// in case we just want to timestamp the file
public bool Timestamp(string fileName)
{
try
{
AuthenticodeDeformatter def = new AuthenticodeDeformatter(fileName);
byte[] signature = def.Signature;
if (signature != null)
{
Open(fileName);
PKCS7.ContentInfo ci = new PKCS7.ContentInfo(signature);
pkcs7 = new PKCS7.SignedData(ci.Content);
byte[] response = Timestamp(pkcs7.SignerInfo.Signature);
ASN1 ts = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(response)));
// insert new certificates and countersignature into the original signature
ASN1 asn = new ASN1(signature);
ASN1 content = asn.Element(1, 0xA0);
if (content == null)
{
return(false);
}
ASN1 signedData = content.Element(0, 0x30);
if (signedData == null)
{
return(false);
}
// add the supplied certificates inside our signature
ASN1 certificates = signedData.Element(3, 0xA0);
if (certificates == null)
{
certificates = new ASN1(0xA0);
signedData.Add(certificates);
}
for (int i = 0; i < ts[1][0][3].Count; i++)
{
certificates.Add(ts[1][0][3][i]);
}
// add an unauthentified attribute to our signature
ASN1 signerInfoSet = signedData[signedData.Count - 1];
ASN1 signerInfo = signerInfoSet[0];
ASN1 unauthenticated = signerInfo[signerInfo.Count - 1];
if (unauthenticated.Tag != 0xA1)
{
unauthenticated = new ASN1(0xA1);
signerInfo.Add(unauthenticated);
}
unauthenticated.Add(Attribute(countersignature, ts[1][0][4][0]));
return(Save(fileName, asn.GetBytes()));
}
}
catch (Exception e)
{
Console.WriteLine(e);
}
return(false);
}
public AuthenticodeFormatter()
{
this.certs = new X509CertificateCollection();
this.crls = new ArrayList();
this.authority = Authority.Maximum;
this.pkcs7 = new PKCS7.SignedData();
}
public AuthenticodeFormatter() : base()
{
certs = new X509CertificateCollection();
crls = new ArrayList();
authority = Authority.Maximum;
pkcs7 = new PKCS7.SignedData();
}
private bool CheckSignature(string fileName)
{
this.filename = fileName;
base.Open(this.filename);
this.entry = base.GetSecurityEntry();
if (this.entry == null)
{
this.reason = 1;
base.Close();
return(false);
}
PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(this.entry);
if (contentInfo.ContentType != "1.2.840.113549.1.7.2")
{
base.Close();
return(false);
}
PKCS7.SignedData signedData = new PKCS7.SignedData(contentInfo.Content);
if (signedData.ContentInfo.ContentType != "1.3.6.1.4.1.311.2.1.4")
{
base.Close();
return(false);
}
this.coll = signedData.Certificates;
ASN1 content = signedData.ContentInfo.Content;
this.signedHash = content[0][1][1];
int length = this.signedHash.Length;
HashAlgorithm hashAlgorithm;
if (length != 16)
{
if (length != 20)
{
this.reason = 5;
base.Close();
return(false);
}
hashAlgorithm = HashAlgorithm.Create("SHA1");
this.hash = base.GetHash(hashAlgorithm);
}
else
{
hashAlgorithm = HashAlgorithm.Create("MD5");
this.hash = base.GetHash(hashAlgorithm);
}
base.Close();
if (!this.signedHash.CompareValue(this.hash))
{
this.reason = 2;
}
byte[] value = content[0].Value;
hashAlgorithm.Initialize();
byte[] calculatedMessageDigest = hashAlgorithm.ComputeHash(value);
bool flag = this.VerifySignature(signedData, calculatedMessageDigest, hashAlgorithm);
return(flag && this.reason == 0);
}
private bool CheckSignature(string fileName)
{
filename = fileName;
Open(filename);
entry = GetSecurityEntry();
if (entry == null)
{
reason = 1;
Close();
return(false);
}
PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(entry);
if (contentInfo.ContentType != "1.2.840.113549.1.7.2")
{
Close();
return(false);
}
PKCS7.SignedData signedData = new PKCS7.SignedData(contentInfo.Content);
if (signedData.ContentInfo.ContentType != "1.3.6.1.4.1.311.2.1.4")
{
Close();
return(false);
}
coll = signedData.Certificates;
ASN1 content = signedData.ContentInfo.Content;
signedHash = content[0][1][1];
HashAlgorithm hashAlgorithm = null;
switch (signedHash.Length)
{
case 16:
hashAlgorithm = HashAlgorithm.Create("MD5");
hash = GetHash(hashAlgorithm);
break;
case 20:
hashAlgorithm = HashAlgorithm.Create("SHA1");
hash = GetHash(hashAlgorithm);
break;
default:
reason = 5;
Close();
return(false);
}
Close();
if (!signedHash.CompareValue(hash))
{
reason = 2;
}
byte[] value = content[0].Value;
hashAlgorithm.Initialize();
byte[] calculatedMessageDigest = hashAlgorithm.ComputeHash(value);
return(VerifySignature(signedData, calculatedMessageDigest, hashAlgorithm) && reason == 0);
}
public bool Timestamp(string fileName)
{
try
{
AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName);
byte[] signature = authenticodeDeformatter.Signature;
if (signature != null)
{
base.Open(fileName);
PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature);
this.pkcs7 = new PKCS7.SignedData(contentInfo.Content);
byte[] bytes = this.Timestamp(this.pkcs7.SignerInfo.Signature);
ASN1 asn = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes)));
ASN1 asn2 = new ASN1(signature);
ASN1 asn3 = asn2.Element(1, 160);
if (asn3 == null)
{
return(false);
}
ASN1 asn4 = asn3.Element(0, 48);
if (asn4 == null)
{
return(false);
}
ASN1 asn5 = asn4.Element(3, 160);
if (asn5 == null)
{
asn5 = new ASN1(160);
asn4.Add(asn5);
}
for (int i = 0; i < asn[1][0][3].Count; i++)
{
asn5.Add(asn[1][0][3][i]);
}
ASN1 asn6 = asn4[asn4.Count - 1];
ASN1 asn7 = asn6[0];
ASN1 asn8 = asn7[asn7.Count - 1];
if (asn8.Tag != 161)
{
asn8 = new ASN1(161);
asn7.Add(asn8);
}
asn8.Add(this.Attribute("1.2.840.113549.1.9.6", asn[1][0][4][0]));
return(this.Save(fileName, asn2.GetBytes()));
}
}
catch (Exception value)
{
Console.WriteLine(value);
}
return(false);
}
public bool Timestamp(string fileName)
{
try
{
AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName);
byte[] signature = authenticodeDeformatter.Signature;
if (signature != null)
{
Open(fileName);
PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature);
pkcs7 = new PKCS7.SignedData(contentInfo.Content);
byte[] bytes = Timestamp(pkcs7.SignerInfo.Signature);
ASN1 aSN = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes)));
ASN1 aSN2 = new ASN1(signature);
ASN1 aSN3 = aSN2.Element(1, 160);
if (aSN3 == null)
{
return(false);
}
ASN1 aSN4 = aSN3.Element(0, 48);
if (aSN4 == null)
{
return(false);
}
ASN1 aSN5 = aSN4.Element(3, 160);
if (aSN5 == null)
{
aSN5 = new ASN1(160);
aSN4.Add(aSN5);
}
for (int i = 0; i < aSN[1][0][3].Count; i++)
{
aSN5.Add(aSN[1][0][3][i]);
}
ASN1 aSN6 = aSN4[aSN4.Count - 1];
ASN1 aSN7 = aSN6[0];
ASN1 aSN8 = aSN7[aSN7.Count - 1];
if (aSN8.Tag != 161)
{
aSN8 = new ASN1(161);
aSN7.Add(aSN8);
}
aSN8.Add(Attribute("1.2.840.113549.1.9.6", aSN[1][0][4][0]));
return(Save(fileName, aSN2.GetBytes()));
}
}
catch (Exception value)
{
Console.WriteLine(value);
}
return(false);
}
public SoftwarePublisherCertificate(byte[] data) : this()
{
if (data == null)
{
throw new ArgumentNullException("data");
}
PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(data);
if (contentInfo.ContentType != "1.2.840.113549.1.7.2")
{
throw new ArgumentException(Locale.GetText("Unsupported ContentType"));
}
this.pkcs7 = new PKCS7.SignedData(contentInfo.Content);
}
public SoftwarePublisherCertificate(byte[] data)
: this()
{
if (data == null)
throw new ArgumentNullException ("data");
PKCS7.ContentInfo ci = new PKCS7.ContentInfo (data);
if (ci.ContentType != PKCS7.Oid.signedData) {
throw new ArgumentException (
Locale.GetText ("Unsupported ContentType"));
}
pkcs7 = new PKCS7.SignedData (ci.Content);
}
public SoftwarePublisherCertificate(byte[] data) : this()
{
if (data == null)
{
throw new ArgumentNullException("data");
}
PKCS7.ContentInfo ci = new PKCS7.ContentInfo(data);
if (ci.ContentType != PKCS7.Oid.signedData)
{
throw new ArgumentException("Invalid signed data");
}
pkcs7 = new PKCS7.SignedData(ci.Content);
}
public void Unsorted()
{
ASN1 dt = ASN1Convert.FromDateTime(DateTime.UtcNow);
ASN1 st = PKCS7.Attribute(PKCS7.Oid.signingTime, dt);
PKCS7.SignedData sd = new PKCS7.SignedData();
sd.ContentInfo.ContentType = PKCS7.Oid.data;
sd.ContentInfo.Content.Add(new ASN1(0x04, Encoding.UTF8.GetBytes("Mono")));
sd.SignerInfo.AuthenticatedAttributes.Add(st);
sd.SignerInfo.Key = key;
// note: key and cert and unrelated - this is just for testing
sd.SignerInfo.Certificate = new X509Certificate(cert);
sd.HashName = "SHA1";
// this trigger the addition of two new AA
byte[] result = sd.GetBytes();
Assert.AreEqual(3, sd.SignerInfo.AuthenticatedAttributes.Count, "aa-Count");
// verify that attributes are sorted (as they are stored in a SET)
Assert.AreEqual(24, (sd.SignerInfo.AuthenticatedAttributes [0] as ASN1).Length, "0");
Assert.AreEqual(28, (sd.SignerInfo.AuthenticatedAttributes [1] as ASN1).Length, "1");
Assert.AreEqual(35, (sd.SignerInfo.AuthenticatedAttributes [2] as ASN1).Length, "2");
}
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string str = null;
ASN1 asn = null;
string str3;
Dictionary <string, int> dictionary;
for (int i = 0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 asn2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i];
str3 = ASN1Convert.ToOid(asn2[0]);
if (str3 != null)
{
if (__f__switch_map1 == null)
{
dictionary = new Dictionary <string, int>(4)
{
{
"1.2.840.113549.1.9.3",
0
},
{
"1.2.840.113549.1.9.4",
1
},
{
"1.3.6.1.4.1.311.2.1.11",
2
},
{
"1.3.6.1.4.1.311.2.1.12",
3
}
};
__f__switch_map1 = dictionary;
}
if (__f__switch_map1.TryGetValue(str3, out int num2))
{
switch (num2)
{
case 0:
str = ASN1Convert.ToOid(asn2[1][0]);
break;
case 1:
asn = asn2[1][0];
break;
}
}
}
}
if (str != "1.3.6.1.4.1.311.2.1.4")
{
return(false);
}
if (asn == null)
{
return(false);
}
if (!asn.CompareValue(calculatedMessageDigest))
{
return(false);
}
string str4 = CryptoConfig.MapNameToOID(ha.ToString());
ASN1 asn3 = new ASN1(0x31);
IEnumerator enumerator = sd.SignerInfo.AuthenticatedAttributes.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
ASN1 current = (ASN1)enumerator.Current;
asn3.Add(current);
}
}
finally
{
if (enumerator is IDisposable disposable)
{
disposable.Dispose();
}
}
ha.Initialize();
byte[] rgbHash = ha.ComputeHash(asn3.GetBytes());
byte[] signature = sd.SignerInfo.Signature;
string issuerName = sd.SignerInfo.IssuerName;
byte[] serialNumber = sd.SignerInfo.SerialNumber;
X509CertificateCollection.X509CertificateEnumerator enumerator2 = this.coll.GetEnumerator();
try
{
while (enumerator2.MoveNext())
{
X509Certificate current = enumerator2.Current;
if (this.CompareIssuerSerial(issuerName, serialNumber, current) &&
(current.PublicKey.Length > (signature.Length >> 3)))
{
this.signingCertificate = current;
RSACryptoServiceProvider rSA = (RSACryptoServiceProvider)current.RSA;
if (rSA.VerifyHash(rgbHash, str4, signature))
{
this.signerChain.LoadCertificates(this.coll);
this.trustedRoot = this.signerChain.Build(current);
goto Label_0295;
}
}
}
}
finally
{
if (enumerator2 is IDisposable disposable2)
{
disposable2.Dispose();
}
}
Label_0295:
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
this.trustedTimestampRoot = true;
}
else
{
for (int j = 0; j < sd.SignerInfo.UnauthenticatedAttributes.Count; j++)
{
ASN1 asn5 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j];
str3 = ASN1Convert.ToOid(asn5[0]);
if (str3 != null)
{
if (__f__switch_map2 == null)
{
dictionary = new Dictionary <string, int>(1)
{
{
"1.2.840.113549.1.9.6",
0
}
};
__f__switch_map2 = dictionary;
}
if (__f__switch_map2.TryGetValue(str3, out int num2) && (num2 == 0))
{
PKCS7.SignerInfo cs = new PKCS7.SignerInfo(asn5[1]);
this.trustedTimestampRoot = this.VerifyCounterSignature(cs, signature);
}
}
}
}
return(this.trustedRoot && this.trustedTimestampRoot);
}
public SoftwarePublisherCertificate()
{
this.pkcs7 = new PKCS7.SignedData();
this.pkcs7.ContentInfo.ContentType = "1.2.840.113549.1.7.1";
}
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string a = null;
ASN1 asn = null;
int i = 0;
while (i < sd.SignerInfo.AuthenticatedAttributes.Count)
{
ASN1 asn2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i];
string text = ASN1Convert.ToOid(asn2[0]);
string text2 = text;
switch (text2)
{
case "1.2.840.113549.1.9.3":
a = ASN1Convert.ToOid(asn2[1][0]);
break;
case "1.2.840.113549.1.9.4":
asn = asn2[1][0];
break;
}
IL_F1:
i++;
continue;
goto IL_F1;
}
if (a != "1.3.6.1.4.1.311.2.1.4")
{
return(false);
}
if (asn == null)
{
return(false);
}
if (!asn.CompareValue(calculatedMessageDigest))
{
return(false);
}
string str = CryptoConfig.MapNameToOID(ha.ToString());
ASN1 asn3 = new ASN1(49);
foreach (object obj in sd.SignerInfo.AuthenticatedAttributes)
{
ASN1 asn4 = (ASN1)obj;
asn3.Add(asn4);
}
ha.Initialize();
byte[] rgbHash = ha.ComputeHash(asn3.GetBytes());
byte[] signature = sd.SignerInfo.Signature;
string issuerName = sd.SignerInfo.IssuerName;
byte[] serialNumber = sd.SignerInfo.SerialNumber;
foreach (X509Certificate x509Certificate in this.coll)
{
if (this.CompareIssuerSerial(issuerName, serialNumber, x509Certificate) && x509Certificate.PublicKey.Length > signature.Length >> 3)
{
this.signingCertificate = x509Certificate;
RSACryptoServiceProvider rsacryptoServiceProvider = (RSACryptoServiceProvider)x509Certificate.RSA;
if (rsacryptoServiceProvider.VerifyHash(rgbHash, str, signature))
{
this.signerChain.LoadCertificates(this.coll);
this.trustedRoot = this.signerChain.Build(x509Certificate);
break;
}
}
}
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
this.trustedTimestampRoot = true;
}
else
{
int j = 0;
while (j < sd.SignerInfo.UnauthenticatedAttributes.Count)
{
ASN1 asn5 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j];
string text3 = ASN1Convert.ToOid(asn5[0]);
string text2 = text3;
if (text2 != null)
{
if (AuthenticodeDeformatter.< > f__switch$map2 == null)
{
AuthenticodeDeformatter.< > f__switch$map2 = new Dictionary <string, int>(1)
{
{
"1.2.840.113549.1.9.6",
0
}
};
}
int num;
if (AuthenticodeDeformatter.< > f__switch$map2.TryGetValue(text2, out num))
{
if (num == 0)
{
PKCS7.SignerInfo cs = new PKCS7.SignerInfo(asn5[1]);
this.trustedTimestampRoot = this.VerifyCounterSignature(cs, signature);
}
}
}
IL_35D:
j++;
continue;
goto IL_35D;
}
}
return(this.trustedRoot && this.trustedTimestampRoot);
}
public void Decode(byte[] encodedMessage)
{
PKCS7.ContentInfo ci = new PKCS7.ContentInfo(encodedMessage);
if (ci.ContentType != PKCS7.Oid.signedData)
{
throw new Exception("");
}
PKCS7.SignedData sd = new PKCS7.SignedData(ci.Content);
SubjectIdentifierType type = SubjectIdentifierType.Unknown;
object o = null;
X509Certificate2 x509 = null;
if (sd.SignerInfo.Certificate != null)
{
x509 = new X509Certificate2(sd.SignerInfo.Certificate.RawData);
}
else if ((sd.SignerInfo.IssuerName != null) && (sd.SignerInfo.SerialNumber != null))
{
byte[] serial = sd.SignerInfo.SerialNumber;
Array.Reverse(serial); // ???
type = SubjectIdentifierType.IssuerAndSerialNumber;
X509IssuerSerial xis = new X509IssuerSerial();
xis.IssuerName = sd.SignerInfo.IssuerName;
xis.SerialNumber = ToString(serial, true);
o = xis;
// TODO: move to a FindCertificate (issuer, serial, collection)
foreach (Mono.Security.X509.X509Certificate x in sd.Certificates)
{
if (x.IssuerName == sd.SignerInfo.IssuerName)
{
if (ToString(x.SerialNumber, true) == xis.SerialNumber)
{
x509 = new X509Certificate2(x.RawData);
break;
}
}
}
}
else if (sd.SignerInfo.SubjectKeyIdentifier != null)
{
string ski = ToString(sd.SignerInfo.SubjectKeyIdentifier, false);
type = SubjectIdentifierType.SubjectKeyIdentifier;
o = (object)ski;
// TODO: move to a FindCertificate (ski, collection)
foreach (Mono.Security.X509.X509Certificate x in sd.Certificates)
{
if (ToString(GetKeyIdentifier(x), false) == ski)
{
x509 = new X509Certificate2(x.RawData);
break;
}
}
}
SignerInfo si = new SignerInfo(sd.SignerInfo.HashName, x509, type, o, sd.SignerInfo.Version);
// si.AuthenticatedAttributes
// si.UnauthenticatedAttributes
_info.Add(si);
ASN1 content = sd.ContentInfo.Content;
Oid oid = new Oid(sd.ContentInfo.ContentType);
if (!_detached || _content == null)
{
if (content[0] == null)
{
throw new ArgumentException("ContentInfo has no content. Detached signature ?");
}
_content = new ContentInfo(oid, content[0].Value);
}
foreach (Mono.Security.X509.X509Certificate x in sd.Certificates)
{
_certs.Add(new X509Certificate2(x.RawData));
}
_version = sd.Version;
}
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string a = null;
ASN1 aSN = null;
for (int i = 0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 aSN2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i];
switch (ASN1Convert.ToOid(aSN2[0]))
{
case "1.2.840.113549.1.9.3":
a = ASN1Convert.ToOid(aSN2[1][0]);
break;
case "1.2.840.113549.1.9.4":
aSN = aSN2[1][0];
break;
}
}
if (a != "1.3.6.1.4.1.311.2.1.4")
{
return(false);
}
if (aSN == null)
{
return(false);
}
if (!aSN.CompareValue(calculatedMessageDigest))
{
return(false);
}
string str = CryptoConfig.MapNameToOID(ha.ToString());
ASN1 aSN3 = new ASN1(49);
foreach (ASN1 authenticatedAttribute in sd.SignerInfo.AuthenticatedAttributes)
{
aSN3.Add(authenticatedAttribute);
}
ha.Initialize();
byte[] rgbHash = ha.ComputeHash(aSN3.GetBytes());
byte[] signature = sd.SignerInfo.Signature;
string issuerName = sd.SignerInfo.IssuerName;
byte[] serialNumber = sd.SignerInfo.SerialNumber;
foreach (X509Certificate item in coll)
{
if (CompareIssuerSerial(issuerName, serialNumber, item) && item.PublicKey.Length > signature.Length >> 3)
{
signingCertificate = item;
RSACryptoServiceProvider rSACryptoServiceProvider = (RSACryptoServiceProvider)item.RSA;
if (rSACryptoServiceProvider.VerifyHash(rgbHash, str, signature))
{
signerChain.LoadCertificates(coll);
trustedRoot = signerChain.Build(item);
break;
}
}
}
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
trustedTimestampRoot = true;
}
else
{
for (int j = 0; j < sd.SignerInfo.UnauthenticatedAttributes.Count; j++)
{
ASN1 aSN4 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j];
switch (ASN1Convert.ToOid(aSN4[0]))
{
case "1.2.840.113549.1.9.6":
{
PKCS7.SignerInfo cs = new PKCS7.SignerInfo(aSN4[1]);
trustedTimestampRoot = VerifyCounterSignature(cs, signature);
break;
}
}
}
}
return(trustedRoot && trustedTimestampRoot);
}
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName)
private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string contentType = null;
ASN1 messageDigest = null;
// string spcStatementType = null;
// string spcSpOpusInfo = null;
for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.3.6.1.4.1.311.2.1.11":
// spcStatementType (Microsoft code signing)
// possible values
// - individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
// - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
// spcStatementType = ASN1Convert.ToOid (attr[1][0][0]);
break;
case "1.3.6.1.4.1.311.2.1.12":
// spcSpOpusInfo (Microsoft code signing)
/* try {
spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value);
}
catch (NullReferenceException) {
spcSpOpusInfo = null;
}*/
break;
default:
break;
}
}
if (contentType != spcIndirectDataContext)
return false;
// verify message digest
if (messageDigest == null)
return false;
if (!messageDigest.CompareValue (calculatedMessageDigest))
return false;
// verify signature
string hashOID = CryptoConfig.MapNameToOID (ha.ToString ());
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes)
aa.Add (a);
ha.Initialize ();
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
byte[] signature = sd.SignerInfo.Signature;
// we need to find the specified certificate
string issuer = sd.SignerInfo.IssuerName;
byte[] serial = sd.SignerInfo.SerialNumber;
foreach (X509Certificate x509 in coll)
{
if (CompareIssuerSerial (issuer, serial, x509))
{
// don't verify is key size don't match
if (x509.PublicKey.Length > (signature.Length >> 3))
{
// return the signing certificate even if the signature isn't correct
// (required behaviour for 2.0 support)
signingCertificate = x509;
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
if (rsa.VerifyHash (p7hash, hashOID, signature))
{
signerChain.LoadCertificates (coll);
trustedRoot = signerChain.Build (x509);
break;
}
}
}
}
// timestamp signature is optional
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
trustedTimestampRoot = true;
}
else
{
for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++)
{
ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case PKCS7.Oid.countersignature:
// SEQUENCE {
// OBJECT IDENTIFIER
// countersignature (1 2 840 113549 1 9 6)
// SET {
PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]);
trustedTimestampRoot = VerifyCounterSignature (cs, signature);
break;
default:
// we don't support other unauthenticated attributes
break;
}
}
}
return (trustedRoot && trustedTimestampRoot);
}
private bool CheckSignature (string fileName)
{
filename = fileName;
Open (filename);
entry = GetSecurityEntry ();
if (entry == null)
{
// no signature is present
reason = 1;
Close ();
return false;
}
PKCS7.ContentInfo ci = new PKCS7.ContentInfo (entry);
if (ci.ContentType != PKCS7.Oid.signedData)
{
Close ();
return false;
}
PKCS7.SignedData sd = new PKCS7.SignedData (ci.Content);
if (sd.ContentInfo.ContentType != spcIndirectDataContext)
{
Close ();
return false;
}
coll = sd.Certificates;
ASN1 spc = sd.ContentInfo.Content;
signedHash = spc [0][1][1];
HashAlgorithm ha = null;
switch (signedHash.Length)
{
case 16:
ha = HashAlgorithm.Create ("MD5");
hash = GetHash (ha);
break;
case 20:
ha = HashAlgorithm.Create ("SHA1");
hash = GetHash (ha);
break;
default:
reason = 5;
Close ();
return false;
}
Close ();
if (!signedHash.CompareValue (hash))
{
reason = 2;
}
// messageDigest is a hash of spcIndirectDataContext (which includes the file hash)
byte[] spcIDC = spc [0].Value;
ha.Initialize (); // re-using hash instance
byte[] messageDigest = ha.ComputeHash (spcIDC);
bool sign = VerifySignature (sd, messageDigest, ha);
return (sign && (reason == 0));
}
private bool CheckSignature(string fileName)
{
this.filename = fileName;
base.Open(this.filename);
this.entry = base.GetSecurityEntry();
if (this.entry == null)
{
this.reason = 1;
base.Close();
return(false);
}
PKCS7.ContentInfo info = new PKCS7.ContentInfo(this.entry);
if (info.ContentType != "1.2.840.113549.1.7.2")
{
base.Close();
return(false);
}
PKCS7.SignedData sd = new PKCS7.SignedData(info.Content);
if (sd.ContentInfo.ContentType != "1.3.6.1.4.1.311.2.1.4")
{
base.Close();
return(false);
}
this.coll = sd.Certificates;
ASN1 content = sd.ContentInfo.Content;
this.signedHash = content[0][1][1];
HashAlgorithm hash = null;
switch (this.signedHash.Length)
{
case 0x10:
hash = HashAlgorithm.Create("MD5");
this.hash = base.GetHash(hash);
break;
case 20:
hash = HashAlgorithm.Create("SHA1");
this.hash = base.GetHash(hash);
break;
default:
this.reason = 5;
base.Close();
return(false);
}
base.Close();
if (!this.signedHash.CompareValue(this.hash))
{
this.reason = 2;
}
byte[] buffer = content[0].Value;
hash.Initialize();
byte[] calculatedMessageDigest = hash.ComputeHash(buffer);
return(this.VerifySignature(sd, calculatedMessageDigest, hash) && (this.reason == 0));
}
public SoftwarePublisherCertificate()
{
pkcs7 = new PKCS7.SignedData();
pkcs7.ContentInfo.ContentType = PKCS7.Oid.data;
}
private bool CheckSignature (string fileName)
{
filename = fileName;
Open (filename);
entry = GetSecurityEntry ();
if (entry == null) {
// no signature is present
reason = 1;
Close ();
return false;
}
PKCS7.ContentInfo ci = new PKCS7.ContentInfo (entry);
if (ci.ContentType != PKCS7.Oid.signedData) {
Close ();
return false;
}
PKCS7.SignedData sd = new PKCS7.SignedData (ci.Content);
if (sd.ContentInfo.ContentType != spcIndirectDataContext) {
Close ();
return false;
}
coll = sd.Certificates;
ASN1 spc = sd.ContentInfo.Content;
signedHash = spc [0][1][1];
HashAlgorithm ha = null;
switch (signedHash.Length) {
case 16:
ha = HashAlgorithm.Create ("MD5");
hash = GetHash (ha);
break;
case 20:
ha = HashAlgorithm.Create ("SHA1");
hash = GetHash (ha);
break;
default:
reason = 5;
Close ();
return false;
}
Close ();
if (!signedHash.CompareValue (hash)) {
reason = 2;
}
// messageDigest is a hash of spcIndirectDataContext (which includes the file hash)
byte[] spcIDC = spc [0].Value;
ha.Initialize (); // re-using hash instance
byte[] messageDigest = ha.ComputeHash (spcIDC);
bool sign = VerifySignature (sd, messageDigest, ha);
return (sign && (reason == 0));
}
