static DWORD SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data) { DWORD err = ERROR_SUCCESS; if (data->pWintrustData->u.pCert && WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_CERT_INFO, data->pWintrustData->u.pCert->cbStruct, psCertContext)) { if (data->psPfns) { CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } }; DWORD i; BOOL ret; /* Add a signer with nothing but the time to verify, so we can * add a cert to it */ if (WVT_ISINSTRUCT(WINTRUST_CERT_INFO, data->pWintrustData->u.pCert->cbStruct, psftVerifyAsOf) && data->pWintrustData->u.pCert->psftVerifyAsOf) data->sftSystemTime = signer.sftVerifyAsOf; else { SYSTEMTIME sysTime; GetSystemTime(&sysTime); SystemTimeToFileTime(&sysTime, &signer.sftVerifyAsOf); } ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, 0, &signer); if (ret) { ret = data->psPfns->pfnAddCert2Chain(data, 0, FALSE, 0, data->pWintrustData->u.pCert->psCertContext); if (WVT_ISINSTRUCT(WINTRUST_CERT_INFO, data->pWintrustData->u.pCert->cbStruct, pahStores)) for (i = 0; ret && i < data->pWintrustData->u.pCert->chStores; i++) ret = data->psPfns->pfnAddStore2Chain(data, data->pWintrustData->u.pCert->pahStores[i]); } if (!ret) err = GetLastError(); } } else err = ERROR_INVALID_PARAMETER; return err; }
/* Sadly, the function to load the cert for the CERT_CERTIFICATE_ACTION_VERIFY * action is not stored in the registry and is located in wintrust, not in * cryptdlg along with the rest of the implementation (verified by running the * action with a native wintrust.dll.) */ static HRESULT WINAPI WINTRUST_CertVerifyObjTrust(CRYPT_PROVIDER_DATA *data) { BOOL ret; TRACE("(%p)\n", data); if (!data->padwTrustStepErrors) return S_FALSE; switch (data->pWintrustData->dwUnionChoice) { case WTD_CHOICE_BLOB: if (data->pWintrustData->u.pBlob && WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_BLOB_INFO, data->pWintrustData->u.pBlob->cbStruct, pbMemObject) && data->pWintrustData->u.pBlob->cbMemObject == sizeof(CERT_VERIFY_CERTIFICATE_TRUST) && data->pWintrustData->u.pBlob->pbMemObject) { CERT_VERIFY_CERTIFICATE_TRUST *pCert = (CERT_VERIFY_CERTIFICATE_TRUST *) data->pWintrustData->u.pBlob->pbMemObject; if (pCert->cbSize == sizeof(CERT_VERIFY_CERTIFICATE_TRUST) && pCert->pccert) { CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } }; DWORD i; SYSTEMTIME sysTime; /* Add a signer with nothing but the time to verify, so we can * add a cert to it */ GetSystemTime(&sysTime); SystemTimeToFileTime(&sysTime, &signer.sftVerifyAsOf); ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, 0, &signer); if (!ret) goto error; ret = data->psPfns->pfnAddCert2Chain(data, 0, FALSE, 0, pCert->pccert); if (!ret) goto error; for (i = 0; ret && i < pCert->cRootStores; i++) ret = data->psPfns->pfnAddStore2Chain(data, pCert->rghstoreRoots[i]); for (i = 0; ret && i < pCert->cStores; i++) ret = data->psPfns->pfnAddStore2Chain(data, pCert->rghstoreCAs[i]); for (i = 0; ret && i < pCert->cTrustStores; i++) ret = data->psPfns->pfnAddStore2Chain(data, pCert->rghstoreTrust[i]); } else { SetLastError(ERROR_INVALID_PARAMETER); ret = FALSE; } } else { SetLastError(ERROR_INVALID_PARAMETER); ret = FALSE; } break; default: FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice); SetLastError(ERROR_INVALID_PARAMETER); ret = FALSE; } error: if (!ret) data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = GetLastError(); TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE, data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]); return ret ? S_OK : S_FALSE; }