From 2f4287fdcee83b30e0f7f3ce548bcdff2ee85e1f Mon Sep 17 00:00:00 2001 From: Sean Hall Date: Mon, 3 May 2021 14:41:33 -0500 Subject: Bring back Burn's implementation of signature verification. partial #6447 --- src/burn/engine/payload.cpp | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'src/burn/engine/payload.cpp') diff --git a/src/burn/engine/payload.cpp b/src/burn/engine/payload.cpp index 392a3dd4..84c32eec 100644 --- a/src/burn/engine/payload.cpp +++ b/src/burn/engine/payload.cpp @@ -132,6 +132,28 @@ extern "C" HRESULT PayloadsParseFromXml( fValidFileSize = TRUE; } + // @CertificateAuthorityKeyIdentifier + hr = XmlGetAttributeEx(pixnNode, L"CertificateRootPublicKeyIdentifier", &scz); + if (E_NOTFOUND != hr) + { + ExitOnFailure(hr, "Failed to get @CertificateRootPublicKeyIdentifier."); + + hr = StrAllocHexDecode(scz, &pPayload->pbCertificateRootPublicKeyIdentifier, &pPayload->cbCertificateRootPublicKeyIdentifier); + ExitOnFailure(hr, "Failed to hex decode @CertificateRootPublicKeyIdentifier."); + + pPayload->verification = BURN_PAYLOAD_VERIFICATION_AUTHENTICODE; + } + + // @CertificateThumbprint + hr = XmlGetAttributeEx(pixnNode, L"CertificateRootThumbprint", &scz); + if (E_NOTFOUND != hr) + { + ExitOnFailure(hr, "Failed to get @CertificateRootThumbprint."); + + hr = StrAllocHexDecode(scz, &pPayload->pbCertificateRootThumbprint, &pPayload->cbCertificateRootThumbprint); + ExitOnFailure(hr, "Failed to hex decode @CertificateRootThumbprint."); + } + // @Hash hr = XmlGetAttributeEx(pixnNode, L"Hash", &scz); if (E_NOTFOUND != hr) @@ -191,6 +213,8 @@ extern "C" void PayloadUninitialize( ReleaseStr(pPayload->sczKey); ReleaseStr(pPayload->sczFilePath); ReleaseMem(pPayload->pbHash); + ReleaseMem(pPayload->pbCertificateRootThumbprint); + ReleaseMem(pPayload->pbCertificateRootPublicKeyIdentifier); ReleaseStr(pPayload->sczSourcePath); ReleaseStr(pPayload->sczLocalFilePath); ReleaseStr(pPayload->downloadSource.sczUrl); -- cgit v1.2.3-55-g6feb