From 100c6af02cfe6f4b8b173d22bd93548a5dd79171 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Fri, 11 May 2007 17:38:10 +0000
Subject: Use proper usage functions.

---
 ckcapi-trust.c | 49 ++++++++++++++++++-------------------------------
 1 file changed, 18 insertions(+), 31 deletions(-)

diff --git a/ckcapi-trust.c b/ckcapi-trust.c
index 30e1200..327f385 100644
--- a/ckcapi-trust.c
+++ b/ckcapi-trust.c
@@ -54,14 +54,14 @@ typedef struct _TrustObjectData
 	CkCapiObjectData base;
 
 	PCCERT_CONTEXT cert;
-	CTL_USAGE* usage;
+	CERT_ENHKEY_USAGE* usage;
 }
 TrustObjectData;
 
 static CK_ULONG
 has_usage(TrustObjectData* tdata, const char* oid)
 {
-	CTL_USAGE* usage = tdata->usage;
+	CERT_ENHKEY_USAGE* usage = tdata->usage;
 	DWORD i;
 
 	/* No usages, means anything goes */
@@ -248,17 +248,15 @@ static const CkCapiObjectDataVtable trust_objdata_vtable = {
 };
 
 static CK_RV
-parse_usage(TrustObjectData* tdata)
+parse_usage(TrustObjectData* tdata, DWORD flags)
 {
-	DWORD size, usize, err;
-	CTL_USAGE* usage;
-	void* buf;
+	DWORD size, err;
+	CERT_ENHKEY_USAGE* usage;
 
 	ASSERT(!tdata->usage);
 
-	/* Get the size of the usage property */
-	if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID, 
-										  NULL, &size))
+	/* Get the size of the usage */
+	if(!CertGetEnhancedKeyUsage(tdata->cert, flags, NULL, &size))
 	{
 		err = GetLastError();
 
@@ -268,33 +266,19 @@ parse_usage(TrustObjectData* tdata)
 		return ckcapi_winerr_to_ckr(err);
 	}
 
+	usage = (CERT_ENHKEY_USAGE*)calloc(1, size);
+	if(!usage)
+		return CKR_HOST_MEMORY;
+
 	/* Now get the actual usage property */
-	buf = _alloca(size);
-	if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID, 
-										  buf, &size))
+	if(!CertGetEnhancedKeyUsage(tdata->cert, flags, usage, &size))
 	{
 		err = GetLastError();
 		if(err == CRYPT_E_NOT_FOUND)
-			return CKR_OK; 
+			return CKR_OK;
 		return ckcapi_winerr_to_ckr(err);
 	}
 
-	/* Get the decoded size of the usage property */
-	if(!CryptDecodeObject(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
-						  buf, size, 0, NULL, &usize))
-		return ckcapi_winerr_to_ckr(GetLastError());
-
-	/* Allocate and decode it */
-	usage = (CTL_USAGE*)calloc(1, usize);
-	if(!usage) 
-		return CKR_HOST_MEMORY;
-	if(!CryptDecodeObject(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
-						  buf, size, 0, buf, &usize))
-	{
-		free(usage);
-		return ckcapi_winerr_to_ckr(GetLastError());
-	}
-
 	tdata->usage = usage;
 	return CKR_OK;
 }
@@ -322,8 +306,11 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData** objda
 	tdata->cert = ckcapi_cert_object_data_get_certificate (certdata);
 	ASSERT(tdata->cert);
 
-	/* Dig up the usage data */
-	ret = parse_usage(tdata);
+	/* Dig up the usage data property, and then try the extension */
+	ret = parse_usage(tdata, CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG);
+	if(ret == CKR_OK && !tdata->usage)
+		ret = parse_usage(tdata, CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG);
+
 	if(ret != CKR_OK)
 	{
 		free(tdata);
-- 
cgit v1.2.3