Subversion Repositories autosfx

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 daniel-mar 1 
unit nvWinTrust;
2 
 
3 
interface
4 
 
5 
uses Windows;
6 
 
7 
{ Sample return codes - others may be returned : only zero indicates success }
8 
const
9 
  CRYPT_E_SECURITY_SETTINGS = $80092026;
10 
  { The cryptographic operation failed due to a local security option setting. }
11 
  TRUST_E_PROVIDER_UNKNOWN = $800B0001;
12 
  { The trust provider is not recognized on this system.                       }
13 
  TRUST_E_ACTIONUNKNOWN = $800B0002;
14 
  { The trust provider does not support the specified action.                  }
15 
  TRUST_E_SUBJECT_FORM_UNKNOWN = $800B0003;
16 
  { The trust provider does not support the form specified for the subject.    }
17 
  TRUST_E_SUBJECT_NOT_TRUSTED = $800B0004;
18 
  { The subject is not trusted for the specified action.                       }
19 
  TRUST_E_NOSIGNATURE = $800B0100;
20 
  { No signature was present in the subject.                                   }
21 
  TRUST_E_EXPLICIT_DISTRUST = $800B0111;
22 
{ The certificate was explicitly marked as untrusted by the user.            }
23 
 
24 
function nvVerifyTrust(const FileName: PChar; WTD_FLAGS: DWORD = $FFFFFFFF): DWORD;
25 
 { Returns 0 if successful, otherwise result may be passed to SysErrorMessage. }
26 
 { Returns 0 if not supported by Windows.                                      }
27 
 { This is intended for use verifying file integrity.                          }
28 
 
29 
implementation
30 
 
31 
 
32 
const
33 
  WTD_UI_ALL  = 1;
34 
  WTD_UI_NONE = 2;
35 
  WTD_UI_NOBAD = 3;
36 
  WTD_UI_NOGOOD = 4;
37 
 
38 
  WTD_REVOKE_NONE = 0;
39 
  WTD_REVOKE_WHOLECHAIN = 1;
40 
 
41 
  WTD_CHOICE_FILE = 1;
42 
  WTD_CHOICE_CATALOG = 2;
43 
  WTD_CHOICE_BLOB = 3;
44 
  WTD_CHOICE_SIGNER = 4;
45 
  WTD_CHOICE_CERT = 5;
46 
 
47 
  WTD_STATEACTION_IGNORE = 0;
48 
  WTD_STATEACTION_VERIFY = 1;
49 
  WTD_STATEACTION_CLOSE  = 2;
50 
  WTD_STATEACTION_AUTO_CACHE = 3;
51 
  WTD_STATEACTION_AUTO_CACHE_FLUSH = 4;
52 
 
53 
  WTD_PROV_FLAGS_MASK = $0000FFFF;
54 
  WTD_USE_IE4_TRUST_FLAG = $00000001;
55 
  WTD_NO_IE4_CHAIN_FLAG = $00000002;
56 
  WTD_NO_POLICY_USAGE_FLAG = $00000004;
57 
  WTD_REVOCATION_CHECK_NONE = $00000010;
58 
  WTD_REVOCATION_CHECK_END_CERT = $00000020;
59 
  WTD_REVOCATION_CHECK_CHAIN = $00000040;
60 
  WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = $00000080;
61 
  WTD_SAFER_FLAG = $00000100;
62 
  WTD_HASH_ONLY_FLAG = $00000200;
63 
  WTD_USE_DEFAULT_OSVER_CHECK = $00000400;
64 
  WTD_LIFETIME_SIGNING_FLAG = $00000800;
65 
  WTD_CACHE_ONLY_URL_RETRIEVAL = $00001000;
66 
 
67 
  WTD_UICONTEXT_EXECUTE = 0;
68 
  WTD_UICONTEXT_INSTALL = 1;
69 
 
70 
  WINTRUST_ACTION_GENERIC_VERIFY: TGUID =
71 
    '{189A3842-3041-11D1-85E1-00C04FC295EE}';
72 
  { Verify certificate chain only }
73 
//
74 
//  WINTRUST_ACTION_GENERIC_VERIFY_V2: TGUID =
75 
//    '{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}';
76 
//{ Verify a file or object using the Authenticode policy provider }
77 
 
78 
type
79 
  TWinTrustFileInfo = packed record
80 
    cbStruct: DWORD;   // required, size of structure
81 
    pcwszFilePath: pWChar;  // required, name of file name to be verified
82 
    hFile: THANDLE; // optional
83 
    pgKnownSubject: pGUID;   // optional
84 
  end;
85 
 
86 
type
87 
  TWinTrustData = packed record
88 
    cbStruct: DWORD;    // required, size of structure
89 
    pPolicyCallbackData: pointer;  // optional
90 
    pSIPClientData: pointer;  // optional
91 
    dwUIChoice: DWORD;    // required
92 
    fdwRevocationChecks: DWORD;    // required (but zero is normally used)
93 
    dwChoice: DWORD;
94 
    // required : identifies which structure is being passed through pChoiceData
95 
    pChoiceData: pointer;  // required
96 
    dwStateAction: DWORD;    // optional
97 
    hWVTStateData: THandle;  // optional
98 
    pwszURLReference: pWChar;   // optional
99 
    dwProvFlags: DWORD;
100 
    // optional : WTD_REVOCATION_CHECK_NONE is used to avoid connecting to the internet
101 
    dwUIContext: DWORD;    // optional
102 
  end;
103 
 
104 
var
105 
  hWinTrust: HMODULE;
106 
  didLoad: Boolean;
107 
  pWinTrustFunc: function(WND: HWND; const ActionID: TGUID; const ActionData: TWinTrustData): DWORD;
108 
    stdcall;
109 
 
110 
function WinVerifyTrust(WND: HWND; const ActionID: TGUID;
111 
  const ActionData: TWinTrustData): DWORD;
112 
const
113 
//  pWinTrustFunc: function(WND: HWND; const ActionID: TGUID; const ActionData: TWinTrustData): DWORD;
114 
//    stdcall = nil;
115 
//  pWinTrustFunc: function(hwnd: THandle; ActionID: PGUID; ActionData: Pointer): Integer; stdcall;
116 
//  done: Boolean = False;
117 
  dll = 'Wintrust.dll';
118 
//var
119 
//  HM: HMODULE;
120 
begin
121 
  if not didLoad then
122 
  begin
123 
    @pWinTrustFunc := nil;
124 
    didLoad := True;
125 
    hWinTrust := GetModuleHandle(dll);
126 
    if hWinTrust = 0 then
127 
      hWinTrust := LoadLibrary(dll);
128 
 
129 
    if hWinTrust <> 0 then
130 
      pWinTrustFunc := GetProcAddress(hWinTrust, 'WinVerifyTrust');
131 
  end;
132 
 
133 
  if (hWinTrust = 0) or (@pWinTrustFunc = nil) then
134 
    Result := DWORD(E_NOTIMPL)
135 
  else
136 
    Result := pWinTrustFunc(WND, ActionID, ActionData);
137 
end;
138 
 
139 
function nvVerifyTrust(const FileName: PChar; WTD_FLAGS: DWORD = $FFFFFFFF): DWORD;
140 
  { Returns 0 if successful, otherwise result may be passed to SysErrorMessage. }
141 
  { Returns 0 if not supported by Windows.                                      }
142 
  { This is intended for use verifying file integrity.                          }
143 
var
144 
{$IFNDEF UNICODE}
145 
  buff: array[0..MAX_PATH] of Widechar;
146 
{$ENDIF}
147 
  td: TWinTrustData;
148 
  fi: TWinTrustFileInfo;
149 
begin
150 
  if (FileName = nil) or (FileName^ = #0) then
151 
  begin
152 
    Result := ERROR_INVALID_PARAMETER;
153 
    exit;
154 
  end;
155 
 
156 
  if WTD_FLAGS = $FFFFFFFF then
157 
    WTD_FLAGS := WTD_REVOCATION_CHECK_NONE or WTD_HASH_ONLY_FLAG;
158 
 
159 
  ZeroMemory(@fi, SizeOf(fi));
160 
  ZeroMemory(@td, SizeOf(td));
161 
{$IFDEF UNICODE}
162 
  fi.pcwszFilePath := FileName;
163 
{$ELSE}
164 
  MultiByteToWideChar(0, 0, FileName, -1, Buff, Length(Buff));
165 
  fi.pcwszFilePath := buff;
166 
{$ENDIF}
167 
 
168 
  fi.cbStruct := SizeOf(fi);
169 
//  fi.pcwszFilePath := buff;
170 
 
171 
  td.cbStruct := SizeOf(td);
172 
  td.dwProvFlags := WTD_FLAGS;
173 
  td.dwUIChoice := WTD_UI_NONE;
174 
  { No user interaction                              }
175 
  td.dwChoice := WTD_CHOICE_FILE;
176 
  { pChoice identifies a TWinTrustFileInfo structure }
177 
  td.pChoiceData := @fi;
178 
 
179 
  Result := WinVerifyTrust(INVALID_HANDLE_VALUE,
180 
    WINTRUST_ACTION_GENERIC_VERIFY, td);
181 
 
182 
  if Result = DWORD(E_NOTIMPL) then
183 
    Result := 0;     { Report success on old versions of Windows }
184 
end;
185 
 
186 
{ NOTE : Use of the API functions CertGetCertificateChain, CertVerifyCertificateChainPolicy and CertFreeCertificateChain }
187 
{      : is recommended by Microsoft to perform certificate verification, however, the method above seems to work fine.  }
188 
 
189 
initialization
190 
 
191 
  didLoad := False;
192 
  hWinTrust:= 0;//LoadLibrary(WINTRUST_LIB);
193 
//  gdwError:=GetLastError;
194 
 
195 
finalization
196 
 
197 
  if didLoad and (hWinTrust <> 0) then
198 
    FreeLibrary(hWinTrust);
199 
 
200 
end.
201