VirtualBox

source: vbox/trunk/src/VBox/Installer/win/Stub/VBoxStubCertUtil.cpp@ 69206

Last change on this file since 69206 was 62679, checked in by vboxsync, 8 years ago

Use the iprt/win/windows.h wrapper for Windows.h

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 5.0 KB
Line 
1/* $Id: VBoxStubCertUtil.cpp 62679 2016-07-29 12:52:10Z vboxsync $ */
2/** @file
3 * VBoxStub - VirtualBox's Windows installer stub (certificate manipulations).
4 *
5 * NOTE: The content of this file is partly
6 * grabbed from src/VBox/Additions/WINNT/tools/VBoxCertUtil.cpp
7 */
8
9/*
10 * Copyright (C) 2012-2016 Oracle Corporation
11 *
12 * This file is part of VirtualBox Open Source Edition (OSE), as
13 * available from http://www.virtualbox.org. This file is free software;
14 * you can redistribute it and/or modify it under the terms of the GNU
15 * General Public License (GPL) as published by the Free Software
16 * Foundation, in version 2 as it comes in the "COPYING" file of the
17 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
18 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
19 */
20
21
22/*********************************************************************************************************************************
23* Header Files *
24*********************************************************************************************************************************/
25#include <iprt/win/windows.h>
26#include <Wincrypt.h>
27
28#include <iprt/string.h>
29#include <iprt/message.h>
30#include <iprt/err.h>
31
32
33/**
34 * Reads a certificate from a (const char []) buffer, returning a context
35 * or a the handle to a temporary memory store.
36 *
37 * @returns true on success, false on failure (error message written).
38 * @param kpCertBuf The pointer to the buffer containing the
39 * certificates.
40 * @param cbCertBuf Size of @param kpCertBuf in bytes.
41 * @param ppOutCtx Where to return the handle to the temporary
42 * memory store.
43 */
44static bool readCertBuf(const unsigned char kpCertBuf[], DWORD cbCertBuf, PCCERT_CONTEXT *ppOutCtx)
45{
46 *ppOutCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
47 (PBYTE)kpCertBuf, cbCertBuf);
48 if (*ppOutCtx)
49 return true;
50
51 return false;
52}
53
54/**
55 * Opens a certificate store.
56 *
57 * @returns true on success, false on failure (error message written).
58 * @param dwDst The destination, like
59 * CERT_SYSTEM_STORE_LOCAL_MACHINE or
60 * CERT_SYSTEM_STORE_CURRENT_USER.
61 * @param pszStoreNm The store name.
62 */
63static HCERTSTORE openCertStore(DWORD dwDst, const char *pszStoreNm)
64{
65 HCERTSTORE hStore = NULL;
66 PRTUTF16 pwszStoreNm;
67 int rc = RTStrToUtf16(pszStoreNm, &pwszStoreNm);
68 if (RT_SUCCESS(rc))
69 {
70 /*
71 * Make sure CERT_STORE_OPEN_EXISTING_FLAG is not set. This causes Windows XP
72 * to return ACCESS_DENIED when installing TrustedPublisher certificates via
73 * CertAddCertificateContextToStore() if the TrustedPublisher store never has
74 * been used (through certmgr.exe and friends) yet.
75 *
76 * According to MSDN, if neither CERT_STORE_OPEN_EXISTING_FLAG nor
77 * CERT_STORE_CREATE_NEW_FLAG is set, the store will be either opened or
78 * created accordingly.
79 */
80 dwDst &= ~CERT_STORE_OPEN_EXISTING_FLAG;
81
82 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
83 PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
84 NULL /* hCryptProv = default */,
85 dwDst,
86 pwszStoreNm);
87
88 RTUtf16Free(pwszStoreNm);
89 }
90 return hStore;
91}
92
93/**
94 * Adds a certificate to a store.
95 *
96 * @returns true on success, false on failure (error message written).
97 * @param dwDst The destination, like
98 * CERT_SYSTEM_STORE_LOCAL_MACHINE or
99 * CERT_SYSTEM_STORE_CURRENT_USER.
100 * @param pszStoreNm The store name.
101 * @param kpCertBuf Buffer that contains a certificate
102 * @param cbCertBuf Size of @param kpCertBuf in bytes
103 */
104bool addCertToStore(DWORD dwDst, const char *pszStoreNm, const unsigned char kpCertBuf[], DWORD cbCertBuf)
105{
106 /*
107 * Get certificate from buffer.
108 */
109 PCCERT_CONTEXT pSrcCtx = NULL;
110 bool fRc = false;
111
112 if (!readCertBuf(kpCertBuf, cbCertBuf, &pSrcCtx))
113 {
114 RTMsgError("Unable to get certificate context: %d", GetLastError());
115 return fRc;
116 }
117
118 /*
119 * Open the certificates store.
120 */
121 HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);
122 if (hDstStore)
123 {
124 /*
125 * Finally, add certificate to store
126 */
127 if (CertAddCertificateContextToStore(hDstStore, pSrcCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
128 fRc = true;
129 else
130 RTMsgError("Unable to install certificate: %d", GetLastError());
131
132 CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
133 }
134 else
135 RTMsgError("Unable to open certificates store: %d", GetLastError());
136
137 /* Release resources */
138 CertFreeCertificateContext(pSrcCtx);
139
140 return fRc;
141}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette