/// <exception cref="Exception">Thrown when verification fails for any reason</exception>> public void VerifySignature() { using (var certificate = new X509Certificate2(RawCertificate)) { if (!certificate.Verify()) { throw new Exception(Messages.CERTIFICATE_IS_INVALID); } // Get the package signature from the certificate file. // This is the digest of the first file listed in the certificate file, // hence we only need to read the first line FileDigest fileDigest; using (Stream stream = new MemoryStream(RawCertificate)) using (StreamReader reader = new StreamReader(stream)) { fileDigest = new FileDigest(reader.ReadLine()); } // Verify the stored signature against the computed signature using the certificate's public key. // Do this independently to minimize the number of files opened concurrently. using (Stream stream = new MemoryStream(RawManifest)) { if (!StreamUtilities.VerifyAgainstDigest(stream, stream.Length, fileDigest.AlgorithmName, fileDigest.Digest, certificate)) { throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, fileDigest.Name)); } } } }
public override void VerifyManifest() { // Verify the presence of a manifest. var manifest = Manifest; // For a folder package, it is efficient to iterate by the order of files in the manifest. foreach (FileDigest fileDigest in manifest) { using (var stream = File.OpenRead(Path.Combine(_Folder, fileDigest.Name))) { if (!StreamUtilities.VerifyAgainstDigest(stream, stream.Length, fileDigest.AlgorithmName, fileDigest.Digest)) { throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, fileDigest.Name)); } } } }
public override bool VerifyCurrentFileAgainstDigest(string algorithmName, byte[] digest) { return(StreamUtilities.VerifyAgainstDigest(tarStream, CurrentFileSize(), algorithmName, digest)); }