📄 wintrust.h
字号:
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: wintrust.h
//
// Contents: Microsoft Internet Security Trust Provider Model
//
// History: 31-May-1997 pberkman created
//
//--------------------------------------------------------------------------
#ifndef WINTRUST_H
#define WINTRUST_H
#if _MSC_VER > 1000
#pragma once
#endif
#include <wincrypt.h>
#ifdef __cplusplus
extern "C"
{
#endif
#ifndef WIN_CERT_REVISION_1_0 // there were duplicate definitions in winbase.h
# define WT_DEFINE_ALL_APIS
#else
# undef WT_DEFINE_ALL_APIS
#endif
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
//
// Client definitions, typedefs, and prototypes
//
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
#include <pshpack8.h>
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_DATA Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust to pass necessary information into
// the Providers.
//
typedef struct _WINTRUST_DATA
{
DWORD cbStruct; // = sizeof(WINTRUST_DATA)
LPVOID pPolicyCallbackData; // optional: used to pass data between the app and policy
LPVOID pSIPClientData; // optional: used to pass data between the app and SIP.
DWORD dwUIChoice; // required: UI choice. One of the following.
# define WTD_UI_ALL 1
# define WTD_UI_NONE 2
# define WTD_UI_NOBAD 3
# define WTD_UI_NOGOOD 4
DWORD fdwRevocationChecks; // required: certificate revocation check options
# define WTD_REVOKE_NONE 0x00000000
# define WTD_REVOKE_WHOLECHAIN 0x00000001
DWORD dwUnionChoice; // required: which structure is being passed in?
# define WTD_CHOICE_FILE 1
# define WTD_CHOICE_CATALOG 2
# define WTD_CHOICE_BLOB 3
# define WTD_CHOICE_SIGNER 4
# define WTD_CHOICE_CERT 5
union
{
struct WINTRUST_FILE_INFO_ *pFile; // individual file
struct WINTRUST_CATALOG_INFO_ *pCatalog; // member of a Catalog File
struct WINTRUST_BLOB_INFO_ *pBlob; // memory blob
struct WINTRUST_SGNR_INFO_ *pSgnr; // signer structure only
struct WINTRUST_CERT_INFO_ *pCert;
};
DWORD dwStateAction; // optional (Catalog File Processing)
# define WTD_STATEACTION_IGNORE 0x00000000
# define WTD_STATEACTION_VERIFY 0x00000001
# define WTD_STATEACTION_CLOSE 0x00000002
# define WTD_STATEACTION_AUTO_CACHE 0x00000003
# define WTD_STATEACTION_AUTO_CACHE_FLUSH 0x00000004
HANDLE hWVTStateData; // optional (Catalog File Processing)
WCHAR *pwszURLReference; // optional: (future) used to determine zone.
// 17-Feb-1998 philh: added
DWORD dwProvFlags;
# define WTD_PROV_FLAGS_MASK 0x0000FFFF
# define WTD_USE_IE4_TRUST_FLAG 0x00000001
# define WTD_NO_IE4_CHAIN_FLAG 0x00000002
# define WTD_NO_POLICY_USAGE_FLAG 0x00000004
# define WTD_REVOCATION_CHECK_NONE 0x00000010
# define WTD_REVOCATION_CHECK_END_CERT 0x00000020
# define WTD_REVOCATION_CHECK_CHAIN 0x00000040
# define WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000080
# define WTD_SAFER_FLAG 0x00000100
# define WTD_HASH_ONLY_FLAG 0x00000200
# define WTD_USE_DEFAULT_OSVER_CHECK 0x00000400
# define WTD_LIFETIME_SIGNING_FLAG 0x00000800
// 07-Jan-2004 tonyschr: added
DWORD dwUIContext; // optional: used to determine action text in UI
# define WTD_UICONTEXT_EXECUTE 0
# define WTD_UICONTEXT_INSTALL 1
} WINTRUST_DATA, *PWINTRUST_DATA;
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_FILE_INFO Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust against an individual file.
//
typedef struct WINTRUST_FILE_INFO_
{
DWORD cbStruct; // = sizeof(WINTRUST_FILE_INFO)
LPCWSTR pcwszFilePath; // required, file name to be verified
HANDLE hFile; // optional, open handle to pcwszFilePath
// 09-Dec-1997 pberkman: added
GUID *pgKnownSubject; // optional: fill if the subject type is known.
} WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_CATALOG_INFO Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust against a member of a Microsoft Catalog
// file.
//
typedef struct WINTRUST_CATALOG_INFO_
{
DWORD cbStruct; // = sizeof(WINTRUST_CATALOG_INFO)
DWORD dwCatalogVersion; // optional: Catalog version number
LPCWSTR pcwszCatalogFilePath; // required: path/name to Catalog file
LPCWSTR pcwszMemberTag; // required: tag to member in Catalog
LPCWSTR pcwszMemberFilePath; // required: path/name to member file
HANDLE hMemberFile; // optional: open handle to pcwszMemberFilePath
// 30-Oct-1997 pberkman: added
BYTE *pbCalculatedFileHash; // optional: pass in the calculated hash
DWORD cbCalculatedFileHash; // optional: pass in the count bytes of the calc hash
// 15-Jan-1998 pberkman: added
PCCTL_CONTEXT pcCatalogContext; // optional: pass in to use instead of CatalogFilePath.
} WINTRUST_CATALOG_INFO, *PWINTRUST_CATALOG_INFO;
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_BLOB_INFO Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust against a memory blob.
//
typedef struct WINTRUST_BLOB_INFO_
{
DWORD cbStruct; // = sizeof(WINTRUST_BLOB_INFO)
GUID gSubject; // SIP to load
LPCWSTR pcwszDisplayName; // display name of object
DWORD cbMemObject;
BYTE *pbMemObject;
DWORD cbMemSignedMsg;
BYTE *pbMemSignedMsg;
} WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_SGNR_INFO Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust against a CMSG_SIGNER_INFO Structure
//
typedef struct WINTRUST_SGNR_INFO_
{
DWORD cbStruct; // = sizeof(WINTRUST_SGNR_INFO)
LPCWSTR pcwszDisplayName; // name of the "thing" the pbMem is pointing to.
CMSG_SIGNER_INFO *psSignerInfo;
DWORD chStores; // number of stores in pahStores
HCERTSTORE *pahStores; // array of stores to add to internal list
} WINTRUST_SGNR_INFO, *PWINTRUST_SGNR_INFO;
//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_CERT_INFO Structure
//----------------------------------------------------------------------------
// Used when calling WinVerifyTrust against a CERT_CONTEXT Structure
//
typedef struct WINTRUST_CERT_INFO_
{
DWORD cbStruct; // = sizeof(WINTRUST_CERT_INFO)
LPCWSTR pcwszDisplayName; // display name
CERT_CONTEXT *psCertContext;
DWORD chStores; // number of stores in pahStores
HCERTSTORE *pahStores; // array of stores to add to internal list
// 17-Nov-1997 pberkman: added
DWORD dwFlags;
# define WTCI_DONT_OPEN_STORES 0x00000001 // only open dummy "root" all other are in pahStores.
# define WTCI_OPEN_ONLY_ROOT 0x00000002
// 26-Nov-1997 pberkman: added
FILETIME *psftVerifyAsOf; // if not null, each cert will be validated as of this time.
} WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;
#include <poppack.h>
//////////////////////////////////////////////////////////////////////////////
//
// WinVerifyTrust
//----------------------------------------------------------------------------
// Exported from WINTRUST.DLL.
// Call this function to verify the trust based on a digital signer.
//
// pWVTData points to a WINTRUST_DATA data structure.
//
// WTD_SAFER_FLAG should be set in WINTRUST_DATA's dwProvFlags to enable
// the following semantics for the WINTRUST_ACTION_GENERIC_VERIFY_V2
// policy provider specified in pgActionID:
// - return TRUST_E_NOSIGNATURE if the subject isn't signed, has an
// invalid signature or unable to find the signer certificate.
// UI will never be displayed when not signed.
// - ignore NO_CHECK revocation errors. Otherwise, continue to return
// CERT_E_REVOCATION_FAILURE.
// - search the code hash and publisher databases for the WTD_UI_NONE
// dwUIChoice case. The default is to only search these databases when
// UI has been enabled or user trust has been disabled.
//
//
// Returns:
// ERROR_SUCCESS If the trust is authenticated or
// if the user accepted the risk.
//
// TRUST_E_PROVIDER_UNKNOWN there was an error loading one of the
// required Providers.
//
// all error codes passed back are based on the Policy Provider used.
//
// The following errors are returned when the
// WINTRUST_ACTION_GENERIC_VERIFY_V2 policy provider is specified in
// pgActionID:
//
// TRUST_E_NOSIGNATURE (when WTD_SAFER_FLAG is set in dwProvFlags)
// The subject isn't signed, has an invalid signature or unable
// to find the signer certificate. All signature verification
// errors will map to this error. Basically all errors except for
// publisher or timestamp certificate verification.
//
// Call GetLastError() to get the underlying reason for not having
// a valid signature.
//
// The following LastErrors indicate that the file doesn't have a
// signature: TRUST_E_NOSIGNATURE, TRUST_E_SUBJECT_FORM_UNKNOWN or
// TRUST_E_PROVIDER_UNKNOWN.
//
// UI will never be displayed for this case.
//
// TRUST_E_EXPLICIT_DISTRUST
// Returned if the hash representing the subject is trusted as
// AUTHZLEVELID_DISALLOWED or the publisher is in the "Disallowed"
// store. Also returned if the publisher certificate is revoked.
//
// UI will never be displayed for this case.
//
// ERROR_SUCCESS
// No UI unless noted below.
//
// Returned for the following:
// - Hash representing the subject is trusted as
// AUTHZLEVELID_FULLYTRUSTED
// - The publisher certificate exists in the
// "TrustedPublisher" store and there weren't any verification errors.
// - UI was enabled and the user clicked "Yes" when asked
// to install and run the signed subject.
// - UI was disabled. No publisher or timestamp chain error.
//
// TRUST_E_SUBJECT_NOT_TRUSTED
// UI was enabled and the the user clicked "No" when asked to install
// and run the signed subject.
//
// CRYPT_E_SECURITY_SETTINGS
// The subject hash or publisher wasn't explicitly trusted and
// user trust wasn't allowed in the safer authenticode flags.
// No UI will be displayed for this case.
//
// The subject is signed and its signature successfully
// verified.
//
// Any publisher or timestamp chain error. If WTD_SAFER_FLAG wasn't set in
// dwProvFlags, any signed code verification error.
//
extern LONG WINAPI WinVerifyTrust(HWND hwnd, GUID *pgActionID,
LPVOID pWVTData);
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
//
// Trust, Policy, and UI Provider definitions, typedefs, and prototypes
//
// Model:
// A client wishing to validate trust through WinVerifyTrust will
// select an appropriate Action ID guid for the call.
// This guid is defined by each Policy Provider and represents the
// functions called based on the policy for the given object.
//
// In this model, the Policy Provider determines which style of UI
// will be shown to the user (this only applies to style, the
// determination of whether UI is displayed is set by the calling client
// in the UI flags member of WINTRUST_DATA).
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -