aboutsummaryrefslogtreecommitdiff
path: root/src/dutil/certutil.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/dutil/certutil.cpp')
-rw-r--r--src/dutil/certutil.cpp59
1 files changed, 37 insertions, 22 deletions
diff --git a/src/dutil/certutil.cpp b/src/dutil/certutil.cpp
index 9c0ee256..69897b9e 100644
--- a/src/dutil/certutil.cpp
+++ b/src/dutil/certutil.cpp
@@ -2,6 +2,21 @@
2 2
3#include "precomp.h" 3#include "precomp.h"
4 4
5
6// Exit macros
7#define CertExitOnLastError(x, s, ...) ExitOnLastErrorSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__)
8#define CertExitOnLastErrorDebugTrace(x, s, ...) ExitOnLastErrorDebugTraceSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__)
9#define CertExitWithLastError(x, s, ...) ExitWithLastErrorSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__)
10#define CertExitOnFailure(x, s, ...) ExitOnFailureSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__)
11#define CertExitOnRootFailure(x, s, ...) ExitOnRootFailureSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__)
12#define CertExitOnFailureDebugTrace(x, s, ...) ExitOnFailureDebugTraceSource(DUTIL_SOURCE_CERTUTIL, x, s, __VA_ARGS__)
13#define CertExitOnNull(p, x, e, s, ...) ExitOnNullSource(DUTIL_SOURCE_CERTUTIL, p, x, e, s, __VA_ARGS__)
14#define CertExitOnNullWithLastError(p, x, s, ...) ExitOnNullWithLastErrorSource(DUTIL_SOURCE_CERTUTIL, p, x, s, __VA_ARGS__)
15#define CertExitOnNullDebugTrace(p, x, e, s, ...) ExitOnNullDebugTraceSource(DUTIL_SOURCE_CERTUTIL, p, x, e, s, __VA_ARGS__)
16#define CertExitOnInvalidHandleWithLastError(p, x, s, ...) ExitOnInvalidHandleWithLastErrorSource(DUTIL_SOURCE_CERTUTIL, p, x, s, __VA_ARGS__)
17#define CertExitOnWin32Error(e, x, s, ...) ExitOnWin32ErrorSource(DUTIL_SOURCE_CERTUTIL, e, x, s, __VA_ARGS__)
18#define CertExitOnGdipFailure(g, x, s, ...) ExitOnGdipFailureSource(DUTIL_SOURCE_CERTUTIL, g, x, s, __VA_ARGS__)
19
5/******************************************************************** 20/********************************************************************
6CertReadProperty - reads a property from the certificate. 21CertReadProperty - reads a property from the certificate.
7 22
@@ -20,15 +35,15 @@ extern "C" HRESULT DAPI CertReadProperty(
20 35
21 if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, NULL, &cb)) 36 if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, NULL, &cb))
22 { 37 {
23 ExitWithLastError(hr, "Failed to get size of certificate property."); 38 CertExitWithLastError(hr, "Failed to get size of certificate property.");
24 } 39 }
25 40
26 pv = MemAlloc(cb, TRUE); 41 pv = MemAlloc(cb, TRUE);
27 ExitOnNull(pv, hr, E_OUTOFMEMORY, "Failed to allocate memory for certificate property."); 42 CertExitOnNull(pv, hr, E_OUTOFMEMORY, "Failed to allocate memory for certificate property.");
28 43
29 if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, pv, &cb)) 44 if (!::CertGetCertificateContextProperty(pCertContext, dwProperty, pv, &cb))
30 { 45 {
31 ExitWithLastError(hr, "Failed to get certificate property."); 46 CertExitWithLastError(hr, "Failed to get certificate property.");
32 } 47 }
33 48
34 *ppvValue = pv; 49 *ppvValue = pv;
@@ -70,11 +85,11 @@ extern "C" HRESULT DAPI CertGetAuthenticodeSigningTimestamp(
70 if (!pBlob) 85 if (!pBlob)
71 { 86 {
72 hr = TRUST_E_FAIL; 87 hr = TRUST_E_FAIL;
73 ExitOnFailure(hr, "Failed to find countersigner in signer information."); 88 CertExitOnFailure(hr, "Failed to find countersigner in signer information.");
74 } 89 }
75 90
76 hr = CrypDecodeObject(PKCS7_SIGNER_INFO, pBlob->pbData, pBlob->cbData, 0, reinterpret_cast<LPVOID*>(&pCounterSignerInfo), NULL); 91 hr = CrypDecodeObject(PKCS7_SIGNER_INFO, pBlob->pbData, pBlob->cbData, 0, reinterpret_cast<LPVOID*>(&pCounterSignerInfo), NULL);
77 ExitOnFailure(hr, "Failed to decode countersigner information."); 92 CertExitOnFailure(hr, "Failed to decode countersigner information.");
78 93
79 pBlob = NULL; // reset the blob before searching for the signing time. 94 pBlob = NULL; // reset the blob before searching for the signing time.
80 95
@@ -91,12 +106,12 @@ extern "C" HRESULT DAPI CertGetAuthenticodeSigningTimestamp(
91 if (!pBlob) 106 if (!pBlob)
92 { 107 {
93 hr = TRUST_E_FAIL; 108 hr = TRUST_E_FAIL;
94 ExitOnFailure(hr, "Failed to find signing time in countersigner information."); 109 CertExitOnFailure(hr, "Failed to find signing time in countersigner information.");
95 } 110 }
96 111
97 if (!::CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, pBlob->pbData, pBlob->cbData, 0, pftSigningTimestamp, &cbSigningTimestamp)) 112 if (!::CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, szOID_RSA_signingTime, pBlob->pbData, pBlob->cbData, 0, pftSigningTimestamp, &cbSigningTimestamp))
98 { 113 {
99 ExitWithLastError(hr, "Failed to decode countersigner signing timestamp."); 114 CertExitWithLastError(hr, "Failed to decode countersigner signing timestamp.");
100 } 115 }
101 116
102LExit: 117LExit:
@@ -124,10 +139,10 @@ extern "C" HRESULT DAPI GetCryptProvFromCert(
124 GETCRYPTPROVFROMCERTPTR pGetCryptProvFromCert = NULL; 139 GETCRYPTPROVFROMCERTPTR pGetCryptProvFromCert = NULL;
125 140
126 hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32); 141 hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32);
127 ExitOnFailure(hr, "Failed to get handle to MsSign32.dll"); 142 CertExitOnFailure(hr, "Failed to get handle to MsSign32.dll");
128 143
129 pGetCryptProvFromCert = (GETCRYPTPROVFROMCERTPTR)::GetProcAddress(hMsSign32, "GetCryptProvFromCert"); 144 pGetCryptProvFromCert = (GETCRYPTPROVFROMCERTPTR)::GetProcAddress(hMsSign32, "GetCryptProvFromCert");
130 ExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll"); 145 CertExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll");
131 146
132 if (!pGetCryptProvFromCert(hwnd, 147 if (!pGetCryptProvFromCert(hwnd,
133 pCert, 148 pCert,
@@ -138,7 +153,7 @@ extern "C" HRESULT DAPI GetCryptProvFromCert(
138 ppwszProviderName, 153 ppwszProviderName,
139 pdwProviderType)) 154 pdwProviderType))
140 { 155 {
141 ExitWithLastError(hr, "Failed to get CSP from cert."); 156 CertExitWithLastError(hr, "Failed to get CSP from cert.");
142 } 157 }
143LExit: 158LExit:
144 return hr; 159 return hr;
@@ -159,10 +174,10 @@ extern "C" HRESULT DAPI FreeCryptProvFromCert(
159 FREECRYPTPROVFROMCERT pFreeCryptProvFromCert = NULL; 174 FREECRYPTPROVFROMCERT pFreeCryptProvFromCert = NULL;
160 175
161 hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32); 176 hr = LoadSystemLibrary(L"MsSign32.dll", &hMsSign32);
162 ExitOnFailure(hr, "Failed to get handle to MsSign32.dll"); 177 CertExitOnFailure(hr, "Failed to get handle to MsSign32.dll");
163 178
164 pFreeCryptProvFromCert = (FREECRYPTPROVFROMCERT)::GetProcAddress(hMsSign32, "FreeCryptProvFromCert"); 179 pFreeCryptProvFromCert = (FREECRYPTPROVFROMCERT)::GetProcAddress(hMsSign32, "FreeCryptProvFromCert");
165 ExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll"); 180 CertExitOnNullWithLastError(hMsSign32, hr, "Failed to get handle to MsSign32.dll");
166 181
167 pFreeCryptProvFromCert(fAcquired, hProv, pwszCapiProvider, dwProviderType, pwszTmpContainer); 182 pFreeCryptProvFromCert(fAcquired, hProv, pwszCapiProvider, dwProviderType, pwszTmpContainer);
168LExit: 183LExit:
@@ -185,12 +200,12 @@ extern "C" HRESULT DAPI GetProvSecurityDesc(
185 &ulSize, 200 &ulSize,
186 DACL_SECURITY_INFORMATION)) 201 DACL_SECURITY_INFORMATION))
187 { 202 {
188 ExitWithLastError(hr, "Error getting security descriptor size for CSP."); 203 CertExitWithLastError(hr, "Error getting security descriptor size for CSP.");
189 } 204 }
190 205
191 // Allocate the memory for the security descriptor. 206 // Allocate the memory for the security descriptor.
192 pSecurity = static_cast<SECURITY_DESCRIPTOR *>(MemAlloc(ulSize, TRUE)); 207 pSecurity = static_cast<SECURITY_DESCRIPTOR *>(MemAlloc(ulSize, TRUE));
193 ExitOnNullWithLastError(pSecurity, hr, "Error allocating memory for CSP DACL"); 208 CertExitOnNullWithLastError(pSecurity, hr, "Error allocating memory for CSP DACL");
194 209
195 // Get the security descriptor. 210 // Get the security descriptor.
196 if (!::CryptGetProvParam( 211 if (!::CryptGetProvParam(
@@ -201,7 +216,7 @@ extern "C" HRESULT DAPI GetProvSecurityDesc(
201 DACL_SECURITY_INFORMATION)) 216 DACL_SECURITY_INFORMATION))
202 { 217 {
203 MemFree(pSecurity); 218 MemFree(pSecurity);
204 ExitWithLastError(hr, "Error getting security descriptor for CSP."); 219 CertExitWithLastError(hr, "Error getting security descriptor for CSP.");
205 } 220 }
206 *ppSecurity = pSecurity; 221 *ppSecurity = pSecurity;
207 222
@@ -223,7 +238,7 @@ extern "C" HRESULT DAPI SetProvSecurityDesc(
223 (BYTE*)pSecurity, 238 (BYTE*)pSecurity,
224 DACL_SECURITY_INFORMATION)) 239 DACL_SECURITY_INFORMATION))
225 { 240 {
226 ExitWithLastError(hr, "Error setting security descriptor for CSP."); 241 CertExitWithLastError(hr, "Error setting security descriptor for CSP.");
227 } 242 }
228LExit: 243LExit:
229 return hr; 244 return hr;
@@ -278,12 +293,12 @@ extern "C" HRESULT DAPI CertInstallSingleCertificate(
278 293
279 if (!::CertSetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, 0, &blob)) 294 if (!::CertSetCertificateContextProperty(pCertContext, CERT_FRIENDLY_NAME_PROP_ID, 0, &blob))
280 { 295 {
281 ExitWithLastError(hr, "Failed to set the friendly name of the certificate: %ls", wzName); 296 CertExitWithLastError(hr, "Failed to set the friendly name of the certificate: %ls", wzName);
282 } 297 }
283 298
284 if (!::CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL)) 299 if (!::CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
285 { 300 {
286 ExitWithLastError(hr, "Failed to add certificate to the store."); 301 CertExitWithLastError(hr, "Failed to add certificate to the store.");
287 } 302 }
288 303
289 // if the certificate has a private key, grant Administrators access 304 // if the certificate has a private key, grant Administrators access
@@ -293,16 +308,16 @@ extern "C" HRESULT DAPI CertInstallSingleCertificate(
293 { 308 {
294 // We added a CSP key 309 // We added a CSP key
295 hr = GetCryptProvFromCert(NULL, pCertContext, &hCsp, &dwKeySpec, &fAcquired, &pwszTmpContainer, &pwszProviderName, &dwProviderType); 310 hr = GetCryptProvFromCert(NULL, pCertContext, &hCsp, &dwKeySpec, &fAcquired, &pwszTmpContainer, &pwszProviderName, &dwProviderType);
296 ExitOnFailure(hr, "Failed to get handle to CSP"); 311 CertExitOnFailure(hr, "Failed to get handle to CSP");
297 312
298 hr = GetProvSecurityDesc(hCsp, &pSecurity); 313 hr = GetProvSecurityDesc(hCsp, &pSecurity);
299 ExitOnFailure(hr, "Failed to get security descriptor of CSP"); 314 CertExitOnFailure(hr, "Failed to get security descriptor of CSP");
300 315
301 hr = AclAddAdminToSecurityDescriptor(pSecurity, &pSecurityNew); 316 hr = AclAddAdminToSecurityDescriptor(pSecurity, &pSecurityNew);
302 ExitOnFailure(hr, "Failed to create new security descriptor"); 317 CertExitOnFailure(hr, "Failed to create new security descriptor");
303 318
304 hr = SetProvSecurityDesc(hCsp, pSecurityNew); 319 hr = SetProvSecurityDesc(hCsp, pSecurityNew);
305 ExitOnFailure(hr, "Failed to set Admin ACL on CSP"); 320 CertExitOnFailure(hr, "Failed to set Admin ACL on CSP");
306 } 321 }
307 322
308 if (CERT_NCRYPT_KEY_SPEC == dwKeySpec) 323 if (CERT_NCRYPT_KEY_SPEC == dwKeySpec)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-16 06:46:20 +0000