'*********************************************************************************************
' Authverify.vbs checks Authenticode signature and time-stamp on signed
' files that support Authenticode signatures:
'    .cab, .cat, .exe, .dll, .vbs, or .ocx.
' generated using for example the PSDK signing tool  signtool.exe.
'
' If there is no valid signature or if the signer's certificate chain can't be verified, the
' signature is considered invalid.
' If the signature is valid, the signers SubjectName, key-size and the authenticated attributes are displayed.
' If the signature is time-stamped, the timestamper's SubjectName, keysize and time-stamp date/time (UTC) is displayed.
' The signer's and timestamper's certificates can optionally be viewed in detail.
'
' Authverify accepts one command-line argument, or single file drag/drop.
' Requires CAPICOM  2.1.0.1 installed
'  http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6&DisplayLang=en
'
' 				JavaScience Consulting  03/26/2007
'***********************************************************************************************

Option Explicit 
Dim SignedCode, Signer, TimeStamper, InFile , siginfo, result
Dim  AuthAttr

Const Title = "VerifySignStamp"
Const CAPICOM_VERIFY_SIGNATURE_ONLY = 0
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
Const CAPICOM_CERT_INFO_SUBJECT_SIMPLE_NAME = 0
Const CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME          = 0
Const CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_NAME         = 1
Const CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_DESCRIPTION  = 2

Dim Verbose	:Verbose = TRUE

If NOT isCapicomAvailable Then
   MsgBox "CAPICOM is not installed." & vbCrLf & _
	"Install capicom first via: " & vbCrLf & _
	CAPICOMdnld, vbCritical, Title
  WScript.Quit(1)
End If

If Wscript.Arguments.Count <1 Then
    MsgBox "Usage: VerifySignStamp.vbs  SignedFileName ", vbInformation, Title
    WScript.Quit(1)
End If


InFile = Wscript.Arguments(0)
DoesFileExist(InFile)

Set SignedCode = CreateObject("CAPICOM.SignedCode") 
SignedCode.FileName =  InFile 




 On Error Resume Next
  SignedCode.Verify False
  If  Err.Number <> 0  Then	
	MsgBox "Could not verify signature on """ & InFile & vbCrLf , vbCritical, Title
	  WScript.Quit
  End If

  siginfo =  "Signature verified on """ & InFile & vbCrLf & vbCrLf & "Signer:    " & SignedCode.Signer.Certificate.SubjectName & vbCrLf

  siginfo = siginfo &  SignedCode.Signer.Certificate.PublicKey.Algorithm.FriendlyName & " Key Size: " & _
	SignedCode.Signer.Certificate.PublicKey.Length & " bits" & vbCrLf
  siginfo = siginfo & "Description: " & SignedCode.Description & vbCrLf
  siginfo = siginfo & "DescriptionURL: " & SignedCode.DescriptionURL & vbCrLf


   For Each AuthAttr In SignedCode.Signer.AuthenticatedAttributes
      Select Case AuthAttr.Name
      Case CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
         siginfo = siginfo & "Signing date  : " & AuthAttr.Value & vbCrLf
         
      Case CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_NAME
        siginfo = siginfo & " Name attribute : " & AuthAttr.Value & vbCrLf

      Case CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_DESCRIPTION
         siginfo = siginfo & " Description attribute : " & AuthAttr.Value & vbCrLf
      End Select
   Next


   If Not SignedCode.TimeStamper Is Nothing Then
     siginfo = siginfo & vbCrLf & "File is timestamped " & vbCrLf
     REM siginfo = siginfo & "Timestamper    : " & SignedCode.TimeStamper.Certificate.GetInfo(CAPICOM_CERT_INFO_SUBJECT_SIMPLE_NAME) & vbCrLf
     siginfo = siginfo & "Timestamper    : " & SignedCode.TimeStamper.Certificate.SubjectName & vbCrLf
     siginfo = siginfo &  "Timestamper " & SignedCode.TimeStamper.Certificate.PublicKey.Algorithm.FriendlyName & " Key Size: " & _
	SignedCode.TimeStamper.Certificate.PublicKey.Length & " bits" & vbCrLf

   For Each AuthAttr In SignedCode.TimeStamper.AuthenticatedAttributes
      Select Case AuthAttr.Name
      Case CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
         siginfo = siginfo & "Timestamping date  : " & AuthAttr.Value & vbCrLf
         
      Case CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_NAME
        siginfo = siginfo & "Name attribute : " & AuthAttr.Value & vbCrLf

      Case CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_DESCRIPTION
         siginfo = siginfo & "Description attribute : " & AuthAttr.Value & vbCrLf
      End Select
   Next

  else
   siginfo = siginfo & vbCrLf & "File is NOT TIMESTAMPED"
End If

 siginfo = siginfo & vbCrLf & "Show signer's and time-stamper's certificates?"

 result = MsgBox (siginfo,vbYesNo +  vbInformation, Title)
 If result = vbYES Then
	SignedCode.Signer.Certificate.Display	
	   If Not SignedCode.TimeStamper Is Nothing Then
		SignedCode.TimeStamper.Certificate.Display
	   End If
 End If
 
On Error GoTo 0

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' isCapicomAvailable
'
' Checks if CAPICOM is installed
'
Function isCapicomAvailable()
 Dim oStore
 On Error Resume Next
 Set oStore = CreateObject("CAPICOM.Store")
 oStore.Open CAPICOM_LOCAL_MACHINE_STORE, "Root", CAPICOM_STORE_OPEN_READ_ONLY
 If Err.Number <> 0 Then
  isCapicomAvailable = False
  Exit Function
 End If
 isCapicomAvailable = True
 Set oStore = Nothing
 On Error GoTo 0
End Function

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' DoesFileExist
'
' Checks if content file to sign exists
'
Sub DoesFileExist(FileName)
 Dim fso
 Set fso = CreateObject("Scripting.FileSystemObject")
 If Not fso.FileExists(FileName) Then
   MsgBox """" & FileName & """ file not found. ", vbCritical, Title
   WScript.Quit(1)
 End If
 Set fso = nothing
End Sub