VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/RTCrStoreCertAddWantedFromFishingExpedition.cpp@ 77544

Last change on this file since 77544 was 76553, checked in by vboxsync, 6 years ago

scm --update-copyright-year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 9.7 KB
Line 
1/* $Id: RTCrStoreCertAddWantedFromFishingExpedition.cpp 76553 2019-01-01 01:45:53Z vboxsync $ */
2/** @file
3 * IPRT - Cryptographic (Certificate) Store, RTCrStoreCertAddFromFishingExpedition.
4 */
5
6/*
7 * Copyright (C) 2006-2019 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/crypto/store.h>
33
34#include <iprt/assert.h>
35#include <iprt/err.h>
36#include <iprt/mem.h>
37#include <iprt/path.h>
38
39#include "x509-internal.h"
40
41
42/*********************************************************************************************************************************
43* Defined Constants And Macros *
44*********************************************************************************************************************************/
45#ifdef RT_OS_WINDOWS
46# define PREFIX_UNIXROOT "${SystemDrive}/cygwin"
47#elif defined(RT_OS_OS2)
48# define PREFIX_UNIXROOT "/@unixroot@"
49#else
50# define PREFIX_UNIXROOT
51#endif
52
53
54/**
55 * Count the number of found certificates.
56 *
57 * @returns Number found.
58 * @param afFound Indicator array.
59 * @param cWanted Number of wanted certificates.
60 */
61DECLINLINE(size_t) rtCrStoreCountFound(bool const *afFound, size_t cWanted)
62{
63 size_t cFound = 0;
64 while (cWanted-- > 0)
65 if (afFound[cWanted])
66 cFound++;
67 return cFound;
68}
69
70
71RTDECL(int) RTCrStoreCertAddWantedFromFishingExpedition(RTCRSTORE hStore, uint32_t fFlags,
72 PCRTCRCERTWANTED paWanted, size_t cWanted,
73 bool *pafFound, PRTERRINFO pErrInfo)
74{
75 int rc = VINF_SUCCESS;
76 int rc2;
77
78 /*
79 * Validate input.
80 */
81 AssertReturn(!(fFlags & ~(RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR)), VERR_INVALID_FLAGS);
82 fFlags |= RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR; /* force these! */
83 AssertReturn(cWanted, VERR_NOT_FOUND);
84 for (uint32_t i = 0; i < cWanted; i++)
85 {
86 AssertReturn(!paWanted[i].pszSubject || *paWanted[i].pszSubject, VERR_INVALID_PARAMETER);
87 AssertReturn( paWanted[i].pszSubject
88 || paWanted[i].fSha1Fingerprint
89 || paWanted[i].fSha512Fingerprint,
90 VERR_INVALID_PARAMETER);
91 }
92
93 /*
94 * Make sure we've got a result array.
95 */
96 bool *pafFoundFree = NULL;
97 if (!pafFound)
98 {
99 pafFound = pafFoundFree = (bool *)RTMemTmpAllocZ(sizeof(bool) * cWanted);
100 AssertReturn(pafFound, VERR_NO_TMP_MEMORY);
101 }
102
103 /*
104 * Search the user and system stores first.
105 */
106 bool fAllFound = false;
107 RTCRSTORE hTmpStore;
108 for (int iStoreId = RTCRSTOREID_INVALID + 1; iStoreId < RTCRSTOREID_END; iStoreId++)
109 {
110 rc2 = RTCrStoreCreateSnapshotById(&hTmpStore, (RTCRSTOREID)iStoreId, NULL);
111 if (RT_SUCCESS(rc2))
112 {
113 rc2 = RTCrStoreCertAddWantedFromStore(hStore, fFlags, hTmpStore, paWanted, cWanted, pafFound);
114 RTCrStoreRelease(hTmpStore);
115 fAllFound = rc2 == VINF_SUCCESS;
116 if (fAllFound)
117 break;
118 }
119 }
120
121 /*
122 * Search alternative file based stores.
123 */
124 if (!fAllFound)
125 {
126 static const char * const s_apszFiles[] =
127 {
128 PREFIX_UNIXROOT "/usr/share/ca-certificates/trust-source/mozilla.neutral-trust.crt",
129 PREFIX_UNIXROOT "/usr/share/ca-certificates/trust-source/mozilla.trust.crt",
130 PREFIX_UNIXROOT "/usr/share/doc/mutt/samples/ca-bundle.crt",
131 PREFIX_UNIXROOT "/usr/jdk/latest/jre/lib/security/cacerts",
132 PREFIX_UNIXROOT "/usr/share/curl/curl-ca-bundle.crt",
133#ifdef RT_OS_DARWIN
134 "/opt/local/share/curl/curl-ca-bundle.crt",
135 "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts",
136 "/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts",
137 "/System/Library/Java/Support/CoreDeploy.bundle/Contents/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts",
138 "/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts",
139 "/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/MacOS/itms/java/lib/security/cacerts",
140 "/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/java/lib/security/cacerts",
141 "/Applications/Xcode-beta.app/Contents/Applications/Application Loader.app/Contents/itms/java/lib/security/cacerts",
142 "/System/Library/Java/JavaVirtualMachines/*/Contents/Home/lib/security/cacerts",
143#endif
144#ifdef RT_OS_LINUX
145 PREFIX_UNIXROOT "/etc/ssl/certs/java/cacerts",
146 PREFIX_UNIXROOT "/usr/lib/j*/*/jre/lib/security/cacerts",
147 PREFIX_UNIXROOT "/opt/*/jre/lib/security/cacerts",
148#endif
149#ifdef RT_OS_SOLARIS
150 PREFIX_UNIXROOT "/usr/java/jre/lib/security/cacerts",
151 PREFIX_UNIXROOT "/usr/jdk/instances/*/jre/lib/security/cacerts",
152#endif
153#ifdef RT_OS_WINDOWS
154 "${AllProgramFiles}/Git/bin/curl-ca-bundle.crt",
155 "${AllProgramFiles}/Mercurial/hgrc.d/cacert.pem",
156 "${AllProgramFiles}/Java/jre*/lib/security/cacerts",
157 "${AllProgramFiles}/Java/jdk*/jre/lib/security/cacerts",
158 "${AllProgramFiles}/HexChat/cert.pem",
159 "${SystemDrive}/BitNami/*/git/bin/curl-ca-bundle.crt",
160 "${SystemDrive}/BitNami/*/heroku/data/cacert.pem",
161 "${SystemDrive}/BitNami/*/heroku/vendor/gems/excon*/data/cacert.pem",
162 "${SystemDrive}/BitNami/*/php/PEAR/AWSSDKforPHP/lib/requstcore/cacert.pem",
163#endif
164 };
165 for (uint32_t i = 0; i < RT_ELEMENTS(s_apszFiles) && !fAllFound; i++)
166 {
167 PCRTPATHGLOBENTRY pResultHead;
168 rc2 = RTPathGlob(s_apszFiles[i], RTPATHGLOB_F_NO_DIRS, &pResultHead, NULL);
169 if (RT_SUCCESS(rc2))
170 {
171 for (PCRTPATHGLOBENTRY pCur = pResultHead; pCur; pCur = pCur->pNext)
172 {
173 rc2 = RTCrStoreCertAddWantedFromFile(hStore, fFlags, pCur->szPath, paWanted, cWanted, pafFound, pErrInfo);
174 fAllFound = rc2 == VINF_SUCCESS;
175 if (fAllFound)
176 break;
177 }
178 RTPathGlobFree(pResultHead);
179 }
180 }
181 }
182
183 /*
184 * Search alternative directory based stores.
185 */
186 if (!fAllFound)
187 {
188 static const char * const s_apszFiles[] =
189 {
190 PREFIX_UNIXROOT "/usr/share/ca-certificates/mozilla/",
191#ifdef RT_OS_DARWIN
192 "/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/ssl_certs/",
193#endif
194#ifdef RT_OS_SOLARIS
195 "/etc/certs/",
196 "/etc/crypto/certs/",
197#endif
198#ifdef RT_OS_WINDOWS
199 "${AllProgramFiles}/Git/ssl/certs/",
200 "${AllProgramFiles}/Git/ssl/certs/expired/",
201 "${AllProgramFiles}/Common Files/Apple/Internet Services/security.resources/roots/",
202 "${AllProgramFiles}/Raptr/ca-certs/",
203 "${SystemDrive}/Bitname/*/git/ssl/certs/",
204 "${SystemDrive}/Bitnami/*/git/ssl/certs/expired/",
205#endif
206 };
207 for (uint32_t i = 0; i < RT_ELEMENTS(s_apszFiles) && !fAllFound; i++)
208 {
209 PCRTPATHGLOBENTRY pResultHead;
210 rc2 = RTPathGlob(s_apszFiles[i], RTPATHGLOB_F_ONLY_DIRS, &pResultHead, NULL);
211 if (RT_SUCCESS(rc2))
212 {
213 for (PCRTPATHGLOBENTRY pCur = pResultHead; pCur; pCur = pCur->pNext)
214 {
215 rc2 = RTCrStoreCertAddWantedFromDir(hStore, fFlags, pCur->szPath, NULL /*paSuffixes*/, 0 /*cSuffixes*/,
216 paWanted, cWanted, pafFound, pErrInfo);
217 fAllFound = rc2 == VINF_SUCCESS;
218 if (fAllFound)
219 break;
220 }
221 RTPathGlobFree(pResultHead);
222 }
223 }
224 }
225
226 /*
227 * If all found, return VINF_SUCCESS, otherwise warn that we didn't find everything.
228 */
229 if (RT_SUCCESS(rc))
230 {
231 size_t cFound = rtCrStoreCountFound(pafFound, cWanted);
232 Assert(cFound == cWanted || !fAllFound);
233 if (cFound == cWanted)
234 rc = VINF_SUCCESS;
235 else if (cFound > 0)
236 rc = VWRN_NOT_FOUND;
237 else
238 rc = VERR_NOT_FOUND;
239 }
240
241 if (pafFoundFree)
242 RTMemTmpFree(pafFoundFree);
243 return rc;
244}
245RT_EXPORT_SYMBOL(RTCrStoreCertAddWantedFromFishingExpedition);
246
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette