AddSignature(PackageDigitalSignature packSignature) { XpsDigitalSignature reachSignature = new XpsDigitalSignature(packSignature, this); _reachSignatures.Add(reachSignature); return(reachSignature); }
XpsDigitalSignature( PackageDigitalSignature packageSignature, XpsDocument package ) { _packageSignature = packageSignature; _package = package; }
public void Sign_CertificateNotPassed_Success() { const string path = "Resources\\UnsignedDocument.docx"; using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(path); using (OpenXmlPackage openXmlPackage = Open(stream, true, path)) { PackageDigitalSignature signature = OpenXmlDigitalSignatureManager.Sign(openXmlPackage); VerifyResult verifyResult = signature.Verify(); Assert.Equal(VerifyResult.Success, verifyResult); } File.WriteAllBytes("OpenXml_CertNotPassed_SignedDocument.docx", stream.ToArray()); }
SignDigitally( X509Certificate certificate, bool embedCertificate, XpsDigSigPartAlteringRestrictions restrictions, String signatureId, bool testIsSignable ) { if (null == certificate) { throw new ArgumentNullException("certificate"); } if (CurrentXpsManager == null) { throw new InvalidOperationException(SR.Get(SRID.ReachPackaging_DocumentWasClosed)); } if (testIsSignable && !IsSignable) { throw new InvalidOperationException(SR.Get(SRID.ReachPackaging_SigningDoesNotMeetPolicy)); } EnsureSignatures(); // // List of RelationshipSelectors that need to be signed // List <PackageRelationshipSelector> selectorList = new List <PackageRelationshipSelector>(); // // This is being used as a Set class so the second Uri Value is irrelevent // Dictionary <Uri, Uri> dependentList = new Dictionary <Uri, Uri> (); CollectSelfAndDependents(dependentList, selectorList, restrictions); PackageDigitalSignature packSignature = CurrentXpsManager.Sign(dependentList.Keys, certificate, embedCertificate, selectorList, signatureId ); return(AddSignature(packSignature)); }
public void RemoveSignaturesFromFilesBySigner(string signerSerialNumber) { string signuri = ""; string serialNumber = ""; if (DocumentType.Equals(Types.XpsDocument)) { //Search the serial in a Xps signatures. foreach (XpsDigitalSignature signature in xpsDocument.Signatures) { serialNumber = signature.SignerCertificate.GetSerialNumberString(); if (serialNumber == signerSerialNumber) { xpsDocument.RemoveSignature(signature); } } serialNumber = null; xpsDocument.Close(); } else if (DocumentType.Equals(Types.PdfDocument)) { CertificadoDigital.Remove.removeSignature(pdfDocumentPath, serialNumber); } else { PackageDigitalSignatureManager _assinaturas = null; _assinaturas = new PackageDigitalSignatureManager(base.package); _assinaturas.CertificateOption = CertificateEmbeddingOption.InSignaturePart; int signaturesCount = _assinaturas.Signatures.Count; for (int index = 0; index < _assinaturas.Signatures.Count; index++) { PackageDigitalSignature signature = _assinaturas.Signatures[index]; serialNumber = signature.Signer.GetSerialNumberString(); if (serialNumber == signerSerialNumber) { signuri = signature.SignaturePart.Uri.ToString(); Uri uri = new Uri(signuri, UriKind.Relative); _assinaturas.RemoveSignature(uri); index--; } } package.Flush(); package.Close(); } }
public void Sign_CertificatePassed_Success(string sourcePath, string destPath) { using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(sourcePath); using (OpenXmlPackage openXmlPackage = Open(stream, true, sourcePath)) { X509Certificate2 certificate = DigitalSignatureManager .GetSigningCertificates() .OfType <X509Certificate2>() .First(); PackageDigitalSignature signature = OpenXmlDigitalSignatureManager.Sign(openXmlPackage, certificate); VerifyResult verifyResult = signature.Verify(); Assert.Equal(VerifyResult.Success, verifyResult); } File.WriteAllBytes(destPath, stream.ToArray()); }
private bool TryGetTimestamp(PackageDigitalSignature packageSignature, out Timestamp timestamp) { bool isValidTimestampSignature = false; if (packageSignature == null) { throw new ArgumentNullException(nameof(packageSignature)); } timestamp = new Timestamp() { SignedOn = DateTime.MaxValue }; XmlNamespaceManager namespaceManager = new XmlNamespaceManager(new NameTable()); namespaceManager.AddNamespace("ds", "http://schemas.openxmlformats.org/package/2006/digital-signature"); // Obtain timestamp from Signature Xml if there is one. XmlElement element = packageSignature.Signature.GetXml(); XmlNode encodedTimeNode = element.SelectNodes("//ds:TimeStamp/ds:EncodedTime", namespaceManager).OfType <XmlNode>().FirstOrDefault(); // If timestamp found, verify it. if (encodedTimeNode != null && encodedTimeNode.InnerText != null) { byte[] binaryTimestamp = null; try { binaryTimestamp = Convert.FromBase64String(encodedTimeNode.InnerText); } catch (FormatException) { return(false); } IntPtr TSContextPtr = IntPtr.Zero; IntPtr TSSignerPtr = IntPtr.Zero; IntPtr StoreHandle = IntPtr.Zero; // Ensure timestamp corresponds to package signature isValidTimestampSignature = WinCrypt.CryptVerifyTimeStampSignature(binaryTimestamp, (uint)binaryTimestamp.Length, packageSignature.SignatureValue, (uint)packageSignature.SignatureValue.Length, IntPtr.Zero, out TSContextPtr, out TSSignerPtr, out StoreHandle); if (isValidTimestampSignature) { var timestampContext = (CRYPT_TIMESTAMP_CONTEXT)Marshal.PtrToStructure(TSContextPtr, typeof(CRYPT_TIMESTAMP_CONTEXT)); var timestampInfo = (CRYPT_TIMESTAMP_INFO)Marshal.PtrToStructure(timestampContext.pTimeStamp, typeof(CRYPT_TIMESTAMP_INFO)); unchecked { uint low = (uint)timestampInfo.ftTime.dwLowDateTime; long ftTimestamp = (((long)timestampInfo.ftTime.dwHighDateTime) << 32) | low; timestamp.SignedOn = DateTime.FromFileTime(ftTimestamp); } // Get the algorithm name based on the OID. timestamp.SignatureAlgorithm = Oid.FromOidValue(timestampInfo.HashAlgorithm.pszObjId, OidGroup.HashAlgorithm).FriendlyName; X509Certificate2 certificate = new X509Certificate2(packageSignature.Signer); timestamp.EffectiveDate = certificate.NotBefore; timestamp.ExpiryDate = certificate.NotAfter; } if (IntPtr.Zero != TSContextPtr) { WinCrypt.CryptMemFree(TSContextPtr); } if (IntPtr.Zero != TSSignerPtr) { WinCrypt.CertFreeCertificateContext(TSSignerPtr); } if (IntPtr.Zero != StoreHandle) { WinCrypt.CertCloseStore(StoreHandle, 0); } } return(isValidTimestampSignature); }
private bool IsSigned(string path, SignatureVerificationResult result) { PackageDigitalSignature packageSignature = null; using (var vsixStream = new FileStream(path, FileMode.Open, FileAccess.Read)) { var vsixPackage = Package.Open(vsixStream); var signatureManager = new PackageDigitalSignatureManager(vsixPackage); if (!signatureManager.IsSigned) { return(false); } if (signatureManager.Signatures.Count() != 1) { return(false); } if (signatureManager.Signatures[0].SignedParts.Count != vsixPackage.GetParts().Count() - 1) { return(false); } packageSignature = signatureManager.Signatures[0]; // Retrieve the timestamp Timestamp timestamp; if (!TryGetTimestamp(packageSignature, out timestamp)) { // Timestamp is either invalid or not present result.AddDetail(DetailKeys.Error, SignCheckResources.ErrorInvalidOrMissingTimestamp); return(false); } // Update the result with the timestamp detail result.AddDetail(DetailKeys.Signature, String.Format(SignCheckResources.DetailTimestamp, timestamp.SignedOn, timestamp.SignatureAlgorithm)); // Verify the certificate chain X509Certificate2 certificate = new X509Certificate2(packageSignature.Signer); X509Chain certChain = new X509Chain(); certChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot; certChain.ChainPolicy.RevocationMode = X509RevocationMode.Online; // If the certificate has expired, but the VSIX was signed prior to expiration // we can ignore invalid time policies. bool certExpired = DateTime.Now > certificate.NotAfter; if (timestamp.IsValid && certExpired) { certChain.ChainPolicy.VerificationFlags |= X509VerificationFlags.IgnoreNotTimeValid; } if (!certChain.Build(certificate)) { result.AddDetail(DetailKeys.Error, SignCheckResources.DetailErrorFailedToBuildCertChain); return(false); } result.AddDetail(DetailKeys.Misc, SignCheckResources.DetailCertChainValid); } return(true); }
private XpsDigitalSignature AddSignature(PackageDigitalSignature packSignature) { XpsDigitalSignature item = new XpsDigitalSignature(packSignature, this); this._reachSignatures.Add(item); return item; }