📄 wintrust.h
字号:
typedef BOOL (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);
//////////////////////////////////////////////////////////////////////////////
//
// Provider function prototypes
//----------------------------------------------------------------------------
//
//
// entry point for the object provider
//
typedef HRESULT (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the object provider
//
typedef HRESULT (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Signature Provider
//
typedef HRESULT (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Certificate Provider
//
typedef HRESULT (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's final call (from the trust provider)
//
typedef HRESULT (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's "dump structure" call
//
typedef HRESULT (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's Cert Check call. This will return
// true if the Trust Provider is to continue building the certificate chain.
// If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
// self-signed, root.
//
typedef BOOL (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN DWORD idxSigner,
IN BOOL fCounterSignerChain,
IN OPTIONAL DWORD idxCounterSigner);
#pragma pack(8)
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_FUNCTIONS structure
//----------------------------------------------------------------------------
//
//
typedef struct _CRYPT_PROVIDER_FUNCTIONS
{
DWORD cbStruct;
PFN_CPD_MEM_ALLOC pfnAlloc; // set in WVT
PFN_CPD_MEM_FREE pfnFree; // set in WVT
PFN_CPD_ADD_STORE pfnAddStore2Chain; // call to add a store to the chain.
PFN_CPD_ADD_SGNR pfnAddSgnr2Chain; // call to add a sgnr struct to a msg struct sgnr chain
PFN_CPD_ADD_CERT pfnAddCert2Chain; // call to add a cert struct to a sgnr struct cert chain
PFN_CPD_ADD_PRIVDATA pfnAddPrivData2Chain; // call to add provider private data to struct.
PFN_PROVIDER_INIT_CALL pfnInitialize; // initialize Policy data.
PFN_PROVIDER_OBJTRUST_CALL pfnObjectTrust; // build info up to the signer info(s).
PFN_PROVIDER_SIGTRUST_CALL pfnSignatureTrust; // build info to the signing cert
PFN_PROVIDER_CERTTRUST_CALL pfnCertificateTrust; // build the chain
PFN_PROVIDER_FINALPOLICY_CALL pfnFinalPolicy; // final call to policy
PFN_PROVIDER_CERTCHKPOLICY_CALL pfnCertCheckPolicy; // check each cert will building chain
PFN_PROVIDER_TESTFINALPOLICY_CALL pfnTestFinalPolicy; // dump structures to a file (or whatever the policy chooses)
} CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_CERT structure
//----------------------------------------------------------------------------
// After the Signature and Certificate Providers are finished there will
// be zero to many of these filled out in the CRYPT_PROVIDER_SGNR
// structure. One for each certificate in the chain.
//
//
typedef struct _CRYPT_PROVIDER_CERT
{
DWORD cbStruct;
PCCERT_CONTEXT pCert; // must have its own ref-count!
BOOL fCommercial;
BOOL fTrustedRoot; // certchk policy should set this.
BOOL fSelfSigned; // set in cert provider
BOOL fTestCert; // certchk policy will set
DWORD dwRevokedReason;
DWORD dwConfidence; // set in the Certificate Provider
# define CERT_CONFIDENCE_SIG 0x10000000
# define CERT_CONFIDENCE_TIME 0x01000000
# define CERT_CONFIDENCE_TIMENEST 0x00100000
# define CERT_CONFIDENCE_AUTHIDEXT 0x00010000
# define CERT_CONFIDENCE_HIGHEST 0x11110000
DWORD dwError;
} CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_SGNR structure
//----------------------------------------------------------------------------
// After the Signature Provider is finished there will be zero to many of these
// filled out. One for each signer of the message. Also, there will be zero
// to many of these filled out inside this structure. One for each counter
// signer of the signer.
//
// IMPORTANT: 1. All dynamically allocated members MUST use allocation
// and Add2 functions provided.
//
typedef struct _CRYPT_PROVIDER_SGNR
{
DWORD cbStruct;
FILETIME sftVerifyAsOf; // either today's filetime or the timestamps
DWORD csCertChain; // do NOT set manually.
CRYPT_PROVIDER_CERT *pasCertChain; // use the Add2 allocator
DWORD dwSignerType; // set if known by policy
# define SGNR_TYPE_TIMESTAMP 0x00000010
CMSG_SIGNER_INFO *psSigner; // must use the pfnAlloc allocator!
DWORD dwError; // error encounted while building/verifying the signer.
DWORD csCounterSigners; // do NOT set manually.
struct _CRYPT_PROVIDER_SGNR *pasCounterSigners; // use the Add2 allocator.
} CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_PRIVDATA structure
//----------------------------------------------------------------------------
// This structure is to allow Policy Provider functions to share
// POLICY SPECIFIC data between Policy Functions.
// The Policy must use the pfnAddPrivateData2Chain function and
// must free any data within the member before the Final Policy returns
// to WVT.
// To allow multiple providers to use this feature, each provider that
// uses this member must set the provider ID to it's Action ID so that
// the provider can find its data and ignore any other.
//
typedef struct _CRYPT_PROVIDER_PRIVDATA
{
DWORD cbStruct;
GUID gProviderID;
DWORD cbProvData;
void *pvProvData;
} CRYPT_PROVIDER_PRIVDATA, *PCRYPT_PROVIDER_PRIVDATA;
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_DATA Structure
//----------------------------------------------------------------------------
// Used to pass information between WinVerifyTrust and all of the Provider
// calls.
//
// IMPORTANT: 1. All dynamically allocated members MUST use the allocation
// and Add2 functions provided.
//
typedef struct _CRYPT_PROVIDER_DATA
{
DWORD cbStruct; // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)
WINTRUST_DATA *pWintrustData; // NOT verified (set in WVT)
BOOL fOpenedFile; // the provider opened the file handle (if applicable)
HWND hWndParent; // if passed in, else, Desktop hWnd (set in WVT).
GUID *pgActionID; // represents the Provider combination (set in WVT).
HCRYPTPROV hProv; // set in WVT
DWORD dwError; // error to be returned
DWORD dwRegSecuritySettings; // ie security settings (set in WVT)
DWORD dwRegPolicySettings; // setreg settings (set in WVT)
CRYPT_PROVIDER_FUNCTIONS sPfns; // set in WVT.
DWORD cdwTrustStepErrors; // set in WVT.
DWORD *padwTrustStepErrors; // allocated in WVT. filled in WVT & Trust Provider
DWORD chStores; // number of stores in pahStores (root set in WVT)
HCERTSTORE *pahStores; // array of known stores (root set in WVT) root is ALWAYS #0!!!
DWORD dwEncoding; // message encoding type (set in WVT and Signature Prov)
HCRYPTMSG hMsg; // set in Signature Prov.
GUID gSubject; // subject guid of file/member file. (set in Sig Prov)
struct SIP_DISPATCH_INFO_ *pSip; // set in Sig Prov - defined in sipbase.h
struct SIP_DISPATCH_INFO_ *pCATSip; // set in Sig Prov - defined in sipbase.h
struct SIP_SUBJECTINFO_ *psSipSubjectInfo; // set in Sig Prov - defined in sipbase.h
struct SIP_SUBJECTINFO_ *psSipCATSubjectInfo; // set in Sig Prov - defined in sipbase.h
struct SIP_INDIRECT_DATA_ *psIndirectData; // set in Sig Prov - defined in sipbase.h
DWORD csSigners; // use Add2 function!
CRYPT_PROVIDER_SGNR *pasSigners; // use Add2 function!
DWORD csProvPrivData; // use Add2 function!
CRYPT_PROVIDER_PRIVDATA *pasProvPrivData; // use Add2 function!
} CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;
//////////////////////////////////////////////////////////////////////////////
//
// structures used to register action IDs
//----------------------------------------------------------------------------
//
typedef struct _CRYPT_TRUST_REG_ENTRY
{
DWORD cbStruct;
WCHAR *pwszDLLName;
WCHAR *pwszFunctionName;
} CRYPT_TRUST_REG_ENTRY, *PCRYPT_TRUST_REG_ENTRY;
typedef struct _CRYPT_REGISTER_ACTIONID
{
DWORD cbStruct;
CRYPT_TRUST_REG_ENTRY sInitProvider;
CRYPT_TRUST_REG_ENTRY sObjectProvider;
CRYPT_TRUST_REG_ENTRY sSignatureProvider;
CRYPT_TRUST_REG_ENTRY sCertificateProvider;
CRYPT_TRUST_REG_ENTRY sCertificatePolicyProvider;
CRYPT_TRUST_REG_ENTRY sFinalPolicyProvider;
CRYPT_TRUST_REG_ENTRY sTestPolicyProvider;
} CRYPT_REGISTER_ACTIONID, *PCRYPT_REGISTER_ACTIONID;
#pragma pack()
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST.DLL Provider defines
//----------------------------------------------------------------------------
// The following are definitions of the Microsoft Generic Cert Provider
//
#define WT_CURRENT_VERSION 0x00000200
#define WT_MAX_FUNC_NAME 128
#define WT_PROVIDER_DLL_NAME L"WINTRUST.DLL"
#define WT_PROVIDER_CERTTRUST_FUNCTION L"WintrustCertificateTrust"
//////////////////////////////////////////////////////////////////////////////
//
// WintrustAddActionID
//----------------------------------------------------------------------------
// Adds a new Provider combination to the users'
// system. Creates all necessary registry entries, etc. This should be done
// during the Policy Provider's DllRegisterServer.
//
// *** THE ONLY ONE WHO SHOULD CALL THIS IS THE POLICY PROVIDER ***
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI WintrustAddActionID(IN GUID *pgActionID,
IN DWORD fdwReserved, // future use.
IN CRYPT_REGISTER_ACTIONID *psProvInfo);
//////////////////////////////////////////////////////////////////////////////
//
// WintrustRemoveActionID
//----------------------------------------------------------------------------
// Removes the Provider action combination from the users'
// system.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI WintrustRemoveActionID(IN GUID *pgActionID);
//////////////////////////////////////////////////////////////////////////////
//
// WintrustLoadFunctionPointers
//----------------------------------------------------------------------------
// Retrieves the function entry points based on the Action ID given.
//
// Returns:
// TRUE success.
// FALSE fail.
//
extern BOOL WINAPI WintrustLoadFunctionPointers(GUID *pgActionID, CRYPT_PROVIDER_FUNCTIONS *pPfns);
//
// helper functions exported from wintrust.dll
//
extern HANDLE WINAPI WTHelperGetFileHandle(WINTRUST_DATA *pWintrustData);
extern WCHAR * WINAPI WTHelperGetFileName(WINTRUST_DATA *pWintrustData);
extern PCCERT_CONTEXT WINAPI WTHelperCertFindIssuerCertificate(CRYPT_PROVIDER_DATA *pProvData,
CRYPT_PROVIDER_SGNR *pSgnr,
PCCERT_CONTEXT pChildContext,
DWORD *pdwConfidence,
DWORD *pdwError);
extern BOOL WINAPI WTHelperCertIsSelfSigned(DWORD dwEncoding, CERT_INFO *pCert);
extern BOOL WINAPI WTHelperOpenKnownStores(CRYPT_PROVIDER_DATA *pProvData);
#endif // WINTRUST_H
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -