xref: /aosp_15_r20/external/grpc-grpc/src/core/lib/security/security_connector/load_system_roots_windows.cc (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 //
2 //
3 // Copyright 2023 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include <grpc/support/port_platform.h>
20 
21 #if defined(GPR_WINDOWS)
22 
23 #pragma comment(lib, "crypt32")
24 
25 #include <esent.h>
26 #include <wincrypt.h>
27 
28 #include <vector>
29 
30 #include <grpc/slice.h>
31 #include <grpc/slice_buffer.h>
32 #include <grpc/support/alloc.h>
33 #include <grpc/support/log.h>
34 
35 #include "src/core/lib/gpr/useful.h"
36 #include "src/core/lib/security/security_connector/load_system_roots.h"
37 #include "src/core/lib/slice/slice_internal.h"
38 
39 namespace grpc_core {
40 namespace {
41 
Utf8Encode(const std::wstring & wstr)42 std::string Utf8Encode(const std::wstring& wstr) {
43   if (wstr.empty()) return "";
44 
45   int size_needed = WideCharToMultiByte(CP_UTF8, 0, &wstr[0], (int)wstr.size(),
46                                         NULL, 0, NULL, NULL);
47   std::string str_to(size_needed, 0);
48   WideCharToMultiByte(CP_UTF8, 0, &wstr[0], (int)wstr.size(), &str_to[0],
49                       size_needed, NULL, NULL);
50   return str_to;
51 }
52 
53 }  // namespace
54 
LoadSystemRootCerts()55 grpc_slice LoadSystemRootCerts() {
56   std::string bundle_string;
57 
58   // Open root certificate store.
59   HANDLE root_cert_store = CertOpenSystemStoreW(NULL, L"ROOT");
60   if (!root_cert_store) {
61     return grpc_empty_slice();
62   }
63 
64   // Load all root certificates from certificate store.
65   PCCERT_CONTEXT cert = NULL;
66   while ((cert = CertEnumCertificatesInStore(root_cert_store, cert)) != NULL) {
67     // Append each certificate in PEM format.
68     DWORD size = 0;
69     CryptBinaryToStringW(cert->pbCertEncoded, cert->cbCertEncoded,
70                          CRYPT_STRING_BASE64HEADER, NULL, &size);
71     std::vector<WCHAR> pem(size);
72     CryptBinaryToStringW(cert->pbCertEncoded, cert->cbCertEncoded,
73                          CRYPT_STRING_BASE64HEADER, pem.data(), &size);
74     bundle_string += Utf8Encode(pem.data());
75   }
76 
77   CertCloseStore(root_cert_store, 0);
78   if (bundle_string.size() == 0) {
79     return grpc_empty_slice();
80   }
81 
82   return grpc_slice_from_cpp_string(std::move(bundle_string));
83 }
84 
85 }  // namespace grpc_core
86 
87 #endif  // GPR_WINDOWS
88