20#define NONAMELESSUNION
23#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
24#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
28#include "wine/unicode.h"
34#define DEFAULT_CYCLE_MODULUS 7
57 for (
i = 0;
i < cStores;
i++)
65 for (
i = 0;
i < cStores;
i++)
120 static const WCHAR caW[] = {
'C',
'A',0 };
121 static const WCHAR myW[] = {
'M',
'y',0 };
122 static const WCHAR trustW[] = {
'T',
'r',
'u',
's',
't',0 };
127 else if (
config->hRestrictedRoot)
156 if(
config->CycleDetectionModulus)
251 TRACE(
"(%p)\n", hChainEngine);
275 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension)))
285 if (
info->AuthorityCertIssuer.cAltEntry &&
286 info->AuthorityCertSerialNumber.cbData)
291 for (
i = 0; !directoryName &&
292 i <
info->AuthorityCertIssuer.cAltEntry;
i++)
293 if (
info->AuthorityCertIssuer.rgAltEntry[
i].dwAltNameChoice
296 &
info->AuthorityCertIssuer.rgAltEntry[
i];
305 FIXME(
"no supported name type in authority key id2\n");
309 else if (
info->KeyId.cbData)
330 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension)))
340 if (
info->CertIssuer.cbData &&
info->CertSerialNumber.cbData)
346 else if (
info->KeyId.cbData)
385 DWORD i,
j, cyclicCertIndex = 0;
388 for (
i = 0; !cyclicCertIndex &&
i <
chain->cElement;
i++)
389 for (
j =
i + 1; !cyclicCertIndex &&
j <
chain->cElement;
j++)
391 chain->rgpElement[
i]->pCertContext->pCertInfo,
392 chain->rgpElement[
j]->pCertContext->pCertInfo))
396 chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
399 for (
i = cyclicCertIndex + 1;
i <
chain->cElement;
i++)
402 chain->cElement = cyclicCertIndex + 1;
410 return chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwErrorStatus
435 if (!
chain->cElement)
440 if (
chain->rgpElement)
446 if (
chain->cElement > 1)
447 chain->rgpElement[
chain->cElement - 2]->TrustStatus.dwInfoStatus
472 for (
i = 0;
i <
chain->cElement;
i++)
500 TRACE_(
chain)(
"Last certificate's signature is invalid\n");
518 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension);
531 if (
info->SubjectType.cbData == 1)
540 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension);
550 constraints->
fCA = defaultIfNotSpecified;
582 DWORD remainingCAs,
BOOL isRoot,
BOOL *pathLengthConstraintViolated)
584 BOOL validBasicConstraints, implicitCA =
FALSE;
611 &constraints, implicitCA)))
613 chainConstraints->
fCA = constraints.
fCA;
614 if (!constraints.
fCA)
616 TRACE_(
chain)(
"chain element %d can't be a CA\n", remainingCAs + 1);
617 validBasicConstraints =
FALSE;
628 TRACE_(
chain)(
"setting path length constraint to %d\n",
639 TRACE_(
chain)(
"remaining CAs %d exceed max path length %d\n",
641 validBasicConstraints =
FALSE;
642 *pathLengthConstraintViolated =
TRUE;
644 return validBasicConstraints;
665 if (constraint[0] ==
'.')
683 DWORD *trustErrorStatus)
697 WCHAR hostname_buf[255];
708 if (colon && *(colon + 1) ==
'/' && *(colon + 2) ==
'/')
723 for (colon = authority_end; colon >=
name && *colon !=
':' &&
724 *colon !=
'@'; colon--)
727 authority_end = colon;
738 hostname_buf[authority_end -
name] = 0;
752 DWORD *trustErrorStatus)
763 else if (
strchrW(constraint,
'@'))
776 DWORD *trustErrorStatus)
833 else if (
name->cbData ==
sizeof(
DWORD) &&
846 else if (
name->cbData == 16 && constraint->
cbData == 32)
851 subnet = constraint->
pbData;
899 name->u.pwszURL, trustErrorStatus);
903 name->u.pwszURL, trustErrorStatus);
907 name->u.pwszURL, trustErrorStatus);
911 &
name->u.IPAddress, trustErrorStatus);
915 &
name->u.DirectoryName);
918 ERR(
"name choice %d unsupported in this context\n",
960 cert->cExtension,
cert->rgExtension);
963 cert->cExtension,
cert->rgExtension);
976 &subjectAltName, &
size))
982 BOOL nameFormPresent;
994 TRACE_(
chain)(
"subject alternate name form %d excluded\n",
999 nameFormPresent =
FALSE;
1002 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1004 TRACE_(
chain)(
"subject alternate name form %d not permitted\n",
1006 *trustErrorStatus |=
1013 *trustErrorStatus |=
1070 for (
i = 0;
i <
name->cRDN;
i++)
1071 for (
j = 0;
j <
name->rgRDN[
i].cRDNAttr;
j++)
1075 BOOL nameFormPresent;
1084 &
name->rgRDN[
i].rgRDNAttr[
j], nameConstraints,
1088 "email address in subject name is excluded\n");
1089 *trustErrorStatus |=
1092 nameFormPresent =
FALSE;
1094 &
name->rgRDN[
i].rgRDNAttr[
j], nameConstraints,
1095 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1098 "email address in subject name is not permitted\n");
1099 *trustErrorStatus |=
1106 *trustErrorStatus |=
1116 else if (
name->cbData == 2 &&
name->pbData[1] == 0)
1144 hasEmailConstraint =
TRUE;
1149 hasEmailConstraint =
TRUE;
1150 if (hasEmailConstraint)
1162 *trustErrorStatus |=
1183 hasDirectoryConstraint =
TRUE;
1188 if (hasDirectoryConstraint && !
match)
1198 DWORD *trustErrorStatus)
1222 cert->rgExtension)))
1227 ext->Value.pbData,
ext->Value.cbData,
1245 if (!
info->cPermittedSubtree && !
info->cExcludedSubtree)
1247 WARN_(
chain)(
"constraints contain no permitted nor excluded subtree\n");
1262 for (
i = 0;
ret &&
i <
info->cPermittedSubtree;
i++)
1263 if (
info->rgPermittedSubtree[
i].dwMinimum ||
1264 info->rgPermittedSubtree[
i].fMaximum)
1266 TRACE_(
chain)(
"found a minimum or maximum in permitted subtrees\n");
1269 for (
i = 0;
ret &&
i <
info->cExcludedSubtree;
i++)
1270 if (
info->rgExcludedSubtree[
i].dwMinimum ||
1271 info->rgExcludedSubtree[
i].fMaximum)
1273 TRACE_(
chain)(
"found a minimum or maximum in excluded subtrees\n");
1295 for (
i =
chain->cElement - 1;
i > 0;
i--)
1300 chain->rgpElement[
i]->pCertContext->pCertInfo)))
1303 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1307 for (
j =
i - 1;
j >= 0;
j--)
1309 DWORD errorStatus = 0;
1315 chain->rgpElement[
j]->pCertContext))
1318 chain->rgpElement[
j]->pCertContext->pCertInfo,
1322 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1325 &
chain->rgpElement[
i]->TrustStatus);
1328 chain->rgpElement[
i]->TrustStatus.dwInfoStatus |=
1345 cert->pCertInfo->rgExtension);
1374 FIXME(
"unsupported policy %s\n",
1385 for (
i =
chain->cElement - 1;
i > 0;
i--)
1391 for (
j =
i - 1;
j >= 0;
j--)
1393 DWORD errorStatus = 0;
1396 chain->rgpElement[
j]->pCertContext->pCertInfo, &errorStatus);
1399 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1402 &
chain->rgpElement[
i]->TrustStatus);
1430 switch (
entry->dwAltNameChoice)
1433 TRACE_(
chain)(
"CERT_ALT_NAME_OTHER_NAME, oid = %s\n",
1453 TRACE_(
chain)(
"CERT_ALT_NAME_IP_ADDRESS: %d bytes\n",
1454 entry->u.IPAddress.cbData);
1457 TRACE_(
chain)(
"CERT_ALT_NAME_REGISTERED_ID: %s\n",
1472 ext->Value.pbData,
ext->Value.cbData,
1478 for (
i = 0;
i <
name->cAltEntry;
i++)
1495 info->fPathLenConstraint ?
"has" :
"doesn't have");
1526#define trace_usage_bit(bits, bit) \
1527 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
1539#undef trace_usage_bit
1548 TRACE_(
chain)(
"dwMinimum = %d, fMaximum = %d, dwMaximum = %d\n",
1558 ext->Value.pbData,
ext->Value.cbData,
1597 pszPolicyQualifierId));
1615 for (
i = 0;
i <
usage->cUsageIdentifier;
i++)
1629#define trace_cert_type_bit(bits, bit) \
1630 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
1643#undef trace_cert_type_bit
1650 ext->fCritical ?
"" :
"not ");
1681 if (!
time)
return "(null)";
1719 for (
i = 0;
i <
cert->pCertInfo->cExtension;
i++)
1731 cert->pCertInfo->rgExtension);
1742 else if (
usage.cbData > 2)
1782 WARN_(
chain)(
"keyCertSign not asserted on a CA cert\n");
1793 WARN_(
chain)(
"keyCertSign asserted on a non-CA cert\n");
1807 for (
i = 0;
ret &&
i <
cert->pCertInfo->cExtension;
i++)
1809 if (
cert->pCertInfo->rgExtension[
i].fCritical)
1811 LPCSTR oid =
cert->pCertInfo->rgExtension[
i].pszObjId;
1831 FIXME(
"unsupported critical extension %s\n",
1845 switch (
cert->pCertInfo->dwVersion)
1853 if (
cert->pCertInfo->IssuerUniqueId.cbData ||
1854 cert->pCertInfo->SubjectUniqueId.cbData)
1859 if (
cert->pCertInfo->cExtension)
1866 if (
cert->pCertInfo->cExtension)
1873 WARN_(
chain)(
"invalid cert version %d\n",
cert->pCertInfo->dwVersion);
1884 BOOL pathLengthConstraintViolated =
FALSE;
1888 TRACE_(
chain)(
"checking chain with %d elements for time %s\n",
1890 for (
i =
chain->cElement - 1;
i >= 0;
i--)
1896 if (
i ==
chain->cElement - 1)
1898 chain->rgpElement[
i]->pCertContext);
1906 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1910 chain->rgpElement[
i]->pCertContext->pCertInfo) != 0)
1911 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1918 (
void *)
chain->rgpElement[
i - 1]->pCertContext,
1920 (
void *)
chain->rgpElement[
i]->pCertContext, 0,
NULL))
1921 chain->rgpElement[
i - 1]->TrustStatus.dwErrorStatus |=
1926 if (pathLengthConstraintViolated)
1927 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1930 chain->rgpElement[
i]->pCertContext, &constraints,
i - 1, isRoot,
1931 &pathLengthConstraintViolated))
1932 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1945 chain->rgpElement[
i]->pCertContext, &constraints,
FALSE))
1946 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1950 isRoot, constraints.
fCA,
i))
1951 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1958 pathLengthConstraintViolated =
TRUE;
1959 chain->TrustStatus.dwErrorStatus |=
1965 chain->rgpElement[
i]->pCertContext))
1966 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1970 &
chain->rgpElement[
i]->TrustStatus);
2079 if (
info->CertIssuer.cbData &&
info->CertSerialNumber.cbData)
2082 memcpy(&
id.
u.IssuerSerialNumber.Issuer, &
info->CertIssuer,
2084 memcpy(&
id.
u.IssuerSerialNumber.SerialNumber,
2090 TRACE_(
chain)(
"issuer found by issuer/serial number\n");
2094 else if (
info->KeyId.cbData)
2123 if (
info->AuthorityCertIssuer.cAltEntry &&
2124 info->AuthorityCertSerialNumber.cbData)
2129 for (
i = 0; !directoryName &&
2130 i <
info->AuthorityCertIssuer.cAltEntry;
i++)
2131 if (
info->AuthorityCertIssuer.rgAltEntry[
i].dwAltNameChoice
2134 &
info->AuthorityCertIssuer.rgAltEntry[
i];
2138 memcpy(&
id.
u.IssuerSerialNumber.Issuer,
2140 memcpy(&
id.
u.IssuerSerialNumber.SerialNumber,
2141 &
info->AuthorityCertSerialNumber,
2147 TRACE_(
chain)(
"issuer found by directory name\n");
2152 FIXME(
"no supported name type in authority key id2\n");
2154 else if (
info->KeyId.cbData)
2191 &
chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwInfoStatus);
2196 chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwInfoStatus);
2205 TRACE_(
chain)(
"Couldn't find issuer, halting chain creation\n");
2274 chain->world = world;
2277 chain->context.cChain = 1;
2279 chain->context.rgpChain[0] = simpleChain;
2280 chain->context.cLowerQualityChainContext = 0;
2281 chain->context.rgpLowerQualityChainContext =
NULL;
2282 chain->context.fHasRevocationFreshnessTime =
FALSE;
2283 chain->context.dwRevocationFreshnessTime = 0;
2307 if (
copy->rgpElement)
2314 for (
i = 0;
ret &&
i <= iElement;
i++)
2323 chain->rgpElement[
i]->pCertContext);
2335 for (
i = 0;
i <= iElement;
i++)
2355 for (
i = 0;
i <
chain->context.cLowerQualityChainContext;
i++)
2358 chain->context.cLowerQualityChainContext = 0;
2359 chain->context.rgpLowerQualityChainContext =
NULL;
2367 for (
i = 0;
i <
chain->context.cChain;
i++)
2391 copy->context.cLowerQualityChainContext = 0;
2392 copy->context.rgpLowerQualityChainContext =
NULL;
2393 copy->context.fHasRevocationFreshnessTime =
FALSE;
2394 copy->context.dwRevocationFreshnessTime = 0;
2397 if (
copy->context.rgpChain)
2406 for (
i = 0;
ret && iChain &&
i < iChain - 1;
i++)
2408 copy->context.rgpChain[
i] =
2410 chain->context.rgpChain[
i]->cElement - 1);
2411 if (!
copy->context.rgpChain[
i])
2419 copy->context.rgpChain[
i] =
2422 if (!
copy->context.rgpChain[
i])
2431 copy->context.cChain = iChain + 1;
2454 if (
chain->context.cLowerQualityChainContext)
2456 chain->context.cLowerQualityChainContext - 1];
2458 if (
chain->context.cChain <= 1 &&
chain->context.rgpChain[0]->cElement <= 1)
2466 for (
i = 0; !alternateIssuer &&
i <
chain->context.cChain;
i++)
2467 for (
j = 0; !alternateIssuer &&
2468 j <
chain->context.rgpChain[
i]->cElement - 1;
j++)
2471 chain->context.rgpChain[
i]->rgpElement[
j]->pCertContext;
2473 chain->context.rgpChain[
i]->rgpElement[
j + 1]->pCertContext);
2476 subject, prevIssuer,
flags, &infoStatus);
2478 if (alternateIssuer)
2510 TRACE(
"%p\n", alternate);
2514#define CHAIN_QUALITY_SIGNATURE_VALID 0x16
2515#define CHAIN_QUALITY_TIME_VALID 8
2516#define CHAIN_QUALITY_COMPLETE_CHAIN 4
2517#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2
2518#define CHAIN_QUALITY_TRUSTED_ROOT 1
2520#define CHAIN_QUALITY_HIGHEST \
2521 CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \
2522 CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
2523 CHAIN_QUALITY_TRUSTED_ROOT
2525#define IS_TRUST_ERROR_SET(TrustStatus, bits) \
2526 (TrustStatus)->dwErrorStatus & (bits)
2534 quality &= ~CHAIN_QUALITY_TRUSTED_ROOT;
2537 quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS;
2540 quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;
2543 quality &= ~CHAIN_QUALITY_TIME_VALID;
2546 quality &= ~CHAIN_QUALITY_SIGNATURE_VALID;
2565 for (
i = 0;
i <
chain->context.cLowerQualityChainContext;
i++)
2573 chain->context.cLowerQualityChainContext;
2575 chain->context.rgpLowerQualityChainContext;
2578 chain->context.cLowerQualityChainContext = 0;
2579 chain->context.rgpLowerQualityChainContext =
NULL;
2591 if (
chain->context.cLowerQualityChainContext)
2592 chain->context.rgpLowerQualityChainContext =
2594 (
chain->context.cLowerQualityChainContext + 1) *
2597 chain->context.rgpLowerQualityChainContext =
2599 if (
chain->context.rgpLowerQualityChainContext)
2601 chain->context.rgpLowerQualityChainContext[
2602 chain->context.cLowerQualityChainContext++] =
2619 if (iElement +
chain->rgpChain[
j]->cElement <
i)
2620 iElement +=
chain->rgpChain[
j]->cElement;
2645 for (
i = 0, cContext = 0;
i <
chain->cChain;
i++)
2647 if (i < chain->cChain - 1 ||
2649 cContext +=
chain->rgpChain[
i]->cElement;
2651 cContext +=
chain->rgpChain[
i]->cElement - 1;
2658 DWORD i,
j, iContext, revocationFlags;
2661 {
sizeof(revocationStatus), 0 };
2678 revocationPara.dwUrlRetrievalTimeout =
2680 revocationPara.fCheckFreshnessTime =
2682 revocationPara.dwFreshnessTime =
2685 for (
i = 0, iContext = 0; iContext < cContext &&
i <
chain->cChain;
i++)
2687 for (
j = 0; iContext < cContext &&
2688 j <
chain->rgpChain[
i]->cElement;
j++, iContext++)
2691 chain->rgpChain[
i]->rgpElement[
j]->pCertContext;
2693 if (j < chain->rgpChain[
i]->cElement - 1)
2695 chain->rgpChain[
i]->rgpElement[
j + 1]->pCertContext;
2700 revocationFlags, &revocationPara, &revocationStatus);
2712 switch (revocationStatus.
dwError)
2730 WARN(
"unmapped error %08x\n", revocationStatus.
dwError);
2749 pChainPara->RequestedUsage.Usage.cUsageIdentifier)
2756 endCert =
chain->rgpChain[0]->rgpElement[0]->pCertContext;
2791 validForUsage =
TRUE;
2792 for (
i = 0; validForUsage &&
2801 validForUsage =
FALSE;
2809 validForUsage =
FALSE;
2810 for (
i = 0; !validForUsage &&
2813 for (
j = 0; !validForUsage &&
2814 j <
usage->cUsageIdentifier;
j++)
2823 validForUsage =
FALSE;
2835 TRACE_(
chain)(
"requested usage from certificate with no usages\n");
2836 validForUsage =
TRUE;
2840 chain->TrustStatus.dwErrorStatus |=
2842 chain->rgpChain[0]->rgpElement[0]->TrustStatus.dwErrorStatus |=
2847 pChainPara->RequestedIssuancePolicy.Usage.cUsageIdentifier)
2848 FIXME(
"unimplemented for RequestedIssuancePolicy\n");
2888 TRACE(
"(%p, %p, %s, %p, %p, %08x, %p, %p)\n", hChainEngine,
pCertContext,
2929 }
while (
ret && alternate);
2953 TRACE(
"(%p)\n", pChainContext);
2957 return pChainContext;
2964 TRACE(
"(%p)\n", pChainContext);
2977 FIXME(
"(%p, %08x, %08x, %d, %p, %p): stub\n", store, certEncodingType,
2978 findFlags, findType, findPara, prevChainContext);
2987 for (
i = 0;
i <
chain->cChain;
i++)
2988 for (
j = 0;
j <
chain->rgpChain[
i]->cElement;
j++)
2989 if (
chain->rgpChain[
i]->rgpElement[
j]->TrustStatus.dwErrorStatus &
3005 checks = pPolicyPara->
dwFlags;
3024 if (!pPolicyStatus->
dwError &&
3033 if (!pPolicyStatus->
dwError &&
3041 if (!pPolicyStatus->
dwError &&
3051 if (!pPolicyStatus->
dwError &&
30650x30,0x47,0x02,0x40,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,0xd9,
30660x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,0xf7,
30670x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,0x5f,
30680x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,0x10,
30690x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
30710x30,0x47,0x02,0x40,0x9c,0x50,0x05,0x1d,0xe2,0x0e,0x4c,0x53,0xd8,0xd9,0xb5,
30720xe5,0xfd,0xe9,0xe3,0xad,0x83,0x4b,0x80,0x08,0xd9,0xdc,0xe8,0xe8,0x35,0xf8,
30730x11,0xf1,0xe9,0x9b,0x03,0x7a,0x65,0x64,0x76,0x35,0xce,0x38,0x2c,0xf2,0xb6,
30740x71,0x9e,0x06,0xd9,0xbf,0xbb,0x31,0x69,0xa3,0xf6,0x30,0xa0,0x78,0x7b,0x18,
30750xdd,0x50,0x4d,0x79,0x1e,0xeb,0x61,0xc1,0x02,0x03,0x01,0x00,0x01 };
3122 isMSTestRoot =
TRUE;
3162 ext->Value.pbData,
ext->Value.cbData,
3182 if (
subjectName->rgAltEntry[
i].u.pwszDNSName[0] ==
'*')
3199 if (server_name_dot)
3223 for (
j = 0;
j <
name->rgRDN[
i].cRDNAttr;
j++)
3225 name->rgRDN[
i].rgRDNAttr[
j].pszObjId))
3245 LPCWSTR allowed_ptr, server_ptr;
3248 *see_wildcard =
FALSE;
3250 if (server_len < allowed_len)
3252 WARN_(
chain)(
"domain component %s too short for %s\n",
3260 for (allowed_ptr = allowed_component, server_ptr = server_component;
3261 matches && allowed_ptr - allowed_component < allowed_len;
3262 allowed_ptr++, server_ptr++)
3264 if (*allowed_ptr ==
'*')
3266 if (allowed_ptr - allowed_component < allowed_len - 1)
3268 WARN_(
chain)(
"non-wildcard characters after wildcard not supported\n");
3271 else if (!allow_wildcards)
3273 WARN_(
chain)(
"wildcard after non-wildcard component\n");
3281 *see_wildcard =
TRUE;
3288 if (
matches && server_ptr - server_component < server_len)
3293 matches = *allowed_ptr ==
'*';
3301 LPCWSTR allowed_component = allowed;
3313 while (allowed_len && allowed_component[allowed_len - 1] == 0)
3333 LPCWSTR allowed_dot, server_dot;
3335 allowed_dot =
memchrW(allowed_component,
'.',
3336 allowed_len - (allowed_component - allowed));
3337 server_dot =
memchrW(server_component,
'.',
3340 if ((!allowed_dot && server_dot) || (allowed_dot && !server_dot))
3343 WARN_(
chain)(
"%s: too many components for CN=%s\n",
3346 WARN_(
chain)(
"%s: not enough components for CN=%s\n",
3352 LPCWSTR allowed_end, server_end;
3355 allowed_end = allowed_dot ? allowed_dot : allowed + allowed_len;
3356 server_end = server_dot ? server_dot :
server_name + server_len;
3358 allowed_end - allowed_component, server_component,
3359 server_end - server_component, allow_wildcards, &has_wildcard);
3364 allow_wildcards =
FALSE;
3367 allowed_component = allowed_dot ? allowed_dot + 1 : allowed_end;
3368 server_component = server_dot ? server_dot + 1 : server_end;
3371 }
while (
matches && allowed_component &&
3372 allowed_component - allowed < allowed_len &&
3373 server_component && server_component -
server_name < server_len);
3386 cert->pCertInfo->Subject.pbData,
cert->pCertInfo->Subject.cbData,
3400 WCHAR component[255];
3407 WARN_(
chain)(
"domain component %s too long\n",
3417 ptr = dot ? dot + 1 :
end;
3546 if (!pPolicyStatus->
dwError && pPolicyPara &&
35900x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,
35910x64,0x9b,0xf5,0x89,0xaf,0x28,0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,
35920xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce,0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,
35930x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32,0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,
35940xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09,0xc9,0x2c,0x6f,0xa6,0xc2,0x60,
35950x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2,0x59,0x56,0x24,0xf3,0xe5,
35960x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a,0x71,0x50,0x1d,0x2d,
35970xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32,0x07,0xe1,0x61,
35980x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b,0xd1,0x3e,
35990x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1,0x94,
36000xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb,
36010x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,
36020x8e,0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,
36030xbd,0x3d,0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,
36040x61,0x98,0x65,0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,
36050x63,0xa9,0x30,0x40,0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,
36060x0b,0x87,0xff,0xc9,0xbe,0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,
36070x09,0x88,0x7b,0xcd,0x72,0xbc,0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01 };
36090x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,
36100x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78,0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,
36110x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d,0xa2,0x20,0x3e,0x7c,0x51,0xa2,
36120x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79,0xee,0xac,0x76,0xc9,0x54,
36130xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3,0xc5,0x6b,0x7a,0x62,
36140x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf,0x2d,0x66,0x9a,
36150x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1,0x46,0xe7,
36160x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3,0x84,
36170x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9,
36180x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,
36190x2b,0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,
36200x87,0xf7,0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,
36210xbf,0x3a,0xec,0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,
36220xcc,0x96,0x09,0x28,0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,
36230x3c,0x56,0xff,0x5b,0xfb,0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,
36240xb6,0x3b,0x5e,0x16,0x81,0x77,0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,
36250xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c,0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,
36260xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13,0x85,0xdf,0x02,0x03,0x01,0x00,0x01 };
36280x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,
36290x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35,0x08,0x3c,0x75,0x84,0xcd,0xb7,
36300x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa,0x91,0x68,0x5a,0x9e,0x94,
36310x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94,0x0e,0x58,0xfa,0x04,
36320x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b,0x93,0xe5,0x9d,
36330x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e,0xe1,0x09,
36340x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3,0xae,
36350x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7,
36360xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,
36370xe4,0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,
36380x91,0xb4,0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,
36390x6d,0xaf,0x90,0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,
36400xb7,0xe1,0x11,0x60,0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,
36410xd5,0xc3,0x7e,0xe5,0x92,0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,
36420xf3,0xb5,0x6e,0xf8,0x9f,0x33,0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,
36430xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3,0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,
36440x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12,0x33,0x95,0x31,0x99,0xc8,0x35,0x08,
36450x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63,0x32,0x59,0x40,0x36,0xc0,0xa5,
36460x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58,0xbf,0xef,0x3f,0x53,0x64,
36470xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04,0x4d,0x9e,0xd6,0x38,
36480x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5,0x4b,0x6f,0xb0,
36490x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3,0x61,0xb9,
36500x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f,0x28,
36510x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc,
36520x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,
36530xdb,0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,
36540xce,0x53,0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,
36550x90,0xdf,0x81,0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,
36560x31,0xbb,0x06,0x2d,0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,
36570xeb,0x15,0xd5,0x24,0xa5,0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,
36580x5b,0xfc,0xd1,0x33,0x00,0xf9,0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,
36590x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b,0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,
36600xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde,0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,
36610x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04,0x26,0x7c,0xd4,0x16,0x40,0xe5,
36620xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1,0x35,0x02,0x03,0x01,0x00,
3693 &
root->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
3726 pPolicyPara, pPolicyStatus);
3732 switch (
LOWORD(szPolicyOID))
3750 FIXME(
"unimplemented for %d\n",
LOWORD(szPolicyOID));
3759 (
void **)&verifyPolicy, &hFunc);
3762 ret = verifyPolicy(szPolicyOID, pChainContext, pPolicyPara,
int strcmp(const char *String1, const char *String2)
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
#define InterlockedIncrement
#define InterlockedDecrement
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
INT copy(TCHAR source[MAX_PATH], TCHAR dest[MAX_PATH], INT append, DWORD lpdwFlags, BOOL bTouch)
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
DWORD cert_name_to_str_with_indent(DWORD dwCertEncodingType, DWORD indent, const CERT_NAME_BLOB *pName, DWORD dwStrType, LPWSTR psz, DWORD csz) DECLSPEC_HIDDEN
BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType, PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID rgpvContext[], DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType, DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN)
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType, PCERT_INFO pCertId1, PCERT_INFO pCertId2)
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify, PCERT_INFO pCertInfo)
BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1, PCRYPT_INTEGER_BLOB pInt2)
PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
static void dump_netscape_cert_type(const CERT_EXTENSION *ext)
BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext)
static void CRYPT_CheckSimpleChainForCycles(PCERT_SIMPLE_CHAIN chain)
static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores)
static CertificateChainEngine * default_lm_engine
static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain **ppChain)
static void CRYPT_CheckPolicies(const CERT_POLICIES_INFO *policies, CERT_INFO *cert, DWORD *errorStatus)
static BOOL CRYPT_AddAlternateChainToChain(CertificateChain *chain, const CertificateChain *alternate)
static BOOL match_dns_to_subject_alt_name(const CERT_EXTENSION *ext, LPCWSTR server_name)
static CertificateChainEngine * get_chain_engine(HCERTCHAINENGINE handle, BOOL allow_default)
static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store)
static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain, LPFILETIME pTime, HCERTSTORE hAdditionalStore, const CERT_CHAIN_PARA *pChainPara, DWORD chainFlags)
struct _CERT_CHAIN_PARA_NO_EXTRA_FIELDS CERT_CHAIN_PARA_NO_EXTRA_FIELDS
static void free_chain_engine(CertificateChainEngine *engine)
static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
#define CHAIN_QUALITY_HIGHEST
static void dump_policy_para(PCERT_CHAIN_POLICY_PARA para)
static void dump_extension(const CERT_EXTENSION *ext)
static BOOL CRYPT_AddCertToSimpleChain(const CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
void default_chain_engine_free(void)
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
static BOOL url_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, const CRYPT_DATA_BLOB *name, DWORD *trustErrorStatus)
static BYTE msTestPubKey2[]
static BOOL find_matching_domain_component(const CERT_NAME_INFO *name, LPCWSTR component)
static void dump_basic_constraints(const CERT_EXTENSION *ext)
static void dump_key_usage(const CERT_EXTENSION *ext)
static BOOL CRYPT_KeyUsageValid(CertificateChainEngine *engine, PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, DWORD index)
#define IS_TRUST_ERROR_SET(TrustStatus, bits)
struct _CertificateChain CertificateChain
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_FreeLowerQualityChains(CertificateChain *chain)
void WINAPI CertFreeCertificateChainEngine(HCERTCHAINENGINE hChainEngine)
static BOOL rfc822_attr_matches_excluded_name(const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static void dump_enhanced_key_usage(const CERT_EXTENSION *ext)
struct _CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT
static BOOL dns_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
static BOOL domain_name_matches(LPCWSTR constraint, LPCWSTR name)
BOOL WINAPI CertCreateCertificateChainEngine(PCERT_CHAIN_ENGINE_CONFIG pConfig, HCERTCHAINENGINE *phChainEngine)
static void dump_basic_constraints2(const CERT_EXTENSION *ext)
static void find_element_with_error(PCCERT_CHAIN_CONTEXT chain, DWORD error, LONG *iChain, LONG *iElement)
static CertificateChain * CRYPT_CopyChainToElement(CertificateChain *chain, DWORD iChain, DWORD iElement)
static BOOL CRYPT_IsValidNameConstraint(const CERT_NAME_CONSTRAINTS_INFO *info)
static void dump_alt_name(LPCSTR type, const CERT_EXTENSION *ext)
static void dump_ssl_extra_chain_policy_para(HTTPSPolicyCallbackData *sslPara)
static CERT_POLICIES_INFO * CRYPT_GetPolicies(PCCERT_CONTEXT cert)
static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static BOOL rfc822_attr_matches_permitted_name(const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
#define DEFAULT_CYCLE_MODULUS
static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store, PCCERT_CONTEXT cert)
PCCERT_CHAIN_CONTEXT WINAPI CertFindChainInStore(HCERTSTORE store, DWORD certEncodingType, DWORD findFlags, DWORD findType, const void *findPara, PCCERT_CHAIN_CONTEXT prevChainContext)
static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain, const CERT_CHAIN_PARA *pChainPara)
static void dump_usage_match(LPCSTR name, const CERT_USAGE_MATCH *usageMatch)
static BOOL CRYPT_IsCertVersionValid(PCCERT_CONTEXT cert)
static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
static LPCSTR debugstr_filetime(LPFILETIME pTime)
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
static BOOL CRYPT_CheckBasicConstraintsForCA(CertificateChainEngine *engine, PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints, DWORD remainingCAs, BOOL isRoot, BOOL *pathLengthConstraintViolated)
static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name)
PCCERT_CHAIN_CONTEXT WINAPI CertDuplicateCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
#define trace_cert_type_bit(bits, bit)
static BOOL alt_name_matches_excluded_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
static CertificateChain * CRYPT_BuildAlternateContextFromChain(CertificateChainEngine *engine, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain *chain)
static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine, HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer, DWORD flags, DWORD *infoStatus)
static CertificateChain * CRYPT_ChooseHighestQualityChain(CertificateChain *chain)
static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
static PCERT_CHAIN_ELEMENT CRYPT_FindIthElementInChain(const CERT_CHAIN_CONTEXT *chain, DWORD i)
static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name)
static void CRYPT_CheckNameConstraints(const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, DWORD *trustErrorStatus)
static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
static BOOL CRYPT_IsEmptyName(const CERT_NAME_BLOB *name)
static const WCHAR rootW[]
#define trace_usage_bit(bits, bit)
static void dump_alt_name_entry(const CERT_ALT_NAME_ENTRY *entry)
static BOOL match_common_name(LPCWSTR server_name, const CERT_RDN_ATTR *nameAttr)
static PCERT_SIMPLE_CHAIN CRYPT_CopySimpleChainToElement(const CERT_SIMPLE_CHAIN *chain, DWORD iElement)
static LPCSTR filetime_to_str(const FILETIME *time)
HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
static void CRYPT_CheckRootCert(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
static void dump_name_constraints(const CERT_EXTENSION *ext)
static CERT_NAME_CONSTRAINTS_INFO * CRYPT_GetNameConstraints(CERT_INFO *cert)
static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified)
static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name, const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present)
static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint, const CERT_NAME_BLOB *name)
static void dump_authenticode_extra_chain_policy_para(AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA *extraPara)
static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
static void CRYPT_AddStoresToCollection(HCERTSTORE collection, DWORD cStores, HCERTSTORE *stores)
static CertificateChainEngine * default_cu_engine
static BOOL CRYPT_IsSimpleChainCyclic(const CERT_SIMPLE_CHAIN *chain)
static void dump_general_subtree(const CERT_GENERAL_SUBTREE *subtree)
static void CRYPT_FreeChainContext(CertificateChain *chain)
static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static BYTE msTestPubKey1[]
struct _CertificateChainEngine CertificateChainEngine
static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine, HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
static BOOL match_domain_component(LPCWSTR allowed_component, DWORD allowed_len, LPCWSTR server_component, DWORD server_len, BOOL allow_wildcards, BOOL *see_wildcard)
static void compare_subject_with_email_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
static void dump_cert_policies(const CERT_EXTENSION *ext)
static void dump_chain_para(const CERT_CHAIN_PARA *pChainPara)
static void dump_element(PCCERT_CONTEXT cert)
static BOOL alt_name_matches_permitted_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine, HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags, PCERT_SIMPLE_CHAIN *ppChain)
BOOL(WINAPI * CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, const CERT_CONTEXT *cert, HCERTSTORE store, DWORD type, void *para, DWORD flags, PCCERT_CONTEXT prev_issuer)
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
LPVOID WINAPI CryptMemRealloc(LPVOID pv, ULONG cbSize)
VOID WINAPI CryptMemFree(LPVOID pv)
static WCHAR issuer[MAX_STRING_RESOURCE_LEN]
HCRYPTOIDFUNCSET WINAPI CryptInitOIDFunctionSet(LPCSTR pszFuncName, DWORD dwFlags)
BOOL WINAPI CryptGetOIDFunctionAddress(HCRYPTOIDFUNCSET hFuncSet, DWORD dwEncodingType, LPCSTR pszOID, DWORD dwFlags, void **ppvFuncAddr, HCRYPTOIDFUNCADDR *phFuncAddr)
BOOL WINAPI CryptFreeOIDFunctionAddress(HCRYPTOIDFUNCADDR hFuncAddr, DWORD dwFlags)
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
HCERTSTORE WINAPI CertDuplicateStore(HCERTSTORE hCertStore)
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
HCERTSTORE WINAPI CertOpenSystemStoreW(HCRYPTPROV_LEGACY hProv, LPCWSTR szSubSystemProtocol)
DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD cchNameString)
static const WCHAR empty[]
const char * wine_dbg_sprintf(const char *format,...)
#define HeapFree(x, y, z)
#define WINE_DECLARE_DEBUG_CHANNEL(x)
static const WCHAR *const ext[]
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
INT WINAPI GetLocaleInfoA(LCID lcid, LCTYPE lctype, LPSTR buffer, INT len)
int WINAPI lstrcmpiW(LPCWSTR str1, LPCWSTR str2)
#define check(expected, result)
GLuint GLuint GLsizei GLenum type
GLenum GLuint GLenum GLsizei const GLchar * buf
GLenum const GLvoid * addr
GLsizeiptr const GLvoid GLenum usage
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble * u
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
HLOCAL NTAPI LocalFree(HLOCAL hMem)
WINE_UNICODE_INLINE WCHAR * memchrW(const WCHAR *ptr, WCHAR ch, size_t n)
#define InterlockedCompareExchangePointer
#define memcpy(s1, s2, n)
static BYTE subjectName[]
static LPCSTR DWORD void * pvReserved
static ICollection collection
#define LOCALE_SYSTEM_DEFAULT
#define memicmpW(s1, s2, n)
CRYPT_DATA_BLOB IPAddress
CERT_NAME_BLOB DirectoryName
PCERT_ALT_NAME_ENTRY rgAltEntry
DWORD dwPathLenConstraint
PCERT_SIMPLE_CHAIN * rgpChain
DWORD cLowerQualityChainContext
CERT_TRUST_STATUS TrustStatus
PCCERT_CHAIN_CONTEXT * rgpLowerQualityChainContext
PCCERT_CONTEXT pCertContext
CERT_TRUST_STATUS TrustStatus
DWORD MaximumCachedCertificates
DWORD CycleDetectionModulus
HCERTSTORE hRestrictedTrust
HCERTSTORE * rghAdditionalStore
HCERTSTORE hRestrictedOther
HCERTSTORE hRestrictedRoot
DWORD dwUrlRetrievalTimeout
HCERTSTORE hRestrictedRoot
PCERT_EXTENSION rgExtension
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm
PCERT_GENERAL_SUBTREE rgPermittedSubtree
PCERT_GENERAL_SUBTREE rgExcludedSubtree
CERT_POLICY_INFO * rgPolicyInfo
CERT_POLICY_QUALIFIER_INFO * rgPolicyQualifier
LPSTR pszPolicyIdentifier
CERT_RDN_VALUE_BLOB Value
PCCERT_CONTEXT pIssuerCert
CERT_TRUST_STATUS TrustStatus
PCERT_CHAIN_ELEMENT * rgpElement
LPSTR * rgpszUsageIdentifier
DWORD MaximumCachedCertificates
DWORD dwUrlRetrievalTimeout
DWORD CycleDetectionModulus
CERT_CHAIN_CONTEXT context
DWORD WINAPI GetLastError(void)
struct _CERT_CHAIN_ELEMENT CERT_CHAIN_ELEMENT
#define CERT_FIND_CERT_ID
#define CERT_CHAIN_POLICY_MICROSOFT_ROOT
#define X509_AUTHORITY_KEY_ID2
#define szOID_AUTHORITY_KEY_IDENTIFIER
#define CERT_ID_ISSUER_SERIAL_NUMBER
#define CONTEXT_OID_CERTIFICATE
#define USAGE_MATCH_TYPE_AND
struct _CERT_SIMPLE_CHAIN CERT_SIMPLE_CHAIN
#define CERT_KEY_ENCIPHERMENT_KEY_USAGE
#define CERT_CHAIN_POLICY_BASE
#define CRYPT_DECODE_NOCOPY_FLAG
#define CERT_KEY_IDENTIFIER_PROP_ID
#define NETSCAPE_SSL_CA_CERT_TYPE
#define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS
#define CERT_NON_REPUDIATION_KEY_USAGE
const CERT_CHAIN_CONTEXT * PCCERT_CHAIN_CONTEXT
#define URL_OID_CERTIFICATE_ISSUER
#define CERT_TRUST_IS_REVOKED
#define X509_UNICODE_NAME
#define CERT_TRUST_INVALID_POLICY_CONSTRAINTS
#define CERT_NAME_SIMPLE_DISPLAY_TYPE
#define CERT_STORE_PROV_COLLECTION
#define HCCE_CURRENT_USER
#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN
#define CERT_ALT_NAME_URL
#define NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE
#define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE _In_ PCERT_CHAIN_PARA pChainPara
#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS
#define szOID_BASIC_CONSTRAINTS2
#define CERT_ALT_NAME_DIRECTORY_NAME
#define CERT_TRUST_IS_CYCLIC
#define NETSCAPE_SIGN_CERT_TYPE
#define CERT_CHAIN_REVOCATION_CHECK_END_CERT
#define CERT_ID_KEY_IDENTIFIER
#define CERT_ALT_NAME_IP_ADDRESS
#define szOID_NAME_CONSTRAINTS
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
#define CERT_STORE_CREATE_NEW_FLAG
#define NETSCAPE_SIGN_CA_CERT_TYPE
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
#define CERT_TRUST_INVALID_EXTENSION
#define szOID_ISSUER_ALT_NAME2
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE _In_ PCERT_CHAIN_PARA _In_ DWORD _Reserved_ LPVOID _Out_ PCCERT_CHAIN_CONTEXT * ppChainContext
#define CERT_ALT_NAME_RFC822_NAME
#define CERT_ALT_NAME_OTHER_NAME
#define CERT_TRUST_HAS_EXACT_MATCH_ISSUER
#define CERT_CRL_SIGN_KEY_USAGE
#define HCCE_LOCAL_MACHINE
#define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
#define CERT_DIGITAL_SIGNATURE_KEY_USAGE
#define CERT_TRUST_IS_NOT_TIME_NESTED
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
#define X509_ASN_ENCODING
#define szOID_ANY_CERT_POLICY
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME pTime
#define szOID_BASIC_CONSTRAINTS
#define CERT_CHAIN_POLICY_AUTHENTICODE
#define CRYPT_AIA_RETRIEVAL
#define CERT_TRUST_IS_SELF_SIGNED
_Out_ HCERTCHAINENGINE * phChainEngine
#define CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT
#define CRYPT_DECODE_ALLOC_FLAG
#define CERT_STORE_PROV_MEMORY
#define CERT_TRUST_IS_OFFLINE_REVOCATION
#define CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION
#define CERT_TRUST_HAS_KEY_MATCH_ISSUER
#define X509_AUTHORITY_KEY_ID
#define CERT_ENCIPHER_ONLY_KEY_USAGE
#define CERT_SIMPLE_NAME_STR
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
#define szOID_RSA_emailAddr
#define NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE
#define X509_CERT_POLICIES
#define CERT_CA_SUBJECT_FLAG
#define szOID_NETSCAPE_CERT_TYPE
#define CERT_DECIPHER_ONLY_KEY_USAGE
#define CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG
#define NETSCAPE_SMIME_CERT_TYPE
struct _CERT_CHAIN_CONTEXT CERT_CHAIN_CONTEXT
#define CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG
#define szOID_SUBJECT_ALT_NAME
#define szOID_CERT_POLICIES
#define CERT_SYSTEM_STORE_LOCAL_MACHINE
#define CERT_CHAIN_POLICY_SSL
#define CERT_ALT_NAME_DNS_NAME
#define szOID_ENHANCED_KEY_USAGE
#define CERT_STORE_ADD_NEW
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
#define szOID_SUBJECT_ALT_NAME2
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
_In_ PCCERT_CONTEXT pCertContext
#define CERT_HASH_PROP_ID
#define CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG
#define CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG
#define CERT_NAME_ISSUER_FLAG
#define CERT_CONTEXT_REVOCATION_TYPE
#define CERT_TRUST_HAS_NAME_MATCH_ISSUER
#define CERT_STORE_PROV_SYSTEM_W
#define CERT_FIND_SUBJECT_NAME
#define CERT_FIND_SHA1_HASH
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
#define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC
#define CERT_TRUST_IS_PARTIAL_CHAIN
#define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY
#define CERT_KEY_AGREEMENT_KEY_USAGE
#define CERT_SYSTEM_STORE_CURRENT_USER
#define X509_ALTERNATE_NAME
#define szOID_AUTHORITY_KEY_IDENTIFIER2
#define szOID_COMMON_NAME
#define PKCS_7_ASN_ENCODING
#define NETSCAPE_SMIME_CA_CERT_TYPE
#define X509_NAME_CONSTRAINTS
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE
#define CERT_KEY_CERT_SIGN_KEY_USAGE
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
#define szOID_DOMAIN_COMPONENT
#define CERT_DATA_ENCIPHERMENT_KEY_USAGE
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
struct _CERT_CHAIN_CONTEXT * PCERT_CHAIN_CONTEXT
#define CERT_VERIFY_REV_CHAIN_FLAG
struct _CERT_BASIC_CONSTRAINTS2_INFO CERT_BASIC_CONSTRAINTS2_INFO
#define CERT_ALT_NAME_REGISTERED_ID
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE hAdditionalStore
#define X509_ENHANCED_KEY_USAGE
#define CRYPT_CACHE_ONLY_RETRIEVAL
#define CERT_TRUST_IS_UNTRUSTED_ROOT
#define CERT_TRUST_IS_NOT_TIME_VALID
#define szOID_ISSUER_ALT_NAME
#define CERT_E_REVOCATION_FAILURE
#define CERT_E_UNTRUSTEDROOT
#define CERT_E_UNTRUSTEDTESTROOT
#define CRYPT_E_NO_REVOCATION_DLL
#define CRYPT_E_NOT_IN_REVOCATION_DATABASE
#define CERT_E_WRONG_USAGE
#define TRUST_E_CERT_SIGNATURE
#define TRUST_E_BASIC_CONSTRAINTS
#define CRYPT_E_NO_REVOCATION_CHECK
#define CERT_E_CN_NO_MATCH
#define CRYPT_E_REVOCATION_OFFLINE
#define ERROR_INVALID_DATA
#define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
#define SECURITY_FLAG_IGNORE_UNKNOWN_CA
#define SECURITY_FLAG_IGNORE_CERT_CN_INVALID
#define SECURITY_FLAG_IGNORE_WRONG_USAGE
#define SECURITY_FLAG_IGNORE_REVOCATION
#define LOCALE_SSHORTDATE