Subversion Repositories autosfx

Rev

Blame | Last modification | View Log | RSS feed

  1. unit nvWinTrust;
  2.  
  3. interface
  4.  
  5. uses Windows;
  6.  
  7. { Sample return codes - others may be returned : only zero indicates success }
  8. const
  9.   CRYPT_E_SECURITY_SETTINGS = $80092026;
  10.   { The cryptographic operation failed due to a local security option setting. }
  11.   TRUST_E_PROVIDER_UNKNOWN = $800B0001;
  12.   { The trust provider is not recognized on this system.                       }
  13.   TRUST_E_ACTIONUNKNOWN = $800B0002;
  14.   { The trust provider does not support the specified action.                  }
  15.   TRUST_E_SUBJECT_FORM_UNKNOWN = $800B0003;
  16.   { The trust provider does not support the form specified for the subject.    }
  17.   TRUST_E_SUBJECT_NOT_TRUSTED = $800B0004;
  18.   { The subject is not trusted for the specified action.                       }
  19.   TRUST_E_NOSIGNATURE = $800B0100;
  20.   { No signature was present in the subject.                                   }
  21.   TRUST_E_EXPLICIT_DISTRUST = $800B0111;
  22. { The certificate was explicitly marked as untrusted by the user.            }
  23.  
  24. function nvVerifyTrust(const FileName: PChar; WTD_FLAGS: DWORD = $FFFFFFFF): DWORD;
  25.  { Returns 0 if successful, otherwise result may be passed to SysErrorMessage. }
  26.  { Returns 0 if not supported by Windows.                                      }
  27.  { This is intended for use verifying file integrity.                          }
  28.  
  29. implementation
  30.  
  31.  
  32. const
  33.   WTD_UI_ALL  = 1;
  34.   WTD_UI_NONE = 2;
  35.   WTD_UI_NOBAD = 3;
  36.   WTD_UI_NOGOOD = 4;
  37.  
  38.   WTD_REVOKE_NONE = 0;
  39.   WTD_REVOKE_WHOLECHAIN = 1;
  40.  
  41.   WTD_CHOICE_FILE = 1;
  42.   WTD_CHOICE_CATALOG = 2;
  43.   WTD_CHOICE_BLOB = 3;
  44.   WTD_CHOICE_SIGNER = 4;
  45.   WTD_CHOICE_CERT = 5;
  46.  
  47.   WTD_STATEACTION_IGNORE = 0;
  48.   WTD_STATEACTION_VERIFY = 1;
  49.   WTD_STATEACTION_CLOSE  = 2;
  50.   WTD_STATEACTION_AUTO_CACHE = 3;
  51.   WTD_STATEACTION_AUTO_CACHE_FLUSH = 4;
  52.  
  53.   WTD_PROV_FLAGS_MASK = $0000FFFF;
  54.   WTD_USE_IE4_TRUST_FLAG = $00000001;
  55.   WTD_NO_IE4_CHAIN_FLAG = $00000002;
  56.   WTD_NO_POLICY_USAGE_FLAG = $00000004;
  57.   WTD_REVOCATION_CHECK_NONE = $00000010;
  58.   WTD_REVOCATION_CHECK_END_CERT = $00000020;
  59.   WTD_REVOCATION_CHECK_CHAIN = $00000040;
  60.   WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = $00000080;
  61.   WTD_SAFER_FLAG = $00000100;
  62.   WTD_HASH_ONLY_FLAG = $00000200;
  63.   WTD_USE_DEFAULT_OSVER_CHECK = $00000400;
  64.   WTD_LIFETIME_SIGNING_FLAG = $00000800;
  65.   WTD_CACHE_ONLY_URL_RETRIEVAL = $00001000;
  66.  
  67.   WTD_UICONTEXT_EXECUTE = 0;
  68.   WTD_UICONTEXT_INSTALL = 1;
  69.  
  70.   WINTRUST_ACTION_GENERIC_VERIFY: TGUID =
  71.     '{189A3842-3041-11D1-85E1-00C04FC295EE}';
  72.   { Verify certificate chain only }
  73. //
  74. //  WINTRUST_ACTION_GENERIC_VERIFY_V2: TGUID =
  75. //    '{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}';
  76. //{ Verify a file or object using the Authenticode policy provider }
  77.  
  78. type
  79.   TWinTrustFileInfo = packed record
  80.     cbStruct: DWORD;   // required, size of structure
  81.     pcwszFilePath: pWChar;  // required, name of file name to be verified
  82.     hFile: THANDLE; // optional
  83.     pgKnownSubject: pGUID;   // optional
  84.   end;
  85.  
  86. type
  87.   TWinTrustData = packed record
  88.     cbStruct: DWORD;    // required, size of structure
  89.     pPolicyCallbackData: pointer;  // optional
  90.     pSIPClientData: pointer;  // optional
  91.     dwUIChoice: DWORD;    // required
  92.     fdwRevocationChecks: DWORD;    // required (but zero is normally used)
  93.     dwChoice: DWORD;
  94.     // required : identifies which structure is being passed through pChoiceData
  95.     pChoiceData: pointer;  // required
  96.     dwStateAction: DWORD;    // optional
  97.     hWVTStateData: THandle;  // optional
  98.     pwszURLReference: pWChar;   // optional
  99.     dwProvFlags: DWORD;
  100.     // optional : WTD_REVOCATION_CHECK_NONE is used to avoid connecting to the internet
  101.     dwUIContext: DWORD;    // optional
  102.   end;
  103.  
  104. var
  105.   hWinTrust: HMODULE;
  106.   didLoad: Boolean;
  107.   pWinTrustFunc: function(WND: HWND; const ActionID: TGUID; const ActionData: TWinTrustData): DWORD;
  108.     stdcall;
  109.  
  110. function WinVerifyTrust(WND: HWND; const ActionID: TGUID;
  111.   const ActionData: TWinTrustData): DWORD;
  112. const
  113. //  pWinTrustFunc: function(WND: HWND; const ActionID: TGUID; const ActionData: TWinTrustData): DWORD;
  114. //    stdcall = nil;
  115. //  pWinTrustFunc: function(hwnd: THandle; ActionID: PGUID; ActionData: Pointer): Integer; stdcall;
  116. //  done: Boolean = False;
  117.   dll = 'Wintrust.dll';
  118. //var
  119. //  HM: HMODULE;
  120. begin
  121.   if not didLoad then
  122.   begin
  123.     @pWinTrustFunc := nil;
  124.     didLoad := True;
  125.     hWinTrust := GetModuleHandle(dll);
  126.     if hWinTrust = 0 then
  127.       hWinTrust := LoadLibrary(dll);
  128.  
  129.     if hWinTrust <> 0 then
  130.       pWinTrustFunc := GetProcAddress(hWinTrust, 'WinVerifyTrust');
  131.   end;
  132.  
  133.   if (hWinTrust = 0) or (@pWinTrustFunc = nil) then
  134.     Result := DWORD(E_NOTIMPL)
  135.   else
  136.     Result := pWinTrustFunc(WND, ActionID, ActionData);
  137. end;
  138.  
  139. function nvVerifyTrust(const FileName: PChar; WTD_FLAGS: DWORD = $FFFFFFFF): DWORD;
  140.   { Returns 0 if successful, otherwise result may be passed to SysErrorMessage. }
  141.   { Returns 0 if not supported by Windows.                                      }
  142.   { This is intended for use verifying file integrity.                          }
  143. var
  144. {$IFNDEF UNICODE}
  145.   buff: array[0..MAX_PATH] of Widechar;
  146. {$ENDIF}
  147.   td: TWinTrustData;
  148.   fi: TWinTrustFileInfo;
  149. begin
  150.   if (FileName = nil) or (FileName^ = #0) then
  151.   begin
  152.     Result := ERROR_INVALID_PARAMETER;
  153.     exit;
  154.   end;
  155.  
  156.   if WTD_FLAGS = $FFFFFFFF then
  157.     WTD_FLAGS := WTD_REVOCATION_CHECK_NONE or WTD_HASH_ONLY_FLAG;
  158.  
  159.   ZeroMemory(@fi, SizeOf(fi));
  160.   ZeroMemory(@td, SizeOf(td));
  161. {$IFDEF UNICODE}
  162.   fi.pcwszFilePath := FileName;
  163. {$ELSE}
  164.   MultiByteToWideChar(0, 0, FileName, -1, Buff, Length(Buff));
  165.   fi.pcwszFilePath := buff;
  166. {$ENDIF}
  167.  
  168.   fi.cbStruct := SizeOf(fi);
  169. //  fi.pcwszFilePath := buff;
  170.  
  171.   td.cbStruct := SizeOf(td);
  172.   td.dwProvFlags := WTD_FLAGS;
  173.   td.dwUIChoice := WTD_UI_NONE;
  174.   { No user interaction                              }
  175.   td.dwChoice := WTD_CHOICE_FILE;
  176.   { pChoice identifies a TWinTrustFileInfo structure }
  177.   td.pChoiceData := @fi;
  178.  
  179.   Result := WinVerifyTrust(INVALID_HANDLE_VALUE,
  180.     WINTRUST_ACTION_GENERIC_VERIFY, td);
  181.  
  182.   if Result = DWORD(E_NOTIMPL) then
  183.     Result := 0;     { Report success on old versions of Windows }
  184. end;
  185.  
  186. { NOTE : Use of the API functions CertGetCertificateChain, CertVerifyCertificateChainPolicy and CertFreeCertificateChain }
  187. {      : is recommended by Microsoft to perform certificate verification, however, the method above seems to work fine.  }
  188.  
  189. initialization
  190.  
  191.   didLoad := False;
  192.   hWinTrust:= 0;//LoadLibrary(WINTRUST_LIB);
  193. //  gdwError:=GetLastError;
  194.  
  195. finalization
  196.  
  197.   if didLoad and (hWinTrust <> 0) then
  198.     FreeLibrary(hWinTrust);
  199.  
  200. end.
  201.  
  202.