/// <summary>
/// Verify all signatures in the JAR
/// </summary>
/// <param name="jar">JAR to verify</param>
/// <param name="centralManifest">the main MANIFEST.MF</param>
/// <param name="signatures">the set of signatures to verify</param>
/// <param name="certificates">the set of permitted certificates we verify against</param>
/// <returns>true if all signatures verify as valid - otherwise false</returns>
public bool Verify(
IJar jar,
ManifestData centralManifest,
List <Signature> signatures,
IVerificationCertificates certificates)
{
if (jar == null)
{
throw new ArgumentNullException(nameof(jar));
}
if (centralManifest == null)
{
throw new ArgumentNullException(nameof(centralManifest));
}
if (certificates == null)
{
throw new ArgumentNullException(nameof(certificates));
}
if (!signatures.Any())
{
return(false);
}
foreach (Signature sig in signatures)
{
ManifestData signFile = _loader.Load(jar, sig.ManifestPath);
Log.Message($"Signature {sig.BaseName} @ {sig.ManifestPath} with block {sig.Block.Path} type {sig.Block.Type}");
// Sign file hash mismatch
if (!VerifyManifestHashes(centralManifest, signFile))
{
return(false);
}
// Ensure we actually have a certificate to verify against
if (!certificates.Contains(sig.BaseName))
{
throw new MissingCertificateException($"Signature with base name {sig.BaseName} must have a matching certificate " +
$"supplied in order to verify");
}
}
return(signatures.All(s => VerifyPKCS7(jar, s, certificates.Get(s.BaseName))));
}
public void Init(FmsOptions options)
{
string manifestUrl = "";
if (options.JSONParser == null)
{
throw new CMSException("JSON parser implementation is required.");
}
Debug.Log("JSON parser: " + options.JSONParser.GetDescription());
switch (options.Mode)
{
case FmsMode.Versioned:
manifestUrl = $"{options.BaseURL}manifest/{options.CodeName}/{options.Env.ToString().ToLower()}/{options.ManifestVersion}.json";
manifestLoader = new VersionedFileManifestLoader(options);
break;
case FmsMode.Passthrough:
manifestLoader = new PassthroughFileManifestLoader();
break;
}
manifestLoader.Load(options, manifestUrl);
}
