summaryrefslogtreecommitdiff
path: root/ckcapi-cert.c
diff options
context:
space:
mode:
Diffstat (limited to 'ckcapi-cert.c')
-rw-r--r--ckcapi-cert.c127
1 files changed, 26 insertions, 101 deletions
diff --git a/ckcapi-cert.c b/ckcapi-cert.c
index 0e40905..15ab880 100644
--- a/ckcapi-cert.c
+++ b/ckcapi-cert.c
@@ -31,22 +31,9 @@
#define USE_ENCODINGS (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)
-/* All the stores we look in for certificates, in this order */
-static const char* CERT_STORES[] = {
- "My",
- "AddressBook",
- "CA",
- "Root",
- "Trust",
- "TrustedPeople",
- "AuthRoot",
- NULL
-};
-
typedef struct _CertObject
{
CkCapiObject obj;
- const char* store;
/* Together these can uniquely identify a certificate */
CRYPT_INTEGER_BLOB serial;
@@ -238,31 +225,26 @@ static CK_RV
cert_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData** objdata)
{
CertObject* cobj = (CertObject*)obj;
- HCERTSTORE store;
CERT_INFO info;
PCCERT_CONTEXT cert;
ASSERT(cobj);
ASSERT(objdata);
- ASSERT(cobj->store);
- store = CertOpenSystemStore((HCRYPTPROV)NULL, cobj->store);
- if(!store)
- return ckcapi_winerr_to_ckr(GetLastError());
-
ASSERT(cobj->issuer.pbData);
ASSERT(cobj->issuer.cbData);
ASSERT(cobj->serial.pbData);
ASSERT(cobj->serial.cbData);
+ /* No store should mean no objects were loaded */
+ ASSERT(sess->store);
+
/* Setup our search */
memset(&info, 0, sizeof(info));
memcpy(&info.SerialNumber, &cobj->serial, sizeof(info.SerialNumber));
memcpy(&info.Issuer, &cobj->issuer, sizeof(info.Issuer));
- cert = CertGetSubjectCertificateFromStore(store, USE_ENCODINGS, &info);
-
- CertCloseStore(store, 0);
+ cert = CertGetSubjectCertificateFromStore(sess->store, USE_ENCODINGS, &info);
if(!cert)
{
@@ -481,8 +463,7 @@ ckcapi_cert_object_data_get_certificate(CkCapiObjectData* objdata)
}
static CK_RV
-register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert,
- CkCapiObject** obj)
+register_cert_object(CkCapiSession* sess, PCCERT_CONTEXT cert, CkCapiObject** obj)
{
CertObject* cobj;
CK_RV ret;
@@ -500,7 +481,6 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
return CKR_HOST_MEMORY;
cobj->otype = OBJECT_CERT;
- cobj->store = store;
cobj->obj.id = 0;
cobj->obj.unique_key = UNIQUE_KEY_AT(cobj, otype);
@@ -519,7 +499,7 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
memcpy(cobj->serial.pbData, cert->pCertInfo->SerialNumber.pbData,
cobj->serial.cbData);
- ret = ckcapi_object_register(sess, &(cobj->obj));
+ ret = ckcapi_token_register_object(sess->slot, &(cobj->obj));
if(ret != CKR_OK)
{
free(cobj);
@@ -531,52 +511,22 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
return CKR_OK;
}
-static void
-clear_object_data_for_store(CkCapiSession* sess, CkCapiObject* obj,
- CkCapiObjectData* data, void* arg)
-{
- const char* store = (const char*) arg;
- CertObject *cobj = (CertObject*)obj;
-
- // Is it one of ours?
- if(obj->obj_funcs != &cert_object_vtable)
- return;
-
- if(strcmp(cobj->store, store) == 0)
- ckcapi_session_clear_object_data(sess, obj);
-}
-
static CK_RV
-find_in_store(CkCapiSession* sess, const char* store_name,
- CK_ATTRIBUTE_PTR match, CK_ULONG count, CkCapiArray* arr)
+find_in_store(CkCapiSession* sess, CK_ATTRIBUTE_PTR match,
+ CK_ULONG count, CkCapiArray* arr)
{
PCCERT_CONTEXT cert = NULL;
CkCapiObject* obj;
- HCERTSTORE store;
CertObjectData cdata;
CkCapiObjectData* objdata;
- DWORD err;
CK_RV ret = CKR_OK;
-
- /* Clear any loaded data for objects in this store */
- ckcapi_session_enum_object_data(sess, clear_object_data_for_store, (void*)store_name);
-
- store = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
- if(store == NULL)
- {
- err = GetLastError();
-
- /* Store not found, we don't care */
- if(err == ERROR_FILE_NOT_FOUND)
- return CKR_OK;
-
- else
- return ckcapi_winerr_to_ckr(err);
- }
+ /* No store, no objects */
+ if(!sess->store)
+ return CKR_OK;
/* Match each certificate */
- while((cert = CertEnumCertificatesInStore(store, cert)) != NULL)
+ while((cert = CertEnumCertificatesInStore(sess->store, cert)) != NULL)
{
cdata.cert = cert;
cdata.base.object = 0;
@@ -584,7 +534,7 @@ find_in_store(CkCapiSession* sess, const char* store_name,
if(ckcapi_object_data_match(&cdata.base, match, count))
{
- ret = register_cert_object(sess, store_name, cert, &obj);
+ ret = register_cert_object(sess, cert, &obj);
if(ret != CKR_OK)
break;
@@ -604,37 +554,25 @@ find_in_store(CkCapiSession* sess, const char* store_name,
}
}
- ASSERT(store);
- CertCloseStore(store, 0);
-
return ret;
}
static CK_RV
-match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
- CK_ATTRIBUTE_PTR match, CK_ULONG count, CkCapiArray* arr)
+match_in_store(CkCapiSession* sess, PCERT_INFO info, CK_ATTRIBUTE_PTR match,
+ CK_ULONG count, CkCapiArray* arr)
{
PCCERT_CONTEXT cert = NULL;
CkCapiObject* obj;
CkCapiObjectData* objdata;
- HCERTSTORE store;
CertObjectData cdata;
DWORD err;
CK_RV ret = CKR_OK;
- store = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
- if(store == NULL)
- {
- err = GetLastError();
-
- /* Store not found, we don't care */
- if(err == ERROR_FILE_NOT_FOUND)
- return CKR_OK;
- else
- return ckcapi_winerr_to_ckr(err);
- }
+ /* No store, no objects */
+ if(!sess->store)
+ return CKR_OK;
- cert = CertGetSubjectCertificateFromStore(store, USE_ENCODINGS, info);
+ cert = CertGetSubjectCertificateFromStore(sess->store, USE_ENCODINGS, info);
if(cert == NULL)
{
err = GetLastError();
@@ -653,7 +591,7 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
if(ckcapi_object_data_match(&cdata.base, match, count))
{
- ret = register_cert_object(sess, store_name, cert, &obj);
+ ret = register_cert_object(sess, cert, &obj);
if(ret == CKR_OK)
{
ASSERT(obj);
@@ -669,10 +607,6 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
if(ret != CKR_OK && cert)
CertFreeCertificateContext(cert);
-
- ASSERT(store);
- CertCloseStore(store, 0);
-
return ret;
}
@@ -683,7 +617,6 @@ ckcapi_cert_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR matc
CRYPT_INTEGER_BLOB* serial = NULL;
CERT_INFO info;
CK_RV ret;
- BOOL specific;
CK_ULONG i;
DWORD size;
@@ -728,21 +661,13 @@ ckcapi_cert_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR matc
}
}
- specific = info.SerialNumber.cbData && info.Issuer.cbData;
+ /* Match a specific certificate */
+ if(info.SerialNumber.cbData && info.Issuer.cbData)
+ ret = match_in_store(sess, &info, match, count, arr);
- for(i = 0; CERT_STORES[i]; ++i)
- {
- /* Match a specific certificate */
- if(specific)
- ret = match_in_store(sess, CERT_STORES[i], &info, match, count, arr);
-
- /* Match any ol certificate */
- else
- ret = find_in_store(sess, CERT_STORES[i], match, count, arr);
-
- if(ret != CKR_OK)
- break;
- }
+ /* Match any ol certificate */
+ else
+ ret = find_in_store(sess, match, count, arr);
if(serial)
free(serial);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 16:33:13 +0000