Ну ежели есть зарегенные криптопровайдеры (HKLM\Software\Microsoft\Cryptography\Trust\Provider\*\) то можно делать так:
| Код |
unit uWinVerifyTrust;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TdlgWinVerifyTrust = class(TForm)
edPath: TEdit;
btnVerify: TButton;
PathLabel: TLabel;
procedure btnVerifyClick(Sender: TObject);
end;
const
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_ACTION_GENERIC_VERIFY Guid (Authenticode)
//----------------------------------------------------------------------------
// Assigned to the pgActionID parameter of WinVerifyTrust to verify the
// authenticity of a certificate chain only using the Microsoft Authenticode
// Policy Provider,
//
// '{189A3842-3041-11D1-85E1-00C04FC295EE}'
//
WINTRUST_ACTION_GENERIC_VERIFY: TGUID =
'{189A3842-3041-11D1-85E1-00C04FC295EE}';
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_ACTION_GENERIC_VERIFY_V2 Guid (Authenticode)
//----------------------------------------------------------------------------
// Assigned to the pgActionID parameter of WinVerifyTrust to verify the
// authenticity of a file/object using the Microsoft Authenticode
// Policy Provider,
//
// {00AAC56B-CD44-11d0-8CC2-00C04FC295EE}
//
WINTRUST_ACTION_GENERIC_VERIFY_V2: TGUID =
'{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}';
//////////////////////////////////////////////////////////////////////////////
//
// HTTPSPROV_ACTION Guid (Authenticode add-on)
//----------------------------------------------------------------------------
// Assigned to the pgActionID parameter of WinVerifyTrust to verify the
// SSL/PCT connections through IE.
//
// {573E31F8-AABA-11d0-8CCB-00C04FC295EE}
//
HTTPSPROV_ACTION: TGUID =
'{573E31F8-AABA-11d0-8CCB-00C04FC295EE}';
type
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_FILE_INFO Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust against an individual file.
//
PWINTRUST_FILE_INFO = ^WINTRUST_FILE_INFO;
WINTRUST_FILE_INFO = packed record
cbStruct: DWORD; // = sizeof(WINTRUST_FILE_INFO)
pcwszFilePath: PWChar; // required, file name to be verified
hFile: THandle; // optional, open handle to pcwszFilePath
// 09-Dec-1997 pberkman: added
pgKnownSubject: PGUID; // optional: fill if the subject type is known.
end;
TWinTrustFileInfo = WINTRUST_FILE_INFO;
const
// UI choice
WTD_UI_ALL = 1;
WTD_UI_NONE = 2;
WTD_UI_NOBAD = 3;
WTD_UI_NOGOOD = 4;
// certificate revocation check options
WTD_REVOKE_NONE = 0;
WTD_REVOKE_WHOLECHAIN = 1;
// dwUnionChoice
WTD_CHOICE_FILE = 1;
WTD_CHOICE_CATALOG = 2;
WTD_CHOICE_BLOB = 3;
WTD_CHOICE_SIGNER = 4;
WTD_CHOICE_CERT = 5;
//Catalog File Processing
WTD_STATEACTION_IGNORE = 0;
WTD_STATEACTION_VERIFY = 1;
WTD_STATEACTION_CLOSE = 2;
WTD_STATEACTION_AUTO_CACHE = 3;
WTD_STATEACTION_AUTO_CACHE_FLUSH = 4;
WTD_PROV_FLAGS_MASK = $0000FFFF;
WTD_USE_IE4_TRUST_FLAG = $00000001;
WTD_NO_IE4_CHAIN_FLAG = $00000002;
WTD_NO_POLICY_USAGE_FLAG = $00000004;
WTD_REVOCATION_CHECK_NONE = $00000010;
WTD_REVOCATION_CHECK_END_CERT = $00000020;
WTD_REVOCATION_CHECK_CHAIN = $00000040;
WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = $00000080;
WTD_SAFER_FLAG = $00000100;
WTD_HASH_ONLY_FLAG = $00000200;
WTD_USE_DEFAULT_OSVER_CHECK = $00000400;
WTD_LIFETIME_SIGNING_FLAG = $00000800;
WTD_CACHE_ONLY_URL_RETRIEVAL = $00001000; // affects CRL retrieval and AIA retrieval
WTD_UICONTEXT_EXECUTE = 0;
WTD_UICONTEXT_INSTALL = 1;
type
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_DATA Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust to pass necessary information into
// the Providers.
//
PWINTRUST_DATA = ^WINTRUST_DATA;
WINTRUST_DATA = packed record
cbStruct: DWORD; // = sizeof(WINTRUST_DATA)
pPolicyCallbackData: Pointer; // optional: used to pass data between the app and policy
pSIPClientData: Pointer; // optional: used to pass data between the app and SIP.
dwUIChoice: DWORD; // required: UI choice.
fdwRevocationChecks: DWORD; // required: certificate revocation check options
dwUnionChoice: DWORD; // required: which structure is being passed in?
pFile: PWINTRUST_FILE_INFO; // individual file
dwStateAction: DWORD; // optional (Catalog File Processing)
hWVTStateData: THandle; // optional (Catalog File Processing)
pwszURLReference: PWChar; // optional: (future) used to determine zone.
// 17-Feb-1998 philh: added
dwProvFlags: DWORD;
// 07-Jan-2004 tonyschr: added
dwUIContext: DWORD; // optional: used to determine action text in UI
end;
TWinTrustData = WINTRUST_DATA;
//////////////////////////////////////////////////////////////////////////////
//
// WinVerifyTrust
//----------------------------------------------------------------------------
// Exported from WINTRUST.DLL.
// Call this function to verify the trust based on a digital signer.
//
// pWVTData points to a WINTRUST_DATA data structure.
//
// WTD_SAFER_FLAG should be set in WINTRUST_DATA's dwProvFlags to enable
// the following semantics for the WINTRUST_ACTION_GENERIC_VERIFY_V2
// policy provider specified in pgActionID:
// - return TRUST_E_NOSIGNATURE if the subject isn't signed, has an
// invalid signature or unable to find the signer certificate.
// UI will never be displayed when not signed.
// - ignore NO_CHECK revocation errors. Otherwise, continue to return
// CERT_E_REVOCATION_FAILURE.
// - search the code hash and publisher databases for the WTD_UI_NONE
// dwUIChoice case. The default is to only search these databases when
// UI has been enabled or user trust has been disabled.
//
//
// Returns:
// ERROR_SUCCESS If the trust is authenticated or
// if the user accepted the risk.
//
// TRUST_E_PROVIDER_UNKNOWN there was an error loading one of the
// required Providers.
//
// all error codes passed back are based on the Policy Provider used.
//
// The following errors are returned when the
// WINTRUST_ACTION_GENERIC_VERIFY_V2 policy provider is specified in
// pgActionID:
//
// TRUST_E_NOSIGNATURE (when WTD_SAFER_FLAG is set in dwProvFlags)
// The subject isn't signed, has an invalid signature or unable
// to find the signer certificate. All signature verification
// errors will map to this error. Basically all errors except for
// publisher or timestamp certificate verification.
//
// Call GetLastError() to get the underlying reason for not having
// a valid signature.
//
// The following LastErrors indicate that the file doesn't have a
// signature: TRUST_E_NOSIGNATURE, TRUST_E_SUBJECT_FORM_UNKNOWN or
// TRUST_E_PROVIDER_UNKNOWN.
//
// UI will never be displayed for this case.
//
// TRUST_E_EXPLICIT_DISTRUST
// Returned if the hash representing the subject is trusted as
// AUTHZLEVELID_DISALLOWED or the publisher is in the "Disallowed"
// store. Also returned if the publisher certificate is revoked.
//
// UI will never be displayed for this case.
//
// ERROR_SUCCESS
// No UI unless noted below.
//
// Returned for the following:
// - Hash representing the subject is trusted as
// AUTHZLEVELID_FULLYTRUSTED
// - The publisher certificate exists in the
// "TrustedPublisher" store and there weren't any verification errors.
// - UI was enabled and the user clicked "Yes" when asked
// to install and run the signed subject.
// - UI was disabled. No publisher or timestamp chain error.
//
// TRUST_E_SUBJECT_NOT_TRUSTED
// UI was enabled and the the user clicked "No" when asked to install
// and run the signed subject.
//
// CRYPT_E_SECURITY_SETTINGS
// The subject hash or publisher wasn't explicitly trusted and
// user trust wasn't allowed in the safer authenticode flags.
// No UI will be displayed for this case.
//
// The subject is signed and its signature successfully
// verified.
//
// Any publisher or timestamp chain error. If WTD_SAFER_FLAG wasn't set in
// dwProvFlags, any signed code verification error.
//
function WinVerifyTrust(hwnd: THandle; pgActionID: PGUID;
pWVTData: PWINTRUST_DATA): DWORD; external 'Wintrust.dll';
const
// Return codes:
// The cryptographic operation failed due to a local security option setting.
CRYPT_E_SECURITY_SETTINGS = $80092026;
// The trust provider is not recognized on this system.
TRUST_E_PROVIDER_UNKNOWN = $800B0001;
// The trust provider does not support the specified action.
TRUST_E_ACTIONUNKNOWN = $800B0002;
// The trust provider does not support the form specified for the subject.
TRUST_E_SUBJECT_FORM_UNKNOWN = $800B0003;
// The subject is not trusted for the specified action.
TRUST_E_SUBJECT_NOT_TRUSTED = $800B0004;
// No signature was present in the subject.
TRUST_E_NOSIGNATURE = $800B0100;
// The certificate was explicitly marked as untrusted by the user.
TRUST_E_EXPLICIT_DISTRUST = $800B0111;
var
dlgWinVerifyTrust: TdlgWinVerifyTrust;
implementation
{$R *.dfm}
procedure TdlgWinVerifyTrust.btnVerifyClick(Sender: TObject);
var
WinTrustData: TWinTrustData;
FileInfo: TWinTrustFileInfo;
WinVerifyTrustResult: DWORD;
guidPublishedSoftware: TGUID;
begin
ZeroMemory(@FileInfo, SizeOf(TWinTrustFileInfo));
FileInfo.cbStruct := SizeOf(TWinTrustFileInfo);
FileInfo.pcwszFilePath := StringToOleStr(edPath.Text);
ZeroMemory(@WinTrustData, SizeOf(TWinTrustData));
WinTrustData.cbStruct := SizeOf(TWinTrustData);
WinTrustData.dwUIChoice := WTD_UI_NONE;
WinTrustData.dwUnionChoice := WTD_CHOICE_FILE;
WinTrustData.pFile := @FileInfo;
guidPublishedSoftware := WINTRUST_ACTION_GENERIC_VERIFY;
WinVerifyTrustResult :=
WinVerifyTrust(INVALID_HANDLE_VALUE,
@guidPublishedSoftware, @WinTrustData);
case WinVerifyTrustResult of
ERROR_SUCCESS:
ShowMessage('Done');
else
ShowMessage(SysErrorMessage(WinVerifyTrustResult));
end;
end;
end.
|
|
