Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
//////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 1998-2000 Microsoft Corporation. All Rights Reserved.
//
// No portion of this source code may be reproduced
// without express written permission of Microsoft Corporation.
//
// This source code is proprietary and confidential.
//
// SYSTEM: Industry Update
//
// CLASS: N/A
// MODULE: TRUST.LIB
// FILE: TRUST.H
//
/////////////////////////////////////////////////////////////////////
//
// DESC: this header file declares functions used to make cabs
// signed by certain providers trusted.
//
// AUTHOR: Charles Ma, converted from WU CDMLIB
// DATE: 10/4/2000
//
/////////////////////////////////////////////////////////////////////
//
// Revision History:
//
// Date Author Description
// ~~~~ ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// 2002-01-18 KenSh Added revocation check param to VerifyFileTrust
//
/////////////////////////////////////////////////////////////////////
//
#pragma once
//
// define the number of bytes needed to store a SHA1 hashing value
// of the public key
//
const UINT HASH_VAL_SIZE = 20;
//
// define structure used to pass in the hash values to the following
// function in order to detect if one of the hash matches the
// public key of the leaf cert of a file.
//
typedef struct _HASH_STRUCT { UINT uiCount; PBYTE pCerts; } CERT_HASH_ARRAY, *pCERT_HASH_ARRAY;
/////////////////////////////////////////////////////////////////////////////
//
// Public Function VerifyFileTrust()
//
// This is a wrapper function for CheckWinTrust that both Whistler
// and WU classic code should use.
//
// Input: szFileName - the file with complete path
// pbSha1HashVae - a pointer to a 20 byte long buffer, containing
// the signature SHA1 hashing value that should
// be used to check this file, or NULL for checking
// known Microsoft cert.
// fShowBadUI - whether pop up UI in cases
// (1) inproperly signed signature, or
// (2) properly signed with a non-MS cert
// fCheckRevocation - whether the certificat revocation list (CRL) is
// checked to see whether any of the certs in the chain
// have been revoked. Never prompts the user to initiate
// a dial-up connection. Default = FALSE.
//
// Return: HRESULT - S_OK the file is signed with a valid cert
// or error code.
// If the file is signed correctly but cert is not
// a known Microsoft cert, or it's SHA1 hash does not match
// the one passed in, then CERT_UNTRUSTED_ROOT is returned.
//
// Good Cert: Here is the deifnition of a good cert, in addition to the fact
// that the signature must be valid and not expired.
// (1) The signature was signed with a cert that has
// "Microsoft Root Authority" as root, or
// (2) Parameter pbSha1HashVal is not NULL, and the file's SHA1
// hashing value of signature matches this value, or
// (3) The signature was signed with one of the following known
// Microsoft cert's (they are not rooted to MS) and
// pbSha1HashVal is NULL.
// * Microsoft Corporation
// * Microsoft Corporation MSN
// * MSNBC Interactive News LLC
// * Microsoft Corporation MSN (Europe)
// * Microsoft Corporation (Europe)
//
// Note: If _WUV3TEST flag is set (for test build), then fShowBadUI is
// ignored:
// if reg key SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\wuv3test\WinTrustUI
// is set to 1, then no UI is shown, and this function always return S_OK;
// otherwise, UI always show no matter what cert, and return value is same
// as the live build.
//
/////////////////////////////////////////////////////////////////////////////
HRESULT VerifyFileTrust( IN LPCTSTR szFileName, IN pCERT_HASH_ARRAY pHashArray, BOOL fShowBadUI, BOOL fCheckRevocation = FALSE );
/////////////////////////////////////////////////////////////////////////////
//
// Public Function ReadWUPolicyShowTrustUI()
//
// Input: void
//
// Return: BOOL - FALSE means ShowTrustUI regkey is not present, or is set to 0
// TRUE means ShowTrustUI regkey is present and is set to 1
//
//
/////////////////////////////////////////////////////////////////////////////
BOOL ReadWUPolicyShowTrustUI();
|