1 | /* $Id: store.cpp 97465 2022-11-08 21:46:10Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * IPRT - Cryptographic (Certificate) Store.
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2006-2022 Oracle and/or its affiliates.
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox base platform packages, as
|
---|
10 | * available from https://www.virtualbox.org.
|
---|
11 | *
|
---|
12 | * This program is free software; you can redistribute it and/or
|
---|
13 | * modify it under the terms of the GNU General Public License
|
---|
14 | * as published by the Free Software Foundation, in version 3 of the
|
---|
15 | * License.
|
---|
16 | *
|
---|
17 | * This program is distributed in the hope that it will be useful, but
|
---|
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
20 | * General Public License for more details.
|
---|
21 | *
|
---|
22 | * You should have received a copy of the GNU General Public License
|
---|
23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
24 | *
|
---|
25 | * The contents of this file may alternatively be used under the terms
|
---|
26 | * of the Common Development and Distribution License Version 1.0
|
---|
27 | * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
|
---|
28 | * in the VirtualBox distribution, in which case the provisions of the
|
---|
29 | * CDDL are applicable instead of those of the GPL.
|
---|
30 | *
|
---|
31 | * You may elect to license modified versions of this file under the
|
---|
32 | * terms and conditions of either the GPL or the CDDL or both.
|
---|
33 | *
|
---|
34 | * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
|
---|
35 | */
|
---|
36 |
|
---|
37 |
|
---|
38 | /*********************************************************************************************************************************
|
---|
39 | * Header Files *
|
---|
40 | *********************************************************************************************************************************/
|
---|
41 | #include "internal/iprt.h"
|
---|
42 | #include <iprt/crypto/store.h>
|
---|
43 |
|
---|
44 | #include <iprt/asm.h>
|
---|
45 | #include <iprt/err.h>
|
---|
46 | #include <iprt/mem.h>
|
---|
47 | #include <iprt/string.h>
|
---|
48 |
|
---|
49 | #include <iprt/crypto/pkcs7.h>
|
---|
50 | #include <iprt/crypto/x509.h>
|
---|
51 |
|
---|
52 | #ifdef IPRT_WITH_OPENSSL
|
---|
53 | # include "internal/openssl-pre.h"
|
---|
54 | # include <openssl/x509.h>
|
---|
55 | # include "internal/openssl-post.h"
|
---|
56 | #endif
|
---|
57 |
|
---|
58 | #include "store-internal.h"
|
---|
59 |
|
---|
60 |
|
---|
61 | /*********************************************************************************************************************************
|
---|
62 | * Structures and Typedefs *
|
---|
63 | *********************************************************************************************************************************/
|
---|
64 | /**
|
---|
65 | * Internal representation of a (certificate,++) store.
|
---|
66 | */
|
---|
67 | typedef struct RTCRSTOREINT
|
---|
68 | {
|
---|
69 | /** Magic number (RTCRSTOREINT_MAGIC). */
|
---|
70 | uint32_t u32Magic;
|
---|
71 | /** Reference counter. */
|
---|
72 | uint32_t volatile cRefs;
|
---|
73 | /** Pointer to the store provider. */
|
---|
74 | PCRTCRSTOREPROVIDER pProvider;
|
---|
75 | /** Provider specific data. */
|
---|
76 | void *pvProvider;
|
---|
77 | } RTCRSTOREINT;
|
---|
78 | /** Pointer to the internal representation of a store. */
|
---|
79 | typedef RTCRSTOREINT *PRTCRSTOREINT;
|
---|
80 |
|
---|
81 | /** Magic value for RTCRSTOREINT::u32Magic (Alfred Dillwyn "Dilly" Knox). */
|
---|
82 | #define RTCRSTOREINT_MAGIC UINT32_C(0x18840723)
|
---|
83 | /** Dead magic value for RTCRSTOREINT::u32Magic. */
|
---|
84 | #define RTCRSTOREINT_MAGIC_DEAD UINT32_C(0x19430227)
|
---|
85 |
|
---|
86 |
|
---|
87 |
|
---|
88 | /**
|
---|
89 | * Internal method a store provider uses to create a store handle.
|
---|
90 | *
|
---|
91 | * @returns IPRT status code
|
---|
92 | * @param pProvider Pointer to the store provider callback table.
|
---|
93 | * @param pvProvider Pointer to the provider specific instance data.
|
---|
94 | * @param phStore Where to return the store handle.
|
---|
95 | */
|
---|
96 | DECLHIDDEN(int) rtCrStoreCreate(PCRTCRSTOREPROVIDER pProvider, void *pvProvider, PRTCRSTORE phStore)
|
---|
97 | {
|
---|
98 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)RTMemAlloc(sizeof(*pThis));
|
---|
99 | if (pThis)
|
---|
100 | {
|
---|
101 | pThis->pvProvider = pvProvider;
|
---|
102 | pThis->pProvider = pProvider;
|
---|
103 | pThis->cRefs = 1;
|
---|
104 | pThis->u32Magic = RTCRSTOREINT_MAGIC;
|
---|
105 | *phStore = pThis;
|
---|
106 | return VINF_SUCCESS;
|
---|
107 | }
|
---|
108 | return VERR_NO_MEMORY;
|
---|
109 | }
|
---|
110 |
|
---|
111 |
|
---|
112 | /**
|
---|
113 | * For the parent forwarding of the in-memory store.
|
---|
114 | */
|
---|
115 | DECLHIDDEN(PCRTCRSTOREPROVIDER) rtCrStoreGetProvider(RTCRSTORE hStore, void **ppvProvider)
|
---|
116 | {
|
---|
117 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
118 | AssertPtrReturn(pThis, NULL);
|
---|
119 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, NULL);
|
---|
120 | *ppvProvider = pThis->pvProvider;
|
---|
121 | return pThis->pProvider;
|
---|
122 | }
|
---|
123 |
|
---|
124 |
|
---|
125 | RTDECL(uint32_t) RTCrStoreRetain(RTCRSTORE hStore)
|
---|
126 | {
|
---|
127 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
128 | AssertPtrReturn(pThis, UINT32_MAX);
|
---|
129 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, UINT32_MAX);
|
---|
130 |
|
---|
131 | uint32_t cRet = ASMAtomicIncU32(&pThis->cRefs);
|
---|
132 | Assert(cRet < 8192);
|
---|
133 | return cRet;
|
---|
134 | }
|
---|
135 |
|
---|
136 |
|
---|
137 | RTDECL(uint32_t) RTCrStoreRelease(RTCRSTORE hStore)
|
---|
138 | {
|
---|
139 | if (hStore == NIL_RTCRSTORE)
|
---|
140 | return 0;
|
---|
141 |
|
---|
142 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
143 | AssertPtrReturn(pThis, UINT32_MAX);
|
---|
144 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, UINT32_MAX);
|
---|
145 |
|
---|
146 | uint32_t cStore = ASMAtomicDecU32(&pThis->cRefs);
|
---|
147 | if (!cStore)
|
---|
148 | {
|
---|
149 | ASMAtomicWriteU32(&pThis->u32Magic, RTCRSTOREINT_MAGIC_DEAD);
|
---|
150 | pThis->pProvider->pfnDestroyStore(pThis->pvProvider);
|
---|
151 | RTMemFree(pThis);
|
---|
152 | }
|
---|
153 | return cStore;
|
---|
154 | }
|
---|
155 |
|
---|
156 |
|
---|
157 | RTDECL(PCRTCRCERTCTX) RTCrStoreCertByIssuerAndSerialNo(RTCRSTORE hStore, PCRTCRX509NAME pIssuer, PCRTASN1INTEGER pSerialNo)
|
---|
158 | {
|
---|
159 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
160 | AssertPtrReturn(pThis, NULL);
|
---|
161 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, NULL);
|
---|
162 | AssertPtrReturn(pIssuer, NULL);
|
---|
163 |
|
---|
164 | int rc;
|
---|
165 | RTCRSTORECERTSEARCH Search;
|
---|
166 | if (pThis->pProvider->pfnCertFindByIssuerAndSerialNo)
|
---|
167 | rc = pThis->pProvider->pfnCertFindByIssuerAndSerialNo(pThis->pvProvider, pIssuer, pSerialNo, &Search);
|
---|
168 | else
|
---|
169 | rc = pThis->pProvider->pfnCertFindAll(pThis->pvProvider, &Search);
|
---|
170 |
|
---|
171 | PCRTCRCERTCTX pCertCtx = NULL;
|
---|
172 | if (RT_SUCCESS(rc))
|
---|
173 | {
|
---|
174 | for (;;)
|
---|
175 | {
|
---|
176 | pCertCtx = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, &Search);
|
---|
177 | if (!pCertCtx)
|
---|
178 | break;
|
---|
179 |
|
---|
180 | if ( pCertCtx->pCert
|
---|
181 | && RTCrX509Certificate_MatchIssuerAndSerialNumber(pCertCtx->pCert, pIssuer, pSerialNo))
|
---|
182 | break;
|
---|
183 | RTCrCertCtxRelease(pCertCtx);
|
---|
184 | }
|
---|
185 |
|
---|
186 | pThis->pProvider->pfnCertSearchDestroy(pThis->pvProvider, &Search);
|
---|
187 | }
|
---|
188 | else
|
---|
189 | AssertMsg(rc == VERR_NOT_FOUND, ("%Rrc\n", rc));
|
---|
190 | return pCertCtx;
|
---|
191 | }
|
---|
192 |
|
---|
193 |
|
---|
194 | RTDECL(int) RTCrStoreCertAddEncoded(RTCRSTORE hStore, uint32_t fFlags, void const *pvSrc, size_t cbSrc, PRTERRINFO pErrInfo)
|
---|
195 | {
|
---|
196 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
197 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
198 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
199 | AssertPtrReturn(pvSrc, VERR_INVALID_POINTER);
|
---|
200 | AssertReturn(cbSrc > 16 && cbSrc < _1M, VERR_OUT_OF_RANGE);
|
---|
201 | AssertReturn(!(fFlags & ~(RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ENC_MASK)), VERR_INVALID_FLAGS);
|
---|
202 | AssertMsgReturn( (fFlags & RTCRCERTCTX_F_ENC_MASK) == RTCRCERTCTX_F_ENC_X509_DER
|
---|
203 | || (fFlags & RTCRCERTCTX_F_ENC_MASK) == RTCRCERTCTX_F_ENC_TAF_DER
|
---|
204 | , ("Only X.509 and TAF DER supported: %#x\n", fFlags), VERR_INVALID_FLAGS);
|
---|
205 |
|
---|
206 | int rc;
|
---|
207 | if (pThis->pProvider->pfnCertAddEncoded)
|
---|
208 | rc = pThis->pProvider->pfnCertAddEncoded(pThis->pvProvider, fFlags, (uint8_t const *)pvSrc, (uint32_t)cbSrc, pErrInfo);
|
---|
209 | else
|
---|
210 | rc = VERR_WRITE_PROTECT;
|
---|
211 |
|
---|
212 | return rc;
|
---|
213 | }
|
---|
214 |
|
---|
215 |
|
---|
216 | RTDECL(int) RTCrStoreCertAddX509(RTCRSTORE hStore, uint32_t fFlags, PRTCRX509CERTIFICATE pCertificate, PRTERRINFO pErrInfo)
|
---|
217 | {
|
---|
218 | /*
|
---|
219 | * Validate.
|
---|
220 | */
|
---|
221 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
222 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
223 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
224 |
|
---|
225 | AssertPtrReturn(pCertificate, VERR_INVALID_POINTER);
|
---|
226 | AssertReturn(RTCrX509Certificate_IsPresent(pCertificate), VERR_INVALID_PARAMETER);
|
---|
227 | int rc = RTCrX509Certificate_CheckSanity(pCertificate, 0, pErrInfo, "Cert");
|
---|
228 | AssertRCReturn(rc, rc);
|
---|
229 |
|
---|
230 | AssertReturn(!(fFlags & ~(RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ENC_MASK)), VERR_INVALID_FLAGS);
|
---|
231 | AssertCompile(RTCRCERTCTX_F_ENC_X509_DER == 0);
|
---|
232 | AssertMsgReturn((fFlags & RTCRCERTCTX_F_ENC_MASK) == RTCRCERTCTX_F_ENC_X509_DER,
|
---|
233 | ("Invalid encoding: %#x\n", fFlags), VERR_INVALID_FLAGS);
|
---|
234 |
|
---|
235 | /*
|
---|
236 | * Encode and add it using pfnCertAddEncoded.
|
---|
237 | */
|
---|
238 | if (pThis->pProvider->pfnCertAddEncoded)
|
---|
239 | {
|
---|
240 | PRTASN1CORE pCore = RTCrX509Certificate_GetAsn1Core(pCertificate);
|
---|
241 | uint32_t cbEncoded = 0;
|
---|
242 | rc = RTAsn1EncodePrepare(pCore, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo);
|
---|
243 | if (RT_SUCCESS(rc))
|
---|
244 | {
|
---|
245 | uint8_t * const pbEncoded = (uint8_t *)RTMemTmpAllocZ(cbEncoded);
|
---|
246 | if (pbEncoded)
|
---|
247 | {
|
---|
248 | rc = RTAsn1EncodeToBuffer(pCore, RTASN1ENCODE_F_DER, pbEncoded, cbEncoded, pErrInfo);
|
---|
249 | if (RT_SUCCESS(rc))
|
---|
250 | rc = pThis->pProvider->pfnCertAddEncoded(pThis->pvProvider, fFlags, pbEncoded, cbEncoded, pErrInfo);
|
---|
251 | RTMemTmpFree(pbEncoded);
|
---|
252 | }
|
---|
253 | else
|
---|
254 | rc = VERR_NO_TMP_MEMORY;
|
---|
255 | }
|
---|
256 | }
|
---|
257 | else
|
---|
258 | rc = VERR_WRITE_PROTECT;
|
---|
259 |
|
---|
260 | return rc;
|
---|
261 | }
|
---|
262 |
|
---|
263 |
|
---|
264 | RTDECL(int) RTCrStoreCertAddPkcs7(RTCRSTORE hStore, uint32_t fFlags, PRTCRPKCS7CERT pCertificate, PRTERRINFO pErrInfo)
|
---|
265 | {
|
---|
266 | AssertPtrReturn(pCertificate, VERR_INVALID_POINTER);
|
---|
267 | AssertReturn(RTCrPkcs7Cert_IsPresent(pCertificate), VERR_INVALID_PARAMETER);
|
---|
268 | switch (pCertificate->enmChoice)
|
---|
269 | {
|
---|
270 | case RTCRPKCS7CERTCHOICE_X509:
|
---|
271 | return RTCrStoreCertAddX509(hStore, fFlags, pCertificate->u.pX509Cert, pErrInfo);
|
---|
272 |
|
---|
273 | case RTCRPKCS7CERTCHOICE_EXTENDED_PKCS6:
|
---|
274 | return RTErrInfoSetF(pErrInfo, VERR_NOT_IMPLEMENTED, "RTCrStoreCertAddPkcs7 does not implement EXTENDED_PKCS6");
|
---|
275 | case RTCRPKCS7CERTCHOICE_AC_V1:
|
---|
276 | return RTErrInfoSetF(pErrInfo, VERR_NOT_IMPLEMENTED, "RTCrStoreCertAddPkcs7 does not implement AC_V1");
|
---|
277 | case RTCRPKCS7CERTCHOICE_AC_V2:
|
---|
278 | return RTErrInfoSetF(pErrInfo, VERR_NOT_IMPLEMENTED, "RTCrStoreCertAddPkcs7 does not implement AC_V2");
|
---|
279 | case RTCRPKCS7CERTCHOICE_OTHER:
|
---|
280 | return RTErrInfoSetF(pErrInfo, VERR_NOT_IMPLEMENTED, "RTCrStoreCertAddPkcs7 does not implement OTHER");
|
---|
281 | case RTCRPKCS7CERTCHOICE_END:
|
---|
282 | case RTCRPKCS7CERTCHOICE_INVALID:
|
---|
283 | case RTCRPKCS7CERTCHOICE_32BIT_HACK:
|
---|
284 | break;
|
---|
285 | /* no default */
|
---|
286 | }
|
---|
287 | return RTErrInfoSetF(pErrInfo, VERR_INVALID_PARAMETER, "Invalid RTCRPKCS7CERT enmChoice value: %d", pCertificate->enmChoice);
|
---|
288 | }
|
---|
289 |
|
---|
290 |
|
---|
291 | /*
|
---|
292 | * Searching.
|
---|
293 | * Searching.
|
---|
294 | * Searching.
|
---|
295 | */
|
---|
296 |
|
---|
297 | RTDECL(int) RTCrStoreCertFindAll(RTCRSTORE hStore, PRTCRSTORECERTSEARCH pSearch)
|
---|
298 | {
|
---|
299 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
300 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
301 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
302 | AssertPtrReturn(pSearch, VERR_INVALID_POINTER);
|
---|
303 |
|
---|
304 | return pThis->pProvider->pfnCertFindAll(pThis->pvProvider, pSearch);
|
---|
305 | }
|
---|
306 |
|
---|
307 |
|
---|
308 | /** Indicator for RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280 searches
|
---|
309 | * implemented by this front-end code. */
|
---|
310 | #define RTCRSTORECERTSEARCH_BY_SUBECT_OR_ALT_SUBJECT_BY_RFC5280 UINT32_C(0x5be9145d)
|
---|
311 |
|
---|
312 | RTDECL(int) RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280(RTCRSTORE hStore, PCRTCRX509NAME pSubject,
|
---|
313 | PRTCRSTORECERTSEARCH pSearch)
|
---|
314 | {
|
---|
315 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
316 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
317 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
318 | AssertPtrReturn(pSearch, VERR_INVALID_POINTER);
|
---|
319 |
|
---|
320 | int rc = pThis->pProvider->pfnCertFindAll(pThis->pvProvider, pSearch);
|
---|
321 | if (RT_SUCCESS(rc))
|
---|
322 | {
|
---|
323 | pSearch->auOpaque[2] = RTCRSTORECERTSEARCH_BY_SUBECT_OR_ALT_SUBJECT_BY_RFC5280;
|
---|
324 | pSearch->auOpaque[3] = (uintptr_t)pSubject;
|
---|
325 | }
|
---|
326 | return rc;
|
---|
327 | }
|
---|
328 |
|
---|
329 |
|
---|
330 | RTDECL(PCRTCRCERTCTX) RTCrStoreCertSearchNext(RTCRSTORE hStore, PRTCRSTORECERTSEARCH pSearch)
|
---|
331 | {
|
---|
332 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
333 | AssertPtrReturn(pThis, NULL);
|
---|
334 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, NULL);
|
---|
335 | AssertPtrReturn(pSearch, NULL);
|
---|
336 |
|
---|
337 | PCRTCRCERTCTX pRet;
|
---|
338 | switch (pSearch->auOpaque[2])
|
---|
339 | {
|
---|
340 | default:
|
---|
341 | pRet = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, pSearch);
|
---|
342 | break;
|
---|
343 |
|
---|
344 | case RTCRSTORECERTSEARCH_BY_SUBECT_OR_ALT_SUBJECT_BY_RFC5280:
|
---|
345 | {
|
---|
346 | PCRTCRX509NAME pSubject = (PCRTCRX509NAME)pSearch->auOpaque[3];
|
---|
347 | AssertPtrReturn(pSubject, NULL);
|
---|
348 |
|
---|
349 | for (;;)
|
---|
350 | {
|
---|
351 | pRet = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, pSearch);
|
---|
352 | if (!pRet)
|
---|
353 | break;
|
---|
354 | if (pRet->pCert)
|
---|
355 | {
|
---|
356 | if (RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280(pRet->pCert, pSubject))
|
---|
357 | break;
|
---|
358 | }
|
---|
359 | else if (pRet->pTaInfo)
|
---|
360 | {
|
---|
361 | if ( RTCrTafCertPathControls_IsPresent(&pRet->pTaInfo->CertPath)
|
---|
362 | && RTCrX509Name_MatchByRfc5280(&pRet->pTaInfo->CertPath.TaName, pSubject))
|
---|
363 | break;
|
---|
364 | }
|
---|
365 | RTCrCertCtxRelease(pRet);
|
---|
366 | }
|
---|
367 | break;
|
---|
368 | }
|
---|
369 | }
|
---|
370 | return pRet;
|
---|
371 | }
|
---|
372 |
|
---|
373 |
|
---|
374 | RTDECL(int) RTCrStoreCertSearchDestroy(RTCRSTORE hStore, PRTCRSTORECERTSEARCH pSearch)
|
---|
375 | {
|
---|
376 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
377 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
378 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
379 | if (pSearch)
|
---|
380 | {
|
---|
381 | AssertPtrReturn(pSearch, VERR_INVALID_POINTER);
|
---|
382 | pThis->pProvider->pfnCertSearchDestroy(pThis->pvProvider, pSearch);
|
---|
383 | }
|
---|
384 | return VINF_SUCCESS;
|
---|
385 | }
|
---|
386 |
|
---|
387 |
|
---|
388 |
|
---|
389 | RTDECL(uint32_t) RTCrStoreCertCount(RTCRSTORE hStore)
|
---|
390 | {
|
---|
391 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
392 | AssertPtrReturn(pThis, UINT32_MAX);
|
---|
393 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, UINT32_MAX);
|
---|
394 |
|
---|
395 | RTCRSTORECERTSEARCH Search;
|
---|
396 | int rc = pThis->pProvider->pfnCertFindAll(pThis->pvProvider, &Search);
|
---|
397 | AssertRCReturn(rc, UINT32_MAX);
|
---|
398 |
|
---|
399 |
|
---|
400 | uint32_t cCerts = 0;
|
---|
401 | PCRTCRCERTCTX pCur;
|
---|
402 | while ((pCur = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, &Search)) != NULL)
|
---|
403 | {
|
---|
404 | RTCrCertCtxRelease(pCur);
|
---|
405 | cCerts++;
|
---|
406 | }
|
---|
407 |
|
---|
408 | return cCerts;
|
---|
409 | }
|
---|
410 |
|
---|
411 |
|
---|
412 | #ifdef IPRT_WITH_OPENSSL
|
---|
413 | /*
|
---|
414 | * OpenSSL helper.
|
---|
415 | * OpenSSL helper.
|
---|
416 | * OpenSSL helper.
|
---|
417 | */
|
---|
418 |
|
---|
419 | RTDECL(int) RTCrStoreConvertToOpenSslCertStore(RTCRSTORE hStore, uint32_t fFlags, void **ppvOpenSslStore, PRTERRINFO pErrInfo)
|
---|
420 | {
|
---|
421 | RT_NOREF(pErrInfo);
|
---|
422 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
423 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
424 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
425 | RT_NOREF_PV(fFlags);
|
---|
426 |
|
---|
427 | /*
|
---|
428 | * Use the pfnCertFindAll method to add all certificates to the store we're returning.
|
---|
429 | */
|
---|
430 | int rc;
|
---|
431 | X509_STORE *pOsslStore = X509_STORE_new();
|
---|
432 | if (pOsslStore)
|
---|
433 | {
|
---|
434 | RTCRSTORECERTSEARCH Search;
|
---|
435 | rc = pThis->pProvider->pfnCertFindAll(pThis->pvProvider, &Search);
|
---|
436 | if (RT_SUCCESS(rc))
|
---|
437 | {
|
---|
438 | do
|
---|
439 | {
|
---|
440 | PCRTCRCERTCTX pCertCtx = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, &Search);
|
---|
441 | if (!pCertCtx)
|
---|
442 | break;
|
---|
443 |
|
---|
444 | if ( (pCertCtx->fFlags & RTCRCERTCTX_F_ENC_MASK) == RTCRCERTCTX_F_ENC_X509_DER
|
---|
445 | && pCertCtx->cbEncoded > 0)
|
---|
446 | {
|
---|
447 | X509 *pOsslCert = NULL;
|
---|
448 | const unsigned char *pabEncoded = (const unsigned char *)pCertCtx->pabEncoded;
|
---|
449 | if (d2i_X509(&pOsslCert, &pabEncoded, pCertCtx->cbEncoded) == pOsslCert && pOsslCert != NULL)
|
---|
450 | {
|
---|
451 | if (!X509_STORE_add_cert(pOsslStore, pOsslCert))
|
---|
452 | rc = VERR_NO_MEMORY;
|
---|
453 | X509_free(pOsslCert);
|
---|
454 | }
|
---|
455 | }
|
---|
456 |
|
---|
457 | RTCrCertCtxRelease(pCertCtx);
|
---|
458 | } while (RT_SUCCESS(rc));
|
---|
459 |
|
---|
460 | pThis->pProvider->pfnCertSearchDestroy(pThis->pvProvider, &Search);
|
---|
461 | if (RT_SUCCESS(rc))
|
---|
462 | {
|
---|
463 | *ppvOpenSslStore = pOsslStore;
|
---|
464 | return VINF_SUCCESS;
|
---|
465 | }
|
---|
466 | }
|
---|
467 | X509_STORE_free(pOsslStore);
|
---|
468 | }
|
---|
469 | else
|
---|
470 | rc = VERR_NO_MEMORY;
|
---|
471 | return rc;
|
---|
472 | }
|
---|
473 |
|
---|
474 |
|
---|
475 | RTDECL(int) RTCrStoreConvertToOpenSslCertStack(RTCRSTORE hStore, uint32_t fFlags, void **ppvOpenSslStack, PRTERRINFO pErrInfo)
|
---|
476 | {
|
---|
477 | RT_NOREF(pErrInfo);
|
---|
478 | PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
|
---|
479 | AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
|
---|
480 | AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
|
---|
481 | RT_NOREF_PV(fFlags);
|
---|
482 |
|
---|
483 | /*
|
---|
484 | * Use the pfnCertFindAll method to add all certificates to the store we're returning.
|
---|
485 | */
|
---|
486 | int rc;
|
---|
487 | STACK_OF(X509) *pOsslStack = sk_X509_new_null();
|
---|
488 | if (pOsslStack)
|
---|
489 | {
|
---|
490 | RTCRSTORECERTSEARCH Search;
|
---|
491 | rc = pThis->pProvider->pfnCertFindAll(pThis->pvProvider, &Search);
|
---|
492 | if (RT_SUCCESS(rc))
|
---|
493 | {
|
---|
494 | do
|
---|
495 | {
|
---|
496 | PCRTCRCERTCTX pCertCtx = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, &Search);
|
---|
497 | if (!pCertCtx)
|
---|
498 | break;
|
---|
499 |
|
---|
500 | if ( (pCertCtx->fFlags & RTCRCERTCTX_F_ENC_MASK) == RTCRCERTCTX_F_ENC_X509_DER
|
---|
501 | && pCertCtx->cbEncoded > 0)
|
---|
502 | {
|
---|
503 | X509 *pOsslCert = NULL;
|
---|
504 | const unsigned char *pabEncoded = (const unsigned char *)pCertCtx->pabEncoded;
|
---|
505 | if (d2i_X509(&pOsslCert, &pabEncoded, pCertCtx->cbEncoded) == pOsslCert && pOsslCert != NULL)
|
---|
506 | {
|
---|
507 | if (!sk_X509_push(pOsslStack, pOsslCert))
|
---|
508 | {
|
---|
509 | rc = VERR_NO_MEMORY;
|
---|
510 | X509_free(pOsslCert);
|
---|
511 | }
|
---|
512 | }
|
---|
513 | }
|
---|
514 |
|
---|
515 | RTCrCertCtxRelease(pCertCtx);
|
---|
516 | } while (RT_SUCCESS(rc));
|
---|
517 |
|
---|
518 | pThis->pProvider->pfnCertSearchDestroy(pThis->pvProvider, &Search);
|
---|
519 | if (RT_SUCCESS(rc))
|
---|
520 | {
|
---|
521 | *ppvOpenSslStack = pOsslStack;
|
---|
522 | return VINF_SUCCESS;
|
---|
523 | }
|
---|
524 | }
|
---|
525 | #include "internal/openssl-pre.h" /* Need to disable C5039 warning here. */
|
---|
526 | sk_X509_pop_free(pOsslStack, X509_free);
|
---|
527 | #include "internal/openssl-post.h"
|
---|
528 | }
|
---|
529 | else
|
---|
530 | rc = VERR_NO_MEMORY;
|
---|
531 | return rc;
|
---|
532 | }
|
---|
533 |
|
---|
534 | #endif /* IPRT_WITH_OPENSSL */
|
---|
535 |
|
---|
536 |
|
---|
537 | /*
|
---|
538 | * Certificate context.
|
---|
539 | * Certificate context.
|
---|
540 | * Certificate context.
|
---|
541 | */
|
---|
542 |
|
---|
543 |
|
---|
544 | RTDECL(uint32_t) RTCrCertCtxRetain(PCRTCRCERTCTX pCertCtx)
|
---|
545 | {
|
---|
546 | AssertPtrReturn(pCertCtx, UINT32_MAX);
|
---|
547 | PRTCRCERTCTXINT pThis = RT_FROM_MEMBER(pCertCtx, RTCRCERTCTXINT, Public);
|
---|
548 | AssertReturn(pThis->u32Magic == RTCRCERTCTXINT_MAGIC, UINT32_MAX);
|
---|
549 | uint32_t cRet = ASMAtomicIncU32(&pThis->cRefs);
|
---|
550 | Assert(cRet < 64);
|
---|
551 | return cRet;
|
---|
552 | }
|
---|
553 |
|
---|
554 |
|
---|
555 | RTDECL(uint32_t) RTCrCertCtxRelease(PCRTCRCERTCTX pCertCtx)
|
---|
556 | {
|
---|
557 | if (!pCertCtx)
|
---|
558 | return 0;
|
---|
559 |
|
---|
560 | AssertPtrReturn(pCertCtx, UINT32_MAX);
|
---|
561 | PRTCRCERTCTXINT pThis = RT_FROM_MEMBER(pCertCtx, RTCRCERTCTXINT, Public);
|
---|
562 | AssertReturn(pThis->u32Magic == RTCRCERTCTXINT_MAGIC, UINT32_MAX);
|
---|
563 | uint32_t cRet = ASMAtomicDecU32(&pThis->cRefs);
|
---|
564 | if (!cRet)
|
---|
565 | {
|
---|
566 | ASMAtomicWriteU32(&pThis->u32Magic, RTCRCERTCTXINT_MAGIC_DEAD);
|
---|
567 | pThis->pfnDtor(pThis);
|
---|
568 | }
|
---|
569 | return cRet;
|
---|
570 | }
|
---|
571 |
|
---|