diff cinst/main.c @ 68:8ffbb48528ae

Add certificate installation for windows
author Andre Heinecke <aheinecke@intevation.de>
date Tue, 18 Mar 2014 18:28:15 +0000
parents e4088afd5281
children 899fcddb92d0
line wrap: on
line diff
--- a/cinst/main.c	Tue Mar 18 18:26:14 2014 +0000
+++ b/cinst/main.c	Tue Mar 18 18:28:15 2014 +0000
@@ -24,19 +24,26 @@
  *  are part of the list to be removed.
  *
  **/
-#define MAX_LINE_LENGTH 1000
-#define MAX_LINES 1000
-#define MAX_INPUT_SIZE 2000000 /* MAX_LINE_LENGTH * (MAX_LINES *2) */
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
 
+#include <polarssl/base64.h>
+
 #include "strhelp.h"
 #include "listutil.h"
 #include "errorcodes.h"
 
+#ifdef WIN32
+#include <windows.h>
+#include <wincrypt.h>
+#endif
+
+/* The certificate list + instructions may only be so long as
+ * twice the accepted certificatelist size */
+#define MAX_INPUT_SIZE MAX_LINE_LENGTH * MAX_LINES * 2
+
 /* @brief Read stdin into data structures.
  *
  * Reads from stdin and sorts the input into the respective
@@ -74,14 +81,17 @@
             continue;
         }
         if (*buf == 'I') {
-            array_append_str(to_install, buf+2, len - 2);
+            /* Remove leading I: and trailing \r\n */
+            array_append_str(to_install, buf+2, len - 4);
             continue;
         }
         if (*buf == 'R') {
-            array_append_str(to_remove, buf+2, len - 2);
+            /* Remove leading R: and trailing \r\n */
+            array_append_str(to_remove, buf+2, len - 4);
             continue;
         }
         if (strcmp("UNINSTALL", buf) == 0) {
+            /* Remove trailing \r\n */
             array_append_str(to_remove, buf, len - 2);
         }
     }
@@ -103,13 +113,88 @@
     return 0;
 }
 */
+
+#ifdef WIN32
+/** @brief Install certificates into Windows store
+ *
+ * @param [in] to_install NULL terminated array of base64 encoded certificates.
+ * @param [in] user_store set to True if the certificates shoudl be installed
+ *             only for the current user. O for system wide installation.
+ * @returns 0 on success an errorcode otherwise.
+ */
+int install_certificates_win(const char **to_install, int user_store)
+{
+    int i = 0;
+    HCERTSTORE hStore = NULL;
+
+    if (!user_store) {
+        // Access user store
+        hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0,
+                               0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
+    } else {
+        // Access machine store
+        hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0,
+                               0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root");
+    }
+
+    if (!hStore) {
+        return ERR_STORE_ACCESS_DENIED;
+    }
+
+    while (to_install[i]) {
+        size_t needed_len = 0;
+        size_t cert_len = strnlen(to_install[i], MAX_LINE_LENGTH);
+        int ret = -1;
+        unsigned char *buf;
+        /* Check the needed size for the buffer */
+        ret = base64_decode(NULL, &needed_len,
+                            (unsigned char *)to_install[i], cert_len);
+
+        if (ret != 0 && ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) {
+            return ERR_INVALID_INSTRUCTIONS;
+        }
+
+        buf = xmalloc(needed_len);
+        memset (buf, 0, needed_len);
+
+        ret = base64_decode(buf, &needed_len,
+                            (unsigned char *)to_install[i], cert_len);
+
+        if (ret != 0) {
+            return ERR_INVALID_INSTRUCTIONS;
+        }
+
+        ret = CertAddEncodedCTLToStore (hStore,
+                                        X509_ASN_ENCODING,
+                                        (PBYTE)buf,
+                                        needed_len,
+                                        CERT_STORE_ADD_ALWAYS,
+                                        NULL);
+
+        if (ret != 0) {
+            printf("Failed to add certificate\n");
+            free(buf);
+            return ret;
+        }
+        free(buf);
+    }
+    if(hStore) {
+        CertCloseStore(hStore, 0);
+    }
+    return 0;
+}
+#endif
+
 int main() {
     char **to_install = NULL;
     char **to_remove = NULL;
     char *certificate_list = NULL;
     size_t list_len = 0;
     int ret = -1;
-
+    /*
+        i = 0 ,
+        uninstall = 0;
+    */
     ret = readInput(&certificate_list, &to_install, &to_remove);
 
     if (ret != 0) {
@@ -132,18 +217,37 @@
         return ERR_NO_INSTRUCTIONS;
     }
 
-    /* Check that the instructions are ok to execute 
+
+    /* Check that the instructions are ok to execute  
     ret = validate_instructions(certificate_list, list_len, to_install,
                                 to_remove);
-
     if (ret != 0) {
         return ERR_INVALID_INSTRUCTIONS;
     }
-    */
+
+    if (to_remove) {
+        for (i=0; to_remove[i]; i++) {
+            if (strncmp("UNINSTALL", to_remove[i], MAX_LINE_LENGTH)) {
+                uninstall = 1;
+                break;
+            }
+        }
+    }
+
+    if (uninstall) {
+        
+    }
+*/
+
+#ifdef WIN32
+    install_certificates_win((const char**) to_install, 1);
+    //remove_certificates_win((const char**) to_remove, 1);
+#endif
+
     /* Make valgrind happy */
-    strfreev (to_install);
-    strfreev (to_remove);
-    free (certificate_list);
+    strfreev(to_install);
+    strfreev(to_remove);
+    free(certificate_list);
 
     return 0;
 }

http://wald.intevation.org/projects/trustbridge/