impl

Author: letao-msft

dev/Common/IsWindowsVersion.h

@@ -1,10 +1,12 @@
-// Copyright (c) Microsoft Corporation and Contributors.
+// Copyright (c) Microsoft Corporation and Contributors.
 // Licensed under the MIT License.
 
 #ifndef __ISWINDOWSVERSION_H
 #define __ISWINDOWSVERSION_H
 
 #include <VersionHelpers.h>
+#include <wil/com.h>
+#include <AppxPackaging.h>
 
 namespace WindowsVersion
 {
@@ -62,6 +64,12 @@ inline bool IsWindows11_24H2OrGreater()
     // MsixIsPackageFeatureSupported() added to  in Windows 11 24H2 (aka NTDDI_WIN11_GE)
     return IsExportPresent(L"appxdeploymentclient.dll", "MsixIsPackageFeatureSupported");
 }
+
+inline bool SupportsIAppxFactory4()
+{
+    return wil::CoCreateInstanceNoThrow<AppxFactory, IAppxFactory4>().get() != nullptr;
+}
+
 }
 
 #endif // __ISWINDOWSVERSION_H

dev/PackageManager/API/M.W.M.D.AddPackageOptions.cpp

@@ -176,8 +176,7 @@ namespace winrt::Microsoft::Windows::Management::Deployment::implementation
 
     bool AddPackageOptions::IsPackageValidatorsSupported()
     {
-        // TODO - check presence of AppxPackaging streaming reader feature
-        return true;
+        return WindowsVersion::SupportsIAppxFactory4();
     }
     winrt::Windows::Foundation::Collections::IMap<winrt::Windows::Foundation::Uri, winrt::Windows::Foundation::Collections::IVector<winrt::Microsoft::Windows::Management::Deployment::IPackageValidator> > AddPackageOptions::PackageValidators()
     {

dev/PackageManager/API/M.W.M.D.PackageCertificateEkuValidator.cpp

@@ -3,23 +3,193 @@
 #include "Microsoft.Windows.Management.Deployment.PackageCertificateEkuValidator.g.cpp"
 #include <TerminalVelocityFeatures-PackageManager.h>
 
+#include <AppxPackaging.h>
+
 namespace winrt::Microsoft::Windows::Management::Deployment::implementation
 {
     PackageCertificateEkuValidator::PackageCertificateEkuValidator(hstring const& expectedCertificateEku)
     {
         THROW_HR_IF(E_NOTIMPL, !::Microsoft::Windows::Management::Deployment::Feature_PackageValidator::IsEnabled());
 
-        UNREFERENCED_PARAMETER(expectedCertificateEku);
-
-        throw hresult_not_implemented();
+        m_expectedEku = expectedCertificateEku;
     }
 
     bool PackageCertificateEkuValidator::IsPackageValid(winrt::Windows::Foundation::IInspectable const& appxPackagingObject)
     {
         THROW_HR_IF(E_NOTIMPL, !::Microsoft::Windows::Management::Deployment::Feature_PackageValidator::IsEnabled());
 
-        UNREFERENCED_PARAMETER(appxPackagingObject);
+        winrt::com_ptr<IAppxPackageReader> packageReader;
+        winrt::com_ptr<IAppxBundleReader> bundleReader;
 
-        throw hresult_not_implemented();
+        if (SUCCEEDED(appxPackagingObject.as(IID_PPV_ARGS(&packageReader))))
+        {
+            winrt::com_ptr<IAppxFile> signatureFile;
+            if (SUCCEEDED(packageReader->GetFootprintFile(APPX_FOOTPRINT_FILE_TYPE_SIGNATURE, signatureFile.put())))
+            {
+                return CheckSignature(signatureFile.get());
+            }
+            else
+            {
+                return false; // package is not valid because there is no signature present
+            }
+        }
+        else if (SUCCEEDED(appxPackagingObject.as(IID_PPV_ARGS(&bundleReader))))
+        {
+            winrt::com_ptr<IAppxFile> signatureFile;
+            if (SUCCEEDED(bundleReader->GetFootprintFile(APPX_BUNDLE_FOOTPRINT_FILE_TYPE_SIGNATURE, signatureFile.put())))
+            {
+                return CheckSignature(signatureFile.get());
+            }
+            else
+            {
+                return false; // package is not valid because there is no signature present
+            }
+        }
+        else
+        {
+            THROW_WIN32(ERROR_NOT_SUPPORTED);
+        }
     }
+
+    bool PackageCertificateEkuValidator::CheckSignature(IAppxFile* signatureFile)
+    {
+        winrt::com_ptr<IStream> signatureStream;
+        THROW_IF_FAILED(signatureFile->GetStream(signatureStream.put()));
+
+        // The p7x signature should have a leading 4-byte PKCX header
+        static const DWORD P7xFileId = 0x58434b50; // PKCX
+        static const DWORD P7xFileIdSize = sizeof(P7xFileId);
+
+        STATSTG streamStats{};
+        THROW_IF_FAILED(signatureStream->Stat(&streamStats, STATFLAG_NONAME));
+        if (streamStats.cbSize.HighPart > 0 || streamStats.cbSize.LowPart < P7xFileIdSize)
+        {
+            return false; // The signature has unexpected size
+        }
+
+        DWORD streamSize = streamStats.cbSize.LowPart;
+        auto streamBuffer{ wil::make_unique_nothrow<BYTE[]>(streamSize) };
+        THROW_IF_NULL_ALLOC(streamBuffer);
+
+        ULONG bytesRead{};
+        THROW_IF_FAILED(signatureStream->Read(streamBuffer.get(), streamSize, &bytesRead));
+        THROW_HR_IF(HRESULT_FROM_WIN32(ERROR_BAD_FORMAT), bytesRead != streamSize);
+
+        if (*reinterpret_cast<DWORD*>(streamBuffer.get()) != P7xFileId)
+        {
+            return false; // The signature does not have expected header
+        }
+
+        CRYPT_DATA_BLOB signatureBlob{};
+        signatureBlob.cbData = streamSize - P7xFileIdSize;
+        signatureBlob.pbData = streamBuffer.get() + P7xFileIdSize;
+
+        wil::unique_hcertstore certStore;
+        wil::unique_hcryptmsg signedMessage;
+        DWORD queryContentType = 0;
+        DWORD queryFormatType = 0;
+        if (!CryptQueryObject(
+            CERT_QUERY_OBJECT_BLOB,
+            &signatureBlob,
+            CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED,
+            CERT_QUERY_FORMAT_FLAG_BINARY,
+            0,      // Reserved parameter
+            NULL,   // No encoding info needed
+            &queryContentType,
+            &queryFormatType,
+            &certStore,
+            &signedMessage,
+            NULL    // No additional params for signed message output
+        ))
+        {
+            return false; // CryptQueryObject could not read the signature
+        }
+
+        if (queryContentType != CERT_QUERY_CONTENT_PKCS7_SIGNED || queryFormatType != CERT_QUERY_FORMAT_BINARY || !certStore || !signedMessage)
+        {
+            return false; // CryptQueryObject returned unexpected data
+        }
+
+        CMSG_SIGNER_INFO* signerInfo = NULL;
+        DWORD signerInfoSize = 0;
+        if (!CryptMsgGetParam(signedMessage.get(), CMSG_SIGNER_INFO_PARAM, 0, NULL, &signerInfoSize))
+        {
+            return false; // CryptMsgGetParam could not read the signature
+        }
+
+        if (signerInfoSize == 0 || signerInfoSize >= STRSAFE_MAX_CCH)
+        {
+            return false; // Signer info has unexpected size
+        }
+
+        auto signerInfoBuffer{ wil::make_unique_nothrow<BYTE[]>(signerInfoSize) };
+        THROW_IF_NULL_ALLOC(signerInfoBuffer);
+        signerInfo = reinterpret_cast<CMSG_SIGNER_INFO*>(signerInfoBuffer.get());
+        if (!CryptMsgGetParam(signedMessage.get(), CMSG_SIGNER_INFO_PARAM, 0, signerInfo, &signerInfoSize))
+        {
+            return false; // CryptMsgGetParam could not read the signature
+        }
+
+        // Get the signing certificate from the certificate store based on the issuer and serial number of the signer info
+        CERT_INFO certInfo;
+        certInfo.Issuer = signerInfo->Issuer;
+        certInfo.SerialNumber = signerInfo->SerialNumber;
+
+        wil::unique_cert_context certContext{
+            CertGetSubjectCertificateFromStore(
+                certStore.get(),
+                X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                &certInfo)
+        };
+        if (!certContext)
+        {
+            return false; // CertGetSubjectCertificateFromStore could not find a cert context
+        }
+
+        DWORD ekuBufferSize = 0;
+        if (!CertGetEnhancedKeyUsage(
+            certContext.get(),
+            0, // Accept EKU from EKU extension or EKU extended properties
+            NULL,
+            &ekuBufferSize))
+        {
+            return false; // CertGetEnhancedKeyUsage could not read EKUs
+        }
+
+        if (ekuBufferSize < sizeof(CERT_ENHKEY_USAGE))
+        {
+            return false; // No EKUs are found in the signature
+        }
+
+        auto ekuBuffer{ wil::make_unique_nothrow<BYTE[]>(ekuBufferSize)};
+        THROW_IF_NULL_ALLOC(ekuBuffer);
+        PCERT_ENHKEY_USAGE ekusFound = reinterpret_cast<PCERT_ENHKEY_USAGE>(ekuBuffer.get());
+        if (!CertGetEnhancedKeyUsage(
+            certContext.get(),
+            0, // Accept EKU from EKU extension or EKU extended properties
+            ekusFound,
+            &ekuBufferSize))
+        {
+            return false; // CertGetEnhancedKeyUsage could not read EKUs
+        }
+
+        for (DWORD i = 0; i < ekusFound->cUsageIdentifier; i++)
+        {
+            auto eku{ ekusFound->rgpszUsageIdentifier[i] };
+
+            int length = MultiByteToWideChar(CP_ACP, 0, eku, -1, nullptr, 0);
+            auto ekuWcharBuffer{ wil::make_unique_nothrow<WCHAR[]>(length) };
+            THROW_IF_NULL_ALLOC(ekuWcharBuffer);
+
+            MultiByteToWideChar(CP_ACP, 0, eku, -1, ekuWcharBuffer.get(), length);
+
+            if (wcscmp(ekuWcharBuffer.get(), m_expectedEku.c_str()) == 0)
+            {
+                return true; // Found expected EKU
+            }
+        }
+
+        return false; // Did not find expected EKU
+    }
+
 }

dev/PackageManager/API/M.W.M.D.PackageCertificateEkuValidator.h

@@ -1,6 +1,8 @@
 #pragma once
 #include "Microsoft.Windows.Management.Deployment.PackageCertificateEkuValidator.g.h"
 
+#include <AppxPackaging.h>
+
 namespace winrt::Microsoft::Windows::Management::Deployment::implementation
 {
     struct PackageCertificateEkuValidator : PackageCertificateEkuValidatorT<PackageCertificateEkuValidator>
@@ -9,6 +11,11 @@ namespace winrt::Microsoft::Windows::Management::Deployment::implementation
 
         PackageCertificateEkuValidator(hstring const& expectedCertificateEku);
         bool IsPackageValid(winrt::Windows::Foundation::IInspectable const& appxPackagingObject);
+
+    private:
+        bool CheckSignature(IAppxFile* signatureFile);
+
+        hstring m_expectedEku{};
     };
 }
 

dev/PackageManager/API/M.W.M.D.PackageDeploymentManager.cpp

@@ -32,6 +32,9 @@ namespace ABI::Windows::Management::Deployment
 #include <FrameworkUdk/PackageManagement.h>
 #include <FrameworkUdk/UupStateRepository.h>
 
+#include <appxpackaging.h>
+#include <appxpackagingobject.h>
+
 #include <IsWindowsVersion.h>
 #include <TerminalVelocityFeatures-PackageManager.h>
 
@@ -3682,10 +3685,60 @@ namespace winrt::Microsoft::Windows::Management::Deployment::implementation
     {
         THROW_HR_IF(E_NOTIMPL, !::Microsoft::Windows::Management::Deployment::Feature_PackageValidator::IsEnabled());
 
-        UNREFERENCED_PARAMETER(packageValidators);
-        UNREFERENCED_PARAMETER(expectedDigests);
+        auto appxFactory{ wil::CoCreateInstance<AppxFactory, IAppxFactory4, wil::err_exception_policy>() };
+        auto bundleFactory{ wil::CoCreateInstance<AppxBundleFactory, IAppxBundleFactory3, wil::err_exception_policy>() };
 
-        throw hresult_not_implemented();
+        for (const auto pair : packageValidators)
+        {
+            const auto packageUri{ pair.Key() };
+            const auto validators{ pair.Value() };
+            if (!packageUri || !validators || validators.Size() == 0)
+            {
+                continue;
+            }
+
+            auto expectedDigest{ expectedDigests.TryLookup(packageUri) };
+            auto packageUriString{ packageUri.AbsoluteCanonicalUri().c_str() };
+            auto expectedDigestString{ expectedDigest.has_value() ? expectedDigest.value().c_str() : nullptr };
+
+            winrt::com_ptr<::IInspectable> appxObject;
+            winrt::com_ptr<IAppxPackageReader> packageReader;
+            winrt::com_ptr<IAppxBundleReader> bundleReader;
+            winrt::com_ptr<IAppxDigestProvider> digestProvider;
+
+            if (SUCCEEDED(appxFactory->CreatePackageReaderFromSourceUri(packageUriString, expectedDigestString, packageReader.put())))
+            {
+                appxObject = winrt::make<AppxPackagingObject>(packageReader.get());
+                digestProvider = packageReader.as<IAppxDigestProvider>();
+            }
+            else if (SUCCEEDED(bundleFactory->CreateBundleReaderFromSourceUri(packageUriString, expectedDigestString, bundleReader.put())))
+            {
+                appxObject = winrt::make<AppxPackagingObject>(bundleReader.get());
+                digestProvider = bundleReader.as<IAppxDigestProvider>();
+            }
+            else
+            {
+                THROW_WIN32(ERROR_INSTALL_OPEN_PACKAGE_FAILED);
+            }
+
+            for (const auto validator : validators)
+            {
+                if (!validator)
+                {
+                    continue;
+                }
+
+                THROW_HR_IF(APPX_E_DIGEST_MISMATCH, !validator.IsPackageValid(appxObject.as<IInspectable>()));
+            }
+
+            if (!expectedDigestString)
+            {
+                wil::unique_cotaskmem_string digest;
+                THROW_IF_FAILED(digestProvider->GetDigest(&digest));
+
+                expectedDigests.Insert(packageUri, digest.get());
+            }
+        }
     }
 
 }

dev/PackageManager/API/M.W.M.D.StagePackageOptions.cpp

@@ -131,8 +131,7 @@ namespace winrt::Microsoft::Windows::Management::Deployment::implementation
 
     bool StagePackageOptions::IsPackageValidatorsSupported()
     {
-        // TODO - check presence of AppxPackaging streaming reader feature
-        return true;
+        return WindowsVersion::SupportsIAppxFactory4();
     }
     winrt::Windows::Foundation::Collections::IMap<winrt::Windows::Foundation::Uri, winrt::Windows::Foundation::Collections::IVector<winrt::Microsoft::Windows::Management::Deployment::IPackageValidator> > StagePackageOptions::PackageValidators()
     {

dev/PackageManager/API/PackageManager.vcxitems.filters

@@ -124,6 +124,9 @@
     <ClInclude Include="$(MSBuildThisFileDirectory)M.W.M.D.PackageMinimumVersionValidator.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="$(MSBuildThisFileDirectory)AppxPackagingObject.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <Midl Include="$(MSBuildThisFileDirectory)PackageManager.idl" />