diff options
Diffstat (limited to '')
-rw-r--r-- | src/dutil/certutil.cpp | 59 |
1 files changed, 37 insertions, 22 deletions
diff --git a/src/dutil/certutil.cpp b/src/dutil/certutil.cpp index 9c0ee256..69897b9e 100644 --- a/src/dutil/certutil.cpp +++ b/src/dutil/certutil.cpp | |||
@@ -2,6 +2,21 @@ | |||
2 | 2 | ||
3 | #include "precomp.h" | 3 | #include "precomp.h" |
4 | 4 | ||
5 | |||
6 | // Exit macros | ||
7 | #define CertExitOnLastError(x, s, ...) ExitOnLastErrorSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__) | ||
8 | #define CertExitOnLastErrorDebugTrace(x, s, ...) ExitOnLastErrorDebugTraceSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__) | ||
9 | #define CertExitWithLastError(x, s, ...) ExitWithLastErrorSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__) | ||
10 | #define CertExitOnFailure(x, s, ...) ExitOnFailureSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__) | ||
11 | #define CertExitOnRootFailure(x, s, ...) ExitOnRootFailureSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__) | ||
12 | #define CertExitOnFailureDebugTrace(x, s, ...) ExitOnFailureDebugTraceSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__) | ||
13 | #define CertExitOnNull(p, x, e, s, ...) ExitOnNullSource(DUTIL_SOURCE_CERTUTIL, p, x, e, s, __VA_ARGS__) | ||
14 | #define CertExitOnNullWithLastError(p, x, s, ...) ExitOnNullWithLastErrorSource(DUTIL_SOURCE_CERTUTIL, p, x, s, __VA_ARGS__) | ||
15 | #define CertExitOnNullDebugTrace(p, x, e, s, ...) ExitOnNullDebugTraceSource(DUTIL_SOURCE_CERTUTIL, p, x, e, s, __VA_ARGS__) | ||
16 | #define CertExitOnInvalidHandleWithLastError(p, x, s, ...) ExitOnInvalidHandleWithLastErrorSource(DUTIL_SOURCE_CERTUTIL, p, x, s, __VA_ARGS__) | ||
17 | #define CertExitOnWin32Error(e, x, s, ...) ExitOnWin32ErrorSource(DUTIL_SOURCE_CERTUTIL, e, x, s, __VA_ARGS__) | ||
18 | #define CertExitOnGdipFailure(g, x, s, ...) ExitOnGdipFailureSource(DUTIL_SOURCE_CERTUTIL, g, x, s, __VA_ARGS__) | ||
19 | |||
5 | /******************************************************************** | 20 | /******************************************************************** |
6 | CertReadProperty - reads a property from the certificate. | 21 | CertReadProperty - reads a property from the certificate. |
7 | 22 | ||
@@ -20,15 +35,15 @@ extern "C" HRESULT DAPI CertReadProperty( | |||
20 | 35 | ||
21 | if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, NULL, &cb)) | 36 | if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, NULL, &cb)) |
22 | { | 37 | { |
23 | ExitWithLastError(hr, "Failed to get size of certificate property."); | 38 | CertExitWithLastError(hr, "Failed to get size of certificate property."); |
24 | } | 39 | } |
25 | 40 | ||
26 | pv = MemAlloc(cb, TRUE); | 41 | pv = MemAlloc(cb, TRUE); |
27 | ExitOnNull(pv, hr, E_OUTOFMEMORY, "Failed to allocate memory for certificate property."); | 42 | CertExitOnNull(pv, hr, E_OUTOFMEMORY, "Failed to allocate memory for certificate property."); |
28 | 43 | ||
29 | if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, pv, &cb)) | 44 | if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, pv, &cb)) |
30 | { | 45 | { |
31 | ExitWithLastError(hr, "Failed to get certificate property."); | 46 | CertExitWithLastError(hr, "Failed to get certificate property."); |
32 | } | 47 | } |
33 | 48 | ||
34 | *ppvValue = pv; | 49 | *ppvValue = pv; |
@@ -70,11 +85,11 @@ extern "C" HRESULT DAPI CertGetAuthenticodeSigningTimestamp( | |||
70 | if (!pBlob) | 85 | if (!pBlob) |
71 | { | 86 | { |
72 | hr = TRUST_E_FAIL; | 87 | hr = TRUST_E_FAIL; |
73 | ExitOnFailure(hr, "Failed to find countersigner in signer information."); | 88 | CertExitOnFailure(hr, "Failed to find countersigner in signer information."); |
74 | } | 89 | } |
75 | 90 | ||
76 | hr = CrypDecodeObject(PKCS7_SIGNER_INFO, pBlob->pbData, pBlob->cbData, 0, reinterpret_cast<LPVOID*>(&pCounterSignerInfo), NULL); | 91 | hr = CrypDecodeObject(PKCS7_SIGNER_INFO, pBlob->pbData, pBlob->cbData, 0, reinterpret_cast<LPVOID*>(&pCounterSignerInfo), NULL); |
77 | ExitOnFailure(hr, "Failed to decode countersigner information."); | 92 | CertExitOnFailure(hr, "Failed to decode countersigner information."); |
78 | 93 | ||
79 | pBlob = NULL; // reset the blob before searching for the signing time. | 94 | pBlob = NULL; // reset the blob before searching for the signing time. |
80 | 95 | ||
@@ -91,12 +106,12 @@ extern "C" HRESULT DAPI CertGetAuthenticodeSigningTimestamp( | |||
91 | if (!pBlob) | 106 | if (!pBlob) |
92 | { | 107 | { |
93 | hr = TRUST_E_FAIL; | 108 | hr = TRUST_E_FAIL; |
94 | ExitOnFailure(hr, "Failed to find signing time in countersigner information."); | 109 | CertExitOnFailure(hr, "Failed to find signing time in countersigner information."); |
95 | } | 110 | } |
96 | 111 | ||
97 | if (!::CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, pBlob->pbData, pBlob->cbData, 0, pftSigningTimestamp, &cbSigningTimestamp)) | 112 | if (!::CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, pBlob->pbData, pBlob->cbData, 0, pftSigningTimestamp, &cbSigningTimestamp)) |
98 | { | 113 | { |
99 | ExitWithLastError(hr, "Failed to decode countersigner signing timestamp."); | 114 | CertExitWithLastError(hr, "Failed to decode countersigner signing timestamp."); |
100 | } | 115 | } |
101 | 116 | ||
102 | LExit: | 117 | LExit: |
@@ -124,10 +139,10 @@ extern "C" HRESULT DAPI GetCryptProvFromCert( | |||
124 | GETCRYPTPROVFROMCERTPTR pGetCryptProvFromCert = NULL; | 139 | GETCRYPTPROVFROMCERTPTR pGetCryptProvFromCert = NULL; |
125 | 140 | ||
126 | hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32); | 141 | hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32); |
127 | ExitOnFailure(hr, "Failed to get handle to MsSign32.dll"); | 142 | CertExitOnFailure(hr, "Failed to get handle to MsSign32.dll"); |
128 | 143 | ||
129 | pGetCryptProvFromCert = (GETCRYPTPROVFROMCERTPTR)::GetProcAddress(hMsSign32, "GetCryptProvFromCert"); | 144 | pGetCryptProvFromCert = (GETCRYPTPROVFROMCERTPTR)::GetProcAddress(hMsSign32, "GetCryptProvFromCert"); |
130 | ExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll"); | 145 | CertExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll"); |
131 | 146 | ||
132 | if (!pGetCryptProvFromCert(hwnd, | 147 | if (!pGetCryptProvFromCert(hwnd, |
133 | pCert, | 148 | pCert, |
@@ -138,7 +153,7 @@ extern "C" HRESULT DAPI GetCryptProvFromCert( | |||
138 | ppwszProviderName, | 153 | ppwszProviderName, |
139 | pdwProviderType)) | 154 | pdwProviderType)) |
140 | { | 155 | { |
141 | ExitWithLastError(hr, "Failed to get CSP from cert."); | 156 | CertExitWithLastError(hr, "Failed to get CSP from cert."); |
142 | } | 157 | } |
143 | LExit: | 158 | LExit: |
144 | return hr; | 159 | return hr; |
@@ -159,10 +174,10 @@ extern "C" HRESULT DAPI FreeCryptProvFromCert( | |||
159 | FREECRYPTPROVFROMCERT pFreeCryptProvFromCert = NULL; | 174 | FREECRYPTPROVFROMCERT pFreeCryptProvFromCert = NULL; |
160 | 175 | ||
161 | hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32); | 176 | hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32); |
162 | ExitOnFailure(hr, "Failed to get handle to MsSign32.dll"); | 177 | CertExitOnFailure(hr, "Failed to get handle to MsSign32.dll"); |
163 | 178 | ||
164 | pFreeCryptProvFromCert = (FREECRYPTPROVFROMCERT)::GetProcAddress(hMsSign32, "FreeCryptProvFromCert"); | 179 | pFreeCryptProvFromCert = (FREECRYPTPROVFROMCERT)::GetProcAddress(hMsSign32, "FreeCryptProvFromCert"); |
165 | ExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll"); | 180 | CertExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll"); |
166 | 181 | ||
167 | pFreeCryptProvFromCert(fAcquired, hProv, pwszCapiProvider, dwProviderType, pwszTmpContainer); | 182 | pFreeCryptProvFromCert(fAcquired, hProv, pwszCapiProvider, dwProviderType, pwszTmpContainer); |
168 | LExit: | 183 | LExit: |
@@ -185,12 +200,12 @@ extern "C" HRESULT DAPI GetProvSecurityDesc( | |||
185 | &ulSize, | 200 | &ulSize, |
186 | DACL_SECURITY_INFORMATION)) | 201 | DACL_SECURITY_INFORMATION)) |
187 | { | 202 | { |
188 | ExitWithLastError(hr, "Error getting security descriptor size for CSP."); | 203 | CertExitWithLastError(hr, "Error getting security descriptor size for CSP."); |
189 | } | 204 | } |
190 | 205 | ||
191 | // Allocate the memory for the security descriptor. | 206 | // Allocate the memory for the security descriptor. |
192 | pSecurity = static_cast<SECURITY_DESCRIPTOR *>(MemAlloc(ulSize, TRUE)); | 207 | pSecurity = static_cast<SECURITY_DESCRIPTOR *>(MemAlloc(ulSize, TRUE)); |
193 | ExitOnNullWithLastError(pSecurity, hr, "Error allocating memory for CSP DACL"); | 208 | CertExitOnNullWithLastError(pSecurity, hr, "Error allocating memory for CSP DACL"); |
194 | 209 | ||
195 | // Get the security descriptor. | 210 | // Get the security descriptor. |
196 | if (!::CryptGetProvParam( | 211 | if (!::CryptGetProvParam( |
@@ -201,7 +216,7 @@ extern "C" HRESULT DAPI GetProvSecurityDesc( | |||
201 | DACL_SECURITY_INFORMATION)) | 216 | DACL_SECURITY_INFORMATION)) |
202 | { | 217 | { |
203 | MemFree(pSecurity); | 218 | MemFree(pSecurity); |
204 | ExitWithLastError(hr, "Error getting security descriptor for CSP."); | 219 | CertExitWithLastError(hr, "Error getting security descriptor for CSP."); |
205 | } | 220 | } |
206 | *ppSecurity = pSecurity; | 221 | *ppSecurity = pSecurity; |
207 | 222 | ||
@@ -223,7 +238,7 @@ extern "C" HRESULT DAPI SetProvSecurityDesc( | |||
223 | (BYTE*)pSecurity, | 238 | (BYTE*)pSecurity, |
224 | DACL_SECURITY_INFORMATION)) | 239 | DACL_SECURITY_INFORMATION)) |
225 | { | 240 | { |
226 | ExitWithLastError(hr, "Error setting security descriptor for CSP."); | 241 | CertExitWithLastError(hr, "Error setting security descriptor for CSP."); |
227 | } | 242 | } |
228 | LExit: | 243 | LExit: |
229 | return hr; | 244 | return hr; |
@@ -278,12 +293,12 @@ extern "C" HRESULT DAPI CertInstallSingleCertificate( | |||
278 | 293 | ||
279 | if (!::CertSetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, 0, &blob)) | 294 | if (!::CertSetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, 0, &blob)) |
280 | { | 295 | { |
281 | ExitWithLastError(hr, "Failed to set the friendly name of the certificate: %ls", wzName); | 296 | CertExitWithLastError(hr, "Failed to set the friendly name of the certificate: %ls", wzName); |
282 | } | 297 | } |
283 | 298 | ||
284 | if (!::CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) | 299 | if (!::CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) |
285 | { | 300 | { |
286 | ExitWithLastError(hr, "Failed to add certificate to the store."); | 301 | CertExitWithLastError(hr, "Failed to add certificate to the store."); |
287 | } | 302 | } |
288 | 303 | ||
289 | // if the certificate has a private key, grant Administrators access | 304 | // if the certificate has a private key, grant Administrators access |
@@ -293,16 +308,16 @@ extern "C" HRESULT DAPI CertInstallSingleCertificate( | |||
293 | { | 308 | { |
294 | // We added a CSP key | 309 | // We added a CSP key |
295 | hr = GetCryptProvFromCert(NULL, pCertContext, &hCsp, &dwKeySpec, &fAcquired, &pwszTmpContainer, &pwszProviderName, &dwProviderType); | 310 | hr = GetCryptProvFromCert(NULL, pCertContext, &hCsp, &dwKeySpec, &fAcquired, &pwszTmpContainer, &pwszProviderName, &dwProviderType); |
296 | ExitOnFailure(hr, "Failed to get handle to CSP"); | 311 | CertExitOnFailure(hr, "Failed to get handle to CSP"); |
297 | 312 | ||
298 | hr = GetProvSecurityDesc(hCsp, &pSecurity); | 313 | hr = GetProvSecurityDesc(hCsp, &pSecurity); |
299 | ExitOnFailure(hr, "Failed to get security descriptor of CSP"); | 314 | CertExitOnFailure(hr, "Failed to get security descriptor of CSP"); |
300 | 315 | ||
301 | hr = AclAddAdminToSecurityDescriptor(pSecurity, &pSecurityNew); | 316 | hr = AclAddAdminToSecurityDescriptor(pSecurity, &pSecurityNew); |
302 | ExitOnFailure(hr, "Failed to create new security descriptor"); | 317 | CertExitOnFailure(hr, "Failed to create new security descriptor"); |
303 | 318 | ||
304 | hr = SetProvSecurityDesc(hCsp, pSecurityNew); | 319 | hr = SetProvSecurityDesc(hCsp, pSecurityNew); |
305 | ExitOnFailure(hr, "Failed to set Admin ACL on CSP"); | 320 | CertExitOnFailure(hr, "Failed to set Admin ACL on CSP"); |
306 | } | 321 | } |
307 | 322 | ||
308 | if (CERT_NCRYPT_KEY_SPEC == dwKeySpec) | 323 | if (CERT_NCRYPT_KEY_SPEC == dwKeySpec) |