/// <summary> /// Verifies each individual entry's x-Digest against the computed digest of the individual section of the entry in /// the manifest. /// </summary> /// <param name="manifestFile">The manifest file to use when computing individual digests.</param> /// <returns>true if verifications was successful, false otherwise.</returns> public bool VerifySignatureSourceFileDigests(JarManifestFile manifestFile) { foreach (JarIndividualEntry signatureFileEntry in IndividualSection) { JarIndividualEntry manifestFileEntry = manifestFile.IndividualSection.FirstOrDefault( i => String.Equals(i.Name, signatureFileEntry.Name)); if (manifestFileEntry != null) { string computedDigest = JarUtils.GetHashDigest(manifestFileEntry.RawText, signatureFileEntry.HashAlgorithmName); if (!String.Equals(computedDigest, signatureFileEntry.DigestValue)) { JarError.AddError(String.Format(JarResources.SignatureFileEntryDigestMismatch, signatureFileEntry.Name, SignatureFilePath, computedDigest, signatureFileEntry.DigestValue)); return(false); } } else { // Signature file contains an entry that's not present in the MANIFEST.MF file JarError.AddError(String.Format(JarResources.MissingManifestEntry, signatureFileEntry.Name, SignatureFilePath)); return(false); } } // If we make it out of the loop we're all good return(true); }
/// <summary> /// Verify all the x-Digest-Manifest attributes. /// </summary> /// <param name="manifest">The JAR manifest (META-INF/MANIFEST.MF)</param> /// <returns>True if all the digests were verified, false if any verification failed or there are no x-Digest-Manifest attributes in the signature file.</returns> public bool VerifyDigestManifest(JarManifestFile manifest) { if (ManifestHashDigestAttributes.Count() > 0) { return(ManifestHashDigestAttributes.All( a => String.Equals(MainAttributes[a], manifest.GetManifestDigest(JarUtils.GetHashAlgorithmFromDigest(a, "-Digest-Manifest"))) )); } return(false); }
/// <summary> /// Verify the x-Digest-Manifest-Main-Attributes attribute if it exists, otherwise, verify the individual file attributes /// in the signature file and compare their digests to the digests calculated over the individual sections in the manifest /// file. /// </summary> /// <returns>True if the verification succeeded, false otherwise.</returns> public bool VerifyDigestManifestMain(JarManifestFile manifestFile) { if (HasDigestManifestMainAttributes) { string digestAttributeKey = MainAttributes.Keys.FirstOrDefault(key => key.EndsWith("-Digest-Manifest-Main-Attributes", StringComparison.OrdinalIgnoreCase)); JarUtils.GetHashAlgorithmFromDigest(digestAttributeKey, "-Digest-Manifest-Main-Attributes"); return(String.Equals(MainAttributes[digestAttributeKey], manifestFile.GetMainAttributesDigest(JarUtils.GetHashAlgorithmFromDigest(digestAttributeKey, "-Digest-Manifest-Main-Attributes")))); } else { return(VerifySignatureSourceFileDigests(manifestFile)); } }