Vorweg die gute Nachricht: es funktioniert
, auch unter Windows 7, sogar wenn selbiges keine weiteren Updates installiert hat (die mit SHA-2 zu tun haben). Vielleicht stimmt die Doku von MS bzgl. der WINTRUST_SIGNATURE_SETTINGS nicht (mehr)? Wer weiß.
Nach einer Übersetzung der nötigen Datenstrukturen nach Delphi:
Delphi-Quellcode:
type
_CERT_STRONG_SIGN_SERIALIZED_INFO = record
dwFlags: DWORD;
pwszCNGSignHashAlgids: LPWSTR;
pwszCNGPubKeyMinBitLengths: LPWSTR;
end;
CERT_STRONG_SIGN_SERIALIZED_INFO = _CERT_STRONG_SIGN_SERIALIZED_INFO;
PCERT_STRONG_SIGN_SERIALIZED_INFO = ^CERT_STRONG_SIGN_SERIALIZED_INFO;
_CERT_STRONG_SIGN_PARA = record
cbSize: DWORD;
dwInfoChoice: DWORD;
union : record // Not sure if the definition of this union is correct...
case DWORD of
0: (pvInfo: Pointer);
1: (pSerializedInfo: PCERT_STRONG_SIGN_SERIALIZED_INFO);
2: (pszOID: LPSTR);
end;
end;
CERT_STRONG_SIGN_PARA = _CERT_STRONG_SIGN_PARA;
PCERT_STRONG_SIGN_PARA = ^CERT_STRONG_SIGN_PARA;
WINTRUST_SIGNATURE_SETTINGS_ = record
cbStruct: DWORD;
dwIndex: DWORD;
dwFlags: DWORD;
cSecondarySigs: DWORD;
dwVerifiedSigIndex: DWORD;
pCryptoPolicy: PCERT_STRONG_SIGN_PARA;
end;
WINTRUST_SIGNATURE_SETTINGS = WINTRUST_SIGNATURE_SETTINGS_;
PWINTRUST_SIGNATURE_SETTINGS = ^WINTRUST_SIGNATURE_SETTINGS;
const
WSS_VERIFY_SPECIFIC = $00000001; // Set this value if you set the dwIndex parameter.
WSS_GET_SECONDARY_SIG_COUNT = $00000002; // Set this value to return the number of secondary
// signatures found in the cSecondarySigs member.
type
TWinTrustFileInfo = record
cbStruct: DWORD;
pcwszFilePath: LPCWSTR;
hFile: THandle;
pgKnownSubject: PGUID;
end;
type
_WINTRUST_DATA = record
cbStruct: DWORD;
pPolicyCallbackData: Pointer;
pSIPClientData: Pointer;
dwUIChoice: DWORD;
fdwRevocationChecks: DWORD;
dwUnionChoice: DWORD;
InfoUnion: record
case DWORD of
{WTD_CHOICE_FILE} 0: (pFile: PWinTrustFileInfo);
// {WTD_CHOICE_CATALOG} 1: (pCatalog: PWinTrustCatalogInfo);
// {WTD_CHOICE_BLOB} 2: (pBlob: PWinTrustBlobInfo);
// {WTD_CHOICE_SIGNER} 3: (pSgnr: PWinTrustSgnrInfo);
{WTD_CHOICE_CERT} 4: (pCert: PWinTrustCertInfo);
end;
dwStateAction: DWORD;
hWVTStateData: THandle;
pwszURLReference: LPCWSTR;
dwProvFlags: DWORD;
dwUIContext: DWORD;
pSignatureSettings: PWINTRUST_SIGNATURE_SETTINGS; // Windows 8 and Windows Server 2012:
// Support for this member begins.
end;
TWinTrustData = WINTRUST_DATA;
komme ich mit diesem Code an die Anzahl der sekundären Signaturen
Delphi-Quellcode:
function GetSecondarySignatureCount(const AFileName: string): DWORD;
var
Lwtd: TWinTrustData;
Lfileinfo: TWinTrustFileInfo;
Lsigsettings: WINTRUST_SIGNATURE_SETTINGS;
begin
Result:= 0;
ZeroMemory(@Lfileinfo, SizeOf(Lfileinfo));
Lfileinfo.cbStruct := SizeOf(Lfileinfo);
Lfileinfo.pcwszFilePath := PWideChar(WideString(AFilename));
ZeroMemory(@Lsigsettings, SizeOf(WINTRUST_SIGNATURE_SETTINGS));
Lsigsettings.cbStruct:= SizeOf(WINTRUST_SIGNATURE_SETTINGS);
Lsigsettings.dwFlags:= WSS_GET_SECONDARY_SIG_COUNT;
ZeroMemory(@Lwtd, SizeOf(TWinTrustData));
with Lwtd do begin
cbStruct := SizeOf(TWinTrustData);
dwUIChoice := WTD_UI_NONE;
fdwRevocationChecks := WTD_REVOKE_NONE;
dwUnionChoice := WTD_CHOICE_FILE;
dwStateAction := WTD_STATEACTION_IGNORE;
InfoUnion.pFile := @Lfileinfo;
pSignatureSettings:= @Lsigsettings;
end;
if Windows.WinVerifyTrust(INVALID_HANDLE_VALUE, WINTRUST_ACTION_GENERIC_VERIFY_V2, @Lwtd) = ERROR_SUCCESS then
Result:= Lwtd.pSignatureSettings.cSecondarySigs;
end;
und kann diese mit der Zahl der primären Signaturen/Zertifikate addieren. Bei der genannten Datei aus dem .NET Framework kommt also tatsächlich eine 2 als Summe.
Danke für den Stupser in die richtige Richtung
Grüße
Dalai