/*TODO: Not supported*/ int KSI_PKITruststore_addLookupFile(KSI_PKITruststore *trust, const char *path) { int res = KSI_UNKNOWN_ERROR; HCERTSTORE tmp_FileTrustStore = NULL; char buf[1024]; if (trust == NULL || path == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(trust->ctx); /*Open new store */ tmp_FileTrustStore = CertOpenStore(CERT_STORE_PROV_FILENAME_A, 0, 0, 0, path); if (tmp_FileTrustStore == NULL) { KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf))); KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL); goto cleanup; } /*Update with priority 0 store*/ if (!CertAddStoreToCollection(trust->collectionStore, tmp_FileTrustStore, 0, 0)) { KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf))); KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL); goto cleanup; } tmp_FileTrustStore = NULL; res = KSI_OK; cleanup: if (tmp_FileTrustStore) CertCloseStore(tmp_FileTrustStore, CERT_CLOSE_STORE_CHECK_FLAG); return res; }
static HCERTCHAINENGINE CRYPTDLG_MakeEngine(CERT_VERIFY_CERTIFICATE_TRUST *cert) { HCERTCHAINENGINE engine = NULL; HCERTSTORE root = NULL, trust = NULL; DWORD i; if (cert->cRootStores) { root = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); if (root) { for (i = 0; i < cert->cRootStores; i++) CertAddStoreToCollection(root, cert->rghstoreRoots[i], 0, 0); } } if (cert->cTrustStores) { trust = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); if (root) { for (i = 0; i < cert->cTrustStores; i++) CertAddStoreToCollection(trust, cert->rghstoreTrust[i], 0, 0); } } if (cert->cRootStores || cert->cStores || cert->cTrustStores) { CERT_CHAIN_ENGINE_CONFIG config; memset(&config, 0, sizeof(config)); config.cbSize = sizeof(config); config.hRestrictedRoot = root; config.hRestrictedTrust = trust; config.cAdditionalStore = cert->cStores; config.rghAdditionalStore = cert->rghstoreCAs; config.hRestrictedRoot = root; CertCreateCertificateChainEngine(&config, &engine); CertCloseStore(root, 0); CertCloseStore(trust, 0); } return engine; }
static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data, DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo, PCERT_CHAIN_PARA chainPara) { BOOL ret = TRUE; HCERTSTORE store = NULL; if (data->chStores) { store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); if (store) { DWORD i; for (i = 0; i < data->chStores; i++) CertAddStoreToCollection(store, data->pahStores[i], 0, 0); } } /* Expect the end certificate for each signer to be the only cert in the * chain: */ if (data->pasSigners[signer].csCertChain) { /* Create a certificate chain for each signer */ ret = CertGetCertificateChain(createInfo->hChainEngine, data->pasSigners[signer].pasCertChain[0].pCert, &data->pasSigners[signer].sftVerifyAsOf, store, chainPara, createInfo->dwFlags, createInfo->pvReserved, &data->pasSigners[signer].pChainContext); if (ret) { if (data->pasSigners[signer].pChainContext->cChain != 1) { FIXME("unimplemented for more than 1 simple chain\n"); ret = FALSE; } else { if ((ret = WINTRUST_CopyChain(data, signer))) { if (data->psPfns->pfnCertCheckPolicy) ret = data->psPfns->pfnCertCheckPolicy(data, signer, FALSE, 0); else TRACE("no cert check policy, skipping policy check\n"); } } } } CertCloseStore(store, 0); return ret; }
static HCERTSTORE create_root_store(void) { HCERTSTORE root = NULL; HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); if (memStore) { CERT_STORE_PROV_INFO provInfo = { sizeof(CERT_STORE_PROV_INFO), sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]), rootProvFuncs, NULL, 0, NULL }; read_trusted_roots_from_known_locations(memStore); add_ms_root_certs(memStore); root = CRYPT_ProvCreateStore(0, memStore, &provInfo); #ifdef __REACTOS__ { HCERTSTORE regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"AuthRoot"); if (regStore) { HCERTSTORE collStore = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); CertAddStoreToCollection(collStore, regStore, 0, 0); root = collStore; } } #endif } TRACE("returning %p\n", root); return root; }
static PWINECRYPT_CERTSTORE CRYPT_SysOpenStoreW(HCRYPTPROV hCryptProv, DWORD dwFlags, const void *pvPara) { HCERTSTORE store = 0; BOOL ret; TRACE("(%ld, %08x, %s)\n", hCryptProv, dwFlags, debugstr_w(pvPara)); if (!pvPara) { SetLastError(ERROR_FILE_NOT_FOUND); return NULL; } /* This returns a different error than system registry stores if the * location is invalid. */ switch (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) { case CERT_SYSTEM_STORE_LOCAL_MACHINE: case CERT_SYSTEM_STORE_CURRENT_USER: case CERT_SYSTEM_STORE_CURRENT_SERVICE: case CERT_SYSTEM_STORE_SERVICES: case CERT_SYSTEM_STORE_USERS: case CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY: case CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY: case CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE: ret = TRUE; break; default: SetLastError(ERROR_FILE_NOT_FOUND); ret = FALSE; } if (ret) { HCERTSTORE regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, 0, dwFlags, pvPara); if (regStore) { store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); CertAddStoreToCollection(store, regStore, dwFlags & CERT_STORE_READONLY_FLAG ? 0 : CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0); CertCloseStore(regStore, 0); /* CERT_SYSTEM_STORE_CURRENT_USER returns both the HKCU and HKLM * stores. */ if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) == CERT_SYSTEM_STORE_CURRENT_USER) { dwFlags &= ~CERT_SYSTEM_STORE_CURRENT_USER; dwFlags |= CERT_SYSTEM_STORE_LOCAL_MACHINE; regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, 0, dwFlags, pvPara); if (regStore) { CertAddStoreToCollection(store, regStore, dwFlags & CERT_STORE_READONLY_FLAG ? 0 : CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0); CertCloseStore(regStore, 0); } } /* System store doesn't need crypto provider, so close it */ if (hCryptProv && !(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG)) CryptReleaseContext(hCryptProv, 0); } } return store; }