[win] Create utilities for helping to populate ModuleDatabase.

chrome/browser/win/enumerate_modules_model.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/win/enumerate_modules_model.h"
 
 #include <softpub.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <tlhelp32.h>
@@ skipping 79 matching lines @@
   DWORD return_value = GetLongPathName(short_path.c_str(), long_path_buf,
                                        MAX_PATH);
   if (return_value != 0 && return_value < MAX_PATH) {
     *long_path = long_path_buf;
     return true;
   }
 
   return false;
 }
 
-// Helper for scoped tracking an HCERTSTORE.
-struct ScopedHCERTSTORETraits {
-  static HCERTSTORE InvalidValue() { return nullptr; }
-  static void Free(HCERTSTORE store) {
-    ::CertCloseStore(store, 0);
-  }
-};
-using ScopedHCERTSTORE =
-    base::ScopedGeneric<HCERTSTORE, ScopedHCERTSTORETraits>;
-
-// Helper for scoped tracking an HCRYPTMSG.
-struct ScopedHCRYPTMSGTraits {
-  static HCRYPTMSG InvalidValue() { return nullptr; }
-  static void Free(HCRYPTMSG message) {
-    ::CryptMsgClose(message);
-  }
-};
-using ScopedHCRYPTMSG =
-    base::ScopedGeneric<HCRYPTMSG, ScopedHCRYPTMSGTraits>;
-
-// Returns the "Subject" field from the digital signature in the provided
-// binary, if any is present. Returns an empty string on failure.
-base::string16 GetSubjectNameInFile(const base::FilePath& filename) {
-  ScopedHCERTSTORE store;
-  ScopedHCRYPTMSG message;
-
-  // Find the crypto message for this filename.
-  {
-    HCERTSTORE temp_store = nullptr;
-    HCRYPTMSG temp_message = nullptr;
-    bool result = !!CryptQueryObject(CERT_QUERY_OBJECT_FILE,
-      filename.value().c_str(),
-      CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
-      CERT_QUERY_FORMAT_FLAG_BINARY,
-      0,
-      nullptr,
-      nullptr,
-      nullptr,
-      &temp_store,
-      &temp_message,
-      nullptr);
-    store.reset(temp_store);
-    message.reset(temp_message);
-    if (!result)
-      return base::string16();
-  }
-
-  // Determine the size of the signer info data.
-  DWORD signer_info_size = 0;
-  bool result = !!CryptMsgGetParam(message.get(),
-    CMSG_SIGNER_INFO_PARAM,
-    0,
-    nullptr,
-    &signer_info_size);
-  if (!result)
-    return base::string16();
-
-  // Allocate enough space to hold the signer info.
-  std::unique_ptr<BYTE[]> signer_info_buffer(new BYTE[signer_info_size]);
-  CMSG_SIGNER_INFO* signer_info =
-      reinterpret_cast<CMSG_SIGNER_INFO*>(signer_info_buffer.get());
-
-  // Obtain the signer info.
-  result = !!CryptMsgGetParam(message.get(),
-    CMSG_SIGNER_INFO_PARAM,
-    0,
-    signer_info,
-    &signer_info_size);
-  if (!result)
-    return base::string16();
-
-  // Search for the signer certificate.
-  CERT_INFO CertInfo = {0};
-  PCCERT_CONTEXT cert_context = nullptr;
-  CertInfo.Issuer = signer_info->Issuer;
-  CertInfo.SerialNumber = signer_info->SerialNumber;
-
-  cert_context = CertFindCertificateInStore(
-    store.get(),
-    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-    0,
-    CERT_FIND_SUBJECT_CERT,
-    &CertInfo,
-    nullptr);
-  if (!cert_context)
-    return base::string16();
-
-  // Determine the size of the Subject name.
-  DWORD subject_name_size = CertGetNameString(
-    cert_context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nullptr, nullptr, 0);
-  if (!subject_name_size)
-    return base::string16();
-
-  base::string16 subject_name;
-  subject_name.resize(subject_name_size);
-
-  // Get subject name.
-  if (!(CertGetNameString(cert_context,
-    CERT_NAME_SIMPLE_DISPLAY_TYPE,
-    0,
-    nullptr,
-    const_cast<LPWSTR>(subject_name.c_str()),
-    subject_name_size))) {
-    return base::string16();
-  }
-
-  return subject_name;
-}
-
-// Helper for scoped tracking a catalog admin context.
-struct CryptCATContextScopedTraits {
-  static PVOID InvalidValue() { return nullptr; }
-  static void Free(PVOID context) {
-    CryptCATAdminReleaseContext(context, 0);
-  }
-};
-using ScopedCryptCATContext =
-    base::ScopedGeneric<PVOID, CryptCATContextScopedTraits>;
-
-// Helper for scoped tracking of a catalog context. A catalog context is only
-// valid with an associated admin context, so this is effectively a std::pair.
-// A custom operator!= is required in order for a null |catalog_context| but
-// non-null |context| to compare equal to the InvalidValue exposed by the
-// traits class.
-class CryptCATCatalogContext {
- public:
-  CryptCATCatalogContext(PVOID context, PVOID catalog_context)
-      : context_(context), catalog_context_(catalog_context) {}
-
-  bool operator!=(const CryptCATCatalogContext& rhs) const {
-    return catalog_context_ != rhs.catalog_context_;
-  }
-
-  PVOID context() const { return context_; }
-  PVOID catalog_context() const { return catalog_context_; }
-
- private:
-  PVOID context_;
-  PVOID catalog_context_;
-};
-
-struct CryptCATCatalogContextScopedTraits {
-  static CryptCATCatalogContext InvalidValue() {
-    return CryptCATCatalogContext(nullptr, nullptr);
-  }
-  static void Free(const CryptCATCatalogContext& c) {
-    CryptCATAdminReleaseCatalogContext(
-        c.context(), c.catalog_context(), 0);
-  }
-};
-using ScopedCryptCATCatalogContext = base::ScopedGeneric<
-    CryptCATCatalogContext, CryptCATCatalogContextScopedTraits>;
-
-// Extracts the subject name and catalog path if the provided file is present in
-// a catalog file.
-void GetCatalogCertificateInfo(const base::FilePath& filename,
-                               ModuleEnumerator::CertificateInfo* cert_info) {
-  // Get a crypt context for signature verification.
-  ScopedCryptCATContext context;
-  {
-    PVOID raw_context = nullptr;
-    if (!CryptCATAdminAcquireContext(&raw_context, nullptr, 0))
-      return;
-    context.reset(raw_context);
-  }
-
-  // Open the file of interest.
-  base::win::ScopedHandle file_handle(CreateFileW(
-    filename.value().c_str(), GENERIC_READ,
-    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
-    nullptr, OPEN_EXISTING, 0, nullptr));
-  if (!file_handle.IsValid())
-    return;
-
-  // Get the size we need for our hash.
-  DWORD hash_size = 0;
-  CryptCATAdminCalcHashFromFileHandle(
-      file_handle.Get(), &hash_size, nullptr, 0);
-  if (hash_size == 0)
-    return;
-
-  // Calculate the hash. If this fails then bail.
-  std::vector<BYTE> buffer(hash_size);
-  if (!CryptCATAdminCalcHashFromFileHandle(file_handle.Get(), &hash_size,
-          buffer.data(), 0)) {
-    return;
-  }
-
-  // Get catalog for our context.
-  ScopedCryptCATCatalogContext catalog_context(CryptCATCatalogContext(
-      context.get(),
-      CryptCATAdminEnumCatalogFromHash(context.get(), buffer.data(), hash_size,
-                                       0, nullptr)));
-  if (!catalog_context.is_valid())
-    return;
-
-  // Get the catalog info. This includes the path to the catalog itself, which
-  // contains the signature of interest.
-  CATALOG_INFO catalog_info = {};
-  catalog_info.cbStruct = sizeof(catalog_info);
-  if (!CryptCATCatalogInfoFromContext(
-      catalog_context.get().catalog_context(), &catalog_info, 0)) {
-    return;
-  }
-
-  // Attempt to get the "Subject" field from the signature of the catalog file
-  // itself.
-  base::FilePath catalog_path(catalog_info.wszCatalogFile);
-  base::string16 subject = GetSubjectNameInFile(catalog_path);
-
-  if (subject.empty())
-    return;
-
-  cert_info->type = ModuleEnumerator::CERTIFICATE_IN_CATALOG;
-  cert_info->path = catalog_path;
-  cert_info->subject = subject;
-}
-
-// Extracts information about the certificate of the given file, if any is
-// found.
-void GetCertificateInfo(const base::FilePath& filename,
-                        ModuleEnumerator::CertificateInfo* cert_info) {
-  DCHECK_EQ(ModuleEnumerator::NO_CERTIFICATE, cert_info->type);
-  DCHECK(cert_info->path.empty());
-  DCHECK(cert_info->subject.empty());
-
-  GetCatalogCertificateInfo(filename, cert_info);
-  if (cert_info->type == ModuleEnumerator::CERTIFICATE_IN_CATALOG)
-    return;
-
-  base::string16 subject = GetSubjectNameInFile(filename);
-  if (subject.empty())
-    return;
-
-  cert_info->type = ModuleEnumerator::CERTIFICATE_IN_FILE;
-  cert_info->path = filename;
-  cert_info->subject = subject;
-}
-
 }  // namespace
 
-ModuleEnumerator::CertificateInfo::CertificateInfo() : type(NO_CERTIFICATE) {}
-
 ModuleEnumerator::Module::Module() {
 }
 
 ModuleEnumerator::Module::Module(const Module& rhs) = default;
 
 ModuleEnumerator::Module::Module(ModuleType type,
                                  ModuleStatus status,
                                  const base::string16& location,
                                  const base::string16& name,
                                  const base::string16& product_name,
@@ skipping 349 matching lines @@
   // catalog counts as a single certificate, as does a file with a baked in
   // certificate.
   std::set<base::FilePath> unique_certificates;
   size_t microsoft_certificates = 0;
   size_t signed_modules = 0;
   size_t microsoft_modules = 0;
   size_t catalog_modules = 0;
   size_t third_party_loaded = 0;
   size_t third_party_not_loaded = 0;
   for (const auto& module : *enumerated_modules_) {
-    if (module.cert_info.type != ModuleEnumerator::NO_CERTIFICATE) {
+    if (module.cert_info.type != ModuleDatabase::NO_CERTIFICATE) {
       ++signed_modules;
 
-      if (module.cert_info.type == ModuleEnumerator::CERTIFICATE_IN_CATALOG)
+      if (module.cert_info.type == ModuleDatabase::CERTIFICATE_IN_CATALOG)
         ++catalog_modules;
 
       // The first time this certificate is encountered it will be inserted
       // into the set.
       bool new_certificate =
           unique_certificates.insert(module.cert_info.path).second;
 
       // Check if the signer name begins with "Microsoft ". Signatures are
       // typically "Microsoft Corporation" or "Microsoft Windows", but others
       // may exist.
@@ skipping 285 matching lines @@
 
   UMA_HISTOGRAM_COUNTS_100("Conflicts.SuspectedBadModules",
                            suspected_bad_modules_detected_);
   UMA_HISTOGRAM_COUNTS_100("Conflicts.ConfirmedBadModules",
                            confirmed_bad_modules_detected_);
 
   // Forward the callback to any registered observers.
   for (Observer& observer : observers_)
     observer.OnScanCompleted();
 }