Mercurial > trustbridge
view cinst/windowsstore.c @ 1364:28885e8c891f
(issue177) Read signature time from PKCS#7 object in selftest and binverify
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 21 Nov 2014 18:33:31 +0100 |
parents | 18211dce3106 |
children |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifdef WIN32 #include <stdio.h> #include "windowsstore.h" #include "errorcodes.h" #include "listutil.h" #include "strhelp.h" #include "logging.h" #include "util.h" #include "certhelp.h" void debug_print_subject(PCCERT_CONTEXT pCert) { char pszNameString[256]; if (!pCert || !g_debug) { return; } if(CertGetNameString(pCert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, pszNameString, 128)) { DEBUGPRINTF("Certificate Subject: %s", pszNameString); } } void do_remove(HCERTSTORE hStore, char **to_remove) { PCCERT_CONTEXT pCert = NULL; unsigned int i = 0; bool elevated = is_elevated(); if (!to_remove) { return; } for (i=0; to_remove[i]; i++) { PCCERT_CONTEXT pc_to_remove = NULL; pc_to_remove = b64_to_cert_context(to_remove[i], strnlen(to_remove[i], MAX_LINE_LENGTH)); if (pc_to_remove == NULL) { char *error = getLastErrorMsg(); if (error) { ERRORPRINTF ("Failed to create cert context: %s \n", error); free (error); } continue; } pCert = CertFindCertificateInStore (hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_EXISTING, pc_to_remove, NULL); if (pCert == NULL) { DEBUGPRINTF ("Did not find certificate\n"); debug_print_subject (pc_to_remove); CertFreeCertificateContext (pc_to_remove); continue; } CertFreeCertificateContext (pc_to_remove); if (!CertDeleteCertificateFromStore (pCert)) { /* From MSDN: The CertDeleteCertificateFromStore function always frees pCertContext by calling the CertFreeCertificateContext function, even if an error is encountered. */ char *error = getLastErrorMsg(); ERRORPRINTF ("Error deleting certificate. %s", error); debug_print_subject (pCert); free (error); continue; } log_certificate (elevated ? "Local Machine" : "Current User", to_remove[i], false); } return; } void do_install(HCERTSTORE hStore, char **to_install) { int i = 0, ret = -1; bool elevated = is_elevated(); if (!to_install) { return; } for (i = 0; to_install[i]; i++) { PCCERT_CONTEXT pc_to_add = NULL; PCCERT_CONTEXT found_cert = NULL; pc_to_add = b64_to_cert_context(to_install[i], strnlen(to_install[i], MAX_LINE_LENGTH)); if (pc_to_add == NULL) { continue; } found_cert = CertFindCertificateInStore (hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_EXISTING, pc_to_add, NULL); if (found_cert != NULL) { /* DEBUGPRINTF ("Certificate already in store\n"); */ CertFreeCertificateContext (found_cert); CertFreeCertificateContext (pc_to_add); continue; } ret = CertAddCertificateContextToStore (hStore, pc_to_add, CERT_STORE_ADD_ALWAYS, NULL); if (!ret) { char *error = getLastErrorMsg(); if (error) { ERRORPRINTF ("Failed to add certificate: %s \n", error); debug_print_subject (pc_to_add); free (error); } } CertFreeCertificateContext (pc_to_add); log_certificate (elevated ? "Local Machine" : "Current User", to_install[i], true); } return; } int write_stores_win (char **to_install, char **to_remove) { HCERTSTORE hStore = NULL; if (!to_install && !to_remove) { /* Nothing to do */ return 0; } if (!is_elevated()) { hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); } else { hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root"); } if (!hStore) { ERRORPRINTF ("Failed to access store.\n"); return ERR_STORE_ACCESS_DENIED; } /* Do the actual work */ do_install (hStore, to_install); do_remove (hStore, to_remove); if (hStore) { CertCloseStore (hStore, 0); } return 0; } #endif // WIN32