crypto/tls: fetch root CA from Windows store

R=rsc
CC=golang-dev
https://golang.org/cl/5281044

src/pkg/crypto/tls/Makefile

@@ -28,7 +28,7 @@ GOFILES_freebsd+=root_unix.go
 GOFILES_linux+=root_unix.go
 GOFILES_openbsd+=root_unix.go
 GOFILES_plan9+=root_stub.go
-GOFILES_windows+=root_stub.go
+GOFILES_windows+=root_windows.go
 
 GOFILES+=$(GOFILES_$(GOOS))
 ifneq ($(CGOFILES_$(GOOS)),)

src/pkg/crypto/tls/root_windows.go

@@ -0,0 +1,55 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+	"crypto/x509"
+	"reflect"
+	"syscall"
+	"unsafe"
+)
+
+func loadStore(roots *x509.CertPool, name string) {
+	store, errno := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name))
+	if errno != 0 {
+		return
+	}
+
+	var prev *syscall.CertContext
+	for {
+		cur := syscall.CertEnumCertificatesInStore(store, prev)
+		if cur == nil {
+			break
+		}
+
+		var buf []byte
+		hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&buf))
+		hdrp.Data = cur.EncodedCert
+		hdrp.Len = int(cur.Length)
+		hdrp.Cap = int(cur.Length)
+
+		cert, err := x509.ParseCertificate(buf)
+		if err != nil {
+			continue
+		}
+
+		roots.AddCert(cert)
+		prev = cur
+	}
+
+	syscall.CertCloseStore(store, 0)
+}
+
+func initDefaultRoots() {
+	roots := x509.NewCertPool()
+
+	// Roots
+	loadStore(roots, "ROOT")
+
+	// Intermediates
+	loadStore(roots, "CA")
+
+	varDefaultRoots = roots
+}

src/pkg/syscall/syscall_windows.go

@@ -221,6 +221,9 @@ func NewCallback(fn interface{}) uintptr
 //sys	VirtualLock(addr uintptr, length uintptr) (errno int)
 //sys	VirtualUnlock(addr uintptr, length uintptr) (errno int)
 //sys	TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (errno int) = mswsock.TransmitFile
+//sys	CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) = crypt32.CertOpenSystemStoreW
+//sys	CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) = crypt32.CertEnumCertificatesInStore
+//sys	CertCloseStore(store Handle, flags uint32) (errno int) = crypt32.CertCloseStore
 
 // syscall interface implementation for other packages
 

src/pkg/syscall/zsyscall_windows_386.go

@@ -10,6 +10,7 @@ var (
 	modadvapi32 = NewLazyDLL("advapi32.dll")
 	modshell32  = NewLazyDLL("shell32.dll")
 	modmswsock  = NewLazyDLL("mswsock.dll")
+	modcrypt32  = NewLazyDLL("crypt32.dll")
 	modws2_32   = NewLazyDLL("ws2_32.dll")
 	moddnsapi   = NewLazyDLL("dnsapi.dll")
 	modiphlpapi = NewLazyDLL("iphlpapi.dll")
@@ -80,6 +81,9 @@ var (
 	procVirtualLock                 = modkernel32.NewProc("VirtualLock")
 	procVirtualUnlock               = modkernel32.NewProc("VirtualUnlock")
 	procTransmitFile                = modmswsock.NewProc("TransmitFile")
+	procCertOpenSystemStoreW        = modcrypt32.NewProc("CertOpenSystemStoreW")
+	procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
+	procCertCloseStore              = modcrypt32.NewProc("CertCloseStore")
 	procWSAStartup                  = modws2_32.NewProc("WSAStartup")
 	procWSACleanup                  = modws2_32.NewProc("WSACleanup")
 	procWSAIoctl                    = modws2_32.NewProc("WSAIoctl")
@@ -1043,6 +1047,41 @@ func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint
 	return
 }
 
+func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) {
+	r0, _, e1 := Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
+	store = Handle(r0)
+	if store == 0 {
+		if e1 != 0 {
+			errno = int(e1)
+		} else {
+			errno = EINVAL
+		}
+	} else {
+		errno = 0
+	}
+	return
+}
+
+func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) {
+	r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
+	context = (*CertContext)(unsafe.Pointer(r0))
+	return
+}
+
+func CertCloseStore(store Handle, flags uint32) (errno int) {
+	r1, _, e1 := Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
+	if int(r1) == 0 {
+		if e1 != 0 {
+			errno = int(e1)
+		} else {
+			errno = EINVAL
+		}
+	} else {
+		errno = 0
+	}
+	return
+}
+
 func WSAStartup(verreq uint32, data *WSAData) (sockerrno int) {
 	r0, _, _ := Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
 	sockerrno = int(r0)

src/pkg/syscall/zsyscall_windows_amd64.go

@@ -10,6 +10,7 @@ var (
 	modadvapi32 = NewLazyDLL("advapi32.dll")
 	modshell32  = NewLazyDLL("shell32.dll")
 	modmswsock  = NewLazyDLL("mswsock.dll")
+	modcrypt32  = NewLazyDLL("crypt32.dll")
 	modws2_32   = NewLazyDLL("ws2_32.dll")
 	moddnsapi   = NewLazyDLL("dnsapi.dll")
 	modiphlpapi = NewLazyDLL("iphlpapi.dll")
@@ -80,6 +81,9 @@ var (
 	procVirtualLock                 = modkernel32.NewProc("VirtualLock")
 	procVirtualUnlock               = modkernel32.NewProc("VirtualUnlock")
 	procTransmitFile                = modmswsock.NewProc("TransmitFile")
+	procCertOpenSystemStoreW        = modcrypt32.NewProc("CertOpenSystemStoreW")
+	procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
+	procCertCloseStore              = modcrypt32.NewProc("CertCloseStore")
 	procWSAStartup                  = modws2_32.NewProc("WSAStartup")
 	procWSACleanup                  = modws2_32.NewProc("WSACleanup")
 	procWSAIoctl                    = modws2_32.NewProc("WSAIoctl")
@@ -1043,6 +1047,41 @@ func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint
 	return
 }
 
+func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) {
+	r0, _, e1 := Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0)
+	store = Handle(r0)
+	if store == 0 {
+		if e1 != 0 {
+			errno = int(e1)
+		} else {
+			errno = EINVAL
+		}
+	} else {
+		errno = 0
+	}
+	return
+}
+
+func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) {
+	r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
+	context = (*CertContext)(unsafe.Pointer(r0))
+	return
+}
+
+func CertCloseStore(store Handle, flags uint32) (errno int) {
+	r1, _, e1 := Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0)
+	if int(r1) == 0 {
+		if e1 != 0 {
+			errno = int(e1)
+		} else {
+			errno = EINVAL
+		}
+	} else {
+		errno = 0
+	}
+	return
+}
+
 func WSAStartup(verreq uint32, data *WSAData) (sockerrno int) {
 	r0, _, _ := Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0)
 	sockerrno = int(r0)

src/pkg/syscall/ztypes_windows.go

@@ -617,3 +617,11 @@ type MibIfRow struct {
 	DescrLen        uint32
 	Descr           [MAXLEN_IFDESCR]byte
 }
+
+type CertContext struct {
+	EncodingType uint32
+	EncodedCert  uintptr
+	Length       uint32
+	CertInfo     uintptr
+	Store        Handle
+}