Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
1 | daniel-mar | 1 | unit nvWinTrust; |
2 | |||
3 | interface |
||
4 | |||
5 | uses Windows; |
||
6 | |||
7 | { Sample return codes - others may be returned : only zero indicates success } |
||
8 | const |
||
9 | CRYPT_E_SECURITY_SETTINGS = $80092026; |
||
10 | { The cryptographic operation failed due to a local security option setting. } |
||
11 | TRUST_E_PROVIDER_UNKNOWN = $800B0001; |
||
12 | { The trust provider is not recognized on this system. } |
||
13 | TRUST_E_ACTIONUNKNOWN = $800B0002; |
||
14 | { The trust provider does not support the specified action. } |
||
15 | TRUST_E_SUBJECT_FORM_UNKNOWN = $800B0003; |
||
16 | { The trust provider does not support the form specified for the subject. } |
||
17 | TRUST_E_SUBJECT_NOT_TRUSTED = $800B0004; |
||
18 | { The subject is not trusted for the specified action. } |
||
19 | TRUST_E_NOSIGNATURE = $800B0100; |
||
20 | { No signature was present in the subject. } |
||
21 | TRUST_E_EXPLICIT_DISTRUST = $800B0111; |
||
22 | { The certificate was explicitly marked as untrusted by the user. } |
||
23 | |||
24 | function nvVerifyTrust(const FileName: PChar; WTD_FLAGS: DWORD = $FFFFFFFF): DWORD; |
||
25 | { Returns 0 if successful, otherwise result may be passed to SysErrorMessage. } |
||
26 | { Returns 0 if not supported by Windows. } |
||
27 | { This is intended for use verifying file integrity. } |
||
28 | |||
29 | implementation |
||
30 | |||
31 | |||
32 | const |
||
33 | WTD_UI_ALL = 1; |
||
34 | WTD_UI_NONE = 2; |
||
35 | WTD_UI_NOBAD = 3; |
||
36 | WTD_UI_NOGOOD = 4; |
||
37 | |||
38 | WTD_REVOKE_NONE = 0; |
||
39 | WTD_REVOKE_WHOLECHAIN = 1; |
||
40 | |||
41 | WTD_CHOICE_FILE = 1; |
||
42 | WTD_CHOICE_CATALOG = 2; |
||
43 | WTD_CHOICE_BLOB = 3; |
||
44 | WTD_CHOICE_SIGNER = 4; |
||
45 | WTD_CHOICE_CERT = 5; |
||
46 | |||
47 | WTD_STATEACTION_IGNORE = 0; |
||
48 | WTD_STATEACTION_VERIFY = 1; |
||
49 | WTD_STATEACTION_CLOSE = 2; |
||
50 | WTD_STATEACTION_AUTO_CACHE = 3; |
||
51 | WTD_STATEACTION_AUTO_CACHE_FLUSH = 4; |
||
52 | |||
53 | WTD_PROV_FLAGS_MASK = $0000FFFF; |
||
54 | WTD_USE_IE4_TRUST_FLAG = $00000001; |
||
55 | WTD_NO_IE4_CHAIN_FLAG = $00000002; |
||
56 | WTD_NO_POLICY_USAGE_FLAG = $00000004; |
||
57 | WTD_REVOCATION_CHECK_NONE = $00000010; |
||
58 | WTD_REVOCATION_CHECK_END_CERT = $00000020; |
||
59 | WTD_REVOCATION_CHECK_CHAIN = $00000040; |
||
60 | WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = $00000080; |
||
61 | WTD_SAFER_FLAG = $00000100; |
||
62 | WTD_HASH_ONLY_FLAG = $00000200; |
||
63 | WTD_USE_DEFAULT_OSVER_CHECK = $00000400; |
||
64 | WTD_LIFETIME_SIGNING_FLAG = $00000800; |
||
65 | WTD_CACHE_ONLY_URL_RETRIEVAL = $00001000; |
||
66 | |||
67 | WTD_UICONTEXT_EXECUTE = 0; |
||
68 | WTD_UICONTEXT_INSTALL = 1; |
||
69 | |||
70 | WINTRUST_ACTION_GENERIC_VERIFY: TGUID = |
||
71 | '{189A3842-3041-11D1-85E1-00C04FC295EE}'; |
||
72 | { Verify certificate chain only } |
||
73 | // |
||
74 | // WINTRUST_ACTION_GENERIC_VERIFY_V2: TGUID = |
||
75 | // '{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}'; |
||
76 | //{ Verify a file or object using the Authenticode policy provider } |
||
77 | |||
78 | type |
||
79 | TWinTrustFileInfo = packed record |
||
80 | cbStruct: DWORD; // required, size of structure |
||
81 | pcwszFilePath: pWChar; // required, name of file name to be verified |
||
82 | hFile: THANDLE; // optional |
||
83 | pgKnownSubject: pGUID; // optional |
||
84 | end; |
||
85 | |||
86 | type |
||
87 | TWinTrustData = packed record |
||
88 | cbStruct: DWORD; // required, size of structure |
||
89 | pPolicyCallbackData: pointer; // optional |
||
90 | pSIPClientData: pointer; // optional |
||
91 | dwUIChoice: DWORD; // required |
||
92 | fdwRevocationChecks: DWORD; // required (but zero is normally used) |
||
93 | dwChoice: DWORD; |
||
94 | // required : identifies which structure is being passed through pChoiceData |
||
95 | pChoiceData: pointer; // required |
||
96 | dwStateAction: DWORD; // optional |
||
97 | hWVTStateData: THandle; // optional |
||
98 | pwszURLReference: pWChar; // optional |
||
99 | dwProvFlags: DWORD; |
||
100 | // optional : WTD_REVOCATION_CHECK_NONE is used to avoid connecting to the internet |
||
101 | dwUIContext: DWORD; // optional |
||
102 | end; |
||
103 | |||
104 | var |
||
105 | hWinTrust: HMODULE; |
||
106 | didLoad: Boolean; |
||
107 | pWinTrustFunc: function(WND: HWND; const ActionID: TGUID; const ActionData: TWinTrustData): DWORD; |
||
108 | stdcall; |
||
109 | |||
110 | function WinVerifyTrust(WND: HWND; const ActionID: TGUID; |
||
111 | const ActionData: TWinTrustData): DWORD; |
||
112 | const |
||
113 | // pWinTrustFunc: function(WND: HWND; const ActionID: TGUID; const ActionData: TWinTrustData): DWORD; |
||
114 | // stdcall = nil; |
||
115 | // pWinTrustFunc: function(hwnd: THandle; ActionID: PGUID; ActionData: Pointer): Integer; stdcall; |
||
116 | // done: Boolean = False; |
||
117 | dll = 'Wintrust.dll'; |
||
118 | //var |
||
119 | // HM: HMODULE; |
||
120 | begin |
||
121 | if not didLoad then |
||
122 | begin |
||
123 | @pWinTrustFunc := nil; |
||
124 | didLoad := True; |
||
125 | hWinTrust := GetModuleHandle(dll); |
||
126 | if hWinTrust = 0 then |
||
127 | hWinTrust := LoadLibrary(dll); |
||
128 | |||
129 | if hWinTrust <> 0 then |
||
130 | pWinTrustFunc := GetProcAddress(hWinTrust, 'WinVerifyTrust'); |
||
131 | end; |
||
132 | |||
133 | if (hWinTrust = 0) or (@pWinTrustFunc = nil) then |
||
134 | Result := DWORD(E_NOTIMPL) |
||
135 | else |
||
136 | Result := pWinTrustFunc(WND, ActionID, ActionData); |
||
137 | end; |
||
138 | |||
139 | function nvVerifyTrust(const FileName: PChar; WTD_FLAGS: DWORD = $FFFFFFFF): DWORD; |
||
140 | { Returns 0 if successful, otherwise result may be passed to SysErrorMessage. } |
||
141 | { Returns 0 if not supported by Windows. } |
||
142 | { This is intended for use verifying file integrity. } |
||
143 | var |
||
144 | {$IFNDEF UNICODE} |
||
145 | buff: array[0..MAX_PATH] of Widechar; |
||
146 | {$ENDIF} |
||
147 | td: TWinTrustData; |
||
148 | fi: TWinTrustFileInfo; |
||
149 | begin |
||
150 | if (FileName = nil) or (FileName^ = #0) then |
||
151 | begin |
||
152 | Result := ERROR_INVALID_PARAMETER; |
||
153 | exit; |
||
154 | end; |
||
155 | |||
156 | if WTD_FLAGS = $FFFFFFFF then |
||
157 | WTD_FLAGS := WTD_REVOCATION_CHECK_NONE or WTD_HASH_ONLY_FLAG; |
||
158 | |||
159 | ZeroMemory(@fi, SizeOf(fi)); |
||
160 | ZeroMemory(@td, SizeOf(td)); |
||
161 | {$IFDEF UNICODE} |
||
162 | fi.pcwszFilePath := FileName; |
||
163 | {$ELSE} |
||
164 | MultiByteToWideChar(0, 0, FileName, -1, Buff, Length(Buff)); |
||
165 | fi.pcwszFilePath := buff; |
||
166 | {$ENDIF} |
||
167 | |||
168 | fi.cbStruct := SizeOf(fi); |
||
169 | // fi.pcwszFilePath := buff; |
||
170 | |||
171 | td.cbStruct := SizeOf(td); |
||
172 | td.dwProvFlags := WTD_FLAGS; |
||
173 | td.dwUIChoice := WTD_UI_NONE; |
||
174 | { No user interaction } |
||
175 | td.dwChoice := WTD_CHOICE_FILE; |
||
176 | { pChoice identifies a TWinTrustFileInfo structure } |
||
177 | td.pChoiceData := @fi; |
||
178 | |||
179 | Result := WinVerifyTrust(INVALID_HANDLE_VALUE, |
||
180 | WINTRUST_ACTION_GENERIC_VERIFY, td); |
||
181 | |||
182 | if Result = DWORD(E_NOTIMPL) then |
||
183 | Result := 0; { Report success on old versions of Windows } |
||
184 | end; |
||
185 | |||
186 | { NOTE : Use of the API functions CertGetCertificateChain, CertVerifyCertificateChainPolicy and CertFreeCertificateChain } |
||
187 | { : is recommended by Microsoft to perform certificate verification, however, the method above seems to work fine. } |
||
188 | |||
189 | initialization |
||
190 | |||
191 | didLoad := False; |
||
192 | hWinTrust:= 0;//LoadLibrary(WINTRUST_LIB); |
||
193 | // gdwError:=GetLastError; |
||
194 | |||
195 | finalization |
||
196 | |||
197 | if didLoad and (hWinTrust <> 0) then |
||
198 | FreeLibrary(hWinTrust); |
||
199 | |||
200 | end. |
||
201 |