aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/x509')
-rw-r--r--src/lib/x509/certstor_system_windows/certstor_windows.cpp67
-rw-r--r--src/lib/x509/certstor_system_windows/certstor_windows.h87
2 files changed, 67 insertions, 87 deletions
diff --git a/src/lib/x509/certstor_system_windows/certstor_windows.cpp b/src/lib/x509/certstor_system_windows/certstor_windows.cpp
index 7ad5d0263..ec4f6b30f 100644
--- a/src/lib/x509/certstor_system_windows/certstor_windows.cpp
+++ b/src/lib/x509/certstor_system_windows/certstor_windows.cpp
@@ -143,44 +143,29 @@ Certificate_Store_Windows::find_cert_by_pubkey_sha1(
const std::vector<uint8_t> &key_hash) const
{
if(key_hash.size() != 20)
- {
- throw Invalid_Argument("Flatfile_Certificate_Store::find_cert_by_pubkey_sha1 invalid hash");
- }
-
- // auto internalCerts = _certs.get();
- // auto lookUp = std::find_if(
- // internalCerts.begin(), internalCerts.end(),
- // [&](decltype(internalCerts)::value_type value) {
- // auto str = value->fingerprint();
- // str.erase(std::remove(str.begin(), str.end(), ':'), str.end());
- // return convertTo<ByteBuffer>(str) == key_hash;
- // });
- // if (*lookUp != nullptr) {
- // return *lookUp;
- // }
-
- auto windowsCertStore = CertOpenSystemStore(0, TEXT("CA"));
- if (!windowsCertStore) {
- throw Decoding_Error(
- "failed to open windows certificate store 'CA' (Error Code: " + std::to_string(::GetLastError()) + ")");
+ {
+ throw Invalid_Argument("Certificate_Store_Windows::find_cert_by_pubkey_sha1 invalid hash");
}
- const CRYPT_HASH_BLOB blob {key_hash.size(), const_cast<BYTE*>(key_hash.data())};
- // dvault::Hash hash = dvault::Hash::fromHex(
- // HashAlgorithm::SHA1, reinterpret_cast<const char *>(key_hash.data()));
+ std::vector<std::string> cert_store_names{"MY", "Root", "Trust", "CA"};
+ for (auto &store_name : cert_store_names) {
+ auto windows_cert_store = CertOpenSystemStore(0, store_name.c_str());
+ if (!windows_cert_store) {
+ throw Decoding_Error(
+ "failed to open windows certificate store 'CA' (Error Code: " + std::to_string(::GetLastError()) + ")");
+ }
- // blob.pbData = reinterpret_cast<BYTE*>(hash_data);
- // blob.cbData = key_hash.size();
- auto certContext = CertFindCertificateInStore(
- windowsCertStore, (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING), 0,
- CERT_FIND_SHA1_HASH, &blob, nullptr);
+ CRYPT_HASH_BLOB blob;
+ blob.cbData = static_cast<DWORD>(key_hash.size());
+ blob.pbData = const_cast<BYTE*>(key_hash.data());
- CertCloseStore(windowsCertStore, 0);
+ auto cert_context = lookup_cert_by_hash_blob(blob, store_name);
- if (certContext) {
- X509_Certificate cert(certContext->pbCertEncoded, certContext->cbCertEncoded);
- CertFreeCertificateContext(certContext);
- return std::shared_ptr<X509_Certificate>(&cert);
+ if (cert_context) {
+ auto cert = std::make_shared<X509_Certificate>(cert_context->pbCertEncoded, cert_context->cbCertEncoded);
+ CertFreeCertificateContext(cert_context);
+ return cert;
+ }
}
return nullptr;
@@ -188,14 +173,14 @@ Certificate_Store_Windows::find_cert_by_pubkey_sha1(
std::shared_ptr<const X509_Certificate>
Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
- {
- BOTAN_UNUSED(subject_hash);
- throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256");
- }
+{
+ BOTAN_UNUSED(subject_hash);
+ throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256");
+}
std::shared_ptr<const X509_CRL> Certificate_Store_Windows::find_crl_for(const X509_Certificate& subject) const
- {
- BOTAN_UNUSED(subject);
- return {};
- }
+{
+ BOTAN_UNUSED(subject);
+ throw Not_Implemented("Certificate_Store_Windows::find_crl_for");
+}
}
diff --git a/src/lib/x509/certstor_system_windows/certstor_windows.h b/src/lib/x509/certstor_system_windows/certstor_windows.h
index 24d3666e9..9013b1b48 100644
--- a/src/lib/x509/certstor_system_windows/certstor_windows.h
+++ b/src/lib/x509/certstor_system_windows/certstor_windows.h
@@ -11,64 +11,59 @@
#include <botan/certstor.h>
-#include <vector>
-#include <memory>
-#include <map>
-
namespace Botan {
/**
* Certificate Store that is backed by a file of PEMs of trusted CAs.
*/
class BOTAN_PUBLIC_API(2, 11) Certificate_Store_Windows final : public Certificate_Store
- {
- public:
- Certificate_Store_Windows();
+{
+public:
+ Certificate_Store_Windows();
- Certificate_Store_Windows(const Certificate_Store_Windows&) = default;
- Certificate_Store_Windows(Certificate_Store_Windows&&) = default;
- Certificate_Store_Windows& operator=(const Certificate_Store_Windows&) = default;
- Certificate_Store_Windows& operator=(Certificate_Store_Windows&&) = default;
+ Certificate_Store_Windows(const Certificate_Store_Windows&) = default;
+ Certificate_Store_Windows(Certificate_Store_Windows&&) = default;
+ Certificate_Store_Windows& operator=(const Certificate_Store_Windows&) = default;
+ Certificate_Store_Windows& operator=(Certificate_Store_Windows&&) = default;
- /**
- * @return DNs for all certificates managed by the store
- */
- std::vector<X509_DN> all_subjects() const override;
+ /**
+ * @return DNs for all certificates managed by the store
+ */
+ std::vector<X509_DN> all_subjects() const override;
- /**
- * Find a certificate by Subject DN and (optionally) key identifier
- * @return the first certificate that matches
- */
- std::shared_ptr<const X509_Certificate> find_cert(
- const X509_DN& subject_dn,
- const std::vector<uint8_t>& key_id) const override;
+ /**
+ * Find a certificate by Subject DN and (optionally) key identifier
+ * @return the first certificate that matches
+ */
+ std::shared_ptr<const X509_Certificate> find_cert(
+ const X509_DN& subject_dn,
+ const std::vector<uint8_t>& key_id) const override;
- /**
- * Find all certificates with a given Subject DN.
- * Subject DN and even the key identifier might not be unique.
- */
- std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
- const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
+ /**
+ * Find all certificates with a given Subject DN.
+ * Subject DN and even the key identifier might not be unique.
+ */
+ std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
+ const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
- /**
- * Find a certificate by searching for one with a matching SHA-1 hash of
- * public key.
- * @return a matching certificate or nullptr otherwise
- */
- std::shared_ptr<const X509_Certificate>
- find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
+ /**
+ * Find a certificate by searching for one with a matching SHA-1 hash of
+ * public key.
+ * @return a matching certificate or nullptr otherwise
+ */
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
- /**
- * @throws Botan::Not_Implemented
- */
- std::shared_ptr<const X509_Certificate>
- find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
+ /**
+ * @throws Botan::Not_Implemented
+ */
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
- /**
- * Fetching CRLs is not supported by the keychain on macOS. This will
- * always return an empty list.
- */
- std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
- };
+ /**
+ * TODO
+ */
+ std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
+};
}
#endif