AddSignature(PackageDigitalSignature packSignature)
{
XpsDigitalSignature reachSignature =
new XpsDigitalSignature(packSignature, this);
_reachSignatures.Add(reachSignature);
return(reachSignature);
}
XpsDigitalSignature(
PackageDigitalSignature packageSignature,
XpsDocument package
)
{
_packageSignature = packageSignature;
_package = package;
}
public void Sign_CertificateNotPassed_Success()
{
const string path = "Resources\\UnsignedDocument.docx";
using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(path);
using (OpenXmlPackage openXmlPackage = Open(stream, true, path))
{
PackageDigitalSignature signature = OpenXmlDigitalSignatureManager.Sign(openXmlPackage);
VerifyResult verifyResult = signature.Verify();
Assert.Equal(VerifyResult.Success, verifyResult);
}
File.WriteAllBytes("OpenXml_CertNotPassed_SignedDocument.docx", stream.ToArray());
}
SignDigitally(
X509Certificate certificate,
bool embedCertificate,
XpsDigSigPartAlteringRestrictions restrictions,
String signatureId,
bool testIsSignable
)
{
if (null == certificate)
{
throw new ArgumentNullException("certificate");
}
if (CurrentXpsManager == null)
{
throw new InvalidOperationException(SR.Get(SRID.ReachPackaging_DocumentWasClosed));
}
if (testIsSignable && !IsSignable)
{
throw new InvalidOperationException(SR.Get(SRID.ReachPackaging_SigningDoesNotMeetPolicy));
}
EnsureSignatures();
//
// List of RelationshipSelectors that need to be signed
//
List <PackageRelationshipSelector> selectorList =
new List <PackageRelationshipSelector>();
//
// This is being used as a Set class so the second Uri Value is irrelevent
//
Dictionary <Uri, Uri> dependentList = new Dictionary <Uri, Uri> ();
CollectSelfAndDependents(dependentList, selectorList, restrictions);
PackageDigitalSignature packSignature =
CurrentXpsManager.Sign(dependentList.Keys,
certificate,
embedCertificate,
selectorList,
signatureId
);
return(AddSignature(packSignature));
}
public void RemoveSignaturesFromFilesBySigner(string signerSerialNumber)
{
string signuri = "";
string serialNumber = "";
if (DocumentType.Equals(Types.XpsDocument))
{
//Search the serial in a Xps signatures.
foreach (XpsDigitalSignature signature in xpsDocument.Signatures)
{
serialNumber = signature.SignerCertificate.GetSerialNumberString();
if (serialNumber == signerSerialNumber)
{
xpsDocument.RemoveSignature(signature);
}
}
serialNumber = null;
xpsDocument.Close();
}
else if (DocumentType.Equals(Types.PdfDocument))
{
CertificadoDigital.Remove.removeSignature(pdfDocumentPath, serialNumber);
}
else
{
PackageDigitalSignatureManager _assinaturas = null;
_assinaturas = new PackageDigitalSignatureManager(base.package);
_assinaturas.CertificateOption = CertificateEmbeddingOption.InSignaturePart;
int signaturesCount = _assinaturas.Signatures.Count;
for (int index = 0; index < _assinaturas.Signatures.Count; index++)
{
PackageDigitalSignature signature = _assinaturas.Signatures[index];
serialNumber = signature.Signer.GetSerialNumberString();
if (serialNumber == signerSerialNumber)
{
signuri = signature.SignaturePart.Uri.ToString();
Uri uri = new Uri(signuri, UriKind.Relative);
_assinaturas.RemoveSignature(uri);
index--;
}
}
package.Flush();
package.Close();
}
}
public void Sign_CertificatePassed_Success(string sourcePath, string destPath)
{
using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(sourcePath);
using (OpenXmlPackage openXmlPackage = Open(stream, true, sourcePath))
{
X509Certificate2 certificate = DigitalSignatureManager
.GetSigningCertificates()
.OfType <X509Certificate2>()
.First();
PackageDigitalSignature signature = OpenXmlDigitalSignatureManager.Sign(openXmlPackage, certificate);
VerifyResult verifyResult = signature.Verify();
Assert.Equal(VerifyResult.Success, verifyResult);
}
File.WriteAllBytes(destPath, stream.ToArray());
}
private bool TryGetTimestamp(PackageDigitalSignature packageSignature, out Timestamp timestamp)
{
bool isValidTimestampSignature = false;
if (packageSignature == null)
{
throw new ArgumentNullException(nameof(packageSignature));
}
timestamp = new Timestamp()
{
SignedOn = DateTime.MaxValue
};
XmlNamespaceManager namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("ds", "http://schemas.openxmlformats.org/package/2006/digital-signature");
// Obtain timestamp from Signature Xml if there is one.
XmlElement element = packageSignature.Signature.GetXml();
XmlNode encodedTimeNode = element.SelectNodes("//ds:TimeStamp/ds:EncodedTime", namespaceManager).OfType <XmlNode>().FirstOrDefault();
// If timestamp found, verify it.
if (encodedTimeNode != null && encodedTimeNode.InnerText != null)
{
byte[] binaryTimestamp = null;
try
{
binaryTimestamp = Convert.FromBase64String(encodedTimeNode.InnerText);
}
catch (FormatException)
{
return(false);
}
IntPtr TSContextPtr = IntPtr.Zero;
IntPtr TSSignerPtr = IntPtr.Zero;
IntPtr StoreHandle = IntPtr.Zero;
// Ensure timestamp corresponds to package signature
isValidTimestampSignature = WinCrypt.CryptVerifyTimeStampSignature(binaryTimestamp,
(uint)binaryTimestamp.Length,
packageSignature.SignatureValue,
(uint)packageSignature.SignatureValue.Length,
IntPtr.Zero,
out TSContextPtr,
out TSSignerPtr,
out StoreHandle);
if (isValidTimestampSignature)
{
var timestampContext = (CRYPT_TIMESTAMP_CONTEXT)Marshal.PtrToStructure(TSContextPtr, typeof(CRYPT_TIMESTAMP_CONTEXT));
var timestampInfo = (CRYPT_TIMESTAMP_INFO)Marshal.PtrToStructure(timestampContext.pTimeStamp, typeof(CRYPT_TIMESTAMP_INFO));
unchecked
{
uint low = (uint)timestampInfo.ftTime.dwLowDateTime;
long ftTimestamp = (((long)timestampInfo.ftTime.dwHighDateTime) << 32) | low;
timestamp.SignedOn = DateTime.FromFileTime(ftTimestamp);
}
// Get the algorithm name based on the OID.
timestamp.SignatureAlgorithm = Oid.FromOidValue(timestampInfo.HashAlgorithm.pszObjId, OidGroup.HashAlgorithm).FriendlyName;
X509Certificate2 certificate = new X509Certificate2(packageSignature.Signer);
timestamp.EffectiveDate = certificate.NotBefore;
timestamp.ExpiryDate = certificate.NotAfter;
}
if (IntPtr.Zero != TSContextPtr)
{
WinCrypt.CryptMemFree(TSContextPtr);
}
if (IntPtr.Zero != TSSignerPtr)
{
WinCrypt.CertFreeCertificateContext(TSSignerPtr);
}
if (IntPtr.Zero != StoreHandle)
{
WinCrypt.CertCloseStore(StoreHandle, 0);
}
}
return(isValidTimestampSignature);
}
private bool IsSigned(string path, SignatureVerificationResult result)
{
PackageDigitalSignature packageSignature = null;
using (var vsixStream = new FileStream(path, FileMode.Open, FileAccess.Read))
{
var vsixPackage = Package.Open(vsixStream);
var signatureManager = new PackageDigitalSignatureManager(vsixPackage);
if (!signatureManager.IsSigned)
{
return(false);
}
if (signatureManager.Signatures.Count() != 1)
{
return(false);
}
if (signatureManager.Signatures[0].SignedParts.Count != vsixPackage.GetParts().Count() - 1)
{
return(false);
}
packageSignature = signatureManager.Signatures[0];
// Retrieve the timestamp
Timestamp timestamp;
if (!TryGetTimestamp(packageSignature, out timestamp))
{
// Timestamp is either invalid or not present
result.AddDetail(DetailKeys.Error, SignCheckResources.ErrorInvalidOrMissingTimestamp);
return(false);
}
// Update the result with the timestamp detail
result.AddDetail(DetailKeys.Signature, String.Format(SignCheckResources.DetailTimestamp, timestamp.SignedOn, timestamp.SignatureAlgorithm));
// Verify the certificate chain
X509Certificate2 certificate = new X509Certificate2(packageSignature.Signer);
X509Chain certChain = new X509Chain();
certChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
certChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
// If the certificate has expired, but the VSIX was signed prior to expiration
// we can ignore invalid time policies.
bool certExpired = DateTime.Now > certificate.NotAfter;
if (timestamp.IsValid && certExpired)
{
certChain.ChainPolicy.VerificationFlags |= X509VerificationFlags.IgnoreNotTimeValid;
}
if (!certChain.Build(certificate))
{
result.AddDetail(DetailKeys.Error, SignCheckResources.DetailErrorFailedToBuildCertChain);
return(false);
}
result.AddDetail(DetailKeys.Misc, SignCheckResources.DetailCertChainValid);
}
return(true);
}
private XpsDigitalSignature AddSignature(PackageDigitalSignature packSignature)
{
XpsDigitalSignature item = new XpsDigitalSignature(packSignature, this);
this._reachSignatures.Add(item);
return item;
}
