public void IsSignedBytTrustedOrganizationVerifiesNestedSignatures() { Assert.True(AuthentiCode.IsSignedByTrustedOrganization(Path.Combine(s_testDataPath, "dual_signed.dll"), "Foo", "Bar", "Microsoft Corporation"));; Assert.True(AuthentiCode.IsSignedByTrustedOrganization(Path.Combine(s_testDataPath, "dual_signed.dll"), "Foo", "Bar", "WiX Toolset (.NET Foundation)")); }
/// <summary> /// Determines whether the specified file is signed by a trusted organization. /// </summary> /// <returns><see langword="true"/> if file is signed; <see langword="false"/> otherwise.</returns> internal static bool IsSigned(string path) { if (OperatingSystem.IsWindows()) { return(AuthentiCode.IsSigned(path) && AuthentiCode.IsSignedByTrustedOrganization(path, AuthentiCode.TrustedOrganizations)); } return(false); }
public void GetCertificatesRetrievesNestedSignatures() { var certificates = AuthentiCode.GetCertificates(Path.Combine(s_testDataPath, "triple_signed.dll")).ToArray(); Assert.Equal("CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US", certificates[0].Subject); Assert.Equal("sha1RSA", certificates[0].SignatureAlgorithm.FriendlyName); Assert.Equal("CN=Microsoft 3rd Party Application Component, O=Microsoft Corporation, L=Redmond, S=Washington, C=US", certificates[1].Subject); Assert.Equal("sha256RSA", certificates[1].SignatureAlgorithm.FriendlyName); Assert.Equal("CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US", certificates[2].Subject); Assert.Equal("sha256RSA", certificates[2].SignatureAlgorithm.FriendlyName); }
public void AuthentiCodeSignaturesCanBeVerified(string file, bool shouldBeSigned, string expectedError) { bool isSigned = AuthentiCode.IsSigned(Path.Combine(s_testDataPath, file)); Assert.Equal(shouldBeSigned, isSigned); if (!shouldBeSigned) { Assert.Equal(expectedError, new Win32Exception(Marshal.GetLastWin32Error()).Message); } }
private void VerifyPackageSignature(string msiPath) { if (s_IsDotNetSigned) { bool isAuthentiCodeSigned = AuthentiCode.IsSigned(msiPath); // Need to capture the error now as other OS calls might change the last error. uint lastError = !isAuthentiCodeSigned ? unchecked ((uint)Marshal.GetLastWin32Error()) : Error.SUCCESS; bool isTrustedOrganization = AuthentiCode.IsSignedByTrustedOrganization(msiPath, AuthentiCode.TrustedOrganizations); if (isAuthentiCodeSigned && isTrustedOrganization) { Log?.LogMessage($"Successfully verified AuthentiCode signature for {msiPath}."); } else { // Summarize the failure and then report additional details. Log?.LogMessage($"Failed to verify signature for {msiPath}. AuthentiCode signed: {isAuthentiCodeSigned}, Trusted organization: {isTrustedOrganization}."); IEnumerable <X509Certificate2> certificates = AuthentiCode.GetCertificates(msiPath); // Dump all the certificates if there are any. if (certificates.Any()) { Log?.LogMessage($"Certificate(s):"); foreach (X509Certificate2 certificate in certificates) { Log?.LogMessage($" Subject={certificate.Subject}"); Log?.LogMessage($" Issuer={certificate.Issuer}"); Log?.LogMessage($" Not before={certificate.NotBefore}"); Log?.LogMessage($" Not after={certificate.NotAfter}"); Log?.LogMessage($" Thumbprint={certificate.Thumbprint}"); Log?.LogMessage($" Algorithm={certificate.SignatureAlgorithm.FriendlyName}"); } } if (!isAuthentiCodeSigned) { // If it was a WinTrust failure, we can exit using that error code and include a proper message from the OS. ExitOnError(lastError, $"Failed to verify authenticode signature for {msiPath}."); } if (!isTrustedOrganization) { throw new SecurityException(string.Format(LocalizableStrings.AuthentiCodeNoTrustedOrg, msiPath)); } } } else { Log?.LogMessage($"Command is not signed, skipping signature verification for {msiPath}."); } }
public void GetCertificatesRetrievesNothingForUnsignedFiles() { var certificates = AuthentiCode.GetCertificates(Assembly.GetExecutingAssembly().Location); Assert.Empty(certificates); }
static MsiPackageCache() { s_IsDotNetSigned = AuthentiCode.IsSigned(Assembly.GetExecutingAssembly().Location); }
public void IsSignedByTrustedOrganizationOnlyVerifiesTheSubjectOrganization(string file) { Assert.True(AuthentiCode.IsSignedByTrustedOrganization(Path.Combine(s_testDataPath, file), AuthentiCode.TrustedOrganizations)); }