<p>I would like to use Go for my next project which involves reading the Windows certificate store and auditing it. At first it didn't seem like anyone had done this. Then I figured that Go probably has a way to pull the certificate store so I started digging through the Go source code. It looks like it wraps the windows crypto API <a href="https://github.com/golang/go/blob/master/src/syscall/zsyscall_windows.go#L14">here</a>. This in turn has <a href="https://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CertOpenSystemStoreW">wrapped</a> the Windows API calls such as <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa376560(v=vs.85).aspx">CertOpenSystemStore</a>. It looks like there are several useful <a href="https://github.com/golang/go/blob/master/src/syscall/zsyscall_windows.go#L1074-L1189">functions here</a>. I also noticed that there was an <a href="https://github.com/golang/go/issues/13335">issue</a> opened on GitHub that seems to be in the same ballpark, opened just a few days ago. I suppose my question is, am I headed in the right direction? Or is there a simpler way to do this? Should I be trying to do this at the <a href="https://github.com/golang/go/tree/master/src/crypto/x509">crypto/x509</a> layer or as a <a href="https://github.com/golang/go/tree/master/src/syscall">syscall</a>?</p>
<hr/>**评论:**<br/><br/>ponyoink: <pre><p>Microsoft has <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa382363.aspx">very good documentation</a> for accessing cert store using C. Making C calls from Go is pretty trivial. If you plan to use your code exclusively on windows, then just call out to C.</p>
<p>Unless this is just some exercise in making everything in pure Go...</p></pre>pseudomind: <pre><p>Congrats on dipping your toes into the golang world! Let me see if I can help just a bit...</p>
<p>While I'm not exactly sure what you are trying to do, I have to agree with ponyoink that C -> go bindings work very well and are relatively simple to manage. I'm just going to drop a couple of helpful links for you to look at:</p>
<p><a href="http://blog.golang.org/c-go-cgo">http://blog.golang.org/c-go-cgo</a></p>
<p><a href="https://golang.org/cmd/cgo/">https://golang.org/cmd/cgo/</a></p>
<p>Should you decide to go this way, I'll also provide you with another simple example. Here is a simple cross-platform color terminal library I wrote in go:</p>
<p><a href="https://bitbucket.org/pseudomind/cterm">https://bitbucket.org/pseudomind/cterm</a></p>
<p>If you take a look at the source code for the library (particularly the file <code>show_windows.go</code>) you'll see some pretty simple usage C -> go language binding. </p>
<p>Which reminds me... Something I find really wonderful about the go build system is how you are able to specify build constraints on a source file just by naming it appropriately (i.e. a source file named <code>*_windows.go</code>, will only be used if compiling for a windows system). There is more documentation on this here:</p>
<p><a href="https://golang.org/pkg/go/build/">https://golang.org/pkg/go/build/</a></p>
<p>Anyhow, I hope this helps you out a bit.</p></pre>Sphax: <pre><p>You don't need to use C to call win32 functions, it's easily done using syscall. Take a look at this <a href="https://github.com/lxn/win" rel="nofollow">https://github.com/lxn/win</a>.</p>
<p>Slightly overkill if you just want to call one function, personally I'd just write the wrapper function.</p></pre>bkeroack: <pre><p>If you use syscall you're pretty much throwing portability away anyway, so it's not too different from interfacing with C.</p></pre>Sphax: <pre><p>of course, I just think it's easier using this than using cgo. </p></pre>nhooyr: <pre><p>Check how the TLS package verifies certificates. I'm certain you'll find your answer there.</p></pre>egonelbre: <pre><p>You can take a look at <a href="https://github.com/golang/go/blob/master/src/crypto/x509/root_windows.go" rel="nofollow">root_windows.go</a>, it contains how x509 uses it. Based on that you should be able to query all the certs from Windows.</p></pre>smantziaris: <pre><p>I would not even use golang for this. This is a program that will run only in windows, so naturally i would use something with a more tight integration with the windows ecosystem like .net! Don't get me wrong i like golang very much but we should use the best language for the task. This is my personal opinion, don't hang me!</p></pre>
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码`
- 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传