From ce5fab3cf74200591e8bd53fa9ff38f9b7f5f374 Mon Sep 17 00:00:00 2001 From: RustDesk <71636191+rustdesk@users.noreply.github.com> Date: Mon, 3 Jul 2023 20:55:43 +0800 Subject: [PATCH] Revert "Refact/install cert " --- src/platform/windows.rs | 82 ++++++++--------------------------------- 1 file changed, 15 insertions(+), 67 deletions(-) diff --git a/src/platform/windows.rs b/src/platform/windows.rs index d58598f2a..df783b781 100644 --- a/src/platform/windows.rs +++ b/src/platform/windows.rs @@ -1923,22 +1923,18 @@ pub fn uninstall_cert() -> ResultType<()> { mod cert { use hbb_common::{allow_err, bail, log, ResultType}; use std::{path::Path, str::from_utf8}; - use winapi::{ - shared::{ - minwindef::{BYTE, DWORD, FALSE, TRUE}, - ntdef::NULL, - }, - um::{ - errhandlingapi::GetLastError, - wincrypt::{ - CertAddEncodedCertificateToStore, CertCloseStore, CertDeleteCertificateFromStore, - CertEnumCertificatesInStore, CertNameToStrA, CertOpenSystemStoreW, - CryptHashCertificate, ALG_ID, CALG_SHA1, CERT_ID_SHA1_HASH, - CERT_STORE_ADD_REPLACE_EXISTING, CERT_X500_NAME_STR, PCCERT_CONTEXT, - X509_ASN_ENCODING, - }, - winreg::HKEY_LOCAL_MACHINE, + use winapi::shared::{ + minwindef::{BYTE, DWORD, TRUE}, + ntdef::NULL, + }; + use winapi::um::{ + errhandlingapi::GetLastError, + wincrypt::{ + CertCloseStore, CertEnumCertificatesInStore, CertNameToStrA, CertOpenSystemStoreA, + CryptHashCertificate, ALG_ID, CALG_SHA1, CERT_ID_SHA1_HASH, CERT_X500_NAME_STR, + PCCERT_CONTEXT, }, + winreg::HKEY_LOCAL_MACHINE, }; use winreg::{ enums::{KEY_WRITE, REG_BINARY}, @@ -1950,8 +1946,6 @@ mod cert { const THUMBPRINT_ALG: ALG_ID = CALG_SHA1; const THUMBPRINT_LEN: DWORD = 20; - const CERT_ISSUER_1: &str = "CN=\"WDKTestCert admin,133225435702113567\"\0"; - #[inline] unsafe fn compute_thumbprint(pb_encoded: *const BYTE, cb_encoded: DWORD) -> (Vec, String) { let mut size = THUMBPRINT_LEN; @@ -2006,12 +2000,6 @@ mod cert { pub fn install_cert>(path: P) -> ResultType<()> { let mut cert_bytes = std::fs::read(path)?; - install_cert_reg(&mut cert_bytes)?; - install_cert_add_cert_store(&mut cert_bytes)?; - Ok(()) - } - - fn install_cert_reg(cert_bytes: &mut [u8]) -> ResultType<()> { unsafe { let thumbprint = compute_thumbprint(cert_bytes.as_mut_ptr(), cert_bytes.len() as _); log::debug!("Thumbprint of cert {}", &thumbprint.1); @@ -2020,56 +2008,25 @@ mod cert { let (cert_key, _) = reg_cert_key.create_subkey(&thumbprint.1)?; let data = winreg::RegValue { vtype: REG_BINARY, - bytes: create_cert_blob(thumbprint.0, cert_bytes.to_vec()), + bytes: create_cert_blob(thumbprint.0, cert_bytes), }; cert_key.set_raw_value("Blob", &data)?; } Ok(()) } - fn install_cert_add_cert_store(cert_bytes: &mut [u8]) -> ResultType<()> { - unsafe { - let store_handle = CertOpenSystemStoreW(0 as _, "ROOT\0".as_ptr() as _); - if store_handle.is_null() { - bail!("Error opening certificate store: {}", GetLastError()); - } - let mut cert_ctx: PCCERT_CONTEXT = std::ptr::null_mut(); - if FALSE - == CertAddEncodedCertificateToStore( - store_handle, - X509_ASN_ENCODING, - cert_bytes.as_mut_ptr(), - cert_bytes.len() as _, - CERT_STORE_ADD_REPLACE_EXISTING, - &mut cert_ctx as _, - ) - { - log::error!( - "Failed to call CertAddEncodedCertificateToStore: {}", - GetLastError() - ); - } else { - log::info!("Add cert to store successfully"); - } - - CertCloseStore(store_handle, 0); - } - Ok(()) - } - fn get_thumbprints_to_rm() -> ResultType> { - let issuers_to_rm = [CERT_ISSUER_1]; + let issuers_to_rm = ["CN=\"WDKTestCert admin,133225435702113567\""]; let mut thumbprints = Vec::new(); let mut buf = [0u8; 1024]; unsafe { - let store_handle = CertOpenSystemStoreW(0 as _, "ROOT\0".as_ptr() as _); + let store_handle = CertOpenSystemStoreA(0 as _, "ROOT\0".as_ptr() as _); if store_handle.is_null() { bail!("Error opening certificate store: {}", GetLastError()); } - let mut vec_ctx = Vec::new(); let mut cert_ctx: PCCERT_CONTEXT = CertEnumCertificatesInStore(store_handle, NULL as _); while !cert_ctx.is_null() { // https://stackoverflow.com/a/66432736 @@ -2081,11 +2038,9 @@ mod cert { buf.len() as _, ); if cb_size != 1 { - let mut add_ctx = false; if let Ok(issuer) = from_utf8(&buf[..cb_size as _]) { for iss in issuers_to_rm.iter() { - if issuer == *iss { - add_ctx = true; + if issuer.contains(iss) { let (_, thumbprint) = compute_thumbprint( (*cert_ctx).pbCertEncoded, (*cert_ctx).cbCertEncoded, @@ -2096,15 +2051,9 @@ mod cert { } } } - if add_ctx { - vec_ctx.push(cert_ctx); - } } cert_ctx = CertEnumCertificatesInStore(store_handle, cert_ctx); } - for ctx in vec_ctx { - CertDeleteCertificateFromStore(ctx); - } CertCloseStore(store_handle, 0); } @@ -2114,7 +2063,6 @@ mod cert { pub fn uninstall_cert() -> ResultType<()> { let thumbprints = get_thumbprints_to_rm()?; let reg_cert_key = unsafe { open_reg_cert_store()? }; - log::info!("Found {} certs to remove", thumbprints.len()); for thumbprint in thumbprints.iter() { allow_err!(reg_cert_key.delete_subkey(thumbprint)); }