OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/base/test_root_certs.h" | |
6 | |
7 #include <windows.h> | |
8 #include <wincrypt.h> | |
9 | |
10 #include "base/basictypes.h" | |
11 #include "base/lazy_instance.h" | |
12 #include "base/logging.h" | |
13 #include "net/base/x509_certificate.h" | |
14 | |
15 namespace net { | |
16 | |
17 namespace { | |
18 | |
19 BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider, | |
joth
2010/11/22 13:05:40
Maybe comment
// Provides a custom implementation
wtc
2010/11/23 00:30:11
Please add a comment to note that this is a
CertDl
| |
20 DWORD encoding, | |
21 HCRYPTPROV crypt_provider, | |
22 DWORD flags, | |
23 const void* extra, | |
24 HCERTSTORE memory_store, | |
25 PCERT_STORE_PROV_INFO store_info); | |
26 | |
27 // CryptoAPIInjector is used to inject a store provider function for system | |
28 // certificate stores before the one provided internally by Crypt32.dll. | |
29 // Once injected, there is no way to remove, so every call to open a system | |
30 // store will be redirected to the injected function. | |
31 class CryptoAPIInjector { | |
32 public: | |
33 // The previous default function for opening system stores. For most | |
34 // configurations, this should point to Crypt32's internal | |
35 // I_CertDllOpenSystemStoreProvW function. | |
36 PFN_CERT_DLL_OPEN_STORE_PROV_FUNC original_function; | |
joth
2010/11/22 13:05:40
make this private (with trailing _ ) and provide a
Ryan Sleevi
2010/12/03 03:28:06
Since this class is entirely internal to this impl
joth
2010/12/03 10:40:59
I was mostly just quoting the rule that on classes
| |
37 | |
38 private: | |
39 friend struct base::DefaultLazyInstanceTraits<CryptoAPIInjector>; | |
40 | |
41 CryptoAPIInjector() | |
42 : original_function(NULL), | |
43 original_handle_(NULL) { | |
44 HCRYPTOIDFUNCSET registered_functions = | |
45 CryptInitOIDFunctionSet(CRYPT_OID_OPEN_STORE_PROV_FUNC, 0); | |
46 | |
47 // Preserve the original handler function in |original_function|. If other | |
48 // functions are overridden, they will also need to be preserved. | |
49 BOOL ok = CryptGetOIDFunctionAddress( | |
50 registered_functions, 0, CERT_STORE_PROV_SYSTEM_W, 0, | |
51 reinterpret_cast<void**>(&original_function), &original_handle_); | |
52 DCHECK(ok); | |
53 | |
54 // For now, intercept only the numeric form of the system store | |
55 // function, CERT_STORE_PROV_SYSTEM_W (0x0A), which is what Crypt32 | |
56 // functionality uses exclusively. Depending on the machine that tests | |
57 // are being run on, it may prove necessary to also intercept | |
58 // sz_CERT_STORE_PROV_SYSTEM_[A/W] and CERT_STORE_PROV_SYSTEM_A, based | |
59 // on whether or not any third-party CryptoAPI modules have been | |
60 // installed. | |
61 const CRYPT_OID_FUNC_ENTRY kFunctionToIntercept = | |
62 { CERT_STORE_PROV_SYSTEM_W, &InterceptedOpenStoreW }; | |
63 | |
64 // Inject kFunctionToIntercept at the front of the linked list that | |
65 // crypt32 uses when CertOpenStore is called, replacing the existing | |
66 // registered function. | |
67 ok = CryptInstallOIDFunctionAddress(NULL, 0, | |
68 CRYPT_OID_OPEN_STORE_PROV_FUNC, 1, | |
69 &kFunctionToIntercept, | |
70 CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG); | |
71 DCHECK(ok); | |
72 } | |
73 | |
74 // Never called, because this object is intentionally leaked. Certificate | |
75 // verification happens on a non-joinable worker thread which may still be | |
76 // running when ~AtExitManager is called. | |
77 ~CryptoAPIInjector() { | |
78 original_function = NULL; | |
79 CryptFreeOIDFunctionAddress(original_handle_, NULL); | |
80 } | |
81 | |
82 HCRYPTOIDFUNCADDR original_handle_; | |
83 }; | |
84 | |
85 base::LazyInstance<CryptoAPIInjector, | |
86 base::LeakyLazyInstanceTraits<CryptoAPIInjector> > | |
87 g_capi_injector(base::LINKER_INITIALIZED); | |
88 | |
89 BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider, | |
90 DWORD encoding, | |
91 HCRYPTPROV crypt_provider, | |
92 DWORD flags, | |
93 const void* store_name, | |
94 HCERTSTORE memory_store, | |
95 PCERT_STORE_PROV_INFO store_info) { | |
96 // If the high word is all zeroes, then |store_provider| is a numeric ID. | |
97 // Otherwise, it's a pointer to a null-terminated ASCII string. See the | |
98 // documentation for CryptGetOIDFunctionAddress for more information. | |
99 uint32 store_as_uint = reinterpret_cast<uint32>(store_provider); | |
100 if (store_as_uint > 0xFFFF || store_provider != CERT_STORE_PROV_SYSTEM_W || | |
101 !g_capi_injector.Get().original_function) | |
102 return FALSE; | |
wtc
2010/11/23 00:30:11
Do we need to call SetLastError() to set an error
Ryan Sleevi
2010/12/03 03:28:06
Nothing I've seen in the documentation (MSDN, Head
| |
103 | |
104 BOOL ok = g_capi_injector.Get().original_function(store_provider, encoding, | |
105 crypt_provider, flags, | |
106 store_name, memory_store, | |
107 store_info); | |
108 // Only inject certificates for the Root store. If | |
joth
2010/11/22 13:05:40
Not quite a complete sentence. Maybe:
Conditionall
| |
109 // CERT_SYSTEM_STORE_RELOCATE_FLAG is set, then |store_name| points to a | |
110 // CERT_SYSTEM_STORE_RELOCATE_PARA structure, rather than a | |
111 // NULL-terminated wide string, so check before making a string | |
112 // comparison. | |
113 if (!ok || TestRootCerts::GetInstance()->IsEmpty() || | |
114 (flags & CERT_SYSTEM_STORE_RELOCATE_FLAG) || | |
115 lstrcmpiW(reinterpret_cast<LPCWSTR>(store_name), L"root")) | |
116 return ok; | |
117 | |
118 // The result of CertOpenStore with CERT_STORE_PROV_SYSTEM_W is documented | |
119 // to be a collection store, and that appears to hold for |memory_store|. | |
120 // Attempting to add an individual certificate to |memory_store| causes | |
121 // the request to be forwarded to the first physical store in the | |
122 // collection that accepts modifications, which will cause a secure | |
123 // confirmation dialog to be displayed, confirming the user wishes to | |
124 // trust the certificate. In order to bypass this prompt, the temporary | |
125 // root store is inserted to the front of the collection, which allows the | |
wtc
2010/11/23 00:30:11
COMMENT BUG: you pass 0 as the dwPriority argument
Ryan Sleevi
2010/12/03 03:28:06
Thanks for spotting this. You're right that it was
| |
126 // trust settings to be injected, and without the dialog being displayed. | |
127 return CertAddStoreToCollection( | |
128 memory_store, TestRootCerts::GetInstance()->temporary_roots(), 0, 0); | |
129 } | |
130 | |
131 } // namespace | |
132 | |
133 bool TestRootCerts::Add(X509Certificate* certificate) { | |
134 // Ensure that the default CryptoAPI functionality has been intercepted. | |
135 // If a test certificate is never added, then no interception should | |
136 // happen. | |
137 g_capi_injector.Get(); | |
138 | |
139 BOOL ok = CertAddCertificateContextToStore( | |
140 temporary_roots_, certificate->os_cert_handle(), | |
141 CERT_STORE_ADD_NEW, NULL); | |
142 if (!ok) { | |
143 // If the certificate is already added, return successfully. | |
144 return GetLastError() == CRYPT_E_EXISTS; | |
145 } | |
146 | |
147 empty_ = false; | |
148 return true; | |
149 } | |
150 | |
151 void TestRootCerts::Clear() { | |
152 empty_ = true; | |
153 | |
154 PCCERT_CONTEXT prev_cert = NULL; | |
155 while (prev_cert = CertEnumCertificatesInStore(temporary_roots_, NULL)) | |
156 CertDeleteCertificateFromStore(prev_cert); | |
157 } | |
158 | |
159 bool TestRootCerts::IsEmpty() const { | |
160 return empty_; | |
161 } | |
162 | |
163 HCERTCHAINENGINE TestRootCerts::GetChainEngine() const { | |
164 if (IsEmpty()) | |
165 return NULL; // Default chain engine will suffice. | |
166 | |
167 // Each HCERTCHAINENGINE caches both the configured system stores and | |
168 // information about each chain that has been built. In order to ensure | |
169 // that changes to |temporary_roots_| are properly propagated and that the | |
170 // various caches are flushed, when at least one certificate is added, | |
171 // return a new chain engine for every call. Each chain engine creation | |
172 // should re-open the root store, ensuring the most recent changes are | |
173 // visible. | |
174 CERT_CHAIN_ENGINE_CONFIG engine_config = { | |
175 sizeof(engine_config) | |
176 }; | |
177 engine_config.dwFlags = | |
178 CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE | | |
179 CERT_CHAIN_ENABLE_SHARE_STORE; | |
180 HCERTCHAINENGINE chain_engine = NULL; | |
181 BOOL ok = CertCreateCertificateChainEngine(&engine_config, &chain_engine); | |
182 DCHECK(ok); | |
183 return chain_engine; | |
184 } | |
185 | |
186 TestRootCerts::TestRootCerts() | |
187 : empty_(true) { | |
188 temporary_roots_ = CertOpenStore( | |
189 CERT_STORE_PROV_MEMORY, 0, NULL, | |
190 CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL); | |
191 DCHECK(temporary_roots_); | |
192 } | |
193 | |
194 TestRootCerts::~TestRootCerts() { | |
195 CertCloseStore(temporary_roots_, 0); | |
196 } | |
197 | |
198 } // namespace net | |
OLD | NEW |