diff --git a/Linux/README.md b/Linux/README.md new file mode 100644 index 0000000000000000000000000000000000000000..165f59e5f669f206d987d6091411c274a0e547bf --- /dev/null +++ b/Linux/README.md @@ -0,0 +1,39 @@ +Revoke-China-Certs on Linux +========================================== + +## Intro + +This tool revokes certain CA certificates for NSS-based applications on Linux, +(most notably, Firefox & Chrome). + +On Linux there are multiple libraries for SSL/TLS and each may have its own +certificate store. The `/etc/ca-certificate.conf` configures the trusted +Root CAs for OpenSSL (which `wget` uses by default). Another widely used +library is NSS by Mozilla, which supports blacklisting a specific intermediate +CA without fiddling with the Root CA. + +**This tool is experimental. DO MAKE BACKUPS before you do anything!** + +## Usage + +First you need to have packages installed to provide `certutil`. On Ubuntu it would be: + + sudo apt-get install libnss3-tools + +Then, use the `revoke-china-certs.sh` to do the revocation. For Chrome it would be: + + ./revoke-china-certs.sh extended $HOME/.pki/nssdb + +to revoke trust of CAs within the *extended* set. Change `extended` to `all` or `base` +or `restore` to revoke other sets of certs. + +Since Firefox maintains different certificate store for different browser profile (rather +than per Linux user for Chrome), you need to do this for every profile under `~/.mozilla/firefox`. + + for profile in `ls ~/.mozilla/firefox/*.default`;do + ./revoke-china-certs.sh extended $HOME/.mozilla/firefox/$profile + done + +## Notes + +Deselecting a CA by `dpkg-reconfigure ca-certificates` does NOT affect any NSS-based applications. diff --git a/Linux/nss_revoke.sh b/Linux/nss_revoke.sh new file mode 100755 index 0000000000000000000000000000000000000000..e6d63ffda6ca8ad66a4b35ba29254b1f8430dae4 --- /dev/null +++ b/Linux/nss_revoke.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +DBPATH=$1 +CERTS=$2 + + +echo "Resetting CA set" +RESETS=`` + +certutil -d sql:${DBPATH} -L | grep -oP "NSS Certificate DB:revoke-china-certs:[^\s]+" | \ +while read CERT;do + certutil -d sql:${DBPATH} -D -n "${CERT}" +done + +echo "Revoking CAs in $DBPATH/cert9.db" + +for CERT in $CERTS;do + # p,p,p: prohibit all use + certutil -d sql:${DBPATH} -A -n "revoke-china-certs:${CERT}" -t p,p,p -i ${CERT} +done + +echo "Done" diff --git a/Linux/revoke-china-certs.sh b/Linux/revoke-china-certs.sh new file mode 100755 index 0000000000000000000000000000000000000000..d5870007a0ee70b8a065cf48b3916bfb5d58ffad --- /dev/null +++ b/Linux/revoke-china-certs.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + +if [ ${1:-extended} = 'all' ];then + echo "Generating ALL CRL set" + # TODO: Explicitly distinguish between CA & EE certificates. + CA_CERTS=`ls ../Windows/Certs/Online/*.crt` + EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt` + echo "all" +elif [ ${1:-extended} = 'extended' ];then + echo "Generating EXTENDED CRL set" + CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt ../Windows/Certs/Online/CFCA_*.crt ../Windows/Certs/Online/UCA_*.crt ../Windows/Certs/Online/[Suspicious]GoAgent_CA.crt` + EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt` +elif [ ${1:-extended} = 'restore' ];then + echo "Generating RESTORE CRL set" + CA_CERTS='' + EE_CERTS='' +else + echo "Generating Basic CRL set" + CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt` + EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt` +fi + +CERTS=`echo $CA_CERTS $EE_CERTS` +./nss_revoke.sh ${2:-~/.pki/nssdb} "${CERTS}" diff --git a/README.md b/README.md index 16b1cdbe6b5bf66f340b76a9184eabb62afd03d5..66e06e7313e97c83190ea02c9cc31992ee32d840 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Revoke China Certificates.<br /> 全自动å¯ç–‘è¯ä¹¦åŠé”€å·¥å…·/全自動å¯ç–‘憑è‰æ’¤éŠ·å·¥å…·<br /> ### Updated -**2015-02-24** +**2015-02-25** ### Type * Online Certificates/在线è¯ä¹¦/在線è‰æ›¸ @@ -24,6 +24,7 @@ Revoke China Certificates.<br /> * [English](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_Online) * [简体ä¸æ–‡](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_Online(Chinese_Simplified)) * [ç¹é«”ä¸æ–‡](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_Online(Chinese_Traditional)) +* [Android](https://github.com/chengr28/RevokeChinaCerts/tree/master/Android) ### Usage(CodeSigning/Organization) * [English(CodeSigning)](https://github.com/chengr28/RevokeChinaCerts/wiki/ReadMe_CodeSigning) diff --git a/Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd.crt b/Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd_201112.crt similarity index 100% rename from Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd.crt rename to Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd_201112.crt diff --git a/Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd_201412.crt b/Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd_201412.crt new file mode 100644 index 0000000000000000000000000000000000000000..fe24f2c9721b8985961d2cb838e2a561214423cf --- /dev/null +++ b/Windows/Certs/CodeSigning/Beijing_Kingsoft_Security_Software_CoLtd_201412.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFdzCCBF+gAwIBAgIQeh/nZ2pISdruK//EpP9L0zANBgkqhkiG9w0BAQUFADCB +tDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug +YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMl +VmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTAeFw0xNDEyMjkw +MDAwMDBaFw0xNjAxMjgyMzU5NTlaMIGoMQswCQYDVQQGEwJDTjEQMA4GA1UECBMH +YmVpamluZzEQMA4GA1UEBxMHYmVpamluZzEzMDEGA1UEChQqQmVpamluZyBLaW5n +c29mdCBTZWN1cml0eSBzb2Z0d2FyZSBDby4sTHRkMQswCQYDVQQLFAJJVDEzMDEG +A1UEAxQqQmVpamluZyBLaW5nc29mdCBTZWN1cml0eSBzb2Z0d2FyZSBDby4sTHRk +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H96NpBPM4piYDBxHB93 +26igM/APfSN0by7vsRhpg60SpXn8XJW/vSJKr8HUpYwtS+GPN9aFvN/KpDT5+SRB +26RYoinHgyLsxFSPQIqQVgbyBwJxu16pjbva8qML2z7Uh1ioNv8nzIRwLy1BI2/M +etHCmGcN7KgnCy+Bjq1l0ipeVjbrjIeRm7oskvv0epjiblCKywSLY4gpuaJ8h04T +qdzmYkzKyvD5gjtkQT0u6CORuhNNjrReOiSYRrAOsuhQzGpy4cQtpwEd0F2gGgmb +0uwrawyMYv5gg/YJxZd0E+GPjjhqi2NVDOSb+dXwyLuDk6OBPBy5Oib3SpU1lBxP +TwIDAQABo4IBjTCCAYkwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0f +BCQwIjAgoB6gHIYaaHR0cDovL3NmLnN5bWNiLmNvbS9zZi5jcmwwZgYDVR0gBF8w +XTBbBgtghkgBhvhFAQcXAzBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2Iu +Y29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAT +BgNVHSUEDDAKBggrBgEFBQcDAzBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGG +E2h0dHA6Ly9zZi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zZi5zeW1j +Yi5jb20vc2YuY3J0MB8GA1UdIwQYMBaAFM+Zqep7JvRLyY6P1/AFJu/j0qedMB0G +A1UdDgQWBBTLiDXjtqWv2mSKzUhOhjUOpHO2zDARBglghkgBhvhCAQEEBAMCBBAw +FgYKKwYBBAGCNwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBAJIO9o10 +lg4MSyqbRmeoUvEW9T8I2nUY2mKqUzMYdF4jhBljuv5cKYtnCVbr7yXW7IhkwyAR +zspPNMYrVLI03MvIbyGhk7T9F65wv7/uqJsnfqT/a6C6jhqLFGHoyFGTH207Xm+j +6goixclXkI7ZoFGTnHM0h0T9AlfU4gEn3hgjUhK8iL1Eh4YPcXiMsqttL1run223 +qJ3074wUL8kC0gSDGmjN5hHX3ljt4REqYWoghlt1nq2q6O01cJ6y0lpAf58+EvjE +BA7LWfneE3B7gsLNlpNmj4efRCHu9aUODXXs/eRGDqmaVib1Z6ayQAPAL5laUd6P +Xgr+GTs36XnG4QQ= +-----END CERTIFICATE----- diff --git a/Windows/Certs/CodeSigning/Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt b/Windows/Certs/CodeSigning/Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt new file mode 100644 index 0000000000000000000000000000000000000000..ce33adfea01ba065ea142c868c5a126e4a4138c3 --- /dev/null +++ b/Windows/Certs/CodeSigning/Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFljCCBH6gAwIBAgIQa9rf7/BmG9JkKvRuy7J5QDANBgkqhkiG9w0BAQUFADCB +lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt +T2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4NDAzNlowVTELMAkGA1UE +BhMCQ04xGjAYBgNVBAoTEVdvU2lnbiBDQSBMaW1pdGVkMSowKAYDVQQDEyFDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQC9yo2suJEVVpd7a1x6wt5r2aGwwxAj+qehsswx+j7Zpilv +Fj3ga/i4QF/bOagAeougTVR9wiJ4/I4JuKiF18yVl0t02J5+8ADkDomuSShEGhCZ +Mg8liFOkDbMPEggWCwNxJxx/4dvS/WdoxAVdCg5dcNfYl6C8U0GakY30njZmen5W +wZBf5rFoIDakjCQsLEcLWXZmMLW+3u2P+J3TuwEw5vLzDuAskoDzhfkoirRULprt +93b8FWgW60ps6y4Sj9TP/gzHXB0LfgUyvl6wCSpC1clOkLNZDbt6fs3VCFq0f9gc +aRH5Jw97Bq9Ugxh74d1UelFobnf8xr9SSmZGobJnGrujT3egvl3//FYLQ3J3kMqe ++fI59Q2p9OrX57MQLzBCNyHMMHDJhpgPzFhNg7t95RqlN422rDKXADpjcSQenjfE +/3TUN8Di/ohGYBHdCD9QNqu4eqSVYmpusMpqIVpp8/P7HXA5lfOnbqaBiaGIxTtx +yqNS7oO7/aB39ORv50LbbUqZijRIvBfc5IAIIrbyMcA/BD7rnyB51rgGZGQCMdep +zVL7hEVpCQAq3FWLxAZGS8BKHQlbOSj9qavOAPkuSEsm5jBMpVjKtESCT+eRHjPD +sJP/EfyB0sofcSnddk+SJa8dgbcPL4zDBswvJ6NK5A6ZunweRR9/qhlFlv38PQID +AQABo4IBHzCCARswHwYDVR0jBBgwFoAU2u1kdBScFDyr3ZmpvVsoTYs8ydgwHQYD +VR0OBBYEFOFmzw7R8bNLtwYgFP6HEtX2/vs+MA4GA1UdDwEB/wQEAwIBhjASBgNV +HRMBAf8ECDAGAQH/AgECMB0GA1UdJQQWMBQGCCsGAQUFBwMDBggrBgEFBQcDCDAR +BgNVHSAECjAIMAYGBFUdIAAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC50 +cnVzdC1wcm92aWRlci5jb20vVVROLVVTRVJGaXJzdC1PYmplY3QuY3JsMDoGCCsG +AQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AudHJ1c3QtcHJvdmlk +ZXIuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBYbPGDS5n2cyuZB6PYV87Ul/1qAoO+ +YLEX4xd0YXFlPHkptf5lGMTYHeLa39oO+aB113l6yw7N+TBSg+PaLh7lMjRlG3Pd +DZ/5MVh6x2s5umEeoUZgkdRPvIHOUt3LgES8ihg3DARFDgj254fFDPuLApMkIllb +WzD6vXa++7WYiUP+8VLWIFGCnNkqGT8Y+Ila+0Zx+6m/l5lBzTbaJ1UCE7rSUzjV +5X7AwhsAqgw8saNsVv+6Yn6BHsqPiKCaXW9n6s4bjR9aXPnyH/9KUARYa3DX3Po6 +/KIRD4F2E48pERsqB2jPUIxHLXXlBFxK4QCaif3/PqvMrblWw6clW2Rc + +-----END CERTIFICATE----- diff --git a/Windows/Certs/CodeSigning/MeituCom.crt b/Windows/Certs/CodeSigning/MeituCom_201212.crt similarity index 100% rename from Windows/Certs/CodeSigning/MeituCom.crt rename to Windows/Certs/CodeSigning/MeituCom_201212.crt diff --git a/Windows/Certs/CodeSigning/MeituCom_201411.crt b/Windows/Certs/CodeSigning/MeituCom_201411.crt new file mode 100644 index 0000000000000000000000000000000000000000..2f97680fb51516f92709ed2a1c9ab3b180321d04 --- /dev/null +++ b/Windows/Certs/CodeSigning/MeituCom_201411.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCBAWgAwIBAgIQd+eV0+QIQll1ve8mWjtqaDANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMSQwIgYDVQQDExtU +aGF3dGUgQ29kZSBTaWduaW5nIENBIC0gRzIwHhcNMTQxMTIwMDAwMDAwWhcNMTcw +MjE4MjM1OTU5WjCBmzELMAkGA1UEBhMCQ04xDzANBgNVBAgMBkZ1amlhbjEPMA0G +A1UEBwwGWGlhbWVuMSowKAYDVQQKDCHljqbpl6jnvo7lm77nvZHnp5HmioDmnInp +mZDlhazlj7gxEjAQBgNVBAsMCeS6p+WTgemDqDEqMCgGA1UEAwwh5Y6m6Zeo576O +5Zu+572R56eR5oqA5pyJ6ZmQ5YWs5Y+4MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0A +MIIBCAKCAQEA9N5Sk0o4NYQBIR0wOkKQH72/1D5Y0ixJzZBror/HcQXr3sqtGRhU +CPcJM+Prms8P8D51lTnyglrsQ9cKfc4BVnVgr7v2bb2IoWKa3YfscT/18+UKcpfp +qCmRoDp5o/gv89j85kZyId0QNpUCL8s9QOWzGFdJHR3AyKRKaSEavyw0aTNoc64u +vD8UYh3xe7+V/lPgvWMPQVei1PYQB+wn2dxS+rGHzjBeJjknVGIEUBIk87BDVR0u +8hRxPRZhmwKa/bF+0Y0ITc6Ww4xoO2aAxJbvMBz9ArswfcG7cORnOIHq6SLkPC6X +NOF5Nr2qHDBXuhyc8eR3+BymQENx1PykFwIBA6OCAa0wggGpMAkGA1UdEwQCMAAw +HwYDVR0jBBgwFoAU1A1lP3q9NMb+R+dMDcC98t4Vq3EwHQYDVR0OBBYEFAy577up +AqP40qggs6wuPEw7nJ11MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90aC5zeW1j +Yi5jb20vdGguY3JsMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSUEGDAWBggrBgEFBQcD +AwYKKwYBBAGCNwIBFjBzBgNVHSAEbDBqMGgGC2CGSAGG+EUBBzACMFkwJgYIKwYB +BQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMM +IWh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAdBgNVHQQEFjAUMA4w +DAYKKwYBBAGCNwIBFgMCB4AwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo +dHRwOi8vdGguc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGguc3ltY2Iu +Y29tL3RoLmNydDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQADggEB +AKYeUS0q1WvEy/yVm7fwjul/340/+1kmxI9jgfOptJ4O7PrYWsA6jx9vxZk9JzqS +WCkBilkm51GFBCjkAILzXyizFYF5eoi9U3dqNf7ekECxI+L4H1AWkc7mcEO3yS7v +tWs4bxgCFSov8BUpZcS74qu1//3ck2jnbVzoZwZ/uqGjDfQspkkhW3OaKHTsUDuq +P0rcg2Gl/MuHjSnN33D80OxTssExxM1Y3qpdWxwvPMRs9ooaS4Ir250xLOcCycFt +Gi8InbV4f9hszhaQrpMREVHWRYUA9VkTpnEx8ySkoY4nsQPTxI+IoS7NLQgm5CrY +lAksmYYywLTZ0s0f/T2gSww= +-----END CERTIFICATE----- diff --git a/Windows/Certs/CodeSigning/Tencent_Technology_Shenzhen_Company_Limited.crt b/Windows/Certs/CodeSigning/Tencent_Technology_Shenzhen_Company_Limited_201301.crt similarity index 100% rename from Windows/Certs/CodeSigning/Tencent_Technology_Shenzhen_Company_Limited.crt rename to Windows/Certs/CodeSigning/Tencent_Technology_Shenzhen_Company_Limited_201301.crt diff --git a/Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom.crt b/Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom_1.crt similarity index 100% rename from Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom.crt rename to Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom_1.crt diff --git a/Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom_2.crt b/Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom_2.crt new file mode 100644 index 0000000000000000000000000000000000000000..61f5dd755de6cc6f5ca1c11bd6f6b27ada95e175 --- /dev/null +++ b/Windows/Certs/Online/Certification_Authority_Of_WoSign_Chinese_StartCom_2.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGTTCCBDWgAwIBAgIHH86n9ql/6TANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG +EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp +Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MjI0NjM2WhcNMTkxMjMxMjM1 +OTU5WjBGMQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQx +GzAZBgNVBAMMEkNBIOayg+mAmuagueivgeS5pjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBANBJIR4l/IfBKsKs23aGBk7n0HQ03O1lNfxQ1og/pPB/6w9f +eS+Jsf28Y1g3k5s4+LdbqfrYcce0vICXjWxL8VDVKimqqBl6luaVjnTtlwpXdfQF +220LObkBf6r21tps5gXgpE1S/NvQdLcRjHuNT/+Hg67/BQMTV1A3/oyWUhBMX7+U +cWnZlj4MQ0++MMCfOXRPBkVdo9ZWOWgHzIdPUHeTcdlECLGKNOmJrNubTuHZ5FJF +jC4UH5FrGR1oKSxWxOIeE1dk8GHjuRHfsOFXoBut11/Rr9srLT/QaI4P6p8PizVY +GxMc9N41oQpd1urfEm/A+2kHRnLcgfYEIxfgTXXhcm+wKOub4eGDoZ9KXa/Mm/oC +ILYYYneRO6PVZa3cfJB3HERBpEqL65Vy6fYJZNyoLZ90eOjBogljnO+g20+dlasg +T7ew94dcpqDkNzjHXOM1Dyyto4Ci7C5dwM/tiwXC5nNu9onV9dJGjuptYxseisl9 +pvic6+XVY4VNc2ZpEf7IDvTBx2ZJU37kGWvx6XpZo21+xRfmJ8bvG9tv/A1NBgG0 +DlwwRlVgrzhlOspHuqwszEYfskaWP/PtJgXud6Fqa34tbVhcStSOZ7jx2tVGiif5 +EfLJQv5O3t8fXMSkhocWM6GnFxilDeQF5SvCKwuilZC5/WA8Tok+55zuH7sBAgMB +AAGjggEHMIIBAzASBgNVHRMBAf8ECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4E2/3JtBXRPoZPCn6RWk4YHBujEwHwYDVR0jBBgwFoAUTgvvGqRA +W6UXaYcwyjRoQ9BBrvIwaQYIKwYBBQUHAQEEXTBbMCcGCCsGAQUFBzABhhtodHRw +Oi8vb2NzcC5zdGFydHNzbC5jb20vY2EwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEu +c3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAyBgNVHR8EKzApMCegJaAjhiFodHRw +Oi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwDQYJKoZIhvcNAQELBQADggIB +AI274T7wqbpK6IUpiNBGwjQCnLQYCkkOse9rVge7hwFTdK2gpoA1bNcBmrmEubOP +jRBVHNhW+bXyJIc+UBs8RdjcgJMmGHSVhMPs2zvncMwx5b2FHvr4ajWwXcL3INlF +vwJYifZgzi9FSe+Xg9KLqfQMSZNCpIop57BJ8F/hhnWcmjNvCtPod9jaV91SMy/R +xN6FfVNV8V/TJNYlJYNjLF9xSHxgpLYu5WHPFzHzyFdPlDdtWZbgoTyXJ0zKwsMV +w1zS6WDAGRWHgWlRRXPbmBSBPhXk5JfSBLX8M/uHJGl1t6frghUdSqw7EiOJn7T8 +JE7dIsi3zx462waTg7jKDLpzC34/PEvPYcF7X5pybb/TQVjjGzWZg61sQERjfN7B +ePHm6SGg74pOkX4XVVuX8SnaH/Y+dTmaZfGJKDs50PU7PpF5qA2x1FaeIFuzklqt +H4DHm6uaOsO5HOIWstKhtlH9xnb2l9vxF581/Tlxea6OUtHfk4J7GvGcowyADI8g +7OOYkS8e9GQ2DBVqacq0VrnIFA0uAXGTL27Oh6VYFmZ61MjVEhXF5y4yHQ8KFpQK +vFCV0S6lX0VqalP0cPBCUftf1L8qBqy5FMQDhlET6Lwh0FT1iTvz03xlQMRZBzyS +EkE9+JcNYJ8zFJKmjFvuStRRmMJTdkorYuwFw2tQZLFs +-----END CERTIFICATE----- diff --git a/Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609.crt b/Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609_1.crt similarity index 100% rename from Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609.crt rename to Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609_1.crt diff --git a/Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609_2.crt b/Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609_2.crt new file mode 100644 index 0000000000000000000000000000000000000000..09793e919debd1b6c6475448bf3db54796f667ec --- /dev/null +++ b/Windows/Certs/Online/Certification_Authority_Of_WoSign_StartCom_200609_2.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGXDCCBESgAwIBAgIHGcKFMOk7NjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG +EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp +Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MjI0NjM2WhcNMTkxMjMxMjM1 +OTU5WjBVMQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQx +KjAoBgNVBAMTIUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbjCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL3Kjay4kRVWl3trXHrC3mvZobDD +ECP6p6GyzDH6PtmmKW8WPeBr+LhAX9s5qAB6i6BNVH3CInj8jgm4qIXXzJWXS3TY +nn7wAOQOia5JKEQaEJkyDyWIU6QNsw8SCBYLA3EnHH/h29L9Z2jEBV0KDl1w19iX +oLxTQZqRjfSeNmZ6flbBkF/msWggNqSMJCwsRwtZdmYwtb7e7Y/4ndO7ATDm8vMO +4CySgPOF+SiKtFQumu33dvwVaBbrSmzrLhKP1M/+DMdcHQt+BTK+XrAJKkLVyU6Q +s1kNu3p+zdUIWrR/2BxpEfknD3sGr1SDGHvh3VR6UWhud/zGv1JKZkahsmcau6NP +d6C+Xf/8VgtDcneQyp758jn1Dan06tfnsxAvMEI3IcwwcMmGmA/MWE2Du33lGqU3 +jbasMpcAOmNxJB6eN8T/dNQ3wOL+iEZgEd0IP1A2q7h6pJViam6wymohWmnz8/sd +cDmV86dupoGJoYjFO3HKo1Lug7v9oHf05G/nQtttSpmKNEi8F9zkgAgitvIxwD8E +PuufIHnWuAZkZAIx16nNUvuERWkJACrcVYvEBkZLwEodCVs5KP2pq84A+S5ISybm +MEylWMq0RIJP55EeM8Owk/8R/IHSyh9xKd12T5Ilrx2Btw8vjMMGzC8no0rkDpm6 +fB5FH3+qGUWW/fw9AgMBAAGjggEHMIIBAzASBgNVHRMBAf8ECDAGAQH/AgECMA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU4WbPDtHxs0u3BiAU/ocS1fb++z4wHwYD +VR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwaQYIKwYBBQUHAQEEXTBbMCcG +CCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwMAYIKwYBBQUH +MAKGJGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAyBgNVHR8E +KzApMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwDQYJ +KoZIhvcNAQELBQADggIBALZt+HD74g1MmLMHSRX1BMRsysr1aKAI/hJtnAQGya2a +kVI+eMRc7p9UHe7j8V4wyUnhOeCmnTZsV/rmNE9V6IeoLN0F8VgSkejKzih4j98H +hQGl3EWWBdSAsisFmsuapYvgOmfmc0e+Sv0nsYjv5srPjQ4mn/pfV3itbf6umzUI +scO6wQBKS30Uvffx01UYrNAzcIhtxAlxFKYrT4iB5wsAN6kVfX7XAZY/L697Yq4K +Sr9LOS41EIv+BDnkPDoMCVZAOrX0wmgMtflSze6d+Jj8eOdYR48cc1hpM6v/3d+O +JAF3mBk6sGZ5vOEIow5PwQSz8wHI69NZHDXSkx5wZYJ/28/7yJkSYMNEbzqAS9e+ +IaoUemTL3TdDRVsyLkXw2VkfaxjwfOlVNhlhX7V98Y29iOR1S5jdJ7DkhEQqYYRX +BYIRH6o1WPMgDq9Z7/pVcnINJtCbU0mszjcuZWH/9uwb6vbxptPRtXu+NfQiwbyN +Ab1oXoMNL+zW2mMMJ9FUPuSo085LMriRlP/7W0ktdRiounGaO67ZwKlPh5Hti3tr +IJiJOYNPgMRpzBfJyE6+5KmlgXZwBgQyzYNl9Lx9PhO80uhvY6q1O9qNhjKCeJ3Z +zP+/V2R07Sg9RGIVYUv3lLANKmcc8MubpZK/+EFawT1g7Z+7uG2bzqlqFj9+6gbx +-----END CERTIFICATE----- diff --git a/Windows/RevokeChinaCerts_CodeSigning.bat b/Windows/RevokeChinaCerts_CodeSigning.bat index ccef18842ee1490eb2e4eb8f85837b0c215bf5c7..f9ba65e94e518de8a0043747904e793b2f304bb7 100644 --- a/Windows/RevokeChinaCerts_CodeSigning.bat +++ b/Windows/RevokeChinaCerts_CodeSigning.bat @@ -13,7 +13,7 @@ set CertMgr="%cd%\Tools\CertMgr" if %PROCESSOR_ARCHITECTURE%%PROCESSOR_ARCHITEW6432% EQU x86 set CertMgr="%cd%\Tools\CertMgr_x86" set Folder=%cd%\Certs\CodeSigning set /a SetForce = 0 -set SetForceAppender="%cd%\Tools\SoftCertPolicyAppender\SoftCertPolicyAppender" +set SetForceAppender="%cd%\Tools\SoftCertPolicyAppender\Binary\SoftCertPolicyAppender" @echo RevokeChinaCerts CodeSigning batch @echo. @echo Do you want to set force cetificates policy? [Y/N] @@ -33,10 +33,13 @@ goto %UserChoice% :: All version :CASE_1 +if %SetForce% EQU 0 ( :: WoSign Code Signing Authority(UTN-USERFirst-Object) %CertMgr% -add -c "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" -s Disallowed :: WoTrust Code Signing Authority(UTN-USERFirst-Object) %CertMgr% -add -c "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" -s Disallowed +:: Certification Authority of WoSign(UTN-USERFirst-Object) +%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt" -s Disallowed :: 91.Com %CertMgr% -add -c "%Folder%\91Com.crt" -s Disallowed :: Baidu (China) Co., Ltd. @@ -47,8 +50,10 @@ goto %UserChoice% %CertMgr% -add -c "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" -s Disallowed :: Beijing Funshion Online Technologies Ltd. %CertMgr% -add -c "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" -s Disallowed -:: Beijing Kingsoft Security software Co.,Ltd -%CertMgr% -add -c "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd.crt" -s Disallowed +:: Beijing Kingsoft Security software Co.,Ltd(2011-12-26) +%CertMgr% -add -c "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201112.crt" -s Disallowed +:: Beijing Kingsoft Security software Co.,Ltd(2014-12-29) +%CertMgr% -add -c "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201412.crt" -s Disallowed :: BEIJING KUWO TECHNOLOGY CO.,LTD. %CertMgr% -add -c "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" -s Disallowed :: BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. @@ -65,8 +70,10 @@ goto %UserChoice% %CertMgr% -add -c "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" -s Disallowed :: Maxthon (Asia) Limited %CertMgr% -add -c "%Folder%\Maxthon_Asia_Limited.crt" -s Disallowed -:: Meitu.Com -%CertMgr% -add -c "%Folder%\MeituCom.crt" -s Disallowed +:: Meitu.Com(2012-12-18) +%CertMgr% -add -c "%Folder%\MeituCom_201212.crt" -s Disallowed +:: Meitu.Com(2014-11-20) +%CertMgr% -add -c "%Folder%\MeituCom_201411.crt" -s Disallowed :: NetEase(Hangzhou) Network Co. Ltd. %CertMgr% -add -c "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" -s Disallowed :: PPLive Corporation @@ -79,10 +86,10 @@ goto %UserChoice% %CertMgr% -add -c "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" -s Disallowed :: TAOBAO (CHINA) SOFTWARE CO.,LTD. %CertMgr% -add -c "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" -s Disallowed -:: Tencent Technology Shenzhen Company Limited -%CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited.crt" -s Disallowed :: Tencent Technology Shenzhen Company Limited(2010-01-26) %CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" -s Disallowed +:: Tencent Technology Shenzhen Company Limited(2013-01-17) +%CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201301.crt" -s Disallowed :: UC Mobile Limited %CertMgr% -add -c "%Folder%\UC_Mobile_Limited.crt" -s Disallowed :: Wandou Technology Ltd @@ -95,137 +102,115 @@ goto %UserChoice% %CertMgr% -add -c "%Folder%\YlmfCom.crt" -s Disallowed :: YY Inc %CertMgr% -add -c "%Folder%\YY_Inc.crt" -s Disallowed +) else ( :: Set force -@echo. -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\91Com.crt" "%Folder%\Baidu_China_CoLtd.crt" "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt" "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd.crt" "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt" "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt" "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt" "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt" "%Folder%\Kingsoft_Security_CoLtd.crt" "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" "%Folder%\Maxthon_Asia_Limited.crt" "%Folder%\MeituCom.crt" "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" "%Folder%\PPLive_Corporation.crt" "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt" "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt" "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" "%Folder%\UC_Mobile_Limited.crt" "%Folder%\Wandou_Technology_Ltd.crt" "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt" "%Folder%\XiamiCom.crt" "%Folder%\YlmfCom.crt" "%Folder%\YY_Inc.crt") +%SetForceAppender% --set-force "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt" "%Folder%\91Com.crt" "%Folder%\Baidu_China_CoLtd.crt" "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt" "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201112.crt" "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201412.crt" "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt" "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt" "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt" "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt" "%Folder%\Kingsoft_Security_CoLtd.crt" "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" "%Folder%\Maxthon_Asia_Limited.crt" "%Folder%\MeituCom_201212.crt" "%Folder%\MeituCom_201411.crt" "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" "%Folder%\PPLive_Corporation.crt" "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt" "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt" "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201301.crt" "%Folder%\UC_Mobile_Limited.crt" "%Folder%\Wandou_Technology_Ltd.crt" "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt" "%Folder%\XiamiCom.crt" "%Folder%\YlmfCom.crt" "%Folder%\YY_Inc.crt") goto EXIT :: Choice version :CASE_2 set /p UserChoice="Revoke WoSign Code Signing Authority(UTN-USERFirst-Object)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt")) @echo. set /p UserChoice="Revoke WoTrust Code Signing Authority(UTN-USERFirst-Object)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt")) +@echo. +set /p UserChoice="Revoke Certification Authority of WoSign(UTN-USERFirst-Object)? [Y/N]" +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt")) @echo. set /p UserChoice="Revoke 91.Com? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\91Com.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\91Com.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\91Com.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\91Com.crt")) @echo. set /p UserChoice="Revoke Baidu (China) Co., Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Baidu_China_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Baidu_China_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Baidu_China_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Baidu_China_CoLtd.crt")) @echo. set /p UserChoice="Revoke Beijing baidu Netcom science and technology co.ltd? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt")) @echo. set /p UserChoice="Revoke Beijing Baofeng Technology Co., Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt")) @echo. set /p UserChoice="Revoke Beijing Funshion Online Technologies Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt")) @echo. -set /p UserChoice="Revoke Beijing Kingsoft Security software Co.,Ltd? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd.crt")) +set /p UserChoice="Revoke Beijing Kingsoft Security software Co.,Ltd(2011-12-26)? [Y/N]" +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201112.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201112.crt")) +@echo. +set /p UserChoice="Revoke Beijing Kingsoft Security software Co.,Ltd(2014-12-29)? [Y/N]" +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201412.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201412.crt")) @echo. set /p UserChoice="Revoke BEIJING KUWO TECHNOLOGY CO.,LTD.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt")) @echo. set /p UserChoice="Revoke BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt")) @echo. set /p UserChoice="Revoke Beijing Rising Information Technology Corporation Limited? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt")) @echo. set /p UserChoice="Revoke Beijing Sohu New Media Information Technology Co., Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt")) @echo. set /p UserChoice="Revoke Guangzhou Tieren Network Technology Co.,Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt")) @echo. set /p UserChoice="Revoke Kingsoft Security Co.,Ltd? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Kingsoft_Security_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Kingsoft_Security_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Kingsoft_Security_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Kingsoft_Security_CoLtd.crt")) @echo. set /p UserChoice="Revoke LE SHI INTERNET INFORMATION TECHNOLOGY CORP.,BEI JING? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt")) @echo. set /p UserChoice="Revoke Maxthon (Asia) Limited? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Maxthon_Asia_Limited.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Maxthon_Asia_Limited.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Maxthon_Asia_Limited.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Maxthon_Asia_Limited.crt")) +@echo. +set /p UserChoice="Revoke Meitu.Com(2012-12-18)? [Y/N]" +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\MeituCom_201212.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\MeituCom_201212.crt")) @echo. -set /p UserChoice="Revoke Meitu.Com? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\MeituCom.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\MeituCom.crt")) +set /p UserChoice="Revoke Meitu.Com(2014-11-20)? [Y/N]" +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\MeituCom_201411.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\MeituCom_201411.crt")) @echo. set /p UserChoice="Revoke NetEase(Hangzhou) Network Co. Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt")) @echo. set /p UserChoice="Revoke PPLive Corporation? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\PPLive_Corporation.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\PPLive_Corporation.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\PPLive_Corporation.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\PPLive_Corporation.crt")) @echo. set /p UserChoice="Revoke Qihoo 360 Software Beijing Company Limited? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt")) @echo. set /p UserChoice="Revoke Shanghai Quan Tudou Network Technology Co., Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt")) @echo. set /p UserChoice="Revoke ShenZhen Xunlei Networking Technologies Ltd.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt")) @echo. set /p UserChoice="Revoke TAOBAO (CHINA) SOFTWARE CO.,LTD.? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt")) -@echo. -set /p UserChoice="Revoke Tencent Technology Shenzhen Company Limited? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Tencent_Technology_Shenzhen_Company_Limited.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt")) @echo. set /p UserChoice="Revoke Tencent Technology Shenzhen Company Limited(2010-01-26)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt")) +@echo. +set /p UserChoice="Revoke Tencent Technology Shenzhen Company Limited(2013-01-17)? [Y/N]" +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201301.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201301.crt")) @echo. set /p UserChoice="Revoke UC Mobile Limited? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\UC_Mobile_Limited.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\UC_Mobile_Limited.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\UC_Mobile_Limited.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\UC_Mobile_Limited.crt")) @echo. set /p UserChoice="Revoke Wandou Technology Ltd? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Wandou_Technology_Ltd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Wandou_Technology_Ltd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Wandou_Technology_Ltd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Wandou_Technology_Ltd.crt")) @echo. set /p UserChoice="Revoke Xiamen Yitianxia Network Technology Co., Ltd? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt")) @echo. set /p UserChoice="Revoke Xiami.Com? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\XiamiCom.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\XiamiCom.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\XiamiCom.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\XiamiCom.crt")) @echo. set /p UserChoice="Revoke Ylmf.Com? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\YlmfCom.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\YlmfCom.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\YlmfCom.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\YlmfCom.crt")) @echo. set /p UserChoice="Revoke YY Inc? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\YY_Inc.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\YY_Inc.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\YY_Inc.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\YY_Inc.crt")) goto EXIT @@ -235,6 +220,8 @@ goto EXIT %CertMgr% -del -c -sha1 EA36152981E296F9763E1DC74B3262D3928563F8 -s Disallowed :: WoTrust Code Signing Authority(UTN-USERFirst-Object) %CertMgr% -del -c -sha1 B28CCC46D234A7D7CF7F21CCB9406F48A5273CC6 -s Disallowed +:: Certification Authority of WoSign(UTN-USERFirst-Object) +%CertMgr% -del -c -sha1 1C1ECDCCf764E6168177C5711F33EC9229A29F88 -s Disallowed :: 91.Com %CertMgr% -del -c -sha1 E87D1C1D3FE2BCA700EB7B8DC0E45B97EAF19405 -s Disallowed :: Baidu (China) Co., Ltd. @@ -245,8 +232,10 @@ goto EXIT %CertMgr% -del -c -sha1 CB6F65314E5B25D61304AB2C9C8870B574CC21F5 -s Disallowed :: Beijing Funshion Online Technologies Ltd. %CertMgr% -del -c -sha1 9AB5445104C6CCE5A22431CF29C4331CBC328A1B -s Disallowed -:: Beijing Kingsoft Security software Co.,Ltd +:: Beijing Kingsoft Security software Co.,Ltd(2011-01-26) %CertMgr% -del -c -sha1 E88DD1ACD2DB3A352072AA49C675F4944A3FEF82 -s Disallowed +:: Beijing Kingsoft Security software Co.,Ltd(2014-12-29) +%CertMgr% -del -c -sha1 CC9467907AD45574588F4E16F29CA36D5F78C0F8 -s Disallowed :: BEIJING KUWO TECHNOLOGY CO.,LTD. %CertMgr% -del -c -sha1 5FFFD1A3EAE5ED74558913C4A8476D1514C6D61F -s Disallowed :: BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. @@ -263,8 +252,10 @@ goto EXIT %CertMgr% -del -c -sha1 62DF2BC4B5902B52C215C697D06038E3B28CF5D3 -s Disallowed :: Maxthon (Asia) Limited %CertMgr% -del -c -sha1 1481414E8E87412A00D3341167FE3A92C681B830 -s Disallowed -:: Meitu.Com +:: Meitu.Com(2012-12-18) %CertMgr% -del -c -sha1 7B6FAE77BD19FEC5410293344B36124774A6D8F1 -s Disallowed +:: Meitu.Com(2014-11-20) +%CertMgr% -del -c -sha1 EBA2ADB1C0B7A61E5BA25B8356387F27049BA1A1 -s Disallowed :: NetEase(Hangzhou) Network Co. Ltd. %CertMgr% -del -c -sha1 E0387F3AF5752A4620EC617C39153C0E666CF5F8 -s Disallowed :: PPLive Corporation @@ -277,10 +268,10 @@ goto EXIT %CertMgr% -del -c -sha1 4099665730474153EADF671B8B475C03C08A46D0 -s Disallowed :: TAOBAO (CHINA) SOFTWARE CO.,LTD. %CertMgr% -del -c -sha1 E5777A69CAFD7F7C6F89C5297DD1159C7AE9B881 -s Disallowed -:: Tencent Technology Shenzhen Company Limited -%CertMgr% -del -c -sha1 2FDD445591CD2EEDBEF8B8A281896A59C08B3DC9 -s Disallowed :: Tencent Technology Shenzhen Company Limited(2010-01-26) %CertMgr% -del -c -sha1 8B46390D86B891E5A3D3AAB2B00D6FDB27A0F791 -s Disallowed +:: Tencent Technology Shenzhen Company Limited(2013-01-17) +%CertMgr% -del -c -sha1 2FDD445591CD2EEDBEF8B8A281896A59C08B3DC9 -s Disallowed :: UC Mobile Limited %CertMgr% -del -c -sha1 1540C77B5D19FC5A71A04DB001488E55B45DDC7F -s Disallowed :: Wandou Technology Ltd @@ -295,7 +286,7 @@ goto EXIT %CertMgr% -del -c -sha1 B3B89CD7940DC67E4291A3EE767AC17A3BC9E620 -s Disallowed :: Unset force @echo. -if %SetForce% EQU 1 (%SetForceAppender% -r --unset-force "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\91Com.crt" "%Folder%\Baidu_China_CoLtd.crt" "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt" "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd.crt" "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt" "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt" "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt" "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt" "%Folder%\Kingsoft_Security_CoLtd.crt" "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" "%Folder%\Maxthon_Asia_Limited.crt" "%Folder%\MeituCom.crt" "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" "%Folder%\PPLive_Corporation.crt" "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt" "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt" "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" "%Folder%\UC_Mobile_Limited.crt" "%Folder%\Wandou_Technology_Ltd.crt" "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt" "%Folder%\XiamiCom.crt" "%Folder%\YlmfCom.crt" "%Folder%\YY_Inc.crt") +if %SetForce% EQU 1 (%SetForceAppender% -r --unset-force "%Folder%\WoSign_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\WoTrust_Code_Signing_Authority_UTN_USERFirst_Object.crt" "%Folder%\Certification_Authority_Of_WoSign_UTN_USERFirst_Object.crt" "%Folder%\91Com.crt" "%Folder%\Baidu_China_CoLtd.crt" "%Folder%\Beijing_Baidu_Netcom_Science_And_Technology_CoLtd.crt" "%Folder%\Beijing_Baofeng_Technology_CoLtd.crt" "%Folder%\Beijing_Funshion_Online_Technologies_Ltd.crt" "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201112.crt" "%Folder%\Beijing_Kingsoft_Security_Software_CoLtd_201412.crt" "%Folder%\BEIJING_KUWO_TECHNOLOGY_COLTD.crt" "%Folder%\BEIJING_QIYI_CENTURY_SCIENCE_TECHNOLOGY_COLTD.crt" "%Folder%\Beijing_Rising_Information_Technology_Corporation_Limited.crt" "%Folder%\Beijing_Sohu_New_Media_Information_Technology_CoLtd.crt" "%Folder%\Guangzhou_Tieren_Network_Technology_CoLtd.crt" "%Folder%\Kingsoft_Security_CoLtd.crt" "%Folder%\LE_SHI_INTERNET_INFORMATION_TECHNOLOGY_CORP_BEIJING.crt" "%Folder%\Maxthon_Asia_Limited.crt" "%Folder%\MeituCom_201212.crt" "%Folder%\MeituCom_201411.crt" "%Folder%\NetEase_Hangzhou_Network_CoLtd.crt" "%Folder%\PPLive_Corporation.crt" "%Folder%\Qihoo_360_Software_Beijing_Company_Limited.crt" "%Folder%\Shanghai_Quan_Tudou_Network_Technology_CoLtd.crt" "%Folder%\ShenZhen_Xunlei_Networking_Technologies_Ltd.crt" "%Folder%\TAOBAO_CHINA_SOFTWARE_COLTD.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201001.crt" "%Folder%\Tencent_Technology_Shenzhen_Company_Limited_201301.crt" "%Folder%\UC_Mobile_Limited.crt" "%Folder%\Wandou_Technology_Ltd.crt" "%Folder%\Xiamen_Yitianxia_Network_Technology_CoLtd.crt" "%Folder%\XiamiCom.crt" "%Folder%\YlmfCom.crt" "%Folder%\YY_Inc.crt") :: Print to screen. diff --git a/Windows/RevokeChinaCerts_Online.bat b/Windows/RevokeChinaCerts_Online.bat index ca5e50661a354010830c5b5b1b7dd2e0ecf85c01..340dc90243b8f9f366e76042be281c89f5f5269e 100644 --- a/Windows/RevokeChinaCerts_Online.bat +++ b/Windows/RevokeChinaCerts_Online.bat @@ -69,12 +69,18 @@ goto %UserChoice% :: Certification Authority of WoSign 2(StartCom/2011-03-01) %CertMgr% -del -c -sha1 692790DA5189529CC5CE1E16E984277A03023E99 -s -r localMachine CA %CertMgr% -del -c -sha1 692790DA5189529CC5CE1E16E984277A03023E99 -s -r CurrentUser CA -:: Certification Authority of WoSign(StartCom/2006-09-18) +:: Certification Authority of WoSign 1(StartCom/2006-09-18) %CertMgr% -del -c -sha1 804E5FB7DE84F5F5B28347233EAF07846B6070D3 -s -r localMachine CA %CertMgr% -del -c -sha1 804E5FB7DE84F5F5B28347233EAF07846B6070D3 -s -r CurrentUser CA -:: Certification Authority of WoSign(Chinese/StartCom) [v998] +:: Certification Authority of WoSign 2(StartCom/2006-09-18) [v998] +%CertMgr% -del -c -sha1 B0B68AE97CFE2AFACD0DC2010B9D70ACE593E8A6 -s -r localMachine CA +%CertMgr% -del -c -sha1 B0B68AE97CFE2AFACD0DC2010B9D70ACE593E8A6 -s -r localMachine CA +:: Certification Authority of WoSign 1(Chinese/StartCom) [v998] %CertMgr% -del -c -sha1 D8EFF6C28BB508E4702565F42748454A872BD412 -s -r localMachine CA %CertMgr% -del -c -sha1 D8EFF6C28BB508E4702565F42748454A872BD412 -s -r CurrentUser CA +:: Certification Authority of WoSign 2(Chinese/StartCom) [v998] +%CertMgr% -del -c -sha1 CE335662F0EA6764B95C7F50A995A514ACE8C815 -s -r localMachine CA +%CertMgr% -del -c -sha1 CE335662F0EA6764B95C7F50A995A514ACE8C815 -s -r CurrentUser CA :: Certification Authority of WoSign(USERTrust) [v998] %CertMgr% -del -c -sha1 56FAADDC596DCF78D585D83A35BC04B690D12736 -s -r localMachine CA %CertMgr% -del -c -sha1 56FAADDC596DCF78D585D83A35BC04B690D12736 -s -r CurrentUser CA @@ -166,8 +172,10 @@ goto %UserChoice% %CertMgr% -add -c "%Folder%\CA_WoSign_ECC_Root.crt" -s Disallowed %CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_201103_1.crt" -s Disallowed %CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_201103_2.crt" -s Disallowed -%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_200609.crt" -s Disallowed -%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_Chinese_StartCom.crt" -s Disallowed +%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_200609_1.crt" -s Disallowed +%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_StartCom_200609_2.crt" -s Disallowed +%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_Chinese_StartCom_1.crt" -s Disallowed +%CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_Chinese_StartCom_2.crt" -s Disallowed %CertMgr% -add -c "%Folder%\Certification_Authority_Of_WoSign_USERTrust.crt" -s Disallowed %CertMgr% -add -c "%Folder%\WoSign_Premium_Server_Authority_USERTrust.crt" -s Disallowed %CertMgr% -add -c "%Folder%\WoSign_Server_Authority_USERTrust.crt" -s Disallowed @@ -407,10 +415,14 @@ goto EXIT %CertMgr% -del -c -sha1 868241C8B85AF79E2DAC79EDADB723E82A36AFC3 -s Disallowed :: Certification Authority of WoSign 2(StartCom/2011-03-01) %CertMgr% -del -c -sha1 692790DA5189529CC5CE1E16E984277A03023E99 -s Disallowed -:: Certification Authority of WoSign(StartCom/2006-09-18) +:: Certification Authority of WoSign 1(StartCom/2006-09-18) %CertMgr% -del -c -sha1 804E5FB7DE84F5F5B28347233EAF07846B6070D3 -s Disallowed -:: Certification Authority of WoSign(Chinese/StartCom) [v998] +:: Certification Authority of WoSign 2(StartCom/2006-09-18) [v998] +%CertMgr% -del -c -sha1 B0B68AE97CFE2AFACD0DC2010B9D70ACE593E8A6 -s Disallowed +:: Certification Authority of WoSign 1(Chinese/StartCom) [v998] %CertMgr% -del -c -sha1 D8EFF6C28BB508E4702565F42748454A872BD412 -s Disallowed +:: Certification Authority of WoSign 2(Chinese/StartCom) [v998] +%CertMgr% -del -c -sha1 CE335662F0EA6764B95C7F50A995A514ACE8C815 -s Disallowed :: Certification Authority of WoSign(USERTrust) [v998] %CertMgr% -del -c -sha1 56FAADDC596DCF78D585D83A35BC04B690D12736 -s Disallowed :: WoSign Premium Server Authority(USERTrust) diff --git a/Windows/RevokeChinaCerts_Organization.bat b/Windows/RevokeChinaCerts_Organization.bat index 82f9959ee3a451feaa7a3ac98556e0c3d14cb5d3..c629cbe58fdb31c45fc66dbb33af19b52fb8f69e 100644 --- a/Windows/RevokeChinaCerts_Organization.bat +++ b/Windows/RevokeChinaCerts_Organization.bat @@ -13,7 +13,7 @@ set CertMgr="%cd%\Tools\CertMgr" if %PROCESSOR_ARCHITECTURE%%PROCESSOR_ARCHITEW6432% EQU x86 set CertMgr="%cd%\Tools\CertMgr_x86" set Folder=%cd%\Certs\Organization set /a SetForce = 0 -set SetForceAppender="%cd%\Tools\SoftCertPolicyAppender\SoftCertPolicyAppender" +set SetForceAppender="%cd%\Tools\SoftCertPolicyAppender\Binary\SoftCertPolicyAppender" @echo RevokeChinaCerts Organization batch @echo. @echo Do you want to set force cetificates policy? [Y/N] @@ -33,6 +33,7 @@ goto %UserChoice% :: All version :CASE_1 +if %SetForce% EQU 0 ( :: ABC %CertMgr% -add -c "%Folder%\ABC.crt" -s Disallowed :: ABC TEST CA @@ -93,137 +94,108 @@ goto %UserChoice% %CertMgr% -add -c "%Folder%\SZCA_200307.crt" -s Disallowed :: TenpayCom Root CA %CertMgr% -add -c "%Folder%\TenpayCom_Root_CA.crt" -s Disallowed +) else ( :: Set force -@echo. -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ABC.crt" "%Folder%\ABC_TEST_CA.crt" "%Folder%\ABC2048.crt" "%Folder%\AlibabaCom_Corporation_Root_CA.crt" "%Folder%\ALIPAY_ROOT.crt" "%Folder%\Alipay_Trust_NetWork.crt" "%Folder%\BOCOMCA.crt" "%Folder%\CCB_CA_ROOT_199906.crt" "%Folder%\CCB_CA_ROOT_200906.crt" "%Folder%\CFCA.crt" "%Folder%\CFCA_CS_CA.crt" "%Folder%\CFCA_CS_TEST_CA.crt" "%Folder%\CFCA_Operation_CA3.crt" "%Folder%\CFCA_RCA.crt" "%Folder%\CFCA_Root_CA.crt" "%Folder%\CFCA_RSA_RCA.crt" "%Folder%\China_Trust_Network_1.crt" "%Folder%\China_Trust_Network_2.crt" "%Folder%\China_Trust_Network_3.crt" "%Folder%\ICBC.crt" "%Folder%\ICBC_Root_CA.crt" "%Folder%\IcbcCA.crt" "%Folder%\iTruschina_CN_Root_CA_1.crt" "%Folder%\iTruschina_CN_Root_CA_2.crt" "%Folder%\iTruschina_CN_Root_CA_3.crt" "%Folder%\Personal_ICBC_CA.crt" "%Folder%\ROOTCA_OSCCA.crt" "%Folder%\SZCA.crt" "%Folder%\SZCA_200307.crt" "%Folder%\TenpayCom_Root_CA.crt") +%SetForceAppender% --set-force "%Folder%\ABC.crt" "%Folder%\ABC_TEST_CA.crt" "%Folder%\ABC2048.crt" "%Folder%\AlibabaCom_Corporation_Root_CA.crt" "%Folder%\ALIPAY_ROOT.crt" "%Folder%\Alipay_Trust_NetWork.crt" "%Folder%\BOCOMCA.crt" "%Folder%\CCB_CA_ROOT_199906.crt" "%Folder%\CCB_CA_ROOT_200906.crt" "%Folder%\CFCA.crt" "%Folder%\CFCA_CS_CA.crt" "%Folder%\CFCA_CS_TEST_CA.crt" "%Folder%\CFCA_Operation_CA3.crt" "%Folder%\CFCA_RCA.crt" "%Folder%\CFCA_Root_CA.crt" "%Folder%\CFCA_RSA_RCA.crt" "%Folder%\China_Trust_Network_1.crt" "%Folder%\China_Trust_Network_2.crt" "%Folder%\China_Trust_Network_3.crt" "%Folder%\ICBC.crt" "%Folder%\ICBC_Root_CA.crt" "%Folder%\IcbcCA.crt" "%Folder%\iTruschina_CN_Root_CA_1.crt" "%Folder%\iTruschina_CN_Root_CA_2.crt" "%Folder%\iTruschina_CN_Root_CA_3.crt" "%Folder%\Personal_ICBC_CA.crt" "%Folder%\ROOTCA_OSCCA.crt" "%Folder%\SZCA.crt" "%Folder%\SZCA_200307.crt" "%Folder%\TenpayCom_Root_CA.crt") goto EXIT :: Choice version :CASE_2 set /p UserChoice="Revoke ABC? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ABC.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ABC.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ABC.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ABC.crt")) @echo. set /p UserChoice="Revoke ABC TEST CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ABC_TEST_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force %Folder%\ABC_TEST_CA.crt"")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ABC_TEST_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force %Folder%\ABC_TEST_CA.crt"")) @echo. set /p UserChoice="Revoke ABC2048? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ABC2048.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force %Folder%\ABC2048.crt"")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ABC2048.crt" -s Disallowed) else (%SetForceAppender% --set-force %Folder%\ABC2048.crt"")) @echo. set /p UserChoice="Revoke Alibaba.com Corporation Root CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\AlibabaCom_Corporation_Root_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\AlibabaCom_Corporation_Root_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\AlibabaCom_Corporation_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\AlibabaCom_Corporation_Root_CA.crt")) @echo. set /p UserChoice="Revoke ALIPAY_ROOT? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ALIPAY_ROOT.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ALIPAY_ROOT.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ALIPAY_ROOT.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ALIPAY_ROOT.crt")) @echo. set /p UserChoice="Revoke Alipay Trust NetWork? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Alipay_Trust_NetWork.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Alipay_Trust_NetWork.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Alipay_Trust_NetWork.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Alipay_Trust_NetWork.crt")) @echo. set /p UserChoice="Revoke BOCOMCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\BOCOMCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\BOCOMCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\BOCOMCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\BOCOMCA.crt")) @echo. set /p UserChoice="Revoke CCB CA ROOT(1999-06-29)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_199906.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_199906.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_199906.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_199906.crt")) @echo. set /p UserChoice="Revoke CCB CA ROOT(2009-06-01)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_200906.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_200906.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CCB_CA_ROOT_200906.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CCB_CA_ROOT_200906.crt")) @echo. set /p UserChoice="Revoke CFCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA.crt")) @echo. set /p UserChoice="Revoke CFCA CS CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_CS_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_CS_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_CS_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_CS_CA.crt")) @echo. set /p UserChoice="Revoke CFCA CS TEST CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_CS_TEST_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_CS_TEST_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_CS_TEST_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_CS_TEST_CA.crt")) @echo. set /p UserChoice="Revoke CFCA Operation CA3? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_Operation_CA3.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_Operation_CA3.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_Operation_CA3.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_Operation_CA3.crt")) @echo. set /p UserChoice="Revoke CFCA RCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_RCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_RCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_RCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_RCA.crt")) @echo. set /p UserChoice="Revoke CFCA Root CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_Root_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_Root_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_Root_CA.crt")) @echo. set /p UserChoice="Revoke CFCA RSA RCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\CFCA_RSA_RCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\CFCA_RSA_RCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\CFCA_RSA_RCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\CFCA_RSA_RCA.crt")) @echo. set /p UserChoice="Revoke China Trust Network(1)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\China_Trust_Network_1.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_1.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\China_Trust_Network_1.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_1.crt")) @echo. set /p UserChoice="Revoke China Trust Network(2)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\China_Trust_Network_2.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_2.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\China_Trust_Network_2.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_2.crt")) @echo. set /p UserChoice="Revoke China Trust Network(3)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\China_Trust_Network_3.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_3.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\China_Trust_Network_3.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\China_Trust_Network_3.crt")) @echo. set /p UserChoice="Revoke ICBC? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ICBC.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ICBC.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ICBC.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ICBC.crt")) @echo. set /p UserChoice="Revoke ICBC Root CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ICBC_Root_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ICBC_Root_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ICBC_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ICBC_Root_CA.crt")) @echo. set /p UserChoice="Revoke IcbcCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\IcbcCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\IcbcCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\IcbcCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\IcbcCA.crt")) @echo. set /p UserChoice="Revoke iTruschina CN Root CA(1)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_1.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_1.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_1.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_1.crt")) @echo. set /p UserChoice="Revoke iTruschina CN Root CA(2)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_2.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_2.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_2.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_2.crt")) @echo. set /p UserChoice="Revoke iTruschina CN Root CA(3)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_3.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_3.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\iTruschina_CN_Root_CA_3.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\iTruschina_CN_Root_CA_3.crt")) @echo. set /p UserChoice="Revoke Personal ICBC CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\Personal_ICBC_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\Personal_ICBC_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\Personal_ICBC_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\Personal_ICBC_CA.crt")) @echo. set /p UserChoice="Revoke ROOTCA OSCCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\ROOTCA_OSCCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\ROOTCA_OSCCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\ROOTCA_OSCCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\ROOTCA_OSCCA.crt")) @echo. set /p UserChoice="Revoke SZCA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\SZCA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\SZCA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\SZCA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\SZCA.crt")) @echo. set /p UserChoice="Revoke SZCA(20030722)? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\SZCA_200307.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\SZCA_200307.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\SZCA_200307.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\SZCA_200307.crt")) @echo. set /p UserChoice="Revoke TenpayCom Root CA? [Y/N]" -if /i %UserChoice% EQU Y (%CertMgr% -add -c "%Folder%\TenpayCom_Root_CA.crt" -s Disallowed -if %SetForce% EQU 1 (%SetForceAppender% --set-force "%Folder%\TenpayCom_Root_CA.crt")) +if /i %UserChoice% EQU Y (if %SetForce% EQU 0 (%CertMgr% -add -c "%Folder%\TenpayCom_Root_CA.crt" -s Disallowed) else (%SetForceAppender% --set-force "%Folder%\TenpayCom_Root_CA.crt")) goto EXIT :: Restore certificates +:CASE_3 :: ABC %CertMgr% -del -c -sha1 78D0CDF5752D1E5B58A674644CFE3499BF02F9EF -s Disallowed :: ABC TEST CA diff --git a/Windows/Tools/SoftCertPolicyAppender/Source/.gitignore b/Windows/Tools/SoftCertPolicyAppender/.gitignore similarity index 100% rename from Windows/Tools/SoftCertPolicyAppender/Source/.gitignore rename to Windows/Tools/SoftCertPolicyAppender/.gitignore diff --git a/Windows/Tools/SoftCertPolicyAppender/LocalPolicy.dll b/Windows/Tools/SoftCertPolicyAppender/Binary/LocalPolicy.dll similarity index 100% rename from Windows/Tools/SoftCertPolicyAppender/LocalPolicy.dll rename to Windows/Tools/SoftCertPolicyAppender/Binary/LocalPolicy.dll diff --git a/Windows/Tools/SoftCertPolicyAppender/SoftCertPolicyAppender.exe b/Windows/Tools/SoftCertPolicyAppender/Binary/SoftCertPolicyAppender.exe similarity index 72% rename from Windows/Tools/SoftCertPolicyAppender/SoftCertPolicyAppender.exe rename to Windows/Tools/SoftCertPolicyAppender/Binary/SoftCertPolicyAppender.exe index 6d128dbaf42b7c6ea109687874feefe4cabe8ff6..c13253c8104003894122344ec901297bd56fcf9a 100644 Binary files a/Windows/Tools/SoftCertPolicyAppender/SoftCertPolicyAppender.exe and b/Windows/Tools/SoftCertPolicyAppender/Binary/SoftCertPolicyAppender.exe differ diff --git a/Windows/Tools/SoftCertPolicyAppender/README.md b/Windows/Tools/SoftCertPolicyAppender/README.md new file mode 100644 index 0000000000000000000000000000000000000000..0ccdc1a3fa7fcbfc92f22e469a5a6dd7f7c61463 --- /dev/null +++ b/Windows/Tools/SoftCertPolicyAppender/README.md @@ -0,0 +1,16 @@ +## 使用方法 +SoftCertPolicyAppender.exe <å‚æ•°> <è¯ä¹¦è·¯å¾„> +SoftCertPolicyAppender.exe <å‚æ•°> <è¯ä¹¦è·¯å¾„> <è¯ä¹¦è·¯å¾„2> ... + +## å‚数说明 +* --set-force å¯ç”¨å¼ºåˆ¶ç–ç•¥ +* --unset-force å–消强制ç–ç•¥ +* -r 移除è¯ä¹¦è§„则 +* -h æ˜¾ç¤ºå¸®åŠ©ä¿¡æ¯ + +## 备注 +- 需è¦ç®¡ç†å‘˜æƒé™ +- 需è¦[.NET Framework 4.0](http://www.microsoft.com/en-us/download/details.aspx?id=17718) + +## 引用组件 +[Local-Policy](https://bitbucket.org/MartinEden/local-policy/overview) diff --git a/Windows/Tools/SoftCertPolicyAppender/Source/README.md b/Windows/Tools/SoftCertPolicyAppender/Source/README.md deleted file mode 100644 index 963b928bafcd84774317351eabc44d55e22f5aea..0000000000000000000000000000000000000000 --- a/Windows/Tools/SoftCertPolicyAppender/Source/README.md +++ /dev/null @@ -1,20 +0,0 @@ -## 使用方法 ## -SoftCertPolicyAppender.exe <å‚æ•°> <è¯ä¹¦è·¯å¾„> - -SoftCertPolicyAppender.exe <å‚æ•°> <è¯ä¹¦è·¯å¾„> <è¯ä¹¦è·¯å¾„2> ... - -**å‚数说明** - -- --set-force å¯ç”¨å¼ºåˆ¶ç–ç•¥ -- --unset-force å–消强制ç–ç•¥ -- -r 移除è¯ä¹¦è§„则 -- -h æ˜¾ç¤ºå¸®åŠ©ä¿¡æ¯ - - -## 备注 ## -- 需è¦ç®¡ç†å‘˜æƒé™ -- 需è¦[.net framework 4.0](http://www.microsoft.com/en-us/download/details.aspx?id=17718) - - -## 引用组件 ## -[local-policy](https://bitbucket.org/MartinEden/local-policy/overview) diff --git a/Windows/Tools/SoftCertPolicyAppender/Source/SoftCertPolicyAppender/Program.cs b/Windows/Tools/SoftCertPolicyAppender/Source/SoftCertPolicyAppender/Program.cs index 436a7649b7394f88944157e8ffab071b2c00252c..8b513e491ef4007f41908831591920f6bfc05568 100644 --- a/Windows/Tools/SoftCertPolicyAppender/Source/SoftCertPolicyAppender/Program.cs +++ b/Windows/Tools/SoftCertPolicyAppender/Source/SoftCertPolicyAppender/Program.cs @@ -1,4 +1,5 @@ using System; +using System.IO; using System.Linq; using System.Security.Cryptography.X509Certificates; @@ -12,7 +13,7 @@ namespace SoftCertPolicyAppender var flag = 0; var cers = args.Where(x => x.EndsWith(".cer") || x.EndsWith(".crt") || x.EndsWith(".pem")).ToArray(); - if (args.Contains("-h") || args.Contains("--help")||args.Length==0) + if (args.Contains("-h") || args.Contains("--help") || args.Length==0) { const string usage = @"Usage: SoftwareRestrictionPolicyController.exe [Option]... [CertFile]... Config software restriction policy by cli. @@ -56,21 +57,44 @@ CertFiles: Console.Write("{0}.", i + 1); Console.ResetColor(); - switch (flag) + bool retry; + do { - case 0: - SoftwareRestrictionPolicyController.AddCertRule(cert); - Console.Write("Add cert policy for "); - break; - case 1: - SoftwareRestrictionPolicyController.RemoveCertRule(cert); - Console.Write("Remove cert policy for "); - break; - } + retry = false; + try + { + switch (flag) + { + case 0: + SoftwareRestrictionPolicyController.AddCertRule(cert); + Console.Write("Add cert policy for "); + break; + case 1: + SoftwareRestrictionPolicyController.RemoveCertRule(cert); + Console.Write("Remove cert policy for "); + break; + } - Console.ForegroundColor = ConsoleColor.Yellow; - Console.WriteLine("{0}({1})", cert.Subject, cert.Thumbprint); - Console.ResetColor(); + Console.ForegroundColor = ConsoleColor.Yellow; + Console.WriteLine("{0}({1})", cert.Subject, cert.Thumbprint); + Console.ResetColor(); + } + catch (FileLoadException ex) + { + Console.Write(ex.Message+" Please select Retry, Ignore or Abort(R|I|A):"); + var select= (Console.ReadLine()??"").ToLower(); + switch (select) + { + case "i": + break; + case "a": + return; + default: + retry = true; + break; + } + } + } while (retry); } catch (Exception e) {