diff options
| author | Rob Mensching <rob@firegiant.com> | 2021-04-11 14:41:50 -0700 |
|---|---|---|
| committer | Rob Mensching <rob@firegiant.com> | 2021-04-12 15:37:24 -0700 |
| commit | 3e8b7eb4cb739be1881c621999616bc5bbbb0bdb (patch) | |
| tree | 1e6588300f94b85bc62dce1dfe62c78598141581 | |
| parent | 1656cd76e95e78b09d1fd9724c0c02323b5c3428 (diff) | |
| download | wix-3e8b7eb4cb739be1881c621999616bc5bbbb0bdb.tar.gz wix-3e8b7eb4cb739be1881c621999616bc5bbbb0bdb.tar.bz2 wix-3e8b7eb4cb739be1881c621999616bc5bbbb0bdb.zip | |
Support non-vital certificate installs
| -rw-r--r-- | src/ca/scacert.cpp | 5 | ||||
| -rw-r--r-- | src/ca/scacert.h | 1 | ||||
| -rw-r--r-- | src/ca/scacertexec.cpp | 37 | ||||
| -rw-r--r-- | src/wixext/IIsCompiler.cs | 12 |
4 files changed, 48 insertions, 7 deletions
diff --git a/src/ca/scacert.cpp b/src/ca/scacert.cpp index cf979ee7..5eae905a 100644 --- a/src/ca/scacert.cpp +++ b/src/ca/scacert.cpp | |||
| @@ -244,7 +244,7 @@ static HRESULT ConfigureCertificates( | |||
| 244 | ExitOnFailure(hr, "Failed to pass Certificate.Certificate to deferred CustomAction."); | 244 | ExitOnFailure(hr, "Failed to pass Certificate.Certificate to deferred CustomAction."); |
| 245 | hr = WcaWriteStringToCaData(pwzStoreName, &pwzCaData); | 245 | hr = WcaWriteStringToCaData(pwzStoreName, &pwzCaData); |
| 246 | ExitOnFailure(hr, "Failed to pass Certificate.StoreName to deferred CustomAction."); | 246 | ExitOnFailure(hr, "Failed to pass Certificate.StoreName to deferred CustomAction."); |
| 247 | hr = WcaWriteIntegerToCaData(SCA_CERT_ATTRIBUTE_BINARYDATA, &pwzCaData); | 247 | hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCaData); |
| 248 | ExitOnFailure(hr, "Failed to pass Certificate.Attributes to deferred CustomAction."); | 248 | ExitOnFailure(hr, "Failed to pass Certificate.Attributes to deferred CustomAction."); |
| 249 | 249 | ||
| 250 | // Copy the rollback data from the deferred data because it's the same up to this point. | 250 | // Copy the rollback data from the deferred data because it's the same up to this point. |
| @@ -268,6 +268,9 @@ static HRESULT ConfigureCertificates( | |||
| 268 | 268 | ||
| 269 | hr = WcaWriteStringToCaData(pwzPFXPassword, &pwzRollbackCaData); | 269 | hr = WcaWriteStringToCaData(pwzPFXPassword, &pwzRollbackCaData); |
| 270 | ExitOnFailure(hr, "Failed to pass Certificate.PFXPassword to rollback CustomAction."); | 270 | ExitOnFailure(hr, "Failed to pass Certificate.PFXPassword to rollback CustomAction."); |
| 271 | |||
| 272 | hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCaData); | ||
| 273 | ExitOnFailure(hr, "Failed to pass Certificate.Attributes to deferred CustomAction."); | ||
| 271 | } | 274 | } |
| 272 | 275 | ||
| 273 | // Pick the right action to run based on what store we're uninstalling from. | 276 | // Pick the right action to run based on what store we're uninstalling from. |
diff --git a/src/ca/scacert.h b/src/ca/scacert.h index baa6fb8e..39b00d3d 100644 --- a/src/ca/scacert.h +++ b/src/ca/scacert.h | |||
| @@ -11,6 +11,7 @@ enum SCA_CERT_ATTRIBUTES | |||
| 11 | SCA_CERT_ATTRIBUTE_REQUEST = 1, | 11 | SCA_CERT_ATTRIBUTE_REQUEST = 1, |
| 12 | SCA_CERT_ATTRIBUTE_BINARYDATA = 2, | 12 | SCA_CERT_ATTRIBUTE_BINARYDATA = 2, |
| 13 | SCA_CERT_ATTRIBUTE_OVERWRITE = 4, | 13 | SCA_CERT_ATTRIBUTE_OVERWRITE = 4, |
| 14 | SCA_CERT_ATTRIBUTE_VITAL = 8, | ||
| 14 | }; | 15 | }; |
| 15 | 16 | ||
| 16 | 17 | ||
diff --git a/src/ca/scacertexec.cpp b/src/ca/scacertexec.cpp index 4bb4ef95..95870c79 100644 --- a/src/ca/scacertexec.cpp +++ b/src/ca/scacertexec.cpp | |||
| @@ -23,6 +23,7 @@ static HRESULT InstallCertificatePackage( | |||
| 23 | __in LPCWSTR wzName, | 23 | __in LPCWSTR wzName, |
| 24 | __in_opt BYTE* rgbData, | 24 | __in_opt BYTE* rgbData, |
| 25 | __in DWORD cbData, | 25 | __in DWORD cbData, |
| 26 | __in BOOL fVital, | ||
| 26 | __in_opt LPCWSTR wzPFXPassword | 27 | __in_opt LPCWSTR wzPFXPassword |
| 27 | ); | 28 | ); |
| 28 | 29 | ||
| @@ -32,6 +33,12 @@ static HRESULT UninstallCertificatePackage( | |||
| 32 | __in LPCWSTR wzName | 33 | __in LPCWSTR wzName |
| 33 | ); | 34 | ); |
| 34 | 35 | ||
| 36 | static HRESULT AddCertificate( | ||
| 37 | __in HCERTSTORE hStore, | ||
| 38 | __in PCCERT_CONTEXT pCertContext, | ||
| 39 | __in LPCWSTR wzCertificateUniqueName, | ||
| 40 | __in BOOL fVital | ||
| 41 | ); | ||
| 35 | 42 | ||
| 36 | /* **************************************************************** | 43 | /* **************************************************************** |
| 37 | AddUserCertificate - CUSTOM ACTION ENTRY POINT for adding per-user | 44 | AddUserCertificate - CUSTOM ACTION ENTRY POINT for adding per-user |
| @@ -185,7 +192,7 @@ static HRESULT ExecuteCertificateOperation( | |||
| 185 | // CertAddCertificateContextToStore(CERT_STORE_ADD_REPLACE_EXISTING) does not remove the private key if the cert is replaced | 192 | // CertAddCertificateContextToStore(CERT_STORE_ADD_REPLACE_EXISTING) does not remove the private key if the cert is replaced |
| 186 | UninstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName); | 193 | UninstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName); |
| 187 | 194 | ||
| 188 | hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, pwzPFXPassword); | 195 | hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, iAttributes & SCA_CERT_ATTRIBUTE_VITAL, pwzPFXPassword); |
| 189 | ExitOnFailure(hr, "Failed to install certificate."); | 196 | ExitOnFailure(hr, "Failed to install certificate."); |
| 190 | } | 197 | } |
| 191 | else | 198 | else |
| @@ -226,6 +233,7 @@ static HRESULT InstallCertificatePackage( | |||
| 226 | __in LPCWSTR wzName, | 233 | __in LPCWSTR wzName, |
| 227 | __in_opt BYTE* rgbData, | 234 | __in_opt BYTE* rgbData, |
| 228 | __in DWORD cbData, | 235 | __in DWORD cbData, |
| 236 | __in BOOL fVital, | ||
| 229 | __in_opt LPCWSTR wzPFXPassword | 237 | __in_opt LPCWSTR wzPFXPassword |
| 230 | ) | 238 | ) |
| 231 | { | 239 | { |
| @@ -273,8 +281,7 @@ static HRESULT InstallCertificatePackage( | |||
| 273 | pCertContext; | 281 | pCertContext; |
| 274 | pCertContext = ::CertEnumCertificatesInStore(hPfxCertStore, pCertContext)) | 282 | pCertContext = ::CertEnumCertificatesInStore(hPfxCertStore, pCertContext)) |
| 275 | { | 283 | { |
| 276 | WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName); | 284 | hr = AddCertificate(hStore, pCertContext, pwzUniqueName, fVital); |
| 277 | hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName); | ||
| 278 | MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); | 285 | MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); |
| 279 | 286 | ||
| 280 | hr = StrAllocFormatted(&pwzUniqueName, L"%s_wixCert_%d", wzName, ++iUniqueId); | 287 | hr = StrAllocFormatted(&pwzUniqueName, L"%s_wixCert_%d", wzName, ++iUniqueId); |
| @@ -289,8 +296,7 @@ static HRESULT InstallCertificatePackage( | |||
| 289 | } | 296 | } |
| 290 | else | 297 | else |
| 291 | { | 298 | { |
| 292 | WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName); | 299 | hr = AddCertificate(hStore, pCertContext, pwzUniqueName, fVital); |
| 293 | hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName); | ||
| 294 | MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); | 300 | MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); |
| 295 | } | 301 | } |
| 296 | 302 | ||
| @@ -402,3 +408,24 @@ LExit: | |||
| 402 | 408 | ||
| 403 | return hr; | 409 | return hr; |
| 404 | } | 410 | } |
| 411 | |||
| 412 | static HRESULT AddCertificate( | ||
| 413 | __in HCERTSTORE hStore, | ||
| 414 | __in PCCERT_CONTEXT pCertContext, | ||
| 415 | __in LPCWSTR wzCertificateUniqueName, | ||
| 416 | __in BOOL fVital | ||
| 417 | ) | ||
| 418 | { | ||
| 419 | HRESULT hr = S_OK; | ||
| 420 | |||
| 421 | WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", wzCertificateUniqueName); | ||
| 422 | |||
| 423 | hr = CertInstallSingleCertificate(hStore, pCertContext, wzCertificateUniqueName); | ||
| 424 | if (FAILED(hr) && !fVital) | ||
| 425 | { | ||
| 426 | WcaLog(LOGMSG_STANDARD, "Could not add non-vital certificate: %ls due to error: 0x%x, continuing...", wzCertificateUniqueName, hr); | ||
| 427 | hr = S_FALSE; | ||
| 428 | } | ||
| 429 | |||
| 430 | return hr; | ||
| 431 | } | ||
diff --git a/src/wixext/IIsCompiler.cs b/src/wixext/IIsCompiler.cs index 952a4a67..cb573ad1 100644 --- a/src/wixext/IIsCompiler.cs +++ b/src/wixext/IIsCompiler.cs | |||
| @@ -140,7 +140,7 @@ namespace WixToolset.Iis | |||
| 140 | { | 140 | { |
| 141 | var sourceLineNumbers = this.ParseHelper.GetSourceLineNumbers(element); | 141 | var sourceLineNumbers = this.ParseHelper.GetSourceLineNumbers(element); |
| 142 | Identifier id = null; | 142 | Identifier id = null; |
| 143 | int attributes = 0; | 143 | int attributes = 8; // SCA_CERT_ATTRIBUTE_VITAL |
| 144 | string binaryRef = null; | 144 | string binaryRef = null; |
| 145 | string certificatePath = null; | 145 | string certificatePath = null; |
| 146 | string name = null; | 146 | string name = null; |
| @@ -244,6 +244,16 @@ namespace WixToolset.Iis | |||
| 244 | } | 244 | } |
| 245 | } | 245 | } |
| 246 | break; | 246 | break; |
| 247 | case "Vital": | ||
| 248 | if (YesNoType.Yes == this.ParseHelper.GetAttributeYesNoValue(sourceLineNumbers, attrib)) | ||
| 249 | { | ||
| 250 | attributes |= 8; // SCA_CERT_ATTRIBUTE_VITAL | ||
| 251 | } | ||
| 252 | else | ||
| 253 | { | ||
| 254 | attributes &= ~8; // SCA_CERT_ATTRIBUTE_VITAL | ||
| 255 | } | ||
| 256 | break; | ||
| 247 | default: | 257 | default: |
| 248 | this.ParseHelper.UnexpectedAttribute(element, attrib); | 258 | this.ParseHelper.UnexpectedAttribute(element, attrib); |
| 249 | break; | 259 | break; |