VirtualBox

source: vbox/trunk/src/VBox/Installer/win/Stub/VBoxStubCertUtil.cpp@ 76882

Last change on this file since 76882 was 76553, checked in by vboxsync, 6 years ago

scm --update-copyright-year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 5.0 KB
Line 
1/* $Id: VBoxStubCertUtil.cpp 76553 2019-01-01 01:45:53Z vboxsync $ */
2/** @file
3 * VBoxStub - VirtualBox's Windows installer stub (certificate manipulations).
4 *
5 * NOTE: The content of this file is partly
6 * grabbed from src/VBox/Additions/WINNT/tools/VBoxCertUtil.cpp
7 */
8
9/*
10 * Copyright (C) 2012-2019 Oracle Corporation
11 *
12 * This file is part of VirtualBox Open Source Edition (OSE), as
13 * available from http://www.virtualbox.org. This file is free software;
14 * you can redistribute it and/or modify it under the terms of the GNU
15 * General Public License (GPL) as published by the Free Software
16 * Foundation, in version 2 as it comes in the "COPYING" file of the
17 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
18 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
19 */
20
21
22/*********************************************************************************************************************************
23* Header Files *
24*********************************************************************************************************************************/
25#include <iprt/win/windows.h>
26#include <Wincrypt.h>
27
28#include <iprt/errcore.h>
29#include <iprt/message.h>
30#include <iprt/string.h>
31#include <iprt/utf16.h>
32
33
34/**
35 * Reads a certificate from a (const char []) buffer, returning a context
36 * or a the handle to a temporary memory store.
37 *
38 * @returns true on success, false on failure (error message written).
39 * @param kpCertBuf The pointer to the buffer containing the
40 * certificates.
41 * @param cbCertBuf Size of @param kpCertBuf in bytes.
42 * @param ppOutCtx Where to return the handle to the temporary
43 * memory store.
44 */
45static bool readCertBuf(const unsigned char kpCertBuf[], DWORD cbCertBuf, PCCERT_CONTEXT *ppOutCtx)
46{
47 *ppOutCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
48 (PBYTE)kpCertBuf, cbCertBuf);
49 if (*ppOutCtx)
50 return true;
51
52 return false;
53}
54
55/**
56 * Opens a certificate store.
57 *
58 * @returns true on success, false on failure (error message written).
59 * @param dwDst The destination, like
60 * CERT_SYSTEM_STORE_LOCAL_MACHINE or
61 * CERT_SYSTEM_STORE_CURRENT_USER.
62 * @param pszStoreNm The store name.
63 */
64static HCERTSTORE openCertStore(DWORD dwDst, const char *pszStoreNm)
65{
66 HCERTSTORE hStore = NULL;
67 PRTUTF16 pwszStoreNm;
68 int rc = RTStrToUtf16(pszStoreNm, &pwszStoreNm);
69 if (RT_SUCCESS(rc))
70 {
71 /*
72 * Make sure CERT_STORE_OPEN_EXISTING_FLAG is not set. This causes Windows XP
73 * to return ACCESS_DENIED when installing TrustedPublisher certificates via
74 * CertAddCertificateContextToStore() if the TrustedPublisher store never has
75 * been used (through certmgr.exe and friends) yet.
76 *
77 * According to MSDN, if neither CERT_STORE_OPEN_EXISTING_FLAG nor
78 * CERT_STORE_CREATE_NEW_FLAG is set, the store will be either opened or
79 * created accordingly.
80 */
81 dwDst &= ~CERT_STORE_OPEN_EXISTING_FLAG;
82
83 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
84 PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
85 NULL /* hCryptProv = default */,
86 dwDst,
87 pwszStoreNm);
88
89 RTUtf16Free(pwszStoreNm);
90 }
91 return hStore;
92}
93
94/**
95 * Adds a certificate to a store.
96 *
97 * @returns true on success, false on failure (error message written).
98 * @param dwDst The destination, like
99 * CERT_SYSTEM_STORE_LOCAL_MACHINE or
100 * CERT_SYSTEM_STORE_CURRENT_USER.
101 * @param pszStoreNm The store name.
102 * @param kpCertBuf Buffer that contains a certificate
103 * @param cbCertBuf Size of @param kpCertBuf in bytes
104 */
105bool addCertToStore(DWORD dwDst, const char *pszStoreNm, const unsigned char kpCertBuf[], DWORD cbCertBuf)
106{
107 /*
108 * Get certificate from buffer.
109 */
110 PCCERT_CONTEXT pSrcCtx = NULL;
111 bool fRc = false;
112
113 if (!readCertBuf(kpCertBuf, cbCertBuf, &pSrcCtx))
114 {
115 RTMsgError("Unable to get certificate context: %d", GetLastError());
116 return fRc;
117 }
118
119 /*
120 * Open the certificates store.
121 */
122 HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);
123 if (hDstStore)
124 {
125 /*
126 * Finally, add certificate to store
127 */
128 if (CertAddCertificateContextToStore(hDstStore, pSrcCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
129 fRc = true;
130 else
131 RTMsgError("Unable to install certificate: %d", GetLastError());
132
133 CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
134 }
135 else
136 RTMsgError("Unable to open certificates store: %d", GetLastError());
137
138 /* Release resources */
139 CertFreeCertificateContext(pSrcCtx);
140
141 return fRc;
142}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette