ReactOS Development > Doxygen
rootstore.c
Go to the documentation of this file.
00001 /* 00002 * Copyright 2007 Juan Lang 00003 * 00004 * This library is free software; you can redistribute it and/or 00005 * modify it under the terms of the GNU Lesser General Public 00006 * License as published by the Free Software Foundation; either 00007 * version 2.1 of the License, or (at your option) any later version. 00008 * 00009 * This library is distributed in the hope that it will be useful, 00010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00012 * Lesser General Public License for more details. 00013 * 00014 * You should have received a copy of the GNU Lesser General Public 00015 * License along with this library; if not, write to the Free Software 00016 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 00017 */ 00018 #include "config.h" 00019 #include <stdarg.h> 00020 #include <stdio.h> 00021 #include <sys/types.h> 00022 #ifdef HAVE_SYS_STAT_H 00023 #include <sys/stat.h> 00024 #endif 00025 #ifdef HAVE_DIRENT_H 00026 #include <dirent.h> 00027 #endif 00028 #include <fcntl.h> 00029 #ifdef HAVE_UNISTD_H 00030 #include <unistd.h> 00031 #endif 00032 #include <errno.h> 00033 #include <limits.h> 00034 #ifdef HAVE_SECURITY_SECURITY_H 00035 #include <Security/Security.h> 00036 #endif 00037 #include "ntstatus.h" 00038 #define WIN32_NO_STATUS 00039 #include "windef.h" 00040 #include "winbase.h" 00041 #include "winreg.h" 00042 #include "wincrypt.h" 00043 #include "winternl.h" 00044 #include "wine/debug.h" 00045 #include "crypt32_private.h" 00046 00047 WINE_DEFAULT_DEBUG_CHANNEL(crypt); 00048 00049 #define INITIAL_CERT_BUFFER 1024 00050 00051 struct DynamicBuffer 00052 { 00053 DWORD allocated; 00054 DWORD used; 00055 BYTE *data; 00056 }; 00057 00058 static inline void reset_buffer(struct DynamicBuffer *buffer) 00059 { 00060 buffer->used = 0; 00061 if (buffer->data) buffer->data[0] = 0; 00062 } 00063 00064 static BOOL add_line_to_buffer(struct DynamicBuffer *buffer, LPCSTR line) 00065 { 00066 BOOL ret; 00067 00068 if (buffer->used + strlen(line) + 1 > buffer->allocated) 00069 { 00070 if (!buffer->allocated) 00071 { 00072 buffer->data = CryptMemAlloc(INITIAL_CERT_BUFFER); 00073 if (buffer->data) 00074 { 00075 buffer->data[0] = 0; 00076 buffer->allocated = INITIAL_CERT_BUFFER; 00077 } 00078 } 00079 else 00080 { 00081 DWORD new_size = max(buffer->allocated * 2, 00082 buffer->used + strlen(line) + 1); 00083 00084 buffer->data = CryptMemRealloc(buffer->data, new_size); 00085 if (buffer->data) 00086 buffer->allocated = new_size; 00087 } 00088 } 00089 if (buffer->data) 00090 { 00091 strcpy((char *)buffer->data + strlen((char *)buffer->data), line); 00092 /* Not strlen + 1, otherwise we'd count the NULL for every line's 00093 * addition (but we overwrite the previous NULL character.) Not an 00094 * overrun, we allocate strlen + 1 bytes above. 00095 */ 00096 buffer->used += strlen(line); 00097 ret = TRUE; 00098 } 00099 else 00100 ret = FALSE; 00101 return ret; 00102 } 00103 00104 /* Reads any base64-encoded certificates present in fp and adds them to store. 00105 * Returns TRUE if any certificates were successfully imported. 00106 */ 00107 static BOOL import_base64_certs_from_fp(FILE *fp, HCERTSTORE store) 00108 { 00109 char line[1024]; 00110 BOOL in_cert = FALSE; 00111 struct DynamicBuffer saved_cert = { 0, 0, NULL }; 00112 int num_certs = 0; 00113 00114 TRACE("\n"); 00115 while (fgets(line, sizeof(line), fp)) 00116 { 00117 static const char header[] = "-----BEGIN CERTIFICATE-----"; 00118 static const char trailer[] = "-----END CERTIFICATE-----"; 00119 00120 if (!strncmp(line, header, strlen(header))) 00121 { 00122 TRACE("begin new certificate\n"); 00123 in_cert = TRUE; 00124 reset_buffer(&saved_cert); 00125 } 00126 else if (!strncmp(line, trailer, strlen(trailer))) 00127 { 00128 DWORD size; 00129 00130 TRACE("end of certificate, adding cert\n"); 00131 in_cert = FALSE; 00132 if (CryptStringToBinaryA((char *)saved_cert.data, saved_cert.used, 00133 CRYPT_STRING_BASE64, NULL, &size, NULL, NULL)) 00134 { 00135 LPBYTE buf = CryptMemAlloc(size); 00136 00137 if (buf) 00138 { 00139 CryptStringToBinaryA((char *)saved_cert.data, 00140 saved_cert.used, CRYPT_STRING_BASE64, buf, &size, NULL, 00141 NULL); 00142 if (CertAddEncodedCertificateToStore(store, 00143 X509_ASN_ENCODING, buf, size, CERT_STORE_ADD_NEW, NULL)) 00144 num_certs++; 00145 CryptMemFree(buf); 00146 } 00147 } 00148 } 00149 else if (in_cert) 00150 add_line_to_buffer(&saved_cert, line); 00151 } 00152 CryptMemFree(saved_cert.data); 00153 TRACE("Read %d certs\n", num_certs); 00154 return num_certs > 0; 00155 } 00156 00157 static const char *trust_status_to_str(DWORD status) 00158 { 00159 static char buf[1024]; 00160 int pos = 0; 00161 00162 if (status & CERT_TRUST_IS_NOT_TIME_VALID) 00163 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\texpired"); 00164 if (status & CERT_TRUST_IS_NOT_TIME_NESTED) 00165 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad time nesting"); 00166 if (status & CERT_TRUST_IS_REVOKED) 00167 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\trevoked"); 00168 if (status & CERT_TRUST_IS_NOT_SIGNATURE_VALID) 00169 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad signature"); 00170 if (status & CERT_TRUST_IS_NOT_VALID_FOR_USAGE) 00171 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad usage"); 00172 if (status & CERT_TRUST_IS_UNTRUSTED_ROOT) 00173 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tuntrusted root"); 00174 if (status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN) 00175 pos += snprintf(buf + pos, sizeof(buf) - pos, 00176 "\n\tunknown revocation status"); 00177 if (status & CERT_TRUST_IS_CYCLIC) 00178 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tcyclic chain"); 00179 if (status & CERT_TRUST_INVALID_EXTENSION) 00180 pos += snprintf(buf + pos, sizeof(buf) - pos, 00181 "\n\tunsupported critical extension"); 00182 if (status & CERT_TRUST_INVALID_POLICY_CONSTRAINTS) 00183 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad policy"); 00184 if (status & CERT_TRUST_INVALID_BASIC_CONSTRAINTS) 00185 pos += snprintf(buf + pos, sizeof(buf) - pos, 00186 "\n\tbad basic constraints"); 00187 if (status & CERT_TRUST_INVALID_NAME_CONSTRAINTS) 00188 pos += snprintf(buf + pos, sizeof(buf) - pos, 00189 "\n\tbad name constraints"); 00190 if (status & CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT) 00191 pos += snprintf(buf + pos, sizeof(buf) - pos, 00192 "\n\tunsuported name constraint"); 00193 if (status & CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT) 00194 pos += snprintf(buf + pos, sizeof(buf) - pos, 00195 "\n\tundefined name constraint"); 00196 if (status & CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT) 00197 pos += snprintf(buf + pos, sizeof(buf) - pos, 00198 "\n\tdisallowed name constraint"); 00199 if (status & CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT) 00200 pos += snprintf(buf + pos, sizeof(buf) - pos, 00201 "\n\texcluded name constraint"); 00202 if (status & CERT_TRUST_IS_OFFLINE_REVOCATION) 00203 pos += snprintf(buf + pos, sizeof(buf) - pos, 00204 "\n\trevocation server offline"); 00205 if (status & CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY) 00206 pos += snprintf(buf + pos, sizeof(buf) - pos, 00207 "\n\tno issuance policy"); 00208 return buf; 00209 } 00210 00211 static const char *get_cert_common_name(PCCERT_CONTEXT cert) 00212 { 00213 static char buf[1024]; 00214 const char *name = NULL; 00215 CERT_NAME_INFO *nameInfo; 00216 DWORD size; 00217 BOOL ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, 00218 cert->pCertInfo->Subject.pbData, cert->pCertInfo->Subject.cbData, 00219 CRYPT_DECODE_NOCOPY_FLAG | CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, 00220 &size); 00221 00222 if (ret) 00223 { 00224 PCERT_RDN_ATTR commonName = CertFindRDNAttr(szOID_COMMON_NAME, 00225 nameInfo); 00226 00227 if (commonName) 00228 { 00229 CertRDNValueToStrA(commonName->dwValueType, 00230 &commonName->Value, buf, sizeof(buf)); 00231 name = buf; 00232 } 00233 LocalFree(nameInfo); 00234 } 00235 return name; 00236 } 00237 00238 static void check_and_store_certs(HCERTSTORE from, HCERTSTORE to) 00239 { 00240 DWORD root_count = 0; 00241 CERT_CHAIN_ENGINE_CONFIG chainEngineConfig = 00242 { sizeof(chainEngineConfig), 0 }; 00243 HCERTCHAINENGINE engine; 00244 00245 TRACE("\n"); 00246 00247 CertDuplicateStore(to); 00248 engine = CRYPT_CreateChainEngine(to, &chainEngineConfig); 00249 if (engine) 00250 { 00251 PCCERT_CONTEXT cert = NULL; 00252 00253 do { 00254 cert = CertEnumCertificatesInStore(from, cert); 00255 if (cert) 00256 { 00257 CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } }; 00258 PCCERT_CHAIN_CONTEXT chain; 00259 BOOL ret = CertGetCertificateChain(engine, cert, NULL, from, 00260 &chainPara, 0, NULL, &chain); 00261 00262 if (!ret) 00263 TRACE("rejecting %s: %s\n", get_cert_common_name(cert), 00264 "chain creation failed"); 00265 else 00266 { 00267 DWORD allowedErrors = CERT_TRUST_IS_UNTRUSTED_ROOT | 00268 CERT_TRUST_IS_NOT_VALID_FOR_USAGE | 00269 CERT_TRUST_INVALID_BASIC_CONSTRAINTS | 00270 CERT_TRUST_IS_NOT_TIME_VALID; 00271 00272 /* The certificate chain verification only allows certain 00273 * invalid CA certs if they're installed locally: CA 00274 * certs missing the key usage extension, and CA certs 00275 * missing the basic constraints extension. Of course 00276 * there's a chicken and egg problem: we have to accept 00277 * them here in order for them to be accepted later. 00278 * Expired, locally installed certs are also allowed here, 00279 * because we don't know (yet) what date will be checked 00280 * for an item signed by one of these certs. 00281 * Thus, accept certs with any of the allowed errors. 00282 */ 00283 if (chain->TrustStatus.dwErrorStatus & ~allowedErrors) 00284 TRACE("rejecting %s: %s\n", get_cert_common_name(cert), 00285 trust_status_to_str(chain->TrustStatus.dwErrorStatus & 00286 ~CERT_TRUST_IS_UNTRUSTED_ROOT)); 00287 else 00288 { 00289 DWORD i, j; 00290 00291 for (i = 0; i < chain->cChain; i++) 00292 for (j = 0; j < chain->rgpChain[i]->cElement; j++) 00293 if (CertAddCertificateContextToStore(to, 00294 chain->rgpChain[i]->rgpElement[j]->pCertContext, 00295 CERT_STORE_ADD_NEW, NULL)) 00296 root_count++; 00297 } 00298 CertFreeCertificateChain(chain); 00299 } 00300 } 00301 } while (cert); 00302 CertFreeCertificateChainEngine(engine); 00303 } 00304 TRACE("Added %d root certificates\n", root_count); 00305 } 00306 00307 /* Reads the file fd, and imports any certificates in it into store. 00308 * Returns TRUE if any certificates were successfully imported. 00309 */ 00310 static BOOL import_certs_from_file(int fd, HCERTSTORE store) 00311 { 00312 BOOL ret = FALSE; 00313 FILE *fp; 00314 00315 TRACE("\n"); 00316 00317 fp = fdopen(fd, "r"); 00318 if (fp) 00319 { 00320 ret = import_base64_certs_from_fp(fp, store); 00321 fclose(fp); 00322 } 00323 return ret; 00324 } 00325 00326 static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store, 00327 BOOL allow_dir); 00328 00329 static BOOL check_buffer_resize(char **ptr_buf, size_t *buf_size, size_t check_size) 00330 { 00331 if (check_size > *buf_size) 00332 { 00333 *buf_size = check_size; 00334 00335 if (*ptr_buf) 00336 { 00337 char *realloc_buf = CryptMemRealloc(*ptr_buf, *buf_size); 00338 00339 if (!realloc_buf) 00340 return FALSE; 00341 00342 *ptr_buf = realloc_buf; 00343 } 00344 else 00345 { 00346 *ptr_buf = CryptMemAlloc(*buf_size); 00347 if (!*ptr_buf) 00348 return FALSE; 00349 } 00350 } 00351 00352 return TRUE; 00353 } 00354 00355 /* Opens path, which must be a directory, and imports certificates from every 00356 * file in the directory into store. 00357 * Returns TRUE if any certificates were successfully imported. 00358 */ 00359 static BOOL import_certs_from_dir(LPCSTR path, HCERTSTORE store) 00360 { 00361 #ifdef HAVE_READDIR 00362 BOOL ret = FALSE; 00363 DIR *dir; 00364 00365 TRACE("(%s, %p)\n", debugstr_a(path), store); 00366 00367 dir = opendir(path); 00368 if (dir) 00369 { 00370 size_t path_len = strlen(path), bufsize = 0; 00371 char *filebuf = NULL; 00372 00373 struct dirent *entry; 00374 while ((entry = readdir(dir))) 00375 { 00376 if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, "..")) 00377 { 00378 size_t name_len = strlen(entry->d_name); 00379 00380 if (!check_buffer_resize(&filebuf, &bufsize, path_len + 1 + name_len + 1)) 00381 { 00382 ERR("Path buffer (re)allocation failed with out of memory condition\n"); 00383 break; 00384 } 00385 snprintf(filebuf, bufsize, "%s/%s", path, entry->d_name); 00386 if (import_certs_from_path(filebuf, store, FALSE) && !ret) 00387 ret = TRUE; 00388 } 00389 } 00390 CryptMemFree(filebuf); 00391 closedir(dir); 00392 } 00393 return ret; 00394 #else 00395 FIXME("not implemented without readdir available\n"); 00396 return FALSE; 00397 #endif 00398 } 00399 00400 /* Opens path, which may be a file or a directory, and imports any certificates 00401 * it finds into store. 00402 * Returns TRUE if any certificates were successfully imported. 00403 */ 00404 static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store, 00405 BOOL allow_dir) 00406 { 00407 BOOL ret = FALSE; 00408 int fd; 00409 00410 TRACE("(%s, %p, %d)\n", debugstr_a(path), store, allow_dir); 00411 00412 fd = open(path, O_RDONLY); 00413 if (fd != -1) 00414 { 00415 struct stat st; 00416 00417 if (fstat(fd, &st) == 0) 00418 { 00419 if (S_ISREG(st.st_mode)) 00420 ret = import_certs_from_file(fd, store); 00421 else if (S_ISDIR(st.st_mode)) 00422 { 00423 if (allow_dir) 00424 ret = import_certs_from_dir(path, store); 00425 else 00426 WARN("%s is a directory and directories are disallowed\n", 00427 debugstr_a(path)); 00428 } 00429 else 00430 ERR("%s: invalid file type\n", path); 00431 } 00432 close(fd); 00433 } 00434 return ret; 00435 } 00436 00437 static BOOL WINAPI CRYPT_RootWriteCert(HCERTSTORE hCertStore, 00438 PCCERT_CONTEXT cert, DWORD dwFlags) 00439 { 00440 /* The root store can't have certs added */ 00441 return FALSE; 00442 } 00443 00444 static BOOL WINAPI CRYPT_RootDeleteCert(HCERTSTORE hCertStore, 00445 PCCERT_CONTEXT cert, DWORD dwFlags) 00446 { 00447 /* The root store can't have certs deleted */ 00448 return FALSE; 00449 } 00450 00451 static BOOL WINAPI CRYPT_RootWriteCRL(HCERTSTORE hCertStore, 00452 PCCRL_CONTEXT crl, DWORD dwFlags) 00453 { 00454 /* The root store can have CRLs added. At worst, a malicious application 00455 * can DoS itself, as the changes aren't persisted in any way. 00456 */ 00457 return TRUE; 00458 } 00459 00460 static BOOL WINAPI CRYPT_RootDeleteCRL(HCERTSTORE hCertStore, 00461 PCCRL_CONTEXT crl, DWORD dwFlags) 00462 { 00463 /* The root store can't have CRLs deleted */ 00464 return FALSE; 00465 } 00466 00467 static void *rootProvFuncs[] = { 00468 NULL, /* CERT_STORE_PROV_CLOSE_FUNC */ 00469 NULL, /* CERT_STORE_PROV_READ_CERT_FUNC */ 00470 CRYPT_RootWriteCert, 00471 CRYPT_RootDeleteCert, 00472 NULL, /* CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC */ 00473 NULL, /* CERT_STORE_PROV_READ_CRL_FUNC */ 00474 CRYPT_RootWriteCRL, 00475 CRYPT_RootDeleteCRL, 00476 NULL, /* CERT_STORE_PROV_SET_CRL_PROPERTY_FUNC */ 00477 NULL, /* CERT_STORE_PROV_READ_CTL_FUNC */ 00478 NULL, /* CERT_STORE_PROV_WRITE_CTL_FUNC */ 00479 NULL, /* CERT_STORE_PROV_DELETE_CTL_FUNC */ 00480 NULL, /* CERT_STORE_PROV_SET_CTL_PROPERTY_FUNC */ 00481 NULL, /* CERT_STORE_PROV_CONTROL_FUNC */ 00482 }; 00483 00484 static const char * const CRYPT_knownLocations[] = { 00485 "/etc/ssl/certs/ca-certificates.crt", 00486 "/etc/ssl/certs", 00487 "/etc/pki/tls/certs/ca-bundle.crt", 00488 "/usr/local/share/certs/", 00489 "/etc/sfw/openssl/certs", 00490 }; 00491 00492 static const BYTE authenticode[] = { 00493 0x30,0x82,0x03,0xd6,0x30,0x82,0x02,0xbe,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, 00494 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, 00495 0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0d, 00496 0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31,0x32,0x30, 00497 0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66, 00498 0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,0x28,0x74, 00499 0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74, 00500 0x79,0x30,0x1e,0x17,0x0d,0x39,0x35,0x30,0x31,0x30,0x31,0x30,0x38,0x30,0x30,0x30, 00501 0x31,0x5a,0x17,0x0d,0x39,0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39, 00502 0x5a,0x30,0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, 00503 0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31, 00504 0x32,0x30,0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73, 00505 0x6f,0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65, 00506 0x28,0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72, 00507 0x69,0x74,0x79,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, 00508 0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02, 00509 0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,0x64,0x9b,0xf5,0x89,0xaf,0x28, 00510 0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,0xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce, 00511 0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,0x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32, 00512 0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,0xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09, 00513 0xc9,0x2c,0x6f,0xa6,0xc2,0x60,0x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2, 00514 0x59,0x56,0x24,0xf3,0xe5,0x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a, 00515 0x71,0x50,0x1d,0x2d,0xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32, 00516 0x07,0xe1,0x61,0x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b, 00517 0xd1,0x3e,0x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1, 00518 0x94,0xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb, 00519 0x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,0x8e, 00520 0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,0xbd,0x3d, 00521 0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,0x61,0x98,0x65, 00522 0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,0x63,0xa9,0x30,0x40, 00523 0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,0x0b,0x87,0xff,0xc9,0xbe, 00524 0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,0x09,0x88,0x7b,0xcd,0x72,0xbc, 00525 0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xba,0x30,0x81,0xb7,0x30, 00526 0x0d,0x06,0x03,0x55,0x1d,0x0a,0x04,0x06,0x30,0x04,0x03,0x02,0x07,0x80,0x30,0x32, 00527 0x06,0x03,0x55,0x04,0x03,0x04,0x2b,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, 00528 0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65,0x28, 00529 0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69, 00530 0x74,0x79,0x30,0x72,0x06,0x03,0x55,0x1d,0x01,0x04,0x6b,0x30,0x69,0x80,0x10,0x1a, 00531 0x1b,0xe7,0x5b,0x9f,0xfd,0x8c,0x2a,0xc3,0x39,0xae,0x0c,0x62,0x2e,0x53,0x32,0xa1, 00532 0x52,0x30,0x50,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, 00533 0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x13,0x04,0x4d,0x53,0x46,0x54,0x31, 00534 0x32,0x30,0x30,0x06,0x03,0x55,0x04,0x03,0x13,0x29,0x4d,0x69,0x63,0x72,0x6f,0x73, 00535 0x6f,0x66,0x74,0x20,0x41,0x75,0x74,0x68,0x65,0x6e,0x74,0x69,0x63,0x6f,0x64,0x65, 00536 0x28,0x74,0x6d,0x29,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72, 00537 0x69,0x74,0x79,0x82,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, 00538 0x01,0x01,0x04,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x2d,0xc9,0xe2,0xf6,0x12,0x9e, 00539 0x5d,0x56,0x67,0xfa,0xfa,0x4b,0x9a,0x7e,0xdc,0x29,0x56,0x5c,0x80,0x14,0x02,0x28, 00540 0x85,0x6e,0x26,0xf3,0xcd,0x58,0xda,0x50,0x80,0xc5,0xf8,0x19,0xb3,0xa6,0x7c,0xe2, 00541 0x9d,0x6b,0x5f,0x3b,0x8f,0x22,0x74,0xe6,0x18,0x04,0xfc,0x47,0x40,0xd8,0x7a,0x3f, 00542 0x30,0x66,0xf0,0x12,0xa4,0xd1,0xeb,0x1d,0xe7,0xb6,0xf4,0x98,0xab,0x53,0x22,0x86, 00543 0x51,0x58,0xee,0x23,0x09,0x76,0xe4,0x1d,0x45,0x5c,0x4b,0xff,0x4c,0xe3,0x02,0x50, 00544 0x01,0x13,0xcc,0x41,0xa4,0x52,0x97,0xd4,0x86,0xd5,0xc4,0xfe,0x83,0x83,0x65,0x7d, 00545 0xea,0xbe,0xa2,0x68,0x3b,0xc1,0xb1,0x29,0x98,0xbf,0xa2,0xa5,0xfc,0x9d,0xd3,0x84, 00546 0xee,0x70,0x17,0x50,0xf3,0x0b,0xfa,0x3c,0xef,0xa9,0x27,0x8b,0x91,0xb4,0x48,0xc8, 00547 0x45,0xa0,0xe1,0x01,0x42,0x4b,0x44,0x76,0x04,0x1c,0xc2,0x19,0xa2,0x8e,0x6b,0x20, 00548 0x98,0xc4,0xdd,0x02,0xac,0xb4,0xd2,0xa2,0x0e,0x8d,0x5d,0xb9,0x36,0x8e,0x4a,0x1b, 00549 0x5d,0x6c,0x1a,0xe2,0xcb,0x00,0x7f,0x10,0xf4,0xb2,0x95,0xef,0xe3,0xe8,0xff,0xa1, 00550 0x73,0x58,0xa9,0x75,0x2c,0xa2,0x49,0x95,0x85,0xfe,0xcc,0xda,0x44,0x8a,0xc2,0x12, 00551 0x44,0xd2,0x44,0xc8,0xa5,0xa2,0x1f,0xa9,0x5a,0x8e,0x56,0xc2,0xc3,0x7b,0xcf,0x42, 00552 0x60,0xdc,0x82,0x1f,0xfb,0xce,0x74,0x06,0x7e,0xd6,0xf1,0xac,0x19,0x6a,0x4f,0x74, 00553 0x5c,0xc5,0x15,0x66,0x31,0x6c,0xc1,0x62,0x71,0x91,0x0f,0x59,0x5b,0x7d,0x2a,0x82, 00554 0x1a,0xdf,0xb1,0xb4,0xd8,0x1d,0x37,0xde,0x0d,0x0f }; 00555 static const BYTE rootauthority[] = { 00556 0x30,0x82,0x04,0x12,0x30,0x82,0x02,0xfa,0xa0,0x03,0x02,0x01,0x02,0x02,0x0f,0x00, 00557 0xc1,0x00,0x8b,0x3c,0x3c,0x88,0x11,0xd1,0x3e,0xf6,0x63,0xec,0xdf,0x40,0x30,0x0d, 00558 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x70,0x31, 00559 0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79,0x72,0x69, 00560 0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d,0x69,0x63, 00561 0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e,0x30,0x1c, 00562 0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74, 00563 0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f, 00564 0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74, 00565 0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30, 00566 0x1e,0x17,0x0d,0x39,0x37,0x30,0x31,0x31,0x30,0x30,0x37,0x30,0x30,0x30,0x30,0x5a, 00567 0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x30,0x37,0x30,0x30,0x30,0x30,0x5a,0x30, 00568 0x70,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79, 00569 0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d, 00570 0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e, 00571 0x30,0x1c,0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, 00572 0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21, 00573 0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, 00574 0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74, 00575 0x79,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, 00576 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01, 00577 0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,0x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78, 00578 0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,0x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d, 00579 0xa2,0x20,0x3e,0x7c,0x51,0xa2,0x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79, 00580 0xee,0xac,0x76,0xc9,0x54,0xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3, 00581 0xc5,0x6b,0x7a,0x62,0x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf, 00582 0x2d,0x66,0x9a,0x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1, 00583 0x46,0xe7,0x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3, 00584 0x84,0x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9, 00585 0x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,0x2b, 00586 0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,0x87,0xf7, 00587 0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,0xbf,0x3a,0xec, 00588 0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,0xcc,0x96,0x09,0x28, 00589 0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,0x3c,0x56,0xff,0x5b,0xfb, 00590 0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,0xb6,0x3b,0x5e,0x16,0x81,0x77, 00591 0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,0xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c, 00592 0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,0xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13, 00593 0x85,0xdf,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xa8,0x30,0x81,0xa5,0x30,0x81,0xa2, 00594 0x06,0x03,0x55,0x1d,0x01,0x04,0x81,0x9a,0x30,0x81,0x97,0x80,0x10,0x5b,0xd0,0x70, 00595 0xef,0x69,0x72,0x9e,0x23,0x51,0x7e,0x14,0xb2,0x4d,0x8e,0xff,0xcb,0xa1,0x72,0x30, 00596 0x70,0x31,0x2b,0x30,0x29,0x06,0x03,0x55,0x04,0x0b,0x13,0x22,0x43,0x6f,0x70,0x79, 00597 0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x37,0x20,0x4d, 00598 0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x2e,0x31,0x1e, 00599 0x30,0x1c,0x06,0x03,0x55,0x04,0x0b,0x13,0x15,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, 00600 0x66,0x74,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x21, 00601 0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x4d,0x69,0x63,0x72,0x6f,0x73,0x6f, 00602 0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74, 00603 0x79,0x82,0x0f,0x00,0xc1,0x00,0x8b,0x3c,0x3c,0x88,0x11,0xd1,0x3e,0xf6,0x63,0xec, 00604 0xdf,0x40,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05, 00605 0x00,0x03,0x82,0x01,0x01,0x00,0x95,0xe8,0x0b,0xc0,0x8d,0xf3,0x97,0x18,0x35,0xed, 00606 0xb8,0x01,0x24,0xd8,0x77,0x11,0xf3,0x5c,0x60,0x32,0x9f,0x9e,0x0b,0xcb,0x3e,0x05, 00607 0x91,0x88,0x8f,0xc9,0x3a,0xe6,0x21,0xf2,0xf0,0x57,0x93,0x2c,0xb5,0xa0,0x47,0xc8, 00608 0x62,0xef,0xfc,0xd7,0xcc,0x3b,0x3b,0x5a,0xa9,0x36,0x54,0x69,0xfe,0x24,0x6d,0x3f, 00609 0xc9,0xcc,0xaa,0xde,0x05,0x7c,0xdd,0x31,0x8d,0x3d,0x9f,0x10,0x70,0x6a,0xbb,0xfe, 00610 0x12,0x4f,0x18,0x69,0xc0,0xfc,0xd0,0x43,0xe3,0x11,0x5a,0x20,0x4f,0xea,0x62,0x7b, 00611 0xaf,0xaa,0x19,0xc8,0x2b,0x37,0x25,0x2d,0xbe,0x65,0xa1,0x12,0x8a,0x25,0x0f,0x63, 00612 0xa3,0xf7,0x54,0x1c,0xf9,0x21,0xc9,0xd6,0x15,0xf3,0x52,0xac,0x6e,0x43,0x32,0x07, 00613 0xfd,0x82,0x17,0xf8,0xe5,0x67,0x6c,0x0d,0x51,0xf6,0xbd,0xf1,0x52,0xc7,0xbd,0xe7, 00614 0xc4,0x30,0xfc,0x20,0x31,0x09,0x88,0x1d,0x95,0x29,0x1a,0x4d,0xd5,0x1d,0x02,0xa5, 00615 0xf1,0x80,0xe0,0x03,0xb4,0x5b,0xf4,0xb1,0xdd,0xc8,0x57,0xee,0x65,0x49,0xc7,0x52, 00616 0x54,0xb6,0xb4,0x03,0x28,0x12,0xff,0x90,0xd6,0xf0,0x08,0x8f,0x7e,0xb8,0x97,0xc5, 00617 0xab,0x37,0x2c,0xe4,0x7a,0xe4,0xa8,0x77,0xe3,0x76,0xa0,0x00,0xd0,0x6a,0x3f,0xc1, 00618 0xd2,0x36,0x8a,0xe0,0x41,0x12,0xa8,0x35,0x6a,0x1b,0x6a,0xdb,0x35,0xe1,0xd4,0x1c, 00619 0x04,0xe4,0xa8,0x45,0x04,0xc8,0x5a,0x33,0x38,0x6e,0x4d,0x1c,0x0d,0x62,0xb7,0x0a, 00620 0xa2,0x8c,0xd3,0xd5,0x54,0x3f,0x46,0xcd,0x1c,0x55,0xa6,0x70,0xdb,0x12,0x3a,0x87, 00621 0x93,0x75,0x9f,0xa7,0xd2,0xa0 }; 00622 static const BYTE rootcertauthority[] = { 00623 0x30,0x82,0x05,0x99,0x30,0x82,0x03,0x81,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,0x79, 00624 0xad,0x16,0xa1,0x4a,0xa0,0xa5,0xad,0x4c,0x73,0x58,0xf4,0x07,0x13,0x2e,0x65,0x30, 00625 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x5f, 00626 0x31,0x13,0x30,0x11,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x19, 00627 0x16,0x03,0x63,0x6f,0x6d,0x31,0x19,0x30,0x17,0x06,0x0a,0x09,0x92,0x26,0x89,0x93, 00628 0xf2,0x2c,0x64,0x01,0x19,0x16,0x09,0x6d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66,0x74, 00629 0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x13,0x24,0x4d,0x69,0x63,0x72,0x6f, 00630 0x73,0x6f,0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66, 00631 0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30, 00632 0x1e,0x17,0x0d,0x30,0x31,0x30,0x35,0x30,0x39,0x32,0x33,0x31,0x39,0x32,0x32,0x5a, 00633 0x17,0x0d,0x32,0x31,0x30,0x35,0x30,0x39,0x32,0x33,0x32,0x38,0x31,0x33,0x5a,0x30, 00634 0x5f,0x31,0x13,0x30,0x11,0x06,0x0a,0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01, 00635 0x19,0x16,0x03,0x63,0x6f,0x6d,0x31,0x19,0x30,0x17,0x06,0x0a,0x09,0x92,0x26,0x89, 00636 0x93,0xf2,0x2c,0x64,0x01,0x19,0x16,0x09,0x6d,0x69,0x63,0x72,0x6f,0x73,0x6f,0x66, 00637 0x74,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x13,0x24,0x4d,0x69,0x63,0x72, 00638 0x6f,0x73,0x6f,0x66,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x65,0x72,0x74,0x69, 00639 0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79, 00640 0x30,0x82,0x02,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, 00641 0x01,0x05,0x00,0x03,0x82,0x02,0x0f,0x00,0x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01, 00642 0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,0x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35, 00643 0x08,0x3c,0x75,0x84,0xcd,0xb7,0x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa, 00644 0x91,0x68,0x5a,0x9e,0x94,0x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94, 00645 0x0e,0x58,0xfa,0x04,0x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b, 00646 0x93,0xe5,0x9d,0x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e, 00647 0xe1,0x09,0x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3, 00648 0xae,0x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7, 00649 0xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,0xe4, 00650 0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,0x91,0xb4, 00651 0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,0x6d,0xaf,0x90, 00652 0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,0xb7,0xe1,0x11,0x60, 00653 0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,0xd5,0xc3,0x7e,0xe5,0x92, 00654 0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,0xf3,0xb5,0x6e,0xf8,0x9f,0x33, 00655 0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,0xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3, 00656 0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,0x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12, 00657 0x33,0x95,0x31,0x99,0xc8,0x35,0x08,0x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63, 00658 0x32,0x59,0x40,0x36,0xc0,0xa5,0x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58, 00659 0xbf,0xef,0x3f,0x53,0x64,0xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04, 00660 0x4d,0x9e,0xd6,0x38,0x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5, 00661 0x4b,0x6f,0xb0,0x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3, 00662 0x61,0xb9,0x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f, 00663 0x28,0x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc, 00664 0x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,0xdb, 00665 0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,0xce,0x53, 00666 0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,0x90,0xdf,0x81, 00667 0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,0x31,0xbb,0x06,0x2d, 00668 0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,0xeb,0x15,0xd5,0x24,0xa5, 00669 0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,0x5b,0xfc,0xd1,0x33,0x00,0xf9, 00670 0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,0x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b, 00671 0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,0xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde, 00672 0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,0x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04, 00673 0x26,0x7c,0xd4,0x16,0x40,0xe5,0xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1, 00674 0x35,0x02,0x03,0x01,0x00,0x01,0xa3,0x51,0x30,0x4f,0x30,0x0b,0x06,0x03,0x55,0x1d, 00675 0x0f,0x04,0x04,0x03,0x02,0x01,0xc6,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, 00676 0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04, 00677 0x16,0x04,0x14,0x0e,0xac,0x82,0x60,0x40,0x56,0x27,0x97,0xe5,0x25,0x13,0xfc,0x2a, 00678 0xe1,0x0a,0x53,0x95,0x59,0xe4,0xa4,0x30,0x10,0x06,0x09,0x2b,0x06,0x01,0x04,0x01, 00679 0x82,0x37,0x15,0x01,0x04,0x03,0x02,0x01,0x00,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, 00680 0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x02,0x01,0x00,0xc5,0x11,0x4d, 00681 0x03,0x3a,0x60,0xdd,0x5d,0x52,0x11,0x77,0x8f,0xb2,0xbb,0x36,0xc8,0xb2,0x05,0xbf, 00682 0xb4,0xb7,0xa8,0xd8,0x20,0x9d,0x5c,0x13,0x03,0xb6,0x1c,0x22,0xfa,0x06,0x13,0x35, 00683 0xb6,0xc8,0x63,0xd4,0x9a,0x47,0x6f,0x26,0x57,0xd2,0x55,0xf1,0x04,0xb1,0x26,0x5f, 00684 0xd6,0xa9,0x50,0x68,0xa0,0xbc,0xd2,0xb8,0x6e,0xcc,0xc3,0xe9,0xac,0xdf,0x19,0xcd, 00685 0x78,0xac,0x59,0x74,0xac,0x66,0x34,0x36,0xc4,0x1b,0x3e,0x6c,0x38,0x4c,0x33,0x0e, 00686 0x30,0x12,0x0d,0xa3,0x26,0xfe,0x51,0x53,0x00,0xff,0xaf,0x5a,0x4e,0x84,0x0d,0x0f, 00687 0x1f,0xe4,0x6d,0x05,0x2e,0x4e,0x85,0x4b,0x8d,0x6c,0x33,0x6f,0x54,0xd2,0x64,0xab, 00688 0xbf,0x50,0xaf,0x7d,0x7a,0x39,0xa0,0x37,0xed,0x63,0x03,0x0f,0xfc,0x13,0x06,0xce, 00689 0x16,0x36,0xd4,0x54,0x3b,0x95,0x1b,0x51,0x62,0x3a,0xe5,0x4d,0x17,0xd4,0x05,0x39, 00690 0x92,0x9a,0x27,0xa8,0x5b,0xaa,0xbd,0xec,0xbb,0xbe,0xe3,0x20,0x89,0x60,0x71,0x6c, 00691 0x56,0xb3,0xa5,0x13,0xd0,0x6d,0x0e,0x23,0x7e,0x95,0x03,0xed,0x68,0x3d,0xf2,0xd8, 00692 0x63,0xb8,0x6b,0x4d,0xb6,0xe8,0x30,0xb5,0xe1,0xca,0x94,0x4b,0xf7,0xa2,0xaa,0x5d, 00693 0x99,0x30,0xb2,0x3d,0xa7,0xc2,0x51,0x6c,0x28,0x20,0x01,0x24,0x27,0x2b,0x4b,0x00, 00694 0xb7,0x9d,0x11,0x6b,0x70,0xbe,0xb2,0x10,0x82,0xbc,0x0c,0x9b,0x68,0xd0,0x8d,0x3b, 00695 0x24,0x87,0xaa,0x99,0x28,0x72,0x9d,0x33,0x5f,0x59,0x90,0xbd,0xf5,0xde,0x93,0x9e, 00696 0x3a,0x62,0x5a,0x34,0x39,0xe2,0x88,0x55,0x1d,0xb9,0x06,0xb0,0xc1,0x89,0x6b,0x2d, 00697 0xd7,0x69,0xc3,0x19,0x12,0x36,0x84,0xd0,0xc9,0xa0,0xda,0xff,0x2f,0x69,0x78,0xb2, 00698 0xe5,0x7a,0xda,0xeb,0xd7,0x0c,0xc0,0xf7,0xbd,0x63,0x17,0xb8,0x39,0x13,0x38,0xa2, 00699 0x36,0x5b,0x7b,0xf2,0x85,0x56,0x6a,0x1d,0x64,0x62,0xc1,0x38,0xe2,0xaa,0xbf,0x51, 00700 0x66,0xa2,0x94,0xf5,0x12,0x9c,0x66,0x22,0x10,0x6b,0xf2,0xb7,0x30,0x92,0x2d,0xf2, 00701 0x29,0xf0,0x3d,0x3b,0x14,0x43,0x68,0xa2,0xf1,0x9c,0x29,0x37,0xcb,0xce,0x38,0x20, 00702 0x25,0x6d,0x7c,0x67,0xf3,0x7e,0x24,0x12,0x24,0x03,0x08,0x81,0x47,0xec,0xa5,0x9e, 00703 0x97,0xf5,0x18,0xd7,0xcf,0xbb,0xd5,0xef,0x76,0x96,0xef,0xfd,0xce,0xdb,0x56,0x9d, 00704 0x95,0xa0,0x42,0xf9,0x97,0x58,0xe1,0xd7,0x31,0x22,0xd3,0x5f,0x59,0xe6,0x3e,0x6e, 00705 0x22,0x00,0xea,0x43,0x84,0xb6,0x25,0xdb,0xd9,0xf3,0x08,0x56,0x68,0xc0,0x64,0x6b, 00706 0x1d,0x7c,0xec,0xb6,0x93,0xa2,0x62,0x57,0x6e,0x2e,0xd8,0xe7,0x58,0x8f,0xc4,0x31, 00707 0x49,0x26,0xdd,0xde,0x29,0x35,0x87,0xf5,0x30,0x71,0x70,0x5b,0x14,0x3c,0x69,0xbd, 00708 0x89,0x12,0x7d,0xeb,0x2e,0xa3,0xfe,0xd8,0x7f,0x9e,0x82,0x5a,0x52,0x0a,0x2b,0xc1, 00709 0x43,0x2b,0xd9,0x30,0x88,0x9f,0xc8,0x10,0xfb,0x89,0x8d,0xe6,0xa1,0x85,0x75,0x33, 00710 0x7e,0x6c,0x9e,0xdb,0x73,0x13,0x64,0x62,0x69,0xa5,0x2f,0x7d,0xca,0x96,0x6d,0x9f, 00711 0xf8,0x04,0x4d,0x30,0x92,0x3d,0x6e,0x21,0x14,0x21,0xc9,0x3d,0xe0,0xc3,0xfd,0x8a, 00712 0x6b,0x9d,0x4a,0xfd,0xd1,0xa1,0x9d,0x99,0x43,0x77,0x3f,0xb0,0xda }; 00713 00714 static const struct CONST_BLOB { 00715 const BYTE *pb; 00716 DWORD cb; 00717 } msRootCerts[] = { 00718 { authenticode, sizeof(authenticode) }, 00719 { rootauthority, sizeof(rootauthority) }, 00720 { rootcertauthority, sizeof(rootcertauthority) }, 00721 }; 00722 00723 static void add_ms_root_certs(HCERTSTORE to) 00724 { 00725 DWORD i; 00726 00727 TRACE("\n"); 00728 00729 for (i = 0; i < sizeof(msRootCerts) / sizeof(msRootCerts[0]); i++) 00730 if (!CertAddEncodedCertificateToStore(to, X509_ASN_ENCODING, 00731 msRootCerts[i].pb, msRootCerts[i].cb, CERT_STORE_ADD_NEW, NULL)) 00732 WARN("adding root cert %d failed: %08x\n", i, GetLastError()); 00733 } 00734 00735 /* Reads certificates from the list of known locations into store. Stops when 00736 * any location contains any certificates, to prevent spending unnecessary time 00737 * adding redundant certificates, e.g. when both a certificate bundle and 00738 * individual certificates exist in the same directory. 00739 */ 00740 static void read_trusted_roots_from_known_locations(HCERTSTORE store) 00741 { 00742 HCERTSTORE from = CertOpenStore(CERT_STORE_PROV_MEMORY, 00743 X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); 00744 00745 if (from) 00746 { 00747 DWORD i; 00748 BOOL ret = FALSE; 00749 00750 #ifdef HAVE_SECURITY_SECURITY_H 00751 OSStatus status; 00752 CFArrayRef rootCerts; 00753 00754 status = SecTrustCopyAnchorCertificates(&rootCerts); 00755 if (status == noErr) 00756 { 00757 int i; 00758 for (i = 0; i < CFArrayGetCount(rootCerts); i++) 00759 { 00760 SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i); 00761 CFDataRef certData; 00762 if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr) 00763 { 00764 if (CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING, 00765 CFDataGetBytePtr(certData), CFDataGetLength(certData), 00766 CERT_STORE_ADD_NEW, NULL)) 00767 ret = TRUE; 00768 else 00769 WARN("adding root cert %d failed: %08x\n", i, GetLastError()); 00770 CFRelease(certData); 00771 } 00772 else 00773 WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status); 00774 } 00775 CFRelease(rootCerts); 00776 } 00777 #endif 00778 00779 for (i = 0; !ret && 00780 i < sizeof(CRYPT_knownLocations) / sizeof(CRYPT_knownLocations[0]); 00781 i++) 00782 ret = import_certs_from_path(CRYPT_knownLocations[i], from, TRUE); 00783 check_and_store_certs(from, store); 00784 } 00785 CertCloseStore(from, 0); 00786 } 00787 00788 static HCERTSTORE create_root_store(void) 00789 { 00790 HCERTSTORE root = NULL; 00791 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 00792 X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); 00793 00794 if (memStore) 00795 { 00796 CERT_STORE_PROV_INFO provInfo = { 00797 sizeof(CERT_STORE_PROV_INFO), 00798 sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]), 00799 rootProvFuncs, 00800 NULL, 00801 0, 00802 NULL 00803 }; 00804 00805 read_trusted_roots_from_known_locations(memStore); 00806 add_ms_root_certs(memStore); 00807 root = CRYPT_ProvCreateStore(0, memStore, &provInfo); 00808 } 00809 TRACE("returning %p\n", root); 00810 return root; 00811 } 00812 00813 static PWINECRYPT_CERTSTORE CRYPT_rootStore; 00814 00815 PWINECRYPT_CERTSTORE CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) 00816 { 00817 TRACE("(%ld, %08x)\n", hCryptProv, dwFlags); 00818 00819 if (dwFlags & CERT_STORE_DELETE_FLAG) 00820 { 00821 WARN("root store can't be deleted\n"); 00822 SetLastError(ERROR_ACCESS_DENIED); 00823 return NULL; 00824 } 00825 if (!CRYPT_rootStore) 00826 { 00827 HCERTSTORE root = create_root_store(); 00828 00829 InterlockedCompareExchangePointer((PVOID *)&CRYPT_rootStore, root, 00830 NULL); 00831 if (CRYPT_rootStore != root) 00832 CertCloseStore(root, 0); 00833 } 00834 CertDuplicateStore(CRYPT_rootStore); 00835 return CRYPT_rootStore; 00836 } 00837 00838 void root_store_free(void) 00839 { 00840 CertCloseStore(CRYPT_rootStore, 0); 00841 }
Generated on Sun May 27 2012 04:23:18 for ReactOS by
1.7.6.1
