cryptoapi: add flags for physical store and logical store

namecoin / certinject

Inject certificates into Windows CryptoAPI trust store, with EKU and name constraints.

https://www.namecoin.org/

GNU General Public License v3.0

2 stars 5 forks source link

cryptoapi: add flags for physical store and logical store #4

Closed aerth closed 4 years ago

aerth commented 4 years ago

Closes #2

--capi.physical-store <name> names the physical store to inject certificate into
- (default: system)
- allows only system, current-user, enterprise, and group-policy
--capi.logical-store <store-name> names the logical store to inject certificate into.
- (default: Root)
- allows Root, Trust, CA, My, Disallowed or any other custom string

Currently, only system + Root combo passes the powershell test (testdata/ci-failtest.ps1)

JeremyRand commented 4 years ago

Since these new command-line flags are specific to CryptoAPI (e.g. they don't directly apply to NSS), maybe we should make a new flag group for this? I'm thinking maybe create a capi flag group as a subgroup of the certstore flag group. (You can do this by passing the parent flag group as the first arg to the NewGroup function.) So the command-line flags would become e.g. -certstore.capi.store <store-name> instead of -certstore.store <store-name>.

JeremyRand commented 4 years ago

utACK 886a2ae114ba222d61fd29230ce6e426c6f74761 except for the missing space (noted above in inline comments).

JeremyRand commented 4 years ago

utACK ee6a585508bac2657d5beab37061c411cc7af4b7; merging shortly.