static HRESULT ExecuteCertificateOperation(
__in MSIHANDLE hInstall,
__in SCA_ACTION saAction,
__in DWORD dwStoreLocation
)
{
//AssertSz(FALSE, "Debug ExecuteCertificateOperation() here.");
Assert(saAction & SCA_ACTION_INSTALL || saAction & SCA_ACTION_UNINSTALL);
HRESULT hr = S_OK;
LPWSTR pwzCaData = NULL;
LPWSTR pwz;
LPWSTR pwzName = NULL;
LPWSTR pwzStore = NULL;
int iAttributes = 0;
LPWSTR pwzPFXPassword = NULL;
LPWSTR pwzFilePath = NULL;
BYTE* pbData = NULL;
DWORD cbData = 0;
HCERTSTORE hCertStore = NULL;
hr = WcaGetProperty(L"CustomActionData", &pwzCaData);
ExitOnFailure(hr, "Failed to get CustomActionData");
WcaLog(LOGMSG_TRACEONLY, "CustomActionData: %S", pwzCaData);
pwz = pwzCaData;
hr = WcaReadStringFromCaData(&pwz, &pwzName);
ExitOnFailure(hr, "Failed to parse certificate name.");
hr = WcaReadStringFromCaData(&pwz, &pwzStore);
ExitOnFailure(hr, "Failed to parse CustomActionData, StoreName");
hr = WcaReadIntegerFromCaData(&pwz, &iAttributes);
ExitOnFailure(hr, "Failed to parse certificate attribute");
if (SCA_ACTION_INSTALL == saAction) // install operations need more data
{
if (iAttributes & SCA_CERT_INSTALLED_FILE_PATH)
{
hr = WcaReadStringFromCaData(&pwz, &pwzFilePath);
ExitOnFailure(hr, "Failed to parse path to certficate file.");
hr = FileReadUntil(&pbData, &cbData, pwzFilePath, SIXTY_FOUR_MEG);
ExitOnFailure(hr, "Failed to read certificate from file path.");
}
else
{
hr = WcaReadStreamFromCaData(&pwz, &pbData, (DWORD_PTR*)&cbData);
ExitOnFailure(hr, "Failed to parse certficate stream.");
}
hr = WcaReadStringFromCaData(&pwz, &pwzPFXPassword);
ExitOnFailure(hr, "Failed to parse certificate password.");
}
// Open the right store.
hCertStore = ::CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, dwStoreLocation, pwzStore);
MessageExitOnNullWithLastError1(hCertStore, hr, msierrCERTFailedOpen, "Failed to open certificate store: %S", pwzStore);
if (SCA_ACTION_INSTALL == saAction) // install operations need more data
{
hr = InstallCertificate(hCertStore, (dwStoreLocation == CERT_SYSTEM_STORE_CURRENT_USER), pwzName, pbData, cbData, pwzPFXPassword);
ExitOnFailure(hr, "Failed to install certificate.");
}
else
{
Assert(SCA_ACTION_UNINSTALL == saAction);
hr = UninstallCertificate(hCertStore, pwzName);
ExitOnFailure(hr, "Failed to uninstall certificate.");
}
LExit:
if (hCertStore)
{
::CertCloseStore(hCertStore, 0);
}
ReleaseMem(pbData);
ReleaseStr(pwzFilePath);
ReleaseStr(pwzPFXPassword);
ReleaseStr(pwzStore);
ReleaseStr(pwzName);
ReleaseStr(pwzCaData);
return hr;
}
static HRESULT ExecuteCertificateOperation(
__in MSIHANDLE hInstall,
__in SCA_ACTION saAction,
__in DWORD dwStoreLocation
)
{
//AssertSz(FALSE, "Debug ExecuteCertificateOperation() here.");
Assert(saAction & SCA_ACTION_INSTALL || saAction & SCA_ACTION_UNINSTALL);
HRESULT hr = S_OK;
LPWSTR pwzCaData = NULL;
LPWSTR pwz;
LPWSTR pwzName = NULL;
LPWSTR pwzStore = NULL;
int iAttributes = 0;
LPWSTR pwzPFXPassword = NULL;
LPWSTR pwzFilePath = NULL;
BYTE* pbData = NULL;
DWORD cbData = 0;
DWORD cbPFXPassword = 0;
BOOL fUserStoreLocation = (CERT_SYSTEM_STORE_CURRENT_USER == dwStoreLocation);
HCERTSTORE hCertStore = NULL;
hr = WcaGetProperty(L"CustomActionData", &pwzCaData);
ExitOnFailure(hr, "Failed to get CustomActionData");
WcaLog(LOGMSG_TRACEONLY, "CustomActionData: %ls", pwzCaData);
pwz = pwzCaData;
hr = WcaReadStringFromCaData(&pwz, &pwzName);
ExitOnFailure(hr, "Failed to parse certificate name.");
hr = WcaReadStringFromCaData(&pwz, &pwzStore);
ExitOnFailure(hr, "Failed to parse CustomActionData, StoreName");
hr = WcaReadIntegerFromCaData(&pwz, &iAttributes);
ExitOnFailure(hr, "Failed to parse certificate attribute");
if (SCA_ACTION_INSTALL == saAction) // install operations need more data
{
hr = WcaReadStreamFromCaData(&pwz, &pbData, (DWORD_PTR*)&cbData);
ExitOnFailure(hr, "Failed to parse certificate stream.");
hr = WcaReadStringFromCaData(&pwz, &pwzPFXPassword);
ExitOnFailure(hr, "Failed to parse certificate password.");
}
// Open the right store.
hCertStore = ::CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, dwStoreLocation, pwzStore);
MessageExitOnNullWithLastError1(hCertStore, hr, msierrCERTFailedOpen, "Failed to open certificate store: %ls", pwzStore);
if (SCA_ACTION_INSTALL == saAction) // install operations need more data
{
// Uninstall existing versions of this package. Ignore any failures
// This is needed to clean up the private key of a cert when we replace an existing cert
// CertAddCertificateContextToStore(CERT_STORE_ADD_REPLACE_EXISTING) does not remove the private key if the cert is replaced
UninstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName);
hr = InstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, pwzPFXPassword);
ExitOnFailure(hr, "Failed to install certificate.");
}
else
{
Assert(SCA_ACTION_UNINSTALL == saAction);
hr = UninstallCertificatePackage(hCertStore, fUserStoreLocation, pwzName);
ExitOnFailure(hr, "Failed to uninstall certificate.");
}
LExit:
if (NULL != pwzPFXPassword && SUCCEEDED(StrSize(pwzPFXPassword, &cbPFXPassword)))
{
SecureZeroMemory(pwzPFXPassword, cbPFXPassword);
}
if (hCertStore)
{
if (!::CertCloseStore(hCertStore, CERT_CLOSE_STORE_CHECK_FLAG))
{
WcaLog(LOGMSG_VERBOSE, "Cert store was closed but not all resources were freed. Error 0x%x", GetLastError());
}
}
ReleaseMem(pbData);
ReleaseStr(pwzFilePath);
ReleaseStr(pwzPFXPassword);
ReleaseStr(pwzStore);
ReleaseStr(pwzName);
ReleaseStr(pwzCaData);
return hr;
}