projects / reactos.git / blob
? search:


48b072e7cb5596aca92c48132beed41fee0f89a2
[reactos.git] / reactos / dll / win32 / crypt32 / rootstore.c
1 /*
2 * Copyright 2007 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 */
18
19 #include "crypt32_private.h"
20
21 #include <sys/types.h>
22 #ifdef HAVE_SYS_STAT_H
23 #include <sys/stat.h>
24 #endif
25 #ifdef HAVE_DIRENT_H
26 #include <dirent.h>
27 #endif
28 #include <fcntl.h>
29 #ifdef HAVE_UNISTD_H
30 #include <unistd.h>
31 #endif
32 #include <errno.h>
33 #include <limits.h>
34 #ifdef HAVE_SECURITY_SECURITY_H
35 #include <Security/Security.h>
36 #endif
37
38 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
39
40 #define INITIAL_CERT_BUFFER 1024
41
42 struct DynamicBuffer
43 {
44 DWORD allocated;
45 DWORD used;
46 BYTE *data;
47 };
48
49 static inline void reset_buffer(struct DynamicBuffer *buffer)
50 {
51 buffer->used = 0;
52 if (buffer->data) buffer->data[0] = 0;
53 }
54
55 static BOOL add_line_to_buffer(struct DynamicBuffer *buffer, LPCSTR line)
56 {
57 BOOL ret;
58
59 if (buffer->used + strlen(line) + 1 > buffer->allocated)
60 {
61 if (!buffer->allocated)
62 {
63 buffer->data = CryptMemAlloc(INITIAL_CERT_BUFFER);
64 if (buffer->data)
65 {
66 buffer->data[0] = 0;
67 buffer->allocated = INITIAL_CERT_BUFFER;
68 }
69 }
70 else
71 {
72 DWORD new_size = max(buffer->allocated * 2,
73 buffer->used + strlen(line) + 1);
74
75 buffer->data = CryptMemRealloc(buffer->data, new_size);
76 if (buffer->data)
77 buffer->allocated = new_size;
78 }
79 }
80 if (buffer->data)
81 {
82 strcpy((char *)buffer->data + strlen((char *)buffer->data), line);
83 /* Not strlen + 1, otherwise we'd count the NULL for every line's
84 * addition (but we overwrite the previous NULL character.) Not an
85 * overrun, we allocate strlen + 1 bytes above.
86 */
87 buffer->used += strlen(line);
88 ret = TRUE;
89 }
90 else
91 ret = FALSE;
92 return ret;
93 }
94
95 /* Reads any base64-encoded certificates present in fp and adds them to store.
96 * Returns TRUE if any certificates were successfully imported.
97 */
98 static BOOL import_base64_certs_from_fp(FILE *fp, HCERTSTORE store)
99 {
100 char line[1024];
101 BOOL in_cert = FALSE;
102 struct DynamicBuffer saved_cert = { 0, 0, NULL };
103 int num_certs = 0;
104
105 TRACE("\n");
106 while (fgets(line, sizeof(line), fp))
107 {
108 static const char header[] = "-----BEGIN CERTIFICATE-----";
109 static const char trailer[] = "-----END CERTIFICATE-----";
110
111 if (!strncmp(line, header, strlen(header)))
112 {
113 TRACE("begin new certificate\n");
114 in_cert = TRUE;
115 reset_buffer(&saved_cert);
116 }
117 else if (!strncmp(line, trailer, strlen(trailer)))
118 {
119 DWORD size;
120
121 TRACE("end of certificate, adding cert\n");
122 in_cert = FALSE;
123 if (CryptStringToBinaryA((char *)saved_cert.data, saved_cert.used,
124 CRYPT_STRING_BASE64, NULL, &size, NULL, NULL))
125 {
126 LPBYTE buf = CryptMemAlloc(size);
127
128 if (buf)
129 {
130 CryptStringToBinaryA((char *)saved_cert.data,
131 saved_cert.used, CRYPT_STRING_BASE64, buf, &size, NULL,
132 NULL);
133 if (CertAddEncodedCertificateToStore(store,
134 X509_ASN_ENCODING, buf, size, CERT_STORE_ADD_NEW, NULL))
135 num_certs++;
136 CryptMemFree(buf);
137 }
138 }
139 }
140 else if (in_cert)
141 add_line_to_buffer(&saved_cert, line);
142 }
143 CryptMemFree(saved_cert.data);
144 TRACE("Read %d certs\n", num_certs);
145 return num_certs > 0;
146 }
147
148 static const char *trust_status_to_str(DWORD status)
149 {
150 static char buf[1024];
151 int pos = 0;
152
153 if (status & CERT_TRUST_IS_NOT_TIME_VALID)
154 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\texpired");
155 if (status & CERT_TRUST_IS_NOT_TIME_NESTED)
156 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad time nesting");
157 if (status & CERT_TRUST_IS_REVOKED)
158 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\trevoked");
159 if (status & CERT_TRUST_IS_NOT_SIGNATURE_VALID)
160 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad signature");
161 if (status & CERT_TRUST_IS_NOT_VALID_FOR_USAGE)
162 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad usage");
163 if (status & CERT_TRUST_IS_UNTRUSTED_ROOT)
164 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tuntrusted root");
165 if (status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN)
166 pos += snprintf(buf + pos, sizeof(buf) - pos,
167 "\n\tunknown revocation status");
168 if (status & CERT_TRUST_IS_CYCLIC)
169 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tcyclic chain");
170 if (status & CERT_TRUST_INVALID_EXTENSION)
171 pos += snprintf(buf + pos, sizeof(buf) - pos,
172 "\n\tunsupported critical extension");
173 if (status & CERT_TRUST_INVALID_POLICY_CONSTRAINTS)
174 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad policy");
175 if (status & CERT_TRUST_INVALID_BASIC_CONSTRAINTS)
176 pos += snprintf(buf + pos, sizeof(buf) - pos,
177 "\n\tbad basic constraints");
178 if (status & CERT_TRUST_INVALID_NAME_CONSTRAINTS)
179 pos += snprintf(buf + pos, sizeof(buf) - pos,
180 "\n\tbad name constraints");
181 if (status & CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT)
182 pos += snprintf(buf + pos, sizeof(buf) - pos,
183 "\n\tunsupported name constraint");
184 if (status & CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT)
185 pos += snprintf(buf + pos, sizeof(buf) - pos,
186 "\n\tundefined name constraint");
187 if (status & CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT)
188 pos += snprintf(buf + pos, sizeof(buf) - pos,
189 "\n\tdisallowed name constraint");
190 if (status & CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT)
191 pos += snprintf(buf + pos, sizeof(buf) - pos,
192 "\n\texcluded name constraint");
193 if (status & CERT_TRUST_IS_OFFLINE_REVOCATION)
194 pos += snprintf(buf + pos, sizeof(buf) - pos,
195 "\n\trevocation server offline");
196 if (status & CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY)
197 pos += snprintf(buf + pos, sizeof(buf) - pos,
198 "\n\tno issuance policy");
199 return buf;
200 }
201
202 static const char *get_cert_common_name(PCCERT_CONTEXT cert)
203 {
204 static char buf[1024];
205 const char *name = NULL;
206 CERT_NAME_INFO *nameInfo;
207 DWORD size;
208 BOOL ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME,
209 cert->pCertInfo->Subject.pbData, cert->pCertInfo->Subject.cbData,
210 CRYPT_DECODE_NOCOPY_FLAG | CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo,
211 &size);
212
213 if (ret)
214 {
215 PCERT_RDN_ATTR commonName = CertFindRDNAttr(szOID_COMMON_NAME,
216 nameInfo);
217
218 if (commonName)
219 {
220 CertRDNValueToStrA(commonName->dwValueType,
221 &commonName->Value, buf, sizeof(buf));
222 name = buf;
223 }
224 LocalFree(nameInfo);
225 }
226 return name;
227 }
228
229 static void check_and_store_certs(HCERTSTORE from, HCERTSTORE to)
230 {
231 DWORD root_count = 0;
232 CERT_CHAIN_ENGINE_CONFIG chainEngineConfig =
233 { sizeof(chainEngineConfig), 0 };
234 HCERTCHAINENGINE engine;
235
236 TRACE("\n");
237
238 CertDuplicateStore(to);
239 engine = CRYPT_CreateChainEngine(to, CERT_SYSTEM_STORE_CURRENT_USER, &chainEngineConfig);
240 if (engine)
241 {
242 PCCERT_CONTEXT cert = NULL;
243
244 do {
245 cert = CertEnumCertificatesInStore(from, cert);
246 if (cert)
247 {
248 CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } };
249 PCCERT_CHAIN_CONTEXT chain;
250 BOOL ret;
251
252 ret = CertGetCertificateChain(engine, cert, NULL, from,
253 &chainPara, CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL, NULL, &chain);
254 if (!ret)
255 TRACE("rejecting %s: %s\n", get_cert_common_name(cert),
256 "chain creation failed");
257 else
258 {
259 DWORD allowedErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
260 CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
261 CERT_TRUST_INVALID_BASIC_CONSTRAINTS |
262 CERT_TRUST_IS_NOT_TIME_VALID;
263
264 /* The certificate chain verification only allows certain
265 * invalid CA certs if they're installed locally: CA
266 * certs missing the key usage extension, and CA certs
267 * missing the basic constraints extension. Of course
268 * there's a chicken and egg problem: we have to accept
269 * them here in order for them to be accepted later.
270 * Expired, locally installed certs are also allowed here,
271 * because we don't know (yet) what date will be checked
272 * for an item signed by one of these certs.
273 * Thus, accept certs with any of the allowed errors.
274 */
275 if (chain->TrustStatus.dwErrorStatus & ~allowedErrors)
276 TRACE("rejecting %s: %s\n", get_cert_common_name(cert),
277 trust_status_to_str(chain->TrustStatus.dwErrorStatus &
278 ~CERT_TRUST_IS_UNTRUSTED_ROOT));
279 else
280 {
281 DWORD i, j;
282
283 for (i = 0; i < chain->cChain; i++)
284 for (j = 0; j < chain->rgpChain[i]->cElement; j++)
285 if (CertAddCertificateContextToStore(to,
286 chain->rgpChain[i]->rgpElement[j]->pCertContext,
287 CERT_STORE_ADD_NEW, NULL))
288 root_count++;
289 }
290 CertFreeCertificateChain(chain);
291 }
292 }
293 } while (cert);
294 CertFreeCertificateChainEngine(engine);
295 }
296 TRACE("Added %d root certificates\n", root_count);
297 }
298
299 /* Reads the file fd, and imports any certificates in it into store.
300 * Returns TRUE if any certificates were successfully imported.
301 */
302 static BOOL import_certs_from_file(int fd, HCERTSTORE store)
303 {
304 BOOL ret = FALSE;
305 FILE *fp;
306
307 TRACE("\n");
308
309 fp = fdopen(fd, "r");
310 if (fp)
311 {
312 ret = import_base64_certs_from_fp(fp, store);
313 fclose(fp);
314 }
315 return ret;
316 }
317
318 static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store,
319 BOOL allow_dir);
320
321 #ifdef HAVE_READDIR
322 static BOOL check_buffer_resize(char **ptr_buf, size_t *buf_size, size_t check_size)
323 {
324 if (check_size > *buf_size)
325 {
326 *buf_size = check_size;
327
328 if (*ptr_buf)
329 {
330 char *realloc_buf = CryptMemRealloc(*ptr_buf, *buf_size);
331
332 if (!realloc_buf)
333 return FALSE;
334
335 *ptr_buf = realloc_buf;
336 }
337 else
338 {
339 *ptr_buf = CryptMemAlloc(*buf_size);
340 if (!*ptr_buf)
341 return FALSE;
342 }
343 }
344
345 return TRUE;
346 }
347 #endif
348
349 /* Opens path, which must be a directory, and imports certificates from every
350 * file in the directory into store.
351 * Returns TRUE if any certificates were successfully imported.
352 */
353 static BOOL import_certs_from_dir(LPCSTR path, HCERTSTORE store)
354 {
355 #ifdef HAVE_READDIR
356 BOOL ret = FALSE;
357 DIR *dir;
358
359 TRACE("(%s, %p)\n", debugstr_a(path), store);
360
361 dir = opendir(path);
362 if (dir)
363 {
364 size_t path_len = strlen(path), bufsize = 0;
365 char *filebuf = NULL;
366
367 struct dirent *entry;
368 while ((entry = readdir(dir)))
369 {
370 if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, ".."))
371 {
372 size_t name_len = strlen(entry->d_name);
373
374 if (!check_buffer_resize(&filebuf, &bufsize, path_len + 1 + name_len + 1))
375 {
376 ERR("Path buffer (re)allocation failed with out of memory condition\n");
377 break;
378 }
379 snprintf(filebuf, bufsize, "%s/%s", path, entry->d_name);
380 if (import_certs_from_path(filebuf, store, FALSE) && !ret)
381 ret = TRUE;
382 }
383 }
384 CryptMemFree(filebuf);
385 closedir(dir);
386 }
387 return ret;
388 #else
389 FIXME("not implemented without readdir available\n");
390 return FALSE;
391 #endif
392 }
393
394 /* Opens path, which may be a file or a directory, and imports any certificates
395 * it finds into store.
396 * Returns TRUE if any certificates were successfully imported.
397 */
398 static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store,
399 BOOL allow_dir)
400 {
401 BOOL ret = FALSE;
402 int fd;
403
404 TRACE("(%s, %p, %d)\n", debugstr_a(path), store, allow_dir);
405
406 fd = open(path, O_RDONLY);
407 if (fd != -1)
408 {
409 struct stat st;
410
411 if (fstat(fd, &st) == 0)
412 {
413 if (S_ISREG(st.st_mode))
414 ret = import_certs_from_file(fd, store);
415 else if (S_ISDIR(st.st_mode))
416 {
417 if (allow_dir)
418 ret = import_certs_from_dir(path, store);
419 else
420 WARN("%s is a directory and directories are disallowed\n",
421 debugstr_a(path));
422 }
423 else
424 ERR("%s: invalid file type\n", path);
425 }
426 close(fd);
427 }
428 return ret;
429 }
430
431 static const char * const CRYPT_knownLocations[] = {
432 "/etc/ssl/certs/ca-certificates.crt",
433 "/etc/ssl/certs",
434 "/etc/pki/tls/certs/ca-bundle.crt",
435 "/usr/share/ca-certificates/ca-bundle.crt",
436 "/usr/local/share/certs/",
437 "/etc/sfw/openssl/certs",
438 "/etc/security/cacerts", /* Android */
439 };
440
441 static const BYTE authenticode[] = {
442 0x30,0x82,0x03,0xd6,0x30,0x82,0x02,0xbe,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
443 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
444 0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0d,
445 0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31,0x32,0x30,
446 0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,
447 0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,0x28,0x74,
448 0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,
449 0x79,0x30,0x1e,0x17,0x0d,0x39,0x35,0x30,0x31,0x30,0x31,0x30,0x38,0x30,0x30,0x30,
450 0x31,0x5a,0x17,0x0d,0x39,0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,
451 0x5a,0x30,0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,
452 0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31,
453 0x32,0x30,0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,
454 0x6f,0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,
455 0x28,0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,
456 0x69,0x74,0x79,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
457 0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,
458 0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,0x64,0x9b,0xf5,0x89,0xaf,0x28,
459 0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,0xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce,
460 0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,0x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32,
461 0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,0xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09,
462 0xc9,0x2c,0x6f,0xa6,0xc2,0x60,0x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2,
463 0x59,0x56,0x24,0xf3,0xe5,0x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a,
464 0x71,0x50,0x1d,0x2d,0xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32,
465 0x07,0xe1,0x61,0x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b,
466 0xd1,0x3e,0x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1,
467 0x94,0xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb,
468 0x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,0x8e,
469 0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,0xbd,0x3d,
470 0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,0x61,0x98,0x65,
471 0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,0x63,0xa9,0x30,0x40,
472 0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,0x0b,0x87,0xff,0xc9,0xbe,
473 0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,0x09,0x88,0x7b,0xcd,0x72,0xbc,
474 0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xba,0x30,0x81,0xb7,0x30,
475 0x0d,0x06,0x03,0x55,0x1d,0x0a,0x04,0x06,0x30,0x04,0x03,0x02,0x07,0x80,0x30,0x32,
476 0x06,0x03,0x55,0x04,0x03,0x04,0x2b,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,
477 0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,0x28,
478 0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,
479 0x74,0x79,0x30,0x72,0x06,0x03,0x55,0x1d,0x01,0x04,0x6b,0x30,0x69,0x80,0x10,0x1a,
480 0x1b,0xe7,0x5b,0x9f,0xfd,0x8c,0x2a,0xc3,0x39,0xae,0x0c,0x62,0x2e,0x53,0x32,0xa1,
481 0x52,0x30,0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,
482 0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31,
483 0x32,0x30,0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,
484 0x6f,0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,
485 0x28,0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,
486 0x69,0x74,0x79,0x82,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
487 0x01,0x01,0x04,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x2d,0xc9,0xe2,0xf6,0x12,0x9e,
488 0x5d,0x56,0x67,0xfa,0xfa,0x4b,0x9a,0x7e,0xdc,0x29,0x56,0x5c,0x80,0x14,0x02,0x28,
489 0x85,0x6e,0x26,0xf3,0xcd,0x58,0xda,0x50,0x80,0xc5,0xf8,0x19,0xb3,0xa6,0x7c,0xe2,
490 0x9d,0x6b,0x5f,0x3b,0x8f,0x22,0x74,0xe6,0x18,0x04,0xfc,0x47,0x40,0xd8,0x7a,0x3f,
491 0x30,0x66,0xf0,0x12,0xa4,0xd1,0xeb,0x1d,0xe7,0xb6,0xf4,0x98,0xab,0x53,0x22,0x86,
492 0x51,0x58,0xee,0x23,0x09,0x76,0xe4,0x1d,0x45,0x5c,0x4b,0xff,0x4c,0xe3,0x02,0x50,
493 0x01,0x13,0xcc,0x41,0xa4,0x52,0x97,0xd4,0x86,0xd5,0xc4,0xfe,0x83,0x83,0x65,0x7d,
494 0xea,0xbe,0xa2,0x68,0x3b,0xc1,0xb1,0x29,0x98,0xbf,0xa2,0xa5,0xfc,0x9d,0xd3,0x84,
495 0xee,0x70,0x17,0x50,0xf3,0x0b,0xfa,0x3c,0xef,0xa9,0x27,0x8b,0x91,0xb4,0x48,0xc8,
496 0x45,0xa0,0xe1,0x01,0x42,0x4b,0x44,0x76,0x04,0x1c,0xc2,0x19,0xa2,0x8e,0x6b,0x20,
497 0x98,0xc4,0xdd,0x02,0xac,0xb4,0xd2,0xa2,0x0e,0x8d,0x5d,0xb9,0x36,0x8e,0x4a,0x1b,
498 0x5d,0x6c,0x1a,0xe2,0xcb,0x00,0x7f,0x10,0xf4,0xb2,0x95,0xef,0xe3,0xe8,0xff,0xa1,
499 0x73,0x58,0xa9,0x75,0x2c,0xa2,0x49,0x95,0x85,0xfe,0xcc,0xda,0x44,0x8a,0xc2,0x12,
500 0x44,0xd2,0x44,0xc8,0xa5,0xa2,0x1f,0xa9,0x5a,0x8e,0x56,0xc2,0xc3,0x7b,0xcf,0x42,
501 0x60,0xdc,0x82,0x1f,0xfb,0xce,0x74,0x06,0x7e,0xd6,0xf1,0xac,0x19,0x6a,0x4f,0x74,
502 0x5c,0xc5,0x15,0x66,0x31,0x6c,0xc1,0x62,0x71,0x91,0x0f,0x59,0x5b,0x7d,0x2a,0x82,
503 0x1a,0xdf,0xb1,0xb4,0xd8,0x1d,0x37,0xde,0x0d,0x0f };
504 static const BYTE rootauthority[] = {
505 0x30,0x82,0x04,0x12,0x30,0x82,0x02,0xfa,0xa0,0x03,0x02,0x01,0x02,0x02,0x0f,0x00,
506 0xc1,0x00,0x8b,0x3c,0x3c,0x88,0x11,0xd1,0x3e,0xf6,0x63,0xec,0xdf,0x40,0x30,0x0d,
507 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x70,0x31,
508 0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79,0x72,0x69,
509 0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d,0x69,0x63,
510 0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e,0x30,0x1c,
511 0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
512 0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,
513 0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
514 0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,
515 0x1e,0x17,0x0d,0x39,0x37,0x30,0x31,0x31,0x30,0x30,0x37,0x30,0x30,0x30,0x30,0x5a,
516 0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x30,0x37,0x30,0x30,0x30,0x30,0x5a,0x30,
517 0x70,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79,
518 0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d,
519 0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e,
520 0x30,0x1c,0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,
521 0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21,
522 0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,
523 0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,
524 0x79,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
525 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,
526 0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,0x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78,
527 0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,0x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d,
528 0xa2,0x20,0x3e,0x7c,0x51,0xa2,0x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79,
529 0xee,0xac,0x76,0xc9,0x54,0xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3,
530 0xc5,0x6b,0x7a,0x62,0x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf,
531 0x2d,0x66,0x9a,0x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1,
532 0x46,0xe7,0x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3,
533 0x84,0x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9,
534 0x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,0x2b,
535 0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,0x87,0xf7,
536 0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,0xbf,0x3a,0xec,
537 0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,0xcc,0x96,0x09,0x28,
538 0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,0x3c,0x56,0xff,0x5b,0xfb,
539 0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,0xb6,0x3b,0x5e,0x16,0x81,0x77,
540 0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,0xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c,
541 0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,0xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13,
542 0x85,0xdf,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xa8,0x30,0x81,0xa5,0x30,0x81,0xa2,
543 0x06,0x03,0x55,0x1d,0x01,0x04,0x81,0x9a,0x30,0x81,0x97,0x80,0x10,0x5b,0xd0,0x70,
544 0xef,0x69,0x72,0x9e,0x23,0x51,0x7e,0x14,0xb2,0x4d,0x8e,0xff,0xcb,0xa1,0x72,0x30,
545 0x70,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79,
546 0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d,
547 0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e,
548 0x30,0x1c,0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,
549 0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21,
550 0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,
551 0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,
552 0x79,0x82,0x0f,0x00,0xc1,0x00,0x8b,0x3c,0x3c,0x88,0x11,0xd1,0x3e,0xf6,0x63,0xec,
553 0xdf,0x40,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,
554 0x00,0x03,0x82,0x01,0x01,0x00,0x95,0xe8,0x0b,0xc0,0x8d,0xf3,0x97,0x18,0x35,0xed,
555 0xb8,0x01,0x24,0xd8,0x77,0x11,0xf3,0x5c,0x60,0x32,0x9f,0x9e,0x0b,0xcb,0x3e,0x05,
556 0x91,0x88,0x8f,0xc9,0x3a,0xe6,0x21,0xf2,0xf0,0x57,0x93,0x2c,0xb5,0xa0,0x47,0xc8,
557 0x62,0xef,0xfc,0xd7,0xcc,0x3b,0x3b,0x5a,0xa9,0x36,0x54,0x69,0xfe,0x24,0x6d,0x3f,
558 0xc9,0xcc,0xaa,0xde,0x05,0x7c,0xdd,0x31,0x8d,0x3d,0x9f,0x10,0x70,0x6a,0xbb,0xfe,
559 0x12,0x4f,0x18,0x69,0xc0,0xfc,0xd0,0x43,0xe3,0x11,0x5a,0x20,0x4f,0xea,0x62,0x7b,
560 0xaf,0xaa,0x19,0xc8,0x2b,0x37,0x25,0x2d,0xbe,0x65,0xa1,0x12,0x8a,0x25,0x0f,0x63,
561 0xa3,0xf7,0x54,0x1c,0xf9,0x21,0xc9,0xd6,0x15,0xf3,0x52,0xac,0x6e,0x43,0x32,0x07,
562 0xfd,0x82,0x17,0xf8,0xe5,0x67,0x6c,0x0d,0x51,0xf6,0xbd,0xf1,0x52,0xc7,0xbd,0xe7,
563 0xc4,0x30,0xfc,0x20,0x31,0x09,0x88,0x1d,0x95,0x29,0x1a,0x4d,0xd5,0x1d,0x02,0xa5,
564 0xf1,0x80,0xe0,0x03,0xb4,0x5b,0xf4,0xb1,0xdd,0xc8,0x57,0xee,0x65,0x49,0xc7,0x52,
565 0x54,0xb6,0xb4,0x03,0x28,0x12,0xff,0x90,0xd6,0xf0,0x08,0x8f,0x7e,0xb8,0x97,0xc5,
566 0xab,0x37,0x2c,0xe4,0x7a,0xe4,0xa8,0x77,0xe3,0x76,0xa0,0x00,0xd0,0x6a,0x3f,0xc1,
567 0xd2,0x36,0x8a,0xe0,0x41,0x12,0xa8,0x35,0x6a,0x1b,0x6a,0xdb,0x35,0xe1,0xd4,0x1c,
568 0x04,0xe4,0xa8,0x45,0x04,0xc8,0x5a,0x33,0x38,0x6e,0x4d,0x1c,0x0d,0x62,0xb7,0x0a,
569 0xa2,0x8c,0xd3,0xd5,0x54,0x3f,0x46,0xcd,0x1c,0x55,0xa6,0x70,0xdb,0x12,0x3a,0x87,
570 0x93,0x75,0x9f,0xa7,0xd2,0xa0 };
571 static const BYTE rootcertauthority[] = {
572 0x30,0x82,0x05,0x99,0x30,0x82,0x03,0x81,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,0x79,
573 0xad,0x16,0xa1,0x4a,0xa0,0xa5,0xad,0x4c,0x73,0x58,0xf4,0x07,0x13,0x2e,0x65,0x30,
574 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x5f,
575 0x31,0x13,0x30,0x11,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x19,
576 0x16,0x03,0x63,0x6f,0x6d,0x31,0x19,0x30,0x17,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,
577 0xf2,0x2c,0x64,0x01,0x19,0x16,0x09,0x6d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,
578 0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x13,0x24,0x4d,0x69,0x63,0x72,0x6f,
579 0x73,0x6f,0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66,
580 0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,
581 0x1e,0x17,0x0d,0x30,0x31,0x30,0x35,0x30,0x39,0x32,0x33,0x31,0x39,0x32,0x32,0x5a,
582 0x17,0x0d,0x32,0x31,0x30,0x35,0x30,0x39,0x32,0x33,0x32,0x38,0x31,0x33,0x5a,0x30,
583 0x5f,0x31,0x13,0x30,0x11,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,
584 0x19,0x16,0x03,0x63,0x6f,0x6d,0x31,0x19,0x30,0x17,0x06,0x0a,0x09,0x92,0x26,0x89,
585 0x93,0xf2,0x2c,0x64,0x01,0x19,0x16,0x09,0x6d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,
586 0x74,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x13,0x24,0x4d,0x69,0x63,0x72,
587 0x6f,0x73,0x6f,0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x65,0x72,0x74,0x69,
588 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,
589 0x30,0x82,0x02,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
590 0x01,0x05,0x00,0x03,0x82,0x02,0x0f,0x00,0x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,
591 0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,0x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35,
592 0x08,0x3c,0x75,0x84,0xcd,0xb7,0x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa,
593 0x91,0x68,0x5a,0x9e,0x94,0x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94,
594 0x0e,0x58,0xfa,0x04,0x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b,
595 0x93,0xe5,0x9d,0x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e,
596 0xe1,0x09,0x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3,
597 0xae,0x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7,
598 0xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,0xe4,
599 0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,0x91,0xb4,
600 0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,0x6d,0xaf,0x90,
601 0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,0xb7,0xe1,0x11,0x60,
602 0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,0xd5,0xc3,0x7e,0xe5,0x92,
603 0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,0xf3,0xb5,0x6e,0xf8,0x9f,0x33,
604 0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,0xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3,
605 0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,0x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12,
606 0x33,0x95,0x31,0x99,0xc8,0x35,0x08,0x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63,
607 0x32,0x59,0x40,0x36,0xc0,0xa5,0x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58,
608 0xbf,0xef,0x3f,0x53,0x64,0xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04,
609 0x4d,0x9e,0xd6,0x38,0x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5,
610 0x4b,0x6f,0xb0,0x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3,
611 0x61,0xb9,0x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f,
612 0x28,0x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc,
613 0x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,0xdb,
614 0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,0xce,0x53,
615 0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,0x90,0xdf,0x81,
616 0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,0x31,0xbb,0x06,0x2d,
617 0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,0xeb,0x15,0xd5,0x24,0xa5,
618 0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,0x5b,0xfc,0xd1,0x33,0x00,0xf9,
619 0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,0x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b,
620 0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,0xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde,
621 0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,0x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04,
622 0x26,0x7c,0xd4,0x16,0x40,0xe5,0xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1,
623 0x35,0x02,0x03,0x01,0x00,0x01,0xa3,0x51,0x30,0x4f,0x30,0x0b,0x06,0x03,0x55,0x1d,
624 0x0f,0x04,0x04,0x03,0x02,0x01,0xc6,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
625 0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,
626 0x16,0x04,0x14,0x0e,0xac,0x82,0x60,0x40,0x56,0x27,0x97,0xe5,0x25,0x13,0xfc,0x2a,
627 0xe1,0x0a,0x53,0x95,0x59,0xe4,0xa4,0x30,0x10,0x06,0x09,0x2b,0x06,0x01,0x04,0x01,
628 0x82,0x37,0x15,0x01,0x04,0x03,0x02,0x01,0x00,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
629 0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x02,0x01,0x00,0xc5,0x11,0x4d,
630 0x03,0x3a,0x60,0xdd,0x5d,0x52,0x11,0x77,0x8f,0xb2,0xbb,0x36,0xc8,0xb2,0x05,0xbf,
631 0xb4,0xb7,0xa8,0xd8,0x20,0x9d,0x5c,0x13,0x03,0xb6,0x1c,0x22,0xfa,0x06,0x13,0x35,
632 0xb6,0xc8,0x63,0xd4,0x9a,0x47,0x6f,0x26,0x57,0xd2,0x55,0xf1,0x04,0xb1,0x26,0x5f,
633 0xd6,0xa9,0x50,0x68,0xa0,0xbc,0xd2,0xb8,0x6e,0xcc,0xc3,0xe9,0xac,0xdf,0x19,0xcd,
634 0x78,0xac,0x59,0x74,0xac,0x66,0x34,0x36,0xc4,0x1b,0x3e,0x6c,0x38,0x4c,0x33,0x0e,
635 0x30,0x12,0x0d,0xa3,0x26,0xfe,0x51,0x53,0x00,0xff,0xaf,0x5a,0x4e,0x84,0x0d,0x0f,
636 0x1f,0xe4,0x6d,0x05,0x2e,0x4e,0x85,0x4b,0x8d,0x6c,0x33,0x6f,0x54,0xd2,0x64,0xab,
637 0xbf,0x50,0xaf,0x7d,0x7a,0x39,0xa0,0x37,0xed,0x63,0x03,0x0f,0xfc,0x13,0x06,0xce,
638 0x16,0x36,0xd4,0x54,0x3b,0x95,0x1b,0x51,0x62,0x3a,0xe5,0x4d,0x17,0xd4,0x05,0x39,
639 0x92,0x9a,0x27,0xa8,0x5b,0xaa,0xbd,0xec,0xbb,0xbe,0xe3,0x20,0x89,0x60,0x71,0x6c,
640 0x56,0xb3,0xa5,0x13,0xd0,0x6d,0x0e,0x23,0x7e,0x95,0x03,0xed,0x68,0x3d,0xf2,0xd8,
641 0x63,0xb8,0x6b,0x4d,0xb6,0xe8,0x30,0xb5,0xe1,0xca,0x94,0x4b,0xf7,0xa2,0xaa,0x5d,
642 0x99,0x30,0xb2,0x3d,0xa7,0xc2,0x51,0x6c,0x28,0x20,0x01,0x24,0x27,0x2b,0x4b,0x00,
643 0xb7,0x9d,0x11,0x6b,0x70,0xbe,0xb2,0x10,0x82,0xbc,0x0c,0x9b,0x68,0xd0,0x8d,0x3b,
644 0x24,0x87,0xaa,0x99,0x28,0x72,0x9d,0x33,0x5f,0x59,0x90,0xbd,0xf5,0xde,0x93,0x9e,
645 0x3a,0x62,0x5a,0x34,0x39,0xe2,0x88,0x55,0x1d,0xb9,0x06,0xb0,0xc1,0x89,0x6b,0x2d,
646 0xd7,0x69,0xc3,0x19,0x12,0x36,0x84,0xd0,0xc9,0xa0,0xda,0xff,0x2f,0x69,0x78,0xb2,
647 0xe5,0x7a,0xda,0xeb,0xd7,0x0c,0xc0,0xf7,0xbd,0x63,0x17,0xb8,0x39,0x13,0x38,0xa2,
648 0x36,0x5b,0x7b,0xf2,0x85,0x56,0x6a,0x1d,0x64,0x62,0xc1,0x38,0xe2,0xaa,0xbf,0x51,
649 0x66,0xa2,0x94,0xf5,0x12,0x9c,0x66,0x22,0x10,0x6b,0xf2,0xb7,0x30,0x92,0x2d,0xf2,
650 0x29,0xf0,0x3d,0x3b,0x14,0x43,0x68,0xa2,0xf1,0x9c,0x29,0x37,0xcb,0xce,0x38,0x20,
651 0x25,0x6d,0x7c,0x67,0xf3,0x7e,0x24,0x12,0x24,0x03,0x08,0x81,0x47,0xec,0xa5,0x9e,
652 0x97,0xf5,0x18,0xd7,0xcf,0xbb,0xd5,0xef,0x76,0x96,0xef,0xfd,0xce,0xdb,0x56,0x9d,
653 0x95,0xa0,0x42,0xf9,0x97,0x58,0xe1,0xd7,0x31,0x22,0xd3,0x5f,0x59,0xe6,0x3e,0x6e,
654 0x22,0x00,0xea,0x43,0x84,0xb6,0x25,0xdb,0xd9,0xf3,0x08,0x56,0x68,0xc0,0x64,0x6b,
655 0x1d,0x7c,0xec,0xb6,0x93,0xa2,0x62,0x57,0x6e,0x2e,0xd8,0xe7,0x58,0x8f,0xc4,0x31,
656 0x49,0x26,0xdd,0xde,0x29,0x35,0x87,0xf5,0x30,0x71,0x70,0x5b,0x14,0x3c,0x69,0xbd,
657 0x89,0x12,0x7d,0xeb,0x2e,0xa3,0xfe,0xd8,0x7f,0x9e,0x82,0x5a,0x52,0x0a,0x2b,0xc1,
658 0x43,0x2b,0xd9,0x30,0x88,0x9f,0xc8,0x10,0xfb,0x89,0x8d,0xe6,0xa1,0x85,0x75,0x33,
659 0x7e,0x6c,0x9e,0xdb,0x73,0x13,0x64,0x62,0x69,0xa5,0x2f,0x7d,0xca,0x96,0x6d,0x9f,
660 0xf8,0x04,0x4d,0x30,0x92,0x3d,0x6e,0x21,0x14,0x21,0xc9,0x3d,0xe0,0xc3,0xfd,0x8a,
661 0x6b,0x9d,0x4a,0xfd,0xd1,0xa1,0x9d,0x99,0x43,0x77,0x3f,0xb0,0xda };
662
663 static const struct CONST_BLOB {
664 const BYTE *pb;
665 DWORD cb;
666 } msRootCerts[] = {
667 { authenticode, sizeof(authenticode) },
668 { rootauthority, sizeof(rootauthority) },
669 { rootcertauthority, sizeof(rootcertauthority) },
670 };
671
672 static void add_ms_root_certs(HCERTSTORE to)
673 {
674 DWORD i;
675
676 TRACE("\n");
677
678 for (i = 0; i < sizeof(msRootCerts) / sizeof(msRootCerts[0]); i++)
679 if (!CertAddEncodedCertificateToStore(to, X509_ASN_ENCODING,
680 msRootCerts[i].pb, msRootCerts[i].cb, CERT_STORE_ADD_NEW, NULL))
681 WARN("adding root cert %d failed: %08x\n", i, GetLastError());
682 }
683
684 /* Reads certificates from the list of known locations into store. Stops when
685 * any location contains any certificates, to prevent spending unnecessary time
686 * adding redundant certificates, e.g. when both a certificate bundle and
687 * individual certificates exist in the same directory.
688 */
689 static void read_trusted_roots_from_known_locations(HCERTSTORE store)
690 {
691 HCERTSTORE from = CertOpenStore(CERT_STORE_PROV_MEMORY,
692 X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
693
694 if (from)
695 {
696 DWORD i;
697 BOOL ret = FALSE;
698
699 #ifdef HAVE_SECURITY_SECURITY_H
700 OSStatus status;
701 CFArrayRef rootCerts;
702
703 status = SecTrustCopyAnchorCertificates(&rootCerts);
704 if (status == noErr)
705 {
706 int i;
707 for (i = 0; i < CFArrayGetCount(rootCerts); i++)
708 {
709 SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i);
710 CFDataRef certData;
711 if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
712 {
713 if (CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
714 CFDataGetBytePtr(certData), CFDataGetLength(certData),
715 CERT_STORE_ADD_NEW, NULL))
716 ret = TRUE;
717 else
718 WARN("adding root cert %d failed: %08x\n", i, GetLastError());
719 CFRelease(certData);
720 }
721 else
722 WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
723 }
724 CFRelease(rootCerts);
725 }
726 #endif
727
728 for (i = 0; !ret &&
729 i < sizeof(CRYPT_knownLocations) / sizeof(CRYPT_knownLocations[0]);
730 i++)
731 ret = import_certs_from_path(CRYPT_knownLocations[i], from, TRUE);
732 check_and_store_certs(from, store);
733 }
734 CertCloseStore(from, 0);
735 }
736
737 static HCERTSTORE create_root_store(void)
738 {
739 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
740 X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
741
742 if (memStore)
743 {
744 read_trusted_roots_from_known_locations(memStore);
745 add_ms_root_certs(memStore);
746 }
747
748 TRACE("returning %p\n", memStore);
749 return memStore;
750 }
751
752 static const WCHAR certs_root_pathW[] =
753 {'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
754 'S','y','s','t','e','m','C','e','r','t','i','f','i','c','a','t','e','s','\\',
755 'R','o','o','t','\\', 'C','e','r','t','i','f','i','c','a','t','e','s', 0};
756 static const WCHAR semaphoreW[] =
757 {'c','r','y','p','t','3','2','_','r','o','o','t','_','s','e','m','a','p','h','o','r','e',0};
758
759 void CRYPT_ImportSystemRootCertsToReg(void)
760 {
761 HCERTSTORE store = NULL;
762 HKEY key;
763 LONG rc;
764 HANDLE hsem;
765
766 static BOOL root_certs_imported = FALSE;
767
768 if (root_certs_imported)
769 return;
770
771 hsem = CreateSemaphoreW( NULL, 0, 1, semaphoreW);
772 if (!hsem)
773 {
774 ERR("Failed to create semaphore\n");
775 return;
776 }
777
778 if(GetLastError() == ERROR_ALREADY_EXISTS)
779 WaitForSingleObject(hsem, INFINITE);
780 else
781 {
782 if ((store = create_root_store()))
783 {
784 rc = RegCreateKeyExW(HKEY_LOCAL_MACHINE, certs_root_pathW, 0, NULL, 0,
785 KEY_ALL_ACCESS, NULL, &key, 0);
786 if (!rc)
787 {
788 if (!CRYPT_SerializeContextsToReg(key, REG_OPTION_VOLATILE, pCertInterface, store))
789 ERR("Failed to import system certs into registry, %08x\n", GetLastError());
790 RegCloseKey(key);
791 }
792 CertCloseStore(store, 0);
793 } else
794 ERR("Failed to create root store\n");
795 }
796
797 root_certs_imported = TRUE;
798 ReleaseSemaphore(hsem, 1, NULL);
799 CloseHandle(hsem);
800 }
A free Windows-compatible Operating System