From 6bba5bea964a4be720b83db7def7ae7e4e5b35d6 Mon Sep 17 00:00:00 2001
From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
Date: Fri, 16 Dec 2016 21:43:42 +0000
Subject: installer/win/VBoxStub: Add all the certificates we use, not just the
 SHA-1 one.

git-svn-id: https://www.virtualbox.org/svn/vbox/trunk@64927 cfe28804-0f27-0410-a406-dd0f0b0b656f
---
 src/VBox/Installer/win/Stub/Makefile.kmk | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

(limited to 'src/VBox/Installer/win/Stub/Makefile.kmk')

diff --git a/src/VBox/Installer/win/Stub/Makefile.kmk b/src/VBox/Installer/win/Stub/Makefile.kmk
index 4e8847f0842..d5a9f9ea739 100644
--- a/src/VBox/Installer/win/Stub/Makefile.kmk
+++ b/src/VBox/Installer/win/Stub/Makefile.kmk
@@ -55,8 +55,32 @@ if "$(KBUILD_TARGET_ARCH)" == "x86"
   VBoxStub.cpp_INCS += $(VBoxStub_0_OUTDIR)
   VBoxStub.cpp_DEFS += VBOX_WITH_CODE_SIGNING
 
-  $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h: $(VBOX_BIN2C) $(PATH_ROOT)/src/VBox/Additions/WINNT/tools/oracle-vbox.cer | $$(dir $$@)
-	$(VBOX_BIN2C) _VBoxStubPublicCert $(PATH_ROOT)/src/VBox/Additions/WINNT/tools/oracle-vbox.cer $@
+  $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h:  | $$(dir $$@) $(VBOX_RTSIGNTOOL) $(PATH_STAGE_SYS)/VBoxDrv.sys
+	$(RM) -f -- "$@" "$@.cer0" "$@.cer1" "$@.cer2" "$@.array"
+
+	$(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 0 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer0" --der
+	$(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert0 "$@.cer0" $@
+	$(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert0, sizeof(g_abVBoxStubTrustedCert0) }, "
+  if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && (!defined(VBOX_WITH_CORP_CODE_SIGNING) || "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all")
+	$(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "$@.cer1" --der
+	$(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "$@.cer1" $@
+	$(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert1, sizeof(g_abVBoxStubTrustedCert1) }, "
+  endif
+  if defined(VBOX_WITH_CORP_CODE_SIGNING) && "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all" && "$(VBOX_SIGNING_MODE)" == "release"
+	$(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "" --output "$@.cer2" --der
+	$(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "$@.cer2" $@
+	$(APPEND) "$@.array" "    { g_abVBoxStubTrustedCert2, sizeof(g_abVBoxStubTrustedCert2) }, "
+  endif
+	$(APPEND) -n "$@" \
+		"" \
+		"struct { uint8_t const *pab; uint32_t cb; }" "g_aVBoxStubTrustedCerts[] = " \
+               "{"
+	$(SED) --append "$@" -e "" "$@.array"
+	$(APPEND) -n "$@" \
+               "};"
+	$(RM) -f -- "$@.cer0" "$@.cer1" "$@.cer2" "$@.array"
+
+  VBoxStubPublicCert.h:: $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h
 
  endif
 
-- 
cgit v1.2.1