From c6d18eea781bc98a362595e2334223b48f41b522 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Fri, 11 May 2007 17:07:19 +0000
Subject: Add different tokens for different certificate stores.

---
 ckcapi-cert.c | 127 ++++++++++++----------------------------------------------
 1 file changed, 26 insertions(+), 101 deletions(-)

(limited to 'ckcapi-cert.c')

diff --git a/ckcapi-cert.c b/ckcapi-cert.c
index 0e40905..15ab880 100644
--- a/ckcapi-cert.c
+++ b/ckcapi-cert.c
@@ -31,22 +31,9 @@
 
 #define USE_ENCODINGS	(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)
 
-/* All the stores we look in for certificates, in this order */
-static const char* CERT_STORES[] = {
-	"My",
-	"AddressBook",
-	"CA", 
-	"Root", 
-	"Trust", 
-	"TrustedPeople", 
-	"AuthRoot", 
-	NULL
-};
-
 typedef struct _CertObject
 {
 	CkCapiObject obj;
-	const char* store;
 
 	/* Together these can uniquely identify a certificate */
 	CRYPT_INTEGER_BLOB serial;
@@ -238,31 +225,26 @@ static CK_RV
 cert_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData** objdata)
 {
 	CertObject* cobj = (CertObject*)obj;
-	HCERTSTORE store;
 	CERT_INFO info;
 	PCCERT_CONTEXT cert;
 
 	ASSERT(cobj);
 	ASSERT(objdata);
 
-	ASSERT(cobj->store);
-	store = CertOpenSystemStore((HCRYPTPROV)NULL, cobj->store);
-	if(!store)
-		return ckcapi_winerr_to_ckr(GetLastError());
-
 	ASSERT(cobj->issuer.pbData);
 	ASSERT(cobj->issuer.cbData);
 	ASSERT(cobj->serial.pbData);
 	ASSERT(cobj->serial.cbData);
 
+	/* No store should mean no objects were loaded */
+	ASSERT(sess->store);
+
 	/* Setup our search */
 	memset(&info, 0, sizeof(info));
 	memcpy(&info.SerialNumber, &cobj->serial, sizeof(info.SerialNumber));
 	memcpy(&info.Issuer, &cobj->issuer, sizeof(info.Issuer));
 
-	cert = CertGetSubjectCertificateFromStore(store, USE_ENCODINGS, &info);
-
-	CertCloseStore(store, 0);
+	cert = CertGetSubjectCertificateFromStore(sess->store, USE_ENCODINGS, &info);
 
 	if(!cert)
 	{
@@ -481,8 +463,7 @@ ckcapi_cert_object_data_get_certificate(CkCapiObjectData* objdata)
 }
 
 static CK_RV
-register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert, 
-					 CkCapiObject** obj)
+register_cert_object(CkCapiSession* sess, PCCERT_CONTEXT cert, CkCapiObject** obj)
 {
 	CertObject* cobj;
 	CK_RV ret;
@@ -500,7 +481,6 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
 		return CKR_HOST_MEMORY;
 
 	cobj->otype = OBJECT_CERT;
-	cobj->store = store;
 
 	cobj->obj.id = 0;
 	cobj->obj.unique_key = UNIQUE_KEY_AT(cobj, otype);
@@ -519,7 +499,7 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
 	memcpy(cobj->serial.pbData, cert->pCertInfo->SerialNumber.pbData,
 		   cobj->serial.cbData);
 	
-	ret = ckcapi_object_register(sess, &(cobj->obj));
+	ret = ckcapi_token_register_object(sess->slot, &(cobj->obj));
 	if(ret != CKR_OK)
 	{
 		free(cobj);
@@ -531,52 +511,22 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
 	return CKR_OK;
 }
 
-static void
-clear_object_data_for_store(CkCapiSession* sess, CkCapiObject* obj, 
-							CkCapiObjectData* data, void* arg)
-{
-	const char* store = (const char*) arg;
-	CertObject *cobj = (CertObject*)obj;
-
-	// Is it one of ours? 
-	if(obj->obj_funcs != &cert_object_vtable)
-		return;
-
-	if(strcmp(cobj->store, store) == 0)
-		ckcapi_session_clear_object_data(sess, obj);
-}
-
 static CK_RV
-find_in_store(CkCapiSession* sess, const char* store_name, 
-			  CK_ATTRIBUTE_PTR match, CK_ULONG count, CkCapiArray* arr)
+find_in_store(CkCapiSession* sess, CK_ATTRIBUTE_PTR match, 
+			  CK_ULONG count, CkCapiArray* arr)
 {
 	PCCERT_CONTEXT cert = NULL;
 	CkCapiObject* obj;
-	HCERTSTORE store;
 	CertObjectData cdata;
 	CkCapiObjectData* objdata;
-	DWORD err;
 	CK_RV ret = CKR_OK;
 
-	
-	/* Clear any loaded data for objects in this store */
-	ckcapi_session_enum_object_data(sess, clear_object_data_for_store, (void*)store_name);
-
-	store = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
-	if(store == NULL)
-	{
-		err = GetLastError();
-
-		/* Store not found, we don't care */
-		if(err == ERROR_FILE_NOT_FOUND)
-			return CKR_OK;
-
-		else
-			return ckcapi_winerr_to_ckr(err);
-	}
+	/* No store, no objects */
+	if(!sess->store)
+		return CKR_OK;
 
 	/* Match each certificate */
-	while((cert = CertEnumCertificatesInStore(store, cert)) != NULL)
+	while((cert = CertEnumCertificatesInStore(sess->store, cert)) != NULL)
 	{
 		cdata.cert = cert;
 		cdata.base.object = 0;
@@ -584,7 +534,7 @@ find_in_store(CkCapiSession* sess, const char* store_name,
 
 		if(ckcapi_object_data_match(&cdata.base, match, count))
 		{
-			ret = register_cert_object(sess, store_name, cert, &obj);
+			ret = register_cert_object(sess, cert, &obj);
 			if(ret != CKR_OK)
 				break;
 
@@ -604,37 +554,25 @@ find_in_store(CkCapiSession* sess, const char* store_name,
 		}
 	}
 
-	ASSERT(store);
-	CertCloseStore(store, 0);
-
 	return ret;
 }
 
 static CK_RV
-match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
-			   CK_ATTRIBUTE_PTR match, CK_ULONG count, CkCapiArray* arr)
+match_in_store(CkCapiSession* sess, PCERT_INFO info, CK_ATTRIBUTE_PTR match, 
+			   CK_ULONG count, CkCapiArray* arr)
 {
 	PCCERT_CONTEXT cert = NULL;
 	CkCapiObject* obj;
 	CkCapiObjectData* objdata;
-	HCERTSTORE store;
 	CertObjectData cdata;
 	DWORD err;
 	CK_RV ret = CKR_OK;
 
-	store = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
-	if(store == NULL)
-	{
-		err = GetLastError();
-
-		/* Store not found, we don't care */
-		if(err == ERROR_FILE_NOT_FOUND)
-			return CKR_OK;
-		else
-			return ckcapi_winerr_to_ckr(err);
-	}
+	/* No store, no objects */
+	if(!sess->store)
+		return CKR_OK;
 
-	cert = CertGetSubjectCertificateFromStore(store, USE_ENCODINGS, info);
+	cert = CertGetSubjectCertificateFromStore(sess->store, USE_ENCODINGS, info);
 	if(cert == NULL)
 	{
 		err = GetLastError();
@@ -653,7 +591,7 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
 
 	if(ckcapi_object_data_match(&cdata.base, match, count))
 	{
-		ret = register_cert_object(sess, store_name, cert, &obj);
+		ret = register_cert_object(sess, cert, &obj);
 		if(ret == CKR_OK)
 		{
 			ASSERT(obj);
@@ -669,10 +607,6 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
 	if(ret != CKR_OK && cert)
 		CertFreeCertificateContext(cert);
 
-
-	ASSERT(store);
-	CertCloseStore(store, 0);
-
 	return ret;
 }
 
@@ -683,7 +617,6 @@ ckcapi_cert_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR matc
 	CRYPT_INTEGER_BLOB* serial = NULL; 
 	CERT_INFO info;
 	CK_RV ret;
-	BOOL specific;
 	CK_ULONG i;
 	DWORD size;
 
@@ -728,21 +661,13 @@ ckcapi_cert_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR matc
 		}
 	}
 
-	specific = info.SerialNumber.cbData && info.Issuer.cbData;
+	/* Match a specific certificate */
+	if(info.SerialNumber.cbData && info.Issuer.cbData)
+		ret = match_in_store(sess, &info, match, count, arr);
 
-	for(i = 0; CERT_STORES[i]; ++i)
-	{
-		/* Match a specific certificate */
-		if(specific)
-			ret = match_in_store(sess, CERT_STORES[i], &info, match, count, arr);
-
-		/* Match any ol certificate */
-		else 
-			ret = find_in_store(sess, CERT_STORES[i], match, count, arr);
-
-		if(ret != CKR_OK)
-			break;
-	}
+	/* Match any ol certificate */
+	else 
+		ret = find_in_store(sess, match, count, arr);
 
 	if(serial)
 		free(serial);
-- 
cgit v1.2.3