VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/crypto/RTCrStoreCertAddWantedFromFishingExpedition.cpp

Last change on this file was 98103, checked in by vboxsync, 16 months ago

Copyright year updates by scm.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 10.0 KB
Line 
1/* $Id: RTCrStoreCertAddWantedFromFishingExpedition.cpp 98103 2023-01-17 14:15:46Z vboxsync $ */
2/** @file
3 * IPRT - Cryptographic (Certificate) Store, RTCrStoreCertAddFromFishingExpedition.
4 */
5
6/*
7 * Copyright (C) 2006-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37
38/*********************************************************************************************************************************
39* Header Files *
40*********************************************************************************************************************************/
41#include "internal/iprt.h"
42#include <iprt/crypto/store.h>
43
44#include <iprt/assert.h>
45#include <iprt/err.h>
46#include <iprt/mem.h>
47#include <iprt/path.h>
48
49#include "x509-internal.h"
50
51
52/*********************************************************************************************************************************
53* Defined Constants And Macros *
54*********************************************************************************************************************************/
55#ifdef RT_OS_WINDOWS
56# define PREFIX_UNIXROOT "${SystemDrive}/cygwin"
57#elif defined(RT_OS_OS2)
58# define PREFIX_UNIXROOT "/@unixroot@"
59#else
60# define PREFIX_UNIXROOT
61#endif
62
63
64/**
65 * Count the number of found certificates.
66 *
67 * @returns Number found.
68 * @param afFound Indicator array.
69 * @param cWanted Number of wanted certificates.
70 */
71DECLINLINE(size_t) rtCrStoreCountFound(bool const *afFound, size_t cWanted)
72{
73 size_t cFound = 0;
74 while (cWanted-- > 0)
75 if (afFound[cWanted])
76 cFound++;
77 return cFound;
78}
79
80
81RTDECL(int) RTCrStoreCertAddWantedFromFishingExpedition(RTCRSTORE hStore, uint32_t fFlags,
82 PCRTCRCERTWANTED paWanted, size_t cWanted,
83 bool *pafFound, PRTERRINFO pErrInfo)
84{
85 int rc = VINF_SUCCESS;
86 int rc2;
87
88 /*
89 * Validate input.
90 */
91 AssertReturn(!(fFlags & ~(RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR)), VERR_INVALID_FLAGS);
92 fFlags |= RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR; /* force these! */
93 AssertReturn(cWanted, VERR_NOT_FOUND);
94 for (uint32_t i = 0; i < cWanted; i++)
95 {
96 AssertReturn(!paWanted[i].pszSubject || *paWanted[i].pszSubject, VERR_INVALID_PARAMETER);
97 AssertReturn( paWanted[i].pszSubject
98 || paWanted[i].fSha1Fingerprint
99 || paWanted[i].fSha512Fingerprint,
100 VERR_INVALID_PARAMETER);
101 }
102
103 /*
104 * Make sure we've got a result array.
105 */
106 bool *pafFoundFree = NULL;
107 if (!pafFound)
108 {
109 pafFound = pafFoundFree = (bool *)RTMemTmpAllocZ(sizeof(bool) * cWanted);
110 AssertReturn(pafFound, VERR_NO_TMP_MEMORY);
111 }
112
113 /*
114 * Search the user and system stores first.
115 */
116 bool fAllFound = false;
117 RTCRSTORE hTmpStore;
118 for (int iStoreId = RTCRSTOREID_INVALID + 1; iStoreId < RTCRSTOREID_END; iStoreId++)
119 {
120 rc2 = RTCrStoreCreateSnapshotById(&hTmpStore, (RTCRSTOREID)iStoreId, NULL);
121 if (RT_SUCCESS(rc2))
122 {
123 rc2 = RTCrStoreCertAddWantedFromStore(hStore, fFlags, hTmpStore, paWanted, cWanted, pafFound);
124 RTCrStoreRelease(hTmpStore);
125 fAllFound = rc2 == VINF_SUCCESS;
126 if (fAllFound)
127 break;
128 }
129 }
130
131 /*
132 * Search alternative file based stores.
133 */
134 if (!fAllFound)
135 {
136 static const char * const s_apszFiles[] =
137 {
138 PREFIX_UNIXROOT "/usr/share/ca-certificates/trust-source/mozilla.neutral-trust.crt",
139 PREFIX_UNIXROOT "/usr/share/ca-certificates/trust-source/mozilla.trust.crt",
140 PREFIX_UNIXROOT "/usr/share/doc/mutt/samples/ca-bundle.crt",
141 PREFIX_UNIXROOT "/usr/jdk/latest/jre/lib/security/cacerts",
142 PREFIX_UNIXROOT "/usr/share/curl/curl-ca-bundle.crt",
143#ifdef RT_OS_DARWIN
144 "/opt/local/share/curl/curl-ca-bundle.crt",
145 "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts",
146 "/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts",
147 "/System/Library/Java/Support/CoreDeploy.bundle/Contents/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts",
148 "/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts",
149 "/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/MacOS/itms/java/lib/security/cacerts",
150 "/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/java/lib/security/cacerts",
151 "/Applications/Xcode-beta.app/Contents/Applications/Application Loader.app/Contents/itms/java/lib/security/cacerts",
152 "/System/Library/Java/JavaVirtualMachines/*/Contents/Home/lib/security/cacerts",
153#endif
154#ifdef RT_OS_LINUX
155 PREFIX_UNIXROOT "/etc/ssl/certs/java/cacerts",
156 PREFIX_UNIXROOT "/usr/lib/j*/*/jre/lib/security/cacerts",
157 PREFIX_UNIXROOT "/opt/*/jre/lib/security/cacerts",
158#endif
159#ifdef RT_OS_SOLARIS
160 PREFIX_UNIXROOT "/usr/java/jre/lib/security/cacerts",
161 PREFIX_UNIXROOT "/usr/jdk/instances/*/jre/lib/security/cacerts",
162#endif
163#ifdef RT_OS_WINDOWS
164 "${AllProgramFiles}/Git/bin/curl-ca-bundle.crt",
165 "${AllProgramFiles}/Mercurial/hgrc.d/cacert.pem",
166 "${AllProgramFiles}/Java/jre*/lib/security/cacerts",
167 "${AllProgramFiles}/Java/jdk*/jre/lib/security/cacerts",
168 "${AllProgramFiles}/HexChat/cert.pem",
169 "${SystemDrive}/BitNami/*/git/bin/curl-ca-bundle.crt",
170 "${SystemDrive}/BitNami/*/heroku/data/cacert.pem",
171 "${SystemDrive}/BitNami/*/heroku/vendor/gems/excon*/data/cacert.pem",
172 "${SystemDrive}/BitNami/*/php/PEAR/AWSSDKforPHP/lib/requstcore/cacert.pem",
173#endif
174 };
175 for (uint32_t i = 0; i < RT_ELEMENTS(s_apszFiles) && !fAllFound; i++)
176 {
177 PCRTPATHGLOBENTRY pResultHead;
178 rc2 = RTPathGlob(s_apszFiles[i], RTPATHGLOB_F_NO_DIRS, &pResultHead, NULL);
179 if (RT_SUCCESS(rc2))
180 {
181 for (PCRTPATHGLOBENTRY pCur = pResultHead; pCur; pCur = pCur->pNext)
182 {
183 rc2 = RTCrStoreCertAddWantedFromFile(hStore, fFlags, pCur->szPath, paWanted, cWanted, pafFound, pErrInfo);
184 fAllFound = rc2 == VINF_SUCCESS;
185 if (fAllFound)
186 break;
187 }
188 RTPathGlobFree(pResultHead);
189 }
190 }
191 }
192
193 /*
194 * Search alternative directory based stores.
195 */
196 if (!fAllFound)
197 {
198 static const char * const s_apszFiles[] =
199 {
200 PREFIX_UNIXROOT "/usr/share/ca-certificates/mozilla/",
201#ifdef RT_OS_DARWIN
202 "/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/ssl_certs/",
203#endif
204#ifdef RT_OS_SOLARIS
205 "/etc/certs/",
206 "/etc/crypto/certs/",
207#endif
208#ifdef RT_OS_WINDOWS
209 "${AllProgramFiles}/Git/ssl/certs/",
210 "${AllProgramFiles}/Git/ssl/certs/expired/",
211 "${AllProgramFiles}/Common Files/Apple/Internet Services/security.resources/roots/",
212 "${AllProgramFiles}/Raptr/ca-certs/",
213 "${SystemDrive}/Bitname/*/git/ssl/certs/",
214 "${SystemDrive}/Bitnami/*/git/ssl/certs/expired/",
215#endif
216 };
217 for (uint32_t i = 0; i < RT_ELEMENTS(s_apszFiles) && !fAllFound; i++)
218 {
219 PCRTPATHGLOBENTRY pResultHead;
220 rc2 = RTPathGlob(s_apszFiles[i], RTPATHGLOB_F_ONLY_DIRS, &pResultHead, NULL);
221 if (RT_SUCCESS(rc2))
222 {
223 for (PCRTPATHGLOBENTRY pCur = pResultHead; pCur; pCur = pCur->pNext)
224 {
225 rc2 = RTCrStoreCertAddWantedFromDir(hStore, fFlags, pCur->szPath, NULL /*paSuffixes*/, 0 /*cSuffixes*/,
226 paWanted, cWanted, pafFound, pErrInfo);
227 fAllFound = rc2 == VINF_SUCCESS;
228 if (fAllFound)
229 break;
230 }
231 RTPathGlobFree(pResultHead);
232 }
233 }
234 }
235
236 /*
237 * If all found, return VINF_SUCCESS, otherwise warn that we didn't find everything.
238 */
239 if (RT_SUCCESS(rc))
240 {
241 size_t cFound = rtCrStoreCountFound(pafFound, cWanted);
242 Assert(cFound == cWanted || !fAllFound);
243 if (cFound == cWanted)
244 rc = VINF_SUCCESS;
245 else if (cFound > 0)
246 rc = VWRN_NOT_FOUND;
247 else
248 rc = VERR_NOT_FOUND;
249 }
250
251 if (pafFoundFree)
252 RTMemTmpFree(pafFoundFree);
253 return rc;
254}
255RT_EXPORT_SYMBOL(RTCrStoreCertAddWantedFromFishingExpedition);
256
Note: See TracBrowser for help on using the repository browser.

© 2023 Oracle
ContactPrivacy policyTerms of Use