internal static bool VerifyHash(string fileFullPath, PackageJson package, PackageSourceListRequest request) { //skip in case the skip switch is specified if (request.SkipHashValidation.Value) { request.Verbose(Resources.Messages.SkipHashValidation); return(true); } PackageHash packageHash = package.Hash; if (packageHash == null || string.IsNullOrWhiteSpace(packageHash.algorithm) || string.IsNullOrWhiteSpace(packageHash.hashCode)) { request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.HashNotSpecified, package.Name); return(false); } try { string hashAlgorithm = packageHash.algorithm.ToLowerInvariant(); if (!("sha256".Equals(hashAlgorithm) || "md5".Equals(hashAlgorithm) || "sha512".Equals(hashAlgorithm))) { request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.InvalidHashAlgorithm, packageHash.algorithm); return(false); } // compute the hash string computedHash = ComputeHash(fileFullPath, hashAlgorithm, request); if (computedHash == null) { request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source); return(false); } // hash from json string hashFromJSON = package.Hash.hashCode; //compare computed hash with hash from json if (!hashFromJSON.Equals(computedHash)) { request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source); return(false); } else { request.Verbose(Resources.Messages.HashValidationSuccessfull); } } catch { request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source); return(false); } return(true); }
internal static bool VerifyHash(string fileFullPath, PackageJson package, PackageSourceListRequest request) { //skip in case the skip switch is specified if (request.SkipHashValidation.Value) { request.Verbose(Resources.Messages.SkipHashValidation); return(true); } PackageHash packageHash = package.Hash; if (packageHash == null || string.IsNullOrWhiteSpace(packageHash.algorithm) || string.IsNullOrWhiteSpace(packageHash.hashCode)) { request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.HashNotSpecified, package.Name); return(false); } try { HashAlgorithm hashAlgorithm = null; switch (packageHash.algorithm.ToLowerInvariant()) { case "sha256": hashAlgorithm = SHA256.Create(); break; case "md5": hashAlgorithm = MD5.Create(); break; case "sha512": hashAlgorithm = SHA512.Create(); break; default: request.WriteError(ErrorCategory.InvalidArgument, Constants.ProviderName, Resources.Messages.InvalidHashAlgorithm, packageHash.algorithm); return(false); } using (FileStream stream = File.OpenRead(fileFullPath)) { // compute the hash byte[] computedHash = hashAlgorithm.ComputeHash(stream); // convert the original hash we got from json byte[] hashFromJSON = Convert.FromBase64String(package.Hash.hashCode); if (!Enumerable.SequenceEqual(computedHash, hashFromJSON)) { request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source); return(false); } else { request.Verbose(Resources.Messages.HashValidationSuccessful); } } } catch { request.WriteError(ErrorCategory.InvalidOperation, Constants.ProviderName, Resources.Messages.HashVerificationFailed, package.Name, package.Source); return(false); } return(true); }