summaryrefslogtreecommitdiffstats
path: root/other-licenses/nsis/Contrib/CertCheck/CertCheck.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'other-licenses/nsis/Contrib/CertCheck/CertCheck.cpp')
-rw-r--r--other-licenses/nsis/Contrib/CertCheck/CertCheck.cpp411
1 files changed, 411 insertions, 0 deletions
diff --git a/other-licenses/nsis/Contrib/CertCheck/CertCheck.cpp b/other-licenses/nsis/Contrib/CertCheck/CertCheck.cpp
new file mode 100644
index 0000000000..e79f19a615
--- /dev/null
+++ b/other-licenses/nsis/Contrib/CertCheck/CertCheck.cpp
@@ -0,0 +1,411 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <windows.h>
+#include <softpub.h>
+#include <wintrust.h>
+
+#pragma comment(lib, "wintrust.lib")
+#pragma comment(lib, "crypt32.lib")
+
+#ifndef UNICODE
+#error "This file only supports building in Unicode mode"
+#endif
+
+static const int ENCODING = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
+
+// The definitions for NSPIM, the callback typedef, and
+// extra_parameters all come from the NSIS plugin API source.
+enum NSPIM
+{
+ NSPIM_UNLOAD,
+ NSPIM_GUIUNLOAD,
+};
+
+typedef UINT_PTR(*NSISPLUGINCALLBACK)(enum NSPIM);
+
+struct extra_parameters
+{
+ // The real type of exec_flags is exec_flags_t*, which is a large struct
+ // whose definition is omitted here because this plugin doesn't need it.
+ void* exec_flags;
+ int (__stdcall *ExecuteCodeSegment)(int, HWND);
+ void (__stdcall *validate_filename)(TCHAR*);
+ int (__stdcall *RegisterPluginCallback)(HMODULE, NSISPLUGINCALLBACK);
+};
+
+typedef struct _stack_t {
+ struct _stack_t *next;
+ TCHAR text[MAX_PATH];
+} stack_t;
+
+int popstring(stack_t **stacktop, LPTSTR str, int len);
+void pushstring(stack_t **stacktop, LPCTSTR str, int len);
+
+struct CertificateCheckInfo
+{
+ wchar_t filePath[MAX_PATH];
+ wchar_t name[MAX_PATH];
+ wchar_t issuer[MAX_PATH];
+};
+
+static HINSTANCE gHInst;
+static HANDLE gCheckThread;
+static HANDLE gCheckEvent;
+static bool gCheckTrustPassed;
+static bool gCheckAttributesPassed;
+
+// We need a plugin callback not only to clean up our thread, but also
+// because registering a callback prevents NSIS from unloading the DLL
+// after each call from the script.
+UINT_PTR __cdecl
+NSISPluginCallback(NSPIM event)
+{
+ if (event == NSPIM_UNLOAD){
+ if (gCheckThread != NULL &&
+ WaitForSingleObject(gCheckThread, 0) != WAIT_OBJECT_0) {
+ TerminateThread(gCheckThread, ERROR_OPERATION_ABORTED);
+ }
+ CloseHandle(gCheckThread);
+ gCheckThread = NULL;
+ CloseHandle(gCheckEvent);
+ gCheckEvent = NULL;
+ }
+ return NULL;
+}
+
+/**
+ * Checks to see if a file stored at filePath matches the specified info. This
+ * only supports the name and issuer attributes currently.
+ *
+ * @param certContext The certificate context of the file
+ * @param infoToMatch The acceptable information to match
+ * @return FALSE if the info does not match or if any error occurs in the check
+ */
+BOOL
+DoCertificateAttributesMatch(PCCERT_CONTEXT certContext,
+ CertificateCheckInfo* infoToMatch)
+{
+ DWORD dwData;
+ LPTSTR szName = NULL;
+
+ // Pass in NULL to get the needed size of the issuer buffer.
+ dwData = CertGetNameString(certContext,
+ CERT_NAME_SIMPLE_DISPLAY_TYPE,
+ CERT_NAME_ISSUER_FLAG, NULL,
+ NULL, 0);
+
+ if (!dwData) {
+ return FALSE;
+ }
+
+ // Allocate memory for Issuer name buffer.
+ szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR));
+ if (!szName) {
+ return FALSE;
+ }
+
+ // Get Issuer name.
+ if (!CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
+ CERT_NAME_ISSUER_FLAG, NULL, szName, dwData)) {
+ LocalFree(szName);
+ return FALSE;
+ }
+
+ // If the issuer does not match, return a failure.
+ if (!infoToMatch->issuer ||
+ wcscmp(szName, infoToMatch->issuer)) {
+ LocalFree(szName);
+ return FALSE;
+ }
+
+ LocalFree(szName);
+ szName = NULL;
+
+ // Pass in NULL to get the needed size of the name buffer.
+ dwData = CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
+ 0, NULL, NULL, 0);
+ if (!dwData) {
+ return FALSE;
+ }
+
+ // Allocate memory for the name buffer.
+ szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR));
+ if (!szName) {
+ return FALSE;
+ }
+
+ // Obtain the name.
+ if (!(CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
+ NULL, szName, dwData))) {
+ LocalFree(szName);
+ return FALSE;
+ }
+
+ // If the issuer does not match, return a failure.
+ if (!infoToMatch->name ||
+ wcscmp(szName, infoToMatch->name)) {
+ LocalFree(szName);
+ return FALSE;
+ }
+
+ // We have a match!
+ LocalFree(szName);
+
+ // If there were any errors we would have aborted by now.
+ return TRUE;
+}
+
+/**
+ * Checks to see if a file's signing cert matches the specified info. This
+ * only supports the name and issuer attributes currently.
+ *
+ * @param info The acceptable information to match
+ * @return ERROR_SUCCESS if successful, ERROR_NOT_FOUND if the info
+ * does not match, or the last error otherwise.
+ */
+DWORD
+CheckCertificateInfoForPEFile(CertificateCheckInfo* info)
+{
+ HCERTSTORE certStore = NULL;
+ HCRYPTMSG cryptMsg = NULL;
+ PCCERT_CONTEXT certContext = NULL;
+ PCMSG_SIGNER_INFO signerInfo = NULL;
+ DWORD lastError = ERROR_SUCCESS;
+
+ // Get the HCERTSTORE and HCRYPTMSG from the signed file.
+ DWORD encoding, contentType, formatType;
+ BOOL result = CryptQueryObject(CERT_QUERY_OBJECT_FILE,
+ info->filePath,
+ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
+ CERT_QUERY_CONTENT_FLAG_ALL,
+ 0, &encoding, &contentType,
+ &formatType, &certStore, &cryptMsg, NULL);
+ if (!result) {
+ lastError = GetLastError();
+ goto cleanup;
+ }
+
+ // Pass in NULL to get the needed signer information size.
+ DWORD signerInfoSize;
+ result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,
+ NULL, &signerInfoSize);
+ if (!result) {
+ lastError = GetLastError();
+ goto cleanup;
+ }
+
+ // Allocate the needed size for the signer information.
+ signerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, signerInfoSize);
+ if (!signerInfo) {
+ lastError = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the signer information (PCMSG_SIGNER_INFO).
+ // In particular we want the issuer and serial number.
+ result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,
+ (PVOID)signerInfo, &signerInfoSize);
+ if (!result) {
+ lastError = GetLastError();
+ goto cleanup;
+ }
+
+ // Search for the signer certificate in the certificate store.
+ CERT_INFO certInfo;
+ certInfo.Issuer = signerInfo->Issuer;
+ certInfo.SerialNumber = signerInfo->SerialNumber;
+ certContext = CertFindCertificateInStore(certStore, ENCODING, 0,
+ CERT_FIND_SUBJECT_CERT,
+ (PVOID)&certInfo, NULL);
+ if (!certContext) {
+ lastError = GetLastError();
+ goto cleanup;
+ }
+
+ if (!DoCertificateAttributesMatch(certContext, info)) {
+ lastError = ERROR_NOT_FOUND;
+ goto cleanup;
+ }
+
+cleanup:
+ if (signerInfo) {
+ LocalFree(signerInfo);
+ }
+ if (certContext) {
+ CertFreeCertificateContext(certContext);
+ }
+ if (certStore) {
+ CertCloseStore(certStore, 0);
+ }
+ if (cryptMsg) {
+ CryptMsgClose(cryptMsg);
+ }
+ return lastError;
+}
+
+/**
+ * Verifies the trust of a signed file's certificate.
+ *
+ * @param filePath The file path to check.
+ * @return ERROR_SUCCESS if successful, or the last error code otherwise.
+ */
+DWORD
+VerifyCertificateTrustForFile(LPCWSTR filePath)
+{
+ // Setup the file to check.
+ WINTRUST_FILE_INFO fileToCheck;
+ ZeroMemory(&fileToCheck, sizeof(fileToCheck));
+ fileToCheck.cbStruct = sizeof(WINTRUST_FILE_INFO);
+ fileToCheck.pcwszFilePath = filePath;
+
+ // Setup what to check, we want to check it is signed and trusted.
+ WINTRUST_DATA trustData;
+ // ZeroMemory should be fine here, but the compiler converts that into a
+ // call to memset, and we're avoiding the C runtime to keep file size down.
+ SecureZeroMemory(&trustData, sizeof(trustData));
+ trustData.cbStruct = sizeof(trustData);
+ trustData.dwUIChoice = WTD_UI_NONE;
+ trustData.dwUnionChoice = WTD_CHOICE_FILE;
+ trustData.pFile = &fileToCheck;
+
+ GUID policyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
+ // Check if the file is signed by something that is trusted.
+ LONG ret = WinVerifyTrust(NULL, &policyGUID, &trustData);
+ return ret;
+}
+
+/**
+ * Synchronously verifies the trust and attributes of a signed PE file.
+ * Meant to be invoked as a thread entry point from CheckPETrustAndInfoAsync.
+ */
+DWORD WINAPI
+VerifyCertThreadProc(void* info)
+{
+ CertificateCheckInfo* certInfo = (CertificateCheckInfo*)info;
+
+ if (VerifyCertificateTrustForFile(certInfo->filePath) == ERROR_SUCCESS) {
+ gCheckTrustPassed = true;
+ }
+
+ if (CheckCertificateInfoForPEFile(certInfo) == ERROR_SUCCESS) {
+ gCheckAttributesPassed = true;
+ }
+
+ LocalFree(info);
+ SetEvent(gCheckEvent);
+ return 0;
+}
+
+/**
+ * Verifies the trust and the attributes of a signed PE file's certificate on
+* a separate thread. Returns immediately upon starting that thread.
+ * Call GetStatus (repeatedly if necessary) to get the result of the checks.
+ *
+ * @param stacktop A pointer to the NSIS stack.
+ * From the top down, the stack should contain:
+ * 1) the path to the file that will have its trust verified
+ * 2) the expected certificate subject common name
+ * 3) the expected certificate issuer common name
+ */
+extern "C" void __declspec(dllexport)
+CheckPETrustAndInfoAsync(HWND, int, TCHAR*, stack_t **stacktop, extra_parameters* pX)
+{
+ pX->RegisterPluginCallback(gHInst, NSISPluginCallback);
+
+ gCheckTrustPassed = false;
+ gCheckAttributesPassed = false;
+ gCheckThread = nullptr;
+
+ CertificateCheckInfo* certInfo =
+ (CertificateCheckInfo*)LocalAlloc(0, sizeof(CertificateCheckInfo));
+ if (certInfo) {
+ popstring(stacktop, certInfo->filePath, MAX_PATH);
+ popstring(stacktop, certInfo->name, MAX_PATH);
+ popstring(stacktop, certInfo->issuer, MAX_PATH);
+
+ gCheckThread = CreateThread(nullptr, 0, VerifyCertThreadProc,
+ (void*)certInfo, 0, nullptr);
+ }
+ if (!gCheckThread) {
+ LocalFree(certInfo);
+ SetEvent(gCheckEvent);
+ }
+}
+
+/**
+ * Returns the result of a certificate check on the NSIS stack.
+ *
+ * If the check is not yet finished, will push "0" to the stack.
+ * If the check is finished, the top of the stack will be "1", followed by:
+ * "1" if the certificate is trusted by the system, "0" if not. Then:
+ * "1" if the certificate attributes matched those provided, "0" if not.
+ */
+extern "C" void __declspec(dllexport)
+GetStatus(HWND, int, TCHAR*, stack_t **stacktop, void*)
+{
+ if (WaitForSingleObject(gCheckEvent, 0) == WAIT_OBJECT_0) {
+ pushstring(stacktop, gCheckAttributesPassed ? L"1" : L"0", 2);
+ pushstring(stacktop, gCheckTrustPassed ? L"1" : L"0", 2);
+ pushstring(stacktop, L"1", 2);
+ } else {
+ pushstring(stacktop, L"0", 2);
+ }
+}
+
+BOOL WINAPI
+DllMain(HINSTANCE hInst, DWORD fdwReason, LPVOID)
+{
+ if (fdwReason == DLL_PROCESS_ATTACH) {
+ gHInst = hInst;
+ gCheckEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
+ }
+ return TRUE;
+}
+
+/**
+ * Removes an element from the top of the NSIS stack
+ *
+ * @param stacktop A pointer to the top of the stack
+ * @param str The string to pop to
+ * @param len The max length
+ * @return 0 on success
+*/
+int popstring(stack_t **stacktop, LPTSTR str, int len)
+{
+ // Removes the element from the top of the stack and puts it in the buffer
+ stack_t *th;
+ if (!stacktop || !*stacktop) {
+ return 1;
+ }
+
+ th = (*stacktop);
+ lstrcpyn(str,th->text, len);
+ *stacktop = th->next;
+ GlobalFree((HGLOBAL)th);
+ return 0;
+}
+
+/**
+ * Adds an element to the top of the NSIS stack
+ *
+ * @param stacktop A pointer to the top of the stack
+ * @param str The string to push on the stack
+ * @param len The length of the string to push on the stack
+ * @return 0 on success
+*/
+void pushstring(stack_t **stacktop, LPCTSTR str, int len)
+{
+ stack_t *th;
+ if (!stacktop) {
+ return;
+ }
+
+ th = (stack_t*)GlobalAlloc(GPTR, sizeof(stack_t) + len);
+ lstrcpyn(th->text, str, len);
+ th->next = *stacktop;
+ *stacktop = th;
+}