RTDECL(int) RTCrStoreCreateSnapshotById(PRTCRSTORE phStore, RTCRSTOREID enmStoreId, PRTERRINFO pErrInfo)
{
AssertReturn(enmStoreId > RTCRSTOREID_INVALID && enmStoreId < RTCRSTOREID_END, VERR_INVALID_PARAMETER);
/*
* Create an empty in-memory store.
*/
RTCRSTORE hStore;
int rc = RTCrStoreCreateInMem(&hStore, 128);
if (RT_SUCCESS(rc))
{
*phStore = hStore;
/*
* Resolve the APIs we need to do this job.
*/
RTLDRMOD hLdrMod;
int rc2 = RTLdrLoadSystem("crypt32.dll", false /*NoUnload*/, &hLdrMod);
if (RT_SUCCESS(rc2))
{
PFNCERTOPENSTORE pfnOpenStore = NULL;
rc2 = RTLdrGetSymbol(hLdrMod, "CertOpenStore", (void **)&pfnOpenStore);
PFNCERTCLOSESTORE pfnCloseStore = NULL;
if (RT_SUCCESS(rc2))
rc2 = RTLdrGetSymbol(hLdrMod, "CertCloseStore", (void **)&pfnCloseStore);
PFNCERTENUMCERTIFICATESINSTORE pfnEnumCerts = NULL;
if (RT_SUCCESS(rc2))
rc2 = RTLdrGetSymbol(hLdrMod, "CertEnumCertificatesInStore", (void **)&pfnEnumCerts);
if (RT_SUCCESS(rc2))
{
/*
* Do the work.
*/
switch (enmStoreId)
{
case RTCRSTOREID_USER_TRUSTED_CAS_AND_CERTIFICATES:
case RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES:
{
DWORD fStore = enmStoreId == RTCRSTOREID_USER_TRUSTED_CAS_AND_CERTIFICATES
? CERT_SYSTEM_STORE_CURRENT_USER : CERT_SYSTEM_STORE_LOCAL_MACHINE;
static PCRTUTF16 const s_apwszStores[] = { L"AuthRoot", L"CA", L"MY", L"Root" };
for (uint32_t i = 0; i < RT_ELEMENTS(s_apwszStores); i++)
rc = rtCrStoreAddCertsFromNative(hStore, fStore, s_apwszStores[i], pfnOpenStore, pfnCloseStore,
pfnEnumCerts, rc, pErrInfo);
break;
}
default:
AssertFailed(); /* implement me */
}
}
else
rc = RTErrInfoSetF(pErrInfo, -rc2, "Error resolving crypt32.dll APIs");
RTLdrClose(hLdrMod);
}
else
rc = RTErrInfoSetF(pErrInfo, -rc2, "Error loading crypt32.dll");
}
else
RTErrInfoSet(pErrInfo, rc, "RTCrStoreCreateInMem failed");
return rc;
}
RTDECL(int) RTCrStoreCreateSnapshotById(PRTCRSTORE phStore, RTCRSTOREID enmStoreId, PRTERRINFO pErrInfo)
{
AssertReturn(enmStoreId > RTCRSTOREID_INVALID && enmStoreId < RTCRSTOREID_END, VERR_INVALID_PARAMETER);
/*
* Create an empty in-memory store.
*/
RTCRSTORE hStore;
uint32_t cExpected = enmStoreId == RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES ? 256 : 0;
int rc = RTCrStoreCreateInMem(&hStore, cExpected);
if (RT_SUCCESS(rc))
{
*phStore = hStore;
/*
* Add system certificates if part of the given store ID.
*/
bool fFound = false;
rc = VINF_SUCCESS;
if (enmStoreId == RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES)
{
for (uint32_t i = 0; i < RT_ELEMENTS(g_apszSystemPemFiles); i++)
if (RTFileExists(g_apszSystemPemFiles[i]))
{
fFound = true;
int rc2 = RTCrStoreCertAddFromFile(hStore,
RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
g_apszSystemPemFiles[i], pErrInfo);
if (RT_FAILURE(rc2))
rc = -rc2;
}
/*
* If we didn't find any of the certificate collection files, go hunting
* for directories containing PEM/CRT files with single certificates.
*/
if (!fFound)
for (uint32_t i = 0; i < RT_ELEMENTS(g_apszSystemPemDirs); i++)
if (RTDirExists(g_apszSystemPemDirs[i]))
{
static RTSTRTUPLE const s_aSuffixes[] =
{
{ RT_STR_TUPLE(".crt") },
{ RT_STR_TUPLE(".pem") },
{ RT_STR_TUPLE(".PEM") },
{ RT_STR_TUPLE(".CRT") },
};
fFound = true;
int rc2 = RTCrStoreCertAddFromDir(hStore,
RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
g_apszSystemPemDirs[i], &s_aSuffixes[0], RT_ELEMENTS(s_aSuffixes),
pErrInfo);
if (RT_FAILURE(rc2))
rc = -rc2;
}
}
}
else
RTErrInfoAdd(pErrInfo, rc, " RTCrStoreCreateInMem failed");
return rc;
}
