Changeset 64927 in vbox

Timestamp:

Dec 16, 2016 9:43:42 PM (8 years ago)

Author:

vboxsync

Message:

installer/win/VBoxStub: Add all the certificates we use, not just the SHA-1 one.

Location:

trunk/src/VBox/Installer/win/Stub

Files:

• Makefile.kmk (modified) (1 diff)
• VBoxStub.cpp (modified) (2 diffs)

trunk/src/VBox/Installer/win/Stub/Makefile.kmk

@@ -56 +56 @@
   VBoxStub.cpp_DEFS += VBOX_WITH_CODE_SIGNING
 
-  $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h: $(VBOX_BIN2C) $(PATH_ROOT)/src/VBox/Additions/WINNT/tools/oracle-vbox.cer | $$(dir $$@)
-        $(VBOX_BIN2C) _VBoxStubPublicCert $(PATH_ROOT)/src/VBox/Additions/WINNT/tools/oracle-vbox.cer $@
+  $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h:  | $$(dir $$@) $(VBOX_RTSIGNTOOL) $(PATH_STAGE_SYS)/VBoxDrv.sys
+        $(RM) -f -- "$@" "$@.cer0" "$@.cer1" "$@.cer2" "$@.array"
+
+        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 0 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer0" --der
+        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert0 "$@.cer0" $@
+        $(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert0, sizeof(g_abVBoxStubTrustedCert0) }, "
+  if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && (!defined(VBOX_WITH_CORP_CODE_SIGNING) || "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all")
+        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer1" --der
+        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "$@.cer1" $@
+        $(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert1, sizeof(g_abVBoxStubTrustedCert1) }, "
+  endif
+  if defined(VBOX_WITH_CORP_CODE_SIGNING) && "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all" && "$(VBOX_SIGNING_MODE)" == "release"
+        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "" --output "$@.cer2" --der
+        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "$@.cer2" $@
+        $(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert2, sizeof(g_abVBoxStubTrustedCert2) }, "
+  endif
+        $(APPEND) -n "$@" \
+                "" \
+                "struct { uint8_t const *pab; uint32_t cb; }" "g_aVBoxStubTrustedCerts[] = " \
+               "{"
+        $(SED) --append "$@" -e "" "$@.array"
+        $(APPEND) -n "$@" \
+               "};"
+        $(RM) -f -- "$@.cer0" "$@.cer1" "$@.cer2" "$@.array"
+
+  VBoxStubPublicCert.h:: $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h
 
  endif

trunk/src/VBox/Installer/win/Stub/VBoxStub.cpp

@@ -698 +698 @@
  * @returns Fully complained exit code.
  */
-static RTEXITCODE InstallCertificate(void)
-{
-    if (addCertToStore(CERT_SYSTEM_STORE_LOCAL_MACHINE,
-                       "TrustedPublisher",
-                       g_ab_VBoxStubPublicCert,
-                       sizeof(g_ab_VBoxStubPublicCert)))
-        return RTEXITCODE_SUCCESS;
-    return ShowError("Failed to construct install certificate.");
+static RTEXITCODE InstallCertificates(void)
+{
+    for (uint32_t i = 0; i < RT_ELEMENTS(g_aVBoxStubTrustedCerts); i++)
+    {
+        if (!addCertToStore(CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            "TrustedPublisher",
+                            g_aVBoxStubTrustedCerts[i].pab,
+                            g_aVBoxStubTrustedCerts[i].cb))
+            return ShowError("Failed to construct install certificate.");
+    }
+    return RTEXITCODE_SUCCESS;
 }
 #endif /* VBOX_WITH_CODE_SIGNING */
@@ -1133 +1136 @@
                 {
                     rcExit = CopyCustomDir(szExtractPath);
-    #ifdef VBOX_WITH_CODE_SIGNING
+#ifdef VBOX_WITH_CODE_SIGNING
                     if (rcExit == RTEXITCODE_SUCCESS && fEnableSilentCert && g_fSilent)
-                        rcExit = InstallCertificate();
-    #endif
+                        rcExit = InstallCertificates();
+#endif
                     unsigned iPackage = 0;
                     while (   iPackage < pHeader->byCntPkgs