/*TODO: Not supported*/
int KSI_PKITruststore_addLookupFile(KSI_PKITruststore *trust, const char *path) {
int res = KSI_UNKNOWN_ERROR;
HCERTSTORE tmp_FileTrustStore = NULL;
char buf[1024];
if (trust == NULL || path == NULL){
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(trust->ctx);
/*Open new store */
tmp_FileTrustStore = CertOpenStore(CERT_STORE_PROV_FILENAME_A, 0, 0, 0, path);
if (tmp_FileTrustStore == NULL) {
KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf)));
KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL);
goto cleanup;
}
/*Update with priority 0 store*/
if (!CertAddStoreToCollection(trust->collectionStore, tmp_FileTrustStore, 0, 0)) {
KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf)));
KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL);
goto cleanup;
}
tmp_FileTrustStore = NULL;
res = KSI_OK;
cleanup:
if (tmp_FileTrustStore) CertCloseStore(tmp_FileTrustStore, CERT_CLOSE_STORE_CHECK_FLAG);
return res;
}
static HCERTCHAINENGINE CRYPTDLG_MakeEngine(CERT_VERIFY_CERTIFICATE_TRUST *cert)
{
HCERTCHAINENGINE engine = NULL;
HCERTSTORE root = NULL, trust = NULL;
DWORD i;
if (cert->cRootStores)
{
root = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
if (root)
{
for (i = 0; i < cert->cRootStores; i++)
CertAddStoreToCollection(root, cert->rghstoreRoots[i], 0, 0);
}
}
if (cert->cTrustStores)
{
trust = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
if (root)
{
for (i = 0; i < cert->cTrustStores; i++)
CertAddStoreToCollection(trust, cert->rghstoreTrust[i], 0, 0);
}
}
if (cert->cRootStores || cert->cStores || cert->cTrustStores)
{
CERT_CHAIN_ENGINE_CONFIG config;
memset(&config, 0, sizeof(config));
config.cbSize = sizeof(config);
config.hRestrictedRoot = root;
config.hRestrictedTrust = trust;
config.cAdditionalStore = cert->cStores;
config.rghAdditionalStore = cert->rghstoreCAs;
config.hRestrictedRoot = root;
CertCreateCertificateChainEngine(&config, &engine);
CertCloseStore(root, 0);
CertCloseStore(trust, 0);
}
return engine;
}
static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo,
PCERT_CHAIN_PARA chainPara)
{
BOOL ret = TRUE;
HCERTSTORE store = NULL;
if (data->chStores)
{
store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
if (store)
{
DWORD i;
for (i = 0; i < data->chStores; i++)
CertAddStoreToCollection(store, data->pahStores[i], 0, 0);
}
}
/* Expect the end certificate for each signer to be the only cert in the
* chain:
*/
if (data->pasSigners[signer].csCertChain)
{
/* Create a certificate chain for each signer */
ret = CertGetCertificateChain(createInfo->hChainEngine,
data->pasSigners[signer].pasCertChain[0].pCert,
&data->pasSigners[signer].sftVerifyAsOf, store,
chainPara, createInfo->dwFlags, createInfo->pvReserved,
&data->pasSigners[signer].pChainContext);
if (ret)
{
if (data->pasSigners[signer].pChainContext->cChain != 1)
{
FIXME("unimplemented for more than 1 simple chain\n");
ret = FALSE;
}
else
{
if ((ret = WINTRUST_CopyChain(data, signer)))
{
if (data->psPfns->pfnCertCheckPolicy)
ret = data->psPfns->pfnCertCheckPolicy(data, signer,
FALSE, 0);
else
TRACE("no cert check policy, skipping policy check\n");
}
}
}
}
CertCloseStore(store, 0);
return ret;
}
static HCERTSTORE create_root_store(void)
{
HCERTSTORE root = NULL;
HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
if (memStore)
{
CERT_STORE_PROV_INFO provInfo = {
sizeof(CERT_STORE_PROV_INFO),
sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]),
rootProvFuncs,
NULL,
0,
NULL
};
read_trusted_roots_from_known_locations(memStore);
add_ms_root_certs(memStore);
root = CRYPT_ProvCreateStore(0, memStore, &provInfo);
#ifdef __REACTOS__
{
HCERTSTORE regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"AuthRoot");
if (regStore)
{
HCERTSTORE collStore = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddStoreToCollection(collStore, regStore, 0, 0);
root = collStore;
}
}
#endif
}
TRACE("returning %p\n", root);
return root;
}
static PWINECRYPT_CERTSTORE CRYPT_SysOpenStoreW(HCRYPTPROV hCryptProv,
DWORD dwFlags, const void *pvPara)
{
HCERTSTORE store = 0;
BOOL ret;
TRACE("(%ld, %08x, %s)\n", hCryptProv, dwFlags,
debugstr_w(pvPara));
if (!pvPara)
{
SetLastError(ERROR_FILE_NOT_FOUND);
return NULL;
}
/* This returns a different error than system registry stores if the
* location is invalid.
*/
switch (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK)
{
case CERT_SYSTEM_STORE_LOCAL_MACHINE:
case CERT_SYSTEM_STORE_CURRENT_USER:
case CERT_SYSTEM_STORE_CURRENT_SERVICE:
case CERT_SYSTEM_STORE_SERVICES:
case CERT_SYSTEM_STORE_USERS:
case CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY:
case CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY:
case CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE:
ret = TRUE;
break;
default:
SetLastError(ERROR_FILE_NOT_FOUND);
ret = FALSE;
}
if (ret)
{
HCERTSTORE regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W,
0, 0, dwFlags, pvPara);
if (regStore)
{
store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddStoreToCollection(store, regStore,
dwFlags & CERT_STORE_READONLY_FLAG ? 0 :
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
CertCloseStore(regStore, 0);
/* CERT_SYSTEM_STORE_CURRENT_USER returns both the HKCU and HKLM
* stores.
*/
if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) ==
CERT_SYSTEM_STORE_CURRENT_USER)
{
dwFlags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
dwFlags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0,
0, dwFlags, pvPara);
if (regStore)
{
CertAddStoreToCollection(store, regStore,
dwFlags & CERT_STORE_READONLY_FLAG ? 0 :
CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
CertCloseStore(regStore, 0);
}
}
/* System store doesn't need crypto provider, so close it */
if (hCryptProv && !(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG))
CryptReleaseContext(hCryptProv, 0);
}
}
return store;
}
