IOS/ES: Verify containers in ImportTitleInit

Source/Core/Core/IOS/ES/ES.h

@@ -114,7 +114,8 @@ public:
   // Title management
   ReturnCode ImportTicket(const std::vector<u8>& ticket_bytes, const std::vector<u8>& cert_chain);
   ReturnCode ImportTmd(Context& context, const std::vector<u8>& tmd_bytes);
-  ReturnCode ImportTitleInit(Context& context, const std::vector<u8>& tmd_bytes);
+  ReturnCode ImportTitleInit(Context& context, const std::vector<u8>& tmd_bytes,
+                             const std::vector<u8>& cert_chain);
   ReturnCode ImportContentBegin(Context& context, u64 title_id, u32 content_id);
   ReturnCode ImportContentData(Context& context, u32 content_fd, const u8* data, u32 data_size);
   ReturnCode ImportContentEnd(Context& context, u32 content_fd);

Source/Core/Core/IOS/ES/TitleManagement.cpp

@@ -123,7 +123,8 @@ IPCCommandResult ES::ImportTmd(Context& context, const IOCtlVRequest& request)
   return GetDefaultReply(ImportTmd(context, tmd));
 }
 
-ReturnCode ES::ImportTitleInit(Context& context, const std::vector<u8>& tmd_bytes)
+ReturnCode ES::ImportTitleInit(Context& context, const std::vector<u8>& tmd_bytes,
+                               const std::vector<u8>& cert_chain)
 {
   INFO_LOG(IOS_ES, "ImportTitleInit");
   context.title_import.tmd.SetBytes(tmd_bytes);
@@ -136,11 +137,34 @@ ReturnCode ES::ImportTitleInit(Context& context, const std::vector<u8>& tmd_byte
   // Finish a previous import (if it exists).
   FinishStaleImport(context.title_import.tmd.GetTitleId());
 
+  ReturnCode ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore,
+                                   context.title_import.tmd, cert_chain);
+  if (ret != IPC_SUCCESS)
+  {
+    context.title_import.tmd.SetBytes({});
+    return ret;
+  }
+
+  const auto ticket = DiscIO::FindSignedTicket(context.title_import.tmd.GetTitleId());
+  if (!ticket.IsValid())
+    return ES_NO_TICKET;
+
+  std::vector<u8> cert_store;
+  ret = ReadCertStore(&cert_store);
+  if (ret != IPC_SUCCESS)
+    return ret;
+
+  ret = VerifyContainer(VerifyContainerType::Ticket, VerifyMode::DoNotUpdateCertStore, ticket,
+                        cert_store);
+  if (ret != IPC_SUCCESS)
+  {
+    context.title_import.tmd.SetBytes({});
+    return ret;
+  }
+
   if (!InitImport(context.title_import.tmd.GetTitleId()))
     return ES_EIO;
 
-  // TODO: check and use the other vectors.
-
   return IPC_SUCCESS;
 }
 
@@ -154,7 +178,9 @@ IPCCommandResult ES::ImportTitleInit(Context& context, const IOCtlVRequest& requ
 
   std::vector<u8> tmd(request.in_vectors[0].size);
   Memory::CopyFromEmu(tmd.data(), request.in_vectors[0].address, request.in_vectors[0].size);
-  return GetDefaultReply(ImportTitleInit(context, tmd));
+  std::vector<u8> certs(request.in_vectors[1].size);
+  Memory::CopyFromEmu(certs.data(), request.in_vectors[1].address, request.in_vectors[1].size);
+  return GetDefaultReply(ImportTitleInit(context, tmd, certs));
 }
 
 ReturnCode ES::ImportContentBegin(Context& context, u64 title_id, u32 content_id)

Source/Core/UICommon/WiiUtils.cpp

@@ -28,7 +28,7 @@ bool InstallWAD(const std::string& wad_path)
 
   IOS::HLE::Device::ES::Context context;
   if (es->ImportTicket(wad.GetTicket().GetBytes(), wad.GetCertificateChain()) < 0 ||
-      es->ImportTitleInit(context, tmd.GetBytes()) < 0)
+      es->ImportTitleInit(context, tmd.GetBytes(), wad.GetCertificateChain()) < 0)
   {
     PanicAlertT("WAD installation failed: Could not initialise title import.");
     return false;