/// <summary>
/// Verifies each individual entry's x-Digest against the computed digest of the individual section of the entry in
/// the manifest.
/// </summary>
/// <param name="manifestFile">The manifest file to use when computing individual digests.</param>
/// <returns>true if verifications was successful, false otherwise.</returns>
public bool VerifySignatureSourceFileDigests(JarManifestFile manifestFile)
{
foreach (JarIndividualEntry signatureFileEntry in IndividualSection)
{
JarIndividualEntry manifestFileEntry = manifestFile.IndividualSection.FirstOrDefault(
i => String.Equals(i.Name, signatureFileEntry.Name));
if (manifestFileEntry != null)
{
string computedDigest = JarUtils.GetHashDigest(manifestFileEntry.RawText, signatureFileEntry.HashAlgorithmName);
if (!String.Equals(computedDigest, signatureFileEntry.DigestValue))
{
JarError.AddError(String.Format(JarResources.SignatureFileEntryDigestMismatch, signatureFileEntry.Name, SignatureFilePath, computedDigest, signatureFileEntry.DigestValue));
return(false);
}
}
else
{
// Signature file contains an entry that's not present in the MANIFEST.MF file
JarError.AddError(String.Format(JarResources.MissingManifestEntry, signatureFileEntry.Name, SignatureFilePath));
return(false);
}
}
// If we make it out of the loop we're all good
return(true);
}
/// <summary>
/// Verify all the x-Digest-Manifest attributes.
/// </summary>
/// <param name="manifest">The JAR manifest (META-INF/MANIFEST.MF)</param>
/// <returns>True if all the digests were verified, false if any verification failed or there are no x-Digest-Manifest attributes in the signature file.</returns>
public bool VerifyDigestManifest(JarManifestFile manifest)
{
if (ManifestHashDigestAttributes.Count() > 0)
{
return(ManifestHashDigestAttributes.All(
a => String.Equals(MainAttributes[a], manifest.GetManifestDigest(JarUtils.GetHashAlgorithmFromDigest(a, "-Digest-Manifest")))
));
}
return(false);
}
/// <summary>
/// Verify the x-Digest-Manifest-Main-Attributes attribute if it exists, otherwise, verify the individual file attributes
/// in the signature file and compare their digests to the digests calculated over the individual sections in the manifest
/// file.
/// </summary>
/// <returns>True if the verification succeeded, false otherwise.</returns>
public bool VerifyDigestManifestMain(JarManifestFile manifestFile)
{
if (HasDigestManifestMainAttributes)
{
string digestAttributeKey = MainAttributes.Keys.FirstOrDefault(key => key.EndsWith("-Digest-Manifest-Main-Attributes", StringComparison.OrdinalIgnoreCase));
JarUtils.GetHashAlgorithmFromDigest(digestAttributeKey, "-Digest-Manifest-Main-Attributes");
return(String.Equals(MainAttributes[digestAttributeKey],
manifestFile.GetMainAttributesDigest(JarUtils.GetHashAlgorithmFromDigest(digestAttributeKey, "-Digest-Manifest-Main-Attributes"))));
}
else
{
return(VerifySignatureSourceFileDigests(manifestFile));
}
}
