}
/* Hash is assumed to be 20 bytes in length (a SHA-1 hash) */
-static BOOL CRYPT_WriteSerializedToReg(HKEY key, const BYTE *hash, const BYTE *buf,
+static BOOL CRYPT_WriteSerializedToReg(HKEY key, DWORD flags, const BYTE *hash, const BYTE *buf,
DWORD len)
{
WCHAR asciiHash[20 * 2 + 1];
BOOL ret;
CRYPT_HashToStr(hash, asciiHash);
- rc = RegCreateKeyExW(key, asciiHash, 0, NULL, 0, KEY_ALL_ACCESS, NULL,
+ rc = RegCreateKeyExW(key, asciiHash, 0, NULL, flags, KEY_ALL_ACCESS, NULL,
&subKey, NULL);
if (!rc)
{
return ret;
}
-static BOOL CRYPT_SerializeContextsToReg(HKEY key,
+BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags,
const WINE_CONTEXT_INTERFACE *contextInterface, HCERTSTORE memStore)
{
const void *context = NULL;
{
ret = contextInterface->serialize(context, 0, buf, &size);
if (ret)
- ret = CRYPT_WriteSerializedToReg(key, hash, buf, size);
+ ret = CRYPT_WriteSerializedToReg(key, flags, hash, buf, size);
}
CryptMemFree(buf);
}
}
LeaveCriticalSection(&store->cs);
}
- ret = CRYPT_SerializeContextsToReg(key, interfaces[i],
- store->memStore);
+ ret = CRYPT_SerializeContextsToReg(key, 0, interfaces[i], store->memStore);
RegCloseKey(key);
}
else
return ret;
}
-static BOOL WINAPI CRYPT_RootWriteCert(HCERTSTORE hCertStore,
- PCCERT_CONTEXT cert, DWORD dwFlags)
-{
- /* The root store can't have certs added */
- return FALSE;
-}
-
-static BOOL WINAPI CRYPT_RootDeleteCert(HCERTSTORE hCertStore,
- PCCERT_CONTEXT cert, DWORD dwFlags)
-{
- /* The root store can't have certs deleted */
- return FALSE;
-}
-
-static BOOL WINAPI CRYPT_RootWriteCRL(HCERTSTORE hCertStore,
- PCCRL_CONTEXT crl, DWORD dwFlags)
-{
- /* The root store can have CRLs added. At worst, a malicious application
- * can DoS itself, as the changes aren't persisted in any way.
- */
- return TRUE;
-}
-
-static BOOL WINAPI CRYPT_RootDeleteCRL(HCERTSTORE hCertStore,
- PCCRL_CONTEXT crl, DWORD dwFlags)
-{
- /* The root store can't have CRLs deleted */
- return FALSE;
-}
-
-static void *rootProvFuncs[] = {
- NULL, /* CERT_STORE_PROV_CLOSE_FUNC */
- NULL, /* CERT_STORE_PROV_READ_CERT_FUNC */
- CRYPT_RootWriteCert,
- CRYPT_RootDeleteCert,
- NULL, /* CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC */
- NULL, /* CERT_STORE_PROV_READ_CRL_FUNC */
- CRYPT_RootWriteCRL,
- CRYPT_RootDeleteCRL,
- NULL, /* CERT_STORE_PROV_SET_CRL_PROPERTY_FUNC */
- NULL, /* CERT_STORE_PROV_READ_CTL_FUNC */
- NULL, /* CERT_STORE_PROV_WRITE_CTL_FUNC */
- NULL, /* CERT_STORE_PROV_DELETE_CTL_FUNC */
- NULL, /* CERT_STORE_PROV_SET_CTL_PROPERTY_FUNC */
- NULL, /* CERT_STORE_PROV_CONTROL_FUNC */
-};
-
static const char * const CRYPT_knownLocations[] = {
"/etc/ssl/certs/ca-certificates.crt",
"/etc/ssl/certs",
static HCERTSTORE create_root_store(void)
{
- HCERTSTORE root = NULL;
HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
if (memStore)
{
- CERT_STORE_PROV_INFO provInfo = {
- sizeof(CERT_STORE_PROV_INFO),
- sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]),
- rootProvFuncs,
- NULL,
- 0,
- NULL
- };
-
read_trusted_roots_from_known_locations(memStore);
add_ms_root_certs(memStore);
- root = CRYPT_ProvCreateStore(0, memStore, &provInfo);
-#ifdef __REACTOS__
- {
- HCERTSTORE regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"AuthRoot");
- if (regStore)
- {
- HCERTSTORE collStore = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
- CERT_STORE_CREATE_NEW_FLAG, NULL);
- CertAddStoreToCollection(collStore, regStore, 0, 0);
- CertAddStoreToCollection(collStore, root, 0, 0);
- root = collStore;
- }
- }
-#endif
}
- TRACE("returning %p\n", root);
- return root;
+
+ TRACE("returning %p\n", memStore);
+ return memStore;
}
-static WINECRYPT_CERTSTORE *CRYPT_rootStore;
+static const WCHAR certs_root_pathW[] =
+ {'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
+ 'S','y','s','t','e','m','C','e','r','t','i','f','i','c','a','t','e','s','\\',
+ 'R','o','o','t','\\', 'C','e','r','t','i','f','i','c','a','t','e','s', 0};
+static const WCHAR semaphoreW[] =
+ {'c','r','y','p','t','3','2','_','r','o','o','t','_','s','e','m','a','p','h','o','r','e',0};
-WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags)
+void CRYPT_ImportSystemRootCertsToReg(void)
{
- TRACE("(%ld, %08x)\n", hCryptProv, dwFlags);
+ HCERTSTORE store = NULL;
+ HKEY key;
+ LONG rc;
+ HANDLE hsem;
+
+ static BOOL root_certs_imported = FALSE;
+
+ if (root_certs_imported)
+ return;
- if (dwFlags & CERT_STORE_DELETE_FLAG)
+ hsem = CreateSemaphoreW( NULL, 0, 1, semaphoreW);
+ if (!hsem)
{
- WARN("root store can't be deleted\n");
- SetLastError(ERROR_ACCESS_DENIED);
- return NULL;
+ ERR("Failed to create semaphore\n");
+ return;
}
- if (!CRYPT_rootStore)
- {
- HCERTSTORE root = create_root_store();
- InterlockedCompareExchangePointer((PVOID *)&CRYPT_rootStore, root,
- NULL);
- if (CRYPT_rootStore != root)
- CertCloseStore(root, 0);
+ if(GetLastError() == ERROR_ALREADY_EXISTS)
+ WaitForSingleObject(hsem, INFINITE);
+ else
+ {
+ if ((store = create_root_store()))
+ {
+ rc = RegCreateKeyExW(HKEY_LOCAL_MACHINE, certs_root_pathW, 0, NULL, 0,
+ KEY_ALL_ACCESS, NULL, &key, 0);
+ if (!rc)
+ {
+ if (!CRYPT_SerializeContextsToReg(key, REG_OPTION_VOLATILE, pCertInterface, store))
+ ERR("Failed to import system certs into registry, %08x\n", GetLastError());
+ RegCloseKey(key);
+ }
+ CertCloseStore(store, 0);
+ } else
+ ERR("Failed to create root store\n");
}
- CRYPT_rootStore->vtbl->addref(CRYPT_rootStore);
- return CRYPT_rootStore;
-}
-void root_store_free(void)
-{
- CertCloseStore(CRYPT_rootStore, 0);
+ root_certs_imported = TRUE;
+ ReleaseSemaphore(hsem, 1, NULL);
+ CloseHandle(hsem);
}
SetLastError(E_INVALIDARG);
return NULL;
}
- /* FIXME: In Windows, the root store (even the current user location) is
- * protected: adding to it or removing from it present a user interface,
- * and the keys are owned by the system process, not the current user.
- * Wine's registry doesn't implement access controls, so a similar
- * mechanism isn't possible yet.
- */
- if ((dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) ==
- CERT_SYSTEM_STORE_LOCAL_MACHINE && !lstrcmpiW(storeName, rootW))
- return CRYPT_RootOpenStore(hCryptProv, dwFlags);
switch (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK)
{
case CERT_SYSTEM_STORE_LOCAL_MACHINE:
root = HKEY_LOCAL_MACHINE;
base = CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH;
+ /* If the HKLM\Root certs are requested, expressing system certs into the registry */
+ if (!lstrcmpiW(storeName, rootW))
+ CRYPT_ImportSystemRootCertsToReg();
break;
case CERT_SYSTEM_STORE_CURRENT_USER:
root = HKEY_CURRENT_USER;
return FALSE;
}
+BOOL WINAPI CertRegisterSystemStore(const void *pvSystemStore, DWORD dwFlags,
+ PCERT_SYSTEM_STORE_INFO pStoreInfo, void *pvReserved)
+{
+ HCERTSTORE hstore;
+
+ if (dwFlags & CERT_SYSTEM_STORE_RELOCATE_FLAG )
+ {
+ FIXME("(%p, %08x, %p, %p): flag not supported\n", pvSystemStore, dwFlags, pStoreInfo, pvReserved);
+ return FALSE;
+ }
+
+ TRACE("(%s, %08x, %p, %p)\n", debugstr_w(pvSystemStore), dwFlags, pStoreInfo, pvReserved);
+
+ hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, 0, dwFlags, pvSystemStore);
+ if (hstore)
+ {
+ CertCloseStore(hstore, 0);
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+BOOL WINAPI CertUnregisterSystemStore(void *pvSystemStore, DWORD dwFlags)
+{
+ HCERTSTORE hstore;
+
+ if (dwFlags & CERT_SYSTEM_STORE_RELOCATE_FLAG)
+ {
+ FIXME("(%p, %08x): flag not supported\n", pvSystemStore, dwFlags);
+ return FALSE;
+ }
+ TRACE("(%s, %08x)\n", debugstr_w(pvSystemStore), dwFlags);
+
+ hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, 0, dwFlags | CERT_STORE_OPEN_EXISTING_FLAG, pvSystemStore);
+ if (hstore == NULL)
+ return FALSE;
+
+ hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, 0, dwFlags | CERT_STORE_DELETE_FLAG, pvSystemStore);
+ if (hstore == NULL && GetLastError() == 0)
+ return TRUE;
+
+ return FALSE;
+}
+
static void EmptyStore_addref(WINECRYPT_CERTSTORE *store)
{
TRACE("(%p)\n", store);