1
0
mirror of https://github.com/golang/go synced 2024-11-14 07:30:22 -07:00

crypto/tls: fetch root CA from Windows store

R=rsc
CC=golang-dev
https://golang.org/cl/5281044
This commit is contained in:
Mikkel Krautz 2011-10-13 22:58:19 -04:00 committed by Russ Cox
parent 812249fe5e
commit 3153395ed0
6 changed files with 329 additions and 185 deletions

View File

@ -28,7 +28,7 @@ GOFILES_freebsd+=root_unix.go
GOFILES_linux+=root_unix.go GOFILES_linux+=root_unix.go
GOFILES_openbsd+=root_unix.go GOFILES_openbsd+=root_unix.go
GOFILES_plan9+=root_stub.go GOFILES_plan9+=root_stub.go
GOFILES_windows+=root_stub.go GOFILES_windows+=root_windows.go
GOFILES+=$(GOFILES_$(GOOS)) GOFILES+=$(GOFILES_$(GOOS))
ifneq ($(CGOFILES_$(GOOS)),) ifneq ($(CGOFILES_$(GOOS)),)

View File

@ -0,0 +1,55 @@
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tls
import (
"crypto/x509"
"reflect"
"syscall"
"unsafe"
)
func loadStore(roots *x509.CertPool, name string) {
store, errno := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name))
if errno != 0 {
return
}
var prev *syscall.CertContext
for {
cur := syscall.CertEnumCertificatesInStore(store, prev)
if cur == nil {
break
}
var buf []byte
hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&buf))
hdrp.Data = cur.EncodedCert
hdrp.Len = int(cur.Length)
hdrp.Cap = int(cur.Length)
cert, err := x509.ParseCertificate(buf)
if err != nil {
continue
}
roots.AddCert(cert)
prev = cur
}
syscall.CertCloseStore(store, 0)
}
func initDefaultRoots() {
roots := x509.NewCertPool()
// Roots
loadStore(roots, "ROOT")
// Intermediates
loadStore(roots, "CA")
varDefaultRoots = roots
}

View File

@ -221,6 +221,9 @@ func NewCallback(fn interface{}) uintptr
//sys VirtualLock(addr uintptr, length uintptr) (errno int) //sys VirtualLock(addr uintptr, length uintptr) (errno int)
//sys VirtualUnlock(addr uintptr, length uintptr) (errno int) //sys VirtualUnlock(addr uintptr, length uintptr) (errno int)
//sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (errno int) = mswsock.TransmitFile //sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (errno int) = mswsock.TransmitFile
//sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) = crypt32.CertOpenSystemStoreW
//sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) = crypt32.CertEnumCertificatesInStore
//sys CertCloseStore(store Handle, flags uint32) (errno int) = crypt32.CertCloseStore
// syscall interface implementation for other packages // syscall interface implementation for other packages

View File

@ -10,6 +10,7 @@ var (
modadvapi32 = NewLazyDLL("advapi32.dll") modadvapi32 = NewLazyDLL("advapi32.dll")
modshell32 = NewLazyDLL("shell32.dll") modshell32 = NewLazyDLL("shell32.dll")
modmswsock = NewLazyDLL("mswsock.dll") modmswsock = NewLazyDLL("mswsock.dll")
modcrypt32 = NewLazyDLL("crypt32.dll")
modws2_32 = NewLazyDLL("ws2_32.dll") modws2_32 = NewLazyDLL("ws2_32.dll")
moddnsapi = NewLazyDLL("dnsapi.dll") moddnsapi = NewLazyDLL("dnsapi.dll")
modiphlpapi = NewLazyDLL("iphlpapi.dll") modiphlpapi = NewLazyDLL("iphlpapi.dll")
@ -80,6 +81,9 @@ var (
procVirtualLock = modkernel32.NewProc("VirtualLock") procVirtualLock = modkernel32.NewProc("VirtualLock")
procVirtualUnlock = modkernel32.NewProc("VirtualUnlock") procVirtualUnlock = modkernel32.NewProc("VirtualUnlock")
procTransmitFile = modmswsock.NewProc("TransmitFile") procTransmitFile = modmswsock.NewProc("TransmitFile")
procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW")
procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
procCertCloseStore = modcrypt32.NewProc("CertCloseStore")
procWSAStartup = modws2_32.NewProc("WSAStartup") procWSAStartup = modws2_32.NewProc("WSAStartup")
procWSACleanup = modws2_32.NewProc("WSACleanup") procWSACleanup = modws2_32.NewProc("WSACleanup")
procWSAIoctl = modws2_32.NewProc("WSAIoctl") procWSAIoctl = modws2_32.NewProc("WSAIoctl")
@ -1043,6 +1047,41 @@ func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint
return return
} }
func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) {
r0, _, e1 := Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
store = Handle(r0)
if store == 0 {
if e1 != 0 {
errno = int(e1)
} else {
errno = EINVAL
}
} else {
errno = 0
}
return
}
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) {
r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
context = (*CertContext)(unsafe.Pointer(r0))
return
}
func CertCloseStore(store Handle, flags uint32) (errno int) {
r1, _, e1 := Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
if int(r1) == 0 {
if e1 != 0 {
errno = int(e1)
} else {
errno = EINVAL
}
} else {
errno = 0
}
return
}
func WSAStartup(verreq uint32, data *WSAData) (sockerrno int) { func WSAStartup(verreq uint32, data *WSAData) (sockerrno int) {
r0, _, _ := Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0) r0, _, _ := Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
sockerrno = int(r0) sockerrno = int(r0)

View File

@ -10,6 +10,7 @@ var (
modadvapi32 = NewLazyDLL("advapi32.dll") modadvapi32 = NewLazyDLL("advapi32.dll")
modshell32 = NewLazyDLL("shell32.dll") modshell32 = NewLazyDLL("shell32.dll")
modmswsock = NewLazyDLL("mswsock.dll") modmswsock = NewLazyDLL("mswsock.dll")
modcrypt32 = NewLazyDLL("crypt32.dll")
modws2_32 = NewLazyDLL("ws2_32.dll") modws2_32 = NewLazyDLL("ws2_32.dll")
moddnsapi = NewLazyDLL("dnsapi.dll") moddnsapi = NewLazyDLL("dnsapi.dll")
modiphlpapi = NewLazyDLL("iphlpapi.dll") modiphlpapi = NewLazyDLL("iphlpapi.dll")
@ -80,6 +81,9 @@ var (
procVirtualLock = modkernel32.NewProc("VirtualLock") procVirtualLock = modkernel32.NewProc("VirtualLock")
procVirtualUnlock = modkernel32.NewProc("VirtualUnlock") procVirtualUnlock = modkernel32.NewProc("VirtualUnlock")
procTransmitFile = modmswsock.NewProc("TransmitFile") procTransmitFile = modmswsock.NewProc("TransmitFile")
procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW")
procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
procCertCloseStore = modcrypt32.NewProc("CertCloseStore")
procWSAStartup = modws2_32.NewProc("WSAStartup") procWSAStartup = modws2_32.NewProc("WSAStartup")
procWSACleanup = modws2_32.NewProc("WSACleanup") procWSACleanup = modws2_32.NewProc("WSACleanup")
procWSAIoctl = modws2_32.NewProc("WSAIoctl") procWSAIoctl = modws2_32.NewProc("WSAIoctl")
@ -1043,6 +1047,41 @@ func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint
return return
} }
func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) {
r0, _, e1 := Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
store = Handle(r0)
if store == 0 {
if e1 != 0 {
errno = int(e1)
} else {
errno = EINVAL
}
} else {
errno = 0
}
return
}
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) {
r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
context = (*CertContext)(unsafe.Pointer(r0))
return
}
func CertCloseStore(store Handle, flags uint32) (errno int) {
r1, _, e1 := Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
if int(r1) == 0 {
if e1 != 0 {
errno = int(e1)
} else {
errno = EINVAL
}
} else {
errno = 0
}
return
}
func WSAStartup(verreq uint32, data *WSAData) (sockerrno int) { func WSAStartup(verreq uint32, data *WSAData) (sockerrno int) {
r0, _, _ := Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0) r0, _, _ := Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
sockerrno = int(r0) sockerrno = int(r0)

View File

@ -617,3 +617,11 @@ type MibIfRow struct {
DescrLen uint32 DescrLen uint32
Descr [MAXLEN_IFDESCR]byte Descr [MAXLEN_IFDESCR]byte
} }
type CertContext struct {
EncodingType uint32
EncodedCert uintptr
Length uint32
CertInfo uintptr
Store Handle
}