// throw cryptographic exception for any verification errors.
internal void Verify(CmiManifestVerifyFlags verifyFlags)
{
// Reset signer infos.
_strongNameSignerInfo = null;
_authenticodeSignerInfo = null;
XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlElement signatureNode = _manifestDom.SelectSingleNode("//ds:Signature", nsm) as XmlElement;
if (signatureNode == null)
{
throw new CryptographicException(Win32.TRUST_E_NOSIGNATURE);
}
// Make sure it is indeed SN signature, and it is an enveloped signature.
bool oldFormat = VerifySignatureForm(signatureNode, "StrongNameSignature", nsm);
// It is the DSig we want, now make sure the public key matches the token.
string publicKeyToken = VerifyPublicKeyToken();
// OK. We found the SN signature with matching public key token, so
// instantiate the SN signer info property.
_strongNameSignerInfo = new CmiStrongNameSignerInfo(Win32.TRUST_E_FAIL, publicKeyToken);
// Now verify the SN signature, and Authenticode license if available.
ManifestSignedXml2 signedXml = new ManifestSignedXml2(_manifestDom, true);
signedXml.LoadXml(signatureNode);
if (_useSha256)
{
signedXml.SignedInfo.SignatureMethod = Sha256SignatureMethodUri;
}
AsymmetricAlgorithm key = null;
bool dsigValid = signedXml.CheckSignatureReturningKey(out key);
_strongNameSignerInfo.PublicKey = key;
if (!dsigValid)
{
_strongNameSignerInfo.ErrorCode = Win32.TRUST_E_BAD_DIGEST;
throw new CryptographicException(Win32.TRUST_E_BAD_DIGEST);
}
// Verify license as well if requested.
if ((verifyFlags & CmiManifestVerifyFlags.StrongNameOnly) != CmiManifestVerifyFlags.StrongNameOnly)
{
if (_useSha256)
{
VerifyLicenseNew(verifyFlags, oldFormat);
}
else
{
VerifyLicense(verifyFlags, oldFormat);
}
}
}
