From 5c5c4b9858302d07341f90d90c5084be9f1bf485 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 28 Jan 2021 09:58:33 +0000
Subject: [PATCH] Update to the latest auxdb API
---
backend/webappdb/webappdb.go | 47 +++-
go.mod | 2 +-
go.sum | 10 +-
.../ai3/tools/aux-db/proto/types.go | 69 +++--
.../x/sys/windows/syscall_windows.go | 24 +-
.../golang.org/x/sys/windows/types_windows.go | 238 +++++++++++++++++-
.../x/sys/windows/zsyscall_windows.go | 60 +++++
vendor/modules.txt | 4 +-
8 files changed, 400 insertions(+), 54 deletions(-)
diff --git a/backend/webappdb/webappdb.go b/backend/webappdb/webappdb.go
index 38cab941..67784dee 100644
--- a/backend/webappdb/webappdb.go
+++ b/backend/webappdb/webappdb.go
@@ -2,10 +2,9 @@ package webappdbbackend
import (
"context"
- "encoding/json"
- "fmt"
"log"
"sync"
+ "time"
as "git.autistici.org/ai3/accountserver"
"git.autistici.org/ai3/go-common/clientutil"
@@ -81,17 +80,43 @@ func (tx *wdbTX) GetResource(ctx context.Context, id as.ResourceID) (*as.RawReso
return rsrc, nil
}
+// Specialization of auxpb.Entry that we can use to deserialize the
+// value_json attribute right away into the type we are expecting to
+// see. We just need a tiny amount of further processing to wrap back
+// some fields into the result.
+type webappsGetResponseEntry struct {
+ Key auxpb.Key `json:"key"`
+ Timestamp time.Time `json:"timestamp"`
+ ValueJSON *as.App `json:"value_json"`
+}
+
+func (w *webappsGetResponseEntry) App() *as.App {
+ app := w.ValueJSON
+ app.Timestamp = w.Timestamp
+ app.Path = w.Key.AppKey
+ app.Site = w.Key.ResourceID
+ return app
+}
+
+type webappsGetResponse struct {
+ Results []*webappsGetResponseEntry `json:"results"`
+}
+
// Lookup resources in the webapp DB, modifying them in-place with any
// eventual CMSInfo data returned.
func (tx *wdbTX) lookup(ctx context.Context, resources []*as.Resource) {
// Build a list of site names, and a site name -> resource map
// so we can modify the original objects with our results.
- byShard := make(map[string][]string)
+ byShard := make(map[string][]auxpb.Key)
byKey := make(map[string]*as.Resource)
for _, r := range resources {
// Create the lookup key for aux-db.
- auxKey := fmt.Sprintf("%s/cms_info/%s", r.Shard, r.Name)
- byKey[auxKey] = r
+ auxKey := auxpb.Key{
+ Type: "webapp",
+ Shard: r.Shard,
+ ResourceID: r.ID.String(),
+ }
+ byKey[r.ID.String()] = r
// Group resource keys by shard.
byShard[r.Shard] = append(byShard[r.Shard], auxKey)
@@ -102,24 +127,22 @@ func (tx *wdbTX) lookup(ctx context.Context, resources []*as.Resource) {
var wg sync.WaitGroup
for shardID, keys := range byShard {
wg.Add(1)
- go func(shardID string, keys []string) {
+ go func(shardID string, keys []auxpb.Key) {
defer wg.Done()
- var resp auxpb.GetResponse
+ var resp webappsGetResponse
if err := tx.auxdbbe.Call(ctx, shardID, "/api/get", &auxpb.GetRequest{Keys: keys}, &resp); err != nil {
// Errors are non-fatal, just log them.
log.Printf("aux-db lookup error (shard %s): %v", shardID, err)
return
}
- // Now deserialize the cms_info data.
+ // Now append the cms_info data to the associated Resource object.
for _, entry := range resp.Results {
- r, ok := byKey[entry.Key]
+ r, ok := byKey[entry.Key.ResourceID]
if !ok || r.Website == nil {
continue
}
- if err := json.Unmarshal([]byte(entry.ValueJSON), &r.Website.CMSInfo); err != nil {
- log.Printf("aux-db: deserialization error: %v", err)
- }
+ r.Website.CMSInfo = append(r.Website.CMSInfo, entry.App())
}
}(shardID, keys)
}
diff --git a/go.mod b/go.mod
index 324d81d5..31b5792a 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.14
require (
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
- git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e
+ git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33
git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2
git.autistici.org/id/go-sso v0.0.0-20210117165919-e56e6579953d
git.autistici.org/id/usermetadb v0.0.0-20210117202739-301b3d00f818
diff --git a/go.sum b/go.sum
index 4f7dc04d..d669463f 100644
--- a/go.sum
+++ b/go.sum
@@ -40,8 +40,8 @@ git.autistici.org/ai3/go-common v0.0.0-20210110180225-a05c683cfe23 h1:YHSG7Vr8nP
git.autistici.org/ai3/go-common v0.0.0-20210110180225-a05c683cfe23/go.mod h1:Iik+i0XmqNPTBjWl3vicFz0kjfFK5HBvyFsfIC4S1Ik=
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723 h1:ylA6azCumIJnT7xb5hHrz0At6r1u3zqnugl1gB92KO0=
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723/go.mod h1:T8BS+630KLzy30X2lshL98H0NW3Xuyzs8NI9D6C3New=
-git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e h1:C4zK2+nlhbP4rMRQW0kvJTZtI7docdVYHnIuI0tuvFY=
-git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e/go.mod h1:V5UwVPYgE4w+I5dhuJp2aLbbIXmHgZsVl+yWvMBRFuQ=
+git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33 h1:r8/Z/jrey5pK6GiPR6i9vTEx8yR3xcspDC7LLWp4mrc=
+git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33/go.mod h1:SI8ChSMUpEgxWFvzc/FGFtcrOuYTVu6Ai5cTOjMP3+U=
git.autistici.org/id/auth v0.0.0-20210110171913-dd493db32815/go.mod h1:Hq4zcqE2hbrXsC9j79kzfnBf2BqlGmuVCRIz+AwX/FY=
git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2 h1:MWQyGLMcEvpqACBA5lBKncID3vESuLBKX+DOp1dX0II=
git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2/go.mod h1:uKWHbnpNKPgytrr799WCOAsiOfLsXL3G1VOrjyRYAhA=
@@ -770,8 +770,8 @@ golang.org/x/sys v0.0.0-20201029080932-201ba4db2418/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e h1:AyodaIpKjppX+cBfTASF2E1US3H2JFBj920Ot3rtDjs=
golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210123111255-9b0068b26619 h1:yLLDsUUPDliIQpKl7BjVb1igwngIMH2GBjo1VpwLTE0=
-golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -968,6 +968,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/vendor/git.autistici.org/ai3/tools/aux-db/proto/types.go b/vendor/git.autistici.org/ai3/tools/aux-db/proto/types.go
index 7ca3a84d..ab31e643 100644
--- a/vendor/git.autistici.org/ai3/tools/aux-db/proto/types.go
+++ b/vendor/git.autistici.org/ai3/tools/aux-db/proto/types.go
@@ -3,6 +3,7 @@ package auxpb
import (
"errors"
"fmt"
+ "net/url"
"strings"
"time"
)
@@ -14,36 +15,53 @@ type Key struct {
AppKey string
}
-func ParseKey(s string) (Key, error) {
- var k Key
+func ParseKey(s string) (k Key, err error) {
parts := strings.SplitN(s, "/", 4)
if len(parts) < 3 {
- return k, errors.New("invalid key format")
+ err = errors.New("invalid key format")
+ return
+ }
+ k.Shard, err = url.PathUnescape(parts[0])
+ if err != nil {
+ return
+ }
+ k.Type, err = url.PathUnescape(parts[1])
+ if err != nil {
+ return
+ }
+ k.ResourceID, err = url.PathUnescape(parts[2])
+ if err != nil {
+ return
}
- k.Shard = parts[0]
- k.Type = parts[1]
- k.ResourceID = parts[2]
if len(parts) == 4 {
- k.AppKey = parts[3]
+ k.AppKey, err = url.PathUnescape(parts[3])
}
- return k, nil
+ return
}
func (k Key) String() string {
- s := fmt.Sprintf("%s/%s/%s", k.Shard, k.Type, k.ResourceID)
+ s := fmt.Sprintf(
+ "%s/%s/%s",
+ url.PathEscape(k.Shard),
+ url.PathEscape(k.Type),
+ url.PathEscape(k.ResourceID),
+ )
if k.AppKey != "" {
s += "/"
- s += k.AppKey
+ s += url.PathEscape(k.AppKey)
}
return s
}
// RPC request/response types.
+// Entry uses 'raw' JSON for its ValueJSON field: you can replace the
+// GetResponse with your own result type matching this JSON data
+// fingerprint to have automated decoding via clientutil.Call().
type Entry struct {
- Key string `json:"key"`
- ValueJSON string `json:"value_json"`
- Timestamp time.Time `json:"timestamp"`
+ Key Key `json:"key"`
+ ValueJSON EncodedJSON `json:"value_json"`
+ Timestamp time.Time `json:"timestamp"`
}
type SetRequest struct {
@@ -55,15 +73,6 @@ type SetRequest struct {
TTL int `json:"ttl"`
}
-func (s *SetRequest) MakeKey(shard string) Key {
- return Key{
- Type: s.Type,
- Shard: shard,
- ResourceID: s.ResourceID,
- AppKey: s.AppKey,
- }
-}
-
type LoadEntry struct {
ResourceID string `json:"resource_id"`
AppKey string `json:"app_key"`
@@ -78,7 +87,7 @@ type LoadRequest struct {
}
type GetRequest struct {
- Keys []string `json:"keys"`
+ Keys []Key `json:"keys"`
}
type GetResponse struct {
@@ -93,6 +102,7 @@ type QueryParam struct {
type QueryRequest struct {
QueryName string `json:"query_name"`
Params []QueryParam `json:"params"`
+ Shards []string `json:"shards"`
}
func (r *QueryRequest) ParamsMap() map[string]interface{} {
@@ -105,4 +115,17 @@ func (r *QueryRequest) ParamsMap() map[string]interface{} {
type QueryResponse struct {
Results [][]interface{} `json:"results"`
+ Partial bool `json:"partial"`
+}
+
+// An 'encoded JSON' type that encodes to native JSON.
+type EncodedJSON string
+
+func (s EncodedJSON) MarshalJSON() ([]byte, error) {
+ return []byte(s), nil
+}
+
+func (s *EncodedJSON) UnmarshalJSON(data []byte) error {
+ *s = EncodedJSON(string(data))
+ return nil
}
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index fda9c558..0197df87 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -22,6 +22,7 @@ type HWND uintptr
const (
InvalidHandle = ^Handle(0)
+ InvalidHWND = ^HWND(0)
// Flags for DefineDosDevice.
DDD_EXACT_MATCH_ON_REMOVE = 0x00000004
@@ -268,18 +269,25 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys FindNextChangeNotification(handle Handle) (err error)
//sys FindCloseChangeNotification(handle Handle) (err error)
//sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW
-//sys CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) = crypt32.CertOpenStore
+//sys CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) = crypt32.CertOpenStore
//sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore
-//sys CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
+//sys CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore
//sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore
//sys CertDeleteCertificateFromStore(certContext *CertContext) (err error) = crypt32.CertDeleteCertificateFromStore
//sys CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) = crypt32.CertDuplicateCertificateContext
-//sys PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) = crypt32.PFXImportCertStore
-//sys CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
-//sys CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
-//sys CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
-//sys CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
-//sys CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
+//sys PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) = crypt32.PFXImportCertStore
+//sys CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain
+//sys CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain
+//sys CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext
+//sys CertFreeCertificateContext(ctx *CertContext) (err error) = crypt32.CertFreeCertificateContext
+//sys CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) = crypt32.CertVerifyCertificateChainPolicy
+//sys CertGetNameString(certContext *CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) = crypt32.CertGetNameStringW
+//sys CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) = crypt32.CertFindExtension
+//sys CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) = crypt32.CryptQueryObject
+//sys CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) = crypt32.CryptDecodeObject
+//sys CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) = crypt32.CryptProtectData
+//sys CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) = crypt32.CryptUnprotectData
+//sys WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) = wintrust.WinVerifyTrustEx
//sys RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) = advapi32.RegOpenKeyExW
//sys RegCloseKey(key Handle) (regerrno error) = advapi32.RegCloseKey
//sys RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) = advapi32.RegQueryInfoKeyW
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index dc8017dd..fd426076 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -427,6 +427,67 @@ const (
CERT_CLOSE_STORE_FORCE_FLAG = 0x00000001
CERT_CLOSE_STORE_CHECK_FLAG = 0x00000002
+ /* CryptQueryObject object type */
+ CERT_QUERY_OBJECT_FILE = 1
+ CERT_QUERY_OBJECT_BLOB = 2
+
+ /* CryptQueryObject content type flags */
+ CERT_QUERY_CONTENT_CERT = 1
+ CERT_QUERY_CONTENT_CTL = 2
+ CERT_QUERY_CONTENT_CRL = 3
+ CERT_QUERY_CONTENT_SERIALIZED_STORE = 4
+ CERT_QUERY_CONTENT_SERIALIZED_CERT = 5
+ CERT_QUERY_CONTENT_SERIALIZED_CTL = 6
+ CERT_QUERY_CONTENT_SERIALIZED_CRL = 7
+ CERT_QUERY_CONTENT_PKCS7_SIGNED = 8
+ CERT_QUERY_CONTENT_PKCS7_UNSIGNED = 9
+ CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10
+ CERT_QUERY_CONTENT_PKCS10 = 11
+ CERT_QUERY_CONTENT_PFX = 12
+ CERT_QUERY_CONTENT_CERT_PAIR = 13
+ CERT_QUERY_CONTENT_PFX_AND_LOAD = 14
+ CERT_QUERY_CONTENT_FLAG_CERT = (1 << CERT_QUERY_CONTENT_CERT)
+ CERT_QUERY_CONTENT_FLAG_CTL = (1 << CERT_QUERY_CONTENT_CTL)
+ CERT_QUERY_CONTENT_FLAG_CRL = (1 << CERT_QUERY_CONTENT_CRL)
+ CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE = (1 << CERT_QUERY_CONTENT_SERIALIZED_STORE)
+ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT = (1 << CERT_QUERY_CONTENT_SERIALIZED_CERT)
+ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL = (1 << CERT_QUERY_CONTENT_SERIALIZED_CTL)
+ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL = (1 << CERT_QUERY_CONTENT_SERIALIZED_CRL)
+ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED)
+ CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED = (1 << CERT_QUERY_CONTENT_PKCS7_UNSIGNED)
+ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED)
+ CERT_QUERY_CONTENT_FLAG_PKCS10 = (1 << CERT_QUERY_CONTENT_PKCS10)
+ CERT_QUERY_CONTENT_FLAG_PFX = (1 << CERT_QUERY_CONTENT_PFX)
+ CERT_QUERY_CONTENT_FLAG_CERT_PAIR = (1 << CERT_QUERY_CONTENT_CERT_PAIR)
+ CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD = (1 << CERT_QUERY_CONTENT_PFX_AND_LOAD)
+ CERT_QUERY_CONTENT_FLAG_ALL = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_CTL | CERT_QUERY_CONTENT_FLAG_CRL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX | CERT_QUERY_CONTENT_FLAG_CERT_PAIR)
+ CERT_QUERY_CONTENT_FLAG_ALL_ISSUER_CERT = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED)
+
+ /* CryptQueryObject format type flags */
+ CERT_QUERY_FORMAT_BINARY = 1
+ CERT_QUERY_FORMAT_BASE64_ENCODED = 2
+ CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3
+ CERT_QUERY_FORMAT_FLAG_BINARY = (1 << CERT_QUERY_FORMAT_BINARY)
+ CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = (1 << CERT_QUERY_FORMAT_BASE64_ENCODED)
+ CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED)
+ CERT_QUERY_FORMAT_FLAG_ALL = (CERT_QUERY_FORMAT_FLAG_BINARY | CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED)
+
+ /* CertGetNameString name types */
+ CERT_NAME_EMAIL_TYPE = 1
+ CERT_NAME_RDN_TYPE = 2
+ CERT_NAME_ATTR_TYPE = 3
+ CERT_NAME_SIMPLE_DISPLAY_TYPE = 4
+ CERT_NAME_FRIENDLY_DISPLAY_TYPE = 5
+ CERT_NAME_DNS_TYPE = 6
+ CERT_NAME_URL_TYPE = 7
+ CERT_NAME_UPN_TYPE = 8
+
+ /* CertGetNameString flags */
+ CERT_NAME_ISSUER_FLAG = 0x1
+ CERT_NAME_DISABLE_IE4_UTF8_FLAG = 0x10000
+ CERT_NAME_SEARCH_ALL_NAMES_FLAG = 0x2
+ CERT_NAME_STR_ENABLE_PUNYCODE_FLAG = 0x00200000
+
/* AuthType values for SSLExtraCertChainPolicyPara struct */
AUTHTYPE_CLIENT = 1
AUTHTYPE_SERVER = 2
@@ -437,6 +498,22 @@ const (
SECURITY_FLAG_IGNORE_WRONG_USAGE = 0x00000200
SECURITY_FLAG_IGNORE_CERT_CN_INVALID = 0x00001000
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID = 0x00002000
+
+ /* Flags for Crypt[Un]ProtectData */
+ CRYPTPROTECT_UI_FORBIDDEN = 0x1
+ CRYPTPROTECT_LOCAL_MACHINE = 0x4
+ CRYPTPROTECT_CRED_SYNC = 0x8
+ CRYPTPROTECT_AUDIT = 0x10
+ CRYPTPROTECT_NO_RECOVERY = 0x20
+ CRYPTPROTECT_VERIFY_PROTECTION = 0x40
+ CRYPTPROTECT_CRED_REGENERATE = 0x80
+
+ /* Flags for CryptProtectPromptStruct */
+ CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1
+ CRYPTPROTECT_PROMPT_ON_PROTECT = 2
+ CRYPTPROTECT_PROMPT_RESERVED = 4
+ CRYPTPROTECT_PROMPT_STRONG = 8
+ CRYPTPROTECT_PROMPT_REQUIRE_STRONG = 16
)
const (
@@ -459,10 +536,58 @@ const (
REALTIME_PRIORITY_CLASS = 0x00000100
)
+/* wintrust.h constants for WinVerifyTrustEx */
+const (
+ WTD_UI_ALL = 1
+ WTD_UI_NONE = 2
+ WTD_UI_NOBAD = 3
+ WTD_UI_NOGOOD = 4
+
+ WTD_REVOKE_NONE = 0
+ WTD_REVOKE_WHOLECHAIN = 1
+
+ WTD_CHOICE_FILE = 1
+ WTD_CHOICE_CATALOG = 2
+ WTD_CHOICE_BLOB = 3
+ WTD_CHOICE_SIGNER = 4
+ WTD_CHOICE_CERT = 5
+
+ WTD_STATEACTION_IGNORE = 0x00000000
+ WTD_STATEACTION_VERIFY = 0x00000010
+ WTD_STATEACTION_CLOSE = 0x00000002
+ WTD_STATEACTION_AUTO_CACHE = 0x00000003
+ WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004
+
+ WTD_USE_IE4_TRUST_FLAG = 0x1
+ WTD_NO_IE4_CHAIN_FLAG = 0x2
+ WTD_NO_POLICY_USAGE_FLAG = 0x4
+ WTD_REVOCATION_CHECK_NONE = 0x10
+ WTD_REVOCATION_CHECK_END_CERT = 0x20
+ WTD_REVOCATION_CHECK_CHAIN = 0x40
+ WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x80
+ WTD_SAFER_FLAG = 0x100
+ WTD_HASH_ONLY_FLAG = 0x200
+ WTD_USE_DEFAULT_OSVER_CHECK = 0x400
+ WTD_LIFETIME_SIGNING_FLAG = 0x800
+ WTD_CACHE_ONLY_URL_RETRIEVAL = 0x1000
+ WTD_DISABLE_MD2_MD4 = 0x2000
+ WTD_MOTW = 0x4000
+
+ WTD_UICONTEXT_EXECUTE = 0
+ WTD_UICONTEXT_INSTALL = 1
+)
+
var (
OID_PKIX_KP_SERVER_AUTH = []byte("1.3.6.1.5.5.7.3.1\x00")
OID_SERVER_GATED_CRYPTO = []byte("1.3.6.1.4.1.311.10.3.3\x00")
OID_SGC_NETSCAPE = []byte("2.16.840.1.113730.4.1\x00")
+
+ WINTRUST_ACTION_GENERIC_VERIFY_V2 = GUID{
+ Data1: 0xaac56b,
+ Data2: 0xcd44,
+ Data3: 0x11d0,
+ Data4: [8]byte{0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee},
+ }
)
// Pointer represents a pointer to an arbitrary Windows type.
@@ -1051,7 +1176,57 @@ type MibIfRow struct {
}
type CertInfo struct {
- // Not implemented
+ Version uint32
+ SerialNumber CryptIntegerBlob
+ SignatureAlgorithm CryptAlgorithmIdentifier
+ Issuer CertNameBlob
+ NotBefore Filetime
+ NotAfter Filetime
+ Subject CertNameBlob
+ SubjectPublicKeyInfo CertPublicKeyInfo
+ IssuerUniqueId CryptBitBlob
+ SubjectUniqueId CryptBitBlob
+ CountExtensions uint32
+ Extensions *CertExtension
+}
+
+type CertExtension struct {
+ ObjId *byte
+ Critical int32
+ Value CryptObjidBlob
+}
+
+type CryptAlgorithmIdentifier struct {
+ ObjId *byte
+ Parameters CryptObjidBlob
+}
+
+type CertPublicKeyInfo struct {
+ Algorithm CryptAlgorithmIdentifier
+ PublicKey CryptBitBlob
+}
+
+type DataBlob struct {
+ Size uint32
+ Data *byte
+}
+type CryptIntegerBlob DataBlob
+type CryptUintBlob DataBlob
+type CryptObjidBlob DataBlob
+type CertNameBlob DataBlob
+type CertRdnValueBlob DataBlob
+type CertBlob DataBlob
+type CrlBlob DataBlob
+type CryptDataBlob DataBlob
+type CryptHashBlob DataBlob
+type CryptDigestBlob DataBlob
+type CryptDerBlob DataBlob
+type CryptAttrBlob DataBlob
+
+type CryptBitBlob struct {
+ Size uint32
+ Data *byte
+ UnusedBits uint32
}
type CertContext struct {
@@ -1157,9 +1332,64 @@ type CertChainPolicyStatus struct {
ExtraPolicyStatus Pointer
}
-type CryptDataBlob struct {
- Size uint32
- Data *byte
+type CertPolicyInfo struct {
+ Identifier *byte
+ CountQualifiers uint32
+ Qualifiers *CertPolicyQualifierInfo
+}
+
+type CertPoliciesInfo struct {
+ Count uint32
+ PolicyInfos *CertPolicyInfo
+}
+
+type CertPolicyQualifierInfo struct {
+ // Not implemented
+}
+
+type CertStrongSignPara struct {
+ Size uint32
+ InfoChoice uint32
+ InfoOrSerializedInfoOrOID unsafe.Pointer
+}
+
+type CryptProtectPromptStruct struct {
+ Size uint32
+ PromptFlags uint32
+ App HWND
+ Prompt *uint16
+}
+
+type WinTrustData struct {
+ Size uint32
+ PolicyCallbackData uintptr
+ SIPClientData uintptr
+ UIChoice uint32
+ RevocationChecks uint32
+ UnionChoice uint32
+ FileOrCatalogOrBlobOrSgnrOrCert unsafe.Pointer
+ StateAction uint32
+ StateData Handle
+ URLReference *uint16
+ ProvFlags uint32
+ UIContext uint32
+ SignatureSettings *WinTrustSignatureSettings
+}
+
+type WinTrustFileInfo struct {
+ Size uint32
+ FilePath *uint16
+ File Handle
+ KnownSubject *GUID
+}
+
+type WinTrustSignatureSettings struct {
+ Size uint32
+ Index uint32
+ Flags uint32
+ SecondarySigs uint32
+ VerifiedSigIndex uint32
+ CryptoPolicy *CertStrongSignPara
}
const (
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index a164e984..c38c59d7 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -51,6 +51,7 @@ var (
modshell32 = NewLazySystemDLL("shell32.dll")
moduser32 = NewLazySystemDLL("user32.dll")
moduserenv = NewLazySystemDLL("userenv.dll")
+ modwintrust = NewLazySystemDLL("wintrust.dll")
modws2_32 = NewLazySystemDLL("ws2_32.dll")
modwtsapi32 = NewLazySystemDLL("wtsapi32.dll")
@@ -145,12 +146,18 @@ var (
procCertDeleteCertificateFromStore = modcrypt32.NewProc("CertDeleteCertificateFromStore")
procCertDuplicateCertificateContext = modcrypt32.NewProc("CertDuplicateCertificateContext")
procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore")
+ procCertFindExtension = modcrypt32.NewProc("CertFindExtension")
procCertFreeCertificateChain = modcrypt32.NewProc("CertFreeCertificateChain")
procCertFreeCertificateContext = modcrypt32.NewProc("CertFreeCertificateContext")
procCertGetCertificateChain = modcrypt32.NewProc("CertGetCertificateChain")
+ procCertGetNameStringW = modcrypt32.NewProc("CertGetNameStringW")
procCertOpenStore = modcrypt32.NewProc("CertOpenStore")
procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW")
procCertVerifyCertificateChainPolicy = modcrypt32.NewProc("CertVerifyCertificateChainPolicy")
+ procCryptDecodeObject = modcrypt32.NewProc("CryptDecodeObject")
+ procCryptProtectData = modcrypt32.NewProc("CryptProtectData")
+ procCryptQueryObject = modcrypt32.NewProc("CryptQueryObject")
+ procCryptUnprotectData = modcrypt32.NewProc("CryptUnprotectData")
procPFXImportCertStore = modcrypt32.NewProc("PFXImportCertStore")
procDnsNameCompare_W = moddnsapi.NewProc("DnsNameCompare_W")
procDnsQuery_W = moddnsapi.NewProc("DnsQuery_W")
@@ -350,6 +357,7 @@ var (
procCreateEnvironmentBlock = moduserenv.NewProc("CreateEnvironmentBlock")
procDestroyEnvironmentBlock = moduserenv.NewProc("DestroyEnvironmentBlock")
procGetUserProfileDirectoryW = moduserenv.NewProc("GetUserProfileDirectoryW")
+ procWinVerifyTrustEx = modwintrust.NewProc("WinVerifyTrustEx")
procFreeAddrInfoW = modws2_32.NewProc("FreeAddrInfoW")
procGetAddrInfoW = modws2_32.NewProc("GetAddrInfoW")
procWSACleanup = modws2_32.NewProc("WSACleanup")
@@ -1202,6 +1210,12 @@ func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (contex
return
}
+func CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) {
+ r0, _, _ := syscall.Syscall(procCertFindExtension.Addr(), 3, uintptr(unsafe.Pointer(objId)), uintptr(countExtensions), uintptr(unsafe.Pointer(extensions)))
+ ret = (*CertExtension)(unsafe.Pointer(r0))
+ return
+}
+
func CertFreeCertificateChain(ctx *CertChainContext) {
syscall.Syscall(procCertFreeCertificateChain.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0)
return
@@ -1223,6 +1237,12 @@ func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, a
return
}
+func CertGetNameString(certContext *CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) {
+ r0, _, _ := syscall.Syscall6(procCertGetNameStringW.Addr(), 6, uintptr(unsafe.Pointer(certContext)), uintptr(nameType), uintptr(flags), uintptr(typePara), uintptr(unsafe.Pointer(name)), uintptr(size))
+ chars = uint32(r0)
+ return
+}
+
func CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) {
r0, _, e1 := syscall.Syscall6(procCertOpenStore.Addr(), 5, uintptr(storeProvider), uintptr(msgAndCertEncodingType), uintptr(cryptProv), uintptr(flags), uintptr(para), 0)
handle = Handle(r0)
@@ -1249,6 +1269,38 @@ func CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext
return
}
+func CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall9(procCryptDecodeObject.Addr(), 7, uintptr(encodingType), uintptr(unsafe.Pointer(structType)), uintptr(unsafe.Pointer(encodedBytes)), uintptr(lenEncodedBytes), uintptr(flags), uintptr(decoded), uintptr(unsafe.Pointer(decodedLen)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) {
+ r1, _, e1 := syscall.Syscall9(procCryptProtectData.Addr(), 7, uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) {
+ r1, _, e1 := syscall.Syscall12(procCryptQueryObject.Addr(), 11, uintptr(objectType), uintptr(object), uintptr(expectedContentTypeFlags), uintptr(expectedFormatTypeFlags), uintptr(flags), uintptr(unsafe.Pointer(msgAndCertEncodingType)), uintptr(unsafe.Pointer(contentType)), uintptr(unsafe.Pointer(formatType)), uintptr(unsafe.Pointer(certStore)), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(context)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) {
+ r1, _, e1 := syscall.Syscall9(procCryptUnprotectData.Addr(), 7, uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) {
r0, _, e1 := syscall.Syscall(procPFXImportCertStore.Addr(), 3, uintptr(unsafe.Pointer(pfx)), uintptr(unsafe.Pointer(password)), uintptr(flags))
store = Handle(r0)
@@ -2991,6 +3043,14 @@ func GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) {
return
}
+func WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) {
+ r0, _, _ := syscall.Syscall(procWinVerifyTrustEx.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data)))
+ if r0 != 0 {
+ ret = syscall.Errno(r0)
+ }
+ return
+}
+
func FreeAddrInfoW(addrinfo *AddrinfoW) {
syscall.Syscall(procFreeAddrInfoW.Addr(), 1, uintptr(unsafe.Pointer(addrinfo)), 0, 0)
return
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 659a1619..fef536de 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -10,7 +10,7 @@ git.autistici.org/ai3/go-common/pwhash
git.autistici.org/ai3/go-common/serverutil
git.autistici.org/ai3/go-common/tracing
git.autistici.org/ai3/go-common/userenckey
-# git.autistici.org/ai3/tools/aux-db v0.0.0-20210123151036-db9b4b9a323e
+# git.autistici.org/ai3/tools/aux-db v0.0.0-20210127161623-c7f0177bcc33
## explicit
git.autistici.org/ai3/tools/aux-db/proto
# git.autistici.org/id/auth v0.0.0-20210117173158-5b5aa9684fa2
@@ -158,7 +158,7 @@ golang.org/x/net/publicsuffix
# golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
## explicit
golang.org/x/sync/singleflight
-# golang.org/x/sys v0.0.0-20210123111255-9b0068b26619
+# golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
## explicit
golang.org/x/sys/cpu
golang.org/x/sys/internal/unsafeheader
--
GitLab