CredentialManagerSecret.cpp

Enable keyboard shortcuts

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-

 * This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "CredentialManagerSecret.h"

#include <windows.h>

#include <wincred.h>

#include "mozilla/Logging.h"

#include "mozilla/SyncRunnable.h"

// This is the implementation of CredentialManagerSecretSecret, an instantiation

// of OSKeyStore for Windows. It uses the system credential manager, hence the

// name.

using namespace mozilla;

LazyLogModule gCredentialManagerSecretLog("credentialmanagersecret");

struct ScopedDelete {

  void operator()(CREDENTIALA* cred) { CredFree(cred); }

};

template <class T>

struct ScopedMaybeDelete {

  void operator()(T* ptr) {

    if (ptr) {

      ScopedDelete del;

      del(ptr);

};

typedef std::unique_ptr<CREDENTIALA, ScopedMaybeDelete<CREDENTIALA>>

    ScopedCREDENTIALA;

CredentialManagerSecret::CredentialManagerSecret() {}

CredentialManagerSecret::~CredentialManagerSecret() {}

nsresult CredentialManagerSecret::StoreSecret(const nsACString& aSecret,

                                              const nsACString& aLabel) {

  if (aSecret.Length() > CRED_MAX_CREDENTIAL_BLOB_SIZE) {

    // Windows doesn't allow blobs larger than CRED_MAX_CREDENTIAL_BLOB_SIZE

    // bytes.

    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,

            ("StoreSecret secret must not be larger than 512 bytes (got %zd)",

             aSecret.Length()));

    return NS_ERROR_FAILURE;

  CREDENTIALA cred = {0};

  cred.Type = CRED_TYPE_GENERIC;

  const nsCString& label = PromiseFlatCString(aLabel);

  cred.TargetName = const_cast<LPSTR>(label.get());

  cred.CredentialBlobSize = aSecret.Length();

  const nsCString& secret = PromiseFlatCString(aSecret);

  cred.CredentialBlob = (LPBYTE)secret.get();

  cred.Persist = CRED_PERSIST_LOCAL_MACHINE;

  cred.UserName = const_cast<char*>("");  // -Wwritable-strings

  // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-credwritea

  BOOL ok = CredWriteA(&cred, 0);

  if (!ok) {

    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,

            ("CredWriteW failed %lu", GetLastError()));

    return NS_ERROR_FAILURE;

  return NS_OK;

nsresult CredentialManagerSecret::DeleteSecret(const nsACString& aLabel) {

  // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-creddeletea

  const nsCString& label = PromiseFlatCString(aLabel);

  BOOL ok = CredDeleteA(label.get(), CRED_TYPE_GENERIC, 0);

  int error = GetLastError();

  if (!ok && error != ERROR_NOT_FOUND) {

    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,

            ("CredDeleteA failed %d", error));

    return NS_ERROR_FAILURE;

  return NS_OK;

nsresult CredentialManagerSecret::RetrieveSecret(

    const nsACString& aLabel,

    /* out */ nsACString& aSecret) {

  aSecret.Truncate();

  PCREDENTIALA pcred_raw = nullptr;

  const nsCString& label = PromiseFlatCString(aLabel);

  // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-credreada

  BOOL ok = CredReadA(label.get(), CRED_TYPE_GENERIC, 0, &pcred_raw);

  ScopedCREDENTIALA pcred(pcred_raw);

  if (!ok) {

    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,

            ("CredReadA failed %lu", GetLastError()));

    return NS_ERROR_FAILURE;

  MOZ_ASSERT(pcred);

  aSecret.Assign(reinterpret_cast<const char*>(pcred->CredentialBlob),

                 pcred->CredentialBlobSize);

  return NS_OK;