def get_catalog_for_filename(filename): ctx = HCATADMIN() winproxy.CryptCATAdminAcquireContext(ctypes.byref(ctx), DRIVER_ACTION_VERIFY, 0) hash = get_file_hash(filename) if hash is None: return None t = winproxy.CryptCATAdminEnumCatalogFromHash(ctx, hash, len(hash), 0, None) if t is None: return None tname = get_catalog_name_from_handle(t) while t is not None: t = winproxy.CryptCATAdminEnumCatalogFromHash(ctx, hash, len(hash), 0, ctypes.byref(HCATINFO(t))) winproxy.CryptCATAdminReleaseCatalogContext(ctx, t, 0) winproxy.CryptCATAdminReleaseContext(ctx, 0) return tname
def verify_file_from_catalog(verify_file_info, hash_algorithm=None): result = VerifyResult.VrNoSignature if verify_file_info.file_size_limit_for_hash != -1: file_size_limit = verify_default_size_limit if verify_file_info.file_size_limit_for_hash != 0: file_size_limit = verify_file_info.file_size_limit_for_hash if os.path.getsize(verify_file_info.file_path) > file_size_limit: return result, 0, None cat_admin_handle, file_hash_length, file_hash = calculate_file_hash( verify_file_info.file_handle, hash_algorithm) if cat_admin_handle is None or file_hash_length == 0 or file_hash is None: return result, 0, None file_hash_tag = bin_to_hexw_fast(file_hash_length, file_hash, True) cat_info_handle = winproxy.CryptCATAdminEnumCatalogFromHash( cat_admin_handle, file_hash, file_hash_length, 0, None) catalog_info = WINTRUST_CATALOG_INFO() catalog_info.cbStruct = ctypes.sizeof(catalog_info) verify_result = VerifyResult.VrUnknown number_of_signatures = 0 signatures = [] if cat_info_handle is None: for idx in range(verify_file_info.number_of_catalog_file_names): catalog_info.pcwszCatalogFilePath = verify_file_info.catalog_file_names[ idx] catalog_info.hMemberFile = verify_file_info.file_handle catalog_info.pcwszMemberTag = file_hash_tag.value catalog_info.pbCalculatedFileHash = file_hash catalog_info.cbCalculatedFileHash = file_hash_length catalog_info.hCatAdmin = cat_admin_handle verify_result, number_of_signatures, signatures = verify_file( verify_file_info, union_choice=WTD_CHOICE_CATALOG, union_data=catalog_info, action_id=WINTRUST_ACTION_GENERIC_VERIFY_V2, policy_callback_data=None) if verify_result is VerifyResult.VrTrusted: break else: cat_info = CATALOG_INFO() cat_info.cbStruct = ctypes.sizeof(cat_info) if winproxy.CryptCATCatalogInfoFromContext( cat_info_handle, ctypes.byref(cat_info), 0) is False: winproxy.CryptCATAdminReleaseCatalogContext( cat_admin_handle, cat_info_handle, 0) driver_ver_info = DRIVER_VER_INFO() driver_ver_info.cbStruct = ctypes.sizeof(driver_ver_info) catalog_info.pcwszCatalogFilePath = cat_info.wszCatalogFile catalog_info.hMemberFile = verify_file_info.file_handle catalog_info.pcwszMemberTag = file_hash_tag.value catalog_info.pbCalculatedFileHash = file_hash catalog_info.cbCalculatedFileHash = file_hash_length catalog_info.hCatAdmin = cat_admin_handle verify_result, number_of_signatures, signatures = verify_file( verify_file_info, union_choice=WTD_CHOICE_CATALOG, union_data=catalog_info, action_id=DRIVER_ACTION_VERIFY, policy_callback_data=ctypes.cast(ctypes.pointer(driver_ver_info), ctypes.c_void_p)) if driver_ver_info.pcSignerCertContext: winproxy.CertFreeCertificateContext( driver_ver_info.pcSignerCertContext) winproxy.CryptCATAdminReleaseCatalogContext(cat_admin_handle, cat_info_handle, 0) return verify_result, number_of_signatures, signatures