golang.zx2c4.com/wireguard/windows@v0.5.4-0.20230123132234-dcc0eb72a04b/updater/authenticode.go (about)

     1  /* SPDX-License-Identifier: MIT
     2   *
     3   * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
     4   */
     5  
     6  package updater
     7  
     8  import (
     9  	"unsafe"
    10  
    11  	"golang.org/x/sys/windows"
    12  )
    13  
    14  func verifyAuthenticode(path string) bool {
    15  	path16, err := windows.UTF16PtrFromString(path)
    16  	if err != nil {
    17  		return false
    18  	}
    19  	data := &windows.WinTrustData{
    20  		Size:             uint32(unsafe.Sizeof(windows.WinTrustData{})),
    21  		UIChoice:         windows.WTD_UI_NONE,
    22  		RevocationChecks: windows.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity.
    23  		UnionChoice:      windows.WTD_CHOICE_FILE,
    24  		StateAction:      windows.WTD_STATEACTION_VERIFY,
    25  		FileOrCatalogOrBlobOrSgnrOrCert: unsafe.Pointer(&windows.WinTrustFileInfo{
    26  			Size:     uint32(unsafe.Sizeof(windows.WinTrustFileInfo{})),
    27  			FilePath: path16,
    28  		}),
    29  	}
    30  	verified := windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil
    31  	data.StateAction = windows.WTD_STATEACTION_CLOSE
    32  	windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data)
    33  	return verified
    34  }