/// <summary>
/// Tests a Digital Signature from a package
/// </summary>
/// <returns>Digital signatures list</returns>
public static Collection <string> GetList(OpenXmlPowerToolsDocument doc)
{
using (OpenXmlMemoryStreamDocument streamDoc = new OpenXmlMemoryStreamDocument(doc))
{
// Creates the PackageDigitalSignatureManager
PackageDigitalSignatureManager digitalSignatureManager = new PackageDigitalSignatureManager(streamDoc.GetPackage());
// Verifies the collection of certificates in the package
Collection <string> digitalSignatureDescriptions = new Collection <string>();
ReadOnlyCollection <PackageDigitalSignature> digitalSignatures = digitalSignatureManager.Signatures;
if (digitalSignatures.Count > 0)
{
foreach (PackageDigitalSignature signature in digitalSignatures)
{
if (PackageDigitalSignatureManager.VerifyCertificate(signature.Signer) != X509ChainStatusFlags.NoError)
{
digitalSignatureDescriptions.Add(string.Format(System.Globalization.CultureInfo.InvariantCulture, "Signature: {0} ({1})", signature.Signer.Subject, PackageDigitalSignatureManager.VerifyCertificate(signature.Signer)));
}
else
{
digitalSignatureDescriptions.Add("Signature: " + signature.Signer.Subject);
}
}
}
else
{
digitalSignatureDescriptions.Add("No digital signatures found");
}
return(digitalSignatureDescriptions);
}
}
private static bool VerifyCertificate(X509Certificate cert)
{
var status = PackageDigitalSignatureManager.VerifyCertificate(cert);
AppHealth.Current.Verbose.TrackAsync(string.Format(StringRes.TemplatePackageVerifyCertificateMessage, cert.Subject, status.ToString())).FireAndForget();
return(status == X509ChainStatusFlags.NoError);
}
private static bool VerifyCertificate(X509Certificate cert)
{
var status = PackageDigitalSignatureManager.VerifyCertificate(cert);
AppHealth.Current.Verbose.TrackAsync($"Certificate '{cert.Subject}' verification finished with status '{status.ToString()}'").FireAndForget();
return(status == X509ChainStatusFlags.NoError);
}
public static Package Verify(this Package package)
{
if (!IsSigned(package))
{
return(package);
}
// Create the PackageDigitalSignatureManager
var dsm = new PackageDigitalSignatureManager(package)
{
HashAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
};
// Verify the collection of certificates in the package (one, in this case)
foreach (PackageDigitalSignature signature in dsm.Signatures)
{
var x = PackageDigitalSignatureManager.VerifyCertificate(signature.Signer);
if (x == X509ChainStatusFlags.NoError)
{
continue;
}
// If the certificate has expired, but signature is created while the certificate was valid, we accept it
else if (x == X509ChainStatusFlags.NotTimeValid)
{
var signer = signature.Signer as X509Certificate2;
if (signer != null &&
signature.SigningTime >= signer.NotBefore &&
signature.SigningTime <= signer.NotAfter)
{
continue;
}
}
throw new Exception(string.Format("Certificate validation failed : {0}", x));
}
// If all certificates are valid, verify all signatures in the package.
VerifyResult vResult = dsm.VerifySignatures(false);
//Retrieve innerPackage/originalPackage
var innerPackageName = GetInnerPackageName();
var uriString = "/" + innerPackageName + ".pgx";
var packagePart = package.GetPart(new Uri(uriString, UriKind.Relative));
var stream = packagePart.GetStream();
var originalPackage = Package.Open(stream);
return(originalPackage);
}
/// <summary>
/// Checks the signatures in the package
/// </summary>
/// <param name="packagePath"></param>
/// <param name="certificatesStatus">Status of the certificate (dictionary with the subject and
/// verification status of the certificates) </param>
/// <returns></returns>
private static VerifyResult VerifySignatures(
string packagePath, out Dictionary <string, X509ChainStatusFlags> certificatesStatus)
{
VerifyResult vResult;
certificatesStatus = new Dictionary <string, X509ChainStatusFlags>();
using (Package package = Package.Open(packagePath, FileMode.Open, FileAccess.Read))
{
PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package);
// Verify the collection of certificates in the package
foreach (PackageDigitalSignature signature in dsm.Signatures)
{
certificatesStatus.Add(
signature.Signer.Subject, PackageDigitalSignatureManager.VerifyCertificate(signature.Signer));
}
// For this example, if all certificates are valid, verify all signatures in the package.
vResult = dsm.VerifySignatures(false);
}
return(vResult);
}
VerifyCertificate(X509Certificate certificate)
{
return(PackageDigitalSignatureManager.VerifyCertificate(certificate));
}
public static List <(X509Certificate2 cert, string pin, X509ChainStatusFlags status)> GetCertsInfo(string signedPackageFilename)
{
using (Package package = Package.Open(signedPackageFilename, FileMode.Open, FileAccess.Read, FileShare.Read))
{
var res = new List <(X509Certificate2 cert, string pin, X509ChainStatusFlags status)>();
var dsm = new PackageDigitalSignatureManager(package);
var certs = GetPackageCertificates(dsm);
foreach (X509Certificate cert in certs.Values)
{
(X509Certificate2 cert, string pin, X509ChainStatusFlags status)certInfo =
(cert : new X509Certificate2(cert), pin : cert.GetPublicKeyString().ObfuscateSHA(), PackageDigitalSignatureManager.VerifyCertificate(cert));
res.Add(certInfo);
}
return(res);
}
}
public X509ChainStatusFlags VerifyCertificate(X509Certificate cert)
{
return(PackageDigitalSignatureManager.VerifyCertificate(cert));
}
