mirror of
https://github.com/rustdesk/rustdesk.git
synced 2024-12-14 03:36:59 +08:00
cert installation, add or replace cert store
Signed-off-by: dignow <linlong1265@gmail.com>
This commit is contained in:
parent
2a99cc3399
commit
d99ff80714
@ -1923,18 +1923,22 @@ pub fn uninstall_cert() -> ResultType<()> {
|
|||||||
mod cert {
|
mod cert {
|
||||||
use hbb_common::{allow_err, bail, log, ResultType};
|
use hbb_common::{allow_err, bail, log, ResultType};
|
||||||
use std::{path::Path, str::from_utf8};
|
use std::{path::Path, str::from_utf8};
|
||||||
use winapi::shared::{
|
use winapi::{
|
||||||
minwindef::{BYTE, DWORD, TRUE},
|
shared::{
|
||||||
|
minwindef::{BYTE, DWORD, FALSE, TRUE},
|
||||||
ntdef::NULL,
|
ntdef::NULL,
|
||||||
};
|
},
|
||||||
use winapi::um::{
|
um::{
|
||||||
errhandlingapi::GetLastError,
|
errhandlingapi::GetLastError,
|
||||||
wincrypt::{
|
wincrypt::{
|
||||||
CertCloseStore, CertEnumCertificatesInStore, CertNameToStrA, CertOpenSystemStoreA,
|
CertAddEncodedCertificateToStore, CertCloseStore, CertDeleteCertificateFromStore,
|
||||||
CryptHashCertificate, ALG_ID, CALG_SHA1, CERT_ID_SHA1_HASH, CERT_X500_NAME_STR,
|
CertEnumCertificatesInStore, CertNameToStrA, CertOpenSystemStoreW,
|
||||||
PCCERT_CONTEXT,
|
CryptHashCertificate, ALG_ID, CALG_SHA1, CERT_ID_SHA1_HASH,
|
||||||
|
CERT_STORE_ADD_REPLACE_EXISTING, CERT_X500_NAME_STR, PCCERT_CONTEXT,
|
||||||
|
X509_ASN_ENCODING,
|
||||||
},
|
},
|
||||||
winreg::HKEY_LOCAL_MACHINE,
|
winreg::HKEY_LOCAL_MACHINE,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
use winreg::{
|
use winreg::{
|
||||||
enums::{KEY_WRITE, REG_BINARY},
|
enums::{KEY_WRITE, REG_BINARY},
|
||||||
@ -1946,6 +1950,8 @@ mod cert {
|
|||||||
const THUMBPRINT_ALG: ALG_ID = CALG_SHA1;
|
const THUMBPRINT_ALG: ALG_ID = CALG_SHA1;
|
||||||
const THUMBPRINT_LEN: DWORD = 20;
|
const THUMBPRINT_LEN: DWORD = 20;
|
||||||
|
|
||||||
|
const CERT_ISSUER_1: &str = "CN=\"WDKTestCert admin,133225435702113567\"\0";
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
unsafe fn compute_thumbprint(pb_encoded: *const BYTE, cb_encoded: DWORD) -> (Vec<u8>, String) {
|
unsafe fn compute_thumbprint(pb_encoded: *const BYTE, cb_encoded: DWORD) -> (Vec<u8>, String) {
|
||||||
let mut size = THUMBPRINT_LEN;
|
let mut size = THUMBPRINT_LEN;
|
||||||
@ -2000,6 +2006,12 @@ mod cert {
|
|||||||
|
|
||||||
pub fn install_cert<P: AsRef<Path>>(path: P) -> ResultType<()> {
|
pub fn install_cert<P: AsRef<Path>>(path: P) -> ResultType<()> {
|
||||||
let mut cert_bytes = std::fs::read(path)?;
|
let mut cert_bytes = std::fs::read(path)?;
|
||||||
|
install_cert_reg(&mut cert_bytes)?;
|
||||||
|
install_cert_add_cert_store(&mut cert_bytes)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn install_cert_reg(cert_bytes: &mut [u8]) -> ResultType<()> {
|
||||||
unsafe {
|
unsafe {
|
||||||
let thumbprint = compute_thumbprint(cert_bytes.as_mut_ptr(), cert_bytes.len() as _);
|
let thumbprint = compute_thumbprint(cert_bytes.as_mut_ptr(), cert_bytes.len() as _);
|
||||||
log::debug!("Thumbprint of cert {}", &thumbprint.1);
|
log::debug!("Thumbprint of cert {}", &thumbprint.1);
|
||||||
@ -2008,25 +2020,56 @@ mod cert {
|
|||||||
let (cert_key, _) = reg_cert_key.create_subkey(&thumbprint.1)?;
|
let (cert_key, _) = reg_cert_key.create_subkey(&thumbprint.1)?;
|
||||||
let data = winreg::RegValue {
|
let data = winreg::RegValue {
|
||||||
vtype: REG_BINARY,
|
vtype: REG_BINARY,
|
||||||
bytes: create_cert_blob(thumbprint.0, cert_bytes),
|
bytes: create_cert_blob(thumbprint.0, cert_bytes.to_vec()),
|
||||||
};
|
};
|
||||||
cert_key.set_raw_value("Blob", &data)?;
|
cert_key.set_raw_value("Blob", &data)?;
|
||||||
}
|
}
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn install_cert_add_cert_store(cert_bytes: &mut [u8]) -> ResultType<()> {
|
||||||
|
unsafe {
|
||||||
|
let store_handle = CertOpenSystemStoreW(0 as _, "ROOT\0".as_ptr() as _);
|
||||||
|
if store_handle.is_null() {
|
||||||
|
bail!("Error opening certificate store: {}", GetLastError());
|
||||||
|
}
|
||||||
|
let mut cert_ctx: PCCERT_CONTEXT = std::ptr::null_mut();
|
||||||
|
if FALSE
|
||||||
|
== CertAddEncodedCertificateToStore(
|
||||||
|
store_handle,
|
||||||
|
X509_ASN_ENCODING,
|
||||||
|
cert_bytes.as_mut_ptr(),
|
||||||
|
cert_bytes.len() as _,
|
||||||
|
CERT_STORE_ADD_REPLACE_EXISTING,
|
||||||
|
&mut cert_ctx as _,
|
||||||
|
)
|
||||||
|
{
|
||||||
|
log::error!(
|
||||||
|
"Failed to call CertAddEncodedCertificateToStore: {}",
|
||||||
|
GetLastError()
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
log::info!("Add cert to store successfully");
|
||||||
|
}
|
||||||
|
|
||||||
|
CertCloseStore(store_handle, 0);
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
fn get_thumbprints_to_rm() -> ResultType<Vec<String>> {
|
fn get_thumbprints_to_rm() -> ResultType<Vec<String>> {
|
||||||
let issuers_to_rm = ["CN=\"WDKTestCert admin,133225435702113567\""];
|
let issuers_to_rm = [CERT_ISSUER_1];
|
||||||
|
|
||||||
let mut thumbprints = Vec::new();
|
let mut thumbprints = Vec::new();
|
||||||
let mut buf = [0u8; 1024];
|
let mut buf = [0u8; 1024];
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
let store_handle = CertOpenSystemStoreA(0 as _, "ROOT\0".as_ptr() as _);
|
let store_handle = CertOpenSystemStoreW(0 as _, "ROOT\0".as_ptr() as _);
|
||||||
if store_handle.is_null() {
|
if store_handle.is_null() {
|
||||||
bail!("Error opening certificate store: {}", GetLastError());
|
bail!("Error opening certificate store: {}", GetLastError());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let mut vec_ctx = Vec::new();
|
||||||
let mut cert_ctx: PCCERT_CONTEXT = CertEnumCertificatesInStore(store_handle, NULL as _);
|
let mut cert_ctx: PCCERT_CONTEXT = CertEnumCertificatesInStore(store_handle, NULL as _);
|
||||||
while !cert_ctx.is_null() {
|
while !cert_ctx.is_null() {
|
||||||
// https://stackoverflow.com/a/66432736
|
// https://stackoverflow.com/a/66432736
|
||||||
@ -2038,9 +2081,11 @@ mod cert {
|
|||||||
buf.len() as _,
|
buf.len() as _,
|
||||||
);
|
);
|
||||||
if cb_size != 1 {
|
if cb_size != 1 {
|
||||||
|
let mut add_ctx = false;
|
||||||
if let Ok(issuer) = from_utf8(&buf[..cb_size as _]) {
|
if let Ok(issuer) = from_utf8(&buf[..cb_size as _]) {
|
||||||
for iss in issuers_to_rm.iter() {
|
for iss in issuers_to_rm.iter() {
|
||||||
if issuer.contains(iss) {
|
if issuer == *iss {
|
||||||
|
add_ctx = true;
|
||||||
let (_, thumbprint) = compute_thumbprint(
|
let (_, thumbprint) = compute_thumbprint(
|
||||||
(*cert_ctx).pbCertEncoded,
|
(*cert_ctx).pbCertEncoded,
|
||||||
(*cert_ctx).cbCertEncoded,
|
(*cert_ctx).cbCertEncoded,
|
||||||
@ -2051,9 +2096,15 @@ mod cert {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if add_ctx {
|
||||||
|
vec_ctx.push(cert_ctx);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
cert_ctx = CertEnumCertificatesInStore(store_handle, cert_ctx);
|
cert_ctx = CertEnumCertificatesInStore(store_handle, cert_ctx);
|
||||||
}
|
}
|
||||||
|
for ctx in vec_ctx {
|
||||||
|
CertDeleteCertificateFromStore(ctx);
|
||||||
|
}
|
||||||
CertCloseStore(store_handle, 0);
|
CertCloseStore(store_handle, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2063,6 +2114,7 @@ mod cert {
|
|||||||
pub fn uninstall_cert() -> ResultType<()> {
|
pub fn uninstall_cert() -> ResultType<()> {
|
||||||
let thumbprints = get_thumbprints_to_rm()?;
|
let thumbprints = get_thumbprints_to_rm()?;
|
||||||
let reg_cert_key = unsafe { open_reg_cert_store()? };
|
let reg_cert_key = unsafe { open_reg_cert_store()? };
|
||||||
|
log::info!("Found {} certs to remove", thumbprints.len());
|
||||||
for thumbprint in thumbprints.iter() {
|
for thumbprint in thumbprints.iter() {
|
||||||
allow_err!(reg_cert_key.delete_subkey(thumbprint));
|
allow_err!(reg_cert_key.delete_subkey(thumbprint));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user