| 
									
										
										
										
											2017-04-29 19:29:07 +10:00
										 |  |  | // Copyright (c) 2017 GitHub, Inc.
 | 
					
						
							| 
									
										
										
										
											2017-04-06 11:01:58 +10:00
										 |  |  | // Use of this source code is governed by the MIT license that can be
 | 
					
						
							|  |  |  | // found in the LICENSE file.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "atom/browser/ui/certificate_trust.h"
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-19 14:27:57 +02:00
										 |  |  | #include <windows.h>  // windows.h must be included first
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-20 21:12:32 +10:00
										 |  |  | #include <wincrypt.h>
 | 
					
						
							| 
									
										
										
										
											2017-04-06 11:01:58 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-21 12:47:11 +10:00
										 |  |  | #include "base/callback.h"
 | 
					
						
							| 
									
										
										
										
											2017-04-24 11:10:41 +10:00
										 |  |  | #include "net/cert/cert_database.h"
 | 
					
						
							| 
									
										
										
										
											2017-09-21 13:24:57 +00:00
										 |  |  | #include "net/cert/x509_util_win.h"
 | 
					
						
							| 
									
										
										
										
											2017-04-21 12:47:11 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-06 11:01:58 +10:00
										 |  |  | namespace certificate_trust { | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  | // Add the provided certificate to the Trusted Root Certificate Authorities
 | 
					
						
							|  |  |  | // store for the current user.
 | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | //
 | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  | // This requires prompting the user to confirm they trust the certificate.
 | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  | BOOL AddToTrustedRootStore(const PCCERT_CONTEXT cert_context, | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  |                            const scoped_refptr<net::X509Certificate>& cert) { | 
					
						
							| 
									
										
										
										
											2018-04-17 21:55:30 -04:00
										 |  |  |   auto root_cert_store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, | 
					
						
							|  |  |  |                                        CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); | 
					
						
							| 
									
										
										
										
											2017-04-24 11:49:55 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   if (root_cert_store == NULL) { | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  |     return false; | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2017-04-24 11:49:55 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-27 15:06:23 +10:00
										 |  |  |   auto result = CertAddCertificateContextToStore( | 
					
						
							| 
									
										
										
										
											2018-04-17 21:55:30 -04:00
										 |  |  |       root_cert_store, cert_context, CERT_STORE_ADD_REPLACE_EXISTING, NULL); | 
					
						
							| 
									
										
										
										
											2017-04-24 11:10:41 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-27 15:06:23 +10:00
										 |  |  |   if (result) { | 
					
						
							|  |  |  |     // force Chromium to reload it's database for this certificate
 | 
					
						
							|  |  |  |     auto cert_db = net::CertDatabase::GetInstance(); | 
					
						
							| 
									
										
										
										
											2017-05-10 10:05:48 -07:00
										 |  |  |     cert_db->NotifyObserversCertDBChanged(); | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  |   } | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   CertCloseStore(root_cert_store, CERT_CLOSE_STORE_FORCE_FLAG); | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |   return result; | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | CERT_CHAIN_PARA GetCertificateChainParameters() { | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   CERT_ENHKEY_USAGE enhkey_usage; | 
					
						
							|  |  |  |   enhkey_usage.cUsageIdentifier = 0; | 
					
						
							|  |  |  |   enhkey_usage.rgpszUsageIdentifier = NULL; | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   CERT_USAGE_MATCH cert_usage; | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  |   // ensure the rules are applied to the entire chain
 | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   cert_usage.dwType = USAGE_MATCH_TYPE_AND; | 
					
						
							|  |  |  |   cert_usage.Usage = enhkey_usage; | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-17 21:55:30 -04:00
										 |  |  |   CERT_CHAIN_PARA params = {sizeof(CERT_CHAIN_PARA)}; | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   params.RequestedUsage = cert_usage; | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  |   return params; | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void ShowCertificateTrust(atom::NativeWindow* parent_window, | 
					
						
							|  |  |  |                           const scoped_refptr<net::X509Certificate>& cert, | 
					
						
							|  |  |  |                           const std::string& message, | 
					
						
							|  |  |  |                           const ShowTrustCallback& callback) { | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |   PCCERT_CHAIN_CONTEXT chain_context; | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-21 13:24:57 +00:00
										 |  |  |   auto cert_context = net::x509_util::CreateCertContextWithChain(cert.get()); | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |   auto params = GetCertificateChainParameters(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-17 21:55:30 -04:00
										 |  |  |   if (CertGetCertificateChain(NULL, cert_context.get(), NULL, NULL, ¶ms, | 
					
						
							|  |  |  |                               NULL, NULL, &chain_context)) { | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |     auto error_status = chain_context->TrustStatus.dwErrorStatus; | 
					
						
							| 
									
										
										
										
											2017-05-03 16:22:56 -07:00
										 |  |  |     if (error_status == CERT_TRUST_IS_SELF_SIGNED || | 
					
						
							|  |  |  |         error_status == CERT_TRUST_IS_UNTRUSTED_ROOT) { | 
					
						
							|  |  |  |       // these are the only scenarios we're interested in supporting
 | 
					
						
							| 
									
										
										
										
											2017-09-21 13:24:57 +00:00
										 |  |  |       AddToTrustedRootStore(cert_context.get(), cert); | 
					
						
							| 
									
										
										
										
											2017-04-27 14:44:58 +10:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-04-20 21:12:32 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-29 19:28:42 +10:00
										 |  |  |     CertFreeCertificateChain(chain_context); | 
					
						
							| 
									
										
										
										
											2017-04-27 15:01:55 +10:00
										 |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   callback.Run(); | 
					
						
							| 
									
										
										
										
											2017-04-06 11:09:58 +10:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2017-04-06 11:01:58 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  | }  // namespace certificate_trust
 |