Mercurial > trustbridge
comparison cinst/main.c @ 68:8ffbb48528ae
Add certificate installation for windows
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Tue, 18 Mar 2014 18:28:15 +0000 |
| parents | e4088afd5281 |
| children | 899fcddb92d0 |
comparison
equal
deleted
inserted
replaced
| 67:1bf41957418f | 68:8ffbb48528ae |
|---|---|
| 22 * The special instruction "UNINSTALL" will cause the installer | 22 * The special instruction "UNINSTALL" will cause the installer |
| 23 * to remove all certificates (Even those marked with I) that | 23 * to remove all certificates (Even those marked with I) that |
| 24 * are part of the list to be removed. | 24 * are part of the list to be removed. |
| 25 * | 25 * |
| 26 **/ | 26 **/ |
| 27 #define MAX_LINE_LENGTH 1000 | |
| 28 #define MAX_LINES 1000 | |
| 29 #define MAX_INPUT_SIZE 2000000 /* MAX_LINE_LENGTH * (MAX_LINES *2) */ | |
| 30 | |
| 31 #include <stdio.h> | 27 #include <stdio.h> |
| 32 #include <stdlib.h> | 28 #include <stdlib.h> |
| 33 #include <string.h> | 29 #include <string.h> |
| 34 #include <assert.h> | 30 #include <assert.h> |
| 35 | 31 |
| 32 #include <polarssl/base64.h> | |
| 33 | |
| 36 #include "strhelp.h" | 34 #include "strhelp.h" |
| 37 #include "listutil.h" | 35 #include "listutil.h" |
| 38 #include "errorcodes.h" | 36 #include "errorcodes.h" |
| 37 | |
| 38 #ifdef WIN32 | |
| 39 #include <windows.h> | |
| 40 #include <wincrypt.h> | |
| 41 #endif | |
| 42 | |
| 43 /* The certificate list + instructions may only be so long as | |
| 44 * twice the accepted certificatelist size */ | |
| 45 #define MAX_INPUT_SIZE MAX_LINE_LENGTH * MAX_LINES * 2 | |
| 39 | 46 |
| 40 /* @brief Read stdin into data structures. | 47 /* @brief Read stdin into data structures. |
| 41 * | 48 * |
| 42 * Reads from stdin and sorts the input into the respective | 49 * Reads from stdin and sorts the input into the respective |
| 43 * variables. The pointers returned need to be freed by the caller. | 50 * variables. The pointers returned need to be freed by the caller. |
| 72 if (readingList) { | 79 if (readingList) { |
| 73 str_append_str(certificate_list, buf, len); | 80 str_append_str(certificate_list, buf, len); |
| 74 continue; | 81 continue; |
| 75 } | 82 } |
| 76 if (*buf == 'I') { | 83 if (*buf == 'I') { |
| 77 array_append_str(to_install, buf+2, len - 2); | 84 /* Remove leading I: and trailing \r\n */ |
| 85 array_append_str(to_install, buf+2, len - 4); | |
| 78 continue; | 86 continue; |
| 79 } | 87 } |
| 80 if (*buf == 'R') { | 88 if (*buf == 'R') { |
| 81 array_append_str(to_remove, buf+2, len - 2); | 89 /* Remove leading R: and trailing \r\n */ |
| 90 array_append_str(to_remove, buf+2, len - 4); | |
| 82 continue; | 91 continue; |
| 83 } | 92 } |
| 84 if (strcmp("UNINSTALL", buf) == 0) { | 93 if (strcmp("UNINSTALL", buf) == 0) { |
| 94 /* Remove trailing \r\n */ | |
| 85 array_append_str(to_remove, buf, len - 2); | 95 array_append_str(to_remove, buf, len - 2); |
| 86 } | 96 } |
| 87 } | 97 } |
| 88 | 98 |
| 89 return 0; | 99 return 0; |
| 101 (void) list_len; | 111 (void) list_len; |
| 102 | 112 |
| 103 return 0; | 113 return 0; |
| 104 } | 114 } |
| 105 */ | 115 */ |
| 116 | |
| 117 #ifdef WIN32 | |
| 118 /** @brief Install certificates into Windows store | |
| 119 * | |
| 120 * @param [in] to_install NULL terminated array of base64 encoded certificates. | |
| 121 * @param [in] user_store set to True if the certificates shoudl be installed | |
| 122 * only for the current user. O for system wide installation. | |
| 123 * @returns 0 on success an errorcode otherwise. | |
| 124 */ | |
| 125 int install_certificates_win(const char **to_install, int user_store) | |
| 126 { | |
| 127 int i = 0; | |
| 128 HCERTSTORE hStore = NULL; | |
| 129 | |
| 130 if (!user_store) { | |
| 131 // Access user store | |
| 132 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, | |
| 133 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); | |
| 134 } else { | |
| 135 // Access machine store | |
| 136 hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, | |
| 137 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root"); | |
| 138 } | |
| 139 | |
| 140 if (!hStore) { | |
| 141 return ERR_STORE_ACCESS_DENIED; | |
| 142 } | |
| 143 | |
| 144 while (to_install[i]) { | |
| 145 size_t needed_len = 0; | |
| 146 size_t cert_len = strnlen(to_install[i], MAX_LINE_LENGTH); | |
| 147 int ret = -1; | |
| 148 unsigned char *buf; | |
| 149 /* Check the needed size for the buffer */ | |
| 150 ret = base64_decode(NULL, &needed_len, | |
| 151 (unsigned char *)to_install[i], cert_len); | |
| 152 | |
| 153 if (ret != 0 && ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) { | |
| 154 return ERR_INVALID_INSTRUCTIONS; | |
| 155 } | |
| 156 | |
| 157 buf = xmalloc(needed_len); | |
| 158 memset (buf, 0, needed_len); | |
| 159 | |
| 160 ret = base64_decode(buf, &needed_len, | |
| 161 (unsigned char *)to_install[i], cert_len); | |
| 162 | |
| 163 if (ret != 0) { | |
| 164 return ERR_INVALID_INSTRUCTIONS; | |
| 165 } | |
| 166 | |
| 167 ret = CertAddEncodedCTLToStore (hStore, | |
| 168 X509_ASN_ENCODING, | |
| 169 (PBYTE)buf, | |
| 170 needed_len, | |
| 171 CERT_STORE_ADD_ALWAYS, | |
| 172 NULL); | |
| 173 | |
| 174 if (ret != 0) { | |
| 175 printf("Failed to add certificate\n"); | |
| 176 free(buf); | |
| 177 return ret; | |
| 178 } | |
| 179 free(buf); | |
| 180 } | |
| 181 if(hStore) { | |
| 182 CertCloseStore(hStore, 0); | |
| 183 } | |
| 184 return 0; | |
| 185 } | |
| 186 #endif | |
| 187 | |
| 106 int main() { | 188 int main() { |
| 107 char **to_install = NULL; | 189 char **to_install = NULL; |
| 108 char **to_remove = NULL; | 190 char **to_remove = NULL; |
| 109 char *certificate_list = NULL; | 191 char *certificate_list = NULL; |
| 110 size_t list_len = 0; | 192 size_t list_len = 0; |
| 111 int ret = -1; | 193 int ret = -1; |
| 112 | 194 /* |
| 195 i = 0 , | |
| 196 uninstall = 0; | |
| 197 */ | |
| 113 ret = readInput(&certificate_list, &to_install, &to_remove); | 198 ret = readInput(&certificate_list, &to_install, &to_remove); |
| 114 | 199 |
| 115 if (ret != 0) { | 200 if (ret != 0) { |
| 116 return ret; | 201 return ret; |
| 117 } | 202 } |
| 130 | 215 |
| 131 if (!strv_length(to_install) && !strv_length(to_remove)) { | 216 if (!strv_length(to_install) && !strv_length(to_remove)) { |
| 132 return ERR_NO_INSTRUCTIONS; | 217 return ERR_NO_INSTRUCTIONS; |
| 133 } | 218 } |
| 134 | 219 |
| 135 /* Check that the instructions are ok to execute | 220 |
| 221 /* Check that the instructions are ok to execute | |
| 136 ret = validate_instructions(certificate_list, list_len, to_install, | 222 ret = validate_instructions(certificate_list, list_len, to_install, |
| 137 to_remove); | 223 to_remove); |
| 138 | |
| 139 if (ret != 0) { | 224 if (ret != 0) { |
| 140 return ERR_INVALID_INSTRUCTIONS; | 225 return ERR_INVALID_INSTRUCTIONS; |
| 141 } | 226 } |
| 142 */ | 227 |
| 228 if (to_remove) { | |
| 229 for (i=0; to_remove[i]; i++) { | |
| 230 if (strncmp("UNINSTALL", to_remove[i], MAX_LINE_LENGTH)) { | |
| 231 uninstall = 1; | |
| 232 break; | |
| 233 } | |
| 234 } | |
| 235 } | |
| 236 | |
| 237 if (uninstall) { | |
| 238 | |
| 239 } | |
| 240 */ | |
| 241 | |
| 242 #ifdef WIN32 | |
| 243 install_certificates_win((const char**) to_install, 1); | |
| 244 //remove_certificates_win((const char**) to_remove, 1); | |
| 245 #endif | |
| 246 | |
| 143 /* Make valgrind happy */ | 247 /* Make valgrind happy */ |
| 144 strfreev (to_install); | 248 strfreev(to_install); |
| 145 strfreev (to_remove); | 249 strfreev(to_remove); |
| 146 free (certificate_list); | 250 free(certificate_list); |
| 147 | 251 |
| 148 return 0; | 252 return 0; |
| 149 } | 253 } |