static HRESULT AddCertificate(
__in HCERTSTORE hStore,
__in PCCERT_CONTEXT pCertContext,
__in LPCWSTR wzCertificateUniqueName,
__in BOOL fVital
)
{
HRESULT hr = S_OK;
WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", wzCertificateUniqueName);
hr = CertInstallSingleCertificate(hStore, pCertContext, wzCertificateUniqueName);
if (FAILED(hr) && !fVital)
{
WcaLog(LOGMSG_STANDARD, "Could not add non-vital certificate: %ls due to error: 0x%x, continuing...", wzCertificateUniqueName, hr);
hr = S_FALSE;
}
return hr;
}
static HRESULT InstallCertificatePackage(
__in HCERTSTORE hStore,
__in BOOL fUserCertificateStore,
__in LPCWSTR wzName,
__in_opt BYTE* rgbData,
__in DWORD cbData,
__in_opt LPCWSTR wzPFXPassword
)
{
HRESULT hr = S_OK;
HCERTSTORE hPfxCertStore = NULL;
PCCERT_CONTEXT pCertContext = NULL;
CERT_BLOB blob = { 0 };
DWORD dwKeyset = fUserCertificateStore ? CRYPT_USER_KEYSET : CRYPT_MACHINE_KEYSET;
DWORD dwEncodingType;
DWORD dwContentType;
DWORD dwFormatType;
LPWSTR pwzUniqueName = NULL;
int iUniqueId = 0;
// Figure out what type of blob (certificate or PFX) we're dealing with here.
blob.pbData = rgbData;
blob.cbData = cbData;
if (!::CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob, CERT_QUERY_CONTENT_FLAG_ALL, CERT_QUERY_FORMAT_FLAG_ALL, 0, &dwEncodingType, &dwContentType, &dwFormatType, NULL, NULL, (LPCVOID*)&pCertContext))
{
ExitWithLastError1(hr, "Failed to parse the certificate blob: %ls", wzName);
}
hr = StrAllocFormatted(&pwzUniqueName, L"%s_wixCert_%d", wzName, ++iUniqueId);
ExitOnFailure(hr, "Failed to format unique name");
if (!pCertContext)
{
// If we have a PFX blob, get the first certificate out of the PFX and use that instead of the PFX.
if (dwContentType & CERT_QUERY_CONTENT_PFX)
{
ExitOnNull(wzPFXPassword, hr, E_INVALIDARG, "Failed to import PFX blob because no password was provided");
// If we fail and our password is blank, also try passing in NULL for the password (according to the docs)
hPfxCertStore = ::PFXImportCertStore((CRYPT_DATA_BLOB*)&blob, wzPFXPassword, dwKeyset);
if (NULL == hPfxCertStore && !*wzPFXPassword)
{
hPfxCertStore = ::PFXImportCertStore((CRYPT_DATA_BLOB*)&blob, NULL, dwKeyset);
}
ExitOnNullWithLastError(hPfxCertStore, hr, "Failed to open PFX file.");
// Install all certificates in the PFX
for (pCertContext = ::CertEnumCertificatesInStore(hPfxCertStore, pCertContext);
pCertContext;
pCertContext = ::CertEnumCertificatesInStore(hPfxCertStore, pCertContext))
{
WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName);
hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName);
MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store.");
hr = StrAllocFormatted(&pwzUniqueName, L"%s_wixCert_%d", wzName, ++iUniqueId);
ExitOnFailure(hr, "Failed to format unique name");
}
}
else
{
hr = E_UNEXPECTED;
ExitOnFailure(hr, "Unexpected certificate type processed.");
}
}
else
{
WcaLog(LOGMSG_STANDARD, "Adding certificate: %ls", pwzUniqueName);
hr = CertInstallSingleCertificate(hStore, pCertContext, pwzUniqueName);
MessageExitOnFailure(hr, msierrCERTFailedAdd, "Failed to add certificate to the store.");
}
hr = WcaProgressMessage(COST_CERT_ADD, FALSE);
ExitOnFailure(hr, "Failed to send install progress message.");
LExit:
ReleaseStr(pwzUniqueName);
if (pCertContext)
{
::CertFreeCertificateContext(pCertContext);
}
// Close the stores after the context's are released.
if (hPfxCertStore)
{
if (!::CertCloseStore(hPfxCertStore, CERT_CLOSE_STORE_CHECK_FLAG))
{
WcaLog(LOGMSG_VERBOSE, "PFX cert store was closed but not all resources were freed. Error 0x%x", GetLastError());
}
}
return hr;
}
