private static string ConvertWinVerifyTrustResultToHex(WinVerifyTrustResult result)
{
return("0x" + result.ToString("X"));
}
public static string VerifyEmbeddedSignature(string filename)
{
try
{
WinTrustFileInfo winTrustFileInfo = null;
WinTrustData winTrustData = null;
// specify the WinVerifyTrust function/action that we want
Guid action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
// instantiate our WinTrustFileInfo and WinTrustData data structures
winTrustFileInfo = new WinTrustFileInfo(filename);
winTrustData = new WinTrustData(filename);
WinVerifyTrustResult result = WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData);
// call into WinVerifyTrust
switch (result)
{
case WinVerifyTrustResult.Success:
return("Valid");
case WinVerifyTrustResult.ProviderUnknown:
return("ProviderUnknown");
case WinVerifyTrustResult.ActionUnknown:
return("ActionUnknown");
case WinVerifyTrustResult.SubjectFormUnknown:
return("SubjectFormUnknown");
case WinVerifyTrustResult.SubjectNotTrusted:
return("SubjectNotTrusted");
case WinVerifyTrustResult.FileNotSigned:
return("FileNotSigned");
case WinVerifyTrustResult.SubjectExplicitlyDistrusted:
return("SubjectExplicitlyDistrusted");
case WinVerifyTrustResult.SignatureOrFileCorrupt:
return("SignatureOrFileCorrupt");
case WinVerifyTrustResult.SubjectCertExpired:
return("SubjectCertExpired");
case WinVerifyTrustResult.SubjectCertificateRevoked:
return("SubjectCertificateRevoked");
case WinVerifyTrustResult.UntrustedRoot:
return("UntrustedRoot");
default:
// The UI was disabled in dwUIChoice or the admin policy
// has disabled user trust. lStatus contains the
// publisher or time stamp chain error.
return(result.ToString());
}
}
catch (Exception e) when(
e is System.AccessViolationException ||
e is Exception)
{
Dictionary <string, string> ExceptionEvent = new Dictionary <string, string>();
ExceptionEvent.Add("Exception Type", e.GetType().ToString());
AsaTelemetry.TrackEvent("VerifyEmbeddedSignatureException", ExceptionEvent);
return("FailedToFetch");
}
}
// call WinTrust.WinVerifyTrust() to check embedded file signature
public static string VerifyEmbeddedSignature(string filename)
{
WinTrustFileInfo winTrustFileInfo = null;
WinTrustData winTrustData = null;
try
{
// specify the WinVerifyTrust function/action that we want
Guid action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2);
// instantiate our WinTrustFileInfo and WinTrustData data structures
winTrustFileInfo = new WinTrustFileInfo(filename);
winTrustData = new WinTrustData(filename);
// call into WinVerifyTrust
WinVerifyTrustResult result = WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData);
switch (result)
{
case WinVerifyTrustResult.Success:
return("Valid");
case WinVerifyTrustResult.ProviderUnknown:
return("ProviderUnknown");
case WinVerifyTrustResult.ActionUnknown:
return("ActionUnknown");
case WinVerifyTrustResult.SubjectFormUnknown:
return("SubjectFormUnknown");
case WinVerifyTrustResult.SubjectNotTrusted:
return("SubjectNotTrusted");
case WinVerifyTrustResult.FileNotSigned:
return("FileNotSigned");
case WinVerifyTrustResult.SubjectExplicitlyDistrusted:
return("SubjectExplicitlyDistrusted");
case WinVerifyTrustResult.SignatureOrFileCorrupt:
return("SignatureOrFileCorrupt");
case WinVerifyTrustResult.SubjectCertExpired:
return("SubjectCertExpired");
case WinVerifyTrustResult.SubjectCertificateRevoked:
return("SubjectCertificateRevoked");
case WinVerifyTrustResult.UntrustedRoot:
return("UntrustedRoot");
default:
// The UI was disabled in dwUIChoice or the admin policy
// has disabled user trust. lStatus contains the
// publisher or time stamp chain error.
return(result.ToString());
}
}
catch (Exception e)
{
Log.Debug("{0} error decoding signature on {1}", e.GetType().ToString(), filename);
}
return("Unknown");
}
public static string IsFileSignedInfo(string fileName)
{
WinVerifyTrustResult result = VerifyEmbeddedSignature(fileName);
return(result == WinVerifyTrustResult.NO_ERROR ? Html.Yes : Html.cNo + " " + result.ToString());
}