Commit 5c5c4b98 authored by ale's avatar ale
Browse files

Update to the latest auxdb API

parent ef9d6661
Pipeline #12898 passed with stages
in 1 minute and 46 seconds
......@@ -2,10 +2,9 @@ package webappdbbackend
import (
"context"
"encoding/json"
"fmt"
"log"
"sync"
"time"
as "git.autistici.org/ai3/accountserver"
"git.autistici.org/ai3/go-common/clientutil"
......@@ -81,17 +80,43 @@ func (tx *wdbTX) GetResource(ctx context.Context, id as.ResourceID) (*as.RawReso
return rsrc, nil
}
// Specialization of auxpb.Entry that we can use to deserialize the
// value_json attribute right away into the type we are expecting to
// see. We just need a tiny amount of further processing to wrap back
// some fields into the result.
type webappsGetResponseEntry struct {
Key auxpb.Key `json:"key"`
Timestamp time.Time `json:"timestamp"`
ValueJSON *as.App `json:"value_json"`
}
func (w *webappsGetResponseEntry) App() *as.App {
app := w.ValueJSON
app.Timestamp = w.Timestamp
app.Path = w.Key.AppKey
app.Site = w.Key.ResourceID
return app
}
type webappsGetResponse struct {
Results []*webappsGetResponseEntry `json:"results"`
}
// Lookup resources in the webapp DB, modifying them in-place with any
// eventual CMSInfo data returned.
func (tx *wdbTX) lookup(ctx context.Context, resources []*as.Resource) {
// Build a list of site names, and a site name -> resource map
// so we can modify the original objects with our results.
byShard := make(map[string][]string)
byShard := make(map[string][]auxpb.Key)
byKey := make(map[string]*as.Resource)
for _, r := range resources {
// Create the lookup key for aux-db.
auxKey := fmt.Sprintf("%s/cms_info/%s", r.Shard, r.Name)
byKey[auxKey] = r
auxKey := auxpb.Key{
Type: "webapp",
Shard: r.Shard,
ResourceID: r.ID.String(),
}
byKey[r.ID.String()] = r
// Group resource keys by shard.
byShard[r.Shard] = append(byShard[r.Shard], auxKey)
......@@ -102,24 +127,22 @@ func (tx *wdbTX) lookup(ctx context.Context, resources []*as.Resource) {
var wg sync.WaitGroup
for shardID, keys := range byShard {
wg.Add(1)
go func(shardID string, keys []string) {
go func(shardID string, keys []auxpb.Key) {
defer wg.Done()
var resp auxpb.GetResponse
var resp webappsGetResponse
if err := tx.auxdbbe.Call(ctx, shardID, "/api/get", &auxpb.GetRequest{Keys: keys}, &resp); err != nil {
// Errors are non-fatal, just log them.
log.Printf("aux-db lookup error (shard %s): %v", shardID, err)
return
}
// Now deserialize the cms_info data.
// Now append the cms_info data to the associated Resource object.
for _, entry := range resp.Results {
r, ok := byKey[entry.Key]
r, ok := byKey[entry.Key.ResourceID]
if !ok || r.Website == nil {
continue
}
if err := json.Unmarshal([]byte(entry.ValueJSON), &r.Website.CMSInfo); err != nil {
log.Printf("aux-db: deserialization error: %v", err)
}
r.Website.CMSInfo = append(r.Website.CMSInfo, entry.App())
}
}(shardID, keys)
}
......
......@@ -4,7 +4,7 @@ go 1.14
require (
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e
git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33
git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2
git.autistici.org/id/go-sso v0.0.0-20210117165919-e56e6579953d
git.autistici.org/id/usermetadb v0.0.0-20210117202739-301b3d00f818
......
......@@ -40,8 +40,8 @@ git.autistici.org/ai3/go-common v0.0.0-20210110180225-a05c683cfe23 h1:YHSG7Vr8nP
git.autistici.org/ai3/go-common v0.0.0-20210110180225-a05c683cfe23/go.mod h1:Iik+i0XmqNPTBjWl3vicFz0kjfFK5HBvyFsfIC4S1Ik=
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723 h1:ylA6azCumIJnT7xb5hHrz0At6r1u3zqnugl1gB92KO0=
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723/go.mod h1:T8BS+630KLzy30X2lshL98H0NW3Xuyzs8NI9D6C3New=
git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e h1:C4zK2+nlhbP4rMRQW0kvJTZtI7docdVYHnIuI0tuvFY=
git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e/go.mod h1:V5UwVPYgE4w+I5dhuJp2aLbbIXmHgZsVl+yWvMBRFuQ=
git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33 h1:r8/Z/jrey5pK6GiPR6i9vTEx8yR3xcspDC7LLWp4mrc=
git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33/go.mod h1:SI8ChSMUpEgxWFvzc/FGFtcrOuYTVu6Ai5cTOjMP3+U=
git.autistici.org/id/auth v0.0.0-20210110171913-dd493db32815/go.mod h1:Hq4zcqE2hbrXsC9j79kzfnBf2BqlGmuVCRIz+AwX/FY=
git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2 h1:MWQyGLMcEvpqACBA5lBKncID3vESuLBKX+DOp1dX0II=
git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2/go.mod h1:uKWHbnpNKPgytrr799WCOAsiOfLsXL3G1VOrjyRYAhA=
......@@ -770,8 +770,8 @@ golang.org/x/sys v0.0.0-20201029080932-201ba4db2418/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e h1:AyodaIpKjppX+cBfTASF2E1US3H2JFBj920Ot3rtDjs=
golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210123111255-9b0068b26619 h1:yLLDsUUPDliIQpKl7BjVb1igwngIMH2GBjo1VpwLTE0=
golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
......@@ -968,6 +968,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
......
......@@ -3,6 +3,7 @@ package auxpb
import (
"errors"
"fmt"
"net/url"
"strings"
"time"
)
......@@ -14,36 +15,53 @@ type Key struct {
AppKey string
}
func ParseKey(s string) (Key, error) {
var k Key
func ParseKey(s string) (k Key, err error) {
parts := strings.SplitN(s, "/", 4)
if len(parts) < 3 {
return k, errors.New("invalid key format")
err = errors.New("invalid key format")
return
}
k.Shard, err = url.PathUnescape(parts[0])
if err != nil {
return
}
k.Type, err = url.PathUnescape(parts[1])
if err != nil {
return
}
k.ResourceID, err = url.PathUnescape(parts[2])
if err != nil {
return
}
k.Shard = parts[0]
k.Type = parts[1]
k.ResourceID = parts[2]
if len(parts) == 4 {
k.AppKey = parts[3]
k.AppKey, err = url.PathUnescape(parts[3])
}
return k, nil
return
}
func (k Key) String() string {
s := fmt.Sprintf("%s/%s/%s", k.Shard, k.Type, k.ResourceID)
s := fmt.Sprintf(
"%s/%s/%s",
url.PathEscape(k.Shard),
url.PathEscape(k.Type),
url.PathEscape(k.ResourceID),
)
if k.AppKey != "" {
s += "/"
s += k.AppKey
s += url.PathEscape(k.AppKey)
}
return s
}
// RPC request/response types.
// Entry uses 'raw' JSON for its ValueJSON field: you can replace the
// GetResponse with your own result type matching this JSON data
// fingerprint to have automated decoding via clientutil.Call().
type Entry struct {
Key string `json:"key"`
ValueJSON string `json:"value_json"`
Timestamp time.Time `json:"timestamp"`
Key Key `json:"key"`
ValueJSON EncodedJSON `json:"value_json"`
Timestamp time.Time `json:"timestamp"`
}
type SetRequest struct {
......@@ -55,15 +73,6 @@ type SetRequest struct {
TTL int `json:"ttl"`
}
func (s *SetRequest) MakeKey(shard string) Key {
return Key{
Type: s.Type,
Shard: shard,
ResourceID: s.ResourceID,
AppKey: s.AppKey,
}
}
type LoadEntry struct {
ResourceID string `json:"resource_id"`
AppKey string `json:"app_key"`
......@@ -78,7 +87,7 @@ type LoadRequest struct {
}
type GetRequest struct {
Keys []string `json:"keys"`
Keys []Key `json:"keys"`
}
type GetResponse struct {
......@@ -93,6 +102,7 @@ type QueryParam struct {
type QueryRequest struct {
QueryName string `json:"query_name"`
Params []QueryParam `json:"params"`
Shards []string `json:"shards"`
}
func (r *QueryRequest) ParamsMap() map[string]interface{} {
......@@ -105,4 +115,17 @@ func (r *QueryRequest) ParamsMap() map[string]interface{} {
type QueryResponse struct {
Results [][]interface{} `json:"results"`
Partial bool `json:"partial"`
}
// An 'encoded JSON' type that encodes to native JSON.
type EncodedJSON string
func (s EncodedJSON) MarshalJSON() ([]byte, error) {
return []byte(s), nil
}
func (s *EncodedJSON) UnmarshalJSON(data []byte) error {
*s = EncodedJSON(string(data))
return nil
}
......@@ -22,6 +22,7 @@ type HWND uintptr
const (
InvalidHandle = ^Handle(0)
InvalidHWND = ^HWND(0)
// Flags for DefineDosDevice.
DDD_EXACT_MATCH_ON_REMOVE = 0x00000004
......@@ -268,18 +269,25 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys FindNextChangeNotification(handle Handle) (err error)
//sys FindCloseChangeNotification(handle Handle) (err error)
//sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW
//sys CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) = crypt32.CertOpenStore
//sys CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) = crypt32.CertOpenStore
//sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore
//sys CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
//sys CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
//sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore
//sys CertDeleteCertificateFromStore(certContext *CertContext) (err error) = crypt32.CertDeleteCertificateFromStore
//sys CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) = crypt32.CertDuplicateCertificateContext
//sys PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) = crypt32.PFXImportCertStore
//sys CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
//sys CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
//sys CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
//sys CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
//sys CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
//sys PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) = crypt32.PFXImportCertStore
//sys CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
//sys CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
//sys CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
//sys CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
//sys CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
//sys CertGetNameString(certContext *CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) = crypt32.CertGetNameStringW
//sys CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) = crypt32.CertFindExtension
//sys CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) = crypt32.CryptQueryObject
//sys CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) = crypt32.CryptDecodeObject
//sys CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) = crypt32.CryptProtectData
//sys CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) = crypt32.CryptUnprotectData
//sys WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) = wintrust.WinVerifyTrustEx
//sys RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) = advapi32.RegOpenKeyExW
//sys RegCloseKey(key Handle) (regerrno error) = advapi32.RegCloseKey
//sys RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegQueryInfoKeyW
......
......@@ -427,6 +427,67 @@ const (
CERT_CLOSE_STORE_FORCE_FLAG = 0x00000001
CERT_CLOSE_STORE_CHECK_FLAG = 0x00000002
/* CryptQueryObject object type */
CERT_QUERY_OBJECT_FILE = 1
CERT_QUERY_OBJECT_BLOB = 2
/* CryptQueryObject content type flags */
CERT_QUERY_CONTENT_CERT = 1
CERT_QUERY_CONTENT_CTL = 2
CERT_QUERY_CONTENT_CRL = 3
CERT_QUERY_CONTENT_SERIALIZED_STORE = 4
CERT_QUERY_CONTENT_SERIALIZED_CERT = 5
CERT_QUERY_CONTENT_SERIALIZED_CTL = 6
CERT_QUERY_CONTENT_SERIALIZED_CRL = 7
CERT_QUERY_CONTENT_PKCS7_SIGNED = 8
CERT_QUERY_CONTENT_PKCS7_UNSIGNED = 9
CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10
CERT_QUERY_CONTENT_PKCS10 = 11
CERT_QUERY_CONTENT_PFX = 12
CERT_QUERY_CONTENT_CERT_PAIR = 13
CERT_QUERY_CONTENT_PFX_AND_LOAD = 14
CERT_QUERY_CONTENT_FLAG_CERT = (1 << CERT_QUERY_CONTENT_CERT)
CERT_QUERY_CONTENT_FLAG_CTL = (1 << CERT_QUERY_CONTENT_CTL)
CERT_QUERY_CONTENT_FLAG_CRL = (1 << CERT_QUERY_CONTENT_CRL)
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE = (1 << CERT_QUERY_CONTENT_SERIALIZED_STORE)
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT = (1 << CERT_QUERY_CONTENT_SERIALIZED_CERT)
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL = (1 << CERT_QUERY_CONTENT_SERIALIZED_CTL)
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL = (1 << CERT_QUERY_CONTENT_SERIALIZED_CRL)
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED)
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED = (1 << CERT_QUERY_CONTENT_PKCS7_UNSIGNED)
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED)
CERT_QUERY_CONTENT_FLAG_PKCS10 = (1 << CERT_QUERY_CONTENT_PKCS10)
CERT_QUERY_CONTENT_FLAG_PFX = (1 << CERT_QUERY_CONTENT_PFX)
CERT_QUERY_CONTENT_FLAG_CERT_PAIR = (1 << CERT_QUERY_CONTENT_CERT_PAIR)
CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD = (1 << CERT_QUERY_CONTENT_PFX_AND_LOAD)
CERT_QUERY_CONTENT_FLAG_ALL = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_CTL | CERT_QUERY_CONTENT_FLAG_CRL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX | CERT_QUERY_CONTENT_FLAG_CERT_PAIR)
CERT_QUERY_CONTENT_FLAG_ALL_ISSUER_CERT = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED)
/* CryptQueryObject format type flags */
CERT_QUERY_FORMAT_BINARY = 1
CERT_QUERY_FORMAT_BASE64_ENCODED = 2
CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3
CERT_QUERY_FORMAT_FLAG_BINARY = (1 << CERT_QUERY_FORMAT_BINARY)
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = (1 << CERT_QUERY_FORMAT_BASE64_ENCODED)
CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED)
CERT_QUERY_FORMAT_FLAG_ALL = (CERT_QUERY_FORMAT_FLAG_BINARY | CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED)
/* CertGetNameString name types */
CERT_NAME_EMAIL_TYPE = 1
CERT_NAME_RDN_TYPE = 2
CERT_NAME_ATTR_TYPE = 3
CERT_NAME_SIMPLE_DISPLAY_TYPE = 4
CERT_NAME_FRIENDLY_DISPLAY_TYPE = 5
CERT_NAME_DNS_TYPE = 6
CERT_NAME_URL_TYPE = 7
CERT_NAME_UPN_TYPE = 8
/* CertGetNameString flags */
CERT_NAME_ISSUER_FLAG = 0x1
CERT_NAME_DISABLE_IE4_UTF8_FLAG = 0x10000
CERT_NAME_SEARCH_ALL_NAMES_FLAG = 0x2
CERT_NAME_STR_ENABLE_PUNYCODE_FLAG = 0x00200000
/* AuthType values for SSLExtraCertChainPolicyPara struct */
AUTHTYPE_CLIENT = 1
AUTHTYPE_SERVER = 2
......@@ -437,6 +498,22 @@ const (
SECURITY_FLAG_IGNORE_WRONG_USAGE = 0x00000200
SECURITY_FLAG_IGNORE_CERT_CN_INVALID = 0x00001000
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID = 0x00002000
/* Flags for Crypt[Un]ProtectData */
CRYPTPROTECT_UI_FORBIDDEN = 0x1
CRYPTPROTECT_LOCAL_MACHINE = 0x4
CRYPTPROTECT_CRED_SYNC = 0x8
CRYPTPROTECT_AUDIT = 0x10
CRYPTPROTECT_NO_RECOVERY = 0x20
CRYPTPROTECT_VERIFY_PROTECTION = 0x40
CRYPTPROTECT_CRED_REGENERATE = 0x80
/* Flags for CryptProtectPromptStruct */
CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1
CRYPTPROTECT_PROMPT_ON_PROTECT = 2
CRYPTPROTECT_PROMPT_RESERVED = 4
CRYPTPROTECT_PROMPT_STRONG = 8
CRYPTPROTECT_PROMPT_REQUIRE_STRONG = 16
)
const (
......@@ -459,10 +536,58 @@ const (
REALTIME_PRIORITY_CLASS = 0x00000100
)
/* wintrust.h constants for WinVerifyTrustEx */
const (
WTD_UI_ALL = 1
WTD_UI_NONE = 2
WTD_UI_NOBAD = 3
WTD_UI_NOGOOD = 4
WTD_REVOKE_NONE = 0
WTD_REVOKE_WHOLECHAIN = 1
WTD_CHOICE_FILE = 1
WTD_CHOICE_CATALOG = 2
WTD_CHOICE_BLOB = 3
WTD_CHOICE_SIGNER = 4
WTD_CHOICE_CERT = 5
WTD_STATEACTION_IGNORE = 0x00000000
WTD_STATEACTION_VERIFY = 0x00000010
WTD_STATEACTION_CLOSE = 0x00000002
WTD_STATEACTION_AUTO_CACHE = 0x00000003
WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004
WTD_USE_IE4_TRUST_FLAG = 0x1
WTD_NO_IE4_CHAIN_FLAG = 0x2
WTD_NO_POLICY_USAGE_FLAG = 0x4
WTD_REVOCATION_CHECK_NONE = 0x10
WTD_REVOCATION_CHECK_END_CERT = 0x20
WTD_REVOCATION_CHECK_CHAIN = 0x40
WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80
WTD_SAFER_FLAG = 0x100
WTD_HASH_ONLY_FLAG = 0x200
WTD_USE_DEFAULT_OSVER_CHECK = 0x400
WTD_LIFETIME_SIGNING_FLAG = 0x800
WTD_CACHE_ONLY_URL_RETRIEVAL = 0x1000
WTD_DISABLE_MD2_MD4 = 0x2000
WTD_MOTW = 0x4000
WTD_UICONTEXT_EXECUTE = 0
WTD_UICONTEXT_INSTALL = 1
)
var (
OID_PKIX_KP_SERVER_AUTH = []byte("1.3.6.1.5.5.7.3.1\x00")
OID_SERVER_GATED_CRYPTO = []byte("1.3.6.1.4.1.311.10.3.3\x00")
OID_SGC_NETSCAPE = []byte("2.16.840.1.113730.4.1\x00")
WINTRUST_ACTION_GENERIC_VERIFY_V2 = GUID{
Data1: 0xaac56b,
Data2: 0xcd44,
Data3: 0x11d0,
Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee},
}
)
// Pointer represents a pointer to an arbitrary Windows type.
......@@ -1051,7 +1176,57 @@ type MibIfRow struct {
}
type CertInfo struct {
// Not implemented
Version uint32
SerialNumber CryptIntegerBlob
SignatureAlgorithm CryptAlgorithmIdentifier
Issuer CertNameBlob
NotBefore Filetime
NotAfter Filetime
Subject CertNameBlob
SubjectPublicKeyInfo CertPublicKeyInfo
IssuerUniqueId CryptBitBlob
SubjectUniqueId CryptBitBlob
CountExtensions uint32
Extensions *CertExtension
}
type CertExtension struct {
ObjId *byte
Critical int32
Value CryptObjidBlob
}
type CryptAlgorithmIdentifier struct {
ObjId *byte
Parameters CryptObjidBlob
}
type CertPublicKeyInfo struct {
Algorithm CryptAlgorithmIdentifier
PublicKey CryptBitBlob
}
type DataBlob struct {
Size uint32
Data *byte
}
type CryptIntegerBlob DataBlob
type CryptUintBlob DataBlob
type CryptObjidBlob DataBlob
type CertNameBlob DataBlob
type CertRdnValueBlob DataBlob
type CertBlob DataBlob
type CrlBlob DataBlob
type CryptDataBlob DataBlob
type CryptHashBlob DataBlob
type CryptDigestBlob DataBlob
type CryptDerBlob DataBlob
type CryptAttrBlob DataBlob
type CryptBitBlob struct {
Size uint32
Data *byte
UnusedBits uint32
}
type CertContext struct {
......@@ -1157,9 +1332,64 @@ type CertChainPolicyStatus struct {
ExtraPolicyStatus Pointer
}
type CryptDataBlob struct {
Size uint32
Data *byte
type CertPolicyInfo struct {
Identifier *byte
CountQualifiers uint32
Qualifiers *CertPolicyQualifierInfo
}
type CertPoliciesInfo struct {
Count uint32
PolicyInfos *CertPolicyInfo
}
type CertPolicyQualifierInfo struct {
// Not implemented
}
type CertStrongSignPara struct {
Size uint32
InfoChoice uint32
InfoOrSerializedInfoOrOID unsafe.Pointer
}
type CryptProtectPromptStruct struct {
Size uint32
PromptFlags uint32
App HWND
Prompt *uint16
}
type WinTrustData struct {
Size uint32
PolicyCallbackData uintptr
SIPClientData uintptr
UIChoice uint32
RevocationChecks uint32
UnionChoice uint32
FileOrCatalogOrBlobOrSgnrOrCert unsafe.Pointer
StateAction uint32
StateData Handle
URLReference *uint16
ProvFlags uint32
UIContext uint32
SignatureSettings *WinTrustSignatureSettings
}
type WinTrustFileInfo struct {
Size uint32
FilePath *uint16
File Handle
KnownSubject *GUID
}
type WinTrustSignatureSettings struct {
Size uint32
Index uint32
Flags uint32
SecondarySigs uint32
VerifiedSigIndex uint32
CryptoPolicy *CertStrongSignPara
}
const (
......
......@@ -51,6 +51,7 @@ var (
modshell32 = NewLazySystemDLL("shell32.dll")
moduser32 = NewLazySystemDLL("user32.dll")
moduserenv = NewLazySystemDLL("userenv.dll")
modwintrust = NewLazySystemDLL("wintrust.dll")
modws2_32 = NewLazySystemDLL("ws2_32.dll")
modwtsapi32 = NewLazySystemDLL("wtsapi32.dll")
......@@ -145,12 +146,18 @@ var (
procCertDeleteCertificateFromStore = modcrypt32.NewProc("CertDeleteCertificateFromStore")
procCertDuplicateCertificateContext = modcrypt32.NewProc("CertDuplicateCertificateContext")
procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
procCertFindExtension = modcrypt32.NewProc("CertFindExtension")
procCertFreeCertificateChain = modcrypt32.NewProc("CertFreeCertificateChain")
procCertFreeCertificateContext = modcrypt32.NewProc("CertFreeCertificateContext")
procCertGetCertificateChain = modcrypt32.NewProc("CertGetCertificateChain")
procCertGetNameStringW = modcrypt32.NewProc("CertGetNameStringW")
procCertOpenStore = modcrypt32.NewProc("CertOpenStore")
procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW")
procCertVerifyCertificateChainPolicy = modcrypt32.NewProc("CertVerifyCertificateChainPolicy")
procCryptDecodeObject = modcrypt32.NewProc("CryptDecodeObject")
procCryptProtectData = modcrypt32.NewProc("CryptProtectData")
procCryptQueryObject = modcrypt32.NewProc("CryptQueryObject")
procCryptUnprotectData = modcrypt32.NewProc("CryptUnprotectData")
procPFXImportCertStore = modcrypt32.NewProc("PFXImportCertStore")
procDnsNameCompare_W = moddnsapi.NewProc("DnsNameCompare_W")
procDnsQuery_W = moddnsapi.NewProc("DnsQuery_W")
......@@ -350,6 +357,7 @@ var (
procCreateEnvironmentBlock = moduserenv.NewProc("CreateEnvironmentBlock")
procDestroyEnvironmentBlock = moduserenv.NewProc("DestroyEnvironmentBlock")
procGetUserProfileDirectoryW = moduserenv.NewProc("GetUserProfileDirectoryW")