static DWORD SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data)
{
DWORD err = ERROR_SUCCESS;
if (data->pWintrustData->u.pCert &&
WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_CERT_INFO,
data->pWintrustData->u.pCert->cbStruct, psCertContext))
{
if (data->psPfns)
{
CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } };
DWORD i;
BOOL ret;
/* Add a signer with nothing but the time to verify, so we can
* add a cert to it
*/
if (WVT_ISINSTRUCT(WINTRUST_CERT_INFO,
data->pWintrustData->u.pCert->cbStruct, psftVerifyAsOf) &&
data->pWintrustData->u.pCert->psftVerifyAsOf)
data->sftSystemTime = signer.sftVerifyAsOf;
else
{
SYSTEMTIME sysTime;
GetSystemTime(&sysTime);
SystemTimeToFileTime(&sysTime, &signer.sftVerifyAsOf);
}
ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, 0, &signer);
if (ret)
{
ret = data->psPfns->pfnAddCert2Chain(data, 0, FALSE, 0,
data->pWintrustData->u.pCert->psCertContext);
if (WVT_ISINSTRUCT(WINTRUST_CERT_INFO,
data->pWintrustData->u.pCert->cbStruct, pahStores))
for (i = 0;
ret && i < data->pWintrustData->u.pCert->chStores; i++)
ret = data->psPfns->pfnAddStore2Chain(data,
data->pWintrustData->u.pCert->pahStores[i]);
}
if (!ret)
err = GetLastError();
}
}
else
err = ERROR_INVALID_PARAMETER;
return err;
}
/* Assumes data->pWintrustData->u.pFile exists. Sets data->pPDSip->gSubject to
* the file's subject GUID.
*/
static DWORD SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
{
DWORD err = ERROR_SUCCESS;
if (!WVT_ISINSTRUCT(WINTRUST_FILE_INFO,
data->pWintrustData->u.pFile->cbStruct, pgKnownSubject) ||
!data->pWintrustData->u.pFile->pgKnownSubject)
{
if (!CryptSIPRetrieveSubjectGuid(
data->pWintrustData->u.pFile->pcwszFilePath,
data->pWintrustData->u.pFile->hFile,
&data->u.pPDSip->gSubject))
{
LARGE_INTEGER fileSize;
DWORD sipError = GetLastError();
/* Special case for empty files: the error is expected to be
* TRUST_E_SUBJECT_FORM_UNKNOWN, rather than whatever
* CryptSIPRetrieveSubjectGuid returns.
*/
if (GetFileSizeEx(data->pWintrustData->u.pFile->hFile, &fileSize)
&& !fileSize.QuadPart)
err = TRUST_E_SUBJECT_FORM_UNKNOWN;
else
err = sipError;
}
}
else
data->u.pPDSip->gSubject = *data->pWintrustData->u.pFile->pgKnownSubject;
TRACE("returning %d\n", err);
return err;
}
static LONG WINTRUST_CertActionVerify(HWND hwnd, GUID *actionID,
WINTRUST_DATA *data)
{
DWORD stateAction;
LONG err = ERROR_SUCCESS;
if (WVT_ISINSTRUCT(WINTRUST_DATA, data->cbStruct, dwStateAction))
stateAction = data->dwStateAction;
else
{
TRACE("no dwStateAction, assuming WTD_STATEACTION_IGNORE\n");
stateAction = WTD_STATEACTION_IGNORE;
}
switch (stateAction)
{
case WTD_STATEACTION_IGNORE:
err = WINTRUST_CertVerifyAndClose(hwnd, actionID, data);
break;
case WTD_STATEACTION_VERIFY:
err = WINTRUST_CertVerify(hwnd, actionID, data);
break;
case WTD_STATEACTION_CLOSE:
err = WINTRUST_DefaultClose(hwnd, actionID, data);
break;
default:
FIXME("unimplemented for %d\n", data->dwStateAction);
}
return err;
}
/***********************************************************************
* WinVerifyTrust (WINTRUST.@)
*
* Verifies an object by calling the specified trust provider.
*
* PARAMS
* hwnd [I] Handle to a caller window.
* ActionID [I] Pointer to a GUID that identifies the action to perform.
* ActionData [I] Information used by the trust provider to verify the object.
*
* RETURNS
* Success: Zero.
* Failure: A TRUST_E_* error code.
*
* NOTES
* Trust providers can be found at:
* HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\
*/
LONG WINAPI WinVerifyTrust( HWND hwnd, GUID *ActionID, LPVOID ActionData )
{
static const GUID unknown = { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,
0x00,0xC0,0x4F,0xC2,0x95,0xEE } };
static const GUID published_software = WIN_SPUB_ACTION_PUBLISHED_SOFTWARE;
static const GUID generic_verify_v2 = WINTRUST_ACTION_GENERIC_VERIFY_V2;
static const GUID generic_cert_verify = WINTRUST_ACTION_GENERIC_CERT_VERIFY;
static const GUID generic_chain_verify = WINTRUST_ACTION_GENERIC_CHAIN_VERIFY;
static const GUID cert_action_verify = CERT_CERTIFICATE_ACTION_VERIFY;
LONG err = ERROR_SUCCESS;
WINTRUST_DATA *actionData = ActionData;
TRACE("(%p, %s, %p)\n", hwnd, debugstr_guid(ActionID), ActionData);
dump_wintrust_data(ActionData);
/* Support for known old-style callers: */
if (IsEqualGUID(ActionID, &published_software))
err = WINTRUST_PublishedSoftware(hwnd, ActionID, ActionData);
else if (IsEqualGUID(ActionID, &cert_action_verify))
err = WINTRUST_CertActionVerify(hwnd, ActionID, ActionData);
else
{
DWORD stateAction;
/* Check known actions to warn of possible problems */
if (!IsEqualGUID(ActionID, &unknown) &&
!IsEqualGUID(ActionID, &generic_verify_v2) &&
!IsEqualGUID(ActionID, &generic_cert_verify) &&
!IsEqualGUID(ActionID, &generic_chain_verify))
WARN("unknown action %s, default behavior may not be right\n",
debugstr_guid(ActionID));
if (WVT_ISINSTRUCT(WINTRUST_DATA, actionData->cbStruct, dwStateAction))
stateAction = actionData->dwStateAction;
else
{
TRACE("no dwStateAction, assuming WTD_STATEACTION_IGNORE\n");
stateAction = WTD_STATEACTION_IGNORE;
}
switch (stateAction)
{
case WTD_STATEACTION_IGNORE:
err = WINTRUST_DefaultVerifyAndClose(hwnd, ActionID, ActionData);
break;
case WTD_STATEACTION_VERIFY:
err = WINTRUST_DefaultVerify(hwnd, ActionID, ActionData);
break;
case WTD_STATEACTION_CLOSE:
err = WINTRUST_DefaultClose(hwnd, ActionID, ActionData);
break;
default:
FIXME("unimplemented for %d\n", actionData->dwStateAction);
}
}
TRACE("returning %08x\n", err);
return err;
}
