Function

tCryptography.CertChainCheck

Module

XuDsigS

Last Modified

7/15/2014 3:26:44 PM

Comments

Check the Cert Chain for the Cert just used.

 Private declarations 
-----------------------------------------------------
nested function

Visibility

Private

Owner

tCryptography

Declaration

function CertChainCheck(pCertContext: PCCERT_CONTEXT): boolean;

Calls Hierarchy


tCryptography.CertChainCheck
 ├CertCreateCertificateChainEngine
 ├Memo
 ├tCryptography.RaiseErr
 ├CertGetCertificateChain
 └SetStatus
   └Memo

Called-By Hierarchy


                                          tCryptography.CertChainCheck
                                              tCryptography.FindCert┤ 
                                            tCryptography.SignData┤ │ 
                                                    getSANFromCard┘ │ 
                                                          SetSAN┘   │ 
                           TfrmFrame.DigitalSigningSetup1Click┤     │ 
                                             ExecuteSignOrders┤     │ 
                                  TfrmOrders.mnuActSignClick┘ │     │ 
                                         TfrmReview.cmdOKClick┘     │ 
                                               ReviewChanges┘       │ 
                           TfrmFrame.AllowContextChangeAll┤         │ 
                                TfrmFrame.FormCloseQuery┤ │         │ 
                              TfrmFrame.mnuFileNextClick┤ │         │ 
                            TfrmFrame.mnuFileOpenClick┤ │ │         │ 
                                TfrmFrame.UMInitiate┤ │ │ │         │ 
                       TfrmFrame.mnuFileNextClick...┤ │ │ │         │ 
                       TfrmFrame.mnuFileRefreshClick┤ │ │ │         │ 
                       TfrmOrders.CheckOrderStatus┤ │ │ │ │         │ 
                   TfrmOrders.mnuActChgEvntClick┤ │ │ │ │ │         │ 
                      TfrmOrders.mnuActHoldClick┤ │ │ │ │ │         │ 
                    TfrmOrders.mnuActUnholdClick┤ │ │ │ │ │         │ 
                     TfrmOrders.mnuActRenewClick┤ │ │ │ │ │         │ 
                    TfrmOrders.mnuActChangeClick┤ │ │ │ │ │         │ 
                      TfrmOrders.mnuActCopyClick┘ │ │ │ │ │         │ 
                            TfrmMeds.mnuActDCClick┤ │ │ │ │         │ 
                           TfrmMeds.CheckMedStatus┘ │ │ │ │         │ 
                        TfrmMeds.mnuActHoldClick┤   │ │ │ │         │ 
                       TfrmMeds.mnuActRenewClick┤   │ │ │ │         │ 
                      TfrmMeds.mnuActUnholdClick┤   │ │ │ │         │ 
                      TfrmMeds.mnuActChangeClick┤   │ │ │ │         │ 
                        TfrmMeds.mnuActCopyClick┤   │ │ │ │         │ 
                      TfrmMeds.mnuActRefillClick┘   │ │ │ │         │ 
                                  TfrmFrame.ViewInfo┘ │ │ │         │ 
                               TfrmDCSumm.ViewInfo┤   │ │ │         │ 
                             TfrmConsults.ViewInfo┤   │ │ │         │ 
                     TfrmFrame.pnlRemindersMouseUp┤   │ │ │         │ 
                      TfrmFrame.RemindersChanged┘ │   │ │ │         │ 
                          TfrmFrame.FormCreate┘   │   │ │ │         │ 
                            TfrmFrame.pnlCIRNClick┤   │ │ │         │ 
                      TfrmFrame.pnlVistaWebClick┤ │   │ │ │         │ 
                           TfrmFrame.FormKeyDown┘ │   │ │ │         │ 
                         TfrmFrame.pnlPatientClick┤   │ │ │         │ 
                           TfrmFrame.pnlVisitClick┤   │ │ │         │ 
                     TfrmFrame.pnlPrimaryCareClick┤   │ │ │         │ 
                       TfrmFrame.pnlRemindersClick┤   │ │ │         │ 
                        TfrmFrame.pnlPostingsClick┤   │ │ │         │ 
                            TfrmFrame.pnlFlagClick┤   │ │ │         │ 
                              TfrmFrame.laMHVClick┤   │ │ │         │ 
                             TfrmFrame.laVAA2Click┤   │ │ │         │ 
                               TfrmOrders.ViewInfo┤   │ │ │         │ 
                                 TfrmMeds.ViewInfo┤   │ │ │         │ 
                              TfrmSurgery.ViewInfo┤   │ │ │         │ 
                                TfrmNotes.ViewInfo┤   │ │ │         │ 
                             TfrmProblems.ViewInfo┘   │ │ │         │ 
                     TfrmFrame.mnuFileNotifRemoveClick┤ │ │         │ 
                             TfrmFrame.NextButtonClick┘ │ │         │ 
                           TfrmFrame.SetUpNextButton┘   │ │         │ 
                     TfrmFrame.mnuFileOpenClick...┤     │ │         │ 
                              TfrmFrame.FormResize┘     │ │         │ 
                            TfrmFrame.ChangeFont┘       │ │         │ 
                    TfrmFrame.LoadSizesForUser┤         │ │         │ 
               TfrmFrame.LoadUserPreferences┘ │         │ │         │ 
                      TfrmFrame.UMInitiate┘   │         │ │         │ 
                    TfrmFrame.mnuFontSizeClick┘         │ │         │ 
                           TfrmFrame.mnuFileOpenClick...┤ │         │ 
                           TfrmFrame.ctxContextorPending┤ │         │ 
                          TfrmFrame.StartCCOWContextor┘ │ │         │ 
                                TfrmFrame.FormCreate┘   │ │         │ 
                         TfrmFrame.ctxContextorCommitted┤ │         │ 
                       TfrmFrame.StartCCOWContextor...┘ │ │         │ 
                  TfrmFrame.mnuFileResumeContextGetClick┤ │         │ 
                  TfrmFrame.mnuFileResumeContextSetClick┘ │         │ 
                                  TfrmFrame.FormCloseQuery┤         │ 
                              TfrmFrame.mnuFileReviewClick┤         │ 
                                           UpdateEncounter┘         │ 
                         TfrmFrame.mnuFileEncounterClick┤           │ 
                                 TfrmFrame.ViewInfo...┤ │           │ 
                    TfrmODMedIV.SetValuesFromResponses┤ │           │ 
                             TfrmODMedIV.SetupDialog┤ │ │           │ 
                   TfrmODMedIV.cboSolutionMouseClick┘ │ │           │ 
                       TfrmODMedIV.cboSolutionExit┘   │ │           │ 
                  TfrmODMedIV.cboSolutionMouseClick...┤ │           │ 
                     TfrmODMedIV.cboAdditiveMouseClick┤ │           │ 
                         TfrmODMedIV.cboAdditiveExit┘ │ │           │ 
                                TfrmODAuto.SetupDialog┤ │           │ 
                                   ActivateOrderDialog┤ │           │ 
                           TfrmRemDlg.btnFinishClick┤ │ │           │ 
           TfrmConsults.mnuActNewConsultRequestClick┤ │ │           │ 
                   TfrmConsults.cmdNewConsultClick┘ │ │ │           │ 
                TfrmConsults.mnuActNewProcedureClick┤ │ │           │ 
                      TfrmConsults.cmdNewProcClick┘ │ │ │           │ 
                                        ChangeOrders┤ │ │           │ 
                      TfrmOrders.mnuActChangeClick┤ │ │ │           │ 
                        TfrmMeds.mnuActChangeClick┘ │ │ │           │ 
                                     ChangeOrdersEvt┤ │ │           │ 
                                          CopyOrders┤ │ │           │ 
                        TfrmOrders.mnuActCopyClick┤ │ │ │           │ 
                          TfrmMeds.mnuActCopyClick┤ │ │ │           │ 
                           TfrmODActive.btnOKClick┘ │ │ │           │ 
                                      TransferOrders┤ │ │           │ 
                        TfrmOrders.mnuActCopyClick┤ │ │ │           │ 
                          TfrmMeds.mnuActCopyClick┤ │ │ │           │ 
                           TfrmODActive.btnOKClick┘ │ │ │           │ 
                            TfrmOrders.lstWriteClick┤ │ │           │ 
               TfrmOrders.PlaceOrderForDefaultDialog┤ │ │           │ 
                  TfrmOrders.DisplayDefaultDlgList┤ │ │ │           │ 
                       TfrmOrders.ResetOrderPage┘ │ │ │ │           │ 
               TfrmOrders.btnDelayedOrderClick┘   │ │ │ │           │ 
                                 DisplayEvntDialog┤ │ │ │           │ 
                             SetDelayEventForMed┘ │ │ │ │           │ 
                      TfrmMeds.mnuActCopyClick┘   │ │ │ │           │ 
                                 DisplayEvntDialog┤ │ │ │           │ 
                                  SetViewForCopy┘ │ │ │ │           │ 
                    TfrmOrders.mnuActCopyClick┘   │ │ │ │           │ 
                                 DisplayEvntDialog┘ │ │ │           │ 
                                ExecuteChangeEvt┘   │ │ │           │ 
                 TfrmOrders.mnuActChgEvntClick┘     │ │ │           │ 
                             TfrmMeds.mnuActNewClick┤ │ │           │ 
                           TfrmOMNavA.ActivateDialog┤ │ │           │ 
                         TfrmOMNavA.grdMenuKeyDown┤ │ │ │           │ 
                         TfrmOMNavA.grdMenuMouseUp┘ │ │ │           │ 
                                TfrmOMSet.DoNextItem┘ │ │           │ 
                              TfrmOMSet.InsertList┤   │ │           │ 
                               ActivateOrderList┘ │   │ │           │ 
                     TfrmRemDlg.btnFinishClick┤   │   │ │           │ 
                             ActivateOrderHTML┤   │   │ │           │ 
                    TfrmOrders.lstWriteClick┤ │   │   │ │           │ 
    TfrmOrders.PlaceOrderForDefaultDialog...┘ │   │   │ │           │ 
                              ActivateOrderSet┤   │   │ │           │ 
                   TfrmRemDlg.btnFinishClick┤ │   │   │ │           │ 
TfrmConsults.mnuActNewConsultRequestClick...┤ │   │   │ │           │ 
     TfrmConsults.mnuActNewProcedureClick...┤ │   │   │ │           │ 
                    TfrmOrders.lstWriteClick┤ │   │   │ │           │ 
    TfrmOrders.PlaceOrderForDefaultDialog...┤ │   │   │ │           │ 
                     TfrmMeds.mnuActNewClick┤ │   │   │ │           │ 
                TfrmOMNavA.ActivateDialog...┤ │   │   │ │           │ 
                     TfrmOMSet.DoNextItem...┘ │   │   │ │           │ 
                       TfrmOMNavA.DoSelectList┘   │   │ │           │ 
                     TfrmOMNavA.grdMenuKeyUp┤     │   │ │           │ 
                   TfrmOMNavA.grdMenuMouseUp┘     │   │ │           │ 
                                        SkipToNext┤   │ │           │ 
                         TfrmOMSet.DoNextItem...┘ │   │ │           │ 
                            TfrmOMSet.UMDelayEvent┘   │ │           │ 
                               TfrmOMSet.InsertList...┤ │           │ 
                                TfrmODMeds.SetupDialog┤ │           │ 
                             TfrmODMeds.btnSelectClick┤ │           │ 
                             TfrmODMeds.UMDelayClick┘ │ │           │ 
                                    ExecuteRenewOrders┘ │           │ 
                         TfrmOrders.mnuActRenewClick┤   │           │ 
                           TfrmMeds.mnuActRenewClick┘   │           │ 
                                        EncounterPresent┤           │ 
                                      ReadyForNewOrder┤ │           │ 
                           TfrmRemDlg.btnFinishClick┤ │ │           │ 
        TfrmConsults.mnuActNewConsultRequestClick...┤ │ │           │ 
             TfrmConsults.mnuActNewProcedureClick...┤ │ │           │ 
                                     ChangeOrders...┤ │ │           │ 
                                     ChangeOrdersEvt┤ │ │           │ 
                                       CopyOrders...┤ │ │           │ 
                                   TransferOrders...┤ │ │           │ 
                            TfrmOrders.lstWriteClick┤ │ │           │ 
                             TfrmMeds.mnuActNewClick┘ │ │           │ 
                                     ReadyForNewOrder1┤ │           │ 
            TfrmOrders.PlaceOrderForDefaultDialog...┘ │ │           │ 
                              TfrmOrders.mnuActDCClick┤ │           │ 
                             TfrmOrders.mnuActRelClick┤ │           │ 
                            TfrmOrders.mnuActHoldClick┤ │           │ 
                          TfrmOrders.mnuActUnholdClick┤ │           │ 
                           TfrmOrders.mnuActRenewClick┤ │           │ 
                         TfrmOrders.mnuActReleaseClick┤ │           │ 
                         TfrmOrders.mnuActOnChartClick┤ │           │ 
                            TfrmOrders.mnuActSignClick┤ │           │ 
                                TfrmMeds.mnuActDCClick┤ │           │ 
                              TfrmMeds.mnuActHoldClick┤ │           │ 
                             TfrmMeds.mnuActRenewClick┤ │           │ 
                            TfrmMeds.mnuActUnholdClick┤ │           │ 
                              TfrmMeds.mnuActCopyClick┤ │           │ 
                            TfrmMeds.mnuActRefillClick┘ │           │ 
                                     EncounterPresentEDO┤           │ 
                                   ReadyForNewOrder...┤ │           │ 
                         TfrmOrders.mnuActChgEvntClick┤ │           │ 
                          TfrmOrders.mnuActChangeClick┤ │           │ 
                            TfrmOrders.mnuActCopyClick┤ │           │ 
                       TfrmOrders.btnDelayedOrderClick┤ │           │ 
                            TfrmMeds.mnuActChangeClick┤ │           │ 
                              TfrmMeds.mnuActCopyClick┘ │           │ 
                                             UpdateVisit┤           │ 
                                           EditPCEData┤ │           │ 
                             TfrmSurgery.cmdPCEClick┤ │ │           │ 
                                 UpdateEncounterInfo┘ │ │           │ 
                             TfrmNotes.cmdPCEClick┘   │ │           │ 
                        TfrmVitals.btnEnterVitalsClick┘ │           │ 
                                             UpdateVisit┤           │ 
                                        EncounterPresent┘           │ 
                         TfrmProblems.lstProbActsClick┘             │ 
                     TfrmProblems.wgProbDataDblClick┤               │ 
                           TfrmProblems.lstViewClick┘               │ 
                   TfrmProblems.HighlightDuplicate┘                 │ 
                         TfrmProblems.AddProblem┤                   │ 
              TfrmProblems.lstProbActsClick...┤ │                   │ 
                 TfrmProblems.lstProbPickClick┤ │                   │ 
              TfrmProblems.lstProbPickDblClick┤ │                   │ 
              TfrmProblems.edProbEntKeyPress┘ │ │                   │ 
                      TfrmProblems.UMPLLexicon┘ │                   │ 
                   TfrmdlgProb.bbChangeProbClick┘                   │ 
                                          tCryptography.Certsigndata┘ 
                                            tCryptography.SignData┘   

Calls

Name Declaration Comments
CertCreateCertificateChainEngine function CertCreateCertificateChainEngine ( pConfig: PCERT_CHAIN_ENGINE_CONFIG; var phChainEngine: HCERTCHAINENGINE): bool; stdcall; -
CertGetCertificateChain function CertGetCertificateChain ( hChainEngine: HCERTCHAINENGINE; pCertContext: PCCERT_CONTEXT; pTime: PFILETIME; hAdditionalStore: HCERTSTORE; pChainPara: PCERT_CHAIN_PARA; dwFlags: DWORD; pvReserved: pointer; -
Memo procedure Memo(s: string); -
tCryptography.RaiseErr procedure RaiseErr(msg: string); -
SetStatus procedure SetStatus(sta: boolean; s: string); -

Called-By

Name Declaration Comments
tCryptography.Certsigndata procedure Certsigndata; -
tCryptography.FindCert function FindCert: boolean; -


Source

1149  function tCryptography.CertChainCheck(pCertContext: PCCERT_CONTEXT): boolean;
1150  var
1151      { Private declarations }
1152      hChainEngine: HCERTCHAINENGINE;
1153      ChainConfig: CERT_CHAIN_ENGINE_CONFIG;
1154      pChainContext: PCCERT_CHAIN_CONTEXT;
1155      EnhkeyUsage: CERT_ENHKEY_USAGE;
1156      CertUsage: CERT_USAGE_MATCH;
1157      ChainPara: CERT_CHAIN_PARA;
1158      dwFlags: DWORD;
1159      i: integer;
1160      fStatus: boolean;  //Local status
1161      Str: String;
1162      //-----------------------------------------------------
1163      //nested function
1164      procedure Memo(s: string);
1165      begin
1166          TrackingMsg.Add(s);
1167      end;
1168      
1169      procedure SetStatus(sta: boolean; s: string);
1170      begin
1171          fStatus := False;
1172          if sta then
1173            fStatus := True;
1174          SubReason := s;
1175          Memo(s);
1176      end;
1177      //end nested function
1178      //-------------------------------------------------------
1179  begin
1180      EnhkeyUsage.cUsageIdentifier := 0;
1181      EnhkeyUsage.rgpszUsageIdentifier := nil;
1182      CertUsage.dwType := USAGE_MATCH_TYPE_AND;
1183      CertUsage.Usage := EnhkeyUsage;
1184      ChainPara.cbSize := sizeof(chainPara);
1185      ChainPara.RequestedUsage := CertUsage;
1186      ChainConfig.cbSize := sizeof(CERT_CHAIN_ENGINE_CONFIG);
1187      ChainConfig.hRestrictedRoot := 0;
1188      ChainConfig.hRestrictedTrust := 0;
1189      ChainConfig.hRestrictedOther := 0;
1190      ChainConfig.cAdditionalStore := 0;
1191      ChainConfig.rghAdditionalStore := 0;
1192      ChainConfig.dwFlags := CERT_CHAIN_REVOCATION_CHECK_CHAIN;
1193      ChainConfig.dwUrlRetrievalTimeout := 30000;
1194      ChainConfig.MaximumCachedCertificates := 0;
1195      ChainConfig.CycleDetectionModulus := 0;
1196      //---------------------------------------------------------
1197      //   Create the nondefault certificate chain engine.
1198      if CertCreateCertificateChainEngine(@ChainConfig, hChainEngine) then
1199          Memo('  A chain Engine has been created')
1200      else
1201      begin
1202          lastErr := GetLastError;
1203          Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1204          TrackingMsg.Add('The Engine Create Failed - '+Str);
1205          RaiseErr('The engine Create Failed');
1206      end;
1207      //---------------------------------------------------------
1208      //----------------------------------------------------------------
1209      //        Build a chain using CertGetCertificateChain
1210      //        and the certificate retrieved.
1211      dwFlags := CERT_CHAIN_REVOCATION_CHECK_CHAIN;
1212      if (CertGetCertificateChain(hChainEngine,
1213          // Use 0 the default chain engine.
1214          pCertContext,          // Pointer to the end certificate.
1215          nil,                  // Use the default time.
1216          0,              // Search no additional stores.
1217          @ChainPara,            // Use AND logic, and enhanced key usage
1218          // as indicated in the ChainPara
1219          // data structure.
1220          dwFlags,
1221          nil,                 // Currently reserved.
1222          pChainContext))       // Return a pointer to the chain created.
1223      then
1224          Memo('  The chain has been created. ')
1225      else
1226      begin
1227          lastErr := GetLastError;
1228          Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1229          TrackingMsg.Add('The chain could not be created - '+Str);
1230          RaiseErr('The chain could not be created.');
1231      end;
1232      //---------------------------------------------------------------
1233      // Display some of the contents of the chain.
1234      Memo('  The size of the chain context is ' + IntToStr(pChainContext.cbSize));
1235      Memo('  '+IntToStr(pChainContext.cChain) + ' simple chains found.');
1236      i := pChainContext.TrustStatus.dwErrorStatus;
1237      Memo('  Error status for the chain: '+IntToStr(i));
1238      case i of
1239          CERT_TRUST_NO_ERROR:
1240              SetStatus(True, '    No error found for this certificate or chain.');
1241          CERT_TRUST_IS_NOT_TIME_VALID:
1242              SetStatus(False,
1243                  '    This certificate or one of the certificates in the certificate chain is not time-valid.');
1244          CERT_TRUST_IS_NOT_TIME_NESTED:
1245              SetStatus(False, '    Certificates in the chain are not properly time-nested.');
1246          CERT_TRUST_IS_REVOKED:
1247              SetStatus(False,
1248                  '    Trust for this certificate or one of the certificates in the certificate chain has been revoked.');
1249          CERT_TRUST_IS_NOT_SIGNATURE_VALID:
1250              SetStatus(False,
1251                  '    The certificate or one of the certificates in the certificate chain does not have a valid signature.');
1252          CERT_TRUST_IS_NOT_VALID_FOR_USAGE:
1253              SetStatus(False,
1254                  '    The certificate or certificate chain is not valid in its proposed usage.');
1255          CERT_TRUST_IS_UNTRUSTED_ROOT:
1256              SetStatus(False, '    The certificate or certificate chain is based on an untrusted root.');
1257          CERT_TRUST_REVOCATION_STATUS_UNKNOWN:
1258              SetStatus(False,
1259                  '    The revocation status of the certificate or one of the certificates in the certificate chain is unknown.');
1260          CERT_TRUST_IS_CYCLIC:
1261              SetStatus(False,
1262                  '    One of the certificates in the chain was issued by a certification authority that the original certificate had certified.');
1263          CERT_TRUST_IS_PARTIAL_CHAIN:
1264              SetStatus(False, '    The certificate chain is not complete.');
1265          CERT_TRUST_CTL_IS_NOT_TIME_VALID:
1266              SetStatus(False, '    A CTL used to create this chain was not time-valid.');
1267          CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID:
1268              SetStatus(False, '    A CTL used to create this chain did not have a valid signature.');
1269          CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE:
1270              SetStatus(False, '    A CTL used to create this chain is not valid for this usage.');
1271          else
1272              SetStatus(True, '    No Error information returned');
1273      end;  //case
1274      i := pChainContext.TrustStatus.dwInfoStatus;
1275      Memo('  Info status for the chain: '+IntToStr(i));
1276      case (i) of
1277          CERT_TRUST_HAS_EXACT_MATCH_ISSUER:
1278              Memo('    An exact match issuer certificate has been found for this certificate.');
1279          CERT_TRUST_HAS_KEY_MATCH_ISSUER:
1280              Memo('    A key match issuer certificate has been found for this certificate.');
1281          CERT_TRUST_HAS_NAME_MATCH_ISSUER:
1282              Memo('    A name match issuer certificate has been found for this certificate.');
1283          CERT_TRUST_IS_SELF_SIGNED:
1284              Memo('    This certificate is self-signed.');
1285          CERT_TRUST_HAS_PREFERRED_ISSUER:
1286              Memo('    This certificate has a preferred issuer');
1287          CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY:
1288              Memo('    An Issuance Chain Policy exists');
1289          CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS:
1290              Memo('    A valid name contraints for all namespaces, including UPN');
1291          CERT_TRUST_IS_COMPLEX_CHAIN:
1292              Memo('    The certificate chain created is a complex chain.');
1293          else
1294              Memo('    No information status reported.');
1295      end; // End case
1296      //--------------------------------------------------------------------
1297      Result := fStatus;
1298      if Result then
1299        Memo('  Certificate Chain returned true')
1300      else
1301        Memo('  Certificate Chain returned false and failed');
1302  end;