1 | /* $Id: RTCrStoreCreateSnapshotById-generic.cpp 76553 2019-01-01 01:45:53Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * IPRT - Generic RTCrStoreCreateSnapshotById implementation.
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2006-2019 Oracle Corporation
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox Open Source Edition (OSE), as
|
---|
10 | * available from http://www.virtualbox.org. This file is free software;
|
---|
11 | * you can redistribute it and/or modify it under the terms of the GNU
|
---|
12 | * General Public License (GPL) as published by the Free Software
|
---|
13 | * Foundation, in version 2 as it comes in the "COPYING" file of the
|
---|
14 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
|
---|
15 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
|
---|
16 | *
|
---|
17 | * The contents of this file may alternatively be used under the terms
|
---|
18 | * of the Common Development and Distribution License Version 1.0
|
---|
19 | * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
|
---|
20 | * VirtualBox OSE distribution, in which case the provisions of the
|
---|
21 | * CDDL are applicable instead of those of the GPL.
|
---|
22 | *
|
---|
23 | * You may elect to license modified versions of this file under the
|
---|
24 | * terms and conditions of either the GPL or the CDDL or both.
|
---|
25 | */
|
---|
26 |
|
---|
27 |
|
---|
28 | /*********************************************************************************************************************************
|
---|
29 | * Header Files *
|
---|
30 | *********************************************************************************************************************************/
|
---|
31 | #include <iprt/crypto/store.h>
|
---|
32 | #include "internal/iprt.h"
|
---|
33 |
|
---|
34 | #include <iprt/assert.h>
|
---|
35 | #include <iprt/errcore.h>
|
---|
36 | #include <iprt/file.h>
|
---|
37 | #include <iprt/dir.h>
|
---|
38 |
|
---|
39 |
|
---|
40 | /*********************************************************************************************************************************
|
---|
41 | * Defined Constants And Macros *
|
---|
42 | *********************************************************************************************************************************/
|
---|
43 | /** Unix root prefix. */
|
---|
44 | #ifdef RT_OS_OS2
|
---|
45 | # define UNIX_ROOT "/@unixroot@"
|
---|
46 | #elif defined(RT_OS_WINDOWS)
|
---|
47 | # define UNIX_ROOT "C:/cygwin"
|
---|
48 | #else
|
---|
49 | # define UNIX_ROOT
|
---|
50 | #endif
|
---|
51 |
|
---|
52 |
|
---|
53 | /*********************************************************************************************************************************
|
---|
54 | * Global Variables *
|
---|
55 | *********************************************************************************************************************************/
|
---|
56 | /** System PEM files worth looking at.
|
---|
57 | * @remarks Several of these could be symlinks to one of the others.
|
---|
58 | */
|
---|
59 | static const char *g_apszSystemPemFiles[] =
|
---|
60 | {
|
---|
61 | UNIX_ROOT "/etc/ssl/certs/ca-certificates.crt",
|
---|
62 | UNIX_ROOT "/etc/ssl/cert.pem",
|
---|
63 | UNIX_ROOT "/etc/ca-certificates/extracted/tls-ca-bundle.pem", /* Arch linux (ca 2015-08-xx) */
|
---|
64 | UNIX_ROOT "/etc/ca-certificates/extracted/email-ca-bundle.pem",
|
---|
65 | UNIX_ROOT "/etc/ca-certificates/extracted/objsign-ca-bundle.pem",
|
---|
66 | UNIX_ROOT "/etc/ca-certificates/extracted/ca-bundle.trust.crt",
|
---|
67 | UNIX_ROOT "/etc/ca-certificates/extracted/ca-bundle.trust.crt",
|
---|
68 | UNIX_ROOT "/etc/pki/tls/certs/ca-bundle.crt", /* Oracle Linux 5 */
|
---|
69 | UNIX_ROOT "/etc/pki/tls/cert.pem",
|
---|
70 | UNIX_ROOT "/etc/certs/ca-certificates.crt", /* Solaris 11 */
|
---|
71 | UNIX_ROOT "/etc/curl/curlCA",
|
---|
72 | };
|
---|
73 |
|
---|
74 | /**
|
---|
75 | * System directories containing lots of pem/crt files.
|
---|
76 | */
|
---|
77 | static const char *g_apszSystemPemDirs[] =
|
---|
78 | {
|
---|
79 | UNIX_ROOT "/etc/openssl/certs/",
|
---|
80 | UNIX_ROOT "/etc/ssl/certs/",
|
---|
81 | UNIX_ROOT "/etc/ca-certificates/extracted/cadir/",
|
---|
82 | UNIX_ROOT "/etc/certs/CA/", /* Solaris 11 */
|
---|
83 | };
|
---|
84 |
|
---|
85 |
|
---|
86 | RTDECL(int) RTCrStoreCreateSnapshotById(PRTCRSTORE phStore, RTCRSTOREID enmStoreId, PRTERRINFO pErrInfo)
|
---|
87 | {
|
---|
88 | AssertReturn(enmStoreId > RTCRSTOREID_INVALID && enmStoreId < RTCRSTOREID_END, VERR_INVALID_PARAMETER);
|
---|
89 |
|
---|
90 | /*
|
---|
91 | * Create an empty in-memory store.
|
---|
92 | */
|
---|
93 | RTCRSTORE hStore;
|
---|
94 | uint32_t cExpected = enmStoreId == RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES ? 256 : 0;
|
---|
95 | int rc = RTCrStoreCreateInMem(&hStore, cExpected);
|
---|
96 | if (RT_SUCCESS(rc))
|
---|
97 | {
|
---|
98 | *phStore = hStore;
|
---|
99 |
|
---|
100 | /*
|
---|
101 | * Add system certificates if part of the given store ID.
|
---|
102 | */
|
---|
103 | bool fFound = false;
|
---|
104 | rc = VINF_SUCCESS;
|
---|
105 | if (enmStoreId == RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES)
|
---|
106 | {
|
---|
107 | for (uint32_t i = 0; i < RT_ELEMENTS(g_apszSystemPemFiles); i++)
|
---|
108 | if (RTFileExists(g_apszSystemPemFiles[i]))
|
---|
109 | {
|
---|
110 | fFound = true;
|
---|
111 | int rc2 = RTCrStoreCertAddFromFile(hStore,
|
---|
112 | RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
|
---|
113 | g_apszSystemPemFiles[i], pErrInfo);
|
---|
114 | if (RT_FAILURE(rc2))
|
---|
115 | rc = -rc2;
|
---|
116 | }
|
---|
117 |
|
---|
118 | /*
|
---|
119 | * If we didn't find any of the certificate collection files, go hunting
|
---|
120 | * for directories containing PEM/CRT files with single certificates.
|
---|
121 | */
|
---|
122 | if (!fFound)
|
---|
123 | for (uint32_t i = 0; i < RT_ELEMENTS(g_apszSystemPemDirs); i++)
|
---|
124 | if (RTDirExists(g_apszSystemPemDirs[i]))
|
---|
125 | {
|
---|
126 | static RTSTRTUPLE const s_aSuffixes[] =
|
---|
127 | {
|
---|
128 | { RT_STR_TUPLE(".crt") },
|
---|
129 | { RT_STR_TUPLE(".pem") },
|
---|
130 | { RT_STR_TUPLE(".PEM") },
|
---|
131 | { RT_STR_TUPLE(".CRT") },
|
---|
132 | };
|
---|
133 | fFound = true;
|
---|
134 | int rc2 = RTCrStoreCertAddFromDir(hStore,
|
---|
135 | RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
|
---|
136 | g_apszSystemPemDirs[i], &s_aSuffixes[0], RT_ELEMENTS(s_aSuffixes),
|
---|
137 | pErrInfo);
|
---|
138 | if (RT_FAILURE(rc2))
|
---|
139 | rc = -rc2;
|
---|
140 | }
|
---|
141 | }
|
---|
142 | }
|
---|
143 | else
|
---|
144 | RTErrInfoAdd(pErrInfo, rc, " RTCrStoreCreateInMem failed");
|
---|
145 | return rc;
|
---|
146 | }
|
---|
147 | RT_EXPORT_SYMBOL(RTCrStoreCreateSnapshotById);
|
---|
148 |
|
---|