/// <exception cref="Exception">Thrown when verification fails for any reason</exception>>
public void VerifySignature()
{
using (var certificate = new X509Certificate2(RawCertificate))
{
if (!certificate.Verify())
{
throw new Exception(Messages.CERTIFICATE_IS_INVALID);
}
// Get the package signature from the certificate file.
// This is the digest of the first file listed in the certificate file,
// hence we only need to read the first line
FileDigest fileDigest;
using (Stream stream = new MemoryStream(RawCertificate))
using (StreamReader reader = new StreamReader(stream))
{
fileDigest = new FileDigest(reader.ReadLine());
}
// Verify the stored signature against the computed signature using the certificate's public key.
// Do this independently to minimize the number of files opened concurrently.
using (Stream stream = new MemoryStream(RawManifest))
{
if (!StreamUtilities.VerifyAgainstDigest(stream, stream.Length, fileDigest.AlgorithmName, fileDigest.Digest, certificate))
{
throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, fileDigest.Name));
}
}
}
}
public override void VerifyManifest()
{
// Verify the presence of a manifest.
var manifest = Manifest;
// For a folder package, it is efficient to iterate by the order of files in the manifest.
foreach (FileDigest fileDigest in manifest)
{
using (var stream = File.OpenRead(Path.Combine(_Folder, fileDigest.Name)))
{
if (!StreamUtilities.VerifyAgainstDigest(stream, stream.Length, fileDigest.AlgorithmName, fileDigest.Digest))
{
throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, fileDigest.Name));
}
}
}
}
public override bool VerifyCurrentFileAgainstDigest(string algorithmName, byte[] digest)
{
return(StreamUtilities.VerifyAgainstDigest(tarStream, CurrentFileSize(), algorithmName, digest));
}
