public IntPtr pSignatureSettings; // WINTRUST_SIGNATURE_SETTINGS*
public Win8TrustData(WinTrustFileInfo fileInfo, WINTRUST_SIGNATURE_SETTINGS signatureSettings)
{
this.StructSize = (uint)Marshal.SizeOf(typeof(Win8TrustData));
this.pFile = new FileInfoSafeHandle(fileInfo);
this.pSignatureSettings = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WINTRUST_SIGNATURE_SETTINGS)));
Marshal.StructureToPtr(signatureSettings, this.pSignatureSettings, false);
}
/// <summary>
/// Helper method to verify that published mp, mpb, or cabinet files have a valid authenticode signature
/// </summary>
/// <param name="filePath">Path to the file to check the signature on.</param>
/// <returns>WinTrustData object</returns>
private static WinTrustData VerifyFileAuthenticodeSignatureHelper(string filePath, Tracing trace)
{
WinTrustData trustData = null;
WinTrustFileInfo fileInfo = new WinTrustFileInfo(filePath);
WINTRUST_SIGNATURE_SETTINGS signatureSettings = null;
WinVerifyTrustResult result;
if (Utility.IsWin8OrAbove())
{
// On Windows 8 and above we have the APIs to enforce stronger checks
const string szOID_CERT_STRONG_SIGN_OS_1 = "1.3.6.1.4.1.311.72.1.1"; //this specifies to enforce SHA-2 based hashes and other strong key requirements
signatureSettings = new WINTRUST_SIGNATURE_SETTINGS(new CERT_STRONG_SIGN_PARA(szOID_CERT_STRONG_SIGN_OS_1));
trustData = new Win8TrustData(fileInfo, signatureSettings);
}
else
{
// no signature settings
trustData = new WinTrustData(filePath);
}
try
{
result = UnsafeNativeMethods.WinVerifyTrust(
IntPtr.Zero,
UnsafeNativeMethods.WINTRUST_ACTION_GENERIC_VERIFY_V2,
trustData);
if (result == WinVerifyTrustResult.FileNotSigned)
{
throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "File {0} does not have a valid authenticode signature.", filePath));
}
else if (result != WinVerifyTrustResult.Success)
{
var winTrustResultErrorString = String.Format("{0} ({1})", GetVerboseWinVerifyTrustResultErrorString(result), ConvertWinVerifyTrustResultToHex(result));
throw new VerificationException(string.Format(CultureInfo.CurrentCulture, "WinVerifyTrustWrapper on file {0} failed with unexpected error: {1}", filePath, winTrustResultErrorString));
}
}
catch (Exception ex)
{
trace.Error(String.Format("Error occurred while calling WinVerifyTrust: {0}", ex));
// free all objects (trustData and signatureSettings)
if (signatureSettings != null)
{
signatureSettings.Dispose();
}
trustData.Dispose();
throw;
}
trace.Info(String.Format("File {0} has a valid authenticode signature.", filePath));
// only free signatureSettings
if (signatureSettings != null)
{
signatureSettings.Dispose();
// zero out the psignature pointer in trustData to be safe
Marshal.FreeHGlobal(((Win8TrustData)trustData).pSignatureSettings);
((Win8TrustData)trustData).pSignatureSettings = IntPtr.Zero;
}
return(trustData);
}
public WinTrustData(string fileName)
{
WinTrustFileInfo fileInfo = new WinTrustFileInfo(fileName);
this.pFile = new FileInfoSafeHandle(fileInfo);
}
public FileInfoSafeHandle(WinTrustFileInfo info)
: base(true)
{
this.SetHandle(Marshal.AllocHGlobal(Marshal.SizeOf(typeof(WinTrustFileInfo))));
Marshal.StructureToPtr(info, this.handle, false);
}
