diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-09-23 14:54:20 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-09-23 15:29:18 +0200 |
| commit | f2c1f2a478a36cf94d54c6eee4c9addc34f10457 (patch) | |
| tree | 29a07822f3ffea086b03a5bcb0d0c9a6954b7cff /version/wintrust/certificate_windows.go | |
| parent | updater: use winhttp to reduce filesize (diff) | |
| download | wireguard-windows-f2c1f2a478a36cf94d54c6eee4c9addc34f10457.tar.xz wireguard-windows-f2c1f2a478a36cf94d54c6eee4c9addc34f10457.zip | |
version: use crypt32 instead of go x509 for cn extraction for file size
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'version/wintrust/certificate_windows.go')
| -rw-r--r-- | version/wintrust/certificate_windows.go | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/version/wintrust/certificate_windows.go b/version/wintrust/certificate_windows.go index cf254e4f..8c933f11 100644 --- a/version/wintrust/certificate_windows.go +++ b/version/wintrust/certificate_windows.go @@ -6,7 +6,6 @@ package wintrust import ( - "crypto/x509" "syscall" "unsafe" @@ -14,26 +13,28 @@ import ( ) const ( - CERT_QUERY_OBJECT_FILE = 1 - CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = 1024 - CERT_QUERY_FORMAT_FLAG_ALL = 14 + _CERT_QUERY_OBJECT_FILE = 1 + _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = 1024 + _CERT_QUERY_FORMAT_FLAG_ALL = 14 + _CERT_NAME_SIMPLE_DISPLAY_TYPE = 4 ) -//sys CryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) = crypt32.CryptQueryObject +//sys cryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) = crypt32.CryptQueryObject +//sys certGetNameString(certContext *windows.CertContext, nameType uint32, flags uint32, typePara uintptr, name *uint16, size uint32) (chars uint32) = crypt32.CertGetNameStringW -func ExtractCertificates(path string) ([]x509.Certificate, error) { +func ExtractCertificateNames(path string) ([]string, error) { path16, err := windows.UTF16PtrFromString(path) if err != nil { return nil, err } var certStore windows.Handle - err = CryptQueryObject(CERT_QUERY_OBJECT_FILE, uintptr(unsafe.Pointer(path16)), CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil) + err = cryptQueryObject(_CERT_QUERY_OBJECT_FILE, uintptr(unsafe.Pointer(path16)), _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, _CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil) if err != nil { return nil, err } defer windows.CertCloseStore(certStore, 0) - var certs []x509.Certificate var cert *windows.CertContext + var names []string for { cert, err = windows.CertEnumCertificatesInStore(certStore, cert) if err != nil { @@ -47,13 +48,21 @@ func ExtractCertificates(path string) ([]x509.Certificate, error) { if cert == nil { break } - buf := make([]byte, cert.Length) - copy(buf, (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]) - if c, err := x509.ParseCertificate(buf); err == nil { - certs = append(certs, *c) - } else { - return nil, err + nameLen := certGetNameString(cert, _CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, 0, nil, 0) + if nameLen == 0 { + continue + } + name16 := make([]uint16, nameLen) + if certGetNameString(cert, _CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, 0, &name16[0], nameLen) != nameLen { + continue } + if name16[0] == 0 { + continue + } + names = append(names, windows.UTF16ToString(name16)) + } + if names == nil { + return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND) } - return certs, nil + return names, nil } |