1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
//
// ChkTrust.cs: chktrust clone tool
//
// Author:
// Sebastien Pouliot (spouliot@motus.com)
//
// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
//
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
using Mono.Security.Authenticode;
[assembly: AssemblyTitle ("Mono CheckTrust")]
[assembly: AssemblyDescription ("Verify if a PE binary has a valid Authenticode(tm) signature")]
namespace Mono.Tools {
class CheckTrust {
static private void Header ()
{
Console.WriteLine (new AssemblyInfo ().ToString ());
}
static private void Help ()
{
Console.WriteLine ("Usage: chktrust [options] filename{0}", Environment.NewLine);
Console.WriteLine ("\t-q\tquiet mode (no gui)");
Console.WriteLine ("\t-v\tverbose mode (display status for every steps)");
Console.WriteLine ("\t-?\thelp (display this help message)");
}
// static methods
static public int Check (string fileName, bool quiet, bool verbose)
{
AuthenticodeDeformatter a = new AuthenticodeDeformatter (fileName);
// debug
/* FileStream fs = File.Open (fileName + ".sig", FileMode.Create, FileAccess.Write);
fs.Write (a.Signature, 0, a.Signature.Length);
fs.Close ();*/
// get something shorter to display
fileName = Path.GetFileName (fileName);
if (verbose) {
Console.WriteLine ("Verifying file {0} for Authenticode(tm) signatures...{1}", fileName, Environment.NewLine);
}
if (a.Timestamp == DateTime.MinValue) {
// signature only valid if the certificate is valid
Console.WriteLine ("WARNING! {0} is not timestamped!", fileName);
}
else if (verbose) {
Console.WriteLine ("INFO! {0} was timestamped on {1}", fileName, a.Timestamp);
}
if (a.Reason > 0) {
string msg = null;
// FAILURES
switch (a.Reason) {
case 1:
msg = "doesn't contain a digital signature";
break;
case 2:
msg = "digital signature is invalid";
break;
case 3:
msg = "countersignature (timestamp) is invalid";
break;
case 4:
msg = "timestamp is outside certificate validity";
break;
case 5:
msg = "use an unsupported hash algorithm. Verification is impossible";
break;
case 6:
msg = "signature can't be traced back to a trusted root";
break;
case 7:
msg = "couldn't find the certificate that signed the file";
break;
case 8:
msg = "certificate is expired and no timestamp is present";
break;
default:
msg = "unknown error";
break;
}
Console.WriteLine ("ERROR! {0} {1}!{2}", fileName, msg, Environment.NewLine);
return 1;
}
Console.WriteLine ("SUCCESS: {0} signature is valid{1}and can be traced back to a trusted root!{2}", fileName, Environment.NewLine, Environment.NewLine);
return 0;
}
[STAThread]
static int Main (string[] args)
{
bool verbose = false;
bool quiet = true; // always true as we don't show UI
bool help = false;
string fileName = null;
Header();
try {
for (int i=0; i < args.Length; i++) {
switch (args[i]) {
case "-q":
case "-quiet":
quiet = true;
break;
case "-v":
case "-verbose":
verbose = true;
break;
case "-h":
case "-help":
case "-?":
case "/?":
help = true;
break;
default:
fileName = args [i];
break;
}
}
if ((help) || (fileName == null))
Help ();
else
return Check (fileName, quiet, verbose);
}
catch (CryptographicException ce) {
Console.WriteLine ("WARNING: " + ce.Message);
Console.WriteLine ("ERROR: Trust evaluation is incomplete!");
}
catch (Exception e) {
Console.WriteLine ("ERROR: " + e.ToString ());
Help ();
}
Console.WriteLine ();
return 1;
}
}
}
|
