Commit | Line | Data |
---|---|---|
9663f942 JL |
1 | /* |
2 | * Copyright 2007 Juan Lang | |
3 | * | |
4 | * This library is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU Lesser General Public | |
6 | * License as published by the Free Software Foundation; either | |
7 | * version 2.1 of the License, or (at your option) any later version. | |
8 | * | |
9 | * This library is distributed in the hope that it will be useful, | |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
12 | * Lesser General Public License for more details. | |
13 | * | |
14 | * You should have received a copy of the GNU Lesser General Public | |
15 | * License along with this library; if not, write to the Free Software | |
16 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA | |
17 | */ | |
18 | #include "config.h" | |
19 | #include <stdarg.h> | |
20 | #include <stdio.h> | |
9663f942 | 21 | #include <sys/types.h> |
9663f942 JL |
22 | #ifdef HAVE_SYS_STAT_H |
23 | #include <sys/stat.h> | |
24 | #endif | |
25 | #include <dirent.h> | |
26 | #include <fcntl.h> | |
27 | #ifdef HAVE_UNISTD_H | |
28 | #include <unistd.h> | |
29 | #endif | |
30 | #include <errno.h> | |
9ddc872a | 31 | #include <limits.h> |
9663f942 JL |
32 | #include "ntstatus.h" |
33 | #define WIN32_NO_STATUS | |
34 | #include "windef.h" | |
35 | #include "winbase.h" | |
36 | #include "winreg.h" | |
37 | #include "wincrypt.h" | |
38 | #include "winternl.h" | |
39 | #include "wine/debug.h" | |
40 | #include "crypt32_private.h" | |
41 | ||
42 | WINE_DEFAULT_DEBUG_CHANNEL(crypt); | |
43 | ||
44 | #define INITIAL_CERT_BUFFER 1024 | |
45 | ||
46 | struct DynamicBuffer | |
47 | { | |
48 | DWORD allocated; | |
49 | DWORD used; | |
50 | BYTE *data; | |
51 | }; | |
52 | ||
53 | static inline void reset_buffer(struct DynamicBuffer *buffer) | |
54 | { | |
55 | buffer->used = 0; | |
56 | if (buffer->data) buffer->data[0] = 0; | |
57 | } | |
58 | ||
59 | static BOOL add_line_to_buffer(struct DynamicBuffer *buffer, LPCSTR line) | |
60 | { | |
61 | BOOL ret; | |
62 | ||
63 | if (buffer->used + strlen(line) + 1 > buffer->allocated) | |
64 | { | |
65 | if (!buffer->allocated) | |
66 | { | |
67 | buffer->data = CryptMemAlloc(INITIAL_CERT_BUFFER); | |
68 | if (buffer->data) | |
69 | { | |
70 | buffer->data[0] = 0; | |
71 | buffer->allocated = INITIAL_CERT_BUFFER; | |
72 | } | |
73 | } | |
74 | else | |
75 | { | |
76 | DWORD new_size = max(buffer->allocated * 2, | |
77 | buffer->used + strlen(line) + 1); | |
78 | ||
79 | buffer->data = CryptMemRealloc(buffer->data, new_size); | |
80 | if (buffer->data) | |
81 | buffer->allocated = new_size; | |
82 | } | |
83 | } | |
84 | if (buffer->data) | |
85 | { | |
86 | strcpy((char *)buffer->data + strlen((char *)buffer->data), line); | |
87 | /* Not strlen + 1, otherwise we'd count the NULL for every line's | |
88 | * addition (but we overwrite the previous NULL character.) Not an | |
89 | * overrun, we allocate strlen + 1 bytes above. | |
90 | */ | |
91 | buffer->used += strlen(line); | |
92 | ret = TRUE; | |
93 | } | |
94 | else | |
95 | ret = FALSE; | |
96 | return ret; | |
97 | } | |
98 | ||
99 | /* Reads any base64-encoded certificates present in fp and adds them to store. | |
4c8e2182 | 100 | * Returns TRUE if any certificates were successfully imported. |
9663f942 JL |
101 | */ |
102 | static BOOL import_base64_certs_from_fp(FILE *fp, HCERTSTORE store) | |
103 | { | |
104 | char line[1024]; | |
105 | BOOL in_cert = FALSE; | |
106 | struct DynamicBuffer saved_cert = { 0, 0, NULL }; | |
107 | int num_certs = 0; | |
108 | ||
109 | TRACE("\n"); | |
110 | while (fgets(line, sizeof(line), fp)) | |
111 | { | |
112 | static const char header[] = "-----BEGIN CERTIFICATE-----"; | |
113 | static const char trailer[] = "-----END CERTIFICATE-----"; | |
114 | ||
115 | if (!strncmp(line, header, strlen(header))) | |
116 | { | |
117 | TRACE("begin new certificate\n"); | |
118 | in_cert = TRUE; | |
119 | reset_buffer(&saved_cert); | |
120 | } | |
121 | else if (!strncmp(line, trailer, strlen(trailer))) | |
122 | { | |
123 | DWORD size; | |
124 | ||
125 | TRACE("end of certificate, adding cert\n"); | |
126 | in_cert = FALSE; | |
127 | if (CryptStringToBinaryA((char *)saved_cert.data, saved_cert.used, | |
128 | CRYPT_STRING_BASE64, NULL, &size, NULL, NULL)) | |
129 | { | |
130 | LPBYTE buf = CryptMemAlloc(size); | |
131 | ||
132 | if (buf) | |
133 | { | |
134 | CryptStringToBinaryA((char *)saved_cert.data, | |
135 | saved_cert.used, CRYPT_STRING_BASE64, buf, &size, NULL, | |
136 | NULL); | |
137 | if (CertAddEncodedCertificateToStore(store, | |
138 | X509_ASN_ENCODING, buf, size, CERT_STORE_ADD_NEW, NULL)) | |
139 | num_certs++; | |
f19086e9 | 140 | CryptMemFree(buf); |
9663f942 JL |
141 | } |
142 | } | |
143 | } | |
144 | else if (in_cert) | |
145 | add_line_to_buffer(&saved_cert, line); | |
146 | } | |
147 | CryptMemFree(saved_cert.data); | |
148 | TRACE("Read %d certs\n", num_certs); | |
149 | return num_certs > 0; | |
150 | } | |
151 | ||
152 | static const char *trust_status_to_str(DWORD status) | |
153 | { | |
154 | static char buf[1024]; | |
155 | int pos = 0; | |
156 | ||
157 | if (status & CERT_TRUST_IS_NOT_TIME_VALID) | |
158 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\texpired"); | |
159 | if (status & CERT_TRUST_IS_NOT_TIME_NESTED) | |
160 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad time nesting"); | |
161 | if (status & CERT_TRUST_IS_REVOKED) | |
162 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\trevoked"); | |
163 | if (status & CERT_TRUST_IS_NOT_SIGNATURE_VALID) | |
164 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad signature"); | |
165 | if (status & CERT_TRUST_IS_NOT_VALID_FOR_USAGE) | |
166 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad usage"); | |
167 | if (status & CERT_TRUST_IS_UNTRUSTED_ROOT) | |
168 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tuntrusted root"); | |
169 | if (status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN) | |
170 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
171 | "\n\tunknown revocation status"); | |
172 | if (status & CERT_TRUST_IS_CYCLIC) | |
173 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tcyclic chain"); | |
174 | if (status & CERT_TRUST_INVALID_EXTENSION) | |
175 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
176 | "\n\tunsupported critical extension"); | |
177 | if (status & CERT_TRUST_INVALID_POLICY_CONSTRAINTS) | |
178 | pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad policy"); | |
179 | if (status & CERT_TRUST_INVALID_BASIC_CONSTRAINTS) | |
180 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
181 | "\n\tbad basic constraints"); | |
182 | if (status & CERT_TRUST_INVALID_NAME_CONSTRAINTS) | |
183 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
184 | "\n\tbad name constraints"); | |
185 | if (status & CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT) | |
186 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
187 | "\n\tunsuported name constraint"); | |
188 | if (status & CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT) | |
189 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
190 | "\n\tundefined name constraint"); | |
191 | if (status & CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT) | |
192 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
193 | "\n\tdisallowed name constraint"); | |
194 | if (status & CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT) | |
195 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
196 | "\n\texcluded name constraint"); | |
197 | if (status & CERT_TRUST_IS_OFFLINE_REVOCATION) | |
198 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
199 | "\n\trevocation server offline"); | |
200 | if (status & CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY) | |
201 | pos += snprintf(buf + pos, sizeof(buf) - pos, | |
202 | "\n\tno issuance policy"); | |
203 | return buf; | |
204 | } | |
205 | ||
206 | static const char *get_cert_common_name(PCCERT_CONTEXT cert) | |
207 | { | |
208 | static char buf[1024]; | |
209 | const char *name = NULL; | |
210 | CERT_NAME_INFO *nameInfo; | |
211 | DWORD size; | |
212 | BOOL ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, | |
213 | cert->pCertInfo->Subject.pbData, cert->pCertInfo->Subject.cbData, | |
214 | CRYPT_DECODE_NOCOPY_FLAG | CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, | |
215 | &size); | |
216 | ||
217 | if (ret) | |
218 | { | |
219 | PCERT_RDN_ATTR commonName = CertFindRDNAttr(szOID_COMMON_NAME, | |
220 | nameInfo); | |
221 | ||
222 | if (commonName) | |
223 | { | |
224 | CertRDNValueToStrA(commonName->dwValueType, | |
225 | &commonName->Value, buf, sizeof(buf)); | |
226 | name = buf; | |
227 | } | |
228 | LocalFree(nameInfo); | |
229 | } | |
230 | return name; | |
231 | } | |
232 | ||
233 | static void check_and_store_certs(HCERTSTORE from, HCERTSTORE to) | |
234 | { | |
9663f942 | 235 | DWORD root_count = 0; |
e94ce8a0 JL |
236 | CERT_CHAIN_ENGINE_CONFIG chainEngineConfig = |
237 | { sizeof(chainEngineConfig), 0 }; | |
238 | HCERTCHAINENGINE engine; | |
9663f942 JL |
239 | |
240 | TRACE("\n"); | |
241 | ||
e94ce8a0 JL |
242 | CertDuplicateStore(to); |
243 | engine = CRYPT_CreateChainEngine(to, &chainEngineConfig); | |
244 | if (engine) | |
245 | { | |
246 | PCCERT_CONTEXT cert = NULL; | |
9663f942 | 247 | |
e94ce8a0 JL |
248 | do { |
249 | cert = CertEnumCertificatesInStore(from, cert); | |
250 | if (cert) | |
9663f942 JL |
251 | { |
252 | CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } }; | |
253 | PCCERT_CHAIN_CONTEXT chain; | |
254 | BOOL ret = CertGetCertificateChain(engine, cert, NULL, from, | |
255 | &chainPara, 0, NULL, &chain); | |
256 | ||
257 | if (!ret) | |
258 | TRACE("rejecting %s: %s\n", get_cert_common_name(cert), | |
259 | "chain creation failed"); | |
260 | else | |
261 | { | |
262 | /* The only allowed error is CERT_TRUST_IS_UNTRUSTED_ROOT */ | |
263 | if (chain->TrustStatus.dwErrorStatus & | |
264 | ~CERT_TRUST_IS_UNTRUSTED_ROOT) | |
265 | TRACE("rejecting %s: %s\n", get_cert_common_name(cert), | |
266 | trust_status_to_str(chain->TrustStatus.dwErrorStatus & | |
267 | ~CERT_TRUST_IS_UNTRUSTED_ROOT)); | |
268 | else | |
269 | { | |
270 | DWORD i, j; | |
271 | ||
272 | for (i = 0; i < chain->cChain; i++) | |
273 | for (j = 0; j < chain->rgpChain[i]->cElement; j++) | |
274 | if (CertAddCertificateContextToStore(to, | |
275 | chain->rgpChain[i]->rgpElement[j]->pCertContext, | |
276 | CERT_STORE_ADD_NEW, NULL)) | |
277 | root_count++; | |
278 | } | |
e94ce8a0 | 279 | CertFreeCertificateChain(chain); |
9663f942 | 280 | } |
9663f942 | 281 | } |
e94ce8a0 JL |
282 | } while (cert); |
283 | CertFreeCertificateChainEngine(engine); | |
284 | } | |
9663f942 JL |
285 | TRACE("Added %d root certificates\n", root_count); |
286 | } | |
287 | ||
288 | /* Reads the file fd, and imports any certificates in it into store. | |
289 | * Returns TRUE if any certificates were successfully imported. | |
290 | */ | |
291 | static BOOL import_certs_from_file(int fd, HCERTSTORE store) | |
292 | { | |
293 | BOOL ret = FALSE; | |
294 | FILE *fp; | |
295 | ||
296 | TRACE("\n"); | |
297 | ||
298 | fp = fdopen(fd, "r"); | |
299 | if (fp) | |
300 | { | |
301 | ret = import_base64_certs_from_fp(fp, store); | |
302 | fclose(fp); | |
303 | } | |
304 | return ret; | |
305 | } | |
306 | ||
307 | static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store, | |
308 | BOOL allow_dir); | |
309 | ||
310 | /* Opens path, which must be a directory, and imports certificates from every | |
311 | * file in the directory into store. | |
312 | * Returns TRUE if any certificates were successfully imported. | |
313 | */ | |
314 | static BOOL import_certs_from_dir(LPCSTR path, HCERTSTORE store) | |
315 | { | |
316 | BOOL ret = FALSE; | |
317 | DIR *dir; | |
318 | ||
319 | TRACE("(%s, %p)\n", debugstr_a(path), store); | |
320 | ||
321 | dir = opendir(path); | |
322 | if (dir) | |
323 | { | |
324 | size_t bufsize = strlen(path) + 1 + PATH_MAX + 1; | |
325 | char *filebuf = CryptMemAlloc(bufsize); | |
326 | ||
327 | if (filebuf) | |
328 | { | |
329 | struct dirent *entry; | |
330 | while ((entry = readdir(dir))) | |
331 | { | |
332 | if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, "..")) | |
333 | { | |
334 | snprintf(filebuf, bufsize, "%s/%s", path, entry->d_name); | |
335 | if (import_certs_from_path(filebuf, store, FALSE) && !ret) | |
336 | ret = TRUE; | |
337 | } | |
338 | } | |
339 | closedir(dir); | |
340 | CryptMemFree(filebuf); | |
341 | } | |
342 | } | |
343 | return ret; | |
344 | } | |
345 | ||
346 | /* Opens path, which may be a file or a directory, and imports any certificates | |
347 | * it finds into store. | |
348 | * Returns TRUE if any certificates were successfully imported. | |
349 | */ | |
350 | static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store, | |
351 | BOOL allow_dir) | |
352 | { | |
353 | BOOL ret = FALSE; | |
354 | int fd; | |
355 | ||
356 | TRACE("(%s, %p, %d)\n", debugstr_a(path), store, allow_dir); | |
357 | ||
358 | fd = open(path, O_RDONLY); | |
359 | if (fd != -1) | |
360 | { | |
361 | struct stat st; | |
362 | ||
363 | if (fstat(fd, &st) == 0) | |
364 | { | |
365 | if (S_ISREG(st.st_mode)) | |
366 | ret = import_certs_from_file(fd, store); | |
367 | else if (S_ISDIR(st.st_mode)) | |
368 | { | |
369 | if (allow_dir) | |
370 | ret = import_certs_from_dir(path, store); | |
371 | else | |
372 | WARN("%s is a directory and directories are disallowed\n", | |
373 | debugstr_a(path)); | |
374 | } | |
375 | else | |
376 | ERR("%s: invalid file type\n", path); | |
377 | } | |
378 | close(fd); | |
379 | } | |
380 | return ret; | |
381 | } | |
382 | ||
383 | static BOOL WINAPI CRYPT_RootWriteCert(HCERTSTORE hCertStore, | |
384 | PCCERT_CONTEXT cert, DWORD dwFlags) | |
385 | { | |
386 | /* The root store can't have certs added */ | |
387 | return FALSE; | |
388 | } | |
389 | ||
390 | static BOOL WINAPI CRYPT_RootDeleteCert(HCERTSTORE hCertStore, | |
391 | PCCERT_CONTEXT cert, DWORD dwFlags) | |
392 | { | |
393 | /* The root store can't have certs deleted */ | |
394 | return FALSE; | |
395 | } | |
396 | ||
397 | static BOOL WINAPI CRYPT_RootWriteCRL(HCERTSTORE hCertStore, | |
398 | PCCRL_CONTEXT crl, DWORD dwFlags) | |
399 | { | |
400 | /* The root store can have CRLs added. At worst, a malicious application | |
401 | * can DoS itself, as the changes aren't persisted in any way. | |
402 | */ | |
403 | return TRUE; | |
404 | } | |
405 | ||
406 | static BOOL WINAPI CRYPT_RootDeleteCRL(HCERTSTORE hCertStore, | |
407 | PCCRL_CONTEXT crl, DWORD dwFlags) | |
408 | { | |
409 | /* The root store can't have CRLs deleted */ | |
410 | return FALSE; | |
411 | } | |
412 | ||
413 | static void *rootProvFuncs[] = { | |
414 | NULL, /* CERT_STORE_PROV_CLOSE_FUNC */ | |
415 | NULL, /* CERT_STORE_PROV_READ_CERT_FUNC */ | |
416 | CRYPT_RootWriteCert, | |
417 | CRYPT_RootDeleteCert, | |
418 | NULL, /* CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC */ | |
419 | NULL, /* CERT_STORE_PROV_READ_CRL_FUNC */ | |
420 | CRYPT_RootWriteCRL, | |
421 | CRYPT_RootDeleteCRL, | |
422 | NULL, /* CERT_STORE_PROV_SET_CRL_PROPERTY_FUNC */ | |
423 | NULL, /* CERT_STORE_PROV_READ_CTL_FUNC */ | |
424 | NULL, /* CERT_STORE_PROV_WRITE_CTL_FUNC */ | |
425 | NULL, /* CERT_STORE_PROV_DELETE_CTL_FUNC */ | |
426 | NULL, /* CERT_STORE_PROV_SET_CTL_PROPERTY_FUNC */ | |
427 | NULL, /* CERT_STORE_PROV_CONTROL_FUNC */ | |
428 | }; | |
429 | ||
430 | static const char * const CRYPT_knownLocations[] = { | |
431 | "/etc/ssl/certs/ca-certificates.crt", | |
432 | "/etc/ssl/certs", | |
433 | "/etc/pki/tls/certs/ca-bundle.crt", | |
434 | }; | |
435 | ||
e459ac84 JL |
436 | static const BYTE authenticode[] = { |
437 | 0x30,0x82,0x03,0xd6,0x30,0x82,0x02,0xbe,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, | |
438 | 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, | |
439 | 0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0d, | |
440 | 0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31,0x32,0x30, | |
441 | 0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66, | |
442 | 0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,0x28,0x74, | |
443 | 0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74, | |
444 | 0x79,0x30,0x1e,0x17,0x0d,0x39,0x35,0x30,0x31,0x30,0x31,0x30,0x38,0x30,0x30,0x30, | |
445 | 0x31,0x5a,0x17,0x0d,0x39,0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39, | |
446 | 0x5a,0x30,0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, | |
447 | 0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31, | |
448 | 0x32,0x30,0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73, | |
449 | 0x6f,0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65, | |
450 | 0x28,0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72, | |
451 | 0x69,0x74,0x79,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, | |
452 | 0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02, | |
453 | 0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,0x64,0x9b,0xf5,0x89,0xaf,0x28, | |
454 | 0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,0xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce, | |
455 | 0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,0x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32, | |
456 | 0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,0xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09, | |
457 | 0xc9,0x2c,0x6f,0xa6,0xc2,0x60,0x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2, | |
458 | 0x59,0x56,0x24,0xf3,0xe5,0x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a, | |
459 | 0x71,0x50,0x1d,0x2d,0xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32, | |
460 | 0x07,0xe1,0x61,0x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b, | |
461 | 0xd1,0x3e,0x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1, | |
462 | 0x94,0xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb, | |
463 | 0x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,0x8e, | |
464 | 0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,0xbd,0x3d, | |
465 | 0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,0x61,0x98,0x65, | |
466 | 0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,0x63,0xa9,0x30,0x40, | |
467 | 0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,0x0b,0x87,0xff,0xc9,0xbe, | |
468 | 0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,0x09,0x88,0x7b,0xcd,0x72,0xbc, | |
469 | 0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xba,0x30,0x81,0xb7,0x30, | |
470 | 0x0d,0x06,0x03,0x55,0x1d,0x0a,0x04,0x06,0x30,0x04,0x03,0x02,0x07,0x80,0x30,0x32, | |
471 | 0x06,0x03,0x55,0x04,0x03,0x04,0x2b,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, | |
472 | 0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,0x28, | |
473 | 0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69, | |
474 | 0x74,0x79,0x30,0x72,0x06,0x03,0x55,0x1d,0x01,0x04,0x6b,0x30,0x69,0x80,0x10,0x1a, | |
475 | 0x1b,0xe7,0x5b,0x9f,0xfd,0x8c,0x2a,0xc3,0x39,0xae,0x0c,0x62,0x2e,0x53,0x32,0xa1, | |
476 | 0x52,0x30,0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, | |
477 | 0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31, | |
478 | 0x32,0x30,0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73, | |
479 | 0x6f,0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65, | |
480 | 0x28,0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72, | |
481 | 0x69,0x74,0x79,0x82,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, | |
482 | 0x01,0x01,0x04,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x2d,0xc9,0xe2,0xf6,0x12,0x9e, | |
483 | 0x5d,0x56,0x67,0xfa,0xfa,0x4b,0x9a,0x7e,0xdc,0x29,0x56,0x5c,0x80,0x14,0x02,0x28, | |
484 | 0x85,0x6e,0x26,0xf3,0xcd,0x58,0xda,0x50,0x80,0xc5,0xf8,0x19,0xb3,0xa6,0x7c,0xe2, | |
485 | 0x9d,0x6b,0x5f,0x3b,0x8f,0x22,0x74,0xe6,0x18,0x04,0xfc,0x47,0x40,0xd8,0x7a,0x3f, | |
486 | 0x30,0x66,0xf0,0x12,0xa4,0xd1,0xeb,0x1d,0xe7,0xb6,0xf4,0x98,0xab,0x53,0x22,0x86, | |
487 | 0x51,0x58,0xee,0x23,0x09,0x76,0xe4,0x1d,0x45,0x5c,0x4b,0xff,0x4c,0xe3,0x02,0x50, | |
488 | 0x01,0x13,0xcc,0x41,0xa4,0x52,0x97,0xd4,0x86,0xd5,0xc4,0xfe,0x83,0x83,0x65,0x7d, | |
489 | 0xea,0xbe,0xa2,0x68,0x3b,0xc1,0xb1,0x29,0x98,0xbf,0xa2,0xa5,0xfc,0x9d,0xd3,0x84, | |
490 | 0xee,0x70,0x17,0x50,0xf3,0x0b,0xfa,0x3c,0xef,0xa9,0x27,0x8b,0x91,0xb4,0x48,0xc8, | |
491 | 0x45,0xa0,0xe1,0x01,0x42,0x4b,0x44,0x76,0x04,0x1c,0xc2,0x19,0xa2,0x8e,0x6b,0x20, | |
492 | 0x98,0xc4,0xdd,0x02,0xac,0xb4,0xd2,0xa2,0x0e,0x8d,0x5d,0xb9,0x36,0x8e,0x4a,0x1b, | |
493 | 0x5d,0x6c,0x1a,0xe2,0xcb,0x00,0x7f,0x10,0xf4,0xb2,0x95,0xef,0xe3,0xe8,0xff,0xa1, | |
494 | 0x73,0x58,0xa9,0x75,0x2c,0xa2,0x49,0x95,0x85,0xfe,0xcc,0xda,0x44,0x8a,0xc2,0x12, | |
495 | 0x44,0xd2,0x44,0xc8,0xa5,0xa2,0x1f,0xa9,0x5a,0x8e,0x56,0xc2,0xc3,0x7b,0xcf,0x42, | |
496 | 0x60,0xdc,0x82,0x1f,0xfb,0xce,0x74,0x06,0x7e,0xd6,0xf1,0xac,0x19,0x6a,0x4f,0x74, | |
497 | 0x5c,0xc5,0x15,0x66,0x31,0x6c,0xc1,0x62,0x71,0x91,0x0f,0x59,0x5b,0x7d,0x2a,0x82, | |
498 | 0x1a,0xdf,0xb1,0xb4,0xd8,0x1d,0x37,0xde,0x0d,0x0f }; | |
499 | static const BYTE rootauthority[] = { | |
500 | 0x30,0x82,0x04,0x12,0x30,0x82,0x02,0xfa,0xa0,0x03,0x02,0x01,0x02,0x02,0x0f,0x00, | |
501 | 0xc1,0x00,0x8b,0x3c,0x3c,0x88,0x11,0xd1,0x3e,0xf6,0x63,0xec,0xdf,0x40,0x30,0x0d, | |
502 | 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x70,0x31, | |
503 | 0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79,0x72,0x69, | |
504 | 0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d,0x69,0x63, | |
505 | 0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e,0x30,0x1c, | |
506 | 0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74, | |
507 | 0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f, | |
508 | 0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74, | |
509 | 0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30, | |
510 | 0x1e,0x17,0x0d,0x39,0x37,0x30,0x31,0x31,0x30,0x30,0x37,0x30,0x30,0x30,0x30,0x5a, | |
511 | 0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x30,0x37,0x30,0x30,0x30,0x30,0x5a,0x30, | |
512 | 0x70,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79, | |
513 | 0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d, | |
514 | 0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e, | |
515 | 0x30,0x1c,0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, | |
516 | 0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21, | |
517 | 0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, | |
518 | 0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74, | |
519 | 0x79,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, | |
520 | 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01, | |
521 | 0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,0x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78, | |
522 | 0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,0x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d, | |
523 | 0xa2,0x20,0x3e,0x7c,0x51,0xa2,0x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79, | |
524 | 0xee,0xac,0x76,0xc9,0x54,0xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3, | |
525 | 0xc5,0x6b,0x7a,0x62,0x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf, | |
526 | 0x2d,0x66,0x9a,0x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1, | |
527 | 0x46,0xe7,0x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3, | |
528 | 0x84,0x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9, | |
529 | 0x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,0x2b, | |
530 | 0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,0x87,0xf7, | |
531 | 0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,0xbf,0x3a,0xec, | |
532 | 0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,0xcc,0x96,0x09,0x28, | |
533 | 0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,0x3c,0x56,0xff,0x5b,0xfb, | |
534 | 0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,0xb6,0x3b,0x5e,0x16,0x81,0x77, | |
535 | 0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,0xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c, | |
536 | 0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,0xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13, | |
537 | 0x85,0xdf,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xa8,0x30,0x81,0xa5,0x30,0x81,0xa2, | |
538 | 0x06,0x03,0x55,0x1d,0x01,0x04,0x81,0x9a,0x30,0x81,0x97,0x80,0x10,0x5b,0xd0,0x70, | |
539 | 0xef,0x69,0x72,0x9e,0x23,0x51,0x7e,0x14,0xb2,0x4d,0x8e,0xff,0xcb,0xa1,0x72,0x30, | |
540 | 0x70,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79, | |
541 | 0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d, | |
542 | 0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e, | |
543 | 0x30,0x1c,0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, | |
544 | 0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21, | |
545 | 0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, | |
546 | 0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74, | |
547 | 0x79,0x82,0x0f,0x00,0xc1,0x00,0x8b,0x3c,0x3c,0x88,0x11,0xd1,0x3e,0xf6,0x63,0xec, | |
548 | 0xdf,0x40,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05, | |
549 | 0x00,0x03,0x82,0x01,0x01,0x00,0x95,0xe8,0x0b,0xc0,0x8d,0xf3,0x97,0x18,0x35,0xed, | |
550 | 0xb8,0x01,0x24,0xd8,0x77,0x11,0xf3,0x5c,0x60,0x32,0x9f,0x9e,0x0b,0xcb,0x3e,0x05, | |
551 | 0x91,0x88,0x8f,0xc9,0x3a,0xe6,0x21,0xf2,0xf0,0x57,0x93,0x2c,0xb5,0xa0,0x47,0xc8, | |
552 | 0x62,0xef,0xfc,0xd7,0xcc,0x3b,0x3b,0x5a,0xa9,0x36,0x54,0x69,0xfe,0x24,0x6d,0x3f, | |
553 | 0xc9,0xcc,0xaa,0xde,0x05,0x7c,0xdd,0x31,0x8d,0x3d,0x9f,0x10,0x70,0x6a,0xbb,0xfe, | |
554 | 0x12,0x4f,0x18,0x69,0xc0,0xfc,0xd0,0x43,0xe3,0x11,0x5a,0x20,0x4f,0xea,0x62,0x7b, | |
555 | 0xaf,0xaa,0x19,0xc8,0x2b,0x37,0x25,0x2d,0xbe,0x65,0xa1,0x12,0x8a,0x25,0x0f,0x63, | |
556 | 0xa3,0xf7,0x54,0x1c,0xf9,0x21,0xc9,0xd6,0x15,0xf3,0x52,0xac,0x6e,0x43,0x32,0x07, | |
557 | 0xfd,0x82,0x17,0xf8,0xe5,0x67,0x6c,0x0d,0x51,0xf6,0xbd,0xf1,0x52,0xc7,0xbd,0xe7, | |
558 | 0xc4,0x30,0xfc,0x20,0x31,0x09,0x88,0x1d,0x95,0x29,0x1a,0x4d,0xd5,0x1d,0x02,0xa5, | |
559 | 0xf1,0x80,0xe0,0x03,0xb4,0x5b,0xf4,0xb1,0xdd,0xc8,0x57,0xee,0x65,0x49,0xc7,0x52, | |
560 | 0x54,0xb6,0xb4,0x03,0x28,0x12,0xff,0x90,0xd6,0xf0,0x08,0x8f,0x7e,0xb8,0x97,0xc5, | |
561 | 0xab,0x37,0x2c,0xe4,0x7a,0xe4,0xa8,0x77,0xe3,0x76,0xa0,0x00,0xd0,0x6a,0x3f,0xc1, | |
562 | 0xd2,0x36,0x8a,0xe0,0x41,0x12,0xa8,0x35,0x6a,0x1b,0x6a,0xdb,0x35,0xe1,0xd4,0x1c, | |
563 | 0x04,0xe4,0xa8,0x45,0x04,0xc8,0x5a,0x33,0x38,0x6e,0x4d,0x1c,0x0d,0x62,0xb7,0x0a, | |
564 | 0xa2,0x8c,0xd3,0xd5,0x54,0x3f,0x46,0xcd,0x1c,0x55,0xa6,0x70,0xdb,0x12,0x3a,0x87, | |
565 | 0x93,0x75,0x9f,0xa7,0xd2,0xa0 }; | |
566 | static const BYTE rootcertauthority[] = { | |
567 | 0x30,0x82,0x05,0x99,0x30,0x82,0x03,0x81,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,0x79, | |
568 | 0xad,0x16,0xa1,0x4a,0xa0,0xa5,0xad,0x4c,0x73,0x58,0xf4,0x07,0x13,0x2e,0x65,0x30, | |
569 | 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x5f, | |
570 | 0x31,0x13,0x30,0x11,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x19, | |
571 | 0x16,0x03,0x63,0x6f,0x6d,0x31,0x19,0x30,0x17,0x06,0x0a,0x09,0x92,0x26,0x89,0x93, | |
572 | 0xf2,0x2c,0x64,0x01,0x19,0x16,0x09,0x6d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74, | |
573 | 0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x13,0x24,0x4d,0x69,0x63,0x72,0x6f, | |
574 | 0x73,0x6f,0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66, | |
575 | 0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30, | |
576 | 0x1e,0x17,0x0d,0x30,0x31,0x30,0x35,0x30,0x39,0x32,0x33,0x31,0x39,0x32,0x32,0x5a, | |
577 | 0x17,0x0d,0x32,0x31,0x30,0x35,0x30,0x39,0x32,0x33,0x32,0x38,0x31,0x33,0x5a,0x30, | |
578 | 0x5f,0x31,0x13,0x30,0x11,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01, | |
579 | 0x19,0x16,0x03,0x63,0x6f,0x6d,0x31,0x19,0x30,0x17,0x06,0x0a,0x09,0x92,0x26,0x89, | |
580 | 0x93,0xf2,0x2c,0x64,0x01,0x19,0x16,0x09,0x6d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66, | |
581 | 0x74,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x13,0x24,0x4d,0x69,0x63,0x72, | |
582 | 0x6f,0x73,0x6f,0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x65,0x72,0x74,0x69, | |
583 | 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79, | |
584 | 0x30,0x82,0x02,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, | |
585 | 0x01,0x05,0x00,0x03,0x82,0x02,0x0f,0x00,0x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01, | |
586 | 0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,0x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35, | |
587 | 0x08,0x3c,0x75,0x84,0xcd,0xb7,0x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa, | |
588 | 0x91,0x68,0x5a,0x9e,0x94,0x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94, | |
589 | 0x0e,0x58,0xfa,0x04,0x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b, | |
590 | 0x93,0xe5,0x9d,0x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e, | |
591 | 0xe1,0x09,0x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3, | |
592 | 0xae,0x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7, | |
593 | 0xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,0xe4, | |
594 | 0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,0x91,0xb4, | |
595 | 0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,0x6d,0xaf,0x90, | |
596 | 0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,0xb7,0xe1,0x11,0x60, | |
597 | 0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,0xd5,0xc3,0x7e,0xe5,0x92, | |
598 | 0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,0xf3,0xb5,0x6e,0xf8,0x9f,0x33, | |
599 | 0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,0xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3, | |
600 | 0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,0x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12, | |
601 | 0x33,0x95,0x31,0x99,0xc8,0x35,0x08,0x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63, | |
602 | 0x32,0x59,0x40,0x36,0xc0,0xa5,0x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58, | |
603 | 0xbf,0xef,0x3f,0x53,0x64,0xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04, | |
604 | 0x4d,0x9e,0xd6,0x38,0x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5, | |
605 | 0x4b,0x6f,0xb0,0x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3, | |
606 | 0x61,0xb9,0x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f, | |
607 | 0x28,0x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc, | |
608 | 0x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,0xdb, | |
609 | 0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,0xce,0x53, | |
610 | 0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,0x90,0xdf,0x81, | |
611 | 0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,0x31,0xbb,0x06,0x2d, | |
612 | 0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,0xeb,0x15,0xd5,0x24,0xa5, | |
613 | 0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,0x5b,0xfc,0xd1,0x33,0x00,0xf9, | |
614 | 0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,0x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b, | |
615 | 0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,0xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde, | |
616 | 0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,0x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04, | |
617 | 0x26,0x7c,0xd4,0x16,0x40,0xe5,0xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1, | |
618 | 0x35,0x02,0x03,0x01,0x00,0x01,0xa3,0x51,0x30,0x4f,0x30,0x0b,0x06,0x03,0x55,0x1d, | |
619 | 0x0f,0x04,0x04,0x03,0x02,0x01,0xc6,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, | |
620 | 0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04, | |
621 | 0x16,0x04,0x14,0x0e,0xac,0x82,0x60,0x40,0x56,0x27,0x97,0xe5,0x25,0x13,0xfc,0x2a, | |
622 | 0xe1,0x0a,0x53,0x95,0x59,0xe4,0xa4,0x30,0x10,0x06,0x09,0x2b,0x06,0x01,0x04,0x01, | |
623 | 0x82,0x37,0x15,0x01,0x04,0x03,0x02,0x01,0x00,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, | |
624 | 0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x02,0x01,0x00,0xc5,0x11,0x4d, | |
625 | 0x03,0x3a,0x60,0xdd,0x5d,0x52,0x11,0x77,0x8f,0xb2,0xbb,0x36,0xc8,0xb2,0x05,0xbf, | |
626 | 0xb4,0xb7,0xa8,0xd8,0x20,0x9d,0x5c,0x13,0x03,0xb6,0x1c,0x22,0xfa,0x06,0x13,0x35, | |
627 | 0xb6,0xc8,0x63,0xd4,0x9a,0x47,0x6f,0x26,0x57,0xd2,0x55,0xf1,0x04,0xb1,0x26,0x5f, | |
628 | 0xd6,0xa9,0x50,0x68,0xa0,0xbc,0xd2,0xb8,0x6e,0xcc,0xc3,0xe9,0xac,0xdf,0x19,0xcd, | |
629 | 0x78,0xac,0x59,0x74,0xac,0x66,0x34,0x36,0xc4,0x1b,0x3e,0x6c,0x38,0x4c,0x33,0x0e, | |
630 | 0x30,0x12,0x0d,0xa3,0x26,0xfe,0x51,0x53,0x00,0xff,0xaf,0x5a,0x4e,0x84,0x0d,0x0f, | |
631 | 0x1f,0xe4,0x6d,0x05,0x2e,0x4e,0x85,0x4b,0x8d,0x6c,0x33,0x6f,0x54,0xd2,0x64,0xab, | |
632 | 0xbf,0x50,0xaf,0x7d,0x7a,0x39,0xa0,0x37,0xed,0x63,0x03,0x0f,0xfc,0x13,0x06,0xce, | |
633 | 0x16,0x36,0xd4,0x54,0x3b,0x95,0x1b,0x51,0x62,0x3a,0xe5,0x4d,0x17,0xd4,0x05,0x39, | |
634 | 0x92,0x9a,0x27,0xa8,0x5b,0xaa,0xbd,0xec,0xbb,0xbe,0xe3,0x20,0x89,0x60,0x71,0x6c, | |
635 | 0x56,0xb3,0xa5,0x13,0xd0,0x6d,0x0e,0x23,0x7e,0x95,0x03,0xed,0x68,0x3d,0xf2,0xd8, | |
636 | 0x63,0xb8,0x6b,0x4d,0xb6,0xe8,0x30,0xb5,0xe1,0xca,0x94,0x4b,0xf7,0xa2,0xaa,0x5d, | |
637 | 0x99,0x30,0xb2,0x3d,0xa7,0xc2,0x51,0x6c,0x28,0x20,0x01,0x24,0x27,0x2b,0x4b,0x00, | |
638 | 0xb7,0x9d,0x11,0x6b,0x70,0xbe,0xb2,0x10,0x82,0xbc,0x0c,0x9b,0x68,0xd0,0x8d,0x3b, | |
639 | 0x24,0x87,0xaa,0x99,0x28,0x72,0x9d,0x33,0x5f,0x59,0x90,0xbd,0xf5,0xde,0x93,0x9e, | |
640 | 0x3a,0x62,0x5a,0x34,0x39,0xe2,0x88,0x55,0x1d,0xb9,0x06,0xb0,0xc1,0x89,0x6b,0x2d, | |
641 | 0xd7,0x69,0xc3,0x19,0x12,0x36,0x84,0xd0,0xc9,0xa0,0xda,0xff,0x2f,0x69,0x78,0xb2, | |
642 | 0xe5,0x7a,0xda,0xeb,0xd7,0x0c,0xc0,0xf7,0xbd,0x63,0x17,0xb8,0x39,0x13,0x38,0xa2, | |
643 | 0x36,0x5b,0x7b,0xf2,0x85,0x56,0x6a,0x1d,0x64,0x62,0xc1,0x38,0xe2,0xaa,0xbf,0x51, | |
644 | 0x66,0xa2,0x94,0xf5,0x12,0x9c,0x66,0x22,0x10,0x6b,0xf2,0xb7,0x30,0x92,0x2d,0xf2, | |
645 | 0x29,0xf0,0x3d,0x3b,0x14,0x43,0x68,0xa2,0xf1,0x9c,0x29,0x37,0xcb,0xce,0x38,0x20, | |
646 | 0x25,0x6d,0x7c,0x67,0xf3,0x7e,0x24,0x12,0x24,0x03,0x08,0x81,0x47,0xec,0xa5,0x9e, | |
647 | 0x97,0xf5,0x18,0xd7,0xcf,0xbb,0xd5,0xef,0x76,0x96,0xef,0xfd,0xce,0xdb,0x56,0x9d, | |
648 | 0x95,0xa0,0x42,0xf9,0x97,0x58,0xe1,0xd7,0x31,0x22,0xd3,0x5f,0x59,0xe6,0x3e,0x6e, | |
649 | 0x22,0x00,0xea,0x43,0x84,0xb6,0x25,0xdb,0xd9,0xf3,0x08,0x56,0x68,0xc0,0x64,0x6b, | |
650 | 0x1d,0x7c,0xec,0xb6,0x93,0xa2,0x62,0x57,0x6e,0x2e,0xd8,0xe7,0x58,0x8f,0xc4,0x31, | |
651 | 0x49,0x26,0xdd,0xde,0x29,0x35,0x87,0xf5,0x30,0x71,0x70,0x5b,0x14,0x3c,0x69,0xbd, | |
652 | 0x89,0x12,0x7d,0xeb,0x2e,0xa3,0xfe,0xd8,0x7f,0x9e,0x82,0x5a,0x52,0x0a,0x2b,0xc1, | |
653 | 0x43,0x2b,0xd9,0x30,0x88,0x9f,0xc8,0x10,0xfb,0x89,0x8d,0xe6,0xa1,0x85,0x75,0x33, | |
654 | 0x7e,0x6c,0x9e,0xdb,0x73,0x13,0x64,0x62,0x69,0xa5,0x2f,0x7d,0xca,0x96,0x6d,0x9f, | |
655 | 0xf8,0x04,0x4d,0x30,0x92,0x3d,0x6e,0x21,0x14,0x21,0xc9,0x3d,0xe0,0xc3,0xfd,0x8a, | |
656 | 0x6b,0x9d,0x4a,0xfd,0xd1,0xa1,0x9d,0x99,0x43,0x77,0x3f,0xb0,0xda }; | |
657 | ||
658 | struct CONST_BLOB { | |
659 | const BYTE *pb; | |
660 | DWORD cb; | |
661 | } msRootCerts[] = { | |
662 | { authenticode, sizeof(authenticode) }, | |
663 | { rootauthority, sizeof(rootauthority) }, | |
664 | { rootcertauthority, sizeof(rootcertauthority) }, | |
665 | }; | |
666 | ||
667 | static void add_ms_root_certs(HCERTSTORE to) | |
668 | { | |
669 | DWORD i; | |
670 | ||
671 | TRACE("\n"); | |
672 | ||
673 | for (i = 0; i < sizeof(msRootCerts) / sizeof(msRootCerts[0]); i++) | |
674 | if (!CertAddEncodedCertificateToStore(to, X509_ASN_ENCODING, | |
675 | msRootCerts[i].pb, msRootCerts[i].cb, CERT_STORE_ADD_NEW, NULL)) | |
676 | WARN("adding root cert %d failed: %08x\n", i, GetLastError()); | |
677 | } | |
678 | ||
5fff29cd JL |
679 | /* Reads certificates from the list of known locations into store. Stops when |
680 | * any location contains any certificates, to prevent spending unnecessary time | |
9663f942 JL |
681 | * adding redundant certificates, e.g. when both a certificate bundle and |
682 | * individual certificates exist in the same directory. | |
683 | */ | |
5fff29cd | 684 | static void read_trusted_roots_from_known_locations(HCERTSTORE store) |
9663f942 | 685 | { |
9663f942 JL |
686 | HCERTSTORE from = CertOpenStore(CERT_STORE_PROV_MEMORY, |
687 | X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); | |
5fff29cd JL |
688 | |
689 | if (from) | |
690 | { | |
691 | DWORD i; | |
692 | BOOL ret = FALSE; | |
693 | ||
694 | for (i = 0; !ret && | |
695 | i < sizeof(CRYPT_knownLocations) / sizeof(CRYPT_knownLocations[0]); | |
696 | i++) | |
697 | ret = import_certs_from_path(CRYPT_knownLocations[i], from, TRUE); | |
698 | check_and_store_certs(from, store); | |
699 | } | |
700 | } | |
701 | ||
702 | static HCERTSTORE create_root_store(void) | |
703 | { | |
704 | HCERTSTORE root = NULL; | |
705 | HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, | |
9663f942 JL |
706 | X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); |
707 | ||
5fff29cd | 708 | if (memStore) |
9663f942 JL |
709 | { |
710 | CERT_STORE_PROV_INFO provInfo = { | |
711 | sizeof(CERT_STORE_PROV_INFO), | |
712 | sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]), | |
713 | rootProvFuncs, | |
714 | NULL, | |
715 | 0, | |
716 | NULL | |
717 | }; | |
9663f942 | 718 | |
5fff29cd JL |
719 | read_trusted_roots_from_known_locations(memStore); |
720 | add_ms_root_certs(memStore); | |
721 | root = CRYPT_ProvCreateStore(0, memStore, &provInfo); | |
9663f942 | 722 | } |
9663f942 JL |
723 | TRACE("returning %p\n", root); |
724 | return root; | |
725 | } | |
726 | ||
727 | static PWINECRYPT_CERTSTORE CRYPT_rootStore; | |
728 | ||
729 | PWINECRYPT_CERTSTORE CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) | |
730 | { | |
731 | TRACE("(%ld, %08x)\n", hCryptProv, dwFlags); | |
732 | ||
733 | if (dwFlags & CERT_STORE_DELETE_FLAG) | |
734 | { | |
735 | WARN("root store can't be deleted\n"); | |
736 | SetLastError(ERROR_ACCESS_DENIED); | |
737 | return NULL; | |
738 | } | |
739 | switch (dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK) | |
740 | { | |
741 | case CERT_SYSTEM_STORE_LOCAL_MACHINE: | |
742 | case CERT_SYSTEM_STORE_CURRENT_USER: | |
743 | break; | |
744 | default: | |
745 | TRACE("location %08x unsupported\n", | |
746 | dwFlags & CERT_SYSTEM_STORE_LOCATION_MASK); | |
747 | SetLastError(E_INVALIDARG); | |
748 | return NULL; | |
749 | } | |
750 | if (!CRYPT_rootStore) | |
751 | { | |
5fff29cd | 752 | HCERTSTORE root = create_root_store(); |
9663f942 JL |
753 | |
754 | InterlockedCompareExchangePointer((PVOID *)&CRYPT_rootStore, root, | |
755 | NULL); | |
756 | if (CRYPT_rootStore != root) | |
757 | CertCloseStore(root, 0); | |
758 | } | |
759 | CertDuplicateStore(CRYPT_rootStore); | |
760 | return CRYPT_rootStore; | |
761 | } | |
1dce5ed3 JL |
762 | |
763 | void root_store_free(void) | |
764 | { | |
765 | CertCloseStore(CRYPT_rootStore, 0); | |
766 | } |