private Native.WINTRUST_DATA InitializeWinTrustDataStruct(string filePath, WinTrustDataKind kind, uint signatureIndex = 0)
{
// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa382384(v=vs.85).aspx
// which was used to drive data initialization, API use and comments in this code.
var winTrustData = new Native.WINTRUST_DATA();
winTrustData.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_DATA));
var fileInfo = new Native.WINTRUST_FILE_INFO();
fileInfo.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO));
fileInfo.pcwszFilePath = filePath;
winTrustData.pFile = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO)));
Marshal.StructureToPtr(fileInfo, winTrustData.pFile, false);
winTrustData.pPolicyCallbackData = IntPtr.Zero; // Use default code signing EKU
winTrustData.pSIPClientData = IntPtr.Zero; // No data to pass to SIP
winTrustData.UIChoice = Native.UIChoice.WTD_UI_NONE; // Disable all UI on execution
winTrustData.UIContext = 0;
winTrustData.UIContext = Native.UIContext.WTD_UICONTEXT_EXECUTE; // File is intended to be executed
winTrustData.UnionChoice = Native.UnionChoice.WTD_CHOICE_FILE; // We're verifying a file
winTrustData.RevocationChecks = Native.RevocationChecks.WTD_REVOKE_WHOLECHAIN; // Revocation checking on whole chain.
winTrustData.dwProvFlags = Native.ProviderFlags.WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; // Don't reach across the network
winTrustData.dwProvFlags |= Native.ProviderFlags.WTD_CACHE_ONLY_URL_RETRIEVAL;
winTrustData.pwszURLReference = null; // Reserved for future use
winTrustData.StateAction = Native.StateAction.WTD_STATEACTION_VERIFY;
winTrustData.hWVTStateData = IntPtr.Zero; // This value set by API call
if (kind != WinTrustDataKind.Normal)
{
Native.SignatureSettingsFlags flags = Native.SignatureSettingsFlags.WSS_GET_SECONDARY_SIG_COUNT;
if (kind == WinTrustDataKind.EnforcePolicy)
{
flags = Native.SignatureSettingsFlags.WSS_VERIFY_SPECIFIC;
}
var signatureSettings = new Native.WINTRUST_SIGNATURE_SETTINGS();
signatureSettings.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS));
signatureSettings.dwIndex = signatureIndex;
signatureSettings.dwFlags = flags;
signatureSettings.cSecondarySigs = 0;
signatureSettings.dwVerifiedSigIndex = 0;
var policy = new Native.CERT_STRONG_SIGN_PARA();
policy.cbStruct = (uint)Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA));
policy.dwInfoChoice = Native.InfoChoice.CERT_STRONG_SIGN_OID_INFO_CHOICE;
policy.pszOID = Native.szOID_CERT_STRONG_SIGN_OS_1;
signatureSettings.pCryptoPolicy = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA)));
Marshal.StructureToPtr(policy, signatureSettings.pCryptoPolicy, false);
winTrustData.pSignatureSettings = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS)));
Marshal.StructureToPtr(signatureSettings, winTrustData.pSignatureSettings, false);
}
return(winTrustData);
}
private Native.WINTRUST_DATA InitializeWinTrustDataStruct(string filePath, WinTrustDataKind kind, uint signatureIndex = 0)
{
// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa382384(v=vs.85).aspx
// which was used to drive data initialization, API use and comments in this code.
var winTrustData = new Native.WINTRUST_DATA();
winTrustData.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_DATA));
var fileInfo = new Native.WINTRUST_FILE_INFO();
fileInfo.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO));
fileInfo.pcwszFilePath = filePath;
winTrustData.pFile = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO)));
Marshal.StructureToPtr(fileInfo, winTrustData.pFile, false);
winTrustData.pPolicyCallbackData = IntPtr.Zero; // Use default code signing EKU
winTrustData.pSIPClientData = IntPtr.Zero; // No data to pass to SIP
winTrustData.UIChoice = Native.UIChoice.WTD_UI_NONE; // Disable all UI on execution
winTrustData.UIContext = 0;
winTrustData.UIContext = Native.UIContext.WTD_UICONTEXT_EXECUTE; // File is intended to be executed
winTrustData.UnionChoice = Native.UnionChoice.WTD_CHOICE_FILE; // We're verifying a file
winTrustData.RevocationChecks = Native.RevocationChecks.WTD_REVOKE_WHOLECHAIN; // Revocation checking on whole chain.
winTrustData.dwProvFlags = Native.ProviderFlags.WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; // Don't reach across the network
winTrustData.dwProvFlags |= Native.ProviderFlags.WTD_CACHE_ONLY_URL_RETRIEVAL;
winTrustData.pwszURLReference = null; // Reserved for future use
winTrustData.StateAction = Native.StateAction.WTD_STATEACTION_VERIFY;
winTrustData.hWVTStateData = IntPtr.Zero; // This value set by API call
if (kind != WinTrustDataKind.Normal)
{
Native.SignatureSettingsFlags flags = Native.SignatureSettingsFlags.WSS_GET_SECONDARY_SIG_COUNT;
if (kind == WinTrustDataKind.EnforcePolicy)
{
flags = Native.SignatureSettingsFlags.WSS_VERIFY_SPECIFIC;
}
var signatureSettings = new Native.WINTRUST_SIGNATURE_SETTINGS();
signatureSettings.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS));
signatureSettings.dwIndex = signatureIndex;
signatureSettings.dwFlags = flags;
signatureSettings.cSecondarySigs = 0;
signatureSettings.dwVerifiedSigIndex = 0;
var policy = new Native.CERT_STRONG_SIGN_PARA();
policy.cbStruct = (uint)Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA));
policy.dwInfoChoice = Native.InfoChoice.CERT_STRONG_SIGN_OID_INFO_CHOICE;
policy.pszOID = Native.szOID_CERT_STRONG_SIGN_OS_1;
signatureSettings.pCryptoPolicy = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA)));
Marshal.StructureToPtr(policy, signatureSettings.pCryptoPolicy, false);
winTrustData.pSignatureSettings = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS)));
Marshal.StructureToPtr(signatureSettings, winTrustData.pSignatureSettings, false);
}
return winTrustData;
}
