crypto/tls: fetch root CA from Windows store

R=rsc CC=golang-dev https://golang.org/cl/5281044

crypto/tls: fetch root CA from Windows store
R=rsc CC=golang-dev https://golang.org/cl/5281044
3153395e · Mikkel Krautz · Russ Cox · 812249fe · 3153395e · 3153395e
Commit 3153395e authored Oct 14, 2011 by Mikkel Krautz Committed by Russ Cox Oct 14, 2011
6 changed files
--- a/src/pkg/crypto/tls/Makefile
+++ b/src/pkg/crypto/tls/Makefile
@@ -28,7 +28,7 @@ GOFILES_freebsd+=root_unix.go
 GOFILES_linux+=root_unix.go
 GOFILES_openbsd+=root_unix.go
 GOFILES_plan9+=root_stub.go
-GOFILES_windows+=root_stub.go
+GOFILES_windows+=root_windows.go
 GOFILES+=$(GOFILES_$(GOOS))
 ifneq ($(CGOFILES_$(GOOS)),)

--- a/src/pkg/crypto/tls/root_windows.go
+++ b/src/pkg/crypto/tls/root_windows.go
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package tls
+import (
+	"crypto/x509"
+	"reflect"
+	"syscall"
+	"unsafe"
+)
+func loadStore(roots *x509.CertPool, name string) {
+	store, errno := syscall.CertOpenSystemStore(syscall.InvalidHandle, syscall.StringToUTF16Ptr(name))
+	if errno != 0 {
+		return
+	}
+	var prev *syscall.CertContext
+	for {
+		cur := syscall.CertEnumCertificatesInStore(store, prev)
+		if cur == nil {
+			break
+		}
+		var buf []byte
+		hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&buf))
+		hdrp.Data = cur.EncodedCert
+		hdrp.Len = int(cur.Length)
+		hdrp.Cap = int(cur.Length)
+		cert, err := x509.ParseCertificate(buf)
+		if err != nil {
+			continue
+		}
+		roots.AddCert(cert)
+		prev = cur
+	}
+	syscall.CertCloseStore(store, 0)
+}
+func initDefaultRoots() {
+	roots := x509.NewCertPool()
+	// Roots
+	loadStore(roots, "ROOT")
+	// Intermediates
+	loadStore(roots, "CA")
+	varDefaultRoots = roots
+}
--- a/src/pkg/syscall/syscall_windows.go
+++ b/src/pkg/syscall/syscall_windows.go
@@ -221,6 +221,9 @@ func NewCallback(fn interface{}) uintptr
 //sys	VirtualLock(addr uintptr, length uintptr) (errno int)
 //sys	VirtualUnlock(addr uintptr, length uintptr) (errno int)
 //sys	TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (errno int) = mswsock.TransmitFile
+//sys	CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, errno int) = crypt32.CertOpenSystemStoreW
+//sys	CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) = crypt32.CertEnumCertificatesInStore
+//sys	CertCloseStore(store Handle, flags uint32) (errno int) = crypt32.CertCloseStore
 // syscall interface implementation for other packages

--- a/src/pkg/syscall/zsyscall_windows_386.go
+++ b/src/pkg/syscall/zsyscall_windows_386.go
--- a/src/pkg/syscall/zsyscall_windows_amd64.go
+++ b/src/pkg/syscall/zsyscall_windows_amd64.go
--- a/src/pkg/syscall/ztypes_windows.go
+++ b/src/pkg/syscall/ztypes_windows.go
@@ -617,3 +617,11 @@ type MibIfRow struct {
 	DescrLen        uint32
 	Descr           [MAXLEN_IFDESCR]byte
 }
+type CertContext struct {
+	EncodingType uint32
+	EncodedCert  uintptr
+	Length       uint32
+	CertInfo     uintptr
+	Store        Handle
+}