Mercurial > trustbridge
comparison cinst/windowsstore.c @ 215:292e2cb60ef0
Add removal of certificates
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 26 Mar 2014 17:18:00 +0100 |
| parents | ee37c085b9f7 |
| children | 83a015f2e078 |
comparison
equal
deleted
inserted
replaced
| 214:aab742690bee | 215:292e2cb60ef0 |
|---|---|
| 30 if (!bufPtr) | 30 if (!bufPtr) |
| 31 printf ("Error getting last error for code: %lx \n", err); | 31 printf ("Error getting last error for code: %lx \n", err); |
| 32 return bufPtr; | 32 return bufPtr; |
| 33 } | 33 } |
| 34 | 34 |
| 35 int write_stores_win (char **to_install, char **to_remove, bool user_store) | 35 static void |
| 36 do_remove(HCERTSTORE hStore, char **to_remove) | |
| 36 { | 37 { |
| 37 int i = 0; | 38 PCCERT_CONTEXT pCert = NULL; |
| 38 int ret = -1; | 39 unsigned int i = 0; |
| 40 | |
| 41 if (!to_remove) | |
| 42 { | |
| 43 return; | |
| 44 } | |
| 45 | |
| 46 for (i=0; to_remove[i]; i++) | |
| 47 { | |
| 48 char *asn1_data = NULL; | |
| 49 size_t asn1_size = 0; | |
| 50 int ret = -1; | |
| 51 PCCERT_CONTEXT pc_to_remove = NULL; | |
| 52 | |
| 53 ret = str_base64_decode (&asn1_data, &asn1_size, to_remove[i], | |
| 54 strnlen(to_remove[i], MAX_LINE_LENGTH)); | |
| 55 /* Decoding / parsing errors in here should not happen at all. | |
| 56 The only errors which are not a bug would be out of memory or | |
| 57 if the signed certificate list contained an invalid certificate. */ | |
| 58 if (ret != 0) | |
| 59 { | |
| 60 printf ("Error base64 certificate.\n"); | |
| 61 continue; | |
| 62 } | |
| 63 | |
| 64 pc_to_remove = CertCreateContext (CERT_STORE_CERTIFICATE_CONTEXT, | |
| 65 X509_ASN_ENCODING, | |
| 66 (const PBYTE) asn1_data, | |
| 67 (DWORD) asn1_size, | |
| 68 0, | |
| 69 NULL); | |
| 70 free (asn1_data); /* Windows has a copy */ | |
| 71 if (pc_to_remove == NULL) | |
| 72 { | |
| 73 LPWSTR error = getLastErrorMsg(); | |
| 74 if (error) | |
| 75 { | |
| 76 printf ("Failed to add certificate: %S \n", error); | |
| 77 LocalFree (error); | |
| 78 } | |
| 79 continue; | |
| 80 } | |
| 81 | |
| 82 pCert = CertFindCertificateInStore (hStore, | |
| 83 X509_ASN_ENCODING, | |
| 84 0, | |
| 85 CERT_FIND_EXISTING, | |
| 86 pc_to_remove, | |
| 87 NULL); | |
| 88 | |
| 89 CertFreeCertificateContext (pc_to_remove); | |
| 90 | |
| 91 if (pCert == NULL) | |
| 92 { | |
| 93 printf ("Did not find certificate\n"); | |
| 94 continue; | |
| 95 } | |
| 96 | |
| 97 if (!CertDeleteCertificateFromStore (pCert)) | |
| 98 { | |
| 99 /* From MSDN: | |
| 100 The CertDeleteCertificateFromStore function always frees | |
| 101 pCertContext by calling the CertFreeCertificateContext | |
| 102 function, even if an error is encountered. */ | |
| 103 LPWSTR error = getLastErrorMsg(); | |
| 104 printf ("Error deleting certificate. %S", error); | |
| 105 LocalFree (error); | |
| 106 continue; | |
| 107 } | |
| 108 } | |
| 109 return; | |
| 110 } | |
| 111 | |
| 112 static void | |
| 113 do_install(HCERTSTORE hStore, char **to_install) | |
| 114 { | |
| 115 int i = 0, | |
| 116 ret = -1; | |
| 117 | |
| 118 if (!to_install) | |
| 119 { | |
| 120 return; | |
| 121 } | |
| 122 | |
| 123 for (i=0; to_install[i]; i++) | |
| 124 { | |
| 125 size_t cert_len = strnlen (to_install[i], MAX_LINE_LENGTH), | |
| 126 buf_size = 0; | |
| 127 char *buf = NULL; | |
| 128 | |
| 129 ret = str_base64_decode (&buf, &buf_size, to_install[i], cert_len); | |
| 130 | |
| 131 if (ret != 0) | |
| 132 { | |
| 133 printf ("decoding certificate failed\n"); | |
| 134 return; | |
| 135 } | |
| 136 | |
| 137 printf ("Adding cert %s\n", to_install[i]); | |
| 138 | |
| 139 ret = CertAddEncodedCertificateToStore (hStore, | |
| 140 X509_ASN_ENCODING, | |
| 141 (PBYTE) buf, | |
| 142 buf_size, | |
| 143 CERT_STORE_ADD_ALWAYS, | |
| 144 NULL); | |
| 145 | |
| 146 if (!ret) | |
| 147 { | |
| 148 LPWSTR error = getLastErrorMsg(); | |
| 149 if (error) | |
| 150 { | |
| 151 printf ("Failed to add certificate: %S \n", error); | |
| 152 LocalFree (error); | |
| 153 } | |
| 154 } | |
| 155 i++; | |
| 156 free (buf); | |
| 157 } | |
| 158 return; | |
| 159 } | |
| 160 | |
| 161 int | |
| 162 write_stores_win (char **to_install, char **to_remove, bool user_store) | |
| 163 { | |
| 39 HCERTSTORE hStore = NULL; | 164 HCERTSTORE hStore = NULL; |
| 165 | |
| 166 if (!to_install && !to_remove) | |
| 167 { | |
| 168 /* Nothing to do */ | |
| 169 return 0; | |
| 170 } | |
| 40 | 171 |
| 41 if (user_store) | 172 if (user_store) |
| 42 { | 173 { |
| 43 hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, | 174 hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, |
| 44 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); | 175 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); |
| 52 if (!hStore) | 183 if (!hStore) |
| 53 { | 184 { |
| 54 return ERR_STORE_ACCESS_DENIED; | 185 return ERR_STORE_ACCESS_DENIED; |
| 55 } | 186 } |
| 56 | 187 |
| 57 for (i=0; to_install[i]; i++) | 188 /* Do the actual work */ |
| 58 { | 189 do_install (hStore, to_install); |
| 59 size_t cert_len = strnlen (to_install[i], MAX_LINE_LENGTH), | |
| 60 buf_size = 0; | |
| 61 char *buf = NULL; | |
| 62 | 190 |
| 63 ret = str_base64_decode (&buf, &buf_size, to_install[i], cert_len); | 191 do_remove (hStore, to_remove); |
| 64 | |
| 65 if (ret != 0) | |
| 66 { | |
| 67 return ERR_INVALID_INSTRUCTIONS; | |
| 68 } | |
| 69 | |
| 70 ret = CertAddEncodedCertificateToStore (hStore, | |
| 71 X509_ASN_ENCODING, | |
| 72 (PBYTE) buf, | |
| 73 buf_size, | |
| 74 CERT_STORE_ADD_ALWAYS, | |
| 75 NULL); | |
| 76 | |
| 77 if (ret == 0) | |
| 78 { | |
| 79 LPWSTR error = getLastErrorMsg(); | |
| 80 if (error) | |
| 81 { | |
| 82 printf ("Failed to add certificate: %S \n", error); | |
| 83 LocalFree (error); | |
| 84 } | |
| 85 } | |
| 86 i++; | |
| 87 free (buf); | |
| 88 } | |
| 89 | |
| 90 for (i=0; to_remove[i]; i++) | |
| 91 { | |
| 92 // TODO | |
| 93 } | |
| 94 | 192 |
| 95 if (hStore) | 193 if (hStore) |
| 96 { | 194 { |
| 97 CertCloseStore (hStore, 0); | 195 CertCloseStore (hStore, 0); |
| 98 } | 196 } |