/// <summary> /// Tests a Digital Signature from a package /// </summary> /// <returns>Digital signatures list</returns> public static Collection <string> GetList(OpenXmlPowerToolsDocument doc) { using (OpenXmlMemoryStreamDocument streamDoc = new OpenXmlMemoryStreamDocument(doc)) { // Creates the PackageDigitalSignatureManager PackageDigitalSignatureManager digitalSignatureManager = new PackageDigitalSignatureManager(streamDoc.GetPackage()); // Verifies the collection of certificates in the package Collection <string> digitalSignatureDescriptions = new Collection <string>(); ReadOnlyCollection <PackageDigitalSignature> digitalSignatures = digitalSignatureManager.Signatures; if (digitalSignatures.Count > 0) { foreach (PackageDigitalSignature signature in digitalSignatures) { if (PackageDigitalSignatureManager.VerifyCertificate(signature.Signer) != X509ChainStatusFlags.NoError) { digitalSignatureDescriptions.Add(string.Format(System.Globalization.CultureInfo.InvariantCulture, "Signature: {0} ({1})", signature.Signer.Subject, PackageDigitalSignatureManager.VerifyCertificate(signature.Signer))); } else { digitalSignatureDescriptions.Add("Signature: " + signature.Signer.Subject); } } } else { digitalSignatureDescriptions.Add("No digital signatures found"); } return(digitalSignatureDescriptions); } }
private static bool VerifyCertificate(X509Certificate cert) { var status = PackageDigitalSignatureManager.VerifyCertificate(cert); AppHealth.Current.Verbose.TrackAsync(string.Format(StringRes.TemplatePackageVerifyCertificateMessage, cert.Subject, status.ToString())).FireAndForget(); return(status == X509ChainStatusFlags.NoError); }
private static bool VerifyCertificate(X509Certificate cert) { var status = PackageDigitalSignatureManager.VerifyCertificate(cert); AppHealth.Current.Verbose.TrackAsync($"Certificate '{cert.Subject}' verification finished with status '{status.ToString()}'").FireAndForget(); return(status == X509ChainStatusFlags.NoError); }
public static Package Verify(this Package package) { if (!IsSigned(package)) { return(package); } // Create the PackageDigitalSignatureManager var dsm = new PackageDigitalSignatureManager(package) { HashAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256" }; // Verify the collection of certificates in the package (one, in this case) foreach (PackageDigitalSignature signature in dsm.Signatures) { var x = PackageDigitalSignatureManager.VerifyCertificate(signature.Signer); if (x == X509ChainStatusFlags.NoError) { continue; } // If the certificate has expired, but signature is created while the certificate was valid, we accept it else if (x == X509ChainStatusFlags.NotTimeValid) { var signer = signature.Signer as X509Certificate2; if (signer != null && signature.SigningTime >= signer.NotBefore && signature.SigningTime <= signer.NotAfter) { continue; } } throw new Exception(string.Format("Certificate validation failed : {0}", x)); } // If all certificates are valid, verify all signatures in the package. VerifyResult vResult = dsm.VerifySignatures(false); //Retrieve innerPackage/originalPackage var innerPackageName = GetInnerPackageName(); var uriString = "/" + innerPackageName + ".pgx"; var packagePart = package.GetPart(new Uri(uriString, UriKind.Relative)); var stream = packagePart.GetStream(); var originalPackage = Package.Open(stream); return(originalPackage); }
/// <summary> /// Checks the signatures in the package /// </summary> /// <param name="packagePath"></param> /// <param name="certificatesStatus">Status of the certificate (dictionary with the subject and /// verification status of the certificates) </param> /// <returns></returns> private static VerifyResult VerifySignatures( string packagePath, out Dictionary <string, X509ChainStatusFlags> certificatesStatus) { VerifyResult vResult; certificatesStatus = new Dictionary <string, X509ChainStatusFlags>(); using (Package package = Package.Open(packagePath, FileMode.Open, FileAccess.Read)) { PackageDigitalSignatureManager dsm = new PackageDigitalSignatureManager(package); // Verify the collection of certificates in the package foreach (PackageDigitalSignature signature in dsm.Signatures) { certificatesStatus.Add( signature.Signer.Subject, PackageDigitalSignatureManager.VerifyCertificate(signature.Signer)); } // For this example, if all certificates are valid, verify all signatures in the package. vResult = dsm.VerifySignatures(false); } return(vResult); }
VerifyCertificate(X509Certificate certificate) { return(PackageDigitalSignatureManager.VerifyCertificate(certificate)); }
public static List <(X509Certificate2 cert, string pin, X509ChainStatusFlags status)> GetCertsInfo(string signedPackageFilename) { using (Package package = Package.Open(signedPackageFilename, FileMode.Open, FileAccess.Read, FileShare.Read)) { var res = new List <(X509Certificate2 cert, string pin, X509ChainStatusFlags status)>(); var dsm = new PackageDigitalSignatureManager(package); var certs = GetPackageCertificates(dsm); foreach (X509Certificate cert in certs.Values) { (X509Certificate2 cert, string pin, X509ChainStatusFlags status)certInfo = (cert : new X509Certificate2(cert), pin : cert.GetPublicKeyString().ObfuscateSHA(), PackageDigitalSignatureManager.VerifyCertificate(cert)); res.Add(certInfo); } return(res); } }
public X509ChainStatusFlags VerifyCertificate(X509Certificate cert) { return(PackageDigitalSignatureManager.VerifyCertificate(cert)); }