archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/tools/pesigmgr/pesigmgr.cxx

859 lines
21 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (C) 1995-96 Microsoft Corporation
  5. Module Name:
  7. certify.cxx
  9. Abstract:
  11. This is the command line tool to manipulate certificates on an executable image.
  13. Author: Robert Reichel (robertre) Feb 12, 1996
  15. Revision History:
  19. --*/
  21. //#define UNICODE 1
  22. //#define _UNICODE 1
  25. #include <windows.h>
  26. #include <imagehlp.h>
  27. #include <stdio.h>
  28. #include <malloc.h>
  30. //
  31. // Private prototypes
  32. //
  34. LPWIN_CERTIFICATE
  35. GetCertFromImage(
  36. LPCTSTR ImageName,
  37. DWORD Index
  38. );
  40. SaveCertificate(
  41. LPCTSTR OutputFileName,
  42. LPCTSTR ImageName,
  43. DWORD CertIndex
  44. );
  46. BOOL
  47. RemoveCertificateFromImage(
  48. LPCTSTR ImageName,
  49. DWORD Index
  50. );
  52. BOOL
  53. AddCertificateToImage(
  54. LPCTSTR ImageName,
  55. LPCTSTR CertificateName,
  56. WORD CertificateType,
  57. PDWORD Index
  58. );
  60. VOID
  61. PrintCertificate(
  62. LPWIN_CERTIFICATE Certificate,
  63. DWORD Index
  64. );
  66. BOOL
  67. GetCertHeaderFromImage(
  68. IN LPCTSTR ImageName,
  69. IN DWORD Index,
  70. OUT LPWIN_CERTIFICATE CertificateHeader
  71. );
  73. #define TYPE_X509 TEXT("X509")
  74. #define TYPE_PKCS7 TEXT("PKCS7")
  75. #define TYPE_UNKNOWN TEXT("Unknown")
  77. //
  78. // Globals
  79. //
  81. BOOL fVerbose = FALSE;
  83. void
  84. PrintUsage(
  85. VOID
  86. )
  87. {
  88. fputs("Usage: PESIGMGR [switches] image-name \n"
  89. " [-?] display this message\n"
  90. " [-l] list the certificates in an image\n"
  91. " [-a:<Filename>] add a certificate file to an image\n"
  92. " [-r:<index>] remove certificate <index> from an image\n"
  93. " [-s:<Filename>] used with -r to save the removed certificate\n"
  94. " [-t:<CertType>] used with -a to specify the type of the certificate\n"
  95. " where CertType may be X509 or PKCS7 [default is X509]\n",
  96. stderr
  97. );
  98. exit(-1);
  99. }
  101. #if 0
  103. PWSTR
  104. GetArgAsUnicode(
  105. LPSTR s
  106. )
  107. {
  108. ULONG n;
  109. PWSTR ps;
  111. n = strlen( s );
  112. ps = (PWSTR)HeapAlloc( GetProcessHeap(),
  113. 0,
  114. (n + 1) * sizeof( WCHAR )
  115. );
  116. if (ps == NULL) {
  117. printf( "Out of memory\n" );
  118. }
  120. if (MultiByteToWideChar( CP_ACP,
  121. MB_PRECOMPOSED,
  122. s,
  123. n,
  124. ps,
  125. n
  126. ) != (LONG)n
  127. ) {
  128. printf( "Unable to convert parameter '%s' to Unicode (%u)", (ULONG)s, GetLastError() );
  129. }
  131. ps[ n ] = UNICODE_NULL;
  132. return ps;
  133. }
  135. #endif
  138. int __cdecl
  139. main(
  140. int argc,
  141. char *argv[],
  142. char *envp[]
  143. )
  144. {
  145. BOOL AFlagSeen = FALSE;
  146. BOOL LFlagSeen = FALSE;
  147. BOOL RFlagSeen = FALSE;
  148. BOOL SFlagSeen = FALSE;
  149. BOOL TFlagSeen = FALSE;
  150. BOOL Result;
  152. DWORD Index;
  153. DWORD RFlag_CertIndex;
  154. WORD CertificateType = WIN_CERT_TYPE_PKCS_SIGNED_DATA; // default
  156. char * CertificateName;
  157. char * ImageName = NULL;
  158. char * SFlag_CertificateFile;
  159. char c, *p;
  163. if (argc < 2) {
  164. PrintUsage();
  165. }
  167. while (--argc) {
  168. p = *++argv;
  169. if (*p == '/' || *p == '-') {
  170. c = *++p;
  171. switch (toupper( c )) {
  172. case '?':
  173. PrintUsage();
  174. break;
  176. case 'A': // Add Certificate to image
  177. c = *++p;
  178. if (c != ':') {
  179. PrintUsage();
  180. } else {
  182. if (AFlagSeen == TRUE) {
  183. PrintUsage();
  184. return( 0 );
  185. }
  187. AFlagSeen = TRUE;
  188. CertificateName = ++p;
  189. }
  190. break;
  191. case 'V':
  192. {
  193. fVerbose = TRUE;
  194. break;
  195. }
  197. case 'T':
  198. {
  199. //
  200. // Specify the Type of the certificate
  201. //
  202. c = *++p;
  203. if (c != ':') {
  204. PrintUsage();
  205. } else {
  207. if (TFlagSeen == TRUE) {
  208. PrintUsage();
  209. return( 0 );
  210. }
  212. TFlagSeen = TRUE;
  213. ++p;
  215. if (_stricmp(p, TYPE_X509) == 0) {
  216. CertificateType = WIN_CERT_TYPE_X509;
  217. if (fVerbose) {
  218. printf("Certificate type = X509\n");
  219. }
  220. } else {
  221. if (_stricmp(p, TYPE_PKCS7) == 0) {
  222. CertificateType = WIN_CERT_TYPE_PKCS_SIGNED_DATA;
  223. if (fVerbose) {
  224. printf("Certificate type = PKCS7\n");
  225. }
  226. } else {
  227. if (fVerbose) {
  228. printf("Unrecognized Certificate type %s\n",p);
  229. }
  230. PrintUsage();
  231. return (0);
  232. }
  233. }
  234. }
  235. break;
  236. }
  238. case 'L': // List the certificates in an image.
  239. {
  240. if (LFlagSeen == TRUE) {
  241. PrintUsage();
  242. return( 0 );
  243. }
  245. LFlagSeen = TRUE;
  247. break;
  248. }
  250. case 'R': // Remove certificate from an image
  251. {
  252. c = *++p;
  253. if (c != ':') {
  254. PrintUsage();
  255. } else {
  257. if (RFlagSeen == TRUE) {
  258. PrintUsage();
  259. return( 0 );
  260. }
  262. RFlagSeen = TRUE;
  264. //
  265. // Save the index
  266. //
  268. RFlag_CertIndex = atoi(++p);
  269. }
  271. break;
  272. }
  274. case 'G':
  275. c = *++p;
  276. if (c != ':') {
  277. PrintUsage();
  278. } else {
  279. // Generate a certificate from an image.
  280. }
  281. break;
  283. case 'S': // Save the certificate
  284. c = *++p;
  285. if (c != ':') {
  286. PrintUsage();
  287. } else {
  289. if (SFlagSeen == TRUE) {
  290. PrintUsage();
  291. return( 0 );
  292. }
  294. SFlagSeen = TRUE;
  296. //
  297. // Save the name of the file to put the cert into.
  298. //
  300. SFlag_CertificateFile = ++p;
  301. }
  302. break;
  304. default:
  305. fprintf( stderr, "CERTIFY: Invalid switch - /%c\n", c );
  306. PrintUsage();
  307. break;
  308. }
  310. } else {
  312. //
  313. // Should only be a single image name here
  314. //
  316. if (ImageName != NULL) {
  317. PrintUsage();
  318. return( 0 );
  319. }
  321. ImageName = *argv;
  322. }
  323. }
  325. //
  326. // Finished processing parameters, let's do the work.
  327. //
  329. if (ImageName == NULL) {
  330. if (fVerbose) {
  331. printf("Image name not specified\n");
  332. }
  333. PrintUsage();
  334. return(0);
  335. }
  337. if (LFlagSeen) {
  339. int Index = 0;
  340. WIN_CERTIFICATE Certificate;
  342. if (SFlagSeen || RFlagSeen || AFlagSeen) {
  343. PrintUsage();
  344. return(0);
  345. }
  347. do {
  349. Result = GetCertHeaderFromImage( ImageName, Index, &Certificate );
  351. if (Result) {
  352. PrintCertificate( &Certificate, Index );
  353. }
  355. Index++;
  357. } while ( Result );
  358. return( 1 );
  359. }
  361. if (AFlagSeen) {
  363. //
  364. // 'A' is not used in conjunction with R or S
  365. //
  367. if (SFlagSeen || RFlagSeen) {
  368. PrintUsage();
  369. return( 0 );
  370. }
  372. Result = AddCertificateToImage(
  373. ImageName,
  374. CertificateName,
  375. CertificateType,
  376. &Index
  377. );
  379. if (Result) {
  380. if (fVerbose){
  381. printf("Certificate %d added\n",Index);
  382. }
  384. return( 1 );
  385. } else {
  387. if (fVerbose) {
  388. printf("Unable to add Certificate to %s, error = %d\n",ImageName,GetLastError());
  389. }
  390. return( 0 );
  391. }
  392. }
  394. if (RFlagSeen) {
  396. if (!SFlagSeen) {
  397. if (fVerbose) {
  398. fputs("-R requires -S\n",stderr);
  399. }
  400. PrintUsage();
  401. return(0);
  402. }
  404. //
  405. // Make sure we can save the certificate data before
  406. // we remove it from the image
  407. //
  409. Result = SaveCertificate(
  410. SFlag_CertificateFile,
  411. ImageName,
  412. RFlag_CertIndex
  413. );
  415. if (!Result) {
  416. if (fVerbose) {
  417. printf("Unable to save certificate to file %s, error = %d\n",SFlag_CertificateFile,GetLastError());
  418. }
  419. return(0);
  420. }
  422. //
  423. // Now that the certificate is safe, remove it from the image
  424. //
  426. Result = RemoveCertificateFromImage(
  427. ImageName,
  428. RFlag_CertIndex
  429. );
  431. if (!Result) {
  432. if (fVerbose) {
  433. printf("Unable to remove certificate, error = %d\n",GetLastError());
  434. }
  435. return(0);
  436. }
  437. }
  439. if (SFlagSeen && !RFlagSeen) {
  440. PrintUsage();
  441. return( 0 );
  442. }
  444. return 0;
  445. }
  448. VOID
  449. PrintCertificate(
  450. LPWIN_CERTIFICATE Certificate,
  451. DWORD Index
  452. )
  453. {
  454. char * CertType;
  456. switch (Certificate->wCertificateType) {
  457. case WIN_CERT_TYPE_X509:
  458. {
  459. CertType = TYPE_X509;
  460. break;
  461. }
  462. case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
  463. {
  465. CertType = TYPE_PKCS7;
  466. break;
  467. }
  468. default:
  469. {
  470. CertType = TYPE_UNKNOWN;
  471. break;
  472. }
  473. }
  475. printf("\nCertificate %3d Revision %1d Type %8s",Index,Certificate->wRevision, CertType);
  477. return;
  478. }
  481. BOOL
  482. AddCertificateToImage(
  483. IN LPCTSTR ImageName,
  484. IN LPCTSTR CertificateName,
  485. IN WORD CertificateType,
  486. OUT PDWORD Index
  487. )
  488. /*++
  490. Routine Description:
  492. Adds a certificate to an image, and returns its index.
  494. Arguments:
  496. ImageName - Provides the full name and path to the image to be
  497. modified.
  499. CertificateName - Provides the full name and path to a file containing
  500. the certificate to be added to the image.
  502. CertificateType - Provides the type of the certificate being added.
  503. This type will be placed in the dwType field of the resulting
  504. WIN_CERTIFICATE structure.
  506. Index - Returns the index of the certificate after it is placed in the
  507. image.
  510. Return Value:
  512. TRUE on success, FALSE on failure. More information is available via
  513. GetLastError().
  515. --*/
  516. {
  517. HANDLE CertificateHandle;
  518. DWORD CertificateFileSize;
  519. DWORD CertificateSize;
  520. LPWIN_CERTIFICATE Certificate = NULL;
  521. BOOL Result = FALSE;
  522. HANDLE ImageHandle;
  523. DWORD BytesRead;
  525. //
  526. // Attempt to open the certificate file
  527. //
  529. if ((CertificateHandle = CreateFile(CertificateName,
  530. GENERIC_READ,
  531. 0,
  532. 0,
  533. OPEN_EXISTING,
  534. FILE_ATTRIBUTE_NORMAL,
  535. NULL)) == INVALID_HANDLE_VALUE)
  536. {
  537. if (fVerbose) {
  538. printf("Unable to open %s, error = %d\n",CertificateName,GetLastError());
  539. }
  540. goto ErrorReturn;
  541. }
  543. //
  544. // Read the certificate data into memory
  545. //
  547. CertificateFileSize = GetFileSize( CertificateHandle, NULL );
  548. CertificateSize = CertificateFileSize + (sizeof( WIN_CERTIFICATE ) - sizeof( BYTE ));
  550. //
  551. // Hack to make certs 8 byte aligned
  552. //
  554. // CertificateSize += (8 - (CertificateSize % 8));
  556. Certificate = (LPWIN_CERTIFICATE)malloc( CertificateSize );
  557. if (NULL == Certificate) {
  558. if (fVerbose) {
  559. printf("malloc failed\n");
  560. }
  561. goto ErrorReturn;
  562. }
  564. Certificate->dwLength = CertificateSize;
  565. Certificate->wRevision = WIN_CERT_REVISION_1_0;
  566. Certificate->wCertificateType = CertificateType;
  567. Result = ReadFile( CertificateHandle,
  568. &Certificate->bCertificate,
  569. CertificateFileSize,
  570. &BytesRead,
  571. NULL // Overlapped
  572. );
  574. if (!Result) {
  575. if (fVerbose) {
  576. printf("Unable to read Certificate file, error = %d\n",GetLastError());
  577. }
  578. goto ErrorReturn;
  579. }
  581. ImageHandle = CreateFile( ImageName,
  582. GENERIC_READ | GENERIC_WRITE,
  583. 0,
  584. 0,
  585. OPEN_EXISTING,
  586. FILE_ATTRIBUTE_NORMAL,
  587. NULL
  588. );
  590. if (ImageHandle == INVALID_HANDLE_VALUE) {
  591. if (fVerbose) {
  592. printf("Unable to open image file %s, error = %d\n",ImageName,GetLastError());
  593. }
  594. goto ErrorReturn;
  595. }
  597. Result = ImageAddCertificate( ImageHandle,
  598. Certificate,
  599. Index
  600. );
  602. if (!Result) {
  603. if (fVerbose) {
  604. printf("ImageAddCertificate failed, error = %d\n",GetLastError());
  605. }
  606. goto ErrorReturn;
  607. }
  609. CommonReturn:
  610. if (Certificate)
  611. free(Certificate);
  613. return( Result );
  615. ErrorReturn:
  616. Result = FALSE;
  617. goto CommonReturn;
  618. }
  620. BOOL
  621. GetCertHeaderFromImage(
  622. IN LPCTSTR ImageName,
  623. IN DWORD Index,
  624. OUT LPWIN_CERTIFICATE CertificateHeader
  625. )
  626. {
  627. HANDLE ImageHandle;
  628. BOOL Result;
  630. ImageHandle = CreateFile( ImageName,
  631. GENERIC_READ | GENERIC_WRITE,
  632. 0,
  633. 0,
  634. OPEN_EXISTING,
  635. FILE_ATTRIBUTE_NORMAL,
  636. NULL
  637. );
  639. if (ImageHandle == INVALID_HANDLE_VALUE) {
  640. if (fVerbose) {
  641. printf("Unable to open image file %s\n",ImageName);
  642. }
  643. return( FALSE );
  644. }
  646. Result = ImageGetCertificateHeader(
  647. ImageHandle,
  648. Index,
  649. CertificateHeader
  650. );
  652. CloseHandle( ImageHandle );
  654. if (!Result) {
  655. if (fVerbose) {
  656. printf("\nUnable to retrieve certificate header from %s, index=%d, error = %d\n",ImageName,Index,GetLastError());
  657. }
  658. return( FALSE );
  659. }
  661. return( TRUE );
  663. }
  665. LPWIN_CERTIFICATE
  666. GetCertFromImage(
  667. IN LPCTSTR ImageName,
  668. IN DWORD Index
  669. )
  671. /*++
  673. Routine Description:
  675. Returns a copy of the specified certificate.
  677. Arguments:
  679. ImageName - Provides the full path to the image file containing the
  680. certificate.
  682. Index - Provides the index of the desired certificate in the image.
  684. Return Value:
  686. NULL on failure.
  688. On Success, returns a pointer to a filled in WIN_CERTIFICATE
  689. structure, which may be freed by called free().
  692. --*/
  694. {
  695. HANDLE ImageHandle;
  696. LPWIN_CERTIFICATE Certificate;
  697. DWORD RequiredLength = 0;
  698. BOOL Result;
  700. ImageHandle = CreateFile( ImageName,
  701. GENERIC_READ | GENERIC_WRITE,
  702. 0,
  703. 0,
  704. OPEN_EXISTING,
  705. FILE_ATTRIBUTE_NORMAL,
  706. NULL
  707. );
  709. if (ImageHandle == INVALID_HANDLE_VALUE) {
  710. if (fVerbose) {
  711. printf("Unable to open image file %s\n",ImageName);
  712. }
  713. return( NULL );
  714. }
  716. Result = ImageGetCertificateData(
  717. ImageHandle,
  718. Index,
  719. NULL,
  720. &RequiredLength
  721. );
  723. if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
  724. if (fVerbose) {
  725. printf("Unable to retrieve certificate data from %s, error = %d\n",ImageName,GetLastError());
  726. }
  727. return(NULL);
  728. }
  730. Certificate = (LPWIN_CERTIFICATE) malloc( RequiredLength );
  732. if (Certificate == NULL) {
  733. if (fVerbose) {
  734. printf("Out of memory in GetCertFromImage\n");
  735. }
  736. return( NULL );
  737. }
  739. Result = ImageGetCertificateData(
  740. ImageHandle,
  741. Index,
  742. Certificate,
  743. &RequiredLength
  744. );
  746. CloseHandle( ImageHandle );
  748. if (!Result) {
  749. if (fVerbose) {
  750. printf("Unable to retrieve certificate from %s, error = %d\n",ImageName,GetLastError());
  751. }
  752. return( NULL );
  753. }
  755. return( Certificate );
  756. }
  759. BOOL
  760. RemoveCertificateFromImage(
  761. LPCTSTR ImageName,
  762. DWORD Index
  763. )
  764. {
  765. HANDLE ImageHandle;
  766. BOOL Result;
  768. if (fVerbose) {
  769. printf("Removing certificate index %d from %s\n",Index,ImageName);
  770. }
  772. ImageHandle = CreateFile( ImageName,
  773. GENERIC_READ | GENERIC_WRITE,
  774. 0,
  775. 0,
  776. OPEN_EXISTING,
  777. FILE_ATTRIBUTE_NORMAL,
  778. NULL
  779. );
  781. if (ImageHandle == INVALID_HANDLE_VALUE) {
  782. printf("Unable to open image file %s\n",ImageName);
  783. return( FALSE );
  784. }
  786. Result = ImageRemoveCertificate(
  787. ImageHandle,
  788. Index
  789. );
  791. if (!Result) {
  792. printf("Unable to remove certificate from %s, error = %d\n",ImageName,GetLastError());
  793. return( FALSE );
  794. }
  796. CloseHandle( ImageHandle );
  798. return( TRUE );
  800. }
  802. BOOL
  803. SaveCertificate(
  804. LPCTSTR OutputFileName,
  805. LPCTSTR ImageName,
  806. DWORD CertIndex
  807. )
  808. {
  809. DWORD Length;
  810. BOOL Result;
  811. DWORD BytesWritten = 0;
  812. LPWIN_CERTIFICATE Certificate;
  813. HANDLE CertificateHandle;
  815. Certificate = GetCertFromImage( ImageName, CertIndex );
  817. if (Certificate == NULL) {
  818. if (fVerbose) {
  819. printf("Unable to retrieve certificate from %s, error = %d\n",ImageName,GetLastError());
  820. }
  821. return( FALSE );
  822. }
  824. Length = Certificate->dwLength - sizeof( WIN_CERTIFICATE ) + sizeof( BYTE );
  826. //
  827. // Attempt to open the certificate file
  828. //
  830. if ((CertificateHandle = CreateFile(OutputFileName,
  831. GENERIC_WRITE,
  832. 0,
  833. 0,
  834. CREATE_ALWAYS,
  835. FILE_ATTRIBUTE_NORMAL,
  836. NULL)) == INVALID_HANDLE_VALUE)
  837. {
  838. printf("Unable to create %s, error = %d\n",OutputFileName,GetLastError());
  839. return( FALSE );
  840. }
  842. Result = WriteFile( CertificateHandle,
  843. &Certificate->bCertificate,
  844. Length,
  845. &BytesWritten,
  846. NULL // Overlapped
  847. );
  849. if (!Result) {
  850. printf("Unable to save certificate to file %s, error = %d\n",OutputFileName,GetLastError());
  851. return( FALSE );
  852. }
  854. CloseHandle( CertificateHandle );
  856. free( Certificate );
  858. return( TRUE );
  859. }