1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/cert/test_root_certs.h"
6
7#include <windows.h>
8#include <wincrypt.h>
9
10#include "base/basictypes.h"
11#include "base/lazy_instance.h"
12#include "base/logging.h"
13#include "base/win/win_util.h"
14#include "base/win/windows_version.h"
15#include "net/cert/x509_certificate.h"
16
17namespace net {
18
19namespace {
20
21// Provides a CertDllOpenStoreProv callback provider function, to be called
22// by CertOpenStore when the CERT_STORE_PROV_SYSTEM_W store is opened. See
23// http://msdn.microsoft.com/en-us/library/aa376043(VS.85).aspx.
24BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider,
25                                  DWORD encoding,
26                                  HCRYPTPROV crypt_provider,
27                                  DWORD flags,
28                                  const void* extra,
29                                  HCERTSTORE memory_store,
30                                  PCERT_STORE_PROV_INFO store_info);
31
32// CryptoAPIInjector is used to inject a store provider function for system
33// certificate stores before the one provided internally by Crypt32.dll.
34// Once injected, there is no way to remove, so every call to open a system
35// store will be redirected to the injected function.
36struct CryptoAPIInjector {
37  // The previous default function for opening system stores. For most
38  // configurations, this should point to Crypt32's internal
39  // I_CertDllOpenSystemStoreProvW function.
40  PFN_CERT_DLL_OPEN_STORE_PROV_FUNC original_function;
41
42  // The handle that CryptoAPI uses to ensure the DLL implementing
43  // |original_function| remains loaded in memory.
44  HCRYPTOIDFUNCADDR original_handle;
45
46 private:
47  friend struct base::DefaultLazyInstanceTraits<CryptoAPIInjector>;
48
49  CryptoAPIInjector()
50      : original_function(NULL),
51        original_handle(NULL) {
52    HCRYPTOIDFUNCSET registered_functions =
53        CryptInitOIDFunctionSet(CRYPT_OID_OPEN_STORE_PROV_FUNC, 0);
54
55    // Preserve the original handler function in |original_function|. If other
56    // functions are overridden, they will also need to be preserved.
57    BOOL ok = CryptGetOIDFunctionAddress(
58        registered_functions, 0, CERT_STORE_PROV_SYSTEM_W, 0,
59        reinterpret_cast<void**>(&original_function), &original_handle);
60    DCHECK(ok);
61
62    // For now, intercept only the numeric form of the system store
63    // function, CERT_STORE_PROV_SYSTEM_W (0x0A), which is what Crypt32
64    // functionality uses exclusively. Depending on the machine that tests
65    // are being run on, it may prove necessary to also intercept
66    // sz_CERT_STORE_PROV_SYSTEM_[A/W] and CERT_STORE_PROV_SYSTEM_A, based
67    // on whether or not any third-party CryptoAPI modules have been
68    // installed.
69    const CRYPT_OID_FUNC_ENTRY kFunctionToIntercept =
70        { CERT_STORE_PROV_SYSTEM_W, &InterceptedOpenStoreW };
71
72    // Inject kFunctionToIntercept at the front of the linked list that
73    // crypt32 uses when CertOpenStore is called, replacing the existing
74    // registered function.
75    ok = CryptInstallOIDFunctionAddress(NULL, 0,
76                                        CRYPT_OID_OPEN_STORE_PROV_FUNC, 1,
77                                        &kFunctionToIntercept,
78                                        CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG);
79    DCHECK(ok);
80  }
81
82  // This is never called, because this object is intentionally leaked.
83  // Certificate verification happens on a non-joinable worker thread, which
84  // may still be running when ~AtExitManager is called, so the LazyInstance
85  // must be leaky.
86  ~CryptoAPIInjector() {
87    original_function = NULL;
88    CryptFreeOIDFunctionAddress(original_handle, NULL);
89  }
90};
91
92base::LazyInstance<CryptoAPIInjector>::Leaky
93    g_capi_injector = LAZY_INSTANCE_INITIALIZER;
94
95BOOL WINAPI InterceptedOpenStoreW(LPCSTR store_provider,
96                                  DWORD encoding,
97                                  HCRYPTPROV crypt_provider,
98                                  DWORD flags,
99                                  const void* store_name,
100                                  HCERTSTORE memory_store,
101                                  PCERT_STORE_PROV_INFO store_info) {
102  // If the high word is all zeroes, then |store_provider| is a numeric ID.
103  // Otherwise, it's a pointer to a null-terminated ASCII string. See the
104  // documentation for CryptGetOIDFunctionAddress for more information.
105  uint32 store_as_uint = reinterpret_cast<uint32>(store_provider);
106  if (store_as_uint > 0xFFFF || store_provider != CERT_STORE_PROV_SYSTEM_W ||
107      !g_capi_injector.Get().original_function)
108    return FALSE;
109
110  BOOL ok = g_capi_injector.Get().original_function(store_provider, encoding,
111                                                    crypt_provider, flags,
112                                                    store_name, memory_store,
113                                                    store_info);
114  // Only the Root store should have certificates injected. If
115  // CERT_SYSTEM_STORE_RELOCATE_FLAG is set, then |store_name| points to a
116  // CERT_SYSTEM_STORE_RELOCATE_PARA structure, rather than a
117  // NULL-terminated wide string, so check before making a string
118  // comparison.
119  if (!ok || TestRootCerts::GetInstance()->IsEmpty() ||
120      (flags & CERT_SYSTEM_STORE_RELOCATE_FLAG) ||
121      lstrcmpiW(reinterpret_cast<LPCWSTR>(store_name), L"root"))
122    return ok;
123
124  // The result of CertOpenStore with CERT_STORE_PROV_SYSTEM_W is documented
125  // to be a collection store, and that appears to hold for |memory_store|.
126  // Attempting to add an individual certificate to |memory_store| causes
127  // the request to be forwarded to the first physical store in the
128  // collection that accepts modifications, which will cause a secure
129  // confirmation dialog to be displayed, confirming the user wishes to
130  // trust the certificate. However, appending a store to the collection
131  // will merely modify the temporary collection store, and will not persist
132  // any changes to the underlying physical store. When the |memory_store| is
133  // searched to see if a certificate is in the Root store, all the
134  // underlying stores in the collection will be searched, and any certificate
135  // in temporary_roots() will be found and seen as trusted.
136  return CertAddStoreToCollection(
137      memory_store, TestRootCerts::GetInstance()->temporary_roots(), 0, 0);
138}
139
140}  // namespace
141
142bool TestRootCerts::Add(X509Certificate* certificate) {
143  // Ensure that the default CryptoAPI functionality has been intercepted.
144  // If a test certificate is never added, then no interception should
145  // happen.
146  g_capi_injector.Get();
147
148  BOOL ok = CertAddCertificateContextToStore(
149      temporary_roots_, certificate->os_cert_handle(),
150      CERT_STORE_ADD_NEW, NULL);
151  if (!ok) {
152    // If the certificate is already added, return successfully.
153    return GetLastError() == CRYPT_E_EXISTS;
154  }
155
156  empty_ = false;
157  return true;
158}
159
160void TestRootCerts::Clear() {
161  empty_ = true;
162
163  for (PCCERT_CONTEXT prev_cert =
164           CertEnumCertificatesInStore(temporary_roots_, NULL);
165       prev_cert;
166       prev_cert = CertEnumCertificatesInStore(temporary_roots_, NULL))
167    CertDeleteCertificateFromStore(prev_cert);
168}
169
170bool TestRootCerts::IsEmpty() const {
171  return empty_;
172}
173
174HCERTCHAINENGINE TestRootCerts::GetChainEngine() const {
175  if (IsEmpty())
176    return NULL;  // Default chain engine will suffice.
177
178  // Windows versions before 7 don't accept the struct size for later versions.
179  // We report the size of the old struct since we don't need the new members.
180  static const DWORD kSizeofCertChainEngineConfig =
181      SIZEOF_STRUCT_WITH_SPECIFIED_LAST_MEMBER(
182          CERT_CHAIN_ENGINE_CONFIG, CycleDetectionModulus);
183
184  // Each HCERTCHAINENGINE caches both the configured system stores and
185  // information about each chain that has been built. In order to ensure
186  // that changes to |temporary_roots_| are properly propagated and that the
187  // various caches are flushed, when at least one certificate is added,
188  // return a new chain engine for every call. Each chain engine creation
189  // should re-open the root store, ensuring the most recent changes are
190  // visible.
191  CERT_CHAIN_ENGINE_CONFIG engine_config = {
192    kSizeofCertChainEngineConfig
193  };
194  engine_config.dwFlags =
195      CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE |
196      CERT_CHAIN_ENABLE_SHARE_STORE;
197  HCERTCHAINENGINE chain_engine = NULL;
198  BOOL ok = CertCreateCertificateChainEngine(&engine_config, &chain_engine);
199  DCHECK(ok);
200  return chain_engine;
201}
202
203TestRootCerts::~TestRootCerts() {
204  CertCloseStore(temporary_roots_, 0);
205}
206
207void TestRootCerts::Init() {
208  empty_ = true;
209  temporary_roots_ = CertOpenStore(
210      CERT_STORE_PROV_MEMORY, 0, NULL,
211      CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL);
212  DCHECK(temporary_roots_);
213}
214
215}  // namespace net
216