📄 comp_get.c
字号:
CRYPT_CERTFORMAT_CERTIFICATE : CRYPT_CERTFORMAT_CERTCHAIN;
MESSAGE_DATA msgData;
BYTE certData[ 2048 + 8 ], *certDataPtr = certData;
int status;
assert( isReadPtr( certInfoPtr, sizeof( CERT_INFO ) ) );
assert( isWritePtr( iCertCopy, sizeof( CRYPT_CERTIFICATE ) ) );
REQUIRES( certInfoPtr->type == CRYPT_CERTTYPE_CERTIFICATE || \
certInfoPtr->type == CRYPT_CERTTYPE_CERTCHAIN );
/* Clear return value */
*iCertCopy = CRYPT_ERROR;
setMessageData( &msgData, certDataPtr, 2048 );
status = krnlSendMessage( certInfoPtr->objectHandle,
IMESSAGE_CRT_EXPORT, &msgData,
formatType );
if( status == CRYPT_ERROR_OVERFLOW )
{
if( ( certDataPtr = clAlloc( "getCertCopy", \
msgData.length + 8 ) ) == NULL )
return( CRYPT_ERROR_MEMORY );
setMessageData( &msgData, certDataPtr, msgData.length );
status = krnlSendMessage( certInfoPtr->objectHandle,
IMESSAGE_CRT_EXPORT, &msgData,
formatType );
}
if( cryptStatusOK( status ) )
{
MESSAGE_CREATEOBJECT_INFO createInfo;
setMessageCreateObjectIndirectInfo( &createInfo, certDataPtr,
msgData.length,
isDataOnlyCert ? \
CRYPT_ICERTTYPE_DATAONLY : \
certInfoPtr->type );
status = krnlSendMessage( SYSTEM_OBJECT_HANDLE,
IMESSAGE_DEV_CREATEOBJECT_INDIRECT,
&createInfo, OBJECT_TYPE_CERTIFICATE );
if( cryptStatusOK( status ) )
*iCertCopy = createInfo.cryptHandle;
}
if( certDataPtr != certData )
clFree( "getCertCopy", certDataPtr );
return( status );
}
/****************************************************************************
* *
* Get a Component *
* *
****************************************************************************/
/* Get a certificate component */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 5 ) ) \
int getCertComponent( INOUT CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
OUT_BUFFER_OPT( certInfoMaxLength, \
certInfoLength ) void *certInfo,
IN_LENGTH_SHORT_Z const int certInfoMaxLength,
OUT_LENGTH_SHORT_Z int *certInfoLength )
{
const void *data = NULL;
int dataLength = 0, status;
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
assert( ( certInfo == NULL && certInfoMaxLength == 0 ) || \
( certInfo != NULL && certInfoMaxLength == sizeof( int ) && \
isWritePtr( certInfo, sizeof( int ) ) ) || \
( certInfo != NULL && \
certInfoMaxLength > 0 && \
certInfoMaxLength <= MAX_INTLENGTH_SHORT && \
isWritePtr( certInfo, certInfoMaxLength ) ) );
assert( isWritePtr( certInfoLength, sizeof( int ) ) );
REQUIRES( isAttribute( certInfoType ) || \
isInternalAttribute( certInfoType ) );
REQUIRES( ( certInfo == NULL && certInfoMaxLength == 0 ) || \
( certInfo != NULL && \
certInfoMaxLength > 0 && \
certInfoMaxLength <= MAX_INTLENGTH_SHORT ) );
/* Clear return values */
if( certInfo != NULL )
memset( certInfo, 0, min( 16, certInfoMaxLength ) );
*certInfoLength = 0;
/* If it's a GeneralName or DN component, return it. These are
special-case attribute values so they have to come before the
general attribute-handling code */
if( isGeneralNameSelectionComponent( certInfoType ) )
{
SELECTION_STATE savedState;
/* Determine whether the given component is present or not. This
has a somewhat odd status return since it returns the found/
notfound status in the return code as well as the returned value,
which mirrors the behaviour when reading extension-present
pseudo-attributes. Because of this we can't use
copyCertInfoValue() but have to perform the copy manually */
saveSelectionState( savedState, certInfoPtr );
status = selectGeneralName( certInfoPtr, certInfoType,
MAY_BE_ABSENT );
if( cryptStatusOK( status ) )
status = selectGeneralName( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
restoreSelectionState( savedState, certInfoPtr );
if( certInfo != NULL )
*( ( int * ) certInfo ) = cryptStatusOK( status ) ? TRUE : FALSE;
return( status );
}
if( isGeneralNameComponent( certInfoType ) )
{
ATTRIBUTE_LIST *attributeListPtr;
/* Find the requested GeneralName component and return it to the
caller */
status = selectGeneralName( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
if( cryptStatusError( status ) )
return( status );
attributeListPtr = findAttributeField( certInfoPtr->attributeCursor,
certInfoPtr->attributeCursor->fieldID,
certInfoType );
if( attributeListPtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
return( getCertAttributeComponentData( attributeListPtr, certInfo,
certInfoMaxLength,
certInfoLength ) );
}
if( isDNComponent( certInfoType ) )
{
/* Find the requested DN component and return it to the caller */
status = selectDN( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
if( cryptStatusError( status ) )
return( status );
return( getDNComponentValue( *certInfoPtr->currentSelection.dnPtr,
certInfoType, certInfo,
certInfoMaxLength, certInfoLength ) );
}
/* If it's standard certificate or CMS attribute, return it */
if( ( certInfoType >= CRYPT_CERTINFO_FIRST_EXTENSION && \
certInfoType <= CRYPT_CERTINFO_LAST_EXTENSION ) || \
( certInfoType >= CRYPT_CERTINFO_FIRST_CMS && \
certInfoType <= CRYPT_CERTINFO_LAST_CMS ) )
{
return( getCertAttributeComponent( certInfoPtr, certInfoType,
certInfo, certInfoMaxLength,
certInfoLength ) );
}
/* If it's anything else, handle it specially */
switch( certInfoType )
{
case CRYPT_CERTINFO_SELFSIGNED:
return( copyCertInfoValue( certInfo, \
( certInfoPtr->flags & CERT_FLAG_SELFSIGNED ) ? \
TRUE : FALSE ) );
case CRYPT_CERTINFO_IMMUTABLE:
return( copyCertInfoValue( certInfo, \
( certInfoPtr->certificate != NULL ) ? \
TRUE: FALSE ) );
case CRYPT_CERTINFO_XYZZY:
{
BYTE policyOID[ MAX_OID_SIZE + 8 ];
int policyOIDLength;
/* Check for the presence of the XYZZY policy OID */
status = getCertAttributeComponent( certInfoPtr,
CRYPT_CERTINFO_CERTPOLICYID,
policyOID, MAX_OID_SIZE, &policyOIDLength );
if( cryptStatusOK( status ) && \
policyOIDLength == sizeofOID( OID_CRYPTLIB_XYZZYCERT ) && \
!memcmp( policyOID, OID_CRYPTLIB_XYZZYCERT, policyOIDLength ) )
return( copyCertInfoValue( certInfo, TRUE ) );
/* It's not a XYZZY certificate */
return( copyCertInfoValue( certInfo, FALSE ) );
}
case CRYPT_CERTINFO_CERTTYPE:
return( copyCertInfoValue( certInfo, certInfoPtr->type ) );
case CRYPT_CERTINFO_FINGERPRINT_MD5:
case CRYPT_CERTINFO_FINGERPRINT_SHA:
return( getCertHash( certInfoPtr, certInfoType, certInfo,
certInfoMaxLength, certInfoLength ) );
case CRYPT_CERTINFO_CURRENT_CERTIFICATE:
case CRYPT_ATTRIBUTE_CURRENT_GROUP:
case CRYPT_ATTRIBUTE_CURRENT:
case CRYPT_ATTRIBUTE_CURRENT_INSTANCE:
/* The current component and field are essentially the same
thing since a component is one of a set of entries in a
multivalued field, thus we only distinguish between
extensions and everything else */
if( certInfoPtr->attributeCursor == NULL )
return( CRYPT_ERROR_NOTINITED );
return( copyCertInfoValue( certInfo, \
( certInfoType == CRYPT_ATTRIBUTE_CURRENT_GROUP ) ? \
certInfoPtr->attributeCursor->attributeID :
certInfoPtr->attributeCursor->fieldID ) );
case CRYPT_CERTINFO_TRUSTED_USAGE:
if( certInfoPtr->cCertCert->trustedUsage == CRYPT_ERROR )
return( CRYPT_ERROR_NOTFOUND );
return( copyCertInfoValue( certInfo,
certInfoPtr->cCertCert->trustedUsage ) );
case CRYPT_CERTINFO_TRUSTED_IMPLICIT:
status = krnlSendMessage( certInfoPtr->ownerHandle,
IMESSAGE_USER_TRUSTMGMT,
&certInfoPtr->objectHandle,
MESSAGE_TRUSTMGMT_CHECK );
return( copyCertInfoValue( certInfo,
cryptStatusOK( status ) ? \
TRUE : FALSE ) );
case CRYPT_CERTINFO_SIGNATURELEVEL:
return( copyCertInfoValue( certInfo, \
certInfoPtr->cCertRev->signatureLevel ) );
case CRYPT_CERTINFO_VERSION:
return( copyCertInfoValue( certInfo, certInfoPtr->version ) );
case CRYPT_CERTINFO_SERIALNUMBER:
switch( certInfoPtr->type )
{
case CRYPT_CERTTYPE_CRL:
{
const CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
const REVOCATION_INFO *revInfoPtr = \
( certRevInfo->currentRevocation != NULL ) ? \
certRevInfo->currentRevocation : certRevInfo->revocations;
if( revInfoPtr != NULL )
{
data = revInfoPtr->idPtr;
dataLength = revInfoPtr->idLength;
}
break;
}
case CRYPT_CERTTYPE_REQUEST_REVOCATION:
data = certInfoPtr->cCertReq->serialNumber;
dataLength = certInfoPtr->cCertReq->serialNumberLength;
break;
case CRYPT_CERTTYPE_CERTIFICATE:
case CRYPT_CERTTYPE_ATTRIBUTE_CERT:
case CRYPT_CERTTYPE_CERTCHAIN:
data = certInfoPtr->cCertCert->serialNumber;
dataLength = certInfoPtr->cCertCert->serialNumberLength;
break;
default:
retIntError();
}
return( attributeCopyParams( certInfo, certInfoMaxLength,
certInfoLength, data, dataLength ) );
case CRYPT_CERTINFO_ISSUERNAME:
case CRYPT_CERTINFO_SUBJECTNAME:
{
const void *dnPtr = ( certInfoType == CRYPT_CERTINFO_ISSUERNAME ) ? \
certInfoPtr->issuerName : \
certInfoPtr->subjectName;
/* These are further selection components with special-case
handling of returned data like the GeneralName selection
components above */
if( certInfo != NULL )
*( ( int * ) certInfo ) = ( dnPtr != NULL ) ? TRUE : FALSE;
return( ( dnPtr == NULL ) ? CRYPT_ERROR_NOTFOUND : CRYPT_OK );
}
case CRYPT_CERTINFO_VALIDFROM:
case CRYPT_CERTINFO_THISUPDATE:
if( certInfoPtr->startTime > MIN_CERT_TIME_VALUE )
{
data = &certInfoPtr->startTime;
dataLength = sizeof( time_t );
}
return( attributeCopyParams( certInfo, certInfoMaxLength,
certInfoLength, data, dataLength ) );
case CRYPT_CERTINFO_VALIDTO:
case CRYPT_CERTINFO_NEXTUPDATE:
if( certInfoPtr->endTime > MIN_CERT_TIME_VALUE )
{
data = &certInfoPtr->endTime;
dataLength = sizeof( time_t );
}
return( attributeCopyParams( certInfo, certInfoMaxLength,
certInfoLength, data, dataLength ) );
case CRYPT_CERTINFO_ISSUERUNIQUEID:
return( attributeCopyParams( certInfo, certInfoMaxLength,
certInfoLength,
certInfoPtr->cCertCert->issuerUniqueID,
certInfoPtr->cCertCert->issuerUniqueIDlength ) );
case CRYPT_CERTINFO_SUBJECTUNIQUEID:
return( attributeCopyParams( certInfo, certInfoMaxLength,
certInfoLength,
certInfoPtr->cCertCert->subjectUniqueID,
certInfoPtr->cCertCert->subjectUniqueIDlength ) );
case CRYPT_CERTINFO_REVOCATIONDATE:
data = getRevocationTimePtr( certInfoPtr );
if( data != NULL )
dataLength = sizeof( time_t );
return( attributeCopyParams( certInfo, certInfoMaxLength,
certInfoLength, data, dataLength ) );
case CRYPT_CERTINFO_CERTSTATUS:
{
const CERT_VAL_INFO *certValInfo = certInfoPtr->cCertVal;
const VALIDITY_INFO *valInfoPtr = \
( certValInfo->currentValidity != NULL ) ? \
certValInfo->currentValidity : certValInfo->validityInfo;
if( valInfoPtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
return( copyCertInfoValue( certInfo, valInfoPtr->extStatus ) );
}
case CRYPT_CERTINFO_REVOCATIONSTATUS:
{
const CERT_REV_INFO *certRevInfo = certInfoPtr->cCertRev;
const REVOCATION_INFO *revInfoPtr = \
( certRevInfo->currentRevocation != NULL ) ? \
certRevInfo->currentRevocation : certRevInfo->revocations;
if( revInfoPtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
return( copyCertInfoValue( certInfo, revInfoPtr->status ) );
}
case CRYPT_CERTINFO_DN:
{
STREAM stream;
/* Export the entire DN in string form */
status = selectDN( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
if( cryptStatusError( status ) )
return( status );
sMemOpenOpt( &stream, certInfo, certInfoMaxLength );
status = writeDNstring( &stream,
*certInfoPtr->currentSelection.dnPtr );
if( cryptStatusOK( status ) )
*certInfoLength = stell( &stream );
sMemDisconnect( &stream );
return( status );
}
case CRYPT_CERTINFO_PKIUSER_ID:
case CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD:
case CRYP⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -