x7a,0x65,0x64,0x76,0x35,0xce,0x38,0x2c,0xf2,0xb6,
|
||||
0x71,0x9e,0x06,0xd9,0xbf,0xbb,0x31,0x69,0xa3,0xf6,0x30,0xa0,0x78,0x7b,0x18,
|
||||
0xdd,0x50,0x4d,0x79,0x1e,0xeb,0x61,0xc1,0x02,0x03,0x01,0x00,0x01 };
|
||||
|
||||
static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID,
|
||||
PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
|
||||
PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
|
||||
{
|
||||
BOOL ret = verify_base_policy(szPolicyOID, pChainContext, pPolicyPara,
|
||||
pPolicyStatus);
|
||||
|
||||
if (ret && pPolicyStatus->dwError == CERT_E_UNTRUSTEDROOT)
|
||||
{
|
||||
CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
|
||||
BOOL isMSTestRoot = FALSE;
|
||||
PCCERT_CONTEXT failingCert =
|
||||
pChainContext->rgpChain[pPolicyStatus->lChainIndex]->
|
||||
rgpElement[pPolicyStatus->lElementIndex]->pCertContext;
|
||||
DWORD i;
|
||||
CRYPT_DATA_BLOB keyBlobs[] = {
|
||||
{ sizeof(msTestPubKey1), msTestPubKey1 },
|
||||
{ sizeof(msTestPubKey2), msTestPubKey2 },
|
||||
{ sizeof(msTestPubKey3), msTestPubKey3 },
|
||||
};
|
||||
|
||||
/* Check whether the root is an MS test root */
|
||||
for (i = 0; !isMSTestRoot && i < sizeof(keyBlobs) / sizeof(keyBlobs[0]);
|
||||
i++)
|
||||
{
|
||||
msPubKey.PublicKey.cbData = keyBlobs[i].cbData;
|
||||
msPubKey.PublicKey.pbData = keyBlobs[i].pbData;
|
||||
if (CertComparePublicKeyInfo(
|
||||
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
||||
&failingCert->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
|
||||
isMSTestRoot = TRUE;
|
||||
}
|
||||
if (isMSTestRoot)
|
||||
pPolicyStatus->dwError = CERT_E_UNTRUSTEDTESTROOT;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID,
|
||||
PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
|
||||
PCERT_CHAIN_POLICY_STATUS pPolicyStatus);
|
||||
|
@ -1092,6 +1149,9 @@ BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID,
|
|||
case (int)CERT_CHAIN_POLICY_BASE:
|
||||
verifyPolicy = verify_base_policy;
|
||||
break;
|
||||
case (int)CERT_CHAIN_POLICY_AUTHENTICODE:
|
||||
verifyPolicy = verify_authenticode_policy;
|
||||
break;
|
||||
default:
|
||||
FIXME("unimplemented for %d\n", LOWORD(szPolicyOID));
|
||||
}
|
||||
|
|
|
@ -1750,50 +1750,35 @@ static ChainPolicyCheck basePolicyCheck[] = {
|
|||
|
||||
static ChainPolicyCheck authenticodePolicyCheck[] = {
|
||||
{ { sizeof(chain0) / sizeof(chain0[0]), chain0 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain1) / sizeof(chain1[0]), chain1 },
|
||||
{ 0, TRUST_E_CERT_SIGNATURE, 0, 0, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, TRUST_E_CERT_SIGNATURE, 0, 0, NULL }, 0 },
|
||||
{ { sizeof(chain2) / sizeof(chain2[0]), chain2 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain3) / sizeof(chain3[0]), chain3 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain4) / sizeof(chain4[0]), chain4 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, 0 },
|
||||
{ { sizeof(chain5) / sizeof(chain5[0]), chain5 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain6) / sizeof(chain6[0]), chain6 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain7) / sizeof(chain7[0]), chain7 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain8) / sizeof(chain8[0]), chain8 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, 0 },
|
||||
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
|
||||
{ 0, CERT_E_CHAINING, 0, -1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_CHAINING, 0, -1, NULL }, 0 },
|
||||
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain11) / sizeof(chain11[0]), chain11 },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(chain12) / sizeof(chain12[0]), chain12 },
|
||||
{ 0, TRUST_E_CERT_SIGNATURE, 0, 1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, TRUST_E_CERT_SIGNATURE, 0, 1, NULL }, 0 },
|
||||
{ { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, 0 },
|
||||
{ { sizeof(iTunesChain) / sizeof(iTunesChain[0]), iTunesChain },
|
||||
{ 0, 0, -1, -1, NULL },
|
||||
TODO_POLICY },
|
||||
{ 0, 0, -1, -1, NULL }, 0 },
|
||||
};
|
||||
|
||||
static ChainPolicyCheck basicConstraintsPolicyCheck[] = {
|
||||
|
|
Loading…
Reference in a new issue