private static System.Management.Automation.Signature GetSignatureFromWintrustData(string filePath, uint error, NativeStructs.WINTRUST_DATA wtd)
{
System.Management.Automation.Signature signature = (System.Management.Automation.Signature)null;
X509Certificate2 timestamper = (X509Certificate2)null;
IntPtr pProvData = WINTRUST.WTHelperProvDataFromStateData(wtd.hWVTStateData);
if (pProvData != IntPtr.Zero)
{
IntPtr provSignerFromChain = WINTRUST.WTHelperGetProvSignerFromChain(pProvData, 0U, 0U, 0U);
if (provSignerFromChain != IntPtr.Zero)
{
X509Certificate2 certFromChain = SignatureHelper.GetCertFromChain(provSignerFromChain);
if (certFromChain != null)
{
NativeStructs.CRYPT_PROVIDER_SGNR cryptProviderSgnr = (NativeStructs.CRYPT_PROVIDER_SGNR)Marshal.PtrToStructure(provSignerFromChain, typeof(NativeStructs.CRYPT_PROVIDER_SGNR));
if ((int)cryptProviderSgnr.csCounterSigners == 1)
{
timestamper = SignatureHelper.GetCertFromChain(cryptProviderSgnr.pasCounterSigners);
}
signature = timestamper == null?SignatureProxy.GenerateSignature(filePath, error, certFromChain) : SignatureProxy.GenerateSignature(filePath, error, certFromChain, timestamper);
}
}
}
if (signature == null && (int)error != 0)
{
signature = SignatureProxy.GenerateSignature(filePath, error);
}
return(signature);
}
private static uint GetWinTrustData(string fileName, out NativeStructs.WINTRUST_DATA wtData)
{
uint num1 = 2147500037U;
IntPtr num2 = IntPtr.Zero;
IntPtr num3 = IntPtr.Zero;
Guid guid = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE");
try
{
num2 = Marshal.AllocCoTaskMem(Marshal.SizeOf((object)guid));
Marshal.StructureToPtr((object)guid, num2, false);
//NativeStructs.WINTRUST_DATA wintrustData = fileContent != null ? WINTRUST.InitWintrustDataStructFromBlob(WINTRUST.InitWintrustBlobInfoStruct(fileName, fileContent)) : WINTRUST.InitWintrustDataStructFromFile(WINTRUST.InitWintrustFileInfoStruct(fileName));
NativeStructs.WINTRUST_DATA wintrustData = WINTRUST.InitWintrustDataStructFromFile(WINTRUST.InitWintrustFileInfoStruct(fileName));
num3 = Marshal.AllocCoTaskMem(Marshal.SizeOf((object)wintrustData));
Marshal.StructureToPtr((object)wintrustData, num3, false);
num1 = WINTRUST.WinVerifyTrust(new IntPtr(-1), num2, num3);
wtData = (NativeStructs.WINTRUST_DATA)Marshal.PtrToStructure(num3, typeof(NativeStructs.WINTRUST_DATA));
}
finally
{
Marshal.DestroyStructure(num2, typeof(Guid));
Marshal.FreeCoTaskMem(num2);
Marshal.DestroyStructure(num3, typeof(NativeStructs.WINTRUST_DATA));
Marshal.FreeCoTaskMem(num3);
}
return(num1);
}
public static Signature GetSignature(string fileName)
{
CheckArgForNullOrEmpty(fileName, "fileName");
CheckIfFileExists(fileName);
System.Management.Automation.Signature signature;
try
{
NativeStructs.WINTRUST_DATA wtData;
uint winTrustData = SignatureHelper.GetWinTrustData(fileName, out wtData);
//if ((int)winTrustData != 0)
// SignatureHelper.tracer.WriteLine("GetWinTrustData failed: {0:x}", new object[1]
// {
// (object) winTrustData
// });
signature = SignatureHelper.GetSignatureFromWintrustData(fileName, winTrustData, wtData);
uint num = WINTRUST.DestroyWintrustDataStruct(wtData);
//if ((int)num != 0)
// SignatureHelper.tracer.WriteLine("DestroyWinTrustDataStruct failed: {0:x}", new object[1]
//{
// (object) num
//});
}
catch
{
signature = SignatureProxy.GenerateSignature(fileName, 2148204800U);
}
return(signature);
}
private static X509Certificate2 GetCertFromChain(IntPtr pSigner)
{
X509Certificate2 x509Certificate2 = (X509Certificate2)null;
IntPtr provCertFromChain = WINTRUST.WTHelperGetProvCertFromChain(pSigner, 0U);
if (provCertFromChain != IntPtr.Zero)
{
x509Certificate2 = new X509Certificate2(((NativeStructs.CRYPT_PROVIDER_CERT)Marshal.PtrToStructure(provCertFromChain, typeof(NativeStructs.CRYPT_PROVIDER_CERT))).pCert);
}
return(x509Certificate2);
}
public static uint DestroyWintrustDataStruct(NativeStructs.WINTRUST_DATA wtd)
{
uint num1 = 2147500037U;
IntPtr num2 = IntPtr.Zero;
IntPtr num3 = IntPtr.Zero;
Guid guid = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE");
try
{
num2 = Marshal.AllocCoTaskMem(Marshal.SizeOf((object)guid));
Marshal.StructureToPtr((object)guid, num2, false);
wtd.dwStateAction = 2U;
num3 = Marshal.AllocCoTaskMem(Marshal.SizeOf((object)wtd));
Marshal.StructureToPtr((object)wtd, num3, false);
num1 = WINTRUST.WinVerifyTrust(IntPtr.Zero, num2, num3);
wtd = (NativeStructs.WINTRUST_DATA)Marshal.PtrToStructure(num3, typeof(NativeStructs.WINTRUST_DATA));
}
finally
{
Marshal.DestroyStructure(num3, typeof(NativeStructs.WINTRUST_DATA));
Marshal.FreeCoTaskMem(num3);
Marshal.DestroyStructure(num2, typeof(Guid));
Marshal.FreeCoTaskMem(num2);
}
if ((int)wtd.dwUnionChoice == 3)
{
Marshal.FreeCoTaskMem(((NativeStructs.WINTRUST_BLOB_INFO)Marshal.PtrToStructure(wtd.Choice.pBlob, typeof(NativeStructs.WINTRUST_BLOB_INFO))).pbMemObject);
Marshal.DestroyStructure(wtd.Choice.pBlob, typeof(NativeStructs.WINTRUST_BLOB_INFO));
Marshal.FreeCoTaskMem(wtd.Choice.pBlob);
}
else
{
Marshal.DestroyStructure(wtd.Choice.pFile, typeof(NativeStructs.WINTRUST_FILE_INFO));
Marshal.FreeCoTaskMem(wtd.Choice.pFile);
}
return(num1);
}
