• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/base/test_root_certs.h"
6 
7 #include <windows.h>
8 #include <wincrypt.h>
9 
10 #include "base/basictypes.h"
11 #include "base/lazy_instance.h"
12 #include "base/logging.h"
13 #include "net/base/x509_certificate.h"
14 
15 namespace net {
16 
17 namespace {
18 
19 // Provides a CertDllOpenStoreProv callback provider function, to be called
20 // by CertOpenStore when the CERT_STORE_PROV_SYSTEM_W store is opened. See
21 // http://msdn.microsoft.com/en-us/library/aa376043(VS.85).aspx.
22 BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider,
23                                   DWORD encoding,
24                                   HCRYPTPROV crypt_provider,
25                                   DWORD flags,
26                                   const void* extra,
27                                   HCERTSTORE memory_store,
28                                   PCERT_STORE_PROV_INFO store_info);
29 
30 // CryptoAPIInjector is used to inject a store provider function for system
31 // certificate stores before the one provided internally by Crypt32.dll.
32 // Once injected, there is no way to remove, so every call to open a system
33 // store will be redirected to the injected function.
34 struct CryptoAPIInjector {
35   // The previous default function for opening system stores. For most
36   // configurations, this should point to Crypt32's internal
37   // I_CertDllOpenSystemStoreProvW function.
38   PFN_CERT_DLL_OPEN_STORE_PROV_FUNC original_function;
39 
40   // The handle that CryptoAPI uses to ensure the DLL implementing
41   // |original_function| remains loaded in memory.
42   HCRYPTOIDFUNCADDR original_handle;
43 
44  private:
45   friend struct base::DefaultLazyInstanceTraits<CryptoAPIInjector>;
46 
CryptoAPIInjectornet::__anon95ded9d20111::CryptoAPIInjector47   CryptoAPIInjector()
48       : original_function(NULL),
49         original_handle(NULL) {
50     HCRYPTOIDFUNCSET registered_functions =
51         CryptInitOIDFunctionSet(CRYPT_OID_OPEN_STORE_PROV_FUNC, 0);
52 
53     // Preserve the original handler function in |original_function|. If other
54     // functions are overridden, they will also need to be preserved.
55     BOOL ok = CryptGetOIDFunctionAddress(
56         registered_functions, 0, CERT_STORE_PROV_SYSTEM_W, 0,
57         reinterpret_cast<void**>(&original_function), &original_handle);
58     DCHECK(ok);
59 
60     // For now, intercept only the numeric form of the system store
61     // function, CERT_STORE_PROV_SYSTEM_W (0x0A), which is what Crypt32
62     // functionality uses exclusively. Depending on the machine that tests
63     // are being run on, it may prove necessary to also intercept
64     // sz_CERT_STORE_PROV_SYSTEM_[A/W] and CERT_STORE_PROV_SYSTEM_A, based
65     // on whether or not any third-party CryptoAPI modules have been
66     // installed.
67     const CRYPT_OID_FUNC_ENTRY kFunctionToIntercept =
68         { CERT_STORE_PROV_SYSTEM_W, &InterceptedOpenStoreW };
69 
70     // Inject kFunctionToIntercept at the front of the linked list that
71     // crypt32 uses when CertOpenStore is called, replacing the existing
72     // registered function.
73     ok = CryptInstallOIDFunctionAddress(NULL, 0,
74                                         CRYPT_OID_OPEN_STORE_PROV_FUNC, 1,
75                                         &kFunctionToIntercept,
76                                         CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG);
77     DCHECK(ok);
78   }
79 
80   // This is never called, because this object is intentionally leaked.
81   // Certificate verification happens on a non-joinable worker thread, which
82   // may still be running when ~AtExitManager is called, so the LazyInstance
83   // must be leaky.
~CryptoAPIInjectornet::__anon95ded9d20111::CryptoAPIInjector84   ~CryptoAPIInjector() {
85     original_function = NULL;
86     CryptFreeOIDFunctionAddress(original_handle, NULL);
87   }
88 };
89 
90 base::LazyInstance<CryptoAPIInjector,
91                    base::LeakyLazyInstanceTraits<CryptoAPIInjector> >
92     g_capi_injector(base::LINKER_INITIALIZED);
93 
InterceptedOpenStoreW(LPCSTR store_provider,DWORD encoding,HCRYPTPROV crypt_provider,DWORD flags,const void * store_name,HCERTSTORE memory_store,PCERT_STORE_PROV_INFO store_info)94 BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider,
95                                   DWORD encoding,
96                                   HCRYPTPROV crypt_provider,
97                                   DWORD flags,
98                                   const void* store_name,
99                                   HCERTSTORE memory_store,
100                                   PCERT_STORE_PROV_INFO store_info) {
101   // If the high word is all zeroes, then |store_provider| is a numeric ID.
102   // Otherwise, it's a pointer to a null-terminated ASCII string. See the
103   // documentation for CryptGetOIDFunctionAddress for more information.
104   uint32 store_as_uint = reinterpret_cast<uint32>(store_provider);
105   if (store_as_uint > 0xFFFF || store_provider != CERT_STORE_PROV_SYSTEM_W ||
106       !g_capi_injector.Get().original_function)
107     return FALSE;
108 
109   BOOL ok = g_capi_injector.Get().original_function(store_provider, encoding,
110                                                     crypt_provider, flags,
111                                                     store_name, memory_store,
112                                                     store_info);
113   // Only the Root store should have certificates injected. If
114   // CERT_SYSTEM_STORE_RELOCATE_FLAG is set, then |store_name| points to a
115   // CERT_SYSTEM_STORE_RELOCATE_PARA structure, rather than a
116   // NULL-terminated wide string, so check before making a string
117   // comparison.
118   if (!ok || TestRootCerts::GetInstance()->IsEmpty() ||
119       (flags & CERT_SYSTEM_STORE_RELOCATE_FLAG) ||
120       lstrcmpiW(reinterpret_cast<LPCWSTR>(store_name), L"root"))
121     return ok;
122 
123   // The result of CertOpenStore with CERT_STORE_PROV_SYSTEM_W is documented
124   // to be a collection store, and that appears to hold for |memory_store|.
125   // Attempting to add an individual certificate to |memory_store| causes
126   // the request to be forwarded to the first physical store in the
127   // collection that accepts modifications, which will cause a secure
128   // confirmation dialog to be displayed, confirming the user wishes to
129   // trust the certificate. However, appending a store to the collection
130   // will merely modify the temporary collection store, and will not persist
131   // any changes to the underlying physical store. When the |memory_store| is
132   // searched to see if a certificate is in the Root store, all the
133   // underlying stores in the collection will be searched, and any certificate
134   // in temporary_roots() will be found and seen as trusted.
135   return CertAddStoreToCollection(
136       memory_store, TestRootCerts::GetInstance()->temporary_roots(), 0, 0);
137 }
138 
139 }  // namespace
140 
Add(X509Certificate * certificate)141 bool TestRootCerts::Add(X509Certificate* certificate) {
142   // Ensure that the default CryptoAPI functionality has been intercepted.
143   // If a test certificate is never added, then no interception should
144   // happen.
145   g_capi_injector.Get();
146 
147   BOOL ok = CertAddCertificateContextToStore(
148       temporary_roots_, certificate->os_cert_handle(),
149       CERT_STORE_ADD_NEW, NULL);
150   if (!ok) {
151     // If the certificate is already added, return successfully.
152     return GetLastError() == CRYPT_E_EXISTS;
153   }
154 
155   empty_ = false;
156   return true;
157 }
158 
Clear()159 void TestRootCerts::Clear() {
160   empty_ = true;
161 
162   PCCERT_CONTEXT prev_cert = NULL;
163   while (prev_cert = CertEnumCertificatesInStore(temporary_roots_, NULL))
164     CertDeleteCertificateFromStore(prev_cert);
165 }
166 
IsEmpty() const167 bool TestRootCerts::IsEmpty() const {
168   return empty_;
169 }
170 
GetChainEngine() const171 HCERTCHAINENGINE TestRootCerts::GetChainEngine() const {
172   if (IsEmpty())
173     return NULL;  // Default chain engine will suffice.
174 
175   // Each HCERTCHAINENGINE caches both the configured system stores and
176   // information about each chain that has been built. In order to ensure
177   // that changes to |temporary_roots_| are properly propagated and that the
178   // various caches are flushed, when at least one certificate is added,
179   // return a new chain engine for every call. Each chain engine creation
180   // should re-open the root store, ensuring the most recent changes are
181   // visible.
182   CERT_CHAIN_ENGINE_CONFIG engine_config = {
183     sizeof(engine_config)
184   };
185   engine_config.dwFlags =
186       CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE |
187       CERT_CHAIN_ENABLE_SHARE_STORE;
188   HCERTCHAINENGINE chain_engine = NULL;
189   BOOL ok = CertCreateCertificateChainEngine(&engine_config, &chain_engine);
190   DCHECK(ok);
191   return chain_engine;
192 }
193 
~TestRootCerts()194 TestRootCerts::~TestRootCerts() {
195   CertCloseStore(temporary_roots_, 0);
196 }
197 
Init()198 void TestRootCerts::Init() {
199   empty_ = true;
200   temporary_roots_ = CertOpenStore(
201       CERT_STORE_PROV_MEMORY, 0, NULL,
202       CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL);
203   DCHECK(temporary_roots_);
204 }
205 
206 }  // namespace net
207