Merge branch 'use_CertOpenStore' into 'master'

win32: Use CertOpenStore instead of CertOpenSystemStore

See merge request gnutls/gnutls!839

5 files changed, 89 insertions, 6 deletions

diff --git a/lib/system/certs.c b/lib/system/certs.c
index 53eb561d00..f9090f1e74 100644
--- a/lib/system/certs.c
+++ b/lib/system/certs.c
@@ -161,9 +161,9 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
 		gnutls_datum_t data;
 
 		if (i == 0)
-			store = CertOpenSystemStore(0, "ROOT");
+			store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER , L"ROOT");
 		else
-			store = CertOpenSystemStore(0, "CA");
+			store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"CA");
 
 		if (store == NULL)
 			return GNUTLS_E_FILE_ERROR;
diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
index ab4f6aaa0d..c189a5d8fd 100644
--- a/lib/system/keys-win.c
+++ b/lib/system/keys-win.c
@@ -651,7 +651,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
 	blob.cbData = id_size;
 	blob.pbData = id;
 
-	store = CertOpenSystemStore(0, "MY");
+	store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");
 	if (store == NULL) {
 		gnutls_assert();
 		ret = GNUTLS_E_FILE_ERROR;
@@ -889,7 +889,7 @@ int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
 	blob.cbData = id_size;
 	blob.pbData = id;
 
-	store = CertOpenSystemStore(0, "MY");
+	store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");
 	if (store == NULL) {
 		gnutls_assert();
 		ret = GNUTLS_E_FILE_ERROR;
@@ -1137,7 +1137,7 @@ gnutls_system_key_iter_get_info(gnutls_system_key_iter_t * iter,
 		if (*iter == NULL)
 			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
-		(*iter)->store = CertOpenSystemStore(0, "MY");
+		(*iter)->store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");
 		if ((*iter)->store == NULL) {
 			gnutls_free(*iter);
 			*iter = NULL;
@@ -1210,7 +1210,7 @@ int gnutls_system_key_delete(const char *cert_url, const char *key_url)
 	blob.cbData = id_size;
 	blob.pbData = id;
 
-	store = CertOpenSystemStore(0, "MY");
+	store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");
 	if (store != NULL) {
 		do {
 			cert = CertFindCertificateInStore(store,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 7bc98df743..043aefc01d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -486,6 +486,10 @@ else
 
 TESTS_ENVIRONMENT += WINDOWS=1
 
+win32_certopenstore_SOURCES = win-certopenstore.c
+win32_certopenstore_LDADD = $(LDADD) -lcrypt32
+ctests += win32-certopenstore
+
 endif
 
 cpptests =
diff --git a/tests/win-certopenstore.c b/tests/win-certopenstore.c
new file mode 100644
index 0000000000..162defa4e3
--- /dev/null
+++ b/tests/win-certopenstore.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2018 Hugo Beauzée-Luyssen
+ *
+ * Author: Hugo Beauzée-Luyssen
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* 
+ * This test verifies the assumptions about CertOpenStore and 
+ * CertOpenSystemStore to be equivalent when passed some specific flags
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef _WIN32
+#error "This test shouldn't have been included"
+#endif
+
+#include <windows.h>
+#include <wincrypt.h>
+#include <assert.h>
+
+void doit(void)
+{
+    HCERTSTORE hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER , L"ROOT");
+    assert(hStore != NULL);
+    HCERTSTORE hSystemStore = CertOpenSystemStore(0, "ROOT");
+    assert(hSystemStore != NULL);
+    
+    PCCERT_CONTEXT prevCtx = NULL;
+    PCCERT_CONTEXT ctx = NULL;
+    PCCERT_CONTEXT sysPrevCtx = NULL;
+    PCCERT_CONTEXT sysCtx = NULL;
+
+    while (1)
+    {
+        ctx = CertEnumCertificatesInStore(hStore, prevCtx);
+        sysCtx = CertEnumCertificatesInStore(hSystemStore, sysPrevCtx);
+        if (ctx == NULL || sysCtx == NULL)
+            break;
+        if (CertCompareIntegerBlob(&ctx->pCertInfo->SerialNumber,
+                                   &sysCtx->pCertInfo->SerialNumber) != TRUE)
+            assert(0);
+
+        prevCtx = ctx;
+        sysPrevCtx = sysCtx;
+    }
+    assert(ctx == NULL && sysCtx == NULL);
+
+    CertCloseStore(hStore, 0);
+    CertCloseStore(hSystemStore, 0);
+}
+
diff --git a/tests/windows/crypt32.c b/tests/windows/crypt32.c
index 11325f7beb..6987f1faf9 100644
--- a/tests/windows/crypt32.c
+++ b/tests/windows/crypt32.c
@@ -57,6 +57,15 @@ HCERTSTORE WINAPI CertOpenSystemStore(
 }
 
 __declspec(dllexport)
+HCERTSTORE WINAPI CertOpenStore(
+    LPCSTR lpszStoreProvider, DWORD dwEncodingType,
+    HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags,
+    const void *pvPara)
+{
+	return VALID_PTR;
+}
+
+__declspec(dllexport)
 BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD      dwFlags)
 {
 	assert_int_nequal(hCertStore, VALID_PTR);