fix find_cert_by_pubkey_sha1

2 files changed, 67 insertions, 87 deletions

diff --git a/src/lib/x509/certstor_system_windows/certstor_windows.cpp b/src/lib/x509/certstor_system_windows/certstor_windows.cpp
index 7ad5d0263..ec4f6b30f 100644
--- a/src/lib/x509/certstor_system_windows/certstor_windows.cpp
+++ b/src/lib/x509/certstor_system_windows/certstor_windows.cpp
@@ -143,44 +143,29 @@ Certificate_Store_Windows::find_cert_by_pubkey_sha1(
     const std::vector<uint8_t> &key_hash) const
 {
     if(key_hash.size() != 20)
-      {
-      throw Invalid_Argument("Flatfile_Certificate_Store::find_cert_by_pubkey_sha1 invalid hash");
-      }
-
-    // auto internalCerts = _certs.get();
-    // auto lookUp        = std::find_if(
-    //     internalCerts.begin(), internalCerts.end(),
-    //     [&](decltype(internalCerts)::value_type value) {
-    //         auto str = value->fingerprint();
-    //         str.erase(std::remove(str.begin(), str.end(), ':'), str.end());
-    //         return convertTo<ByteBuffer>(str) == key_hash;
-    //     });
-    // if (*lookUp != nullptr) {
-    //     return *lookUp;
-    // }
-
-    auto windowsCertStore = CertOpenSystemStore(0, TEXT("CA"));
-    if (!windowsCertStore) {
-        throw Decoding_Error(
-                "failed to open windows certificate store 'CA' (Error Code: " + std::to_string(::GetLastError()) + ")");
+    {
+        throw Invalid_Argument("Certificate_Store_Windows::find_cert_by_pubkey_sha1 invalid hash");
     }
 
-    const CRYPT_HASH_BLOB blob {key_hash.size(), const_cast<BYTE*>(key_hash.data())};
-    // dvault::Hash    hash = dvault::Hash::fromHex(
-    //     HashAlgorithm::SHA1, reinterpret_cast<const char *>(key_hash.data()));
+    std::vector<std::string> cert_store_names{"MY", "Root", "Trust", "CA"};
+    for (auto &store_name : cert_store_names) {
+        auto windows_cert_store = CertOpenSystemStore(0, store_name.c_str());
+        if (!windows_cert_store) {
+            throw Decoding_Error(
+                "failed to open windows certificate store 'CA' (Error Code: " + std::to_string(::GetLastError()) + ")");
+        }
 
-    // blob.pbData      = reinterpret_cast<BYTE*>(hash_data);
-    // blob.cbData      = key_hash.size();
-    auto certContext = CertFindCertificateInStore(
-        windowsCertStore, (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING), 0,
-        CERT_FIND_SHA1_HASH, &blob, nullptr);
+        CRYPT_HASH_BLOB blob;
+        blob.cbData = static_cast<DWORD>(key_hash.size());
+        blob.pbData = const_cast<BYTE*>(key_hash.data());
 
-    CertCloseStore(windowsCertStore, 0);
+        auto cert_context = lookup_cert_by_hash_blob(blob, store_name);
 
-    if (certContext) {
-        X509_Certificate cert(certContext->pbCertEncoded, certContext->cbCertEncoded);
-        CertFreeCertificateContext(certContext);
-        return std::shared_ptr<X509_Certificate>(&cert);
+        if (cert_context) {
+            auto cert = std::make_shared<X509_Certificate>(cert_context->pbCertEncoded, cert_context->cbCertEncoded);
+            CertFreeCertificateContext(cert_context);
+            return cert;
+        }
     }
 
     return nullptr;
@@ -188,14 +173,14 @@ Certificate_Store_Windows::find_cert_by_pubkey_sha1(
 
 std::shared_ptr<const X509_Certificate>
 Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
-   {
-   BOTAN_UNUSED(subject_hash);
-   throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256");
-   }
+{
+    BOTAN_UNUSED(subject_hash);
+    throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256");
+}
 
 std::shared_ptr<const X509_CRL> Certificate_Store_Windows::find_crl_for(const X509_Certificate& subject) const
-   {
-   BOTAN_UNUSED(subject);
-   return {};
-   }
+{
+    BOTAN_UNUSED(subject);
+    throw Not_Implemented("Certificate_Store_Windows::find_crl_for");
+}
 }
diff --git a/src/lib/x509/certstor_system_windows/certstor_windows.h b/src/lib/x509/certstor_system_windows/certstor_windows.h
index 24d3666e9..9013b1b48 100644
--- a/src/lib/x509/certstor_system_windows/certstor_windows.h
+++ b/src/lib/x509/certstor_system_windows/certstor_windows.h
@@ -11,64 +11,59 @@
 
 #include <botan/certstor.h>
 
-#include <vector>
-#include <memory>
-#include <map>
-
 namespace Botan {
 /**
 * Certificate Store that is backed by a file of PEMs of trusted CAs.
 */
 class BOTAN_PUBLIC_API(2, 11) Certificate_Store_Windows final : public Certificate_Store
-   {
-   public:
-      Certificate_Store_Windows();
+{
+public:
+    Certificate_Store_Windows();
 
-      Certificate_Store_Windows(const Certificate_Store_Windows&) = default;
-      Certificate_Store_Windows(Certificate_Store_Windows&&) = default;
-      Certificate_Store_Windows& operator=(const Certificate_Store_Windows&) = default;
-      Certificate_Store_Windows& operator=(Certificate_Store_Windows&&) = default;
+    Certificate_Store_Windows(const Certificate_Store_Windows&) = default;
+    Certificate_Store_Windows(Certificate_Store_Windows&&) = default;
+    Certificate_Store_Windows& operator=(const Certificate_Store_Windows&) = default;
+    Certificate_Store_Windows& operator=(Certificate_Store_Windows&&) = default;
 
-      /**
-      * @return DNs for all certificates managed by the store
-      */
-      std::vector<X509_DN> all_subjects() const override;
+    /**
+    * @return DNs for all certificates managed by the store
+    */
+    std::vector<X509_DN> all_subjects() const override;
 
-      /**
-      * Find a certificate by Subject DN and (optionally) key identifier
-      * @return the first certificate that matches
-      */
-      std::shared_ptr<const X509_Certificate> find_cert(
-         const X509_DN& subject_dn,
-         const std::vector<uint8_t>& key_id) const override;
+    /**
+    * Find a certificate by Subject DN and (optionally) key identifier
+    * @return the first certificate that matches
+    */
+    std::shared_ptr<const X509_Certificate> find_cert(
+        const X509_DN& subject_dn,
+        const std::vector<uint8_t>& key_id) const override;
 
-      /**
-      * Find all certificates with a given Subject DN.
-      * Subject DN and even the key identifier might not be unique.
-      */
-      std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
-               const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
+    /**
+    * Find all certificates with a given Subject DN.
+    * Subject DN and even the key identifier might not be unique.
+    */
+    std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
+                const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
 
-      /**
-      * Find a certificate by searching for one with a matching SHA-1 hash of
-      * public key.
-      * @return a matching certificate or nullptr otherwise
-      */
-      std::shared_ptr<const X509_Certificate>
-      find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
+    /**
+    * Find a certificate by searching for one with a matching SHA-1 hash of
+    * public key.
+    * @return a matching certificate or nullptr otherwise
+    */
+    std::shared_ptr<const X509_Certificate>
+    find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
 
-      /**
-       * @throws Botan::Not_Implemented
-       */
-      std::shared_ptr<const X509_Certificate>
-      find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
+    /**
+     * @throws Botan::Not_Implemented
+     */
+    std::shared_ptr<const X509_Certificate>
+    find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
 
-      /**
-       * Fetching CRLs is not supported by the keychain on macOS. This will
-       * always return an empty list.
-       */
-      std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
-   };
+    /**
+     * TODO
+     */
+    std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
+};
 }
 
 #endif