コード例 #1
0
        /// <summary>
        /// Helper method to verify that published mp, mpb, or cabinet files have a valid authenticode signature
        /// </summary>
        /// <param name="filePath">Path to the file to check the signature on.</param>
        /// <returns>WinTrustData object</returns>
        private static WinTrustData VerifyFileAuthenticodeSignatureHelper(string filePath, Tracing trace)
        {
            WinTrustData                trustData         = null;
            WinTrustFileInfo            fileInfo          = new WinTrustFileInfo(filePath);
            WINTRUST_SIGNATURE_SETTINGS signatureSettings = null;
            WinVerifyTrustResult        result;

            if (Utility.IsWin8OrAbove())
            {
                // On Windows 8 and above we have the APIs to enforce stronger checks
                const string szOID_CERT_STRONG_SIGN_OS_1 = "1.3.6.1.4.1.311.72.1.1"; //this specifies to enforce SHA-2 based hashes and other strong key requirements
                signatureSettings = new WINTRUST_SIGNATURE_SETTINGS(new CERT_STRONG_SIGN_PARA(szOID_CERT_STRONG_SIGN_OS_1));
                trustData         = new Win8TrustData(fileInfo, signatureSettings);
            }
            else
            {
                // no signature settings
                trustData = new WinTrustData(filePath);
            }

            try
            {
                result = UnsafeNativeMethods.WinVerifyTrust(
                    IntPtr.Zero,
                    UnsafeNativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2,
                    trustData);


                if (result == WinVerifyTrustResult.FileNotSigned)
                {
                    throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "File {0} does not have a valid authenticode signature.", filePath));
                }
                else if (result != WinVerifyTrustResult.Success)
                {
                    var winTrustResultErrorString = String.Format("{0} ({1})", GetVerboseWinVerifyTrustResultErrorString(result), ConvertWinVerifyTrustResultToHex(result));
                    throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "WinVerifyTrustWrapper on file {0} failed with unexpected error: {1}", filePath, winTrustResultErrorString));
                }
            }
            catch (Exception ex)
            {
                trace.Error(String.Format("Error occurred while calling WinVerifyTrust: {0}", ex));

                // free all objects (trustData and signatureSettings)
                if (signatureSettings != null)
                {
                    signatureSettings.Dispose();
                }

                trustData.Dispose();
                throw;
            }

            trace.Info(String.Format("File {0} has a valid authenticode signature.", filePath));

            // only free signatureSettings
            if (signatureSettings != null)
            {
                signatureSettings.Dispose();

                // zero out the psignature pointer in trustData to be safe
                Marshal.FreeHGlobal(((Win8TrustData)trustData).pSignatureSettings);
                ((Win8TrustData)trustData).pSignatureSettings = IntPtr.Zero;
            }

            return(trustData);
        }
コード例 #2
0
 internal static extern WinVerifyTrustResult Win8VerifyTrust(
     IntPtr hwnd,
     [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID,
     [In, Out] Win8TrustData pWVTData);