VirtualBox

source: vbox/trunk/src/VBox/Installer/win/Stub/VBoxStubCertUtil.cpp@ 100820

Last change on this file since 100820 was 98103, checked in by vboxsync, 2 years ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 5.3 KB
Line 
1/* $Id: VBoxStubCertUtil.cpp 98103 2023-01-17 14:15:46Z vboxsync $ */
2/** @file
3 * VBoxStub - VirtualBox's Windows installer stub (certificate manipulations).
4 *
5 * NOTE: The content of this file is partly
6 * grabbed from src/VBox/Additions/WINNT/tools/VBoxCertUtil.cpp
7 */
8
9/*
10 * Copyright (C) 2012-2023 Oracle and/or its affiliates.
11 *
12 * This file is part of VirtualBox base platform packages, as
13 * available from https://www.virtualbox.org.
14 *
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation, in version 3 of the
18 * License.
19 *
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 * General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, see <https://www.gnu.org/licenses>.
27 *
28 * SPDX-License-Identifier: GPL-3.0-only
29 */
30
31
32/*********************************************************************************************************************************
33* Header Files *
34*********************************************************************************************************************************/
35#include <iprt/win/windows.h>
36#include <Wincrypt.h>
37
38#include <iprt/errcore.h>
39#include <iprt/message.h>
40#include <iprt/string.h>
41#include <iprt/utf16.h>
42
43
44/**
45 * Reads a certificate from a (const char []) buffer, returning a context
46 * or a the handle to a temporary memory store.
47 *
48 * @returns true on success, false on failure (error message written).
49 * @param kpCertBuf The pointer to the buffer containing the
50 * certificates.
51 * @param cbCertBuf Size of @param kpCertBuf in bytes.
52 * @param ppOutCtx Where to return the handle to the temporary
53 * memory store.
54 */
55static bool readCertBuf(const unsigned char kpCertBuf[], DWORD cbCertBuf, PCCERT_CONTEXT *ppOutCtx)
56{
57 *ppOutCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
58 (PBYTE)kpCertBuf, cbCertBuf);
59 if (*ppOutCtx)
60 return true;
61
62 return false;
63}
64
65/**
66 * Opens a certificate store.
67 *
68 * @returns true on success, false on failure (error message written).
69 * @param dwDst The destination, like
70 * CERT_SYSTEM_STORE_LOCAL_MACHINE or
71 * CERT_SYSTEM_STORE_CURRENT_USER.
72 * @param pszStoreNm The store name.
73 */
74static HCERTSTORE openCertStore(DWORD dwDst, const char *pszStoreNm)
75{
76 HCERTSTORE hStore = NULL;
77 PRTUTF16 pwszStoreNm;
78 int rc = RTStrToUtf16(pszStoreNm, &pwszStoreNm);
79 if (RT_SUCCESS(rc))
80 {
81 /*
82 * Make sure CERT_STORE_OPEN_EXISTING_FLAG is not set. This causes Windows XP
83 * to return ACCESS_DENIED when installing TrustedPublisher certificates via
84 * CertAddCertificateContextToStore() if the TrustedPublisher store never has
85 * been used (through certmgr.exe and friends) yet.
86 *
87 * According to MSDN, if neither CERT_STORE_OPEN_EXISTING_FLAG nor
88 * CERT_STORE_CREATE_NEW_FLAG is set, the store will be either opened or
89 * created accordingly.
90 */
91 dwDst &= ~CERT_STORE_OPEN_EXISTING_FLAG;
92
93 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
94 PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
95 NULL /* hCryptProv = default */,
96 dwDst,
97 pwszStoreNm);
98
99 RTUtf16Free(pwszStoreNm);
100 }
101 return hStore;
102}
103
104/**
105 * Adds a certificate to a store.
106 *
107 * @returns true on success, false on failure (error message written).
108 * @param dwDst The destination, like
109 * CERT_SYSTEM_STORE_LOCAL_MACHINE or
110 * CERT_SYSTEM_STORE_CURRENT_USER.
111 * @param pszStoreNm The store name.
112 * @param kpCertBuf Buffer that contains a certificate
113 * @param cbCertBuf Size of @param kpCertBuf in bytes
114 */
115bool addCertToStore(DWORD dwDst, const char *pszStoreNm, const unsigned char kpCertBuf[], DWORD cbCertBuf)
116{
117 /*
118 * Get certificate from buffer.
119 */
120 PCCERT_CONTEXT pSrcCtx = NULL;
121 bool fRc = false;
122
123 if (!readCertBuf(kpCertBuf, cbCertBuf, &pSrcCtx))
124 {
125 RTMsgError("Unable to get certificate context: %d", GetLastError());
126 return fRc;
127 }
128
129 /*
130 * Open the certificates store.
131 */
132 HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);
133 if (hDstStore)
134 {
135 /*
136 * Finally, add certificate to store
137 */
138 if (CertAddCertificateContextToStore(hDstStore, pSrcCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
139 fRc = true;
140 else
141 RTMsgError("Unable to install certificate: %d", GetLastError());
142
143 CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
144 }
145 else
146 RTMsgError("Unable to open certificates store: %d", GetLastError());
147
148 /* Release resources */
149 CertFreeCertificateContext(pSrcCtx);
150
151 return fRc;
152}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette