Skip to content

Commit 81cf01c

Browse files
committed
Add option to ignore a not found CNG key
1 parent 62e4af7 commit 81cf01c

1 file changed

Lines changed: 11 additions & 0 deletions

File tree

certtostore_windows.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -336,6 +336,9 @@ type WinCertStoreOptions struct {
336336
// - certStoreCreateNewFlag: Create new store if it doesn't exist
337337
// - certStoreOpenExistingFlag: Only open existing stores
338338
StoreFlags uint32
339+
340+
// IgnoreNoCNG can be set in order to ignore a not found CNG key when a CAPI key exists.
341+
IgnoreNoCNG bool
339342
}
340343

341344
// WinCertStore is a CertStorage implementation for the Windows Certificate Store.
@@ -350,6 +353,7 @@ type WinCertStore struct {
350353
stores map[string]*storeHandle
351354
keyAccessFlags uintptr
352355
storeFlags uint32
356+
ignoreNoCNG bool
353357

354358
mu sync.Mutex
355359
}
@@ -376,6 +380,7 @@ func DefaultWinCertStoreOptions(provider, container string, issuers, intermediat
376380
LegacyKey: legacyKey,
377381
CurrentUser: false,
378382
StoreFlags: 0,
383+
IgnoreNoCNG: false,
379384
}
380385
}
381386

@@ -443,6 +448,7 @@ func OpenWinCertStoreWithOptions(opts WinCertStoreOptions) (*WinCertStore, error
443448
container: opts.Container,
444449
stores: make(map[string]*storeHandle),
445450
storeFlags: opts.StoreFlags,
451+
ignoreNoCNG: opts.IgnoreNoCNG,
446452
}
447453

448454
// Deep copy the issuer slices to prevent external modification
@@ -1366,6 +1372,11 @@ func keyMetadata(kh uintptr, store *WinCertStore) (*Key, error) {
13661372
if err != nil {
13671373
return nil, err
13681374
}
1375+
1376+
if !store.ignoreNoCNG && uc == "" {
1377+
// key is not CNG backed, but store was opened with ignoreNoCNG=false
1378+
return nil, errors.New("CNG key was empty")
1379+
}
13691380
}
13701381

13711382
alg, err := getPropertyStr(kh, nCryptAlgorithmGroupProperty)

0 commit comments

Comments
 (0)