3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * VBoxStub - VirtualBox's Windows installer stub (certificate manipulations).
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * NOTE: The content of this file is partly
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * grabbed from src/VBox/Additions/WINNT/tools/VBoxCertUtil.cpp
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Copyright (C) 2012 Oracle Corporation
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * available from http://www.virtualbox.org. This file is free software;
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * you can redistribute it and/or modify it under the terms of the GNU
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * General Public License (GPL) as published by the Free Software
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync/*******************************************************************************
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync* Header Files *
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync*******************************************************************************/
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Reads a certificate from a (const char []) buffer, returning a context
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * or a the handle to a temporary memory store.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @returns true on success, false on failure (error message written).
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param kpCertBuf The pointer to the buffer containing the
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * certificates.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param cbCertBuf Size of @param kpCertBuf in bytes.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param ppOutCtx Where to return the handle to the temporary
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * memory store.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsyncstatic bool readCertBuf(const unsigned char kpCertBuf[], DWORD cbCertBuf, PCCERT_CONTEXT *ppOutCtx)
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync *ppOutCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync return true;
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync return false;
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Opens a certificate store.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @returns true on success, false on failure (error message written).
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param dwDst The destination, like
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * CERT_SYSTEM_STORE_LOCAL_MACHINE or
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * CERT_SYSTEM_STORE_CURRENT_USER.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param pszStoreNm The store name.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsyncstatic HCERTSTORE openCertStore(DWORD dwDst, const char *pszStoreNm)
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Make sure CERT_STORE_OPEN_EXISTING_FLAG is not set. This causes Windows XP
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * to return ACCESS_DENIED when installing TrustedPublisher certificates via
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * CertAddCertificateContextToStore() if the TrustedPublisher store never has
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * been used (through certmgr.exe and friends) yet.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * According to MSDN, if neither CERT_STORE_OPEN_EXISTING_FLAG nor
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * CERT_STORE_CREATE_NEW_FLAG is set, the store will be either opened or
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * created accordingly.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Adds a certificate to a store.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @returns true on success, false on failure (error message written).
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param dwDst The destination, like
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * CERT_SYSTEM_STORE_LOCAL_MACHINE or
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * CERT_SYSTEM_STORE_CURRENT_USER.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param pszStoreNm The store name.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param kpCertBuf Buffer that contains a certificate
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * @param cbCertBuf Size of @param kpCertBuf in bytes
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsyncbool addCertToStore(DWORD dwDst, const char *pszStoreNm, const unsigned char kpCertBuf[], DWORD cbCertBuf)
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Get certificate from buffer.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync RTMsgError("Unable to get certificate context: %d", GetLastError());
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Open the certificates store.
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync HCERTSTORE hDstStore = openCertStore(dwDst, pszStoreNm);
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync * Finally, add certificate to store
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync if (CertAddCertificateContextToStore(hDstStore, pSrcCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync RTMsgError("Unable to install certificate: %d", GetLastError());
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync CertCloseStore(hDstStore, CERT_CLOSE_STORE_CHECK_FLAG);
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync RTMsgError("Unable to open certificates store: %d", GetLastError());
3a5ff19579e4b3e58a9cdea06fdab1fa6cc961d2vboxsync /* Release resources */