38 lines
1.0 KiB
Rust
38 lines
1.0 KiB
Rust
|
use pki_types::CertificateDer;
|
||
|
|
use schannel::cert_context::ValidUses;
|
||
|
|
use schannel::cert_store::CertStore;
|
||
|
|
|
||
|
|
use super::CertificateResult;
|
||
|
|
|
||
|
|
pub fn load_native_certs() -> CertificateResult {
|
||
|
|
let mut result = CertificateResult::default();
|
||
|
|
let current_user_store = match CertStore::open_current_user("ROOT") {
|
||
|
|
Ok(store) => store,
|
||
|
|
Err(err) => {
|
||
|
|
result.os_error(err.into(), "failed to open current user certificate store");
|
||
|
|
return result;
|
||
|
|
}
|
||
|
|
};
|
||
|
|
|
||
|
|
for cert in current_user_store.certs() {
|
||
|
|
if usable_for_rustls(cert.valid_uses().unwrap()) && cert.is_time_valid().unwrap() {
|
||
|
|
result
|
||
|
|
.certs
|
||
|
|
.push(CertificateDer::from(cert.to_der().to_vec()));
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
result
|
||
|
|
}
|
||
|
|
|
||
|
|
fn usable_for_rustls(uses: ValidUses) -> bool {
|
||
|
|
match uses {
|
||
|
|
ValidUses::All => true,
|
||
|
|
ValidUses::Oids(strs) => strs
|
||
|
|
.iter()
|
||
|
|
.any(|x| x == PKIX_SERVER_AUTH),
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
static PKIX_SERVER_AUTH: &str = "1.3.6.1.5.5.7.3.1";
|