/// <summary>
/// Verifies whether or not the JAR file is signed.
/// </summary>
/// <returns>True if the JAR file is signed, false otherwise.</returns>
public bool IsSigned()
{
// If there are no signature files or a manifest then don't bother doing anything further.
if (!(HasSignatureFile && HasManifestFile))
{
JarError.AddError(JarResources.MissingSignatureOrManifestFile);
return(false);
}
// Verify the file based on the spec at https://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html
//
// STEP 1: Verify the signature over the signature file when the manifest is first parsed. For
// efficiency, this verification can be remembered. Note that this verification only validates
// the signature directions themselves, not the actual archive files.
//
// Note: There can be multiple signature (.SF) files, e.g. as new files are added to the archive after it was signed.
if (!SignatureFiles.All(sf => sf.VerifySignature()))
{
return(false);
}
// STEP 2: If an x-Digest-Manifest attribute exists in the signature file, verify the value against a digest calculated
// over the entire manifest. If more than one x-Digest-Manifest attribute exists in the signature file,
// verify that at least one of them matches the calculated digest value.
// Get all the signature files that failed to verify the x-Digest-Manifest attributes
IEnumerable <JarSignatureFile> signatureFilesFailedVerifyDigestManifest = from sf in SignatureFiles
where !sf.VerifyDigestManifest(Manifest)
select sf;
if (signatureFilesFailedVerifyDigestManifest.Count() > 0)
{
// STEP 3: If an x-Digest-Manifest attribute does not exist in the signature file or none of the digest values calculated
// in the previous step match, then a less optimized verification is performed:
// * If an x-Digest-Manifest-Main-Attributes entry exists in the signature file, verify the value against
// a digest calculated over the main attributes in the manifest file. If this calculation fails, then JAR
// file verification fails. This decision can be remembered for efficiency. If an x-Digest-Manifest-Main-Attributes
// entry does not exist in the signature file, its nonexistence does not affect JAR file verification and the
// manifest main attributes are not verified.
// * Verify the digest value in each source file information section in the signature file against a digest value
// calculated against the corresponding entry in the manifest file. If any of the digest values don't match, then
// JAR file verification fails.
if (!signatureFilesFailedVerifyDigestManifest.All(sf => sf.VerifyDigestManifestMain(Manifest)))
{
return(false);
}
}
// STEP 4: For each entry in the manifest, verify the digest value in the manifest file against
// a digest calculated over the actual data referenced in the "Name:" attribute, which
// specifies either a relative file path or URL. If any of the digest values don't match,
// then JAR file verification fails.
if (!Manifest.VerifyManifestEntries())
{
return(false);
}
return(true);
}
public void BrowseForSignatureFile()
{
var openFileDialog = new OpenFileDialog()
{
DefaultExt = ".p7s",
Filter = "CADES signature files (.p7s)|*.p7s",
Multiselect = true
};
if (openFileDialog.ShowDialog() == true)
{
foreach (var file in openFileDialog.FileNames)
{
if (!SignatureFiles.Contains(file))
{
SignatureFiles.Add(file);
}
}
}
}
public void ClearSignatureFiles()
{
SignatureFiles.Clear();
}
