Bring back Burn's implementation of signature verification.

partial #6447
author: Sean Hall <r.sean.hall@gmail.com> 2021-05-03 14:41:33 -0500
committer: Sean Hall <r.sean.hall@gmail.com> 2021-05-11 19:11:19 -0500
commit: 2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f (patch)
tree: f2413b7c18e22ecc4398c28df5acdfd9feebd310 /src/burn/engine/payload.cpp
parent: cd921db764df9578733c85c29e8c6c368f4c7e78 (diff)
download: wix-2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f.tar.gz
wix-2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f.tar.bz2
wix-2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/src/burn/engine/payload.cpp b/src/burn/engine/payload.cpp
index 392a3dd4..84c32eec 100644
--- a/src/burn/engine/payload.cpp
+++ b/src/burn/engine/payload.cpp
@@ -132,6 +132,28 @@ extern "C" HRESULT PayloadsParseFromXml(
                fValidFileSize = TRUE;
            }
+            // @CertificateAuthorityKeyIdentifier
+            hr = XmlGetAttributeEx(pixnNode, L"CertificateRootPublicKeyIdentifier", &scz);
+            if (E_NOTFOUND != hr)
+            {
+                ExitOnFailure(hr, "Failed to get @CertificateRootPublicKeyIdentifier.");
+                hr = StrAllocHexDecode(scz, &pPayload->pbCertificateRootPublicKeyIdentifier, &pPayload->cbCertificateRootPublicKeyIdentifier);
+                ExitOnFailure(hr, "Failed to hex decode @CertificateRootPublicKeyIdentifier.");
+                pPayload->verification = BURN_PAYLOAD_VERIFICATION_AUTHENTICODE;
+            }
+            // @CertificateThumbprint
+            hr = XmlGetAttributeEx(pixnNode, L"CertificateRootThumbprint", &scz);
+            if (E_NOTFOUND != hr)
+            {
+                ExitOnFailure(hr, "Failed to get @CertificateRootThumbprint.");
+                hr = StrAllocHexDecode(scz, &pPayload->pbCertificateRootThumbprint, &pPayload->cbCertificateRootThumbprint);
+                ExitOnFailure(hr, "Failed to hex decode @CertificateRootThumbprint.");
+            }
            // @Hash
            hr = XmlGetAttributeEx(pixnNode, L"Hash", &scz);
            if (E_NOTFOUND != hr)
@@ -191,6 +213,8 @@ extern "C" void PayloadUninitialize(
        ReleaseStr(pPayload->sczKey);
        ReleaseStr(pPayload->sczFilePath);
        ReleaseMem(pPayload->pbHash);
+        ReleaseMem(pPayload->pbCertificateRootThumbprint);
+        ReleaseMem(pPayload->pbCertificateRootPublicKeyIdentifier);
        ReleaseStr(pPayload->sczSourcePath);
        ReleaseStr(pPayload->sczLocalFilePath);
        ReleaseStr(pPayload->downloadSource.sczUrl);
author	Sean Hall <r.sean.hall@gmail.com>	2021-05-03 14:41:33 -0500
committer	Sean Hall <r.sean.hall@gmail.com>	2021-05-11 19:11:19 -0500
commit	2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f (patch)
tree	f2413b7c18e22ecc4398c28df5acdfd9feebd310 /src/burn/engine/payload.cpp
parent	cd921db764df9578733c85c29e8c6c368f4c7e78 (diff)
download	wix-2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f.tar.gz wix-2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f.tar.bz2 wix-2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f.zip

diff --git a/src/burn/engine/payload.cpp b/src/burn/engine/payload.cpp index 392a3dd4..84c32eec 100644 --- a/src/burn/engine/payload.cpp +++ b/src/burn/engine/payload.cpp
@@ -132,6 +132,28 @@ extern "C" HRESULT PayloadsParseFromXml(
132	fValidFileSize = TRUE;	132	fValidFileSize = TRUE;
133	}	133	}
134		134
		135	// @CertificateAuthorityKeyIdentifier
		136	hr = XmlGetAttributeEx(pixnNode, L"CertificateRootPublicKeyIdentifier", &scz);
		137	if (E_NOTFOUND != hr)
		138	{
		139	ExitOnFailure(hr, "Failed to get @CertificateRootPublicKeyIdentifier.");
		140
		141	hr = StrAllocHexDecode(scz, &pPayload->pbCertificateRootPublicKeyIdentifier, &pPayload->cbCertificateRootPublicKeyIdentifier);
		142	ExitOnFailure(hr, "Failed to hex decode @CertificateRootPublicKeyIdentifier.");
		143
		144	pPayload->verification = BURN_PAYLOAD_VERIFICATION_AUTHENTICODE;
		145	}
		146
		147	// @CertificateThumbprint
		148	hr = XmlGetAttributeEx(pixnNode, L"CertificateRootThumbprint", &scz);
		149	if (E_NOTFOUND != hr)
		150	{
		151	ExitOnFailure(hr, "Failed to get @CertificateRootThumbprint.");
		152
		153	hr = StrAllocHexDecode(scz, &pPayload->pbCertificateRootThumbprint, &pPayload->cbCertificateRootThumbprint);
		154	ExitOnFailure(hr, "Failed to hex decode @CertificateRootThumbprint.");
		155	}
		156
135	// @Hash	157	// @Hash
136	hr = XmlGetAttributeEx(pixnNode, L"Hash", &scz);	158	hr = XmlGetAttributeEx(pixnNode, L"Hash", &scz);
137	if (E_NOTFOUND != hr)	159	if (E_NOTFOUND != hr)
@@ -191,6 +213,8 @@ extern "C" void PayloadUninitialize(
191	ReleaseStr(pPayload->sczKey);	213	ReleaseStr(pPayload->sczKey);
192	ReleaseStr(pPayload->sczFilePath);	214	ReleaseStr(pPayload->sczFilePath);
193	ReleaseMem(pPayload->pbHash);	215	ReleaseMem(pPayload->pbHash);
		216	ReleaseMem(pPayload->pbCertificateRootThumbprint);
		217	ReleaseMem(pPayload->pbCertificateRootPublicKeyIdentifier);
194	ReleaseStr(pPayload->sczSourcePath);	218	ReleaseStr(pPayload->sczSourcePath);
195	ReleaseStr(pPayload->sczLocalFilePath);	219	ReleaseStr(pPayload->sczLocalFilePath);
196	ReleaseStr(pPayload->downloadSource.sczUrl);	220	ReleaseStr(pPayload->downloadSource.sczUrl);