tyler.durden
/
notepad-plus-plus
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve certificate verifying method

This commit is contained in:
Don HO 2017-05-10 02:12:10 +02:00
parent 11accf92e9
commit e2329fd15c
3 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
PowerEditor/src/MISC/Common/verifySignedfile.cpp
View File

@ -44,7 +44,8 @@ using namespace std;
bool VerifySignedLibrary(const wstring& filepath, bool VerifySignedLibrary(const wstring& filepath,
const wstring& cert_key_id_hex, const wstring& cert_key_id_hex,
const wstring& cert_subject, const wstring& cert_subject,
const wstring& cert_display_name) const wstring& cert_display_name,
bool doCheckRevocation)
{ {
wstring display_name; wstring display_name;
wstring key_id_hex; wstring key_id_hex;
@ -82,12 +83,12 @@ bool VerifySignedLibrary(const wstring& filepath,
DWORD netstatus; DWORD netstatus;
QOCINFO oci; QOCINFO oci;
oci.dwSize = sizeof(oci); oci.dwSize = sizeof(oci);
CONST TCHAR* msftTEXTest_site = TEXT("http://www.msfncsi.com/ncsi.txt"); CONST TCHAR* msftTEXTest_site = TEXT("http://www.msftncsi.com/ncsi.txt");
bool online = false; bool online = false;
online = (0 != IsNetworkAlive(&netstatus) ); online = (0 != IsNetworkAlive(&netstatus) );
online = online && ( 0 == GetLastError()); online = online && ( 0 == GetLastError());
online = online && (0 == IsDestinationReachable(msftTEXTest_site, &oci)); online = online && (0 == IsDestinationReachable(msftTEXTest_site, &oci));
if (!online) if (!online || !doCheckRevocation)
{ {
winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_NONE; winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_NONE;
OutputDebugString(TEXT("VerifyLibrary: system is offline - certificate revocation wont be checked\n")); OutputDebugString(TEXT("VerifyLibrary: system is offline - certificate revocation wont be checked\n"));
@ -127,8 +128,8 @@ bool VerifySignedLibrary(const wstring& filepath,
BOOL result = ::CryptQueryObject(CERT_QUERY_OBJECT_FILE, filepath.c_str(), BOOL result = ::CryptQueryObject(CERT_QUERY_OBJECT_FILE, filepath.c_str(),
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY, 0, CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY, 0,
&dwEncoding, &dwContentType, &dwFormatType, &dwEncoding, &dwContentType, &dwFormatType,
&hStore, &hMsg, NULL &hStore, &hMsg, NULL);
);
if (!result) if (!result)
{ {
throw wstring( TEXT("Checking certificate of ") ) + filepath + TEXT(" : ") + GetLastErrorAsString(GetLastError()); throw wstring( TEXT("Checking certificate of ") ) + filepath + TEXT(" : ") + GetLastErrorAsString(GetLastError());
@ -148,7 +149,7 @@ bool VerifySignedLibrary(const wstring& filepath,
throw wstring( TEXT("Failed to allocate memory for signature processing")); throw wstring( TEXT("Failed to allocate memory for signature processing"));
} }
result = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo); result = ::CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo);
if (!result) if (!result)
{ {
throw wstring( TEXT("CryptMsgGetParam: ")) + GetLastErrorAsString(GetLastError()); throw wstring( TEXT("CryptMsgGetParam: ")) + GetLastErrorAsString(GetLastError());
@ -223,7 +224,10 @@ bool VerifySignedLibrary(const wstring& filepath,
} catch (...) { } catch (...) {
// Unknown error // Unknown error
OutputDebugString(TEXT("VerifyLibrary: error while getting certificate informations\n")); OutputDebugString(TEXT("VerifyLibrary: error while getting certificate informations\n"));
throw wstring( TEXT("Unknown exception occured. ")) + GetLastErrorAsString(GetLastError()); wstring errMsg(TEXT("Unknown exception occured. "));
errMsg += GetLastErrorAsString(GetLastError());
::MessageBox(NULL, TEXT("DLL signature verification failed"), errMsg.c_str(), MB_ICONERROR);
status = false;
} }
// fields verifications // fields verifications
@ -252,8 +256,6 @@ bool VerifySignedLibrary(const wstring& filepath,
if (pSignerInfo != NULL) LocalFree(pSignerInfo); if (pSignerInfo != NULL) LocalFree(pSignerInfo);
return status; return status;
////////////////////////
} }
#undef VerifySignedLibrary_DISABLE_REVOCATION_CHECK #undef VerifySignedLibrary_DISABLE_REVOCATION_CHECK

3
PowerEditor/src/MISC/Common/verifySignedfile.h
View File

@ -63,4 +63,5 @@
bool VerifySignedLibrary(const std::wstring& filepath, bool VerifySignedLibrary(const std::wstring& filepath,
const std::wstring& key_id_hex, const std::wstring& key_id_hex,
const std::wstring& cert_subject, const std::wstring& cert_subject,
const std::wstring& display_name); const std::wstring& display_name,
bool doCheckRevocation);

4
PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp
View File

@ -185,7 +185,9 @@ HMODULE loadSciLexerDll()
{ {
generic_string sciLexerPath = getSciLexerFullPathName(moduleFileName, 1024); generic_string sciLexerPath = getSciLexerFullPathName(moduleFileName, 1024);
if (not VerifySignedLibrary(sciLexerPath, scintilla_signer_key_id, scintilla_signer_subject, scintilla_signer_display_name)) bool isOK = VerifySignedLibrary(sciLexerPath, scintilla_signer_key_id, scintilla_signer_subject, scintilla_signer_display_name, false);
if (!isOK)
{ {
::MessageBox(NULL, ::MessageBox(NULL,
TEXT("Authenticode check failed: signature or signing certificate are not recognized"), TEXT("Authenticode check failed: signature or signing certificate are not recognized"),