1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
/* SPDX-License-Identifier: MIT
*
* Copyright (C) 2019-2020 WireGuard LLC. All Rights Reserved.
*/
package version
import (
"syscall"
"unsafe"
"golang.org/x/sys/windows"
)
func extractCertificateNames(path string) ([]string, error) {
path16, err := windows.UTF16PtrFromString(path)
if err != nil {
return nil, err
}
var certStore windows.Handle
err = windows.CryptQueryObject(windows.CERT_QUERY_OBJECT_FILE, unsafe.Pointer(path16), windows.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, windows.CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
if err != nil {
return nil, err
}
defer windows.CertCloseStore(certStore, 0)
var cert *windows.CertContext
var names []string
for {
cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
if err != nil {
if errno, ok := err.(syscall.Errno); ok {
if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
break
}
}
return nil, err
}
if cert == nil {
break
}
nameLen := windows.CertGetNameString(cert, windows.CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, nil, 0)
if nameLen == 0 {
continue
}
name16 := make([]uint16, nameLen)
if windows.CertGetNameString(cert, windows.CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, &name16[0], nameLen) != nameLen {
continue
}
if name16[0] == 0 {
continue
}
names = append(names, windows.UTF16ToString(name16))
}
if names == nil {
return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
}
return names, nil
}
func extractCertificatePolicies(path string, oid string) ([]string, error) {
path16, err := windows.UTF16PtrFromString(path)
if err != nil {
return nil, err
}
oid8, err := windows.BytePtrFromString(oid)
if err != nil {
return nil, err
}
var certStore windows.Handle
err = windows.CryptQueryObject(windows.CERT_QUERY_OBJECT_FILE, unsafe.Pointer(path16), windows.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, windows.CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
if err != nil {
return nil, err
}
defer windows.CertCloseStore(certStore, 0)
var cert *windows.CertContext
var policies []string
for {
cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
if err != nil {
if errno, ok := err.(syscall.Errno); ok {
if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
break
}
}
return nil, err
}
if cert == nil {
break
}
ci := (*windows.CertInfo)(unsafe.Pointer(cert.CertInfo))
ext := windows.CertFindExtension(oid8, ci.CountExtensions, ci.Extensions)
if ext == nil {
continue
}
var decodedLen uint32
err = windows.CryptDecodeObject(windows.X509_ASN_ENCODING|windows.PKCS_7_ASN_ENCODING, ext.ObjId, ext.Value.Data, ext.Value.Size, 0, nil, &decodedLen)
if err != nil {
return nil, err
}
bytes := make([]byte, decodedLen)
certPoliciesInfo := (*windows.CertPoliciesInfo)(unsafe.Pointer(&bytes[0]))
err = windows.CryptDecodeObject(windows.X509_ASN_ENCODING|windows.PKCS_7_ASN_ENCODING, ext.ObjId, ext.Value.Data, ext.Value.Size, 0, unsafe.Pointer(&bytes[0]), &decodedLen)
if err != nil {
return nil, err
}
for i := uintptr(0); i < uintptr(certPoliciesInfo.Count); i++ {
cp := (*windows.CertPolicy)(unsafe.Pointer(uintptr(unsafe.Pointer(certPoliciesInfo.PolicyInfos)) + i*unsafe.Sizeof(*certPoliciesInfo.PolicyInfos)))
policies = append(policies, windows.BytePtrToString(cp.Identifier))
}
}
if policies == nil {
return nil, syscall.Errno(windows.CRYPT_E_NOT_FOUND)
}
return policies, nil
}
|