| //! Bindings to Certificate Trust Lists (CTL) in winapi. |
| |
| #![allow(dead_code)] |
| |
| use std::io; |
| use std::mem; |
| use std::ptr; |
| |
| use windows_sys::Win32::Security::Cryptography; |
| |
| use crate::cert_context::CertContext; |
| use crate::Inner; |
| |
| /// Wrapped `PCCTL_CONTEXT` which represents a certificate trust list to |
| /// Windows. |
| pub struct CtlContext(*const Cryptography::CTL_CONTEXT); |
| |
| unsafe impl Send for CtlContext {} |
| unsafe impl Sync for CtlContext {} |
| |
| impl Drop for CtlContext { |
| fn drop(&mut self) { |
| unsafe { |
| Cryptography::CertFreeCTLContext(self.0); |
| } |
| } |
| } |
| |
| impl Inner<*const Cryptography::CTL_CONTEXT> for CtlContext { |
| unsafe fn from_inner(t: *const Cryptography::CTL_CONTEXT) -> CtlContext { |
| CtlContext(t) |
| } |
| |
| fn as_inner(&self) -> *const Cryptography::CTL_CONTEXT { |
| self.0 |
| } |
| |
| fn get_mut(&mut self) -> &mut *const Cryptography::CTL_CONTEXT { |
| &mut self.0 |
| } |
| } |
| |
| impl CtlContext { |
| /// Returns a builder reader to create an encoded `CtlContext`. |
| pub fn builder() -> Builder { |
| Builder { |
| certificates: vec![], |
| usages: vec![], |
| } |
| } |
| } |
| |
| /// Used to build an encoded `CtlContext` which can be added to a `Memory` store |
| /// to get back the actual `CtlContext`. |
| pub struct Builder { |
| certificates: Vec<CertContext>, |
| usages: Vec<Vec<u8>>, |
| } |
| |
| impl Builder { |
| /// Adds a certificate to be passed to `CryptMsgEncodeAndSignCTL` later on. |
| pub fn certificate(&mut self, cert: CertContext) -> &mut Builder { |
| self.certificates.push(cert); |
| self |
| } |
| |
| /// Adds a usage string to be passed in the `SubjectUsage` field to |
| /// `CryptMsgEncodeAndSignCTL` later on. |
| pub fn usage(&mut self, usage: &str) -> &mut Builder { |
| let mut usage = usage.as_bytes().to_owned(); |
| usage.push(0); |
| self.usages.push(usage); |
| self |
| } |
| |
| /// Calls `CryptMsgEncodeAndSignCTL` to encode this list of certificates |
| /// into a CTL. |
| /// |
| /// This can later be passed to `Memory::add_encoded_ctl`. |
| pub fn encode_and_sign(&self) -> io::Result<Vec<u8>> { |
| unsafe { |
| let encoding = Cryptography::X509_ASN_ENCODING | Cryptography::PKCS_7_ASN_ENCODING; |
| |
| let mut usages = self |
| .usages |
| .iter() |
| .map(|u| u.as_ptr() as _) |
| .collect::<Vec<_>>(); |
| let mut entry_data = vec![]; |
| let mut entries = vec![]; |
| for certificate in &self.certificates { |
| let data = cert_entry(certificate)?; |
| entries.push(*(data.as_ptr() as *const Cryptography::CTL_ENTRY)); |
| entry_data.push(data); |
| } |
| |
| let mut ctl_info: Cryptography::CTL_INFO = mem::zeroed(); |
| ctl_info.dwVersion = Cryptography::CTL_V1; |
| ctl_info.SubjectUsage.cUsageIdentifier = usages.len() as u32; |
| ctl_info.SubjectUsage.rgpszUsageIdentifier = usages.as_mut_ptr(); |
| ctl_info.SubjectAlgorithm.pszObjId = Cryptography::szOID_OIWSEC_sha1 as _; |
| ctl_info.cCTLEntry = entries.len() as u32; |
| ctl_info.rgCTLEntry = entries.as_mut_ptr(); |
| |
| let mut sign_info: Cryptography::CMSG_SIGNED_ENCODE_INFO = mem::zeroed(); |
| sign_info.cbSize = mem::size_of_val(&sign_info) as u32; |
| let mut encoded_certs = self |
| .certificates |
| .iter() |
| .map(|c| Cryptography::CRYPT_INTEGER_BLOB { |
| cbData: (*c.as_inner()).cbCertEncoded, |
| pbData: (*c.as_inner()).pbCertEncoded, |
| }) |
| .collect::<Vec<_>>(); |
| sign_info.rgCertEncoded = encoded_certs.as_mut_ptr(); |
| sign_info.cCertEncoded = encoded_certs.len() as u32; |
| |
| let flags = Cryptography::CMSG_ENCODE_SORTED_CTL_FLAG |
| | Cryptography::CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG; |
| |
| let mut size = 0; |
| |
| let res = Cryptography::CryptMsgEncodeAndSignCTL( |
| encoding, |
| &ctl_info, |
| &sign_info, |
| flags, |
| ptr::null_mut(), |
| &mut size, |
| ); |
| if res == 0 { |
| return Err(io::Error::last_os_error()); |
| } |
| |
| let mut encoded = vec![0; size as usize]; |
| |
| let res = Cryptography::CryptMsgEncodeAndSignCTL( |
| encoding, |
| &ctl_info, |
| &sign_info, |
| flags, |
| encoded.as_mut_ptr() as *mut u8, |
| &mut size, |
| ); |
| if res == 0 { |
| return Err(io::Error::last_os_error()); |
| } |
| |
| Ok(encoded) |
| } |
| } |
| } |
| |
| fn cert_entry(cert: &CertContext) -> io::Result<Vec<u8>> { |
| unsafe { |
| let mut size: u32 = 0; |
| |
| let res = Cryptography::CertCreateCTLEntryFromCertificateContextProperties( |
| cert.as_inner(), |
| 0, |
| ptr::null(), |
| Cryptography::CTL_ENTRY_FROM_PROP_CHAIN_FLAG, |
| ptr::null_mut(), |
| ptr::null_mut(), |
| &mut size, |
| ); |
| if res == 0 { |
| return Err(io::Error::last_os_error()); |
| } |
| |
| let mut entry = vec![0u8; size as usize]; |
| let res = Cryptography::CertCreateCTLEntryFromCertificateContextProperties( |
| cert.as_inner(), |
| 0, |
| ptr::null(), |
| Cryptography::CTL_ENTRY_FROM_PROP_CHAIN_FLAG, |
| ptr::null_mut(), |
| entry.as_mut_ptr() as *mut Cryptography::CTL_ENTRY, |
| &mut size, |
| ); |
| if res == 0 { |
| Err(io::Error::last_os_error()) |
| } else { |
| Ok(entry) |
| } |
| } |
| } |
