VirtualBox

Changeset 95681 in vbox


Ignore:
Timestamp:
Jul 17, 2022 6:39:27 PM (3 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
152331
Message:

IPRT/RTCrStoreCreateSnapshotById: Added two more store IDs for intermediate CAs so RTSignTool can search these when signing, only implemented for windows. Fixed an incorrect handle check in worker (windows). bugref:8691

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/iprt/crypto/store.h

    r93115 r95681  
    133133     * and certificates. */
    134134    RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES,
     135    /** Open the certificate store of the current user containing intermediate CAs.
     136     * @remarks This may or may not include all the certificates in the system
     137     *          store, that's host dependent.  So, you better look in both. */
     138    RTCRSTOREID_USER_INTERMEDIATE_CAS,
     139    /** Open the certificate store of the system containg intermediate CAs. */
     140    RTCRSTOREID_SYSTEM_INTERMEDIATE_CAS,
    135141    /** End of valid values. */
    136142    RTCRSTOREID_END,
     
    146152 *
    147153 * @returns IPRT status code.
    148  * @retval  VWRN_ALREADY_EXISTS if the certificate is already present and
    149  *          RTCRCERTCTX_F_ADD_IF_NOT_FOUND was specified.
    150154 * @param   phStore             Where to return the store handle. Use
    151155 *                              RTCrStoreRelease to release it.

  • trunk/src/VBox/Runtime/r3/win/RTCrStoreCreateSnapshotById-win.cpp

    r93115 r95681  
    5757    HCERTSTORE hNativeStore = pfnOpenStore(CERT_STORE_PROV_SYSTEM_W, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
    5858                                           NULL /* hCryptProv = default */, fStore | fOpenStore, pwszStoreName);
    59     if (hStore)
     59    if (hNativeStore)
    6060    {
    6161        PCCERT_CONTEXT pCurCtx = NULL;
     
    137137                 * Do the work.
    138138                 */
     139                DWORD fStore = CERT_SYSTEM_STORE_CURRENT_USER;
    139140                switch (enmStoreId)
    140141                {
     142                    case RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES:
     143                    case RTCRSTOREID_SYSTEM_INTERMEDIATE_CAS:
     144                        fStore = CERT_SYSTEM_STORE_LOCAL_MACHINE;
     145                        RT_FALL_THRU();
    141146                    case RTCRSTOREID_USER_TRUSTED_CAS_AND_CERTIFICATES:
    142                     case RTCRSTOREID_SYSTEM_TRUSTED_CAS_AND_CERTIFICATES:
     147                    case RTCRSTOREID_USER_INTERMEDIATE_CAS:
    143148                    {
    144                         DWORD fStore = enmStoreId == RTCRSTOREID_USER_TRUSTED_CAS_AND_CERTIFICATES
    145                                      ? CERT_SYSTEM_STORE_CURRENT_USER : CERT_SYSTEM_STORE_LOCAL_MACHINE;
    146                         static PCRTUTF16 const s_apwszStores[] =  { L"AuthRoot", L"CA", L"MY", L"Root" };
    147                         for (uint32_t i = 0; i < RT_ELEMENTS(s_apwszStores); i++)
    148                             rc = rtCrStoreAddCertsFromNative(hStore, fStore, s_apwszStores[i], pfnOpenStore, pfnCloseStore,
     149                        /** @todo CA and MY in s_apwszRootStores are _very_ questionable!!! However,
     150                         * curl may need them  to work correct and it doesn't seem to have any
     151                         * intermediate ca file. :/ */
     152                        static PCRTUTF16 const s_apwszRootStores[] = { L"AuthRoot", L"CA", L"MY", L"Root" };
     153                        static PCRTUTF16 const s_apwszIntermediateStores[] = { L"CA", L"MY" };
     154                        PCRTUTF16 const *papwszStores = s_apwszRootStores;
     155                        uint32_t         cStores      = RT_ELEMENTS(s_apwszRootStores);
     156                        if (enmStoreId == RTCRSTOREID_USER_INTERMEDIATE_CAS || enmStoreId == RTCRSTOREID_SYSTEM_INTERMEDIATE_CAS)
     157                        {
     158                            papwszStores = s_apwszIntermediateStores;
     159                            cStores      = RT_ELEMENTS(s_apwszIntermediateStores);
     160                        }
     161
     162                        for (uint32_t i = 0; i < cStores; i++)
     163                            rc = rtCrStoreAddCertsFromNative(hStore, fStore, papwszStores[i], pfnOpenStore, pfnCloseStore,
    149164                                                             pfnEnumCerts, rc, pErrInfo);
    150165                        break;
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette