internal IViewExtension Load(ViewExtensionDefinition viewExtension) { try { if (viewExtension.IsEnabled) { if (viewExtension.RequiresSignedEntryPoint) { CertificateVerification.CheckAssemblyForValidCertificate(viewExtension.AssemblyPath); } var assembly = Assembly.LoadFrom(viewExtension.AssemblyPath); var result = assembly.CreateInstance(viewExtension.TypeName) as IViewExtension; ExtensionLoading?.Invoke(result); return(result); } return(null); } catch (Exception ex) { var name = viewExtension.TypeName == null ? "null" : viewExtension.TypeName; Log("Could not create an instance of " + name); Log(ex.Message); Log(ex.StackTrace); return(null); } }
override public PdfPKCS7 VerifySignature(AcroFields fields, String name) { PdfPKCS7 pkcs7 = base.VerifySignature(fields, name); X509Certificate[] certs = pkcs7.SignCertificateChain; DateTime cal = pkcs7.SignDate; var errors = CertificateVerification.VerifyCertificates(certs, certificates, null, cal); if (errors == null) { Console.WriteLine("Certificates verified against the KeyStore"); } else { foreach (object error in errors) { Console.WriteLine(error); } } for (int i = 0; i < certs.Length; ++i) { X509Certificate cert = certs[i]; Console.WriteLine("=== Certificate " + i + " ==="); ShowCertificateInfo(cert, cal.ToLocalTime()); } X509Certificate signCert = certs[0]; X509Certificate issuerCert = (certs.Length > 1 ? certs[1] : null); Console.WriteLine("=== Checking validity of the document at the time of signing ==="); CheckRevocation(pkcs7, signCert, issuerCert, cal); Console.WriteLine("=== Checking validity of the document today ==="); CheckRevocation(pkcs7, signCert, issuerCert, DateTime.Now); return(pkcs7); }
private IExtension Load(ExtensionDefinition extension) { try { if (extension.RequiresSignedEntryPoint) { CertificateVerification.CheckAssemblyForValidCertificate(extension.AssemblyPath); } var assembly = Assembly.LoadFrom(extension.AssemblyPath); var result = assembly.CreateInstance(extension.TypeName) as IExtension; ExtensionLoading?.Invoke(result); Logging.Analytics.TrackEvent( Actions.Load, Categories.ExtensionOperations, extension.TypeName); return(result); } catch (Exception ex) { var name = extension.TypeName == null ? "null" : extension.TypeName; Log("Could not create an instance of " + name); Log(ex.Message); Log(ex.StackTrace); return(null); } }
private void VerifyCertificates(PdfPKCS7 pkcs7) { List <X509Certificate> ks = new List <X509Certificate>(); InitKeyStoreForVerification(ks); X509Certificate[] certs = pkcs7.GetSignCertificateChain(); DateTime cal = pkcs7.GetSignDate(); IList <VerificationException> errors = CertificateVerification.VerifyCertificates( certs, ks, cal); if (errors.Count > 0) { foreach (VerificationException e in errors) { AddError(e.Message + "\n"); } } for (int i = 0; i < certs.Length; i++) { X509Certificate cert = (X509Certificate)certs[i]; CheckCertificateInfo(cert, cal.ToUniversalTime(), pkcs7); } X509Certificate signCert = (X509Certificate)certs[0]; X509Certificate issuerCert = (certs.Length > 1 ? (X509Certificate)certs[1] : null); //Checking validity of the document at the time of signing CheckRevocation(pkcs7, signCert, issuerCert, cal.ToUniversalTime()); }
public virtual void ValidCertificateChain01() { X509Certificate[] certChain = Pkcs12FileHelper.ReadFirstChain(certsSrc + "signCertRsaWithChain.p12", password ); String caCertFileName = certsSrc + "rootRsa.p12"; List <X509Certificate> caKeyStore = Pkcs12FileHelper.InitStore(caCertFileName, password); IList <VerificationException> verificationExceptions = CertificateVerification.VerifyCertificates(certChain , caKeyStore); NUnit.Framework.Assert.IsTrue(verificationExceptions.IsEmpty()); }
public PdfPKCS7 VerifySignature(SignatureUtil signUtil, String name) { PdfPKCS7 pkcs7 = GetSignatureData(signUtil, name); X509Certificate[] certs = pkcs7.GetSignCertificateChain(); // Timestamp is a secure source of signature creation time, // because it's based on Time Stamping Authority service. DateTime cal = pkcs7.GetTimeStampDate(); // If there is no timestamp, use the current date if (TimestampConstants.UNDEFINED_TIMESTAMP_DATE == cal) { cal = new DateTime(); } // Check if the certificate chain, presented in the PDF, can be verified against // the created key store. IList <VerificationException> errors = CertificateVerification.VerifyCertificates(certs, ks, cal); if (errors.Count == 0) { OUT_STREAM.WriteLine("Certificates verified against the KeyStore"); } else { OUT_STREAM.WriteLine(errors); } // Find out if certificates were valid on the signing date, and if they are still valid today for (int i = 0; i < certs.Length; i++) { X509Certificate cert = (X509Certificate)certs[i]; OUT_STREAM.WriteLine("=== Certificate " + i + " ==="); ShowCertificateInfo(cert, cal.ToUniversalTime()); } // Take the signing certificate X509Certificate signCert = (X509Certificate)certs[0]; // Take the certificate of the issuer of that certificate (or null if it was self-signed). X509Certificate issuerCert = (certs.Length > 1 ? (X509Certificate)certs[1] : null); OUT_STREAM.WriteLine("=== Checking validity of the document at the time of signing ==="); CheckRevocation(pkcs7, signCert, issuerCert, cal.ToUniversalTime()); OUT_STREAM.WriteLine("=== Checking validity of the document today ==="); CheckRevocation(pkcs7, signCert, issuerCert, new DateTime()); return(pkcs7); }
/// <summary> /// Check the node libraries defined in the package json file are valid and have a valid certificate /// </summary> /// <param name="packageDirectoryPath">path to package location</param> /// <param name="discoveredPkg">package object to check</param> private static void CheckPackageNodeLibraryCertificates(string packageDirectoryPath, Package discoveredPkg) { var dllfiles = new System.IO.DirectoryInfo(discoveredPkg.BinaryDirectory).EnumerateFiles("*.dll"); if (discoveredPkg.Header.node_libraries.Count() == 0 && dllfiles.Count() != 0) { throw new LibraryLoadFailedException(packageDirectoryPath, String.Format( Resources.InvalidPackageNoNodeLibrariesDefinedInPackageJson, discoveredPkg.Name, discoveredPkg.RootDirectory)); } foreach (var nodeLibraryAssembly in discoveredPkg.Header.node_libraries) { //Try to get the assembly name from the manifest file string filename; try { filename = new AssemblyName(nodeLibraryAssembly).Name + ".dll"; } catch { throw new LibraryLoadFailedException(packageDirectoryPath, String.Format( Resources.InvalidPackageMalformedNodeLibraryDefinition, discoveredPkg.Name, discoveredPkg.RootDirectory)); } //Verify the node library exists in the package bin directory and has a valid certificate var filepath = Path.Combine(discoveredPkg.BinaryDirectory, filename); try { CertificateVerification.CheckAssemblyForValidCertificate(filepath); } catch (Exception e) { throw new LibraryLoadFailedException(packageDirectoryPath, String.Format( Resources.InvalidPackageNodeLibraryIsNotSigned, discoveredPkg.Name, discoveredPkg.RootDirectory, e.Message)); } } discoveredPkg.RequiresSignedEntryPoints = true; }
/// <summary> /// Verifies the signature of a prevously signed PDF document using the specified public key /// </summary> /// <param name="pdfFile">a Previously signed pdf document</param> /// <param name="publicKeyStream">Public key to be used to verify the signature in .cer format</param> /// <exception cref="System.InvalidOperationException">Throw System.InvalidOperationException if the document is not signed or the signature could not be verified</exception> public static void VerifyPdfSignature(string pdfFile, Stream publicKeyStream) { var parser = new X509CertificateParser(); var certificate = parser.ReadCertificate(publicKeyStream); publicKeyStream.Dispose(); PdfReader reader = new PdfReader(pdfFile); AcroFields af = reader.AcroFields; var names = af.GetSignatureNames(); if (names.Count == 0) { throw new InvalidOperationException("No Signature present in pdf file."); } foreach (string name in names) { if (!af.SignatureCoversWholeDocument(name)) { throw new InvalidOperationException(string.Format("The signature: {0} does not covers the whole document.", name)); } PdfPKCS7 pk = af.VerifySignature(name); var cal = pk.SignDate; var pkc = pk.Certificates; if (!pk.Verify()) { throw new InvalidOperationException("The signature could not be verified."); } if (!pk.VerifyTimestampImprint()) { throw new InvalidOperationException("The signature timestamp could not be verified."); } var fails = CertificateVerification.VerifyCertificates(pkc, new[] { certificate }, null, cal); if (fails != null && fails.Any()) { throw new InvalidOperationException("The file is not signed using the specified key-pair."); } } }
private static PdfPKCS7 VerifySignature(AcroFields fields, String name, ref MessageReport.Signature sigInfo) { sigInfo.isCoveringWholeDocument = fields.SignatureCoversWholeDocument(name); PdfPKCS7 pkcs7 = fields.VerifySignature(name); sigInfo.isIntegral = pkcs7.Verify(); X509Certificate[] certs = pkcs7.SignCertificateChain; DateTime cal = pkcs7.SignDate; IList <VerificationException> errors = CertificateVerification.VerifyCertificates(certs, certificates, null, cal); if (errors == null) { Console.WriteLine("Certificates verified against the KeyStore"); } else { foreach (object error in errors) { Console.WriteLine(error); } } for (int i = 0; i < certs.Length; ++i) { X509Certificate cert = certs[i]; } X509Certificate signCert = certs[0]; X509Certificate issuerCert = (certs.Length > 1 ? certs[1] : null); sigInfo.Certificate = GetCertificateInfo(signCert, cal.ToLocalTime()); sigInfo.isValidDateSigning = CheckRevocation(pkcs7, signCert, issuerCert, cal); sigInfo.isValidToday = CheckRevocation(pkcs7, signCert, issuerCert, DateTime.Now.AddDays(-1)); return(pkcs7); }