From 3e8b7eb4cb739be1881c621999616bc5bbbb0bdb Mon Sep 17 00:00:00 2001 From: Rob Mensching Date: Sun, 11 Apr 2021 14:41:50 -0700 Subject: Support non-vital certificate installs --- src/ca/scacert.cpp | 5 ++++- src/ca/scacert.h | 1 + src/ca/scacertexec.cpp | 37 ++++++++++++++++++++++++++++++++----- src/wixext/IIsCompiler.cs | 12 +++++++++++- 4 files changed, 48 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/ca/scacert.cpp b/src/ca/scacert.cpp index cf979ee7..5eae905a 100644 --- a/src/ca/scacert.cpp +++ b/src/ca/scacert.cpp @@ -244,7 +244,7 @@ static HRESULT ConfigureCertificates( ExitOnFailure(hr, "Failed to pass Certificate.Certificate to deferred CustomAction."); hr = WcaWriteStringToCaData(pwzStoreName, &pwzCaData); ExitOnFailure(hr, "Failed to pass Certificate.StoreName to deferred CustomAction."); - hr = WcaWriteIntegerToCaData(SCA_CERT_ATTRIBUTE_BINARYDATA, &pwzCaData); + hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCaData); ExitOnFailure(hr, "Failed to pass Certificate.Attributes to deferred CustomAction."); // Copy the rollback data from the deferred data because it's the same up to this point. @@ -268,6 +268,9 @@ static HRESULT ConfigureCertificates( hr = WcaWriteStringToCaData(pwzPFXPassword, &pwzRollbackCaData); ExitOnFailure(hr, "Failed to pass Certificate.PFXPassword to rollback CustomAction."); + + hr = WcaWriteIntegerToCaData(dwAttributes, &pwzCaData); + ExitOnFailure(hr, "Failed to pass Certificate.Attributes to deferred CustomAction."); } // Pick the right action to run based on what store we're uninstalling from. diff --git a/src/ca/scacert.h b/src/ca/scacert.h index baa6fb8e..39b00d3d 100644 --- a/src/ca/scacert.h +++ b/src/ca/scacert.h @@ -11,6 +11,7 @@ enum SCA_CERT_ATTRIBUTES SCA_CERT_ATTRIBUTE_REQUEST = 1, SCA_CERT_ATTRIBUTE_BINARYDATA = 2, SCA_CERT_ATTRIBUTE_OVERWRITE = 4, + SCA_CERT_ATTRIBUTE_VITAL = 8, }; diff --git a/src/ca/scacertexec.cpp b/src/ca/scacertexec.cpp index 4bb4ef95..95870c79 100644 --- a/src/ca/scacertexec.cpp +++ b/src/ca/scacertexec.cpp @@ -23,6 +23,7 @@ static HRESULT InstallCertificatePackage( __in LPCWSTR wzName, __in_opt BYTE* rgbData, __in DWORD cbData, + __in BOOL fVital, __in_opt LPCWSTR wzPFXPassword ); @@ -32,6 +33,12 @@ static HRESULT UninstallCertificatePackage( __in LPCWSTR wzName ); +static HRESULT AddCertificate( + __in HCERTSTORE hStore, + __in PCCERT_CONTEXT pCertContext, + __in LPCWSTR wzCertificateUniqueName, + __in BOOL fVital +); /* **************************************************************** AddUserCertificate - CUSTOM ACTION ENTRY POINT for adding per-user @@ -185,7 +192,7 @@ static HRESULT ExecuteCertificateOperation( // CertAddCertificateContextToStore(CERT_STORE_ADD_REPLACE_EXISTING) does not remove the private key if the cert is replaced UninstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName); - hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, pwzPFXPassword); + hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, iAttributes & SCA_CERT_ATTRIBUTE_VITAL, pwzPFXPassword); ExitOnFailure(hr, "Failed to install certificate."); } else @@ -226,6 +233,7 @@ static HRESULT InstallCertificatePackage( __in LPCWSTR wzName, __in_opt BYTE* rgbData, __in DWORD cbData, + __in BOOL fVital, __in_opt LPCWSTR wzPFXPassword ) { @@ -273,8 +281,7 @@ static HRESULT InstallCertificatePackage( pCertContext; pCertContext = ::CertEnumCertificatesInStore(hPfxCertStore, pCertContext)) { - WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName); - hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName); + hr = AddCertificate(hStore, pCertContext, pwzUniqueName, fVital); MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); hr = StrAllocFormatted(&pwzUniqueName, L"%s_wixCert_%d", wzName, ++iUniqueId); @@ -289,8 +296,7 @@ static HRESULT InstallCertificatePackage( } else { - WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName); - hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName); + hr = AddCertificate(hStore, pCertContext, pwzUniqueName, fVital); MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store."); } @@ -402,3 +408,24 @@ LExit: return hr; } + +static HRESULT AddCertificate( + __in HCERTSTORE hStore, + __in PCCERT_CONTEXT pCertContext, + __in LPCWSTR wzCertificateUniqueName, + __in BOOL fVital +) +{ + HRESULT hr = S_OK; + + WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", wzCertificateUniqueName); + + hr = CertInstallSingleCertificate(hStore, pCertContext, wzCertificateUniqueName); + if (FAILED(hr) && !fVital) + { + WcaLog(LOGMSG_STANDARD, "Could not add non-vital certificate: %ls due to error: 0x%x, continuing...", wzCertificateUniqueName, hr); + hr = S_FALSE; + } + + return hr; +} diff --git a/src/wixext/IIsCompiler.cs b/src/wixext/IIsCompiler.cs index 952a4a67..cb573ad1 100644 --- a/src/wixext/IIsCompiler.cs +++ b/src/wixext/IIsCompiler.cs @@ -140,7 +140,7 @@ namespace WixToolset.Iis { var sourceLineNumbers = this.ParseHelper.GetSourceLineNumbers(element); Identifier id = null; - int attributes = 0; + int attributes = 8; // SCA_CERT_ATTRIBUTE_VITAL string binaryRef = null; string certificatePath = null; string name = null; @@ -244,6 +244,16 @@ namespace WixToolset.Iis } } break; + case "Vital": + if (YesNoType.Yes == this.ParseHelper.GetAttributeYesNoValue(sourceLineNumbers, attrib)) + { + attributes |= 8; // SCA_CERT_ATTRIBUTE_VITAL + } + else + { + attributes &= ~8; // SCA_CERT_ATTRIBUTE_VITAL + } + break; default: this.ParseHelper.UnexpectedAttribute(element, attrib); break; -- cgit v1.2.3-55-g6feb