124 lines
4.3 KiB
C
124 lines
4.3 KiB
C
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) 1998-2000 Microsoft Corporation. All Rights Reserved.
|
|
//
|
|
// No portion of this source code may be reproduced
|
|
// without express written permission of Microsoft Corporation.
|
|
//
|
|
// This source code is proprietary and confidential.
|
|
//
|
|
// SYSTEM: Industry Update
|
|
//
|
|
// CLASS: N/A
|
|
// MODULE: TRUST.LIB
|
|
// FILE: TRUST.H
|
|
//
|
|
/////////////////////////////////////////////////////////////////////
|
|
//
|
|
// DESC: this header file declares functions used to make cabs
|
|
// signed by certain providers trusted.
|
|
//
|
|
// AUTHOR: Charles Ma, converted from WU CDMLIB
|
|
// DATE: 10/4/2000
|
|
//
|
|
/////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Revision History:
|
|
//
|
|
// Date Author Description
|
|
// ~~~~ ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
// 2002-01-18 KenSh Added revocation check param to VerifyFileTrust
|
|
//
|
|
/////////////////////////////////////////////////////////////////////
|
|
//
|
|
|
|
#pragma once
|
|
|
|
|
|
//
|
|
// define the number of bytes needed to store a SHA1 hashing value
|
|
// of the public key
|
|
//
|
|
const UINT HASH_VAL_SIZE = 20;
|
|
|
|
//
|
|
// define structure used to pass in the hash values to the following
|
|
// function in order to detect if one of the hash matches the
|
|
// public key of the leaf cert of a file.
|
|
//
|
|
typedef struct _HASH_STRUCT {
|
|
UINT uiCount;
|
|
PBYTE pCerts;
|
|
} CERT_HASH_ARRAY, *pCERT_HASH_ARRAY;
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Public Function VerifyFileTrust()
|
|
//
|
|
// This is a wrapper function for CheckWinTrust that both Whistler
|
|
// and WU classic code should use.
|
|
//
|
|
// Input: szFileName - the file with complete path
|
|
// pbSha1HashVae - a pointer to a 20 byte long buffer, containing
|
|
// the signature SHA1 hashing value that should
|
|
// be used to check this file, or NULL for checking
|
|
// known Microsoft cert.
|
|
// fShowBadUI - whether pop up UI in cases
|
|
// (1) inproperly signed signature, or
|
|
// (2) properly signed with a non-MS cert
|
|
// fCheckRevocation - whether the certificat revocation list (CRL) is
|
|
// checked to see whether any of the certs in the chain
|
|
// have been revoked. Never prompts the user to initiate
|
|
// a dial-up connection. Default = FALSE.
|
|
//
|
|
// Return: HRESULT - S_OK the file is signed with a valid cert
|
|
// or error code.
|
|
// If the file is signed correctly but cert is not
|
|
// a known Microsoft cert, or it's SHA1 hash does not match
|
|
// the one passed in, then CERT_UNTRUSTED_ROOT is returned.
|
|
//
|
|
// Good Cert: Here is the deifnition of a good cert, in addition to the fact
|
|
// that the signature must be valid and not expired.
|
|
// (1) The signature was signed with a cert that has
|
|
// "Microsoft Root Authority" as root, or
|
|
// (2) Parameter pbSha1HashVal is not NULL, and the file's SHA1
|
|
// hashing value of signature matches this value, or
|
|
// (3) The signature was signed with one of the following known
|
|
// Microsoft cert's (they are not rooted to MS) and
|
|
// pbSha1HashVal is NULL.
|
|
// * Microsoft Corporation
|
|
// * Microsoft Corporation MSN
|
|
// * MSNBC Interactive News LLC
|
|
// * Microsoft Corporation MSN (Europe)
|
|
// * Microsoft Corporation (Europe)
|
|
//
|
|
// Note: If _WUV3TEST flag is set (for test build), then fShowBadUI is
|
|
// ignored:
|
|
// if reg key SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\wuv3test\WinTrustUI
|
|
// is set to 1, then no UI is shown, and this function always return S_OK;
|
|
// otherwise, UI always show no matter what cert, and return value is same
|
|
// as the live build.
|
|
//
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
HRESULT VerifyFileTrust(
|
|
IN LPCTSTR szFileName,
|
|
IN pCERT_HASH_ARRAY pHashArray,
|
|
BOOL fShowBadUI,
|
|
BOOL fCheckRevocation = FALSE
|
|
);
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Public Function ReadWUPolicyShowTrustUI()
|
|
//
|
|
// Input: void
|
|
//
|
|
// Return: BOOL - FALSE means ShowTrustUI regkey is not present, or is set to 0
|
|
// TRUE means ShowTrustUI regkey is present and is set to 1
|
|
//
|
|
//
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
BOOL ReadWUPolicyShowTrustUI();
|