VBoxCertUtil.cpp@ 69358

Last change on this file since 69358 was 69358, checked in by vboxsync, 7 years ago
GA/WINNT/tools: scm cleanups
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 27.0 KB

Line
1	/* $Id: VBoxCertUtil.cpp 69358 2017-10-26 14:43:27Z vboxsync $ */
2	/** @file
3	* VBoxCertUtil - VBox Certificate Utility - Windows Only.
4	*/
5
6	/*
7	* Copyright (C) 2012-2016 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*/
17
18
19	/*********************************************************************************************************************************
20	* Header Files *
21	*********************************************************************************************************************************/
22	#include <iprt/win/windows.h>
23	#include <Wincrypt.h>
24
25	#include <iprt/buildconfig.h>
26	#include <iprt/err.h>
27	#include <iprt/file.h>
28	#include <iprt/getopt.h>
29	#include <iprt/initterm.h>
30	#include <iprt/message.h>
31	#include <iprt/path.h>
32	#include <iprt/stream.h>
33	#include <iprt/string.h>
34	#include <iprt/time.h>
35
36
37	/*********************************************************************************************************************************
38	* Global Variables *
39	*********************************************************************************************************************************/
40	/** The verbosity level. */
41	static unsigned g_cVerbosityLevel = 1;
42
43
44	static const char *errorToString(DWORD dwErr)
45	{
46	switch (dwErr)
47	{
48	#define MY_CASE(a_uConst) case a_uConst: return #a_uConst;
49	MY_CASE(CRYPT_E_MSG_ERROR);
50	MY_CASE(CRYPT_E_UNKNOWN_ALGO);
51	MY_CASE(CRYPT_E_OID_FORMAT);
52	MY_CASE(CRYPT_E_INVALID_MSG_TYPE);
53	MY_CASE(CRYPT_E_UNEXPECTED_ENCODING);
54	MY_CASE(CRYPT_E_AUTH_ATTR_MISSING);
55	MY_CASE(CRYPT_E_HASH_VALUE);
56	MY_CASE(CRYPT_E_INVALID_INDEX);
57	MY_CASE(CRYPT_E_ALREADY_DECRYPTED);
58	MY_CASE(CRYPT_E_NOT_DECRYPTED);
59	MY_CASE(CRYPT_E_RECIPIENT_NOT_FOUND);
60	MY_CASE(CRYPT_E_CONTROL_TYPE);
61	MY_CASE(CRYPT_E_ISSUER_SERIALNUMBER);
62	MY_CASE(CRYPT_E_SIGNER_NOT_FOUND);
63	MY_CASE(CRYPT_E_ATTRIBUTES_MISSING);
64	MY_CASE(CRYPT_E_STREAM_MSG_NOT_READY);
65	MY_CASE(CRYPT_E_STREAM_INSUFFICIENT_DATA);
66	MY_CASE(CRYPT_I_NEW_PROTECTION_REQUIRED);
67	MY_CASE(CRYPT_E_BAD_LEN);
68	MY_CASE(CRYPT_E_BAD_ENCODE);
69	MY_CASE(CRYPT_E_FILE_ERROR);
70	MY_CASE(CRYPT_E_NOT_FOUND);
71	MY_CASE(CRYPT_E_EXISTS);
72	MY_CASE(CRYPT_E_NO_PROVIDER);
73	MY_CASE(CRYPT_E_SELF_SIGNED);
74	MY_CASE(CRYPT_E_DELETED_PREV);
75	MY_CASE(CRYPT_E_NO_MATCH);
76	MY_CASE(CRYPT_E_UNEXPECTED_MSG_TYPE);
77	MY_CASE(CRYPT_E_NO_KEY_PROPERTY);
78	MY_CASE(CRYPT_E_NO_DECRYPT_CERT);
79	MY_CASE(CRYPT_E_BAD_MSG);
80	MY_CASE(CRYPT_E_NO_SIGNER);
81	MY_CASE(CRYPT_E_PENDING_CLOSE);
82	MY_CASE(CRYPT_E_REVOKED);
83	MY_CASE(CRYPT_E_NO_REVOCATION_DLL);
84	MY_CASE(CRYPT_E_NO_REVOCATION_CHECK);
85	MY_CASE(CRYPT_E_REVOCATION_OFFLINE);
86	MY_CASE(CRYPT_E_NOT_IN_REVOCATION_DATABASE);
87	MY_CASE(CRYPT_E_INVALID_NUMERIC_STRING);
88	MY_CASE(CRYPT_E_INVALID_PRINTABLE_STRING);
89	MY_CASE(CRYPT_E_INVALID_IA5_STRING);
90	MY_CASE(CRYPT_E_INVALID_X500_STRING);
91	MY_CASE(CRYPT_E_NOT_CHAR_STRING);
92	MY_CASE(CRYPT_E_FILERESIZED);
93	MY_CASE(CRYPT_E_SECURITY_SETTINGS);
94	MY_CASE(CRYPT_E_NO_VERIFY_USAGE_DLL);
95	MY_CASE(CRYPT_E_NO_VERIFY_USAGE_CHECK);
96	MY_CASE(CRYPT_E_VERIFY_USAGE_OFFLINE);
97	MY_CASE(CRYPT_E_NOT_IN_CTL);
98	MY_CASE(CRYPT_E_NO_TRUSTED_SIGNER);
99	MY_CASE(CRYPT_E_MISSING_PUBKEY_PARA);
100	MY_CASE(CRYPT_E_OSS_ERROR);
101	default:
102	{
103	PCRTCOMERRMSG pWinComMsg = RTErrCOMGet(dwErr);
104	if (pWinComMsg)
105	return pWinComMsg->pszDefine;
106
107	static char s_szErr[32];
108	RTStrPrintf(s_szErr, sizeof(s_szErr), "%#x (%d)", dwErr, dwErr);
109	return s_szErr;
110	}
111	}
112	}
113
114	#if 0 /* hacking */
115	static RTEXITCODE addToStore(const char *pszFilename, PCRTUTF16 pwszStore)
116	{
117	/*
118	* Open the source.
119	*/
120	void *pvFile;
121	size_t cbFile;
122	int rc = RTFileReadAll(pszFilename, &pvFile, &cbFile);
123	if (RT_FAILURE(rc))
124	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTFileReadAll failed on '%s': %Rrc", pszFilename, rc);
125
126	RTEXITCODE rcExit = RTEXITCODE_FAILURE;
127
128	PCCERT_CONTEXT pCertCtx = CertCreateCertificateContext(X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,
129	(PBYTE)pvFile,
130	(DWORD)cbFile);
131	if (pCertCtx)
132	{
133	/*
134	* Open the destination.
135	*/
136	HCERTSTORE hDstStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
137	PKCS_7_ASN_ENCODING \| X509_ASN_ENCODING,
138	NULL /* hCryptProv = default */,
139	/CERT_SYSTEM_STORE_LOCAL_MACHINE/ CERT_SYSTEM_STORE_CURRENT_USER \| CERT_STORE_OPEN_EXISTING_FLAG,
140	pwszStore);
141	if (hDstStore != NULL)
142	{
143	#if 0
144	DWORD dwContextType;
145	if (CertAddSerializedElementToStore(hDstStore,
146	pCertCtx->pbCertEncoded,
147	pCertCtx->cbCertEncoded,
148	CERT_STORE_ADD_NEW,
149	0 /* dwFlags (reserved) */,
150	CERT_STORE_ALL_CONTEXT_FLAG,
151	&dwContextType,
152	NULL))
153	{
154	RTMsgInfo("Successfully added '%s' to the '%ls' store (ctx type %u)", pszFilename, pwszStore, dwContextType);
155	rcExit = RTEXITCODE_SUCCESS;
156	}
157	else
158	RTMsgError("CertAddSerializedElementToStore returned %s", errorToString(GetLastError()));
159	#else
160	if (CertAddCertificateContextToStore(hDstStore, pCertCtx, CERT_STORE_ADD_NEW, NULL))
161	{
162	RTMsgInfo("Successfully added '%s' to the '%ls' store", pszFilename, pwszStore);
163	rcExit = RTEXITCODE_SUCCESS;
164	}
165	else
166	RTMsgError("CertAddCertificateContextToStore returned %s", errorToString(GetLastError()));
167	#endif
168
169	CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
170	}
171	else
172	RTMsgError("CertOpenStore returned %s", errorToString(GetLastError()));
173	CertFreeCertificateContext(pCertCtx);
174	}
175	else
176	RTMsgError("CertCreateCertificateContext returned %s", errorToString(GetLastError()));
177	RTFileReadAllFree(pvFile, cbFile);
178	return rcExit;
179
180	#if 0
181
182	CRYPT_DATA_BLOB Blob;
183	Blob.cbData = (DWORD)cbData;
184	Blob.pbData = (PBYTE)pvData;
185	HCERTSTORE hSrcStore = PFXImportCertStore(&Blob, L"", )
186
187	#endif
188	}
189	#endif /* hacking */
190
191
192	/**
193	* Reads a certificate from a file, returning a context or a the handle to a
194	* temporary memory store.
195	*
196	* @returns true on success, false on failure (error message written).
197	* @param pszCertFile The name of the file containing the
198	* certificates.
199	* @param ppOutCtx Where to return the certificate context.
200	* @param phSrcStore Where to return the handle to the temporary
201	* memory store.
202	*/
203	static bool readCertFile(const char pszCertFile, PCCERT_CONTEXT ppOutCtx, HCERTSTORE *phSrcStore)
204	{
205	*ppOutCtx = NULL;
206	*phSrcStore = NULL;
207
208	bool fRc = false;
209	void *pvFile;
210	size_t cbFile;
211	int rc = RTFileReadAll(pszCertFile, &pvFile, &cbFile);
212	if (RT_SUCCESS(rc))
213	{
214	*ppOutCtx = CertCreateCertificateContext(X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,
215	(PBYTE)pvFile, (DWORD)cbFile);
216	if (*ppOutCtx)
217	fRc = true;
218	else
219	{
220	/** @todo figure out if it's some other format... */
221	RTMsgError("CertCreateCertificateContext returned %s parsing the content of '%s'",
222	errorToString(GetLastError()), pszCertFile);
223	}
224	RTFileReadAllFree(pvFile, cbFile);
225	}
226	else
227	RTMsgError("RTFileReadAll failed on '%s': %Rrc", pszCertFile, rc);
228	return fRc;
229	}
230
231
232	/**
233	* Opens a certificate store.
234	*
235	* @returns true on success, false on failure (error message written).
236	* @param dwDst The destination, like
237	* CERT_SYSTEM_STORE_LOCAL_MACHINE or
238	* CERT_SYSTEM_STORE_CURRENT_USER.
239	* @param pszStoreNm The store name.
240	*/
241	static HCERTSTORE openCertStore(DWORD dwDst, const char *pszStoreNm)
242	{
243	HCERTSTORE hStore = NULL;
244	PRTUTF16 pwszStoreNm;
245	int rc = RTStrToUtf16(pszStoreNm, &pwszStoreNm);
246	if (RT_SUCCESS(rc))
247	{
248	if (g_cVerbosityLevel > 1)
249	RTMsgInfo("Opening store %#x:'%s'", dwDst, pszStoreNm);
250
251	/*
252	* Make sure CERT_STORE_OPEN_EXISTING_FLAG is not set. This causes Windows XP
253	* to return ACCESS_DENIED when installing TrustedPublisher certificates via
254	* CertAddCertificateContextToStore() if the TrustedPublisher store never has
255	* been used (through certmgr.exe and friends) yet.
256	*
257	* According to MSDN, if neither CERT_STORE_OPEN_EXISTING_FLAG nor
258	* CERT_STORE_CREATE_NEW_FLAG is set, the store will be either opened or
259	* created accordingly.
260	*/
261	dwDst &= ~CERT_STORE_OPEN_EXISTING_FLAG;
262
263	hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
264	PKCS_7_ASN_ENCODING \| X509_ASN_ENCODING,
265	NULL /* hCryptProv = default */,
266	dwDst,
267	pwszStoreNm);
268	if (hStore == NULL)
269	RTMsgError("CertOpenStore failed opening %#x:'%s': %s",
270	dwDst, pszStoreNm, errorToString(GetLastError()));
271
272	RTUtf16Free(pwszStoreNm);
273	}
274	return hStore;
275	}
276
277	/**
278	* Removes a certificate, given by file, from a store
279	*
280	* @returns true on success, false on failure (error message written).
281	* @param dwDst The destination, like
282	* CERT_SYSTEM_STORE_LOCAL_MACHINE or
283	* CERT_SYSTEM_STORE_CURRENT_USER.
284	* @param pszStoreNm The store name.
285	* @param pszCertFile The file containing the certificate to add.
286	*/
287	static bool removeCertFromStoreByFile(DWORD dwDst, const char pszStoreNm, const char pszCertFile)
288	{
289	/*
290	* Read the certificate file first.
291	*/
292	PCCERT_CONTEXT pSrcCtx = NULL;
293	HCERTSTORE hSrcStore = NULL;
294	if (!readCertFile(pszCertFile, &pSrcCtx, &hSrcStore))
295	return false;
296
297	WCHAR wszName[1024];
298	if (!CertGetNameStringW(pSrcCtx, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0 /dwFlags/, NULL /pvTypePara/,
299	wszName, sizeof(wszName)))
300	{
301	RTMsgError("CertGetNameStringW(Subject) failed: %s\n", errorToString(GetLastError()));
302	wszName[0] = '\0';
303	}
304
305	/*
306	* Open the destination store.
307	*/
308	bool fRc = false;
309	HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);
310	if (hDstStore)
311	{
312	if (pSrcCtx)
313	{
314	fRc = true;
315	unsigned cDeleted = 0;
316	PCCERT_CONTEXT pCurCtx = NULL;
317	while ((pCurCtx = CertEnumCertificatesInStore(hDstStore, pCurCtx)) != NULL)
318	{
319	if (CertCompareCertificate(X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING, pCurCtx->pCertInfo, pSrcCtx->pCertInfo))
320	{
321	if (g_cVerbosityLevel > 1)
322	RTMsgInfo("Removing '%ls'...", wszName);
323	PCCERT_CONTEXT pDeleteCtx = CertDuplicateCertificateContext(pCurCtx);
324	if (pDeleteCtx)
325	{
326	if (CertDeleteCertificateFromStore(pDeleteCtx))
327	cDeleted++;
328	else
329	RTMsgError("CertDeleteFromStore('%ls') failed: %s\n", wszName, errorToString(GetLastError()));
330	}
331	else
332	RTMsgError("CertDuplicateCertificateContext('%ls') failed: %s\n", wszName, errorToString(GetLastError()));
333	}
334	}
335
336	if (!cDeleted)
337	RTMsgInfo("Found no matching certificates to remove.");
338	}
339	else
340	{
341	RTMsgError("Path not implemented at line %d\n", __LINE__);
342	}
343
344	CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
345	}
346	if (pSrcCtx)
347	CertFreeCertificateContext(pSrcCtx);
348	if (hSrcStore)
349	CertCloseStore(hSrcStore, CERT_CLOSE_STORE_CHECK_FLAG);
350	return fRc;
351	}
352
353	/**
354	* Adds a certificate to a store.
355	*
356	* @returns true on success, false on failure (error message written).
357	* @param dwDst The destination, like
358	* CERT_SYSTEM_STORE_LOCAL_MACHINE or
359	* CERT_SYSTEM_STORE_CURRENT_USER.
360	* @param pszStoreNm The store name.
361	* @param pszCertFile The file containing the certificate to add.
362	* @param dwDisposition The disposition towards existing certificates when
363	* adding it. CERT_STORE_ADD_NEW is a safe one.
364	*/
365	static bool addCertToStore(DWORD dwDst, const char pszStoreNm, const char pszCertFile, DWORD dwDisposition)
366	{
367	/*
368	* Read the certificate file first.
369	*/
370	PCCERT_CONTEXT pSrcCtx = NULL;
371	HCERTSTORE hSrcStore = NULL;
372	if (!readCertFile(pszCertFile, &pSrcCtx, &hSrcStore))
373	return false;
374
375	/*
376	* Open the destination store.
377	*/
378	bool fRc = false;
379	HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);
380	if (hDstStore)
381	{
382	if (pSrcCtx)
383	{
384	if (g_cVerbosityLevel > 1)
385	RTMsgInfo("Adding '%s' to %#x:'%s'... (disp %d)", pszCertFile, dwDst, pszStoreNm, dwDisposition);
386
387	if (CertAddCertificateContextToStore(hDstStore, pSrcCtx, dwDisposition, NULL))
388	fRc = true;
389	else
390	RTMsgError("CertAddCertificateContextToStore returned %s", errorToString(GetLastError()));
391	}
392	else
393	RTMsgError("Path not implemented at line %d\n", __LINE__);
394
395	CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
396	}
397	if (pSrcCtx)
398	CertFreeCertificateContext(pSrcCtx);
399	if (hSrcStore)
400	CertCloseStore(hSrcStore, CERT_CLOSE_STORE_CHECK_FLAG);
401	return fRc;
402	}
403
404	/**
405	* Worker for cmdDisplayAll.
406	*/
407	static BOOL WINAPI displaySystemStoreCallback(const void *pvSystemStore, DWORD dwFlags, PCERT_SYSTEM_STORE_INFO pStoreInfo,
408	void pvReserved, void pvArg)
409	{
410	RT_NOREF(pvArg);
411	if (g_cVerbosityLevel > 1)
412	RTPrintf(" pvSystemStore=%p dwFlags=%#x pStoreInfo=%p pvReserved=%p\n", pvSystemStore, dwFlags, pStoreInfo, pvReserved);
413	LPCWSTR pwszStoreNm = NULL;
414	if (dwFlags & CERT_SYSTEM_STORE_RELOCATE_FLAG)
415	{
416	const CERT_SYSTEM_STORE_RELOCATE_PARA pRelPara = (const CERT_SYSTEM_STORE_RELOCATE_PARA )pvSystemStore;
417	pwszStoreNm = pRelPara->pwszSystemStore;
418	RTPrintf(" %#010x '%ls' hKeyBase=%p\n", dwFlags, pwszStoreNm, pRelPara->hKeyBase);
419	}
420	else
421	{
422	pwszStoreNm = (LPCWSTR)pvSystemStore;
423	RTPrintf(" %#010x '%ls'\n", dwFlags, pwszStoreNm);
424	}
425
426	/*
427	* Open the store and list the certificates within.
428	*/
429	DWORD dwDst = (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK);
430	HCERTSTORE hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
431	PKCS_7_ASN_ENCODING \| X509_ASN_ENCODING,
432	NULL /* hCryptProv = default */,
433	dwDst \| CERT_STORE_OPEN_EXISTING_FLAG,
434	pwszStoreNm);
435	if (hStore)
436	{
437	PCCERT_CONTEXT pCertCtx = NULL;
438	while ((pCertCtx = CertEnumCertificatesInStore(hStore, pCertCtx)) != NULL)
439	{
440	if (g_cVerbosityLevel > 1)
441	RTPrintf(" pCertCtx=%p dwCertEncodingType=%#x cbCertEncoded=%#x pCertInfo=%p\n",
442	pCertCtx, pCertCtx->dwCertEncodingType, pCertCtx->cbCertEncoded, pCertCtx->pCertInfo);
443	WCHAR wszName[1024];
444	if (CertGetNameStringW(pCertCtx, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0 /dwFlags/, NULL /pvTypePara/,
445	wszName, sizeof(wszName)))
446	{
447	RTPrintf(" '%ls'\n", wszName);
448	if (pCertCtx->pCertInfo)
449	{
450	RTTIMESPEC TmpTS;
451	char szNotBefore[80];
452	RTTimeSpecToString(RTTimeSpecSetNtFileTime(&TmpTS, &pCertCtx->pCertInfo->NotBefore),
453	szNotBefore, sizeof(szNotBefore));
454	char szNotAfter[80];
455	RTTimeSpecToString(RTTimeSpecSetNtFileTime(&TmpTS, &pCertCtx->pCertInfo->NotAfter),
456	szNotAfter, sizeof(szNotAfter));
457
458	RTPrintf(" NotBefore='%s'\n", szNotBefore);
459	RTPrintf(" NotAfter ='%s'\n", szNotAfter);
460	if (pCertCtx->pCertInfo->Issuer.cbData)
461	{
462	if (CertGetNameStringW(pCertCtx, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL /pvTypePara/,
463	wszName, sizeof(wszName)))
464	RTPrintf(" Issuer='%ls'\n", wszName);
465	else
466	RTMsgError("CertGetNameStringW(Issuer) failed: %s\n", errorToString(GetLastError()));
467	}
468	}
469	}
470	else
471	RTMsgError("CertGetNameStringW(Subject) failed: %s\n", errorToString(GetLastError()));
472
473	}
474
475	CertCloseStore(hStore, CERT_CLOSE_STORE_CHECK_FLAG);
476	}
477	else
478	RTMsgError("CertOpenStore failed opening %#x:'%ls': %s\n", dwDst, pwszStoreNm, errorToString(GetLastError()));
479
480	return TRUE;
481	}
482
483	/**
484	* Worker for cmdDisplayAll.
485	*/
486	static BOOL WINAPI displaySystemStoreLocation(LPCWSTR pwszStoreLocation, DWORD dwFlags, void pvReserved, void pvArg)
487	{
488	NOREF(pvReserved); NOREF(pvArg);
489	RTPrintf("System store location: %#010x '%ls'\n", dwFlags, pwszStoreLocation);
490	if (!CertEnumSystemStore(dwFlags, NULL, NULL /pvArg/, displaySystemStoreCallback))
491	RTMsgError("CertEnumSystemStore failed on %#x:'%ls': %s\n",
492	dwFlags, pwszStoreLocation, errorToString(GetLastError()));
493
494	return TRUE;
495	}
496
497	/**
498	* Handler for the 'display-all' command.
499	*/
500	static RTEXITCODE cmdDisplayAll(int argc, char **argv)
501	{
502	RT_NOREF(argv);
503	if (argc != 1)
504	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "the display-all command takes no arguments\n");
505
506	if (!CertEnumSystemStoreLocation(0, NULL /pvArg/, displaySystemStoreLocation))
507	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "CertEnumSystemStoreLocation failed: %s\n", errorToString(GetLastError()));
508
509	return RTEXITCODE_SUCCESS;
510	}
511
512	/**
513	* Handler for the 'remove-trusted-publisher' command.
514	*/
515	static RTEXITCODE cmdRemoveTrustedPublisher(int argc, char **argv)
516	{
517	/*
518	* Parse arguments.
519	*/
520	static const RTGETOPTDEF s_aOptions[] =
521	{
522	{ "--root", 'r', RTGETOPT_REQ_STRING },
523	};
524
525	const char *pszRootCert = NULL;
526	const char *pszTrustedCert = NULL;
527
528	int rc;
529	RTGETOPTUNION ValueUnion;
530	RTGETOPTSTATE GetState;
531	RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, 0);
532	while ((rc = RTGetOpt(&GetState, &ValueUnion)))
533	{
534	switch (rc)
535	{
536	case 'h':
537	RTPrintf("Usage: VBoxCertUtil remove-trusted-publisher [--root <root-cert>] <trusted-cert>\n");
538	break;
539
540	case 'V':
541	RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
542	return RTEXITCODE_SUCCESS;
543
544	case 'r':
545	if (pszRootCert)
546	return RTMsgErrorExit(RTEXITCODE_SUCCESS,
547	"You've already specified '%s' as root certificate.",
548	pszRootCert);
549	pszRootCert = ValueUnion.psz;
550	break;
551
552	case VINF_GETOPT_NOT_OPTION:
553	if (pszTrustedCert)
554	return RTMsgErrorExit(RTEXITCODE_SUCCESS,
555	"You've already specified '%s' as trusted certificate.",
556	pszRootCert);
557	pszTrustedCert = ValueUnion.psz;
558	break;
559
560	default:
561	return RTGetOptPrintError(rc, &ValueUnion);
562	}
563	}
564	if (!pszTrustedCert)
565	return RTMsgErrorExit(RTEXITCODE_SUCCESS, "No trusted certificate specified.");
566
567	/*
568	* Do the job.
569	*/
570	if ( pszRootCert
571	&& !removeCertFromStoreByFile(CERT_SYSTEM_STORE_LOCAL_MACHINE, "Root", pszRootCert))
572	return RTEXITCODE_FAILURE;
573	if (!removeCertFromStoreByFile(CERT_SYSTEM_STORE_LOCAL_MACHINE, "TrustedPublisher", pszTrustedCert))
574	return RTEXITCODE_FAILURE;
575
576	if (g_cVerbosityLevel > 0)
577	{
578	if (pszRootCert)
579	RTMsgInfo("Successfully removed '%s' as root and '%s' as trusted publisher", pszRootCert, pszTrustedCert);
580	else
581	RTMsgInfo("Successfully removed '%s' as trusted publisher", pszTrustedCert);
582	}
583	return RTEXITCODE_SUCCESS;
584	}
585
586
587	/**
588	* Handler for the 'add-trusted-publisher' command.
589	*/
590	static RTEXITCODE cmdAddTrustedPublisher(int argc, char **argv)
591	{
592	/*
593	* Parse arguments and execute imports as we move along.
594	*/
595	static const RTGETOPTDEF s_aOptions[] =
596	{
597	{ "--root", 'r', RTGETOPT_REQ_STRING },
598	};
599
600	RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
601	unsigned cImports = 0;
602	RTGETOPTUNION ValueUnion;
603	RTGETOPTSTATE GetState;
604	int rc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, 0);
605	AssertRC(rc);
606	while ((rc = RTGetOpt(&GetState, &ValueUnion)))
607	{
608	switch (rc)
609	{
610	case 'h':
611	RTPrintf("Usage: VBoxCertUtil add-trusted-publisher [--root <root-cert>] <trusted-cert>\n");
612	break;
613
614	case 'V':
615	RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
616	return RTEXITCODE_SUCCESS;
617
618	case 'r':
619	case VINF_GETOPT_NOT_OPTION:
620	{
621	const char * const pszStoreNm = rc == 'r' ? "Root" : "TrustedPublisher";
622	const char * const pszStoreDesc = rc == 'r' ? "root" : "trusted publisher";
623	PCRTPATHGLOBENTRY pResultHead;
624	rc = RTPathGlob(ValueUnion.psz, RTPATHGLOB_F_NO_DIRS, &pResultHead, NULL);
625	if (RT_SUCCESS(rc))
626	{
627	for (PCRTPATHGLOBENTRY pCur = pResultHead; pCur; pCur = pCur->pNext)
628	{
629	if (addCertToStore(CERT_SYSTEM_STORE_LOCAL_MACHINE, pszStoreNm, pCur->szPath, CERT_STORE_ADD_NEW))
630	RTMsgInfo("Successfully added '%s' as %s", pCur->szPath, pszStoreDesc);
631	else
632	rcExit = RTEXITCODE_FAILURE;
633	cImports++;
634	}
635	RTPathGlobFree(pResultHead);
636	}
637	else
638	{
639	rcExit = RTMsgErrorExit(RTEXITCODE_SUCCESS, "glob failed on '%s': %Rrc", ValueUnion.psz, rc);
640	cImports++;
641	}
642	break;
643	}
644
645	default:
646	return RTGetOptPrintError(rc, &ValueUnion);
647	}
648	}
649	if (cImports == 0)
650	return RTMsgErrorExit(RTEXITCODE_SUCCESS, "No trusted or root certificates specified.");
651	return rcExit;
652	}
653
654
655	/**
656	* Displays the usage info.
657	* @param argv0 Program name.
658	*/
659	static void showUsage(const char *argv0)
660	{
661	RTPrintf("Usage: %Rbn [-v[v]] <command>\n"
662	" or %Rbn <-V\|--version>\n"
663	" or %Rbn <-h\|--help>\n"
664	"\n"
665	"Available commands:\n"
666	" add-trusted-publisher, remove-trusted-publisher,\n"
667	" display-all\n"
668	, argv0, argv0, argv0);
669	}
670
671
672	int main(int argc, char **argv)
673	{
674	int rc = RTR3InitExe(argc, &argv, 0);
675	if (RT_FAILURE(rc))
676	return RTMsgInitFailure(rc);
677
678	/*
679	* Parse arguments up to the command and pass it on to the command handlers.
680	*/
681	typedef enum
682	{
683	VCUACTION_ADD_TRUSTED_PUBLISHER = 1000,
684	VCUACTION_REMOVE_TRUSTED_PUBLISHER,
685	VCUACTION_DISPLAY_ALL,
686	VCUACTION_END
687	} VCUACTION;
688
689	static const RTGETOPTDEF s_aOptions[] =
690	{
691	{ "--verbose", 'v', RTGETOPT_REQ_NOTHING },
692	{ "--quiet", 'q', RTGETOPT_REQ_NOTHING },
693	{ "add-trusted-publisher", VCUACTION_ADD_TRUSTED_PUBLISHER, RTGETOPT_REQ_NOTHING },
694	{ "remove-trusted-publisher", VCUACTION_REMOVE_TRUSTED_PUBLISHER, RTGETOPT_REQ_NOTHING },
695	{ "display-all", VCUACTION_DISPLAY_ALL, RTGETOPT_REQ_NOTHING },
696	};
697
698	RTGETOPTUNION ValueUnion;
699	RTGETOPTSTATE GetState;
700	RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, 0);
701	while ((rc = RTGetOpt(&GetState, &ValueUnion)))
702	{
703	switch (rc)
704	{
705	case 'v':
706	g_cVerbosityLevel++;
707	break;
708
709	case 'q':
710	if (g_cVerbosityLevel > 0)
711	g_cVerbosityLevel--;
712	break;
713
714	case 'h':
715	showUsage(argv[0]);
716	return RTEXITCODE_SUCCESS;
717
718	case 'V':
719	RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
720	return RTEXITCODE_SUCCESS;
721
722	case VCUACTION_ADD_TRUSTED_PUBLISHER:
723	return cmdAddTrustedPublisher(argc - GetState.iNext + 1, argv + GetState.iNext - 1);
724
725	case VCUACTION_REMOVE_TRUSTED_PUBLISHER:
726	return cmdRemoveTrustedPublisher(argc - GetState.iNext + 1, argv + GetState.iNext - 1);
727
728	case VCUACTION_DISPLAY_ALL:
729	return cmdDisplayAll(argc - GetState.iNext + 1, argv + GetState.iNext - 1);
730
731	default:
732	return RTGetOptPrintError(rc, &ValueUnion);
733	}
734	}
735
736	RTMsgError("Missing command...");
737	showUsage(argv[0]);
738	return RTEXITCODE_SYNTAX;
739	}
740

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Additions/WINNT/tools/VBoxCertUtil.cpp@ 69358

Download in other formats: