/// <summary>
        /// Verify.
        /// </summary>
        /// <param name="input">The input.</param>
        /// <param name="serial">The serial.</param>
        /// <returns></returns>
        public override bool Verify(Stream input, string serial = null)
        {
            if (input == null)
            {
                throw new ArgumentNullException("input");
            }
            using (var package = Package.Open(input, FileMode.Open, FileAccess.Read))
            {
                var mgr = new PackageDigitalSignatureManager(package)
                {
                    CertificateOption = CertificateEmbeddingOption.InSignaturePart
                };

                var result = false;
                foreach (var sig in mgr.Signatures)
                {
                    var verifyResult = mgr.VerifySignatures(true);
                    result = verifyResult == VerifyResult.Success;
                    if (result && !String.IsNullOrWhiteSpace(serial))
                    {
                        var actualSerial = new BigInteger(sig.Signer.GetSerialNumber());
                        var expectedSerial = CertUtil.HexadecimalStringToBigInt(serial);
                        result = actualSerial == expectedSerial;
                    }
                }
                package.Close();
                return result;
            }
        }
        private void SignAllParts(Package package)
        {
            if (package == null)
                throw new ArgumentNullException("SignAllParts(package)");

            // Create the DigitalSignature Manager
            PackageDigitalSignatureManager dsm =
                new PackageDigitalSignatureManager(package);
            dsm.CertificateOption =
                CertificateEmbeddingOption.InSignaturePart;

            // Create a list of all the part URIs in the package to sign
            // (GetParts() also includes PackageRelationship parts).
            System.Collections.Generic.List<Uri> toSign =
                new System.Collections.Generic.List<Uri>();
            foreach (PackagePart packagePart in package.GetParts())
            {
                // Add all package parts to the list for signing.
                toSign.Add(packagePart.Uri);
            }

            // Add the URI for SignatureOrigin PackageRelationship part.
            // The SignatureOrigin relationship is created when Sign() is called.
            // Signing the SignatureOrigin relationship disables counter-signatures.
            toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

            // Also sign the SignatureOrigin part.
            toSign.Add(dsm.SignatureOrigin);

            // Add the package relationship to the signature origin to be signed.
            toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

            // Sign() will prompt the user to select a Certificate to sign with.
            try
            {
                var sig = dsm.Sign(toSign);
                var result = dsm.VerifySignatures(false);

                if (result != VerifyResult.Success)
                {
                    MessageBox.Show(
                    $@"VerifyResult: {result}",
                    "Package NOT Signed",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Exclamation);
                }
                else
                {
                    MessageBox.Show(
                    $@"Signer: {sig.Signer.Issuer}
            SigningTime: {sig.SigningTime}",
                    "Package Signed",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Information);
                }
            }

            // If there are no certificates or the SmartCard manager is
            // not running, catch the exception and show an error message.
            catch (CryptographicException ex)
            {
                MessageBox.Show(
                    "Cannot Sign\n" + ex.Message,
                    "No Digital Certificates Available",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Error);
            }
        }
Exemple #3
0
        /// <summary>
        /// Main signing process
        /// </summary>
        /// <param name="package"></param>
        /// <returns></returns>
        private bool SignAllParts(Package package)
        {
            if (package == null)
                throw new ArgumentNullException("SignAllParts(package)");

            // Create the DigitalSignature Manager
            PackageDigitalSignatureManager dsm =
                new PackageDigitalSignatureManager(package);
            dsm.CertificateOption =
                CertificateEmbeddingOption.InSignaturePart;

            // Create a list of all the part URIs in the package to sign
            // (GetParts() also includes PackageRelationship parts).
            System.Collections.Generic.List<Uri> toSign =
                new System.Collections.Generic.List<Uri>();
            foreach (PackagePart packagePart in package.GetParts())
            {
                // Add all package parts to the list for signing.
                toSign.Add(packagePart.Uri);
            }

            // Add the URI for SignatureOrigin PackageRelationship part.
            // The SignatureOrigin relationship is created when Sign() is called.
            // Signing the SignatureOrigin relationship disables counter-signatures.
            toSign.Add(PackUriHelper.GetRelationshipPartUri(dsm.SignatureOrigin));

            // Also sign the SignatureOrigin part.
            toSign.Add(dsm.SignatureOrigin);

            // Add the package relationship to the signature origin to be signed.
            toSign.Add(PackUriHelper.GetRelationshipPartUri(new Uri("/", UriKind.RelativeOrAbsolute)));

            // Sign() will prompt the user to select a Certificate to sign with.
            try
            {
                var cert = new X509Certificate2(this.CertificatePath, (String.IsNullOrEmpty(this.CertificatePassword) ? null : this.CertificatePassword));
                dsm.Sign(toSign, cert);
            }

            // If there are no certificates or the SmartCard manager is
            // not running, catch the exception and show an error message.
            catch (CryptographicException ex)
            {
                Console.WriteLine(
                    "Cannot Sign: {0}", ex.Message);
            }

            return dsm.IsSigned && dsm.VerifySignatures(true) == VerifyResult.Success;
        }
Exemple #4
0
        // ------------------------ ValidateSignatures ------------------------
        /// <summary>
        ///   Validates all the digital signatures of a given package.</summary>
        /// <param name="package">
        ///   The package for validating digital signatures.</param>
        /// <returns>
        ///   true if all digital signatures are valid; otherwise false if the
        ///   package is unsigned or any of the signatures are invalid.</returns>
        private static bool ValidateSignatures(Package package)
        {
            if (package == null)
                throw new ArgumentNullException("ValidateSignatures(package)");

            // Create a PackageDigitalSignatureManager for the given Package.
            PackageDigitalSignatureManager dsm =
                new PackageDigitalSignatureManager(package);

            // Check to see if the package contains any signatures.
            if (!dsm.IsSigned)
            {
                MessageBox.Show("The package is not signed");
                return false;
            }

            // Verify that all signatures are valid.
            VerifyResult result = dsm.VerifySignatures(false);
            if (result != VerifyResult.Success)
            {
                MessageBox.Show("One or more digital signatures are invalid.");
                return false;
            }

            // else if (result == VerifyResult.Success)
            return true;        // All signatures are valid.
        }