diff options
Diffstat (limited to 'src/lib/x509')
-rw-r--r-- | src/lib/x509/certstor_system_windows/certstor_windows.cpp | 67 | ||||
-rw-r--r-- | src/lib/x509/certstor_system_windows/certstor_windows.h | 87 |
2 files changed, 67 insertions, 87 deletions
diff --git a/src/lib/x509/certstor_system_windows/certstor_windows.cpp b/src/lib/x509/certstor_system_windows/certstor_windows.cpp index 7ad5d0263..ec4f6b30f 100644 --- a/src/lib/x509/certstor_system_windows/certstor_windows.cpp +++ b/src/lib/x509/certstor_system_windows/certstor_windows.cpp @@ -143,44 +143,29 @@ Certificate_Store_Windows::find_cert_by_pubkey_sha1( const std::vector<uint8_t> &key_hash) const { if(key_hash.size() != 20) - { - throw Invalid_Argument("Flatfile_Certificate_Store::find_cert_by_pubkey_sha1 invalid hash"); - } - - // auto internalCerts = _certs.get(); - // auto lookUp = std::find_if( - // internalCerts.begin(), internalCerts.end(), - // [&](decltype(internalCerts)::value_type value) { - // auto str = value->fingerprint(); - // str.erase(std::remove(str.begin(), str.end(), ':'), str.end()); - // return convertTo<ByteBuffer>(str) == key_hash; - // }); - // if (*lookUp != nullptr) { - // return *lookUp; - // } - - auto windowsCertStore = CertOpenSystemStore(0, TEXT("CA")); - if (!windowsCertStore) { - throw Decoding_Error( - "failed to open windows certificate store 'CA' (Error Code: " + std::to_string(::GetLastError()) + ")"); + { + throw Invalid_Argument("Certificate_Store_Windows::find_cert_by_pubkey_sha1 invalid hash"); } - const CRYPT_HASH_BLOB blob {key_hash.size(), const_cast<BYTE*>(key_hash.data())}; - // dvault::Hash hash = dvault::Hash::fromHex( - // HashAlgorithm::SHA1, reinterpret_cast<const char *>(key_hash.data())); + std::vector<std::string> cert_store_names{"MY", "Root", "Trust", "CA"}; + for (auto &store_name : cert_store_names) { + auto windows_cert_store = CertOpenSystemStore(0, store_name.c_str()); + if (!windows_cert_store) { + throw Decoding_Error( + "failed to open windows certificate store 'CA' (Error Code: " + std::to_string(::GetLastError()) + ")"); + } - // blob.pbData = reinterpret_cast<BYTE*>(hash_data); - // blob.cbData = key_hash.size(); - auto certContext = CertFindCertificateInStore( - windowsCertStore, (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING), 0, - CERT_FIND_SHA1_HASH, &blob, nullptr); + CRYPT_HASH_BLOB blob; + blob.cbData = static_cast<DWORD>(key_hash.size()); + blob.pbData = const_cast<BYTE*>(key_hash.data()); - CertCloseStore(windowsCertStore, 0); + auto cert_context = lookup_cert_by_hash_blob(blob, store_name); - if (certContext) { - X509_Certificate cert(certContext->pbCertEncoded, certContext->cbCertEncoded); - CertFreeCertificateContext(certContext); - return std::shared_ptr<X509_Certificate>(&cert); + if (cert_context) { + auto cert = std::make_shared<X509_Certificate>(cert_context->pbCertEncoded, cert_context->cbCertEncoded); + CertFreeCertificateContext(cert_context); + return cert; + } } return nullptr; @@ -188,14 +173,14 @@ Certificate_Store_Windows::find_cert_by_pubkey_sha1( std::shared_ptr<const X509_Certificate> Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const - { - BOTAN_UNUSED(subject_hash); - throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256"); - } +{ + BOTAN_UNUSED(subject_hash); + throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256"); +} std::shared_ptr<const X509_CRL> Certificate_Store_Windows::find_crl_for(const X509_Certificate& subject) const - { - BOTAN_UNUSED(subject); - return {}; - } +{ + BOTAN_UNUSED(subject); + throw Not_Implemented("Certificate_Store_Windows::find_crl_for"); +} } diff --git a/src/lib/x509/certstor_system_windows/certstor_windows.h b/src/lib/x509/certstor_system_windows/certstor_windows.h index 24d3666e9..9013b1b48 100644 --- a/src/lib/x509/certstor_system_windows/certstor_windows.h +++ b/src/lib/x509/certstor_system_windows/certstor_windows.h @@ -11,64 +11,59 @@ #include <botan/certstor.h> -#include <vector> -#include <memory> -#include <map> - namespace Botan { /** * Certificate Store that is backed by a file of PEMs of trusted CAs. */ class BOTAN_PUBLIC_API(2, 11) Certificate_Store_Windows final : public Certificate_Store - { - public: - Certificate_Store_Windows(); +{ +public: + Certificate_Store_Windows(); - Certificate_Store_Windows(const Certificate_Store_Windows&) = default; - Certificate_Store_Windows(Certificate_Store_Windows&&) = default; - Certificate_Store_Windows& operator=(const Certificate_Store_Windows&) = default; - Certificate_Store_Windows& operator=(Certificate_Store_Windows&&) = default; + Certificate_Store_Windows(const Certificate_Store_Windows&) = default; + Certificate_Store_Windows(Certificate_Store_Windows&&) = default; + Certificate_Store_Windows& operator=(const Certificate_Store_Windows&) = default; + Certificate_Store_Windows& operator=(Certificate_Store_Windows&&) = default; - /** - * @return DNs for all certificates managed by the store - */ - std::vector<X509_DN> all_subjects() const override; + /** + * @return DNs for all certificates managed by the store + */ + std::vector<X509_DN> all_subjects() const override; - /** - * Find a certificate by Subject DN and (optionally) key identifier - * @return the first certificate that matches - */ - std::shared_ptr<const X509_Certificate> find_cert( - const X509_DN& subject_dn, - const std::vector<uint8_t>& key_id) const override; + /** + * Find a certificate by Subject DN and (optionally) key identifier + * @return the first certificate that matches + */ + std::shared_ptr<const X509_Certificate> find_cert( + const X509_DN& subject_dn, + const std::vector<uint8_t>& key_id) const override; - /** - * Find all certificates with a given Subject DN. - * Subject DN and even the key identifier might not be unique. - */ - std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs( - const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; + /** + * Find all certificates with a given Subject DN. + * Subject DN and even the key identifier might not be unique. + */ + std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs( + const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; - /** - * Find a certificate by searching for one with a matching SHA-1 hash of - * public key. - * @return a matching certificate or nullptr otherwise - */ - std::shared_ptr<const X509_Certificate> - find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; + /** + * Find a certificate by searching for one with a matching SHA-1 hash of + * public key. + * @return a matching certificate or nullptr otherwise + */ + std::shared_ptr<const X509_Certificate> + find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; - /** - * @throws Botan::Not_Implemented - */ - std::shared_ptr<const X509_Certificate> - find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override; + /** + * @throws Botan::Not_Implemented + */ + std::shared_ptr<const X509_Certificate> + find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override; - /** - * Fetching CRLs is not supported by the keychain on macOS. This will - * always return an empty list. - */ - std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override; - }; + /** + * TODO + */ + std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override; +}; } #endif |