예제 #1
0
        /// <summary>
        /// Called when the installer is downloaded
        /// </summary>
        /// <param name="sender">not used.</param>
        /// <param name="e">used to determine if the download was successful.</param>
        private void OnWebDownloadClientDownloadFileCompleted(object sender, AsyncCompletedEventArgs e)
        {
            if (e.Error != null)
            {
                UIFactory.ShowDownloadErrorMessage(e.Error.Message, _appCastUrl);
                ProgressWindow.ForceClose();
                return;
            }

            // test the item for DSA signature
            bool isDSAOk = false;

            if (!e.Cancelled && e.Error == null)
            {
                ReportDiagnosticMessage("Finished downloading file to: " + _downloadTempFileName);

                // report
                ReportDiagnosticMessage("Performing DSA check");

                // get the assembly
                if (File.Exists(_downloadTempFileName))
                {
                    // check if the file was downloaded successfully
                    String absolutePath = Path.GetFullPath(_downloadTempFileName);
                    if (!File.Exists(absolutePath))
                    {
                        throw new FileNotFoundException();
                    }

                    if (UserWindow.CurrentItem.DSASignature == null)
                    {
                        isDSAOk = true; // REVIEW. The correct logic, seems to me, is that if the existing, running version of the app
                                        //had no DSA, and the appcast didn't specify one, then it's ok that the one we've just
                                        //downloaded doesn't either. This may be just checking that the appcast didn't specify one. Is
                                        //that really enough? If someone can change what gets downloaded, can't they also change the appcast?
                    }
                    else
                    {
                        // get the assembly reference from which we start the update progress
                        // only from this trusted assembly the public key can be used
                        Assembly refassembly = Assembly.GetEntryAssembly();
                        if (refassembly != null)
                        {
                            // Check if we found the public key in our entry assembly
                            if (NetSparkleDSAVerificator.ExistsPublicKey("NetSparkle_DSA.pub"))
                            {
                                // check the DSA Code and modify the back color
                                NetSparkleDSAVerificator dsaVerifier = new NetSparkleDSAVerificator("NetSparkle_DSA.pub");
                                isDSAOk = dsaVerifier.VerifyDSASignature(UserWindow.CurrentItem.DSASignature, _downloadTempFileName);
                            }
                        }
                    }
                }
            }

            if (EnableSilentMode)
            {
                OnProgressWindowInstallAndRelaunch(this, new EventArgs());
            }

            if (ProgressWindow != null)
            {
                ProgressWindow.ChangeDownloadState(isDSAOk);
            }
        }