1 files changed, 292 insertions, 0 deletions
diff --git a/onlineupdate/source/service/certificatecheck.cxx b/onlineupdate/source/service/certificatecheck.cxx
new file mode 100644
index 000000000..58d70162f
--- /dev/null
+++ b/onlineupdate/source/service/certificatecheck.cxx
@@ -0,0 +1,292 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <windows.h>
+#include <softpub.h>
+#include <wintrust.h>
+
+#include "certificatecheck.hxx"
+#include "servicebase.hxx"
+
+#pragma comment(lib, "wintrust.lib")
+#pragma comment(lib, "crypt32.lib")
+
+static const int ENCODING = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
+
+/**
+ * Checks to see if a file stored at filePath matches the specified info.
+ *
+ * @param  filePath    The PE file path to check
+ * @param  infoToMatch The acceptable information to match
+ * @return ERROR_SUCCESS if successful, ERROR_NOT_FOUND if the info
+ *         does not match, or the last error otherwise.
+ */
+DWORD
+CheckCertificateForPEFile(LPCWSTR filePath,
+                          CertificateCheckInfo &infoToMatch)
+{
+    HCERTSTORE certStore = nullptr;
+    HCRYPTMSG cryptMsg = nullptr;
+    PCCERT_CONTEXT certContext = nullptr;
+    PCMSG_SIGNER_INFO signerInfo = nullptr;
+    DWORD lastError = ERROR_SUCCESS;
+
+    // Get the HCERTSTORE and HCRYPTMSG from the signed file.
+    DWORD encoding, contentType, formatType;
+    BOOL result = CryptQueryObject(CERT_QUERY_OBJECT_FILE,
+                                   filePath,
+                                   CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
+                                   CERT_QUERY_CONTENT_FLAG_ALL,
+                                   0, &encoding, &contentType,
+                                   &formatType, &certStore, &cryptMsg, nullptr);
+    if (!result)
+    {
+        lastError = GetLastError();
+        LOG_WARN(("CryptQueryObject failed.  (%d)", lastError));
+        goto cleanup;
+    }
+
+    // Pass in nullptr to get the needed signer information size.
+    DWORD signerInfoSize;
+    result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,
+                              nullptr, &signerInfoSize);
+    if (!result)
+    {
+        lastError = GetLastError();
+        LOG_WARN(("CryptMsgGetParam failed.  (%d)", lastError));
+        goto cleanup;
+    }
+
+    // Allocate the needed size for the signer information.
+    signerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, signerInfoSize);
+    if (!signerInfo)
+    {
+        lastError = GetLastError();
+        LOG_WARN(("Unable to allocate memory for Signer Info.  (%d)", lastError));
+        goto cleanup;
+    }
+
+    // Get the signer information (PCMSG_SIGNER_INFO).
+    // In particular we want the issuer and serial number.
+    result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,
+                              (PVOID)signerInfo, &signerInfoSize);
+    if (!result)
+    {
+        lastError = GetLastError();
+        LOG_WARN(("CryptMsgGetParam failed.  (%d)", lastError));
+        goto cleanup;
+    }
+
+    // Search for the signer certificate in the certificate store.
+    CERT_INFO certInfo;
+    certInfo.Issuer = signerInfo->Issuer;
+    certInfo.SerialNumber = signerInfo->SerialNumber;
+    certContext = CertFindCertificateInStore(certStore, ENCODING, 0,
+                  CERT_FIND_SUBJECT_CERT,
+                  (PVOID)&certInfo, nullptr);
+    if (!certContext)
+    {
+        lastError = GetLastError();
+        LOG_WARN(("CertFindCertificateInStore failed.  (%d)", lastError));
+        goto cleanup;
+    }
+
+    if (!DoCertificateAttributesMatch(certContext, infoToMatch))
+    {
+        lastError = ERROR_NOT_FOUND;
+        LOG_WARN(("Certificate did not match issuer or name.  (%d)", lastError));
+        goto cleanup;
+    }
+
+cleanup:
+    if (signerInfo)
+    {
+        LocalFree(signerInfo);
+    }
+    if (certContext)
+    {
+        CertFreeCertificateContext(certContext);
+    }
+    if (certStore)
+    {
+        CertCloseStore(certStore, 0);
+    }
+    if (cryptMsg)
+    {
+        CryptMsgClose(cryptMsg);
+    }
+    return lastError;
+}
+
+/**
+ * Checks to see if a file stored at filePath matches the specified info.
+ *
+ * @param  certContext  The certificate context of the file
+ * @param  infoToMatch  The acceptable information to match
+ * @return FALSE if the info does not match or if any error occurs in the check
+ */
+BOOL
+DoCertificateAttributesMatch(PCCERT_CONTEXT certContext,
+                             CertificateCheckInfo &infoToMatch)
+{
+    DWORD dwData;
+    LPTSTR szName = nullptr;
+
+    if (infoToMatch.issuer)
+    {
+        // Pass in nullptr to get the needed size of the issuer buffer.
+        dwData = CertGetNameString(certContext,
+                                   CERT_NAME_SIMPLE_DISPLAY_TYPE,
+                                   CERT_NAME_ISSUER_FLAG, nullptr,
+                                   nullptr, 0);
+
+        if (!dwData)
+        {
+            LOG_WARN(("CertGetNameString failed.  (%d)", GetLastError()));
+            return FALSE;
+        }
+
+        // Allocate memory for Issuer name buffer.
+        LPTSTR szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR));
+        if (!szName)
+        {
+            LOG_WARN(("Unable to allocate memory for issuer name.  (%d)",
+                      GetLastError()));
+            return FALSE;
+        }
+
+        // Get Issuer name.
+        if (!CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
+                               CERT_NAME_ISSUER_FLAG, nullptr, szName, dwData))
+        {
+            LOG_WARN(("CertGetNameString failed.  (%d)", GetLastError()));
+            LocalFree(szName);
+            return FALSE;
+        }
+
+        // If the issuer does not match, return a failure.
+        if (!infoToMatch.issuer ||
+                wcscmp(szName, infoToMatch.issuer))
+        {
+            LocalFree(szName);
+            return FALSE;
+        }
+
+        LocalFree(szName);
+        szName = nullptr;
+    }
+
+    if (infoToMatch.name)
+    {
+        // Pass in nullptr to get the needed size of the name buffer.
+        dwData = CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
+                                   0, nullptr, nullptr, 0);
+        if (!dwData)
+        {
+            LOG_WARN(("CertGetNameString failed.  (%d)", GetLastError()));
+            return FALSE;
+        }
+
+        // Allocate memory for the name buffer.
+        szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR));
+        if (!szName)
+        {
+            LOG_WARN(("Unable to allocate memory for subject name.  (%d)",
+                      GetLastError()));
+            return FALSE;
+        }
+
+        // Obtain the name.
+        if (!(CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
+                                nullptr, szName, dwData)))
+        {
+            LOG_WARN(("CertGetNameString failed.  (%d)", GetLastError()));
+            LocalFree(szName);
+            return FALSE;
+        }
+
+        // If the issuer does not match, return a failure.
+        if (!infoToMatch.name ||
+                wcscmp(szName, infoToMatch.name))
+        {
+            LocalFree(szName);
+            return FALSE;
+        }
+
+        // We have a match!
+        LocalFree(szName);
+    }
+
+    // If there were any errors we would have aborted by now.
+    return TRUE;
+}
+
+/**
+ * Duplicates the specified string
+ *
+ * @param  inputString The string to duplicate
+ * @return The duplicated string which should be freed by the caller.
+ */
+LPWSTR
+AllocateAndCopyWideString(LPCWSTR inputString)
+{
+    LPWSTR outputString =
+        (LPWSTR)LocalAlloc(LPTR, (wcslen(inputString) + 1) * sizeof(WCHAR));
+    if (outputString)
+    {
+        lstrcpyW(outputString, inputString);
+    }
+    return outputString;
+}
+
+/**
+ * Verifies the trust of the specified file path.
+ *
+ * @param  filePath  The file path to check.
+ * @return ERROR_SUCCESS if successful, or the last error code otherwise.
+ */
+DWORD
+VerifyCertificateTrustForFile(LPCWSTR filePath)
+{
+    // Setup the file to check.
+    WINTRUST_FILE_INFO fileToCheck;
+    ZeroMemory(&fileToCheck, sizeof(fileToCheck));
+    fileToCheck.cbStruct = sizeof(WINTRUST_FILE_INFO);
+    fileToCheck.pcwszFilePath = filePath;
+
+    // Setup what to check, we want to check it is signed and trusted.
+    WINTRUST_DATA trustData;
+    ZeroMemory(&trustData, sizeof(trustData));
+    trustData.cbStruct = sizeof(trustData);
+    trustData.pPolicyCallbackData = nullptr;
+    trustData.pSIPClientData = nullptr;
+    trustData.dwUIChoice = WTD_UI_NONE;
+    trustData.fdwRevocationChecks = WTD_REVOKE_NONE;
+    trustData.dwUnionChoice = WTD_CHOICE_FILE;
+    trustData.dwStateAction = 0;
+    trustData.hWVTStateData = nullptr;
+    trustData.pwszURLReference = nullptr;
+    // no UI
+    trustData.dwUIContext = 0;
+    trustData.pFile = &fileToCheck;
+
+    GUID policyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
+    // Check if the file is signed by something that is trusted.
+    LONG ret = WinVerifyTrust(nullptr, &policyGUID, &trustData);
+    if (ERROR_SUCCESS == ret)
+    {
+        // The hash that represents the subject is trusted and there were no
+        // verification errors.  No publisher nor time stamp chain errors.
+        LOG(("The file \"%ls\" is signed and the signature was verified.",
+             filePath));
+        return ERROR_SUCCESS;
+    }
+
+    DWORD lastError = GetLastError();
+    LOG_WARN(("There was an error validating trust of the certificate for file"
+              " \"%ls\". Returned: %d.  (%d)", filePath, ret, lastError));
+    return ret;
+}