我一直在努力解决这个问题超过一天,我很感激有人能帮助我解决这个问题。这一切都始于this question。我的目标是在签名的.js
文件上检索数字签名信息。 (该文件最初由Microsoft的signtool签名。)
由于我的托管代码似乎失败了,我决定尝试使用C ++中的unmanaged approach,这令人惊讶地工作得很好。所以我决定使用PInvoke
在C#中编写类似的东西。但无论我在托管代码中做了什么,都没有用。
所以我做了一些挖掘,这里似乎失败了。
如果我从32位或64位非托管C ++代码执行此操作,它可以正常工作:
HCERTSTORE hStore = NULL;
HCRYPTMSG hMsg = NULL;
DWORD dwEncoding = 0, dwContentType = 0, dwFormatType = 0;
// Get message handle and store handle from the signed file.
if(CryptQueryObject(CERT_QUERY_OBJECT_FILE,
L"D:\\Test\\DataStore\\Downloads\\en-US\\test02_1.js",
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
CERT_QUERY_FORMAT_FLAG_BINARY,
0,
&dwEncoding,
&dwContentType,
&dwFormatType,
&hStore,
&hMsg,
NULL))
{
//All good
TRACE("Got it!\n");
}
else
{
//Failed
TRACE("Error: 0x%x\n", ::GetLastError());
}
但是,如果我使用PInvoke从使用C#编写的ASP.NET Web应用程序(以及在64位Windows 8.1操作系统上作为64位进程运行)执行相同操作,则会出现0x80092009
错误代码或CRYPT_E_NO_MATCH
:
IntPtr hStore = IntPtr.Zero;
IntPtr hMsg = IntPtr.Zero;
IntPtr dwEncoding = IntPtr.Zero, dwContentType = IntPtr.Zero, dwFormatType = IntPtr.Zero;
IntPtr DummyNull = IntPtr.Zero;
// Get message handle and store handle from the signed file.
if (!CryptQueryObject(CERT_QUERY_OBJECT_FILE,
"D:\\Test\\DataStore\\Downloads\\en-US\\test02_1.js",
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
CERT_QUERY_FORMAT_FLAG_BINARY,
0,
dwEncoding,
dwContentType,
dwFormatType,
hStore,
hMsg,
ref DummyNull))
{
//Failed
int nOSError = Marshal.GetLastWin32Error();
throw new Exception("Failed with error " + nOSError);
}
这些是PInvoke
声明:
[DllImport("CRYPT32.DLL", EntryPoint = "CryptQueryObject", CharSet = CharSet.Auto, SetLastError = true)]
private static extern Boolean CryptQueryObject(
Int32 dwObjectType,
[MarshalAs(UnmanagedType.LPWStr)]string pvObject,
Int32 dwExpectedContentTypeFlags,
Int32 dwExpectedFormatTypeFlags,
Int32 dwFlags,
IntPtr pdwMsgAndCertEncodingType,
IntPtr pdwContentType,
IntPtr pdwFormatType,
IntPtr phCertStore,
IntPtr phMsg,
ref IntPtr ppvContext
);
[StructLayout(LayoutKind.Sequential)]
private struct CRYPT_OBJID_BLOB
{
public uint cbData;
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 0)]
public byte[] pbData;
}
[StructLayout(LayoutKind.Sequential)]
private struct CRYPT_ALGORITHM_IDENTIFIER
{
[MarshalAs(UnmanagedType.LPStr)]
public String pszObjId;
public CRYPT_OBJID_BLOB Parameters;
}
[StructLayout(LayoutKind.Sequential)]
private struct CRYPT_BIT_BLOB
{
public uint cbData;
public IntPtr pbData;
public uint cUnusedBits;
}
[StructLayout(LayoutKind.Sequential)]
private struct CERT_PUBLIC_KEY_INFO
{
public CRYPT_ALGORITHM_IDENTIFIER Algorithm;
public CRYPT_BIT_BLOB PublicKey;
}
#pragma warning disable 0618
[StructLayout(LayoutKind.Sequential)]
private struct CERT_INFO
{
public uint dwVersion;
public CRYPT_OBJID_BLOB SerialNumber;
public CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
public CRYPT_OBJID_BLOB Issuer;
public FILETIME NotBefore;
public FILETIME NotAfter;
public CRYPT_OBJID_BLOB Subject;
public CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
public CRYPT_OBJID_BLOB IssuerUniqueId;
public CRYPT_OBJID_BLOB SubjectUniqueId;
public uint cExtension;
public IntPtr rgExtension;
}
#pragma warning restore 0618
private const int CERT_QUERY_OBJECT_FILE = 0x00000001;
private const int CERT_QUERY_OBJECT_BLOB = 0x00000002;
private const int CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10;
private const int CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED);
private const int CERT_QUERY_FORMAT_BINARY = 1;
private const int CERT_QUERY_FORMAT_FLAG_BINARY = (1 << CERT_QUERY_FORMAT_BINARY);
知道为什么吗?
PS。请注意,如果不是使用经过数字签名的.js
文件,而是将其替换为经过数字签名的.exe
文件,则托管和非托管代码似乎都能正常运行。这真让我困惑!
答案 0 :(得分:0)
由于我没有得到答案,让我分享我目前的发现。首先,由于缺乏回复,甚至还有一些“大师”的支持,我觉得人们并不是真的意识到人们不能只使用数字签名.exe
和.dll
文件。 SignTool,还有.js
,.vbs
和.ps1
或PowerShell脚本,仅举几例。在我看来,CryptQueryObject
API依赖于数字签名文件的扩展来正确评估签名的格式。由于某种原因,托管代码似乎要么重命名它使用的文件,要么以某种方式使CryptQueryObject
API无法访问它。
我在this thread中分享了我对此的更多想法。