tools/security/chktrust.cs

   1 //
   2 // ChkTrust.cs: chktrust clone tool
   3 //
   4 // Author:
   5 //      Sebastien Pouliot (spouliot@motus.com)
   6 //
   7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
   8 //
   9
  10 using System;
  11 using System.IO;
  12 using System.Reflection;
  13 using System.Security.Cryptography;
  14
  15 using Mono.Security.Authenticode;
  16
  17 [assembly: AssemblyTitle ("Mono CheckTrust")]
  18 [assembly: AssemblyDescription ("Verify if an PE executable has a valid Authenticode(tm) signature")]
  19
  20 namespace Mono.Tools {
  21
  22         class CheckTrust {
  23
  24                 static private void Header ()
  25                 {
  26                         Console.WriteLine (new AssemblyInfo ().ToString ());
  27                 }
  28
  29                 static private void Help ()
  30                 {
  31                         Console.WriteLine ("Usage: chktrust [options] filename{0}", Environment.NewLine);
  32                         Console.WriteLine ("\t-q\tquiet mode (no gui)");
  33                         Console.WriteLine ("\t-v\tverbose mode (display status for every steps)");
  34                         Console.WriteLine ("\t-?\thelp (display this help message)");
  35                 }
  36
  37                 // static methods
  38                 static public int Check (string fileName, bool quiet, bool verbose)
  39                 {
  40                         AuthenticodeDeformatter a = new AuthenticodeDeformatter (fileName);
  41
  42                         // debug
  43 /*                      FileStream fs = File.Open (fileName + ".sig", FileMode.Create, FileAccess.Write);
  44                         fs.Write (a.Signature, 0, a.Signature.Length);
  45                         fs.Close ();*/
  46
  47                         // get something shorter to display
  48                         fileName = Path.GetFileName (fileName);
  49
  50                         if (verbose) {
  51                                 Console.WriteLine ("Verifying file {0} for Authenticode(tm) signatures...{1}", fileName, Environment.NewLine);
  52                         }
  53
  54                         if (a.Timestamp == DateTime.MinValue) {
  55                                 // signature only valid if the certificate is valid
  56                                 Console.WriteLine ("WARNING! {0} is not timestamped!", fileName);
  57                         }
  58                         else if (verbose) {
  59                                 Console.WriteLine ("INFO! {0} was timestamped on {1}", fileName, a.Timestamp);
  60                         }
  61
  62                         if (a.Reason > 0) {
  63                                 string msg = null;
  64                                 // FAILURES
  65                                 switch (a.Reason) {
  66                                         case 1:
  67                                                 msg = "doesn't contain a digital signature";
  68                                                 break;
  69                                         case 2:
  70                                                 msg = "digital signature is invalid";
  71                                                 break;
  72                                         case 3:
  73                                                 msg = "countersignature (timestamp) is invalid";
  74                                                 break;
  75                                         case 4:
  76                                                 msg = "timestamp is outside certificate validity";
  77                                                 break;
  78                                         case 5:
  79                                                 msg = "use an unsupported hash algorithm. Verification is impossible";
  80                                                 break;
  81                                         case 6:
  82                                                 msg = "signature can't be traced back to a trusted root";
  83                                                 break;
  84                                         case 7:
  85                                                 msg = "couldn't find the certificate that signed the file";
  86                                                 break;
  87                                         case 8:
  88                                                 msg = "certificate is expired and no timestamp is present";
  89                                                 break;
  90                                         default:
  91                                                 msg = "unknown error";
  92                                                 break;
  93                                 }
  94
  95                                 Console.WriteLine ("ERROR! {0} {1}!{2}", fileName, msg, Environment.NewLine);
  96                                 return 1;
  97                         }
  98
  99                         Console.WriteLine ("SUCCESS: {0} signature is valid{1}and can be traced back to a trusted root!{2}", fileName, Environment.NewLine, Environment.NewLine);
 100                         return 0;
 101                 }
 102
 103                 [STAThread]
 104                 static int Main (string[] args)
 105                 {
 106                         bool verbose = false;
 107                         bool quiet = true;      // always true as we don't show UI
 108                         bool help = false;
 109                         string fileName = null;
 110
 111                         Header();
 112                         try {
 113                                 for (int i=0; i < args.Length; i++) {
 114                                         switch (args[i]) {
 115                                                 case "-q":
 116                                                 case "-quiet":
 117                                                         quiet = true;
 118                                                         break;
 119                                                 case "-v":
 120                                                 case "-verbose":
 121                                                         verbose = true;
 122                                                         break;
 123                                                 case "-h":
 124                                                 case "-help":
 125                                                 case "-?":
 126                                                 case "/?":
 127                                                         help = true;
 128                                                         break;
 129                                                 default:
 130                                                         fileName = args [i];
 131                                                         break;
 132                                         }
 133                                 }
 134
 135                                 if ((help) || (fileName == null))
 136                                         Help ();
 137                                 else
 138                                         return Check (fileName, quiet, verbose);
 139
 140                         }
 141                         catch (CryptographicException ce) {
 142                                 Console.WriteLine ("WARNING: " + ce.Message);
 143                                 Console.WriteLine ("ERROR: Trust evaluation is incomplete!");
 144                         }
 145                         catch (Exception e) {
 146                                 Console.WriteLine ("ERROR: " + e.ToString ());
 147                                 Help ();
 148                         }
 149                         Console.WriteLine ();
 150                         return 1;
 151                 }
 152         }
 153 }