net/cert/test_root_certs_win.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/test_root_certs.h"
   6
   7 #include <stdint.h>
   8
   9 #include "base/lazy_instance.h"
  10 #include "base/logging.h"
  11 #include "base/win/win_util.h"
  12 #include "base/win/windows_version.h"
  13 #include "net/cert/x509_certificate.h"
  14
  15 namespace net {
  16
  17 namespace {
  18
  19 // Provides a CertDllOpenStoreProv callback provider function, to be called
  20 // by CertOpenStore when the CERT_STORE_PROV_SYSTEM_W store is opened. See
  21 // http://msdn.microsoft.com/en-us/library/aa376043(VS.85).aspx.
  22 BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider,
  23                                   DWORD encoding,
  24                                   HCRYPTPROV crypt_provider,
  25                                   DWORD flags,
  26                                   const void* extra,
  27                                   HCERTSTORE memory_store,
  28                                   PCERT_STORE_PROV_INFO store_info);
  29
  30 // CryptoAPIInjector is used to inject a store provider function for system
  31 // certificate stores before the one provided internally by Crypt32.dll.
  32 // Once injected, there is no way to remove, so every call to open a system
  33 // store will be redirected to the injected function.
  34 struct CryptoAPIInjector {
  35   // The previous default function for opening system stores. For most
  36   // configurations, this should point to Crypt32's internal
  37   // I_CertDllOpenSystemStoreProvW function.
  38   PFN_CERT_DLL_OPEN_STORE_PROV_FUNC original_function;
  39
  40   // The handle that CryptoAPI uses to ensure the DLL implementing
  41   // |original_function| remains loaded in memory.
  42   HCRYPTOIDFUNCADDR original_handle;
  43
  44  private:
  45   friend struct base::DefaultLazyInstanceTraits<CryptoAPIInjector>;
  46
  47   CryptoAPIInjector()
  48       : original_function(NULL),
  49         original_handle(NULL) {
  50     HCRYPTOIDFUNCSET registered_functions =
  51         CryptInitOIDFunctionSet(CRYPT_OID_OPEN_STORE_PROV_FUNC, 0);
  52
  53     // Preserve the original handler function in |original_function|. If other
  54     // functions are overridden, they will also need to be preserved.
  55     BOOL ok = CryptGetOIDFunctionAddress(
  56         registered_functions, 0, CERT_STORE_PROV_SYSTEM_W, 0,
  57         reinterpret_cast<void**>(&original_function), &original_handle);
  58     DCHECK(ok);
  59
  60     // For now, intercept only the numeric form of the system store
  61     // function, CERT_STORE_PROV_SYSTEM_W (0x0A), which is what Crypt32
  62     // functionality uses exclusively. Depending on the machine that tests
  63     // are being run on, it may prove necessary to also intercept
  64     // sz_CERT_STORE_PROV_SYSTEM_[A/W] and CERT_STORE_PROV_SYSTEM_A, based
  65     // on whether or not any third-party CryptoAPI modules have been
  66     // installed.
  67     const CRYPT_OID_FUNC_ENTRY kFunctionToIntercept =
  68         { CERT_STORE_PROV_SYSTEM_W, &InterceptedOpenStoreW };
  69
  70     // Inject kFunctionToIntercept at the front of the linked list that
  71     // crypt32 uses when CertOpenStore is called, replacing the existing
  72     // registered function.
  73     ok = CryptInstallOIDFunctionAddress(NULL, 0,
  74                                         CRYPT_OID_OPEN_STORE_PROV_FUNC, 1,
  75                                         &kFunctionToIntercept,
  76                                         CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG);
  77     DCHECK(ok);
  78   }
  79
  80   // This is never called, because this object is intentionally leaked.
  81   // Certificate verification happens on a non-joinable worker thread, which
  82   // may still be running when ~AtExitManager is called, so the LazyInstance
  83   // must be leaky.
  84   ~CryptoAPIInjector() {
  85     original_function = NULL;
  86     CryptFreeOIDFunctionAddress(original_handle, NULL);
  87   }
  88 };
  89
  90 base::LazyInstance<CryptoAPIInjector>::Leaky
  91     g_capi_injector = LAZY_INSTANCE_INITIALIZER;
  92
  93 BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider,
  94                                   DWORD encoding,
  95                                   HCRYPTPROV crypt_provider,
  96                                   DWORD flags,
  97                                   const void* store_name,
  98                                   HCERTSTORE memory_store,
  99                                   PCERT_STORE_PROV_INFO store_info) {
 100   // If the high word is all zeroes, then |store_provider| is a numeric ID.
 101   // Otherwise, it's a pointer to a null-terminated ASCII string. See the
 102   // documentation for CryptGetOIDFunctionAddress for more information.
 103   uint32_t store_as_uint = reinterpret_cast<uint32_t>(store_provider);
 104   if (store_as_uint > 0xFFFF || store_provider != CERT_STORE_PROV_SYSTEM_W ||
 105       !g_capi_injector.Get().original_function)
 106     return FALSE;
 107
 108   BOOL ok = g_capi_injector.Get().original_function(store_provider, encoding,
 109                                                     crypt_provider, flags,
 110                                                     store_name, memory_store,
 111                                                     store_info);
 112   // Only the Root store should have certificates injected. If
 113   // CERT_SYSTEM_STORE_RELOCATE_FLAG is set, then |store_name| points to a
 114   // CERT_SYSTEM_STORE_RELOCATE_PARA structure, rather than a
 115   // NULL-terminated wide string, so check before making a string
 116   // comparison.
 117   if (!ok || TestRootCerts::GetInstance()->IsEmpty() ||
 118       (flags & CERT_SYSTEM_STORE_RELOCATE_FLAG) ||
 119       lstrcmpiW(reinterpret_cast<LPCWSTR>(store_name), L"root"))
 120     return ok;
 121
 122   // The result of CertOpenStore with CERT_STORE_PROV_SYSTEM_W is documented
 123   // to be a collection store, and that appears to hold for |memory_store|.
 124   // Attempting to add an individual certificate to |memory_store| causes
 125   // the request to be forwarded to the first physical store in the
 126   // collection that accepts modifications, which will cause a secure
 127   // confirmation dialog to be displayed, confirming the user wishes to
 128   // trust the certificate. However, appending a store to the collection
 129   // will merely modify the temporary collection store, and will not persist
 130   // any changes to the underlying physical store. When the |memory_store| is
 131   // searched to see if a certificate is in the Root store, all the
 132   // underlying stores in the collection will be searched, and any certificate
 133   // in temporary_roots() will be found and seen as trusted.
 134   return CertAddStoreToCollection(
 135       memory_store, TestRootCerts::GetInstance()->temporary_roots(), 0, 0);
 136 }
 137
 138 }  // namespace
 139
 140 bool TestRootCerts::Add(X509Certificate* certificate) {
 141   // Ensure that the default CryptoAPI functionality has been intercepted.
 142   // If a test certificate is never added, then no interception should
 143   // happen.
 144   g_capi_injector.Get();
 145
 146   BOOL ok = CertAddCertificateContextToStore(
 147       temporary_roots_, certificate->os_cert_handle(),
 148       CERT_STORE_ADD_NEW, NULL);
 149   if (!ok) {
 150     // If the certificate is already added, return successfully.
 151     return GetLastError() == CRYPT_E_EXISTS;
 152   }
 153
 154   empty_ = false;
 155   return true;
 156 }
 157
 158 void TestRootCerts::Clear() {
 159   empty_ = true;
 160
 161   for (PCCERT_CONTEXT prev_cert =
 162            CertEnumCertificatesInStore(temporary_roots_, NULL);
 163        prev_cert;
 164        prev_cert = CertEnumCertificatesInStore(temporary_roots_, NULL))
 165     CertDeleteCertificateFromStore(prev_cert);
 166 }
 167
 168 bool TestRootCerts::IsEmpty() const {
 169   return empty_;
 170 }
 171
 172 HCERTCHAINENGINE TestRootCerts::GetChainEngine() const {
 173   if (IsEmpty())
 174     return NULL;  // Default chain engine will suffice.
 175
 176   // Windows versions before 7 don't accept the struct size for later versions.
 177   // We report the size of the old struct since we don't need the new members.
 178   static const DWORD kSizeofCertChainEngineConfig =
 179       SIZEOF_STRUCT_WITH_SPECIFIED_LAST_MEMBER(
 180           CERT_CHAIN_ENGINE_CONFIG, CycleDetectionModulus);
 181
 182   // Each HCERTCHAINENGINE caches both the configured system stores and
 183   // information about each chain that has been built. In order to ensure
 184   // that changes to |temporary_roots_| are properly propagated and that the
 185   // various caches are flushed, when at least one certificate is added,
 186   // return a new chain engine for every call. Each chain engine creation
 187   // should re-open the root store, ensuring the most recent changes are
 188   // visible.
 189   CERT_CHAIN_ENGINE_CONFIG engine_config = {
 190     kSizeofCertChainEngineConfig
 191   };
 192   engine_config.dwFlags =
 193       CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE |
 194       CERT_CHAIN_ENABLE_SHARE_STORE;
 195   HCERTCHAINENGINE chain_engine = NULL;
 196   BOOL ok = CertCreateCertificateChainEngine(&engine_config, &chain_engine);
 197   DCHECK(ok);
 198   return chain_engine;
 199 }
 200
 201 TestRootCerts::~TestRootCerts() {
 202   CertCloseStore(temporary_roots_, 0);
 203 }
 204
 205 void TestRootCerts::Init() {
 206   empty_ = true;
 207   temporary_roots_ = CertOpenStore(
 208       CERT_STORE_PROV_MEMORY, 0, NULL,
 209       CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL);
 210   DCHECK(temporary_roots_);
 211 }
 212
 213 }  // namespace net