Class to verify a DSA signature
Exemple #1
0
        /// <summary>
        /// Called when the installer is downloaded
        /// </summary>
        /// <param name="sender">not used.</param>
        /// <param name="e">used to determine if the download was successful.</param>
        private void OnWebDownloadClientDownloadFileCompleted(object sender, AsyncCompletedEventArgs e)
        {
            if (e.Error != null)
            {
                UIFactory.ShowDownloadErrorMessage(e.Error.Message, _appCastUrl);
                ProgressWindow.ForceClose();
                return;
            }

            // test the item for DSA signature
            bool isDSAOk = false;
            if (!e.Cancelled && e.Error == null)
            {
                ReportDiagnosticMessage("Finished downloading file to: " + _downloadTempFileName);

                // report
                ReportDiagnosticMessage("Performing DSA check");

                // get the assembly
                if (File.Exists(_downloadTempFileName))
                {
                    // check if the file was downloaded successfully
                    String absolutePath = Path.GetFullPath(_downloadTempFileName);
                    if (!File.Exists(absolutePath))
                        throw new FileNotFoundException();

                    if (UserWindow.CurrentItem.DSASignature == null)
                    {
                        isDSAOk = true;// REVIEW. The correct logic, seems to me, is that if the existing, running version of the app
                                       //had no DSA, and the appcast didn't specify one, then it's ok that the one we've just 
                                       //downloaded doesn't either. This may be just checking that the appcast didn't specify one. Is 
                                        //that really enough? If someone can change what gets downloaded, can't they also change the appcast?
                    }
                    else
                    {
                        // get the assembly reference from which we start the update progress
                        // only from this trusted assembly the public key can be used
                        Assembly refassembly = Assembly.GetEntryAssembly();
                        if (refassembly != null)
                        {
                            // Check if we found the public key in our entry assembly
                            if (NetSparkleDSAVerificator.ExistsPublicKey("NetSparkle_DSA.pub"))
                            {
                                // check the DSA Code and modify the back color            
                                NetSparkleDSAVerificator dsaVerifier = new NetSparkleDSAVerificator("NetSparkle_DSA.pub");
                                isDSAOk = dsaVerifier.VerifyDSASignature(UserWindow.CurrentItem.DSASignature, _downloadTempFileName);
                            }
                        }
                    }
                }
            }

            if (EnableSilentMode)
            {
                OnProgressWindowInstallAndRelaunch(this, new EventArgs());
            }

            if (ProgressWindow != null)
            {
                ProgressWindow.ChangeDownloadState(isDSAOk);
            }
        }
        /// <summary>
        /// Called when the installer is downloaded
        /// </summary>
        /// <param name="sender">not used.</param>
        /// <param name="e">used to determine if the download was successful.</param>
        private void OnWebDownloadClientDownloadFileCompleted(object sender, AsyncCompletedEventArgs e)
        {
            if (e.Error != null)
            {
                UIFactory.ShowDownloadErrorMessage(e.Error.Message, _appCastUrl);
                ProgressWindow.ForceClose();
                return;
            }

            // test the item for DSA signature
            bool isDSAOk = false;

            if (!e.Cancelled && e.Error == null)
            {
                ReportDiagnosticMessage("Finished downloading file to: " + _downloadTempFileName);

                // report
                ReportDiagnosticMessage("Performing DSA check");

                // get the assembly
                if (File.Exists(_downloadTempFileName))
                {
                    // check if the file was downloaded successfully
                    String absolutePath = Path.GetFullPath(_downloadTempFileName);
                    if (!File.Exists(absolutePath))
                    {
                        throw new FileNotFoundException();
                    }

                    if (UserWindow.CurrentItem.DSASignature == null)
                    {
                        isDSAOk = true; // REVIEW. The correct logic, seems to me, is that if the existing, running version of the app
                                        //had no DSA, and the appcast didn't specify one, then it's ok that the one we've just
                                        //downloaded doesn't either. This may be just checking that the appcast didn't specify one. Is
                                        //that really enough? If someone can change what gets downloaded, can't they also change the appcast?
                    }
                    else
                    {
                        // get the assembly reference from which we start the update progress
                        // only from this trusted assembly the public key can be used
                        Assembly refassembly = Assembly.GetEntryAssembly();
                        if (refassembly != null)
                        {
                            // Check if we found the public key in our entry assembly
                            if (NetSparkleDSAVerificator.ExistsPublicKey("NetSparkle_DSA.pub"))
                            {
                                // check the DSA Code and modify the back color
                                NetSparkleDSAVerificator dsaVerifier = new NetSparkleDSAVerificator("NetSparkle_DSA.pub");
                                isDSAOk = dsaVerifier.VerifyDSASignature(UserWindow.CurrentItem.DSASignature, _downloadTempFileName);
                            }
                        }
                    }
                }
            }

            if (EnableSilentMode)
            {
                OnProgressWindowInstallAndRelaunch(this, new EventArgs());
            }

            if (ProgressWindow != null)
            {
                ProgressWindow.ChangeDownloadState(isDSAOk);
            }
        }
Exemple #3
0
        /// <summary>
        /// ctor which needs the appcast url and a referenceassembly
        /// </summary>        
        /// <param name="appcastUrl">the URL for the appcast file</param>
        /// <param name="applicationIcon">If you're invoking this from a form, this would be this.Icon</param>
        /// <param name="referenceAssembly">the name of the assembly to use for comparison</param>
        /// <param name="factory">UI factory to use</param>
        public Sparkle(String appcastUrl, Icon applicationIcon, SecurityMode securityMode, String dsaPublicKey, String referenceAssembly, INetSparkleUIFactory factory)
        {
            _applicationIcon = applicationIcon;

            ExtraJsonData = "";

            PrintDiagnosticToConsole = false;

            UIFactory = factory;

            // DSA Verificator
            DSAVerificator = new NetSparkleDSAVerificator(securityMode, dsaPublicKey);

            // Syncronisation Context
            _syncContext = SynchronizationContext.Current;
            if (_syncContext == null)
            {
                _syncContext = new SynchronizationContext();
            }

            // preconfige ssl trust
            TrustEverySSLConnection = false;

            // configure ssl cert link
            ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidation;

            // init UI
            UIFactory.Init();

            _appReferenceAssembly = null;            

            // set the reference assembly
            if (referenceAssembly != null)
            {
                _appReferenceAssembly = referenceAssembly;
                Debug.WriteLine("Checking the following file: " + _appReferenceAssembly);
            }

            // TODO: change BackgroundWorker to Task
            // adjust the delegates
            _taskWorker = new Task(() =>
            {
                OnWorkerDoWork(null, null);
            });
            _cancelTokenSource = new CancellationTokenSource();
            _cancelToken = _cancelTokenSource.Token;

            /*_worker = new BackgroundWorker {WorkerReportsProgress = true};
            _worker.DoWork += OnWorkerDoWork;
            _worker.ProgressChanged += OnWorkerProgressChanged;*/

            // build the wait handle
            _exitHandle = new EventWaitHandle(false, EventResetMode.AutoReset);
            _loopingHandle = new EventWaitHandle(false, EventResetMode.ManualReset);
            
            // set the url
            _appCastUrl = appcastUrl;
            Debug.WriteLine("Using the following url: " + _appCastUrl);
            RunningFromWPF = false;
        }