SAMPLE: Calling WinVerifyTrust and Authenticating FilesID: Q165021
|
VFiles.exe is a sample that demonstrates how to programmatically authenticate files using the WinVerifyTrust function. This allows a programmer to verify whether a file is signed and allows a user to trust or not trust the signing authority.
The following file is available for download from the Microsoft
Software Library:
VFiles.exeRelease Date: Mar-03-1997
Q119591 How to Obtain Microsoft Support Files from Online ServicesThis sample is written with visual C++ 4.2b and requires the supporting MFC DLLs.
#include <afxpriv.h> // Needed for CONVERSION macros.
void CGetHttpFileView::OnGitAndVerify()
{
USES_CONVERSION;
CString message;
typedef HRESULT
(WINAPI *WINVERIFYTRUST)
(HWND hwnd, GUID *ActionID, LPVOID ActionData);
#define WINTRUST "wintrust.dll"
WINVERIFYTRUST pwvt = NULL;
HINSTANCE hinst;
// Load wintrust.dll and locate the WinVerifyTrust function.
if(hinst = LoadLibrary(WINTRUST))
pwvt = (WINVERIFYTRUST)GetProcAddress(hinst,
_T("WinVerifyTrust"));
else
return;
if(NULL == pwvt)
{
FreeLibrary(hinst);
return;
}
// Get the name of the file (m_strHttpFile) to test from the dialog
// box.
UpdateData(TRUE);
TCHAR lpFileName[MAX_PATH];
m_ctlStatusEdit.SetWindowText(_T("Loading File"));
// It would make sense to put a Cancel button on the form to abort
// long downloads. In fact, URLDownloadToCacheFile is a blocking
// call so the button would be dead until the download is complete.
// It is not necessary to use URLDownloadToCacheFile to
// download the file.
HRESULT hr = URLDownloadToCacheFile(NULL, m_strHttpFile,
lpFileName, MAX_PATH, 0, m_pBindStatusCallback);
if(FAILED(hr))
{
message.Format("Failed to Locate file. Error: %X", hr);
m_ctlStatusEdit.SetWindowText(message);
FreeLibrary(hinst);
return;
}
// Now verify the file.
// For now, it is necessary to define this.
#define WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI {
0xc6b2e8d0, 0xe005, 0x11cf, { 0xa1, 0x34, 0x0, 0xc0, 0x4f,
0xd7, 0xbf, 0x43 } }
GUID PublishedSoftware =
WIN_SPUB_ACTION_PUBLISHED_SOFTWARE;
GUID PublishedSoftwareNoBadUI =
WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI;
// See winbase.h for available Subject Type Identifiers.
GUID SubjectPeImage = WIN_TRUST_SUBJTYPE_PE_IMAGE;
GUID SubjectCAB = WIN_TRUST_SUBJTYPE_CABINET;
GUID SubjectJava = WIN_TRUST_SUBJTYPE_JAVA_CLASS;
GUID * ActionGUID;
if(0 == m_nUIOnBadVerification)
ActionGUID = &PublishedSoftware;
else
ActionGUID = &PublishedSoftwareNoBadUI;
WIN_TRUST_SUBJECT_FILE Subject;
Subject.lpPath = T2OLE(lpFileName);
// If hFile is set to the value INVALID_HANDLE_VALUE (defined in
// WINBASE.H), then the trust provider will open the subject using
// the lpPath field.
Subject.hFile = INVALID_HANDLE_VALUE;
// For now, WIN_TRUST_ACTDATA_SUBJECT_ONLY is not used.
WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT ActionData;
ActionData.Subject = &Subject;
ActionData.hClientToken = NULL;
switch(m_nFileType)
{
case 0:
ActionData.SubjectType = &SubjectPeImage;
break;
case 1:
ActionData.SubjectType = &SubjectJava;
break;
case 2:
ActionData.SubjectType = &SubjectCAB;
}
hr = pwvt( 0, ActionGUID, &ActionData);
// hr will tell you if the user accepted the certificate.
// return codes include S_OK (user accepted),
// TRUST_E_NOSIGNATURE (no certificate at all -- includes test
// certificates!), etc.
message.Format("WinVerifyTrust Returned Error: %X", hr);
m_ctlStatusEdit.SetWindowText(message);
FreeLibrary(hinst);
return;
} Additional query words: URLDownloadToCacheFile WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI wintrust.dll
Keywords : kbprg kbsample kbIE500 AXSDKCodeSign
Version : Win:1.0,4.01
Platform : WINDOWS
Issue type : Last Reviewed: April 22, 1999