aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/version/wintrust/certificate_windows.go
blob: 1e145095f85dce499fed30e775e4884270696d06 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/* SPDX-License-Identifier: MIT
 *
 * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
 */

package wintrust

import (
	"crypto/x509"
	"syscall"
	"unsafe"

	"golang.org/x/sys/windows"
)

const (
	_CERT_QUERY_OBJECT_FILE                     = 1
	_CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = 1024
	_CERT_QUERY_FORMAT_FLAG_ALL                 = 14
)

//sys	cryptQueryObject(objectType uint32, object uintptr, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *windows.Handle, msg *windows.Handle, context *uintptr) (err error) = crypt32.CryptQueryObject

func ExtractCertificates(path string) ([]x509.Certificate, error) {
	path16, err := windows.UTF16PtrFromString(path)
	if err != nil {
		return nil, err
	}
	var certStore windows.Handle
	err = cryptQueryObject(_CERT_QUERY_OBJECT_FILE, uintptr(unsafe.Pointer(path16)), _CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, _CERT_QUERY_FORMAT_FLAG_ALL, 0, nil, nil, nil, &certStore, nil, nil)
	if err != nil {
		return nil, err
	}
	defer windows.CertCloseStore(certStore, 0)
	var certs []x509.Certificate
	var cert *windows.CertContext
	for {
		cert, err = windows.CertEnumCertificatesInStore(certStore, cert)
		if err != nil {
			if errno, ok := err.(syscall.Errno); ok {
				if errno == syscall.Errno(windows.CRYPT_E_NOT_FOUND) {
					break
				}
			}
			return nil, err
		}
		if cert == nil {
			break
		}
		buf := make([]byte, cert.Length)
		copy(buf, (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:])
		if c, err := x509.ParseCertificate(buf); err == nil {
			certs = append(certs, *c)
		} else {
			return nil, err
		}
	}
	return certs, nil
}