From 3e8b7eb4cb739be1881c621999616bc5bbbb0bdb Mon Sep 17 00:00:00 2001 From: Rob Mensching Date: Sun, 11 Apr 2021 14:41:50 -0700 Subject: Support non-vital certificate installs --- src/ca/scacertexec.cpp | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) (limited to 'src/ca/scacertexec.cpp') diff --git a/src/ca/scacertexec.cpp b/src/ca/scacertexec.cpp index 4bb4ef95..95870c79 100644 --- a/src/ca/scacertexec.cpp +++ b/src/ca/scacertexec.cpp @@ -23,6 +23,7 @@ static HRESULT InstallCertificatePackage( __in LPCWSTR wzName, __in_opt BYTE* rgbData, __in DWORD cbData, + __in BOOL fVital, __in_opt LPCWSTR wzPFXPassword ); @@ -32,6 +33,12 @@ static HRESULT UninstallCertificatePackage( __in LPCWSTR wzName ); +static HRESULT AddCertificate( + __in HCERTSTORE hStore, + __in PCCERT_CONTEXT pCertContext, + __in LPCWSTR wzCertificateUniqueName, + __in BOOL fVital +); /* **************************************************************** AddUserCertificate - CUSTOM ACTION ENTRY POINT for adding per-user @@ -185,7 +192,7 @@ static HRESULT ExecuteCertificateOperation( // CertAddCertificateContextToStore(CERT_STORE_ADD_REPLACE_EXISTING) does not remove the private key if the cert is replaced UninstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName); - hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, pwzPFXPassword); + hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, iAttributes & SCA_CERT_ATTRIBUTE_VITAL, pwzPFXPassword); ExitOnFailure(hr, "Failed to install certificate."); } else @@ -226,6 +233,7 @@ static HRESULT InstallCertificatePackage( __in LPCWSTR wzName, __in_opt BYTE* rgbData, __in DWORD cbData, + __in BOOL fVital, __in_opt LPCWSTR wzPFXPassword ) { @@ -273,8 +281,7 @@ static HRESULT InstallCertificatePackage( pCertContext; pCertContext = ::CertEnumCertificatesInStore(hPfxCertStore, pCertContext)) { - WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName); - hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName); + hr = AddCertificate(hStore, pCertContext, pwzUniqueName, fVital); MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); hr = StrAllocFormatted(&pwzUniqueName, L"%s_wixCert_%d", wzName, ++iUniqueId); @@ -289,8 +296,7 @@ static HRESULT InstallCertificatePackage( } else { - WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName); - hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName); + hr = AddCertificate(hStore, pCertContext, pwzUniqueName, fVital); MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); } @@ -402,3 +408,24 @@ LExit: return hr; } + +static HRESULT AddCertificate( + __in HCERTSTORE hStore, + __in PCCERT_CONTEXT pCertContext, + __in LPCWSTR wzCertificateUniqueName, + __in BOOL fVital +) +{ + HRESULT hr = S_OK; + + WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", wzCertificateUniqueName); + + hr = CertInstallSingleCertificate(hStore, pCertContext, wzCertificateUniqueName); + if (FAILED(hr) && !fVital) + { + WcaLog(LOGMSG_STANDARD, "Could not add non-vital certificate: %ls due to error: 0x%x, continuing...", wzCertificateUniqueName, hr); + hr = S_FALSE; + } + + return hr; +} -- cgit v1.2.3-55-g6feb