Ну ежели есть зарегенные криптопровайдеры (HKLM\Software\Microsoft\Cryptography\Trust\Provider\*\) то можно делать так:
Код | unit uWinVerifyTrust;
interface
uses Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls;
type TdlgWinVerifyTrust = class(TForm) edPath: TEdit; btnVerify: TButton; PathLabel: TLabel; procedure btnVerifyClick(Sender: TObject); end;
const ////////////////////////////////////////////////////////////////////////////// // // WINTRUST_ACTION_GENERIC_VERIFY Guid (Authenticode) //---------------------------------------------------------------------------- // Assigned to the pgActionID parameter of WinVerifyTrust to verify the // authenticity of a certificate chain only using the Microsoft Authenticode // Policy Provider, // // '{189A3842-3041-11D1-85E1-00C04FC295EE}' // WINTRUST_ACTION_GENERIC_VERIFY: TGUID = '{189A3842-3041-11D1-85E1-00C04FC295EE}';
////////////////////////////////////////////////////////////////////////////// // // WINTRUST_ACTION_GENERIC_VERIFY_V2 Guid (Authenticode) //---------------------------------------------------------------------------- // Assigned to the pgActionID parameter of WinVerifyTrust to verify the // authenticity of a file/object using the Microsoft Authenticode // Policy Provider, // // {00AAC56B-CD44-11d0-8CC2-00C04FC295EE} //
WINTRUST_ACTION_GENERIC_VERIFY_V2: TGUID = '{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}';
////////////////////////////////////////////////////////////////////////////// // // HTTPSPROV_ACTION Guid (Authenticode add-on) //---------------------------------------------------------------------------- // Assigned to the pgActionID parameter of WinVerifyTrust to verify the // SSL/PCT connections through IE. // // {573E31F8-AABA-11d0-8CCB-00C04FC295EE} //
HTTPSPROV_ACTION: TGUID = '{573E31F8-AABA-11d0-8CCB-00C04FC295EE}';
type ////////////////////////////////////////////////////////////////////////////// // // WINTRUST_FILE_INFO Structure //---------------------------------------------------------------------------- // Used when calling WinVerifyTrust against an individual file. //
PWINTRUST_FILE_INFO = ^WINTRUST_FILE_INFO; WINTRUST_FILE_INFO = packed record cbStruct: DWORD; // = sizeof(WINTRUST_FILE_INFO) pcwszFilePath: PWChar; // required, file name to be verified hFile: THandle; // optional, open handle to pcwszFilePath // 09-Dec-1997 pberkman: added pgKnownSubject: PGUID; // optional: fill if the subject type is known. end; TWinTrustFileInfo = WINTRUST_FILE_INFO;
const // UI choice WTD_UI_ALL = 1; WTD_UI_NONE = 2; WTD_UI_NOBAD = 3; WTD_UI_NOGOOD = 4;
// certificate revocation check options WTD_REVOKE_NONE = 0; WTD_REVOKE_WHOLECHAIN = 1;
// dwUnionChoice WTD_CHOICE_FILE = 1; WTD_CHOICE_CATALOG = 2; WTD_CHOICE_BLOB = 3; WTD_CHOICE_SIGNER = 4; WTD_CHOICE_CERT = 5;
//Catalog File Processing WTD_STATEACTION_IGNORE = 0; WTD_STATEACTION_VERIFY = 1; WTD_STATEACTION_CLOSE = 2; WTD_STATEACTION_AUTO_CACHE = 3; WTD_STATEACTION_AUTO_CACHE_FLUSH = 4;
WTD_PROV_FLAGS_MASK = $0000FFFF; WTD_USE_IE4_TRUST_FLAG = $00000001; WTD_NO_IE4_CHAIN_FLAG = $00000002; WTD_NO_POLICY_USAGE_FLAG = $00000004; WTD_REVOCATION_CHECK_NONE = $00000010; WTD_REVOCATION_CHECK_END_CERT = $00000020; WTD_REVOCATION_CHECK_CHAIN = $00000040; WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = $00000080; WTD_SAFER_FLAG = $00000100; WTD_HASH_ONLY_FLAG = $00000200; WTD_USE_DEFAULT_OSVER_CHECK = $00000400; WTD_LIFETIME_SIGNING_FLAG = $00000800; WTD_CACHE_ONLY_URL_RETRIEVAL = $00001000; // affects CRL retrieval and AIA retrieval
WTD_UICONTEXT_EXECUTE = 0; WTD_UICONTEXT_INSTALL = 1;
type
////////////////////////////////////////////////////////////////////////////// // // WINTRUST_DATA Structure //---------------------------------------------------------------------------- // Used when calling WinVerifyTrust to pass necessary information into // the Providers. //
PWINTRUST_DATA = ^WINTRUST_DATA; WINTRUST_DATA = packed record cbStruct: DWORD; // = sizeof(WINTRUST_DATA) pPolicyCallbackData: Pointer; // optional: used to pass data between the app and policy pSIPClientData: Pointer; // optional: used to pass data between the app and SIP. dwUIChoice: DWORD; // required: UI choice. fdwRevocationChecks: DWORD; // required: certificate revocation check options dwUnionChoice: DWORD; // required: which structure is being passed in? pFile: PWINTRUST_FILE_INFO; // individual file dwStateAction: DWORD; // optional (Catalog File Processing) hWVTStateData: THandle; // optional (Catalog File Processing) pwszURLReference: PWChar; // optional: (future) used to determine zone. // 17-Feb-1998 philh: added dwProvFlags: DWORD; // 07-Jan-2004 tonyschr: added dwUIContext: DWORD; // optional: used to determine action text in UI end; TWinTrustData = WINTRUST_DATA;
////////////////////////////////////////////////////////////////////////////// // // WinVerifyTrust //---------------------------------------------------------------------------- // Exported from WINTRUST.DLL. // Call this function to verify the trust based on a digital signer. // // pWVTData points to a WINTRUST_DATA data structure. // // WTD_SAFER_FLAG should be set in WINTRUST_DATA's dwProvFlags to enable // the following semantics for the WINTRUST_ACTION_GENERIC_VERIFY_V2 // policy provider specified in pgActionID: // - return TRUST_E_NOSIGNATURE if the subject isn't signed, has an // invalid signature or unable to find the signer certificate. // UI will never be displayed when not signed. // - ignore NO_CHECK revocation errors. Otherwise, continue to return // CERT_E_REVOCATION_FAILURE. // - search the code hash and publisher databases for the WTD_UI_NONE // dwUIChoice case. The default is to only search these databases when // UI has been enabled or user trust has been disabled. // // // Returns: // ERROR_SUCCESS If the trust is authenticated or // if the user accepted the risk. // // TRUST_E_PROVIDER_UNKNOWN there was an error loading one of the // required Providers. // // all error codes passed back are based on the Policy Provider used. // // The following errors are returned when the // WINTRUST_ACTION_GENERIC_VERIFY_V2 policy provider is specified in // pgActionID: // // TRUST_E_NOSIGNATURE (when WTD_SAFER_FLAG is set in dwProvFlags) // The subject isn't signed, has an invalid signature or unable // to find the signer certificate. All signature verification // errors will map to this error. Basically all errors except for // publisher or timestamp certificate verification. // // Call GetLastError() to get the underlying reason for not having // a valid signature. // // The following LastErrors indicate that the file doesn't have a // signature: TRUST_E_NOSIGNATURE, TRUST_E_SUBJECT_FORM_UNKNOWN or // TRUST_E_PROVIDER_UNKNOWN. // // UI will never be displayed for this case. // // TRUST_E_EXPLICIT_DISTRUST // Returned if the hash representing the subject is trusted as // AUTHZLEVELID_DISALLOWED or the publisher is in the "Disallowed" // store. Also returned if the publisher certificate is revoked. // // UI will never be displayed for this case. // // ERROR_SUCCESS // No UI unless noted below. // // Returned for the following: // - Hash representing the subject is trusted as // AUTHZLEVELID_FULLYTRUSTED // - The publisher certificate exists in the // "TrustedPublisher" store and there weren't any verification errors. // - UI was enabled and the user clicked "Yes" when asked // to install and run the signed subject. // - UI was disabled. No publisher or timestamp chain error. // // TRUST_E_SUBJECT_NOT_TRUSTED // UI was enabled and the the user clicked "No" when asked to install // and run the signed subject. // // CRYPT_E_SECURITY_SETTINGS // The subject hash or publisher wasn't explicitly trusted and // user trust wasn't allowed in the safer authenticode flags. // No UI will be displayed for this case. // // The subject is signed and its signature successfully // verified. // // Any publisher or timestamp chain error. If WTD_SAFER_FLAG wasn't set in // dwProvFlags, any signed code verification error. //
function WinVerifyTrust(hwnd: THandle; pgActionID: PGUID; pWVTData: PWINTRUST_DATA): DWORD; external 'Wintrust.dll';
const // Return codes:
// The cryptographic operation failed due to a local security option setting. CRYPT_E_SECURITY_SETTINGS = $80092026; // The trust provider is not recognized on this system. TRUST_E_PROVIDER_UNKNOWN = $800B0001; // The trust provider does not support the specified action. TRUST_E_ACTIONUNKNOWN = $800B0002; // The trust provider does not support the form specified for the subject. TRUST_E_SUBJECT_FORM_UNKNOWN = $800B0003; // The subject is not trusted for the specified action. TRUST_E_SUBJECT_NOT_TRUSTED = $800B0004; // No signature was present in the subject. TRUST_E_NOSIGNATURE = $800B0100; // The certificate was explicitly marked as untrusted by the user. TRUST_E_EXPLICIT_DISTRUST = $800B0111;
var dlgWinVerifyTrust: TdlgWinVerifyTrust;
implementation
{$R *.dfm}
procedure TdlgWinVerifyTrust.btnVerifyClick(Sender: TObject); var WinTrustData: TWinTrustData; FileInfo: TWinTrustFileInfo; WinVerifyTrustResult: DWORD; guidPublishedSoftware: TGUID; begin ZeroMemory(@FileInfo, SizeOf(TWinTrustFileInfo)); FileInfo.cbStruct := SizeOf(TWinTrustFileInfo); FileInfo.pcwszFilePath := StringToOleStr(edPath.Text); ZeroMemory(@WinTrustData, SizeOf(TWinTrustData)); WinTrustData.cbStruct := SizeOf(TWinTrustData); WinTrustData.dwUIChoice := WTD_UI_NONE; WinTrustData.dwUnionChoice := WTD_CHOICE_FILE; WinTrustData.pFile := @FileInfo; guidPublishedSoftware := WINTRUST_ACTION_GENERIC_VERIFY; WinVerifyTrustResult := WinVerifyTrust(INVALID_HANDLE_VALUE, @guidPublishedSoftware, @WinTrustData); case WinVerifyTrustResult of ERROR_SUCCESS: ShowMessage('Done'); else ShowMessage(SysErrorMessage(WinVerifyTrustResult)); end; end;
end.
|
|