From fc542c0974840882e5bbba0046c530e2ede34170 Mon Sep 17 00:00:00 2001 From: Rob Mensching Date: Mon, 12 Apr 2021 07:46:35 -0700 Subject: Add support for configuring SNI SSL certificates --- src/ca/cost.h | 1 + src/ca/httpca.vcxproj | 21 +- src/ca/httpca.vcxproj.filters | 3 + src/ca/precomp.h | 7 + src/ca/snisslcert.cpp | 704 +++++++++++++++++++++ src/ca/wixhttpca.cpp | 12 +- src/ca/wixhttpca.def | 3 + .../WixToolsetTest.Http/HttpExtensionFixture.cs | 19 + .../TestData/SniSsl/Package.en-us.wxl | 11 + .../TestData/SniSsl/Package.wxs | 15 + .../TestData/SniSsl/PackageComponents.wxs | 12 + .../TestData/SniSsl/example.txt | 1 + src/wixext/HttpCompiler.cs | 117 ++++ src/wixext/HttpTableDefinitions.cs | 18 + src/wixext/Symbols/HttpSymbolDefinitions.cs | 4 + src/wixext/Symbols/WixHttpSniSslCertSymbol.cs | 95 +++ src/wixlib/HttpExtension_Platform.wxi | 27 + src/wixlib/en-us.wxl | 8 +- 18 files changed, 1063 insertions(+), 15 deletions(-) create mode 100644 src/ca/snisslcert.cpp create mode 100644 src/test/WixToolsetTest.Http/TestData/SniSsl/Package.en-us.wxl create mode 100644 src/test/WixToolsetTest.Http/TestData/SniSsl/Package.wxs create mode 100644 src/test/WixToolsetTest.Http/TestData/SniSsl/PackageComponents.wxs create mode 100644 src/test/WixToolsetTest.Http/TestData/SniSsl/example.txt create mode 100644 src/wixext/Symbols/WixHttpSniSslCertSymbol.cs diff --git a/src/ca/cost.h b/src/ca/cost.h index 283758b0..9677e7e8 100644 --- a/src/ca/cost.h +++ b/src/ca/cost.h @@ -3,3 +3,4 @@ const UINT COST_HTTP_URL_ACL = 2000; +const UINT COST_HTTP_SNI_SSL = 2000; diff --git a/src/ca/httpca.vcxproj b/src/ca/httpca.vcxproj index 9abe7598..fde00ff4 100644 --- a/src/ca/httpca.vcxproj +++ b/src/ca/httpca.vcxproj @@ -3,7 +3,7 @@ - + Debug @@ -13,7 +13,7 @@ Release Win32 - + Debug x64 @@ -30,7 +30,7 @@ ARM64 - + {90743805-C043-47C7-B5FF-8F5EE5C8A2DE} DynamicLibrary @@ -40,27 +40,28 @@ wixhttpca.def WiX Toolset Http CustomAction - + - + - crypt32.lib;httpapi.lib;msi.lib + crypt32.lib;httpapi.lib;msi.lib;rpcrt4.lib;ws2_32.lib - + Create + - + - + This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. @@ -68,4 +69,4 @@ - \ No newline at end of file + diff --git a/src/ca/httpca.vcxproj.filters b/src/ca/httpca.vcxproj.filters index 979b9ef3..2ccd604d 100644 --- a/src/ca/httpca.vcxproj.filters +++ b/src/ca/httpca.vcxproj.filters @@ -21,6 +21,9 @@ Source Files + + Source Files + diff --git a/src/ca/precomp.h b/src/ca/precomp.h index d5143dac..c78d78c1 100644 --- a/src/ca/precomp.h +++ b/src/ca/precomp.h @@ -16,3 +16,10 @@ #include "cost.h" #include "caDecor.h" + +enum eHandleExisting +{ + heReplace = 0, + heIgnore = 1, + heFail = 2 +}; diff --git a/src/ca/snisslcert.cpp b/src/ca/snisslcert.cpp new file mode 100644 index 00000000..466ef0b9 --- /dev/null +++ b/src/ca/snisslcert.cpp @@ -0,0 +1,704 @@ +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + +#include "precomp.h" + +#if _WIN32_WINNT < 0x0602 + +typedef struct _HTTP_SERVICE_CONFIG_SSL_SNI_KEY +{ + SOCKADDR_STORAGE IpPort; + PWSTR Host; +} HTTP_SERVICE_CONFIG_SSL_SNI_KEY, * PHTTP_SERVICE_CONFIG_SSL_SNI_KEY; + +typedef struct _HTTP_SERVICE_CONFIG_SSL_SNI_SET +{ + HTTP_SERVICE_CONFIG_SSL_SNI_KEY KeyDesc; + HTTP_SERVICE_CONFIG_SSL_PARAM ParamDesc; +} HTTP_SERVICE_CONFIG_SSL_SNI_SET, * PHTTP_SERVICE_CONFIG_SSL_SNI_SET; + +typedef struct _HTTP_SERVICE_CONFIG_SSL_SNI_QUERY +{ + HTTP_SERVICE_CONFIG_QUERY_TYPE QueryDesc; + HTTP_SERVICE_CONFIG_SSL_SNI_KEY KeyDesc; + DWORD dwToken; +} HTTP_SERVICE_CONFIG_SSL_SNI_QUERY, * PHTTP_SERVICE_CONFIG_SSL_SNI_QUERY; + +#define HttpServiceConfigSslSniCertInfo static_cast(HttpServiceConfigCache + 1) + +#endif + +static UINT SchedHttpSniSslCerts( + __in WCA_TODO todoSched +); +static HRESULT WriteExistingSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in HTTP_SERVICE_CONFIG_SSL_SNI_SET* pSniSslSet, + __inout_z LPWSTR* psczCustomActionData +); +static HRESULT WriteSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in_z LPCWSTR wzCertificateThumbprint, + __in_z LPCWSTR wzAppId, + __in_z_opt LPCWSTR wzCertificateStore, + __inout_z LPWSTR* psczCustomActionData +); +static HRESULT EnsureAppId( + __inout_z LPWSTR* psczAppId, + __in_opt HTTP_SERVICE_CONFIG_SSL_SNI_SET* pExistingSniSslSet +); +static HRESULT StringFromGuid( + __in REFGUID rguid, + __inout_z LPWSTR* psczGuid +); +static HRESULT AddSniSslCert( + __in_z LPCWSTR wzId, + __in_z LPWSTR wzHost, + __in int iPort, + __in BYTE rgbCertificateThumbprint[], + __in DWORD cbCertificateThumbprint, + __in GUID* pAppId, + __in_z LPWSTR wzSslCertStore +); +static HRESULT GetSniSslCert( + __in_z LPWSTR wzHost, + __in int nPort, + __out HTTP_SERVICE_CONFIG_SSL_SNI_SET** ppSet +); +static HRESULT RemoveSniSslCert( + __in_z LPCWSTR wzId, + __in_z LPWSTR wzHost, + __in int iPort +); +static void SetSniSslCertSetKey( + __in HTTP_SERVICE_CONFIG_SSL_SNI_KEY* pKey, + __in_z LPWSTR wzHost, + __in int iPort +); + + +LPCWSTR vcsWixHttpSniSslCertQuery = +L"SELECT `WixHttpSniSslCert`.`WixHttpSniSslCert`, `WixHttpSniSslCert`.`Host`, `WixHttpSniSslCert`.`Port`, `WixHttpSniSslCert`.`Thumbprint`, `WixHttpSniSslCert`.`AppId`, `WixHttpSniSslCert`.`Store`, `WixHttpSniSslCert`.`HandleExisting`, `WixHttpSniSslCert`.`Component_` " +L"FROM `WixHttpSniSslCert`"; +enum eWixHttpSniSslCertQuery { hurqId = 1, hurqHost, hurqPort, hurqCertificateThumbprint, hurqAppId, hurqCertificateStore, hurqHandleExisting, hurqComponent }; + +/****************************************************************** + SchedWixHttpSniSslCertsInstall - immediate custom action entry + point to prepare adding URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall SchedHttpSniSslCertsInstall( + __in MSIHANDLE hInstall +) +{ + HRESULT hr = S_OK; + + hr = WcaInitialize(hInstall, "SchedHttpSniSslCertsInstall"); + ExitOnFailure(hr, "Failed to initialize"); + + hr = SchedHttpSniSslCerts(WCA_TODO_INSTALL); + +LExit: + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +/****************************************************************** + SchedWixHttpSniSslCertsUninstall - immediate custom action entry + point to prepare removing URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall SchedHttpSniSslCertsUninstall( + __in MSIHANDLE hInstall +) +{ + HRESULT hr = S_OK; + + hr = WcaInitialize(hInstall, "SchedHttpSniSslCertsUninstall"); + ExitOnFailure(hr, "Failed to initialize"); + + hr = SchedHttpSniSslCerts(WCA_TODO_UNINSTALL); + +LExit: + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +/****************************************************************** + ExecHttpSniSslCerts - deferred custom action entry point to + register and remove URL reservations. + +********************************************************************/ +extern "C" UINT __stdcall ExecHttpSniSslCerts( + __in MSIHANDLE hInstall +) +{ + HRESULT hr = S_OK; + BOOL fHttpInitialized = FALSE; + LPWSTR sczCustomActionData = NULL; + LPWSTR wz = NULL; + int iTodo = WCA_TODO_UNKNOWN; + LPWSTR sczId = NULL; + LPWSTR sczHost = NULL; + int iPort = 0; + eHandleExisting handleExisting = heIgnore; + LPWSTR sczCertificateThumbprint = NULL; + LPWSTR sczAppId = NULL; + LPWSTR sczCertificateStore = NULL; + + BOOL fRollback = ::MsiGetMode(hInstall, MSIRUNMODE_ROLLBACK); + BOOL fRemove = FALSE; + BOOL fAdd = FALSE; + BOOL fFailOnExisting = FALSE; + + GUID guidAppId = { }; + BYTE* pbCertificateThumbprint = NULL; + DWORD cbCertificateThumbprint = 0; + + // Initialize. + hr = WcaInitialize(hInstall, "ExecHttpSniSslCerts"); + ExitOnFailure(hr, "Failed to initialize"); + + hr = HRESULT_FROM_WIN32(::HttpInitialize(HTTPAPI_VERSION_1, HTTP_INITIALIZE_CONFIG, NULL)); + ExitOnFailure(hr, "Failed to initialize HTTP Server configuration"); + + fHttpInitialized = TRUE; + + hr = WcaGetProperty(L"CustomActionData", &sczCustomActionData); + ExitOnFailure(hr, "Failed to get CustomActionData"); + WcaLog(LOGMSG_TRACEONLY, "CustomActionData: %ls", sczCustomActionData); + + wz = sczCustomActionData; + while (wz && *wz) + { + // Extract the custom action data and if rolling back, swap INSTALL and UNINSTALL. + hr = WcaReadIntegerFromCaData(&wz, &iTodo); + ExitOnFailure(hr, "Failed to read todo from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczId); + ExitOnFailure(hr, "Failed to read Id from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczHost); + ExitOnFailure(hr, "Failed to read Host from custom action data"); + + hr = WcaReadIntegerFromCaData(&wz, &iPort); + ExitOnFailure(hr, "Failed to read Port from custom action data"); + + hr = WcaReadIntegerFromCaData(&wz, reinterpret_cast(&handleExisting)); + ExitOnFailure(hr, "Failed to read HandleExisting from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczCertificateThumbprint); + ExitOnFailure(hr, "Failed to read CertificateThumbprint from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczAppId); + ExitOnFailure(hr, "Failed to read AppId from custom action data"); + + hr = WcaReadStringFromCaData(&wz, &sczCertificateStore); + ExitOnFailure(hr, "Failed to read CertificateStore from custom action data"); + + switch (iTodo) + { + case WCA_TODO_INSTALL: + case WCA_TODO_REINSTALL: + fRemove = heReplace == handleExisting || fRollback; + fAdd = !fRollback || *sczCertificateThumbprint; + fFailOnExisting = heFail == handleExisting && !fRollback; + break; + + case WCA_TODO_UNINSTALL: + fRemove = !fRollback; + fAdd = fRollback && *sczCertificateThumbprint; + fFailOnExisting = FALSE; + break; + } + + if (fRemove) + { + hr = RemoveSniSslCert(sczId, sczHost, iPort); + if (S_OK == hr) + { + WcaLog(LOGMSG_STANDARD, "Removed SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + else if (FAILED(hr)) + { + if (fRollback) + { + WcaLogError(hr, "Failed to remove SNI SSL certificate to rollback '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + else + { + ExitOnFailure(hr, "Failed to remove SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + } + } + + if (fAdd) + { + WcaLog(LOGMSG_STANDARD, "Adding SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + + hr = StrAllocHexDecode(sczCertificateThumbprint, &pbCertificateThumbprint, &cbCertificateThumbprint); + ExitOnFailure(hr, "Failed to convert thumbprint to bytes for SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + + hr = ::IIDFromString(sczAppId, &guidAppId); + ExitOnFailure(hr, "Failed to convert AppId '%ls' back to GUID for SNI SSL certificate '%ls' for hostname: %ls:%d", sczAppId, sczId, sczHost, iPort); + + hr = AddSniSslCert(sczId, sczHost, iPort, pbCertificateThumbprint, cbCertificateThumbprint, &guidAppId, sczCertificateStore && *sczCertificateStore ? sczCertificateStore : L"MY"); + if (S_FALSE == hr && fFailOnExisting) + { + hr = HRESULT_FROM_WIN32(ERROR_ALREADY_EXISTS); + } + + if (S_OK == hr) + { + WcaLog(LOGMSG_STANDARD, "Added SNI SSL certificate '%ls' for hostname: %ls:%d with thumbprint: %ls", sczId, sczHost, iPort, sczCertificateThumbprint); + } + else if (FAILED(hr)) + { + if (fRollback) + { + WcaLogError(hr, "Failed to add SNI SSL certificate to rollback '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + else + { + ExitOnFailure(hr, "Failed to add SNI SSL certificate '%ls' for hostname: %ls:%d", sczId, sczHost, iPort); + } + } + + ReleaseNullMem(pbCertificateThumbprint); + } + } + +LExit: + ReleaseMem(pbCertificateThumbprint); + ReleaseStr(sczCertificateStore); + ReleaseStr(sczAppId); + ReleaseStr(sczCertificateThumbprint); + ReleaseStr(sczHost); + ReleaseStr(sczId); + ReleaseStr(sczCustomActionData); + + if (fHttpInitialized) + { + ::HttpTerminate(HTTP_INITIALIZE_CONFIG, NULL); + } + + return WcaFinalize(FAILED(hr) ? ERROR_INSTALL_FAILURE : ERROR_SUCCESS); +} + +static UINT SchedHttpSniSslCerts( + __in WCA_TODO todoSched +) +{ + HRESULT hr = S_OK; + UINT er = ERROR_SUCCESS; + BOOL fHttpInitialized = FALSE; + DWORD cCertificates = 0; + + PMSIHANDLE hView = NULL; + PMSIHANDLE hRec = NULL; + PMSIHANDLE hQueryReq = NULL; + PMSIHANDLE hAceView = NULL; + + LPWSTR sczCustomActionData = NULL; + LPWSTR sczRollbackCustomActionData = NULL; + + LPWSTR sczId = NULL; + LPWSTR sczComponent = NULL; + WCA_TODO todoComponent = WCA_TODO_UNKNOWN; + LPWSTR sczHost = NULL; + int iPort = 0; + LPWSTR sczCertificateThumbprint = NULL; + LPWSTR sczAppId = NULL; + LPWSTR sczCertificateStore = NULL; + int iHandleExisting = 0; + + HTTP_SERVICE_CONFIG_SSL_SNI_SET* pExistingSniSslSet = NULL; + + // Anything to do? + hr = WcaTableExists(L"WixHttpSniSslCert"); + ExitOnFailure(hr, "Failed to check if the WixHttpSniSslCert table exists"); + if (S_FALSE == hr) + { + WcaLog(LOGMSG_STANDARD, "WixHttpSniSslCert table doesn't exist, so there are no URL reservations to configure"); + ExitFunction(); + } + + // Query and loop through all the SNI SSL certificates. + hr = WcaOpenExecuteView(vcsWixHttpSniSslCertQuery, &hView); + ExitOnFailure(hr, "Failed to open view on the WixHttpSniSslCert table"); + + hr = HRESULT_FROM_WIN32(::HttpInitialize(HTTPAPI_VERSION_1, HTTP_INITIALIZE_CONFIG, NULL)); + ExitOnFailure(hr, "Failed to initialize HTTP Server configuration"); + + fHttpInitialized = TRUE; + + while (S_OK == (hr = WcaFetchRecord(hView, &hRec))) + { + hr = WcaGetRecordString(hRec, hurqId, &sczId); + ExitOnFailure(hr, "Failed to get WixHttpSniSslCert.WixHttpSniSslCert"); + + hr = WcaGetRecordString(hRec, hurqComponent, &sczComponent); + ExitOnFailure(hr, "Failed to get WixHttpSniSslCert.Component_"); + + // Figure out what we're doing for this reservation, treating reinstall the same as install. + todoComponent = WcaGetComponentToDo(sczComponent); + if ((WCA_TODO_REINSTALL == todoComponent ? WCA_TODO_INSTALL : todoComponent) != todoSched) + { + WcaLog(LOGMSG_STANDARD, "Component '%ls' action state (%d) doesn't match request (%d) for WixHttpSniSslCert '%ls'", sczComponent, todoComponent, todoSched, sczId); + continue; + } + + hr = WcaGetRecordFormattedString(hRec, hurqHost, &sczHost); + ExitOnFailure(hr, "Failed to get WixHttpSniSslCert.Host"); + + hr = WcaGetRecordFormattedInteger(hRec, hurqPort, &iPort); + ExitOnFailure(hr, "Failed to get WixHttpSniSslCert.Port"); + + hr = WcaGetRecordFormattedString(hRec, hurqCertificateThumbprint, &sczCertificateThumbprint); + ExitOnFailure(hr, "Failed to get WixHttpSniSslCert.CertificateThumbprint"); + + if (!sczHost || !*sczHost) + { + hr = E_INVALIDARG; + ExitOnFailure(hr, "Require a Host value for WixHttpSniSslCert '%ls'", sczId); + } + + if (!iPort) + { + hr = E_INVALIDARG; + ExitOnFailure(hr, "Require a Port value for WixHttpSniSslCert '%ls'", sczId); + } + + if (!sczCertificateThumbprint || !*sczCertificateThumbprint) + { + hr = E_INVALIDARG; + ExitOnFailure(hr, "Require a CertificateThumbprint value for WixHttpSniSslCert '%ls'", sczId); + } + + hr = WcaGetRecordFormattedString(hRec, hurqAppId, &sczAppId); + ExitOnFailure(hr, "Failed to get AppId for WixHttpSniSslCert '%ls'", sczId); + + hr = WcaGetRecordFormattedString(hRec, hurqCertificateStore, &sczCertificateStore); + ExitOnFailure(hr, "Failed to get CertificateStore for WixHttpSniSslCert '%ls'", sczId); + + hr = WcaGetRecordInteger(hRec, hurqHandleExisting, &iHandleExisting); + ExitOnFailure(hr, "Failed to get HandleExisting for WixHttpSniSslCert '%ls'", sczId); + + hr = GetSniSslCert(sczHost, iPort, &pExistingSniSslSet); + ExitOnFailure(hr, "Failed to get the existing SNI SSL certificate for WixHttpSniSslCert '%ls'", sczId); + + hr = EnsureAppId(&sczAppId, pExistingSniSslSet); + ExitOnFailure(hr, "Failed to ensure AppId for WixHttpSniSslCert '%ls'", sczId); + + hr = WriteExistingSniSslCert(todoComponent, sczId, sczHost, iPort, iHandleExisting, pExistingSniSslSet, &sczRollbackCustomActionData); + ExitOnFailure(hr, "Failed to write rollback custom action data for WixHttpSniSslCert '%ls'", sczId); + + hr = WriteSniSslCert(todoComponent, sczId, sczHost, iPort, iHandleExisting, sczCertificateThumbprint, sczAppId, sczCertificateStore, &sczCustomActionData); + ExitOnFailure(hr, "Failed to write custom action data for WixHttpSniSslCert '%ls'", sczId); + ++cCertificates; + + ReleaseNullMem(pExistingSniSslSet); + } + + // Reaching the end of the list is not an error. + if (E_NOMOREITEMS == hr) + { + hr = S_OK; + } + ExitOnFailure(hr, "Failure occurred while processing WixHttpSniSslCert table"); + + // Schedule ExecHttpSniSslCerts if there's anything to do. + if (cCertificates) + { + WcaLog(LOGMSG_STANDARD, "Scheduling SNI SSL certificate (%ls)", sczCustomActionData); + WcaLog(LOGMSG_STANDARD, "Scheduling rollback SNI SSL certificate (%ls)", sczRollbackCustomActionData); + + if (WCA_TODO_INSTALL == todoSched) + { + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixRollbackHttpSniSslCertsInstall"), sczRollbackCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule install SNI SSL certificate rollback"); + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixExecHttpSniSslCertsInstall"), sczCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule install SNI SSL certificate execution"); + } + else + { + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixRollbackHttpSniSslCertsUninstall"), sczRollbackCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule uninstall SNI SSL certificate rollback"); + hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"WixExecHttpSniSslCertsUninstall"), sczCustomActionData, cCertificates * COST_HTTP_SNI_SSL); + ExitOnFailure(hr, "Failed to schedule uninstall SNI SSL certificate execution"); + } + } + else + { + WcaLog(LOGMSG_STANDARD, "No SNI SSL certificates scheduled"); + } + +LExit: + ReleaseMem(pExistingSniSslSet); + ReleaseStr(sczCertificateStore); + ReleaseStr(sczAppId); + ReleaseStr(sczCertificateThumbprint); + ReleaseStr(sczHost); + ReleaseStr(sczComponent); + ReleaseStr(sczId); + ReleaseStr(sczRollbackCustomActionData); + ReleaseStr(sczCustomActionData); + + if (fHttpInitialized) + { + ::HttpTerminate(HTTP_INITIALIZE_CONFIG, NULL); + } + + return WcaFinalize(er = FAILED(hr) ? ERROR_INSTALL_FAILURE : er); +} + +static HRESULT WriteExistingSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in HTTP_SERVICE_CONFIG_SSL_SNI_SET* pSniSslSet, + __inout_z LPWSTR* psczCustomActionData +) +{ + HRESULT hr = S_OK; + LPWSTR sczCertificateThumbprint = NULL; + LPWSTR sczAppId = NULL; + LPCWSTR wzCertificateStore = NULL; + + if (pSniSslSet) + { + hr = StrAllocHexEncode(reinterpret_cast(pSniSslSet->ParamDesc.pSslHash), pSniSslSet->ParamDesc.SslHashLength, &sczCertificateThumbprint); + ExitOnFailure(hr, "Failed to convert existing certificate thumbprint to hex for WixHttpSniSslCert '%ls'", wzId); + + hr = StringFromGuid(pSniSslSet->ParamDesc.AppId, &sczAppId); + ExitOnFailure(hr, "Failed to copy existing AppId for WixHttpSniSslCert '%ls'", wzId); + + wzCertificateStore = pSniSslSet->ParamDesc.pSslCertStoreName; + } + + hr = WriteSniSslCert(action, wzId, wzHost, iPort, iHandleExisting, sczCertificateThumbprint ? sczCertificateThumbprint : L"", sczAppId ? sczAppId : L"", wzCertificateStore ? wzCertificateStore : L"", psczCustomActionData); + ExitOnFailure(hr, "Failed to write custom action data for WixHttpSniSslCert '%ls'", wzId); + +LExit: + ReleaseStr(sczAppId); + ReleaseStr(sczCertificateThumbprint); + + return hr; +} + +static HRESULT WriteSniSslCert( + __in WCA_TODO action, + __in_z LPCWSTR wzId, + __in_z LPCWSTR wzHost, + __in int iPort, + __in int iHandleExisting, + __in_z LPCWSTR wzCertificateThumbprint, + __in_z LPCWSTR wzAppId, + __in_z_opt LPCWSTR wzCertificateStore, + __inout_z LPWSTR* psczCustomActionData +) +{ + HRESULT hr = S_OK; + + hr = WcaWriteIntegerToCaData(action, psczCustomActionData); + ExitOnFailure(hr, "Failed to write action to custom action data"); + + hr = WcaWriteStringToCaData(wzId, psczCustomActionData); + ExitOnFailure(hr, "Failed to write id to custom action data"); + + hr = WcaWriteStringToCaData(wzHost, psczCustomActionData); + ExitOnFailure(hr, "Failed to write Host to custom action data"); + + hr = WcaWriteIntegerToCaData(iPort, psczCustomActionData); + ExitOnFailure(hr, "Failed to write Port to custom action data"); + + hr = WcaWriteIntegerToCaData(iHandleExisting, psczCustomActionData); + ExitOnFailure(hr, "Failed to write HandleExisting to custom action data"); + + hr = WcaWriteStringToCaData(wzCertificateThumbprint, psczCustomActionData); + ExitOnFailure(hr, "Failed to write CertificateThumbprint to custom action data"); + + hr = WcaWriteStringToCaData(wzAppId, psczCustomActionData); + ExitOnFailure(hr, "Failed to write AppId to custom action data"); + + hr = WcaWriteStringToCaData(wzCertificateStore ? wzCertificateStore : L"", psczCustomActionData); + ExitOnFailure(hr, "Failed to write CertificateStore to custom action data"); + +LExit: + return hr; +} + +static HRESULT EnsureAppId( + __inout_z LPWSTR* psczAppId, + __in_opt HTTP_SERVICE_CONFIG_SSL_SNI_SET* pExistingSniSslSet +) +{ + HRESULT hr = S_OK; + RPC_STATUS rs = RPC_S_OK; + GUID guid = { }; + + if (!psczAppId || !*psczAppId || !**psczAppId) + { + if (pExistingSniSslSet) + { + hr = StringFromGuid(pExistingSniSslSet->ParamDesc.AppId, psczAppId); + ExitOnFailure(hr, "Failed to ensure AppId guid"); + } + else + { + rs = ::UuidCreate(&guid); + hr = HRESULT_FROM_RPC(rs); + ExitOnRootFailure(hr, "Failed to create guid for AppId"); + + hr = StringFromGuid(guid, psczAppId); + ExitOnFailure(hr, "Failed to ensure AppId guid"); + } + } + +LExit: + return hr; +} + +static HRESULT StringFromGuid( + __in REFGUID rguid, + __inout_z LPWSTR* psczGuid +) +{ + HRESULT hr = S_OK; + WCHAR wzGuid[39]; + + if (!::StringFromGUID2(rguid, wzGuid, countof(wzGuid))) + { + hr = E_OUTOFMEMORY; + ExitOnRootFailure(hr, "Failed to convert guid into string"); + } + + hr = StrAllocString(psczGuid, wzGuid, 0); + ExitOnFailure(hr, "Failed to copy guid"); + +LExit: + return hr; +} + +static HRESULT AddSniSslCert( + __in_z LPCWSTR /*wzId*/, + __in_z LPWSTR wzHost, + __in int iPort, + __in BYTE rgbCertificateThumbprint[], + __in DWORD cbCertificateThumbprint, + __in GUID* pAppId, + __in_z LPWSTR wzSslCertStore +) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_SSL_SNI_SET set = { }; + + SetSniSslCertSetKey(&set.KeyDesc, wzHost, iPort); + set.ParamDesc.SslHashLength = cbCertificateThumbprint; + set.ParamDesc.pSslHash = rgbCertificateThumbprint; + set.ParamDesc.AppId = *pAppId; + set.ParamDesc.pSslCertStoreName = wzSslCertStore; + + er = ::HttpSetServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &set, sizeof(set), NULL); + if (ERROR_ALREADY_EXISTS == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + + return hr; +} + +static HRESULT GetSniSslCert( + __in_z LPWSTR wzHost, + __in int nPort, + __out HTTP_SERVICE_CONFIG_SSL_SNI_SET** ppSet +) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_SSL_SNI_QUERY query = { }; + HTTP_SERVICE_CONFIG_SSL_SNI_SET* pSet = NULL; + ULONG cbSet = 0; + + *ppSet = NULL; + + query.QueryDesc = HttpServiceConfigQueryExact; + SetSniSslCertSetKey(&query.KeyDesc, wzHost, nPort); + + er = ::HttpQueryServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &query, sizeof(query), pSet, cbSet, &cbSet, NULL); + if (ERROR_INSUFFICIENT_BUFFER == er) + { + pSet = reinterpret_cast(MemAlloc(cbSet, TRUE)); + ExitOnNull(pSet, hr, E_OUTOFMEMORY, "Failed to allocate query SN SSL certificate buffer"); + + er = ::HttpQueryServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &query, sizeof(query), pSet, cbSet, &cbSet, NULL); + } + + if (ERROR_SUCCESS == er) + { + *ppSet = pSet; + pSet = NULL; + } + else if (ERROR_FILE_NOT_FOUND == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + +LExit: + ReleaseMem(pSet); + + return hr; +} + +static HRESULT RemoveSniSslCert( + __in_z LPCWSTR /*wzId*/, + __in_z LPWSTR wzHost, + __in int iPort +) +{ + HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; + HTTP_SERVICE_CONFIG_SSL_SNI_SET set = { }; + + SetSniSslCertSetKey(&set.KeyDesc, wzHost, iPort); + + er = ::HttpDeleteServiceConfiguration(NULL, HttpServiceConfigSslSniCertInfo, &set, sizeof(set), NULL); + if (ERROR_FILE_NOT_FOUND == er) + { + hr = S_FALSE; + } + else + { + hr = HRESULT_FROM_WIN32(er); + } + + return hr; +} + +static void SetSniSslCertSetKey( + __in HTTP_SERVICE_CONFIG_SSL_SNI_KEY* pKey, + __in_z LPWSTR wzHost, + __in int iPort +) +{ + pKey->Host = wzHost; + SOCKADDR_IN* pss = reinterpret_cast(&pKey->IpPort); + pss->sin_family = AF_INET; + pss->sin_port = htons(static_cast(iPort)); +} diff --git a/src/ca/wixhttpca.cpp b/src/ca/wixhttpca.cpp index 3c091192..0355f718 100644 --- a/src/ca/wixhttpca.cpp +++ b/src/ca/wixhttpca.cpp @@ -40,8 +40,6 @@ LPCWSTR vcsHttpUrlAceQuery = L"WHERE `WixHttpUrlAce`.`WixHttpUrlReservation_`=?"; enum eHttpUrlAceQuery { huaqSecurityPrincipal = 1, huaqRights }; -enum eHandleExisting { heReplace = 0, heIgnore = 1, heFail = 2 }; - /****************************************************************** SchedHttpUrlReservations - immediate custom action worker to prepare configuring URL reservations. @@ -348,6 +346,11 @@ extern "C" UINT __stdcall ExecHttpUrlReservations( ExitOnFailure(hr, "Failed to get CustomActionData."); WcaLog(LOGMSG_TRACEONLY, "CustomActionData: %ls", sczCustomActionData); + if (!sczCustomActionData || !*sczCustomActionData) + { + WcaLog(LOGMSG_STANDARD, "No URL reservations to be executed."); + } + wz = sczCustomActionData; while (wz && *wz) { @@ -388,7 +391,7 @@ extern "C" UINT __stdcall ExecHttpUrlReservations( { if (fRollback) { - WcaLogError(hr, "Failed to remove reservation for URL '%ls'", sczUrl); + WcaLogError(hr, "Failed to remove reservation for rollback for URL '%ls'", sczUrl); } else { @@ -396,6 +399,7 @@ extern "C" UINT __stdcall ExecHttpUrlReservations( } } } + if (fAdd) { WcaLog(LOGMSG_STANDARD, "Adding reservation for URL '%ls' with SDDL '%ls'", sczUrl, sczSDDL); @@ -408,7 +412,7 @@ extern "C" UINT __stdcall ExecHttpUrlReservations( { if (fRollback) { - WcaLogError(hr, "Failed to add reservation for URL '%ls' with SDDL '%ls'", sczUrl, sczSDDL); + WcaLogError(hr, "Failed to add reservation for rollback for URL '%ls' with SDDL '%ls'", sczUrl, sczSDDL); } else { diff --git a/src/ca/wixhttpca.def b/src/ca/wixhttpca.def index f7e3e004..281c5631 100644 --- a/src/ca/wixhttpca.def +++ b/src/ca/wixhttpca.def @@ -7,3 +7,6 @@ EXPORTS SchedHttpUrlReservationsInstall SchedHttpUrlReservationsUninstall ExecHttpUrlReservations + SchedHttpSniSslCertsInstall + SchedHttpSniSslCertsUninstall + ExecHttpSniSslCerts diff --git a/src/test/WixToolsetTest.Http/HttpExtensionFixture.cs b/src/test/WixToolsetTest.Http/HttpExtensionFixture.cs index d1a1f565..1d350bdf 100644 --- a/src/test/WixToolsetTest.Http/HttpExtensionFixture.cs +++ b/src/test/WixToolsetTest.Http/HttpExtensionFixture.cs @@ -9,6 +9,25 @@ namespace WixToolsetTest.Http public class HttpExtensionFixture { + [Fact] + public void CanBuildUsingSniSssl() + { + var folder = TestData.Get("TestData", "SniSsl"); + var build = new Builder(folder, typeof(HttpExtensionFactory), new[] { folder }); + + var results = build.BuildAndQuery(Build, "CustomAction", "WixHttpSniSslCert"); + WixAssert.CompareLineByLine(new[] + { + "CustomAction:Wix4ExecHttpSniSslCertsInstall_X86\t3073\tWix4HttpCA_X86\tExecHttpSniSslCerts\t", + "CustomAction:Wix4ExecHttpSniSslCertsUninstall_X86\t3073\tWix4HttpCA_X86\tExecHttpSniSslCerts\t", + "CustomAction:Wix4RollbackHttpSniSslCertsInstall_X86\t3329\tWix4HttpCA_X86\tExecHttpSniSslCerts\t", + "CustomAction:Wix4RollbackHttpSniSslCertsUninstall_X86\t3329\tWix4HttpCA_X86\tExecHttpSniSslCerts\t", + "CustomAction:Wix4SchedHttpSniSslCertsInstall_X86\t1\tWix4HttpCA_X86\tSchedHttpSniSslCertsInstall\t", + "CustomAction:Wix4SchedHttpSniSslCertsUninstall_X86\t1\tWix4HttpCA_X86\tSchedHttpSniSslCertsUninstall\t", + "WixHttpSniSslCert:sslC9YX6_H7UL_WGBx4DoDGI.Sj.D0\texample.com\t8080\t[SOME_THUMBPRINT]\t\t\t2\tfilF5_pLhBuF5b4N9XEo52g_hUM5Lo", + }, results); + } + [Fact] public void CanBuildUsingUrlReservation() { diff --git a/src/test/WixToolsetTest.Http/TestData/SniSsl/Package.en-us.wxl b/src/test/WixToolsetTest.Http/TestData/SniSsl/Package.en-us.wxl new file mode 100644 index 00000000..38c12ac1 --- /dev/null +++ b/src/test/WixToolsetTest.Http/TestData/SniSsl/Package.en-us.wxl @@ -0,0 +1,11 @@ + + + + + + A newer version of [ProductName] is already installed. + MsiPackage + + diff --git a/src/test/WixToolsetTest.Http/TestData/SniSsl/Package.wxs b/src/test/WixToolsetTest.Http/TestData/SniSsl/Package.wxs new file mode 100644 index 00000000..c85e9bba --- /dev/null +++ b/src/test/WixToolsetTest.Http/TestData/SniSsl/Package.wxs @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/src/test/WixToolsetTest.Http/TestData/SniSsl/PackageComponents.wxs b/src/test/WixToolsetTest.Http/TestData/SniSsl/PackageComponents.wxs new file mode 100644 index 00000000..f0aae485 --- /dev/null +++ b/src/test/WixToolsetTest.Http/TestData/SniSsl/PackageComponents.wxs @@ -0,0 +1,12 @@ + + + + + + + + + + + diff --git a/src/test/WixToolsetTest.Http/TestData/SniSsl/example.txt b/src/test/WixToolsetTest.Http/TestData/SniSsl/example.txt new file mode 100644 index 00000000..1b4ffe8a --- /dev/null +++ b/src/test/WixToolsetTest.Http/TestData/SniSsl/example.txt @@ -0,0 +1 @@ +This is example.txt. \ No newline at end of file diff --git a/src/wixext/HttpCompiler.cs b/src/wixext/HttpCompiler.cs index cb217147..6c572470 100644 --- a/src/wixext/HttpCompiler.cs +++ b/src/wixext/HttpCompiler.cs @@ -48,6 +48,10 @@ namespace WixToolset.Http switch (element.Name.LocalName) { + case "SniSslCertificate": + this.ParseSniSslCertificateElement(intermediate, section, element, componentId); + break; + case "UrlReservation": this.ParseUrlReservationElement(intermediate, section, element, componentId, null); break; @@ -62,6 +66,119 @@ namespace WixToolset.Http } } + /// + /// Parses a SniSsl element. + /// + /// The element to parse. + /// Identifier of the component that owns this SNI SSL Certificate. + private void ParseSniSslCertificateElement(Intermediate intermediate, IntermediateSection section, XElement node, string componentId) + { + var sourceLineNumbers = this.ParseHelper.GetSourceLineNumbers(node); + Identifier id = null; + string host = null; + string port = null; + string appId = null; + string store = null; + string thumbprint = null; + var handleExisting = HandleExisting.Replace; + string handleExistingValue = null; + + foreach (var attrib in node.Attributes()) + { + if (String.IsNullOrEmpty(attrib.Name.NamespaceName) || this.Namespace == attrib.Name.Namespace) + { + switch (attrib.Name.LocalName) + { + case "Id": + id = this.ParseHelper.GetAttributeIdentifier(sourceLineNumbers, attrib); + break; + case "AppId": + appId = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); + break; + case "HandleExisting": + handleExistingValue = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); + switch (handleExistingValue) + { + case "replace": + handleExisting = HandleExisting.Replace; + break; + case "ignore": + handleExisting = HandleExisting.Ignore; + break; + case "fail": + handleExisting = HandleExisting.Fail; + break; + default: + this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, node.Name.LocalName, "HandleExisting", handleExistingValue, "replace", "ignore", "fail")); + break; + } + break; + case "Host": + host = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); + break; + case "Port": + port = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); + break; + case "Store": + store = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); + break; + case "Thumbprint": + thumbprint = this.ParseHelper.GetAttributeValue(sourceLineNumbers, attrib); + break; + default: + this.ParseHelper.UnexpectedAttribute(node, attrib); + break; + } + } + else + { + this.ParseHelper.ParseExtensionAttribute(this.Context.Extensions, intermediate, section, node, attrib); + } + } + + // Need the element ID for child element processing, so generate now if not authored. + if (null == id) + { + id = this.ParseHelper.CreateIdentifier("ssl", componentId, host, port); + } + + // Required attributes. + if (null == host) + { + this.Messaging.Write(ErrorMessages.ExpectedAttribute(sourceLineNumbers, node.Name.LocalName, "Host")); + } + + if (null == port) + { + this.Messaging.Write(ErrorMessages.ExpectedAttribute(sourceLineNumbers, node.Name.LocalName, "Port")); + } + + if (null == thumbprint) + { + this.Messaging.Write(ErrorMessages.ExpectedAttribute(sourceLineNumbers, node.Name.LocalName, "Thumbprint")); + } + + // Parse unknown children. + this.ParseHelper.ParseForExtensionElements(this.Context.Extensions, intermediate, section, node); + + if (!this.Messaging.EncounteredError) + { + section.AddSymbol(new WixHttpSniSslCertSymbol(sourceLineNumbers, id) + { + Host = host, + Port = port, + Thumbprint = thumbprint, + AppId = appId, + Store = store, + HandleExisting = handleExisting, + ComponentRef = componentId, + }); + + this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix4SchedHttpSniSslCertsInstall", this.Context.Platform, CustomActionPlatforms.X86 | CustomActionPlatforms.X64 | CustomActionPlatforms.ARM64); + this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix4SchedHttpSniSslCertsUninstall", this.Context.Platform, CustomActionPlatforms.X86 | CustomActionPlatforms.X64 | CustomActionPlatforms.ARM64); + } + } + /// /// Parses a UrlReservation element. /// diff --git a/src/wixext/HttpTableDefinitions.cs b/src/wixext/HttpTableDefinitions.cs index 0665ce8d..83cd565a 100644 --- a/src/wixext/HttpTableDefinitions.cs +++ b/src/wixext/HttpTableDefinitions.cs @@ -6,6 +6,23 @@ namespace WixToolset.Http public static class HttpTableDefinitions { + public static readonly TableDefinition WixHttpSniSslCert = new TableDefinition( + "WixHttpSniSslCert", + HttpSymbolDefinitions.WixHttpSniSslCert, + new[] + { + new ColumnDefinition("WixHttpSniSslCert", ColumnType.String, 72, primaryKey: true, nullable: false, ColumnCategory.Identifier, description: "The non-localized primary key for the table.", modularizeType: ColumnModularizeType.Column), + new ColumnDefinition("Host", ColumnType.String, 0, primaryKey: false, nullable: false, ColumnCategory.Formatted, description: "Host for the SNI SSL certificate.", modularizeType: ColumnModularizeType.Property), + new ColumnDefinition("Port", ColumnType.String, 0, primaryKey: false, nullable: false, ColumnCategory.Formatted, description: "Port for the SNI SSL certificate.", modularizeType: ColumnModularizeType.Property), + new ColumnDefinition("Thumbprint", ColumnType.String, 0, primaryKey: false, nullable: false, ColumnCategory.Formatted, description: "humbprint of the SNI SSL certificate to find.", modularizeType: ColumnModularizeType.Property), + new ColumnDefinition("AppId", ColumnType.String, 0, primaryKey: false, nullable: true, ColumnCategory.Formatted, description: "Optional application id for the SNI SSL certificate.", modularizeType: ColumnModularizeType.Property), + new ColumnDefinition("Store", ColumnType.String, 0, primaryKey: false, nullable: true, ColumnCategory.Formatted, description: "Optional application id for the SNI SSL certificate.", modularizeType: ColumnModularizeType.Property), + new ColumnDefinition("HandleExisting", ColumnType.Number, 4, primaryKey: false, nullable: false, ColumnCategory.Unknown, minValue: 0, maxValue: 2, description: "The behavior when trying to install a SNI SSL certificate and it already exists."), + new ColumnDefinition("Component_", ColumnType.String, 72, primaryKey: false, nullable: false, ColumnCategory.Identifier, keyTable: "Component", keyColumn: 1, description: "Foreign key into the Component table referencing the component that controls the URL reservation.", modularizeType: ColumnModularizeType.Column), + }, + symbolIdIsPrimaryKey: true + ); + public static readonly TableDefinition WixHttpUrlReservation = new TableDefinition( "WixHttpUrlReservation", HttpSymbolDefinitions.WixHttpUrlReservation, @@ -35,6 +52,7 @@ namespace WixToolset.Http public static readonly TableDefinition[] All = new[] { + WixHttpSniSslCert, WixHttpUrlReservation, WixHttpUrlAce, }; diff --git a/src/wixext/Symbols/HttpSymbolDefinitions.cs b/src/wixext/Symbols/HttpSymbolDefinitions.cs index a6deb307..2aa03468 100644 --- a/src/wixext/Symbols/HttpSymbolDefinitions.cs +++ b/src/wixext/Symbols/HttpSymbolDefinitions.cs @@ -7,6 +7,7 @@ namespace WixToolset.Http public enum HttpSymbolDefinitionType { + WixHttpSniSslCert, WixHttpUrlAce, WixHttpUrlReservation, } @@ -29,6 +30,9 @@ namespace WixToolset.Http { switch (type) { + case HttpSymbolDefinitionType.WixHttpSniSslCert: + return HttpSymbolDefinitions.WixHttpSniSslCert; + case HttpSymbolDefinitionType.WixHttpUrlAce: return HttpSymbolDefinitions.WixHttpUrlAce; diff --git a/src/wixext/Symbols/WixHttpSniSslCertSymbol.cs b/src/wixext/Symbols/WixHttpSniSslCertSymbol.cs new file mode 100644 index 00000000..ec67a089 --- /dev/null +++ b/src/wixext/Symbols/WixHttpSniSslCertSymbol.cs @@ -0,0 +1,95 @@ +// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. + +namespace WixToolset.Http +{ + using WixToolset.Data; + using WixToolset.Http.Symbols; + + public static partial class HttpSymbolDefinitions + { + public static readonly IntermediateSymbolDefinition WixHttpSniSslCert = new IntermediateSymbolDefinition( + HttpSymbolDefinitionType.WixHttpSniSslCert.ToString(), + new[] + { + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.Host), IntermediateFieldType.String), + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.Port), IntermediateFieldType.String), + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.Thumbprint), IntermediateFieldType.String), + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.AppId), IntermediateFieldType.String), + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.Store), IntermediateFieldType.String), + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.HandleExisting), IntermediateFieldType.Number), + new IntermediateFieldDefinition(nameof(WixHttpSniSslCertSymbolFields.ComponentRef), IntermediateFieldType.String), + }, + typeof(WixHttpSniSslCertSymbol)); + } +} + +namespace WixToolset.Http.Symbols +{ + using WixToolset.Data; + + public enum WixHttpSniSslCertSymbolFields + { + Host, + Port, + Thumbprint, + AppId, + Store, + HandleExisting, + ComponentRef, + } + + public class WixHttpSniSslCertSymbol : IntermediateSymbol + { + public WixHttpSniSslCertSymbol() : base(HttpSymbolDefinitions.WixHttpSniSslCert, null, null) + { + } + + public WixHttpSniSslCertSymbol(SourceLineNumber sourceLineNumber, Identifier id = null) : base(HttpSymbolDefinitions.WixHttpSniSslCert, sourceLineNumber, id) + { + } + + public IntermediateField this[WixHttpSniSslCertSymbolFields index] => this.Fields[(int)index]; + + public string Host + { + get => this.Fields[(int)WixHttpSniSslCertSymbolFields.Host].AsString(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.Host, value); + } + + public string Port + { + get => this.Fields[(int)WixHttpSniSslCertSymbolFields.Port].AsString(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.Port, value); + } + + public string Thumbprint + { + get => this.Fields[(int)WixHttpSniSslCertSymbolFields.Thumbprint].AsString(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.Thumbprint, value); + } + + public string AppId + { + get => this.Fields[(int)WixHttpSniSslCertSymbolFields.AppId].AsString(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.AppId, value); + } + + public string Store + { + get => this.Fields[(int)WixHttpSniSslCertSymbolFields.Store].AsString(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.Store, value); + } + + public HandleExisting HandleExisting + { + get => (HandleExisting)this.Fields[(int)WixHttpSniSslCertSymbolFields.HandleExisting].AsNumber(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.HandleExisting, (int)value); + } + + public string ComponentRef + { + get => this.Fields[(int)WixHttpSniSslCertSymbolFields.ComponentRef].AsString(); + set => this.Set((int)WixHttpSniSslCertSymbolFields.ComponentRef, value); + } + } +} diff --git a/src/wixlib/HttpExtension_Platform.wxi b/src/wixlib/HttpExtension_Platform.wxi index 2d498862..4f4a9e23 100644 --- a/src/wixlib/HttpExtension_Platform.wxi +++ b/src/wixlib/HttpExtension_Platform.wxi @@ -31,6 +31,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/wixlib/en-us.wxl b/src/wixlib/en-us.wxl index b6c180ed..22d74f78 100644 --- a/src/wixlib/en-us.wxl +++ b/src/wixlib/en-us.wxl @@ -1,6 +1,5 @@  - Preparing to configure Windows HTTP Server Preparing to configure Windows HTTP Server @@ -8,4 +7,11 @@ Configuring Windows HTTP Server Rolling back Windows HTTP Server configuration Configuring Windows HTTP Server + + Preparing to configure Windows HTTP Server SSL + Preparing to configure Windows HTTP Server SSL + Rolling back Windows HTTP Server SSL configuration + Configuring Windows HTTP Server SSL + Rolling back Windows HTTP Server SSL configuration + Configuring Windows HTTP Server SSL -- cgit v1.2.3-55-g6feb